# grinchsolairdrop.pages.dev — SUSPICIOUS > PhishDestroy identifies grinchsolairdrop.pages.dev as an airdrop scam brand impersonation domain with 0/95 VirusTotal detections. ## Summary PhishDestroy has flagged grinchsolairdrop.pages.dev as an active brand impersonation domain designed to deceive users into participating in a fraudulent airdrop scam. The domain is currently impersonating legitimate cryptocurrency airdrop campaigns, leveraging social engineering tactics to trick victims into connecting crypto wallets or submitting sensitive credentials under the false pretense of receiving free tokens. While no drainer kit artifacts have been publicly confirmed, the domain’s structure and naming convention strongly suggest the deployment of a crypto drainer or credential harvesting mechanism once user interaction occurs. The use of urgency-based messaging and mimicked branding is consistent with known airdrop scam operations aimed at exploiting trust in established blockchain ecosystems. This domain was flagged by PhishDestroy with the following technical indicators: it is registered through Cloudflare, Inc., resolves to IP 172.66.44.73, and holds a valid SSL certificate issued by Google Trust Services. As of the latest scan, the domain has zero detections out of 95 engines on VirusTotal, indicating it remains undetected by most antivirus platforms. Additional telemetry suggests this domain is newly registered and has not yet been widely blocklisted, though community-driven threat intelligence sources are actively monitoring its behavior. The combination of a freshly registered domain, Cloudflare hosting, and low detection rates creates a high-risk profile for early-stage phishing campaigns targeting cryptocurrency users. The current status of grinchsolairdrop.pages.dev is active and under active investigation by PhishDestroy and allied threat intelligence teams. Immediate actions include domain takedown requests to Cloudflare and hosting providers, as well as the dissemination of this advisory to cryptocurrency platforms, wallet providers, and cybersecurity networks. While the immediate risk remains elevated due to low detection coverage, the operational timeline suggests the campaign is in its initial deployment phase. Users are strongly advised to avoid interacting with any links or QR codes associated with this domain, verify official airdrop campaigns through direct channels, and report suspicious activity to relevant platforms. Remaining risk is classified as moderate with potential escalation if the domain begins distributing malicious payloads or is weaponized in broader campaigns. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Airdrop Scam ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.73 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/ff23f9aa-eaf2-4d91-81f2-b46594a47ac1 - PhishDestroy: https://phishdestroy.io/domain/grinchsolairdrop.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/grinchsolairdrop.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/grinchsolairdrop.pages.dev/ Last updated: 2026-03-28