# plasma-airdrop.xyz — MALICIOUS

> Beware of plasma-airdrop.xyz, a medium-risk crypto drainer site now offline. Do not interact or share wallet info to stay safe from theft.

## Summary
PhishDestroy identifies plasma-airdrop.xyz as a medium-risk crypto drainer domain designed to steal cryptocurrency assets by impersonating legitimate airdrop events. It was flagged on two security blocklists and carries a suspicious 'Just a moment...' landing page.

The domain was registered on September 25, 2025, through Web Commerce Communications Limited and resolved to IP 172.67.157.202. VirusTotal reports 8 out of 95 security vendors flagging the domain for malicious activity. These indicators align with typical crypto theft infrastructure.

Currently, the site is taken offline, reducing immediate risk. Users are advised to avoid interacting with plasma-airdrop.xyz and remain vigilant against similar phishing attempts. PhishDestroy continues monitoring for any reactivation of this domain.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Scam type: Airdrop Scam
- Page title: Just a moment...

## Domain Intelligence
- Registered: 2025-09-25 14:18:38
- Expires: 2026-09-25 23:59:59
- Registrar: Web Commerce Communications Limited
- Country: MY
- IP: 172.67.157.202
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: lars.ns.cloudflare.com nancy.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 8 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "CRDF", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "Seclookup"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019981a0-9cf8-765a-a789-117bd4c5b82c.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/3c409740-d42d-4687-aa56-b439900ab772
- PhishDestroy: https://phishdestroy.io/domain/plasma-airdrop.xyz/
- LLM endpoint: https://phishdestroy.io/domain/plasma-airdrop.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/plasma-airdrop.xyz/
Last updated: 2026-03-19