# claimnft-airdrop.pages.dev — MALICIOUS

> PhishDestroy identifies claimnft-airdrop.pages.dev as a crypto drainer impersonating Airdrop Scam (VirusTotal: 10/95 vendors flagged).

## Summary
PhishDestroy identifies claimnft-airdrop.pages.dev as an active crypto drainer phishing domain impersonating legitimate Airdrop campaigns. This domain specifically targets cryptocurrency users by mimicking official airdrop announcements to trick victims into connecting wallets or submitting seed phrases. The threat involves unauthorized cryptocurrency transfers facilitated through malicious smart contract interactions or fraudulent wallet connection prompts. Security researchers should note this campaign represents a high-risk social engineering attack vector with direct financial consequences for compromised users.  This domain was flagged by multiple security vendors and services, with concrete indicators confirming its malicious nature. VirusTotal analysis reveals 10 out of 95 security vendors detected malicious content associated with this domain. The domain is registered through Cloudflare, Inc., with the SSL certificate issued by Google Trust Services providing no assurance of legitimacy. PhishDestroy's investigation confirms this domain is blocked by 2 security blocklists including ScamSniffer and Enkrypt, and is flagged by Google Safe Browsing under social engineering categories. The domain resolves to IP address 172.66.44.176 within Cloudflare's infrastructure.  Users who have visited or interacted with claimnft-airdrop.pages.dev should immediately take protective measures. First, disconnect any connected cryptocurrency wallets from suspicious websites and revoke any unauthorized permissions granted to wallet connections. Next, transfer remaining assets to a new, secure wallet address that has never been exposed to this domain. Finally, users should perform a full security scan on their devices to check for any installed malware or browser extensions that may record keystrokes or wallet activity. For verification purposes, check PhishDestroy's blocklist entry for this domain using seed identifier 517f5f to confirm its malicious status and receive additional mitigation guidance.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Airdrop Scam

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.176

## Detection Status
- VirusTotal: 10 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["ScamSniffer", "Enkrypt"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/659fd3c9-b0fc-406c-b928-dcbed0c253fe
- PhishDestroy: https://phishdestroy.io/domain/claimnft-airdrop.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/claimnft-airdrop.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/claimnft-airdrop.pages.dev/
Last updated: 2026-03-28