# pengu-airdrop.finance — MALICIOUS

> Beware of pengu-airdrop.finance, a flagged crypto drainer site now offline. Avoid interaction to protect your digital assets and privacy.

## Summary
PhishDestroy has identified pengu-airdrop.finance as a medium-risk threat associated with crypto draining activities. Crypto drainers are malicious platforms designed to deceive users into authorizing transactions or sharing private keys, leading to theft of cryptocurrency assets. Given the increasing sophistication of such scams, vigilance is crucial to avoid financial loss.

The domain pengu-airdrop.finance was registered on February 21, 2026, and is currently offline. It was hosted on IP address 104.21.11.67 and registered through NiceNIC International Group Co., Limited. VirusTotal flagged this domain by 6 out of 95 security vendors, and it appeared on 4 separate security blocklists, indicating a consensus on its malicious intent. The site’s page title, "Just a moment...", likely attempted to mimic legitimate loading pages to gain user trust.

Users are strongly advised to avoid visiting pengu-airdrop.finance or providing any personal or wallet information if encountered. Any suspicious communications referencing this domain should be reported and treated as potential scams. Maintaining updated security software and consulting reliable threat intelligence sources like PhishDestroy can help users stay protected from similar crypto-related threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Scam type: Airdrop Scam
- Page title: Just a moment...

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 104.21.11.67
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["lauryn.ns.cloudflare.com", "alberto.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 6 vendors flagged
  Vendors: ["alphaMountain.ai", "CyRadar", "Fortinet", "Gridinsoft", "Seclookup", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 4 hits
  Lists: ["PhishDestroy", "Polkadot", "Enkrypt", "Codeesura"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c9eb7-99d5-7428-a134-2f60d2f96224.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/f5bdd424-87cf-4f1e-b292-09611db5c0bc
- PhishDestroy: https://phishdestroy.io/domain/pengu-airdrop.finance/
- LLM endpoint: https://phishdestroy.io/domain/pengu-airdrop.finance/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/pengu-airdrop.finance/
Last updated: 2026-03-19