# pump-fun-airdrop.xyz — MALICIOUS

> Stay safe from pump-fun-airdrop.xyz, a phishing site impersonating Pump.fun. Avoid interaction and verify official sources before connecting wallets.

## Summary
PhishDestroy identifies pump-fun-airdrop.xyz as an active brand impersonation domain targeting Pump.fun users. The site uses the page title "Wallet Connect Test" to trick victims into connecting their cryptocurrency wallets, potentially compromising sensitive credentials. This medium-risk domain aims to exploit user trust in the Pump.fun brand through deceptive tactics.

The domain pump-fun-airdrop.xyz was registered on February 21, 2026, and currently resolves to IP address 172.67.213.21. It appears on two security blocklists and has been flagged by 8 out of 95 antivirus vendors on VirusTotal, indicating suspicious activity consistent with phishing. The infrastructure suggests a deliberate attempt to mimic the original Pump.fun platform to harvest wallet access information.

Despite these warnings, pump-fun-airdrop.xyz remains active and accessible. PhishDestroy strongly advises users to avoid interacting with this domain and to verify all wallet connection requests through official Pump.fun channels. Users should report suspicious activity and ensure their security software is up to date to mitigate potential risks related to this ongoing threat.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 530)
- Scam type: Airdrop Scam
- Target brand: Pump.fun
- Page title: Wallet Connect Test

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- IP: 172.67.213.21
- SSL Issuer: WE1

## Detection Status
- VirusTotal: 8 vendors flagged
  Vendors: ["CRDF", "CyRadar", "Ermes", "Forcepoint ThreatSeeker", "Fortinet", "Gridinsoft", "SOCRadar", "Trustwave"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a444d-d1f7-75e2-903e-64ec70f7e384.png
- PhishDestroy: https://phishdestroy.io/domain/pump-fun-airdrop.xyz/
- LLM endpoint: https://phishdestroy.io/domain/pump-fun-airdrop.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/pump-fun-airdrop.xyz/
Last updated: 2026-03-19