# rls.app-airdropalert.cfd — MALICIOUS

> rls.app-airdropalert.cfd is a high-risk crypto drainer domain flagged and now offline. Avoid interacting to protect your assets.

## Summary
PhishDestroy identifies rls.app-airdropalert.cfd as a high-risk crypto drainer domain designed to steal cryptocurrency assets. Crypto drainers pose severe financial risks by illicitly accessing users' wallets.

This domain was created recently on February 21, 2026, and has already appeared on multiple security blocklists. It was registered through a dead domain service and flagged by 13 out of 95 VirusTotal vendors before being taken offline.

Users should avoid any interaction with this domain and similar suspicious URLs. Ensure wallets are secured with strong authentication and never enter private keys or seed phrases on untrusted sites.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 530)
- Scam type: Airdrop Scam
- Page title: Google

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- IP: 142.250.181.228
- IP Country: US
- IP City: Mountain View
- IP Org: AS15169 Google LLC
- SSL Issuer: WE2

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Fortinet", "G-Data", "Lionic", "Sophos", "Trustwave", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a885d-bb7c-73cb-ab01-0ee13789c5c9.png
- PhishDestroy: https://phishdestroy.io/domain/rls.app-airdropalert.cfd/
- LLM endpoint: https://phishdestroy.io/domain/rls.app-airdropalert.cfd/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/rls.app-airdropalert.cfd/
Last updated: 2026-03-19