# vdtreodooz.rishika42.workers.dev — SUSPICIOUS

> PhishDestroy warns vdtreodooz.rishika42.workers.dev is a LIVE crypto drainer impersonating a major exchange. This Workers.

## Summary
PhishDestroy identifies vdtreodooz.rishika42.workers.dev as an active crypto-draining phishing domain currently under investigation and rated as high risk.  This Workers.dev domain delivers what appears to be a cryptocurrency wallet-draining payload, masquerading as a legitimate exchange login portal. The infrastructure is hosted behind Cloudflare (registered through Cloudflare, Inc.), resolving to IPv4 address 104.21.9.252. The domain currently carries a Google Trust Services SSL certificate, which does not imply legitimacy. VirusTotal analysis shows zero detections out of ninety-five scanners, indicating it remains undetected by security vendors as of this report. Historical data suggests this domain is newly active and lacks blocklist presence or reputation scores, making it particularly dangerous due to its evasion of conventional detection layers.  The domain is currently active and distributing a crypto-draining payload targeting users of a well-known cryptocurrency exchange platform. The use of Cloudflare Workers and a trusted SSL issuer is a known tactic to evade domain-based filtering and appear benign. While the domain remains under investigation, it has not yet been added to major threat intelligence blocklists, leaving users vulnerable to credential theft and immediate fund loss upon interaction.  Users are strongly advised to avoid visiting vdtreodooz.rishika42.workers.dev or any embedded links. Always verify URLs against PhishDestroy’s live threat feed using seed 0540c6 before entering credentials or signing transactions. Enable hardware wallet signing, revoke suspicious app permissions, and monitor blockchain addresses for outgoing transfers. Report any interaction to your exchange and local CERT immediately. This domain should be considered hostile until proven otherwise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 104.21.9.252

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/3b9c0da6-f9da-42a4-83ee-5c0180732c57
- PhishDestroy: https://phishdestroy.io/domain/vdtreodooz.rishika42.workers.dev/
- LLM endpoint: https://phishdestroy.io/domain/vdtreodooz.rishika42.workers.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/vdtreodooz.rishika42.workers.dev/
Last updated: 2026-03-22