# popcat.finance — MALICIOUS

> popcat.finance was flagged for phishing targeting crypto users. Avoid sharing info and never trust suspicious airdrop sites like this one.

## Summary
PhishDestroy identifies popcat.finance as a medium-risk phishing site exploiting crypto airdrop incentives to steal user data. This tactic endangers users by promising tokens to lure them into providing sensitive information.

The domain was registered via Cloudflare, Inc. and resolved to IP 172.67.203.22 before being taken offline. It appeared in one AlienVault OTX pulse, was flagged by 9 out of 95 VirusTotal vendors, and is listed on 3 security blocklists, indicating credible malicious activity.

Users should avoid visiting popcat.finance or submitting any personal or wallet details. Always verify airdrop legitimacy through official channels and use updated security tools to detect phishing attempts, especially in the crypto space.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 404)
- Scam type: Airdrop Scam
- Kit: Airdrop Scam
- Page title: Popcat Airdrop: Claim Tokens

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.67.203.22
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: lee.ns.cloudflare.com savanna.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 9 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Seclookup", "Sophos"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "ScamSniffer"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/0199fa3b-ae09-727b-87ee-529ca9cfbbea.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/3a2634ef-4080-49ca-baf2-c2c277e6a8c2
- Wayback Machine: https://web.archive.org/web/https://popcat.finance
- PhishDestroy: https://phishdestroy.io/domain/popcat.finance/
- LLM endpoint: https://phishdestroy.io/domain/popcat.finance/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/popcat.finance/
Last updated: 2026-03-19