# buff163.paccofacile.com — MALICIOUS

> buff163.paccofacile.com is a medium-risk phishing domain currently offline. Learn how to protect yourself and avoid possible scams from this site.

## Summary
PhishDestroy identifies buff163.paccofacile.com as a domain associated with generic phishing risks. Although currently offline, this domain previously resolved to an IP address linked to suspicious activity. Users encountering this domain may have been exposed to attempts to fraudulently acquire sensitive personal information. Because it appears on a security blocklist and is flagged by some antivirus vendors, it is considered a medium risk and should be treated with caution.

This phishing site was designed to mislead visitors by mimicking legitimate online services or platforms, often prompting users to input confidential data such as login credentials, payment information, or personal identification details. The page title indicates it was linked to PaccoFacile, suggesting attempts to exploit brand trust, though the domain is now for sale and offline. Attackers typically use such domains to harvest data before they are taken down or abandoned.

If you have visited buff163.paccofacile.com, it is important to verify and monitor your accounts for unusual activity, especially if you submitted any passwords or financial data. Change any credentials that may have been entered and consider enabling two-factor authentication where possible. Running a full malware and antivirus scan is recommended to ensure no malicious software was downloaded. Always avoid interacting with suspicious domains and rely on trusted sources for online transactions.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: PaccoFacile: The domain name PaccoFacile.com is for sale

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Dynadot LLC
- Country: US
- IP: 199.59.243.228
- IP Country: US
- IP City: Tampa
- IP Org: AS16509 Amazon.com, Inc.
- Nameservers: ["230.ns1.above.com", "230.ns2.above.com"]
- SSL Issuer: Let's Encrypt / R13

## Detection Status
- VirusTotal: 9 vendors flagged
  Vendors: ["alphaMountain.ai", "BitDefender", "CyRadar", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Sophos", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/01991e93-f2d7-7710-8b5c-cd57bc29cdde.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/5cc3efea-cccb-4cb3-aecc-c6bcce4237f4
- PhishDestroy: https://phishdestroy.io/domain/buff163.paccofacile.com/
- LLM endpoint: https://phishdestroy.io/domain/buff163.paccofacile.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/buff163.paccofacile.com/
Last updated: 2026-03-19