# pfhf.fun — SUSPICIOUS

> PhishDestroy identifies pfhf.fun as a crypto drainer phishing domain with 0/95 VirusTotal detections. Immediate action is required to prevent fund loss.

## Summary
PhishDestroy’s automated threat detection system flagged the domain pfhf.fun as a high-risk crypto drainer site designed to trick users into connecting cryptocurrency wallets. This domain is engineered to mimic legitimate crypto service interfaces and deceive visitors into authorizing malicious transactions. The domain resolves to IP address 216.150.1.1 and leverages a Let’s Encrypt SSL certificate to appear trustworthy—tactics commonly used to bypass browser security warnings and social engineering defenses. Based on behavioral analysis, this site likely hosts a fraudulent onboarding flow or wallet connection portal targeting users of decentralized applications.  This domain was registered through Namecheap Inc. on September 07, 2025, and exhibits early-stage operational activity with no detections on VirusTotal as of the last scan, scoring 0/95. Given the age of the domain (just days old) and the lack of historic blocklist presence, it is likely in the initial deployment phase of a crypto drainer campaign. The absence of antivirus coverage signals a critical blind spot, as such domains often fly under the radar until after user complaints or post-compromise investigations trigger detection updates.  Users who have visited pfhf.fun should assume their device or session may have been compromised. Disconnect any connected cryptocurrency wallets immediately and revoke any authorized permissions via your wallet’s interface or platform dashboard. Run a full antivirus scan using a trusted security tool (e.g., Malwarebytes, Windows Defender, or Bitdefender) to detect and remove any injected scripts or malware. Enable hardware wallet signing for future transactions and verify all URLs manually before connecting to any crypto platform. Report any suspicious transactions to your wallet provider and file a complaint with local cybercrime units using the domain, IP, and timestamp as evidence. Stay vigilant—crypto drainers often evolve quickly once detected.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-09-07 19:16:14
- Registrar: NAMECHEAP INC
- IP: 216.150.1.1

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/687c7b4a-9428-43b1-85a5-e48e04285fa5
- PhishDestroy: https://phishdestroy.io/domain/pfhf.fun/
- LLM endpoint: https://phishdestroy.io/domain/pfhf.fun/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/pfhf.fun/
Last updated: 2026-03-22