# postfinexus.com — MALICIOUS

> Postfinexus.com is a phishing domain recently taken offline. Learn how this scam works and protect your data now.

## Summary
PhishDestroy identifies postfinexus.com as a medium-risk phishing domain that was recently taken offline. This site masqueraded as the official French PostFinexus platform for 2025, aiming to deceive users with a convincing page title in French. The domain showed up on multiple security blocklists and had suspicious indicators such as resolving to an unusual IP and being flagged by several threat intelligence sources.

The phishing technique used by postfinexus.com involved creating a fake official website to lure victims into submitting sensitive personal or financial information. By mimicking legitimate branding and language, it aimed to trick users into trusting the site. This form of social engineering exploits users’ trust in official-sounding domains and can lead to account compromise, identity theft, or financial loss.

Users should avoid visiting the domain as it is currently offline but remains a concern due to its prior activity. Always verify URLs carefully and use security tools that block known phishing sites. If you suspect you provided information to a similar fraudulent site, immediately update your passwords and monitor your accounts for suspicious activity. Staying vigilant and informed is key to preventing phishing attacks like this one.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: PostFinexus | Le seul site officiel en France 2025

## Domain Intelligence
- Registered: 2025-11-18 09:46:37
- Expires: 2026-11-18 09:46:37
- Registrar: Metaregistrar BV
- Country: NL
- IP: 172.67.211.115
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: lia.ns.cloudflare.com wilson.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 6 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "CyRadar", "Seclookup", "SOCRadar", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a9b71-d97e-759c-a725-ee31cd858b90.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/87ca167f-eceb-4875-8cc9-6fa8e78ee773
- Wayback Machine: https://web.archive.org/web/https://postfinexus.com
- PhishDestroy: https://phishdestroy.io/domain/postfinexus.com/
- LLM endpoint: https://phishdestroy.io/domain/postfinexus.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/postfinexus.com/
Last updated: 2026-03-19