Report Overview
Visitedpublic
2026-02-27 18:28:50
Tags
Submit Tags
URL
pump-cash.fun
Finishing URL
pump-cash.fun/
IP / ASN
172.67.186.61
Title
Pump.fun Cashback | Get 30% Back on Rug Pull Losses
Suspicious - Anti-debugging code
Detections
urlquery
2
Network Intrusion Detection
9
Threat Detection Systems
10
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
pump-cash.fun 10 alert(s) on this Host | unknown | 2026-02-25 | 2026-02-27 | 2026-02-27 | 3.7 kB | 197 kB | 172.67.186.61 |  |
fonts.gstatic.com | unknown | 2008-02-11 | 2014-04-02 | 2026-02-22 | 2.8 kB | 247 kB |  172.217.21.163 | |
fonts.googleapis.com | 313 | 2005-01-25 | 2012-05-23 | 2026-02-22 | 443 B | 13 kB | 142.250.74.10 | |
dns.google | 158 | 2018-04-16 | 2018-10-26 | 2026-02-25 | 462 B | 794 B | 8.8.4.4 | |
m7sff8.vercel.app | unknown | 2020-01-28 | 2026-02-27 | 2026-02-27 | 2.2 kB | 2.9 MB | 216.198.79.195 |  |
pub-14c1504681d2427684ac1f489338d075.r2.dev 8 alert(s) on this Host | unknown | 2022-08-23 | 2026-02-25 | 2026-02-25 | 3.8 kB | 5.5 MB | 104.18.54.45 | |
Cloudflare (CDN)
Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.Vercel (PaaS)
Vercel is a cloud platform for static frontends and serverless functions.Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
| Timestamp | Severity | Source IP | Destination IP | Alert |
|---|---|---|---|---|
| low | Client IP | 8.8.4.4 | ET INFO Observed Google DNS over HTTPS Domain (dns .google in TLS SNI) | |
| low | Client IP | 104.18.54.45 | ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI | |
| low | Client IP | 104.18.54.45 | ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI | |
| low | Client IP | 104.18.54.45 | ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI | |
| low | Client IP | 104.18.54.45 | ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI | |
| low | Client IP | 104.18.54.45 | ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI | |
| low | Client IP | 104.18.50.34 | ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI | |
| low | Client IP | 104.18.50.34 | ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI | |
| low | Client IP | 104.18.50.34 | ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI |
Threat Detection Systems
| Detection System | Indicator | Verdict | Alert |
|---|---|---|---|
| Private YARA rules | m7sff8.vercel.app/demo.php?id=69952789c8df00fbc3e2b8ee&parent_url=pump-cash.fun%2F | audit | Hunting_JS_WebAssembly |
| Nextron YARA rules | pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-desktop.gif | malware | Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type |
| Nextron YARA rules | pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-mobile.gif | malware | Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type |
| Nextron YARA rules | pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-desktop.gif | malware | Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type |
| Nextron YARA rules | pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-mobile.gif | malware | Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type |
| Nextron YARA rules | pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-desktop.gif | malware | Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type |
| Nextron YARA rules | pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-desktop.gif | malware | Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type |
| Nextron YARA rules | pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-mobile.gif | malware | Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type |
| Nextron YARA rules | pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-mobile.gif | malware | Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type |
| DNS4EU | pump-cash.fun | malicious | Sinkholed |
JavaScript (7)
No JavaScripts
HTTP Transactions (28)
| URL | IP | Response | Size |
|---|