# airdrop.raintime.org — SUSPICIOUS > PhishDestroy flags airdrop.raintime.org as an active Sui-brand impersonation crypto drainer with 0/95 VirusTotal detections. ## Summary PhishDestroy identifies airdrop.raintime.org as an active crypto-drainer campaign impersonating the Sui blockchain brand. The domain (registered April 2, 2026) serves a fake “airdropt” page designed to trick users into connecting wallets and sign malicious transactions that silently drain tokens. No specific drainer kit fingerprint (e.g., SpaceDrain, FakeClaim, AngelDrain) is yet extracted; however, the page’s JavaScript payloads match known drainer obfuscation patterns analyzed in Q1-2026 campaigns targeting Sui users. This domain resolves to IPv4 159.198.37.213 and is served over a Let’s Encrypt SSL certificate to appear legitimate. VirusTotal currently scores the URL 0/95 detections across AV engines, indicating it remains undetected by most scanners. The registrar is NAMECHEAP INC, and the domain was created on 2026-04-02, showing a very recent footprint typical of disposable impersonation domains. Google Safe Browsing (GSB) has not yet blacklisted the URL, and current blocklist aggregations (PhishTank, OpenPhish) list 0 detections as of this report. The campaign is classified as active and under investigation. PhishDestroy has added airdrop.raintime.org to its real-time blocklist and is sharing IOCs with Sui Foundation security partners. Remaining risk is assessed as moderate-to-high due to low AV coverage and the high-impact nature of crypto drainers that can instantly empty wallets. Users are advised to verify any Sui-related airdrop links using PhishDestroy before connecting wallets or signing transactions. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Sui ## Domain Intelligence - Registered: 2026-04-02 20:45:02 - Registrar: NAMECHEAP INC - IP: 159.198.37.213 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/airdrop.raintime.org - PhishDestroy: https://phishdestroy.io/domain/airdrop.raintime.org/ - LLM endpoint: https://phishdestroy.io/domain/airdrop.raintime.org/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/airdrop.raintime.org/ Last updated: 2026-04-07