# nftairdrop.sbs — SUSPICIOUS > nftairdrop.sbs is an active airdrop scam impersonating legitimate crypto giveaways. Resolves to 172.67.215.223. ## Summary nftairdrop.sbs is an active brand impersonation scam that specifically targets cryptocurrency enthusiasts by mimicking legitimate Airdrop Scam campaigns. This domain was designed to deceive users into connecting their crypto wallets or divulging private keys under the false pretense of receiving exclusive non-fungible token (NFT) airdrops. The site exploits user trust in well-known airdrop mechanisms while embedding malicious intent behind a convincing facade. Ongoing monitoring indicates this threat remains active and is evolving in tactics to evade detection. PhishDestroy identifies this domain as presenting an elevated risk, with multiple authoritative and technical indicators confirming its malicious nature. VirusTotal analysis shows 1 out of 95 security vendors detecting this threat as of the latest scan. The domain was registered through ERANET INTERNATIONAL LIMITED and first observed on July 23, 2025, suggesting recent deployment to capitalize on emerging trends. It resolves to IP address 172.67.215.223, hosted on a network associated with abuse history. The SSL certificate is issued by Google Trust Services, which is often leveraged in scam domains to appear legitimate. Despite its professional appearance, this site leverages deceptive branding to harvest cryptographic credentials and initiate unauthorized transactions. Brand impersonation airdrop scams like nftairdrop.sbs represent a significant threat to both individuals and organizations within the digital asset ecosystem. These scams typically involve fake giveaways, counterfeit reward claims, and social engineering tactics to trick users into signing malicious transactions or disclosing seed phrases. To mitigate exposure, users must verify any airdrop campaign through official channels, avoid clicking unsolicited links, and never share private keys or wallet passwords. Domain reputation services and browser-based security extensions should be employed to block known malicious sites. If interaction has occurred, users should immediately revoke unauthorized smart contract approvals and transfer assets to a secure wallet. Cryptocurrency users are advised to remain vigilant, enable multi-factor authentication, and report suspicious domains to relevant abuse teams and financial cybercrime units. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Airdrop Scam ## Domain Intelligence - Registered: 2025-07-23 10:36:31 - Registrar: ERANET INTERNATIONAL LIMITED - IP: 172.67.215.223 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/265991ab-d792-4bd1-9d96-fbfe3906dc07 - PhishDestroy: https://phishdestroy.io/domain/nftairdrop.sbs/ - LLM endpoint: https://phishdestroy.io/domain/nftairdrop.sbs/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/nftairdrop.sbs/ Last updated: 2026-03-24