Suspicious Domain Activity

new user so can’t start a new topic so sorry for taking over this one!

I followed a link from https://twitter.com/etherdeIta to the apparent “ether delta airdrop” https://t.co/4ybFLW2Ieb

it takes you to apparently the correct etherdelta dot com domain /airdrop page.

A quick check of the source shows they are stealing private keys and then displaying a random amount of ETH you’ve been rewarded with.

If you copy and paste the URL you get a url xn–eterdelta-m75d dot com/airdrop.html

How have they done this hack?
Have they taken over etherdelta’s Cloudflare account or their DNS servers or website?

I’d recommend using the form here to report the domain and your findings:

https://www.cloudflare.com/abuse/form