SUSPICIOUS

Tech-support scare page — do not call the number

Fake Apple support page on a workers.dev subdomain that displays a device-lock scare alert and pushes a phone number. Some signals suggest this is a fake support / scare page. Don't call any displayed number and don't install any "support" software.

Security Review

Is muddy-unit-2a56.ngoctuyetasd48.workers.dev legit or a scam?

Be careful — we couldn't verify this site.

Do this now:don't sign in or pay until you've confirmed the site is genuine another way.

Fake Apple support page on a workers.dev subdomain that displays a device-lock scare alert and pushes a phone number.

Cross-checked against 8 independent sources 1 raised a concern
Open-web research was partially available; the verdict uses the other completed checks.
muddy-unit-2a56.ngoctuyetasd48.workers.devScanned Jul 15, 2026
46/100
Trust score
0 = danger · 100 = safe
SUSPICIOUS
Score breakdown
Heuristics 79·MT 12
Category tags
tech-support-scamHow sure we are: High
Technical red flags (1)
Tech-Support Scam
Positive signals (3)
Not on major blacklistsEncrypted connectionClean server reputation

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

At a glance

The most useful evidence from this scan, separated from the final verdict so you can judge the signals yourself.

8 checks completed
Antivirus engines
Antivirus data unavailable
Domain Age
Registration date unknown
Browser blocklists
Clear
No Google Safe Browsing warning
Encryption
Valid
TLS TLSv1.3
Visual inspection
65/100
Visual risk score
Open-web research
Partial
Only validated claims are shown

Website Preview

Screenshot of muddy-unit-2a56.ngoctuyetasd48.workers.dev
SCAN-TIME CAPTURE
muddy-unit-2a56.ngoctuyetasd48.workers.dev
What our review noticed on this page

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. Marker positions are approximate. See full visual analysis →

Visual analysis

Intelligence

Advanced threat intelligence
Analysis
Critical scam likelihoodengineMT · Guardiantrust12/100
MT AgentLive web researchVisual inspection
92%
Confidence
The page title and body text directly claim an iPhone has been locked over child-pornography activity and instruct the visitor to call +1-888-756-7921. Our page analyzer flagged this as a Tech-Support Scam pattern with a visible countdown timer and intrusive modal. The domain sits on Cloudflare Workers, a platform cited in multiple security reports as heavily abused for phishing. Three independent sources in our research package confirm workers.dev subdomains are routinely used for similar campaigns. No legitimate Apple page would display criminal accusations or demand an immediate phone call. The combination of the scare tactic, the phone number, and the known abuse pattern on this hosting platform produces a high-confidence malicious classification.
Risk Factors
5
  • Page displays a fake Apple device-lock alert accusing the visitor of child-pornography activity.
  • Explicit phone number +1-888-756-7921 is pushed as the only way to unlock the device.
  • Domain uses Cloudflare Workers, a platform cited in multiple reports for phishing abuse.
  • Scam-family match triggered for Tech-Support Scam with visible countdown timer.
  • No contact email or verifiable business details present on the page.
The full analysis

Page Content

The page presents itself as "Contact - Official Apple Support" and immediately displays a modal alert claiming the visitor's iPhone is locked because of a $569.90 Apple Pay transaction for child pornography. Body text repeats the accusation, shows a 10-minute countdown, and directs the user to call +1-888-756-7921. No contact email is present on the page, and the only phone number shown is the one in the alert. External scripts from embed.tawk.to and iosdesignweb-6uiwdiiz.on-forge.com are loaded.

Infrastructure

The URL resolves to IP 172.67.130.193 with an abuse score of 0/100 and no prior abuse reports. SSL is valid and issued by Google Trust Services. The domain is a Cloudflare Workers subdomain (workers.dev), a platform repeatedly documented as abused for phishing. No redirects occur and the page loads directly.

Domain History

WHOIS age is unknown and the registrar field is blank. The subdomain itself has no established history in our records. Global traffic index shows the domain is not indexed, indicating negligible legitimate use.

Web Reputation

Our research package contains three scam mentions and zero positive reviews. Security researchers at LevelBlue SpiderLabs and Fortra both document widespread phishing abuse of workers.dev domains. A Reddit thread in r/Scams describes similar workers.dev phishing pages. Apple officially warns users against unsolicited support calls of this type.

What this means for you

Do not call the displayed number and do not enter any information. Close the page immediately. If you are concerned about your device, contact Apple through their official website or the built-in Support app rather than any link or number shown on this page.

AI Recommendation
Close the page and do not call the number shown. Reach Apple only through their verified website or the built-in Support app.
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Threat Detection

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
AbuseIPDB
Not listedCheck ↗

Scam-Type Likelihood

2 scam-type patterns detected
Scam-Type Likelihood

2 of 21 categories showed signals

We check every URL against 21 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Tech Support Scam
Tech Support Scam
High likelihood
100/100
  • Classic tech-support scare copy found (fake Microsoft/Apple alert, remote-access instructions).
  • Primary scraped category: fake tech-support page.
  • AI analyst tagged this as a tech-support scam.
Scareware & Fake Pop-ups
High likelihood
100/100
  • Tagged as scareware / adware / malvertising.
  • Scareware / adware / notification-spam language in the tags.
  • Fake virus / security-alert (scareware) copy on the page.

Technical Details

The plumbing behind the site — who registered it, how it’s encrypted, where it’s hosted, and where it links out. A valid certificate or a calm server doesn’t mean the business is honest — scam sites pass these checks too. Use this to corroborate the verdict, not to overturn it.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbers+1-888-756-7921
Postal addressPresent
Linked social profiles0
Signal Summary
Contact details look reasonable
  • No contact email found anywhere on the page.
  • Scam family match: Tech-Support Scam.
  • Phone number listed (+1-888-756-7921).
  • Postal address visible on the page.

Domain & Encryption

Domain History
AgeUnknown
RegistrarHidden
RegisteredUnknown
ExpiresUnknown
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerGoogle Trust Services · WE1
ExpiresSep 6, 2026 (52d)
Self-signedNo
Hosting & Technology
HostingCloudflare, Inc.
Server locationUS
Web servercloudflare

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file0
ISPCloudflare, Inc.
Usage typeContent Delivery Network

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

What to do

Final Verdict

46
Trust / 100
Final Verdict·muddy-unit-2a56.ngoctuyetasd48.workers.dev
SUSPICIOUS

Why we rated muddy-unit-2a56.ngoctuyetasd48.workers.dev suspicious

The strongest signal is the explicit scam-family match plus three external reports linking workers. dev domains to phishing campaigns.

Close the page and do not call the number shown. Reach Apple only through their verified website or the built-in Support app.

AV engines
Domain age
Flagged
Scan another URL
Security review completemalwaretips.com/url-scan

Safety FAQ

Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.