# ldgr78sdggdf.samra2.workers.dev — SUSPICIOUS

> ldgr78sdggdf.samra2.workers.dev hosts a crypto drainer phishing site with 0/95 VirusTotal detections. Check now before interacting.

## Summary
PhishDestroy identifies ldgr78sdggdf.samra2.workers.dev as an active crypto drainer phishing domain currently under investigation with a risk level marked as 'under_investigation'. This domain employs deceptive tactics to trick users into connecting cryptocurrency wallets, thereby draining funds directly. The threat actor leverages the legitimate Workers.dev subdomain service provided by Cloudflare to host malicious payloads, exploiting the trust associated with Google Trust Services SSL certificates to appear credible. Users interacting with this domain risk irreversible financial losses due to unauthorized wallet connections and token transfers.  This domain was flagged by PhishDestroy with zero detections (0/95) on VirusTotal at the time of analysis, indicating it remains undetected by many security vendors. It resolves to IP address 172.67.130.39, registered through Cloudflare, Inc., and utilizes a Google Trust Services SSL certificate to enhance its perceived legitimacy. The domain is a subdomain under workers.dev, a legitimate service often abused for hosting malicious content due to its free and rapid deployment capabilities. Despite the lack of current blocklist entries or trust score penalties, the absence of detections highlights the need for proactive user and system-level defenses.  To mitigate risks associated with this crypto drainer phishing domain, users should avoid interacting with ldgr78sdggdf.samra2.workers.dev entirely. Before connecting any cryptocurrency wallet to a website, verify the domain’s reputation using threat intelligence platforms and ensure the site uses HTTPS with a valid certificate issued by a trusted authority. Implementing wallet protection measures, such as using hardware wallets for transactions and enabling transaction approval notifications, can prevent unauthorized fund transfers. Security teams should monitor network traffic for connections to this IP (172.67.130.39) and blocklist the domain proactively to protect users from potential financial loss. Additionally, reporting this domain to threat intelligence feeds can aid in its swift identification and neutralization across broader security ecosystems.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.67.130.39

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/ldgr78sdggdf.samra2.workers.dev
- PhishDestroy: https://phishdestroy.io/domain/ldgr78sdggdf.samra2.workers.dev/
- LLM endpoint: https://phishdestroy.io/domain/ldgr78sdggdf.samra2.workers.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ldgr78sdggdf.samra2.workers.dev/
Last updated: 2026-04-14