# mpap.biz — SUSPICIOUS

> PhishDestroy identifies mpap.biz as a credential theft phishing domain flagged by 1/95 VirusTotal vendors.

## Summary
PhishDestroy identifies mpap.biz as an active credential theft phishing domain designed to impersonate legitimate login portals and harvest user credentials. This domain was flagged by only 1 out of 95 security vendors on VirusTotal, indicating low but present detection. The domain uses a Google Trust Services SSL certificate for authenticity, resolving to IP 91.206.71.180. Registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on June 09, 2019, this long-standing domain has flown under the radar with minimal blocklist coverage, making it a stealthy threat.  Technical analysis reveals this domain employs generic phishing tactics to deceive users into entering sensitive information, such as usernames, passwords, or financial data. The low VirusTotal detection rate suggests advanced evasion techniques, possibly leveraging newly registered domains or mimicking reputable brands. The use of a legitimate SSL certificate further adds to its deceptive appearance, tricking users into believing the site is secure. Given its active status and minimal detection, this domain poses an elevated risk to unsuspecting visitors, particularly those accustomed to bypassing security warnings.  If you have visited mpap.biz, immediately change any passwords or credentials entered on the site. Scan your device for malware using reputable antivirus software and monitor accounts for suspicious activity. Report the domain to your IT administrator or security team to ensure network-wide protection. Avoid interacting with this domain further to prevent potential credential theft or malware infections. Proactive measures, such as updating browser security settings and enabling multi-factor authentication, can significantly reduce the risk of falling victim to such threats.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2019-06-09 08:42:51
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 91.206.71.180

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/eeadb02b-ac70-4a20-8f3f-312e64737d49
- PhishDestroy: https://phishdestroy.io/domain/mpap.biz/
- LLM endpoint: https://phishdestroy.io/domain/mpap.biz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/mpap.biz/
Last updated: 2026-03-26