# PhishDestroy threat dossier — mpeppe-dashboard.pages.dev
================================================================

Fetched:   2026-06-22 08:21:53 UTC
Canonical: https://phishdestroy.io/domain/mpeppe-dashboard.pages.dev/

## VERDICT
----------------------------------------------------------------
CRITICAL THREAT — DO NOT VISIT
Composite threat score: 100/100 (PhishDestroy scoring — see methodology below)

## DETECTION EVIDENCE
----------------------------------------------------------------
VirusTotal:      9/91 security vendors flagged this domain
  Flagging vendors: alphaMountain.ai, BitDefender, CyRadar, ESET, Fortinet, G-Data, Kaspersky, Lionic, Sophos
Public blocklists: listed on 4 independent blocklists

## INFRASTRUCTURE
----------------------------------------------------------------
IP address:      172.66.47.50
Registrar:       Cloudflare Pages
Registered:      2024-09-23
Page title:      Mpeppe | $MPEPE Presale Live Now
HTTP response:   200

## TLS CERTIFICATE
----------------------------------------------------------------
Issuer:     Google Trust Services / WE1
Expires:    2026-08-07
Status:     INVALID chain
Fingerprint: ba403e58fa1a681b776d819b55abf99ffb492934363605b43c026ec42f67aade

## ABUSE-REPORT HISTORY (evidence of registrar non-response)
----------------------------------------------------------------
Status: pending notification queue. No abuse reports filed yet — this domain is
waiting for the next cycle of our automated abuse-reporter.

## TIMELINE
----------------------------------------------------------------
Domain registered: 2024-09-23 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration)
First detected:    2026-06-10 14:28:47 UTC (by PhishDestroy tracker)
First reported:    2026-06-10 14:27:28 UTC (abuse notice filed)
Last verified:     2026-06-22 08:20:35 UTC
Current status:    ACTIVE / observable

## ANALYST NARRATIVE
----------------------------------------------------------------
[Generated: 2026-06-13 12:13:25 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.]

PhishDestroy identifies mpeppe-dashboard.pages.dev as a high-risk generic phishing site, utilizing the Cloudflare Pages brand and posing a significant threat to unsuspecting users. The presence of this domain is particularly concerning due to the lack of specific drainer kits or brand affiliations, making it a broadly targeted attack. 
   
   Technical indicators reveal a disturbing trend, with a VirusTotal score of 9/95, indicating that nearly 10 percent of security vendors have flagged this domain as malicious. Further analysis shows that the domain resolves to IP address 172.66.47.50, is registered through Cloudflare Pages, and possesses an SSL certificate issued by Google Trust Services / WE1. The exact creation date and GSB status are not available, however, the blocklist count is substantial. 
   
   The current status of mpeppe-dashboard.pages.dev is active, and as such, response actions are crucial to mitigate the remaining risk. Given the high-risk nature of this generic phishing site, users are advised to exercise extreme caution when interacting with this domain, and to avoid providing sensitive information at all costs. By staying informed and taking proactive measures, users can significantly reduce their risk of falling victim to this and similar threats.

[Updates since narrative was generated:]
  - WHOIS creation date: 2024-09-23

## EVIDENCE HASHES
----------------------------------------------------------------
TLS cert SHA-256:      ba403e58fa1a681b776d819b55abf99ffb492934363605b43c026ec42f67aade

## SCORING METHODOLOGY
----------------------------------------------------------------
Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates:
  - VirusTotal positive ratio
  - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus,
    CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB)
  - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor)
  - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.)
  - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing
  - URLScan / URLQuery verdicts
  - Brand-impersonation heuristics (DOM analysis of forms, logos, wording)
  - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures)
  - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...)
  - Free-TLS vs paid-cert ratio (throwaway infrastructure signal)
  - Registrar/hosting abuse history (this registrar's track record)
  - Human researcher sign-off (volunteer takedown team)

A domain present in our database is ALREADY flagged. A low VT count by itself does
NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their
first 7–30 days while actively draining wallets. Always cross-reference the composite
score and the individual indicators above, not just VT.

## CORRECTIONS / APPEALS
----------------------------------------------------------------
Full HTML report:  https://phishdestroy.io/domain/mpeppe-dashboard.pages.dev/
JSON API:          https://api.destroy.tools/v1/check?domain=mpeppe-dashboard.pages.dev
Appeal a flag:     https://phishdestroy.io/appeals/  (responded to within 48 hours, FP rate <0.01%)
Submit a report:   https://t.me/PhishDestroy_bot

About PhishDestroy: volunteer-driven open-source threat-intelligence platform.
Tracked: 167,463 domains (12,983 alive under monitoring, 154,162 confirmed takedowns/dead). Site: https://phishdestroy.io