# pendle-airdrop.finance — MALICIOUS — Crypto Drainer (Angel Drainer)

> PhishDestroy flags pendle-airdrop.finance as a high-risk crypto drainer impersonating Pendle. Domain now offline after detection.

## Summary
PhishDestroy identifies pendle-airdrop.finance as a high-risk crypto drainer domain impersonating the Pendle brand. It targeted users with a fake airdrop page designed to steal crypto assets.

The domain was registered via US-ZHOUTI-NET-01 (ASN 400992) and resolved to IP 23.177.185.92. It employed the Angel Drainer malware toolkit and was flagged on 7 security blocklists. VirusTotal analysis showed 17 out of 95 security vendors detected it as malicious.

Currently taken offline, this domain no longer poses an active threat. Users are advised to remain cautious of any Pendle-branded airdrop sites and verify URLs to avoid similar scams.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Angel Drainer)
- Site status: dead (HTTP 403)
- Drainer type: Angel Drainer
- Scam type: Airdrop Scam
- Target brand: Pendle
- Page title: Airdrop | Pendle

## Domain Intelligence
- Registrar: US-ZHOUTI-NET-01 (ASN: 400992)
- IP: 23.177.185.92
- IP Country: US
- IP City: Fremont
- IP Org: AS400992 ZhouyiSat Communications
- Nameservers: a.dnspod.com b.dnspod.com c.dnspod.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 17 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Phishing Database", "Seclookup", "SOCRadar", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 6 hits
  Lists: ["PhishDestroy", "MetaMask", "ScamSniffer", "Polkadot", "Enkrypt", "Codeesura"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a4a39-548c-73ae-946b-fd4c81b7ace6.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/8dce867d-4958-4b91-a094-8f2c26f368dc
- PhishDestroy: https://phishdestroy.io/domain/pendle-airdrop.finance/
- LLM endpoint: https://phishdestroy.io/domain/pendle-airdrop.finance/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/pendle-airdrop.finance/
Last updated: 2026-03-19