# pstviewer.oemailrecovery.com — SUSPICIOUS > pstviewer.oemailrecovery.com is a malicious domain posing as an Outlook PST viewer. This phishing site resolves to 135.181.164. ## Summary PhishDestroy identifies pstviewer.oemailrecovery.com as an active phishing domain masquerading as a legitimate Outlook PST file viewer. The threat level remains under investigation, though evidence suggests imminent risk to users seeking to recover or access PST files. The domain’s infrastructure and registration details warrant heightened scrutiny due to its potential to harvest sensitive email data. This domain resolves to IP address 135.181.164.218 and is registered through GoDaddy.com, LLC. The domain’s SSL certificate—issued by Let’s Encrypt—does not guarantee legitimacy, as phishing actors frequently exploit trusted CAs to evade detection. Registered in January 2003, the domain’s age may lend it an air of credibility, but its current activity aligns with known phishing tactics. VirusTotal currently reports 0/95 detections, indicating it remains undetected by most antivirus engines. Without presence on major blocklists or low trust scores, the domain’s malicious nature is not yet widely recognized, increasing the risk of successful exploitation. To mitigate exposure, users should immediately block pstviewer.oemailrecovery.com at the network and DNS levels. Organizations are advised to inspect outbound traffic for connections to 135.181.164.218 and scan endpoints for signs of credential harvesting. Given the domain’s use of a Let’s Encrypt certificate, security teams should prioritize TLS inspection to detect malicious payloads. Users interacting with PST-related tools should verify the legitimacy of the source domain and avoid entering credentials or sensitive data. PhishDestroy recommends treating this domain as hostile until further forensic analysis confirms its operational status. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2003-01-28 19:27:59 - Registrar: GoDaddy.com, LLC - IP: 135.181.164.218 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/915d96df-ee10-4e73-b115-9334c2d27641 - PhishDestroy: https://phishdestroy.io/domain/pstviewer.oemailrecovery.com/ - LLM endpoint: https://phishdestroy.io/domain/pstviewer.oemailrecovery.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/pstviewer.oemailrecovery.com/ Last updated: 2026-03-22