# ethena-airdrop.vercel.app — MALICIOUS

> Explore the threat behind ethena-airdrop.vercel.app, a high-risk crypto drainer domain now offline. Learn about its infrastructure and detection details.

## Summary
PhishDestroy has identified the domain ethena-airdrop.vercel.app as a high-risk crypto drainer. This domain was created on February 21, 2026, and was designed to deceive users with fraudulent cryptocurrency airdrop schemes aimed at stealing digital assets. Its classification as a crypto drainer is based on behavioral patterns and multiple security vendor detections.

Technical analysis reveals that ethena-airdrop.vercel.app resolved to the IP address 76.76.21.142 and was registered via Tucows Domains Inc. The domain appeared on three separate security blocklists and was flagged by 10 out of 95 VirusTotal security vendors, indicating a moderate detection rate. Despite these indicators, the landing page currently returns a "404: NOT_FOUND" error, suggesting that the domain is no longer serving malicious content.

As of now, ethena-airdrop.vercel.app is offline and no longer active, mitigating immediate risk to users. The domain’s removal from active status follows coordinated threat intelligence sharing and blocking efforts. Users and organizations are advised to remain vigilant for similar domain patterns and to maintain updated threat defenses to prevent exposure to crypto-related scams. PhishDestroy continues to monitor related infrastructure for emerging threats associated with this campaign.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 404)
- Scam type: Airdrop Scam
- Page title: 404: NOT_FOUND

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Tucows Domains Inc.
- Country: CA
- IP: 76.76.21.142
- IP Country: US
- IP City: Walnut
- IP Org: AS16509 Amazon.com, Inc.
- SSL Issuer: Google Trust Services / WR1

## Detection Status
- VirusTotal: 10 vendors flagged
  Vendors: ["alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Sophos", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "ScamSniffer", "Enkrypt"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/846bd0d3-64d4-4819-8613-0a00c2ab756f.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/37dcd104-e7a5-431b-894d-223420a20f8b
- PhishDestroy: https://phishdestroy.io/domain/ethena-airdrop.vercel.app/
- LLM endpoint: https://phishdestroy.io/domain/ethena-airdrop.vercel.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ethena-airdrop.vercel.app/
Last updated: 2026-03-19