# airdrop.intuitions.systems — MALICIOUS — Crypto Drainer (Angel Drainer)

> airdrop.intuitions.systems, linked to a crypto drainer threat, is currently offline. Stay vigilant and avoid interacting with this domain to protect your assets.

## Summary
PhishDestroy identifies airdrop.intuitions.systems as a low-risk crypto drainer domain. The primary threat vector involves the Angel Drainer kit, which aims to illicitly access cryptocurrency wallets through deceptive airdrop schemes. Despite the low risk level, users should remain cautious due to the potential for financial loss inherent in these attacks.

This domain resolves to IP address 172.67.185.149 and is registered via Cloudflare, Inc., a common provider for both legitimate and malicious sites due to its CDN and DDoS protection services. The domain was found on two security blocklists and flagged by 2 out of 95 VirusTotal security vendors, indicating some recognition of its malicious intent. The page title "Intuition Airdrop" suggests an attempt to lure victims with promises of cryptocurrency giveaways.

Currently, airdrop.intuitions.systems is taken offline, reducing immediate threat exposure. Users are advised to avoid clicking on any links or downloading content from this domain. Organizations should ensure their endpoint security solutions are up to date and consider adding this domain to internal blocklists. Continued monitoring of similar domains and threat kits like Angel Drainer is recommended to mitigate evolving risks.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Angel Drainer)
- Site status: dead (HTTP 403)
- Drainer type: Angel Drainer
- Scam type: Airdrop Scam
- Page title: Intuition Airdrop

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.67.185.149
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: NS_NOT_FOUND
- SSL Issuer: none

## Detection Status
- VirusTotal: 2 vendors flagged
  Vendors: ["Gridinsoft", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "ScamSniffer"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a4ea6-9f57-749a-8b6c-42f7724b8e5d.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/b040b314-754c-4e0d-a2cd-7d1af91f2ec2
- Wayback Machine: https://web.archive.org/web/https://airdrop.intuitions.systems
- PhishDestroy: https://phishdestroy.io/domain/airdrop.intuitions.systems/
- LLM endpoint: https://phishdestroy.io/domain/airdrop.intuitions.systems/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/airdrop.intuitions.systems/
Last updated: 2026-03-19