# trozr-fds.randolfa20.workers.dev — SUSPICIOUS > PhishDestroy warns: trozr-fds.randolfa20.workers.dev is a crypto drainer scam detected with 0/95 VirusTotal scans. Verify all links before clicking. ## Summary PhishDestroy identifies trozr-fds.randolfa20.workers.dev as an active crypto drainer scam designed to steal cryptocurrency from unsuspecting users. This domain mimics legitimate services to trick victims into connecting their wallets, where fraudulent smart contracts silently drain funds without consent. The site employs convincing but fraudulent interfaces, often shared through social media or phishing emails, to lure users into authorizing malicious transactions that transfer assets to attacker-controlled addresses. This domain was flagged by PhishDestroy’s automated analysis pipeline and is currently under investigation with a risk level of ‘under_investigation’. The site resolves to IP address 172.67.170.252 and is hosted on Cloudflare Workers, a serverless platform commonly abused for rapid campaign deployment and evasion of traditional takedown measures. The domain was registered through Cloudflare, Inc. and uses a Google Trust Services SSL certificate, which adds false legitimacy to its fraudulent interface. VirusTotal currently shows zero detections among 95 security engines, highlighting how rapidly evolving phishing infrastructure can evade detection. If you visited this site: disconnect your wallet immediately using your wallet’s emergency disconnect feature or close the browser tab. Do not approve any pending transactions. Scan your device with up-to-date antivirus and consider revoking any suspicious smart contract permissions via tools like Etherscan’s Revoke.cash. Report the domain to PhishDestroy and your wallet provider. Always verify URLs manually and use bookmarks for crypto platforms; never trust links from unsolicited messages. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.67.170.252 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/trozr-fds.randolfa20.workers.dev - PhishDestroy: https://phishdestroy.io/domain/trozr-fds.randolfa20.workers.dev/ - LLM endpoint: https://phishdestroy.io/domain/trozr-fds.randolfa20.workers.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/trozr-fds.randolfa20.workers.dev/ Last updated: 2026-04-10