# www.papycho.fr — SUSPICIOUS

> papycho.fr poses as a legitimate site but is a credential-harvesting page flagged by 1 of 95 VirusTotal engines, resolving to 216.198.79.1.

## Summary
PhishDestroy identifies www.papycho.fr as an active generic phishing domain leveraging a fake login interface to harvest user credentials, with no clear brand affiliation or drainer kit detected. The domain was created on March 12, 2026, and currently resolves to IP 216.198.79.1. Exactly one of 95 VirusTotal security vendors has flagged this domain as malicious, while the SSL certificate was issued by Let's Encrypt. Hosting Concepts B.V., operating as Openprovider, processed the domain registration.


Technical indicators highlight a low detection score of 1/95 on VirusTotal, a recent creation date, and registration through a European hosting provider. The domain operates without a Google Safe Browsing (GSB) classification and remains absent from major threat intelligence blocklists, suggesting it is a newly deployed infrastructure. Although the SSL certificate adds superficial legitimacy, the lack of broader detection underscores the stealthy nature of this campaign.


The domain remains active and poses an elevated risk to users who may be deceived by its appearance. Immediate response includes blocking all traffic to 216.198.79.1 and www.papycho.fr at network and endpoint levels. Users should avoid accessing the domain and inspect local DNS caches for signs of compromise. While the current threat is contained, its recent creation and low detection rate indicate potential for escalation, requiring continuous monitoring and proactive user alerting.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-12 22:11:36
- Registrar: Hosting Concepts B.V. d/b/a Openprovider
- IP: 216.198.79.1

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e33756f4-631a-41df-be7c-ba0bf06065ce
- PhishDestroy: https://phishdestroy.io/domain/www.papycho.fr/
- LLM endpoint: https://phishdestroy.io/domain/www.papycho.fr/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/www.papycho.fr/
Last updated: 2026-03-22