# pippins.exchange — MALICIOUS — Crypto Drainer (Angel Drainer) > pippins.exchange is a medium-risk crypto drainer domain that was taken offline after detection. Avoid this site to protect your crypto assets. ## Summary PhishDestroy identifies pippins.exchange as a medium-risk crypto drainer domain designed to illicitly extract cryptocurrency funds from victims. The site masqueraded as a legitimate crypto airdrop platform, using the page title "Pippin l Official Airdrop" to lure unsuspecting users. Classified under the Angel Drainer kit, it leveraged social engineering techniques commonly seen in crypto-related scams. Technical analysis reveals that pippins.exchange was registered on December 18, 2025, through NiceNIC International Group Co., Limited. The domain resolved to IP address 104.21.66.3, which is associated with cloud-based infrastructure often abused for malicious hosting. VirusTotal scans showed 3 out of 95 security vendors flagged this domain, and it appeared on three separate security blocklists, indicating moderate but consistent community detection. The Angel Drainer kit embedded within the site is known for capturing wallet credentials and draining crypto assets efficiently. Currently, pippins.exchange has been taken offline, halting its operation and preventing further victimization. PhishDestroy recommends that users remain vigilant and avoid interacting with this domain or related URLs. Security practitioners should continue monitoring for variants or resurrection attempts using the Angel Drainer kit signature and infrastructure patterns identified here. This incident underscores the ongoing threat posed by targeted crypto scams exploiting seemingly legitimate airdrop campaigns. ## Threat Details - Verdict: MALICIOUS — Crypto Drainer (Angel Drainer) - Site status: dead (HTTP 403) - Drainer type: Angel Drainer - Scam type: Airdrop Scam - Kit: Airdrop Scam - Page title: Pippin l Official Airdrop ## Domain Intelligence - Registered: 2025-12-18 00:00:00 - Expires: 2026-12-18 00:00:00 - Registrar: NiceNIC International Group Co., Limited - Country: HK - IP: 104.21.66.3 - IP Country: US - IP City: San Francisco - IP Org: AS13335 Cloudflare, Inc. - Nameservers: dina.ns.cloudflare.com finley.ns.cloudflare.com - SSL Issuer: Google Trust Services / WE1 ## Detection Status - VirusTotal: 3 vendors flagged Vendors: ["Fortinet", "Gridinsoft", "SOCRadar"] - Google Safe Browsing: clean - Blocklists: 3 hits Lists: ["PhishDestroy", "MetaMask", "ScamSniffer"] ## Evidence - Screenshot: https://urlscan.io/screenshots/019b3a00-e17f-738a-80a8-9c9a35d0f907.png - Cloudflare Radar: https://radar.cloudflare.com/scan/161e405c-2229-4c26-9aa7-69744f143035 - Wayback Machine: https://web.archive.org/web/https://pippins.exchange - PhishDestroy: https://phishdestroy.io/domain/pippins.exchange/ - LLM endpoint: https://phishdestroy.io/domain/pippins.exchange/llm.txt ## If You Visited This Site 1. Revoke all token approvals immediately (revoke.cash / unrekt.net) 2. Move remaining funds to a new wallet 3. Do not interact with any transactions from this site 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/pippins.exchange/ Last updated: 2026-03-19