# espresso-airdrop.vercel.app — SUSPICIOUS

> PhishDestroy flags espresso-airdrop.vercel.app as an Airdrop Scam crypto drainer: 3/95 VirusTotal detections. Avoid connecting wallets or claiming rewards.

## Summary
PhishDestroy identifies espresso-airdrop.vercel.app as an active crypto drainer framed as a fraudulent airdrop campaign impersonating a legitimate brand. The domain employs social engineering tactics to trick users into connecting crypto wallets under the guise of claiming fake token rewards. Security telemetry indicates this operator uses credential-harvesting web forms alongside drainer scripts designed to empty connected wallets of tokens and NFTs. The infrastructure is purpose-built for deception, leveraging urgency and perceived exclusivity to bypass user skepticism.

Technical indicators corroborate malicious intent. The domain resolves to IP 216.198.79.195 and was registered via Vercel Inc., a legitimate hosting provider often misused by threat actors. A Google Safe Browsing (GSB) lookup confirms the domain is flagged as unsafe. VirusTotal reports 3 out of 95 security vendors have detected malicious content. Security blocklist aggregation services list this domain twice, signaling consistent detection by network defense systems. The SSL certificate, issued by Google Trust Services, is legitimate but does not indicate safety—only that traffic is encrypted between client and server. While the domain’s creation date is not specified in available data, its active status and concurrent detections suggest recent deployment consistent with fast-flux or disposable infrastructure common in crypto scams.

At present, espresso-airdrop.vercel.app remains active and has been blocked by MetaMask and SEAL, a network security platform. PhishDestroy continues to receive telemetry reports of users being redirected to this domain via phishing links distributed through social media and messaging platforms. Immediate risk to users is elevated, particularly for those who interact with web3 applications or crypto services. Users are strongly advised to verify unknown domains via PhishDestroy before engagement. Remaining risk includes potential loss of digital assets, credential theft, and onward propagation via compromised accounts. Consistent blocking at the browser and wallet level reduces exposure but does not eliminate the threat, as attackers may shift domains using similar naming schemes. Ongoing monitoring and user education remain critical to mitigate further compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Airdrop Scam

## Domain Intelligence
- Registrar: Vercel Inc.
- IP: 216.198.79.195

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["MetaMask", "SEAL"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/3c7d410a-7e65-4a33-8d5d-3bc271f41e27
- PhishDestroy: https://phishdestroy.io/domain/espresso-airdrop.vercel.app/
- LLM endpoint: https://phishdestroy.io/domain/espresso-airdrop.vercel.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/espresso-airdrop.vercel.app/
Last updated: 2026-03-27