muddy-unit-2a56.ngoctuyetasd48.workers.dev
Category: Phishing
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.
Description of muddy-unit-2a56.ngoctuyetasd48.workers.dev
This domain appears to be a Cloudflare Workers-hosted page rather than an official corporate website. Based on the page title and metadata, it presents itself as an Apple support contact page, and the visible design attempts to resemble an Apple-related alert or support interface.
However, the screenshot content does not appear consistent with a normal support page. It shows a payment-success notification referencing Apple Pay and an adult-service charge, alongside Apple-themed branding elements. That combination suggests the page may be designed to alarm visitors into calling a displayed phone number, which is a pattern often associated with tech-support or payment-fraud lures rather than legitimate customer support.
The domain name itself is a random-looking subdomain under workers.dev, which is commonly used for temporary or developer-hosted deployments. Based on available data, this page does not appear to be operated through Apple's official web domain structure.
Safety Assessment for muddy-unit-2a56.ngoctuyetasd48.workers.dev
Scan results are mixed at the time of this scan. One out of 91 security engines flagged the URL for phishing, while the malware scan did not identify malicious files and several major threat databases did not list the domain. Even so, the page content raises stronger concerns than the raw detection count alone: it appears to imitate Apple support branding while displaying a suspicious payment alert and a phone number intended to prompt urgent contact.
The domain also uses a workers.dev subdomain rather than an official Apple-owned domain, which may indicate a look-alike setup. In addition, the screenshot includes adult-themed imagery and a fake-looking Apple Pay transaction notice, both of which are unusual for a legitimate support page. These content signals can be consistent with social-engineering pages that attempt to frighten users into calling fraudulent support lines.
Although blacklist and malware-file checks were largely clean at the time of this scan, the branding mismatch and deceptive presentation materially increase risk. Based on these findings, this website may pose potential risks to visitors.
Technical Description
The site is hosted on Cloudflare infrastructure and resolves to IP address 104.21.3.139, with a valid SSL/TLS certificate issued by Google Trust Services and expiring in September 2026. The domain has existed for several years, is registered through Cloudflare, and uses Cloudflare nameservers. DNSSEC appears to be unsigned.
From a technical standpoint, the page pulls in local CSS and JavaScript assets, includes a chat widget from a third-party service, and references an external script hosted on another domain. While the certificate status and hosting setup appear functional, those factors do not verify legitimacy. The main concern here is not transport security but the apparent misuse of branding and page content for possible phishing or scam activity.
Share your experience with this website. Was it safe? Did you encounter any issues?