# returns-pump.fun — SUSPICIOUS

> returns-pump.fun mirrors Pump.fun to steal credentials. Detected with 0/95 VirusTotal scans. View full investigation report.

## Summary
PhishDestroy identifies returns-pump.fun as a live brand impersonation site designed to deceive users of the popular trading platform Pump.fun. This domain poses a targeted credential-harvesting risk, mimicking Pump.fun’s official branding and functionality in an attempt to capture login details and financial data from unsuspecting visitors. The site leverages visual resemblance to legitimate interfaces to trick users into entering sensitive information, potentially leading to account compromise and unauthorized fund transfers.  This domain was flagged with 0 detections out of 95 scans on VirusTotal, indicating it has yet to be widely blacklisted despite high-risk indicators. Registered through Spaceship, Inc. on March 21, 2026, the site resolves to IP address 185.114.96.3 and holds a valid Let's Encrypt SSL certificate, which may falsely enhance its appearance of legitimacy. Its recent creation and low detection rate suggest it is actively evolving in an attempt to evade defenses, making it especially dangerous for early-stage victims.  Users who visited returns-pump.fun should immediately check their Pump.fun accounts for unauthorized access and revoke any exposed credentials. Enable two-factor authentication if not already active, disconnect any unfamiliar wallet connections, and consider transferring remaining funds to a secure, cold wallet. Report the domain to Pump.fun’s security team and your browser’s safe browsing program to aid investigation. Monitor accounts closely for unusual transactions and phishing follow-ups. Never re-enter credentials on this site or related suspicious links.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Pump.fun

## Domain Intelligence
- Registered: 2026-03-21 11:26:03
- Registrar: Spaceship, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2f4a2f2b-2799-4fe7-8cac-8f5fe58f46f0
- PhishDestroy: https://phishdestroy.io/domain/returns-pump.fun/
- LLM endpoint: https://phishdestroy.io/domain/returns-pump.fun/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/returns-pump.fun/
Last updated: 2026-03-22