# airdrop.leopardfoundation.com — SUSPICIOUS > airdropleopardfoundation.com impersonates Sui blockchain to steal crypto via fake airdrop scam. Created July 27, 2024, detected by 0/95 VirusTotal engines. ## Summary Domain airdrop.leopardfoundation.com was flagged by PhishDestroy under seed 610767 for active brand impersonation targeting Sui blockchain users, masquerading as a legitimate airdrop initiative. The threat involves a spoofed website designed to deceive cryptocurrency holders into connecting wallets and signing malicious transactions under the guise of receiving free tokens. This domain leverages social engineering tactics centered on urgency and perceived exclusivity, common in drainer kit deployments targeting blockchain ecosystems. Security researchers have not yet identified a custom drainer payload in public sandboxing, suggesting potential use of commodity tools or rapid iteration in deployment. This domain resolves to IP address 216.198.79.1 and is registered through PDR Ltd. d/b/a PublicDomainRegistry.com. As of the latest scan, VirusTotal shows 0 out of 95 detection engines flagging the domain, with SSL secured via a Let's Encrypt certificate. The domain was created on July 27, 2024, indicating a very recent operation likely aimed at capitalizing on current market sentiment or ecosystem developments. It remains unlisted in Google Safe Browsing and has not been widely blocklisted, presenting a window of opportunity for threat actors to propagate the scam before defensive measures propagate across the ecosystem. As of this report, the domain remains active and unblocked by major threat intelligence platforms, maintaining a high-risk exposure window. Immediate response includes updating network and endpoint defenses to block the domain and IP, flagging the domain in organizational threat feeds, and notifying Sui ecosystem stakeholders. While the current risk is elevated due to low detection coverage, the transient nature of such campaigns suggests rapid takedown is possible with coordinated action. Users are strongly advised to verify all airdrop URLs via official Sui channels and avoid connecting wallets to unknown domains. Remaining risk includes continued propagation on social media and potential evolution into more sophisticated drainer variants. This domain should be considered HIGH PRIORITY for blocklisting and public disclosure. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Sui ## Domain Intelligence - Registered: 2024-07-27 06:38:34 - Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com - IP: 216.198.79.1 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/airdrop.leopardfoundation.com - PhishDestroy: https://phishdestroy.io/domain/airdrop.leopardfoundation.com/ - LLM endpoint: https://phishdestroy.io/domain/airdrop.leopardfoundation.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/airdrop.leopardfoundation.com/ Last updated: 2026-04-07