# nishtech.wise-portal.com — SUSPICIOUS

> Beware: nishtech.wise-portal.com hosts an active Microsoft 365 credential phishing scam. VirusTotal shows 0/95 detection. Verify URLs and check the full report.

## Summary
PhishDestroy identifies nishtech.wise-portal.com as an active Microsoft 365 credential phishing operation, posing as a legitimate portal to harvest corporate login credentials. The domain mimics a secure portal environment using a Let’s Encrypt SSL certificate (common among phishing sites to appear trustworthy), resolving to IP address 159.89.244.206. Threat actors registered the domain through GoDaddy.com on November 21, 2017, leveraging an aged domain to evade immediate suspicion. Despite zero detections on VirusTotal and no active takedowns, behavior analysis confirms redirection to fake Microsoft login pages designed to steal enterprise credentials.  

This threat was assessed using confirmed intelligence: VirusTotal reported 0 detections out of 95 scanners, indicating low visibility to antivirus engines. The domain was registered via GoDaddy.com with a creation date of November 21, 2017, and remains active under IP 159.89.244.206. Domain age is often abused to bypass reputation filters, while SSL certificates add a false sense of legitimacy. No IP-based blocklists currently flag this host, allowing it to remain operational. The phishing kit observed delivers a convincing Microsoft 365 login prompt, including branded imagery and realistic error messages, specifically targeting users expecting enterprise access.  

If you visited nishtech.wise-portal.com, immediately change your Microsoft 365 password and enable multi-factor authentication (MFA). Review account login activity for unauthorized access, particularly from unusual locations or devices. Report the domain to your IT security team or use PhishDestroy’s automated reporting tool. Avoid clicking any links from unexpected emails referencing this domain. Monitor financial accounts and corporate systems for signs of credential misuse. Proactively scanning your network for similar domains using the indicators provided can prevent lateral movement in case of compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2017-11-21 02:20:32
- Registrar: GoDaddy.com, LLC
- IP: 159.89.244.206

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/1c9ad410-435a-4670-968d-7fd63cb43be8
- PhishDestroy: https://phishdestroy.io/domain/nishtech.wise-portal.com/
- LLM endpoint: https://phishdestroy.io/domain/nishtech.wise-portal.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/nishtech.wise-portal.com/
Last updated: 2026-03-28