# padre-cashback.fun — SUSPICIOUS

> Avoid padre-cashback.fun phishing site pretending to be Pump.fun. Site is offline but posed risk of stealing info. Stay alert and do not share data.

## Summary
PhishDestroy identifies padre-cashback.fun as a phishing domain impersonating the Pump.fun brand. This site promised cashback rewards to lure users but was designed to mislead victims into revealing sensitive information. Although currently offline, its previous activity posed risks by targeting Pump.fun customers.

This phishing scheme worked by mimicking Pump.fun’s cashback page, enticing users to enter personal or financial details. The domain resolved to IP 188.114.97.3 and was flagged on multiple security blocklists. Two security vendors on VirusTotal detected it, while Gridinsoft rated it with zero trust. The domain was registered in early March 2026 through NiceNIC International Group Co., Limited.

If you visited padre-cashback.fun, even briefly, it is important to monitor your accounts for suspicious activity and avoid providing any further personal data. Change passwords related to your Pump.fun account and run a comprehensive malware scan. Remain cautious of similar cashback or reward offers from unofficial sources to prevent future phishing exposure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 0)
- Target brand: Pump.fun
- Page title: Pump.fun Cashback - Get % Back on Your Losses

## Domain Intelligence
- Registered: 2026-03-04 23:07:01
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 188.114.97.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: alaric.ns.cloudflare.com,paityn.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 2 vendors flagged
  Vendors: ["Fortinet", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 4 hits
  Lists: ["PhishDestroy", "MetaMask", "ScamSniffer", "SEAL"]

## Evidence
- Screenshot: https://i.ibb.co/0VvTSmdK/40542a3e3ea5.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/543a2844-029e-4b60-9f9c-3856b2428246
- PhishDestroy: https://phishdestroy.io/domain/padre-cashback.fun/
- LLM endpoint: https://phishdestroy.io/domain/padre-cashback.fun/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/padre-cashback.fun/
Last updated: 2026-03-19