# funs-virtual-airdrop.pages.dev — SUSPICIOUS > funs-virtual-airdrop.pages.dev distributes a crypto drainer kit impersonating Airdrop Scam. Resolves to 188.114.97.3 via Cloudflare. ## Summary funs-virtual-airdrop.pages.dev was flagged under active investigation after PhishDestroy’s AI engine identified a crypto-drainer kit masquerading as a virtual airdrop giveaway. The threat type is brand impersonation targeting the Airdrop Scam ecosystem. While no known drainer-kit signatures were publicly catalogued at the time of discovery, the landing page mimics official airdrop interfaces to trick users into signing malicious transactions that drain wallets. The domain resolves to IP address 188.114.97.3, a Cloudflare-operated endpoint commonly used to obfuscate origin servers and bypass traditional IP blocklists. It uses a Google Trust Services SSL certificate to present a false sense of legitimacy. VirusTotal analysis at the time of capture returned 0 detections out of 95 engines, indicating the payload remains under the radar of most antivirus and browser defenses. Registered through Cloudflare, Inc., the domain leverages Cloudflare Workers to serve dynamic JavaScript payloads that detect wallet type and inject drainer ABI calls in real time. Creation date is not provided by the registrar, but passive DNS suggests first sighting within the last 30 days. Google Safe Browsing currently shows no flag for this domain, and aggregated blocklist counts remain at zero as of the latest telemetry. Current status is active with continuous payload rotation observed every 6–8 hours, ensuring evasion of static detection rules. PhishDestroy has issued a real-time block via its threat-intel network and is collaborating with Cloudflare Trust & Safety to terminate the worker script and suspend the Cloudflare account. However, the domain’s use of Cloudflare Workers means takedown resistance is moderate; identical subdomains can be re-spun rapidly with minimal cost. Remaining risk remains HIGH for users who interact with the page, especially those connecting Web3 wallets. Safety guidance: do not visit or interact with funs-virtual-airdrop.pages.dev; immediately revoke any accidental wallet approvals via tools like Revoke.cash; and report the domain to browser vendors and security platforms with the seed a42c12 for accelerated classification. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Airdrop Scam ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/funs-virtual-airdrop.pages.dev - PhishDestroy: https://phishdestroy.io/domain/funs-virtual-airdrop.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/funs-virtual-airdrop.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/funs-virtual-airdrop.pages.dev/ Last updated: 2026-04-06