# pumpsniper.io — SUSPICIOUS > pumpsniper.io is a recently registered crypto phishing domain hosting a fake trading platform. Blocked by MetaMask and SEAL, it evades detection despite. ## Summary pumpsniper.io is currently under investigation as a generic phishing domain with a high-risk profile targeting cryptocurrency users. The domain resolves to IP 188.114.97.3 and was registered on March 23, 2026 through Porkbun LLC, a registrar with minimal due diligence protocols. VirusTotal shows 0/95 detections, indicating evasion of traditional AV engines, likely due to its recent creation and low historical reputation. The domain is flagged by two independent security blocklists and blocked by MetaMask and SEAL, suggesting active malicious campaigns. Its SSL certificate, issued by Let’s Encrypt, adds a veneer of legitimacy, potentially deceiving users who rely on HTTPS indicators. This domain poses a SPECIFIC threat as a crypto phishing hub, designed to impersonate legitimate trading platforms or wallet services to steal private keys or funds. The lack of detections on VirusTotal (0/95) is concerning, as it implies the domain is either newly active or using evasion techniques such as fast-flux DNS or bulletproof hosting. The blocklist flags and enterprise-level blocks (MetaMask, SEAL) confirm malicious intent, though the absence of AV detections suggests a gap in threat intelligence coverage. The recent registration date (March 23, 2026) and low age contribute to its high-risk status, as threat actors often exploit newly registered domains for short-lived campaigns. The use of Let’s Encrypt for SSL further lowers user suspicion, making it a credible-looking trap for crypto users. Users should immediately block pumpsniper.io at the network level and avoid any interaction, including visiting the site or downloading files. Cryptocurrency users should verify URLs via official sources and use hardware wallets or trusted extensions like MetaMask’s built-in phishing detection. Organizations should update firewall rules to block IP 188.114.97.3 and share IOCs with threat intelligence platforms. Given the domain’s low detection rate and active evasion tactics, proactive blocking and community reporting are critical to preventing successful phishing attacks. Regular monitoring of blocklist updates and VirusTotal submissions is advised to track its evolving threat profile. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-23 14:35:46 - Registrar: Porkbun LLC - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["MetaMask", "SEAL"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/pumpsniper.io - PhishDestroy: https://phishdestroy.io/domain/pumpsniper.io/ - LLM endpoint: https://phishdestroy.io/domain/pumpsniper.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/pumpsniper.io/ Last updated: 2026-04-02