# pippin.tools — MALICIOUS

> pippin.tools was flagged for generic phishing activity and is now offline. Stay vigilant and avoid this domain to protect your data.

## Summary
PhishDestroy identifies pippin.tools as a medium-risk generic phishing domain. Such threats pose significant risks by attempting to steal sensitive user information through deceptive means.

The domain was registered on February 21, 2026, via NiceNIC International Group Co., Limited, and resolved to IP 172.67.165.156. It appeared on four security blocklists, flagged in one AlienVault OTX pulse, and was detected by nine security vendors on VirusTotal. The site is currently offline, displaying a Cloudflare warning page.

Users are advised to avoid interacting with pippin.tools and remain cautious when encountering unfamiliar domains. Always verify website authenticity and report suspicious sites to help prevent potential credential theft.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 172.67.165.156
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["candy.ns.cloudflare.com", "amos.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 9 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "CRDF", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "Gridinsoft", "Seclookup", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 4 hits
  Lists: ["PhishDestroy", "MetaMask", "ScamSniffer", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cb023-ef80-7155-84c5-974c624f5e8f.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/557f6f77-a4be-40c7-b7ba-bfbb63345f40
- PhishDestroy: https://phishdestroy.io/domain/pippin.tools/
- LLM endpoint: https://phishdestroy.io/domain/pippin.tools/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/pippin.tools/
Last updated: 2026-03-19