# pst.openfiletool.com — SUSPICIOUS > pst.openfiletool.com mimics a legitimate file tool site to deploy generic phishing threats. Flagged by 0 of 95 VirusTotal scanners. ## Summary PhishDestroy identifies the domain pst.openfiletool.com as an active participant in a generic phishing campaign targeting unsuspecting users. The threat has been classified as 'generic_phishing' and is currently under investigation with an 'active' status. While brand impersonation has not been confirmed, the domain’s behavior aligns with deceptive tactics commonly used to harvest credentials or distribute malware. This domain was flagged by 0 of 95 VirusTotal vendors, indicating it has not yet been widely recognized as malicious despite its suspicious activity. Additional technical indicators include registration through GoDaddy.com, LLC, an SSL certificate issued by Let's Encrypt, and resolution to IP address 135.181.164.218. The domain was created on May 04, 2012, which may suggest either a compromised legitimate domain or a long-standing malicious project. At the time of analysis, this domain exhibits no known associations with public threat intelligence feeds or blocklists, further underscoring the stealthy nature of its operation. The current status of this campaign remains active, posing a tangible risk to users who may interact with the domain under the false pretense of a legitimate file tool service. Given the lack of detections and the domain’s age, it is likely leveraging evasion techniques to prolong its operational lifespan. Users are strongly advised to avoid visiting pst.openfiletool.com and to report any encountered phishing attempts to relevant authorities or their organization’s security team. Network defenders should monitor traffic to and from 135.181.164.218 and consider blocking the associated domain and IP to mitigate potential risks. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2012-05-04 14:41:02 - Registrar: GoDaddy.com, LLC - IP: 135.181.164.218 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/03c98288-cbae-44c5-b1da-ed002b2e7b97 - PhishDestroy: https://phishdestroy.io/domain/pst.openfiletool.com/ - LLM endpoint: https://phishdestroy.io/domain/pst.openfiletool.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/pst.openfiletool.com/ Last updated: 2026-03-22