# refundpump-fun.xyz — SUSPICIOUS

> Beware: refundpump-fun.xyz impersonates Pump.fun as a crypto drainer. Verify URL authenticity on PhishDestroy to avoid fund theft.

## Summary
PhishDestroy identifies refundpump-fun.xyz as an active crypto drainer impersonating the Pump.fun brand, posing a high-risk threat to cryptocurrency users seeking refunds or support. This domain mimics the legitimate platform to trick victims into connecting wallets or entering credentials, enabling unauthorized fund transfers. The threat level is currently under investigation but remains active, requiring immediate attention from security teams and users.

This domain was flagged with 0 out of 95 detections on VirusTotal, indicating it has not yet been widely recognized as malicious by security vendors. It was registered through PDR Ltd. d/b/a PublicDomainRegistry.com on March 21, 2026, and resolves to IP address 172.67.215.190. The domain uses a Let's Encrypt SSL certificate to appear legitimate. As of now, it remains unlisted on major blocklists and has no significant trust score penalties, making it a stealthy and evolving threat.

To mitigate exposure, users should avoid interacting with refundpump-fun.xyz or similar domains offering unsolicited refunds or support for Pump.fun. Always verify URLs by typing them manually or using trusted tools like PhishDestroy. Enable wallet allowlisting, revoke unnecessary smart contract approvals, and monitor transaction history for anomalies. Report suspicious domains to PhishDestroy and the impersonated brand to aid in rapid takedown efforts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Pump.fun

## Domain Intelligence
- Registered: 2026-03-21 05:30:21
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 172.67.215.190

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/999d31e5-543d-4c03-a255-7f258d7274dd
- PhishDestroy: https://phishdestroy.io/domain/refundpump-fun.xyz/
- LLM endpoint: https://phishdestroy.io/domain/refundpump-fun.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/refundpump-fun.xyz/
Last updated: 2026-03-23