# pumpfun-claim.pages.dev — SUSPICIOUS > PhishDestroy warns pumpfun-claim.pages.dev (IP 188.114.96.3) is a crypto drainer impersonating Pump.fun. Verify all links before clicking to avoid theft. ## Summary PhishDestroy identifies pumpfun-claim.pages.dev as an ACTIVE crypto drainer scam site impersonating the Pump.fun brand. The domain employs brand impersonation tactics to trick cryptocurrency users into visiting a malicious page that loads a crypto-draining script (coded as ‘Pump.fun – Claim TON’). Users who connect wallets or interact with the fake interface risk immediate token and NFT theft via malicious JavaScript payloads that auto-approve malicious transactions. This is an elevated risk targeting crypto investors familiar with Pump.fun's launchpad and trading platform. This domain was flagged on primary sources with 2 out of 95 VirusTotal security vendors currently detecting it. The domain resolves to IP address 188.114.96.3, which is part of Cloudflare’s IPv4 range associated with dynamic content delivery. The SSL certificate is issued by Google Trust Services via Google Trust Services LLC CA for *.pages.dev wildcard domain on the *.pages.dev zone. The domain was registered through Cloudflare, Inc. via Cloudflare registrar with free WHOIS privacy, obscuring registrant details. No creation date is publicly available due to privacy protection, but VirusTotal first submission was within the past 90 days. There are currently no known listings on major blocklists such as OpenPhish, PhishTank, or URLVoid, suggesting this is a newly deployed campaign. The use of Pages.dev (Vercel’s static hosting) combined with Cloudflare IP evasion techniques indicates a deliberate attempt to evade detection by blending into legitimate development infrastructure. Mitigation for this crypto drainer threat requires immediate action. Users should NEVER click links from unsolicited messages or social media posts claiming to offer ‘TON tokens’, ‘airdrops’, or ‘claim rewards’ related to Pump.fun. Before visiting any Pump.fun-related link, manually verify the domain: only use pump.fun (official domain) or approved subdomains. Install and enable browser extensions like PhishDestroy that block malicious URLs and crypto drainers in real time. If you have already connected your wallet, revoke malicious token approvals immediately using tools like Revoke.cash or Rabby Wallet’s revoke feature. Monitor your wallet for unauthorized transactions and report any suspicious activity to the platform and your wallet provider. Always use hardware wallets for high-value assets and disable auto-approve in wallet settings to prevent silent malicious approvals. This campaign is highly targeted and time-sensitive — immediate user vigilance and tooling adoption are critical to prevent losses. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Pump.fun ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/17731a7f-78b1-42b9-a81c-d0fbe0011fa2 - PhishDestroy: https://phishdestroy.io/domain/pumpfun-claim.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/pumpfun-claim.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/pumpfun-claim.pages.dev/ Last updated: 2026-03-22