Critical Threat

Phishing site — do not log in

Flagged on major browser safety blocklists as social engineering. Do not enter credentials. Open the real service from a trusted bookmark or app.

Security Review

Is sweet-base-be3a.masonscott641807.workers.dev legit or a scam?

Critical Threat: Phishing

Recommended action:Do not enter credentials. Open the real service from a trusted bookmark or app.

This assessment combines 12 completed security checks into one public risk profile. Review the evidence and missing checks below before deciding whether to interact with sweet-base-be3a.masonscott641807.workers.dev.

Cross-checked against 12 completed checks 3 raised a concern
Open-web research was partially available; the verdict uses the other completed checks.
sweet-base-be3a.masonscott641807.workers.devScanned Jul 16, 2026
Risk profile
Critical Threat
Threat type
Phishing
Evidence strength
Strong
Recommended action
Do not sign in
Technical score

Legacy trust score: 1/100

Score breakdown
Heuristics 0·MT 15
Category tags
phishingHow sure we are: High
Technical red flags (3)
16 of 92 engines flaggedGoogle Safe Browsing warningLow external reputation (3/100)
Positive signals (2)
Encrypted connectionNo significant IP abuse signal

These checks passed — but they don't clear the site. Valid SSL and a calm hosting IP only show that parts of the infrastructure work normally. They do not prove the business is real or cancel the warning signals above.

View density

At a glance

The most useful evidence from this scan, separated from the final verdict so you can judge the signals yourself.

12 checks completed
Antivirus engines
16/92
Engines flagged this URL
Domain registration
Registration date unknown
Operator identity
Missing
No operator identity was found on the inspected page
How this report was created
Checks completed12
Open-web researchPartial
AnalysisAI-assisted synthesis
Scan timeJul 16, 2026

The public risk profile combines the completed automated checks into one consistent interpretation. A staff review is only claimed when explicitly identified on the report.

Intelligence

Advanced threat intelligence
Analysis
Critical ThreatengineMT · GuardianThreat pattern matchLimited match
MT AgentLive web researchVisual inspection
90%
Confidence
Bottom line

The URL is a workers.dev subdomain, a hosting pattern frequently used for short-lived phishing pages. The page title claims to be Meta for Business yet shows almost no content and lists no email, phone, or address. Sixteen antivirus engines, including BitDefender, ESET, and Fortinet, classify the page as phishing. Browser blocklist feeds also mark it for social engineering. The hosting IP carries no abuse history, but that does not offset the detection signals. Independent trust aggregators assign the domain a very low score of 3 out of 100. Our research found no legitimate business registration or positive mentions to counter the technical flags. The combination of a disposable subdomain, missing accountability data, and consistent malicious detections indicates the page is designed to harvest credentials.

Full analysis

Page Content

The page loads with the title "Meta for Business" and almost no other visible text or elements. No contact email, phone number, or postal address appears anywhere on the page.

Infrastructure

The site runs on Cloudflare Workers, a platform commonly abused for phishing because subdomains can be created instantly and discarded. The IP shows no prior abuse reports, yet the domain itself is not indexed in global traffic rankings.

Domain History

WHOIS details are unavailable due to the workers.dev subdomain structure. No registration age or registrar information could be retrieved.

Web Reputation

Sixteen of 92 antivirus engines flag the URL as phishing, including alphaMountain.ai, BitDefender, Criminal IP, ESET, Forcepoint ThreatSeeker, and Fortinet. Browser blocklists also categorize it as social engineering. Independent review aggregators give the domain a normalized trust score of 3 out of 100.

What This Means for You

Entering any login details or personal information on this page would send that data to an attacker. Avoid visiting the link and do not interact with any forms it may eventually display.

Evidence behind the conclusion
Risk Factors
5
  • 16 of 92 antivirus engines flag the page as phishing, including BitDefender, ESET, and Fortinet.
  • Browser blocklist feeds mark the URL for social engineering activity.
  • Cloudflare Workers subdomain with no visible business contact information or registration.
  • Independent trust aggregators assign a very low score of 3 out of 100.
  • Page presents a Meta for Business title but contains almost no functional content.
Uncertainty and missing checks
  • Exact domain registration date unavailable for workers.dev subdomains.
  • Screenshot capture was incomplete, limiting visual confirmation.
Recommendation
Do not enter credentials. Open the real service from a trusted bookmark or app.
Next-gen fraud intelligence
Evidence-backedCross-checked

Website Preview

Screenshot of sweet-base-be3a.masonscott641807.workers.dev
SCAN-TIME CAPTURE
sweet-base-be3a.masonscott641807.workers.dev
What our review noticed on this page

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. See full visual analysis →

Visual analysis

Web Research

Findings and citations

Threat Detection

Antivirus Engines

Security Scans

Blacklist Check
This URL appears on threat lists

Detected threat categories: SOCIAL_ENGINEERING.

Sandbox Render
Page rendered in a safe sandbox
Requests made0
Unique IPs2
Countries1
Detected brandsNone

What this means: we opened the page inside a locked-down browser and watched what it tried to load. This is context for the checks above — not a verdict on its own.

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
ListedCheck ↗
VirusTotal
ListedCheck ↗
AbuseIPDB
Not listedCheck ↗

Threat Pattern Match

1 threat patterns detected
Threat Pattern Match

1 of 21 categories showed signals

We check every URL against 21 distinct threat categories to identify what kind of pattern is present. This match is not a second risk level. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Phishing
Phishing
Pattern match: Moderate
35/100
  • Google Safe Browsing flagged this as social engineering / phishing.
  • AI analyst tagged this as phishing / data-harvesting.

Technical Details

The plumbing behind the site — who registered it, how it’s encrypted, where it’s hosted, and where it links out. A valid certificate or a calm server doesn’t mean the business is honest — scam sites pass these checks too. Use this to corroborate the verdict, not to overturn it.

Identity

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles0
Signal Summary
Several contact red flags
  • No contact email found anywhere on the page.
  • No phone number listed on the page.
  • No postal address visible on the page.

Domain

Domain History
AgeUnknown
RegistrarHidden
RegisteredUnknown
ExpiresUnknown
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerGoogle Trust Services · WE1
ExpiresOct 13, 2026 (88d)
Self-signedNo
Hosting & Technology
HostingCloudflare, Inc.
Server locationUS
Web servercloudflare

Infrastructure

Hosting
CountryUnknown
NetworkCLOUDFLARENET - Cloudflare, Inc., US
IP address188.114.96.3
Abuse Intelligence
Confidence score0%
Reports on file0
ISPCloudflare, Inc.
Usage typeContent Delivery Network

What to do

Before interacting

Do not enter credentials. Open the real service from a trusted bookmark or app.

What this means for you

You were probably about to log in or type personal details here.

Anything you enter — username, password, card number, one-time code — goes straight to criminals, who use it to take over your real accounts and drain them.

If you already paid, signed in or downloaded

Act promptly and follow the steps that match what you shared or opened.

Final Verdict

Threat type
Phishing
Evidence strength
Strong
Technical score

Legacy trust score: 1/100

Final Verdict·sweet-base-be3a.masonscott641807.workers.dev
Critical Threat

Why we rated sweet-base-be3a.masonscott641807.workers.dev critical threat

sweet-base-be3a.masonscott641807.workers.dev is rated Critical Threat for phishing, with strong evidence.

Do not enter credentials. Open the real service from a trusted bookmark or app.

AV engines
92
Domain age
Flagged
16
Scan another URL
Security review completemalwaretips.com/url-scan

Safety FAQ

Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.