# plume.airdropsalert.bar — MALICIOUS

> Stay safe from crypto theft! The domain plume.airdropsalert.bar is high-risk and linked to crypto draining. Avoid interaction and stay protected.

## Summary
PhishDestroy identifies plume.airdropsalert.bar as a high-risk threat classified under crypto drainer activity. This domain poses a significant danger to users by attempting to illicitly siphon cryptocurrency assets through deceptive means. Due to its malicious intent and potential impact, it is critical to treat any interaction with this domain as highly risky.

The domain was registered via Dynadot LLC on October 20, 2025, and has been flagged on two separate security blocklists. VirusTotal scans indicate 14 out of 95 security vendors mark this domain as malicious, reinforcing its threat status. The domain resolved to IP address 142.251.140.164 at the time of analysis and had a deceptive page title labeled simply as "Google," a common tactic to lure unsuspecting users. This infrastructure and timing align with typical crypto phishing campaigns.

Currently, plume.airdropsalert.bar has been taken offline, mitigating immediate risk. Users are advised to avoid engaging with any links or communications referencing this domain. Continuous monitoring and updating of blocklists are essential to prevent resurgence or related threats. PhishDestroy recommends exercising caution with unsolicited crypto-related offers, especially from newly registered or suspicious domains similar to plume.airdropsalert.bar.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Scam type: Airdrop Scam
- Page title: Google

## Domain Intelligence
- Registered: 2025-10-20 01:01:00
- Expires: 2026-10-20 01:01:00
- Registrar: Dynadot LLC
- Country: US
- IP: 142.251.140.164
- IP Org: Cloudflare CDN
- Nameservers: brenna.ns.cloudflare.com hassan.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ChainPatrol", "BitDefender", "CRDF", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Seclookup", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a5e80-89ea-776f-8dfb-14e5e6e84b1e.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/1e7891f3-9865-4785-9999-dcca1bcd9399
- Wayback Machine: https://web.archive.org/web/https://plume.airdropsalert.bar
- PhishDestroy: https://phishdestroy.io/domain/plume.airdropsalert.bar/
- LLM endpoint: https://phishdestroy.io/domain/plume.airdropsalert.bar/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/plume.airdropsalert.bar/
Last updated: 2026-03-19