9000-firebase-verify-1781672856551.cluster-axf5tvtfjjfekvhwxwkkkzsk2y.cloudworkstations.dev
Category: Phishing
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.
Description of 9000-firebase-verify-1781672856551.cluster-axf5tvtfjjfekvhwxwkkkzsk2y.cloudworkstations.dev
This domain appears to host a web page presenting itself as a generic webmail login portal. The page title is "Webmail Login," and the screenshot shows fields for an email address and password, along with cPanel branding and a reset-password link. Based on the visible content, the site is designed to collect email login credentials rather than provide general informational content.
The hostname is a long subdomain under cloudworkstations.dev, which suggests it may be running from a cloud-hosted development or workstation environment rather than from a branded, customer-facing mail service domain. No clear operator identity, company details, or service ownership information are visible on the page, so the actual party behind this login form is not evident from the available data.
Safety Assessment for 9000-firebase-verify-1781672856551.cluster-axf5tvtfjjfekvhwxwkkkzsk2y.cloudworkstations.dev
Multiple security signals indicate elevated risk at the time of this scan. The domain was flagged by 15 out of 91 security engines, with many of those detections classifying it as phishing or otherwise malicious. The screenshot also shows a standalone webmail credential form on an unrelated cloud-hosted subdomain, which may be consistent with credential-harvesting behavior rather than a legitimate email provider login page.
Blacklist results were mixed rather than fully clean. While major browsing-threat checks did not detect a threat at the time of this scan, the domain's IP address was listed on one mail-reputation blocklist, and one additional blacklist provider also returned a malicious-style listing. The malware scan did not identify malicious files, but that result is limited here because no files were scanned.
Taken together, the combination of multi-engine phishing detections, the login-page presentation, and the lack of clear operator identity suggests this website may pose potential risks to visitors, especially if asked to enter email credentials. Based on these findings, this website may pose potential risks to visitors.
Technical Description
The site uses a valid SSL/TLS certificate issued by Google Trust Services, hosted on Google Cloud at IP address 136.110.210.51, and responds through nginx/1.26.3. The certificate validity indicates encrypted transport is present, but HTTPS alone does not verify that the page is trustworthy or legitimately operated.
DNSSEC appears to be unsigned, which means DNS responses do not benefit from DNSSEC validation. The domain is several years old and registered through Markmonitor, but the specific hostname is a deep cloud subdomain rather than a conventional branded mail domain. That infrastructure pattern, combined with the phishing detections, may warrant caution.
Share your experience with this website. Was it safe? Did you encounter any issues?