# cashbackprogram-pump.fun — SUSPICIOUS > cashbackprogram-pump.fun impersonates Pump.fun to steal crypto via fake cashback offers. VirusTotal shows 0/95 detections. ## Summary PhishDestroy identifies cashbackprogram-pump.fun as an active brand impersonation scam targeting users of Pump.fun, a legitimate Solana-based token launch platform. The domain mimics Pump.fun’s branding to deceive visitors into believing they are accessing an official cashback program, a common tactic to harvest credentials or cryptocurrency. The threat actor leverages urgency—such as limited-time offers or exclusive deals—to manipulate users into entering sensitive information or connecting wallets, where funds are then drained. Given the domain’s recent creation and lack of detection, this campaign poses a significant and evolving risk to unsuspecting users seeking legitimate rewards or platform interactions. This domain was flagged by PhishDestroy due to clear indicators of brand impersonation, with VirusTotal currently showing 0 detections out of 95 scanners, underscoring its stealth and potential danger. The domain cashbackprogram-pump.fun was registered on March 26, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar often exploited for short-lived malicious domains. It resolves to IP 68.65.123.176 and holds a valid SSL certificate issued by Sectigo Limited, which may further lull victims into a false sense of security. The absence of detections suggests this threat is still in early stages but rapidly escalating as the actor refines their approach. Users who have visited cashbackprogram-pump.fun should immediately disconnect any connected wallets, revoke any granted permissions using tools like Phantom or Solflare’s permission managers, and scan their devices for malware. If any cryptocurrency was transferred to wallets linked to this domain, report the incident to the respective blockchain explorer (e.g., Solscan) and file a complaint with local cybercrime units. Block the domain at the network level and avoid interacting with any future Pump.fun-themed cashback promotions unless verified through official channels such as the project’s verified Twitter account or Discord server. Always cross-check URLs against PhishDestroy’s database before entering credentials or engaging with financial transactions. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Pump.fun ## Domain Intelligence - Registered: 2026-03-26 18:55:18 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 68.65.123.176 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/df27e294-57aa-4e90-abce-f5f86fec52eb - PhishDestroy: https://phishdestroy.io/domain/cashbackprogram-pump.fun/ - LLM endpoint: https://phishdestroy.io/domain/cashbackprogram-pump.fun/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/cashbackprogram-pump.fun/ Last updated: 2026-03-28