# info-pp.serveousercontent.com — MALICIOUS

> PhishDestroy identifies info-pp.serveousercontent.com as a crypto drainer domain with 16/95 VirusTotal detections.

## Summary
PhishDestroy identifies info-pp.serveousercontent.com as an elevated-risk domain actively distributing a crypto drainer. The site masquerades as a legitimate service to trick users into approving malicious wallet transactions, resulting in asset theft. Security vendors widely flag this domain, confirming its malicious intent and operational status.

This domain was flagged by 16 of 95 VirusTotal security vendors and is blocked by OpenPhish and PhishingArmy. Registered through Key-Systems GmbH on November 2, 2025, it resolves to IP 5.255.123.12 and holds a ZeroSSL certificate. The domain’s recent creation and presence on two blocklists underscore its high-risk profile. The combination of high detection rates, active blocking, and low trust indicators confirms its role in credential and asset theft campaigns targeting cryptocurrency users.

To mitigate risk, avoid clicking links or visiting this domain. Never connect a cryptocurrency wallet or enter credentials on this site. Report the domain to your wallet provider and block the IP address (5.255.123.12) at the network level. Use a hardware wallet for transactions and verify all URLs before interaction. If exposed, revoke any wallet approvals immediately and monitor for unauthorized transfers.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-11-02 19:32:09
- Registrar: Key-Systems GmbH
- IP: 5.255.123.12

## Detection Status
- VirusTotal: 16 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["OpenPhish", "PhishingArmy"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/1ff10b71-dd61-4e0c-b462-705da79d56aa
- PhishDestroy: https://phishdestroy.io/domain/info-pp.serveousercontent.com/
- LLM endpoint: https://phishdestroy.io/domain/info-pp.serveousercontent.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/info-pp.serveousercontent.com/
Last updated: 2026-03-29