# airdrop-ama.one — SUSPICIOUS > Airdrop-ama.one active crypto drainer scam mimicking Airdrop brand. 0/95 VirusTotal detections — visit with caution to avoid credential theft. ## Summary PhishDestroy identifies active brand impersonation of Airdrop Scam hosted at airdrop-ama.one. The threat type is a crypto drainer, designed to deceive users into connecting wallets and draining funds under the guise of an airdrop giveaway. The domain was registered on April 03, 2026, through Key-Systems LLC and is already resolving to a Known malicious IP 172.67.173.112. The fraudulent site leverages a Let’s Encrypt SSL certificate to appear legitimate, a tactic frequently used to bypass browser warnings. No drainer kit or payload details are currently available from public sandboxes. This domain shows zero detections on VirusTotal as of the latest scan, based on a 95-engine detection engine (0/95). It was registered through Key-Systems LLC, a registrar often abused by malicious actors due to lax enforcement of fraudulent registrations. The domain resolves to IP 172.67.173.112, a known bulletproof hosting provider frequently associated with cryptocurrency scams. The domain creation timestamp is April 03, 2026 — an anomalously future timestamp that suggests possible backdating or domain squatting. Google Safe Browsing (GSB) status is unlisted and no third-party blocklists have flagged the domain yet. The absence of detections and blocklists highlights the need for proactive threat intelligence. Current status of airdrop-ama.one is active and remains under active investigation with a risk level classified as under_investigation. The domain hosts a fake Airdrop page designed for wallet drainage, posing as a legitimate airdrop campaign. Recommended actions include immediate domain takedown requests to the hosting provider and registrar, and manual blocklisting via DNS or network appliances. Users are strongly advised to avoid visiting this domain and verify all airdrop links through official project channels. Remaining risk is elevated due to zero detections, future timestamp anomaly, and high abuse potential in the crypto sector. Regular monitoring and sandbox analysis of the domain is ongoing to identify associated drainer payloads or infrastructure expansion. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Airdrop Scam ## Domain Intelligence - Registered: 2026-04-03 02:13:31 - Registrar: Key-Systems LLC - IP: 172.67.173.112 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/airdrop-ama.one - PhishDestroy: https://phishdestroy.io/domain/airdrop-ama.one/ - LLM endpoint: https://phishdestroy.io/domain/airdrop-ama.one/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/airdrop-ama.one/ Last updated: 2026-04-07