# portal-descuentospostpagos.com — MALICIOUS > portal-descuentospostpagos.com is distributing fake post-payment discount scams. 6 out of 95 VirusTotal engines flag this domain; check the full report. ## Summary portal-descuentospostpagos.com has been classified by PhishDestroy as an active fake-post-payment-discount phishing domain with an elevated risk level. The site lures users with bogus post-payment discounts in order to harvest payment credentials and personal data. This domain was flagged by PhishDestroy on January 24 2025 after VirusTotal analysts reported 6 of 95 security vendors detecting malicious content. VirusTotal link analysis confirms the domain resolves to IPv4 3.151.195.172 and is served via an Amazon-issued SSL certificate. Registrar.eu (Hosting Concepts B.V.) recorded the creation on January 24 2026, indicating the campaign was stood up within the last 24 hours. At time of writing the domain is active on the live web and is not yet present on major public blocklists, yielding a low aggregate trust score. Mitigation steps for the specific fake-post-payment-discount threat include immediately ceasing any form submissions on the site, clearing browser cookies and cached credentials associated with the domain, and blocking both the domain and its resolving IP 3.151.195.172 at the network perimeter. Users who may have already entered data should rotate all reused passwords and monitor financial accounts for unauthorized transactions. Security teams are encouraged to add YARA and Snort signatures referencing the seed 0b896d to enhance detection coverage across email gateways and endpoint sensors. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-01-24 22:49:39 - Registrar: Hosting Concepts B.V. d/b/a Registrar.eu - IP: 3.151.195.172 ## Detection Status - VirusTotal: 6 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/234a6434-b656-4f7e-852f-add6dc763280 - PhishDestroy: https://phishdestroy.io/domain/portal-descuentospostpagos.com/ - LLM endpoint: https://phishdestroy.io/domain/portal-descuentospostpagos.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/portal-descuentospostpagos.com/ Last updated: 2026-03-23