# pfpepe.finance — MALICIOUS — Crypto Drainer (Angel Drainer)

> Avoid pfpepe.finance to protect your crypto assets from Angel Drainer attacks. Do not engage with this domain and report suspicious activity immediately.

## Summary
PhishDestroy identifies pfpepe.finance as a high-risk crypto drainer domain masquerading under the guise of the Pumpfun Pepe ($PFP) airdrop. This malicious site is designed to steal cryptocurrency assets by leveraging the Angel Drainer kit, posing significant danger to uninformed users seeking airdrop opportunities.

The domain currently resolves to IP address 172.67.137.125 and was registered through Cloudflare, Inc. It appears on three different security blocklists and is flagged by 11 out of 95 security vendors on VirusTotal. Additionally, it is referenced in an AlienVault OTX threat intelligence pulse. These indicators corroborate the domain’s use in fraudulent crypto draining campaigns.

At present, pfpepe.finance has been taken offline, reducing immediate risk. However, users should remain vigilant and avoid interacting with similar suspicious domains offering crypto airdrops. It is recommended to verify all crypto-related offers through trusted sources and report any suspicious domains to security platforms like PhishDestroy to help protect the broader community.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Angel Drainer)
- Site status: dead (HTTP 403)
- Drainer type: Angel Drainer
- Scam type: Airdrop Scam
- Kit: Airdrop Scam
- Page title: Pumpfun Pepe ($PFP) - Airdrop

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.67.137.125
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: anahi.ns.cloudflare.com kareem.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 11 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "Gridinsoft", "Lionic", "Seclookup", "SOCRadar", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "ScamSniffer"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019aef85-9870-75ba-be72-52faf026e054.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/8acff9e2-803c-4411-8909-8bfb7d386dcf
- Wayback Machine: https://web.archive.org/web/https://pfpepe.finance
- PhishDestroy: https://phishdestroy.io/domain/pfpepe.finance/
- LLM endpoint: https://phishdestroy.io/domain/pfpepe.finance/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/pfpepe.finance/
Last updated: 2026-03-19