# link.hiper-ofertas.com — MALICIOUS > PhishDestroy identifies hiper-ofertas.com as an active credential theft phishing domain. 15/95 VirusTotal vendors flag the site, registered via GoDaddy. ## Summary PhishDestroy identifies hiper-ofertas.com as an active credential theft phishing domain. This domain was flagged by 15 out of 95 VirusTotal security vendors, indicating elevated risk and consistent malicious activity. The domain resolves to IP address 80.209.249.242 and operates with a Let's Encrypt SSL certificate to appear legitimate. Registered through GoDaddy.com, LLC on June 12, 2019, the domain has been active for over five years, providing ample time for threat actors to deploy phishing campaigns. This domain employs generic phishing tactics to harvest user credentials, likely targeting unsuspecting victims under the guise of promotional offers or account verification. Technical indicators include its association with a known malicious IP and a high-risk trust score from multiple security vendors. The low detection ratio on VirusTotal (15/95) suggests that while some defenses are in place, the threat remains under the radar for less sophisticated users or tools. The use of Let's Encrypt certificates adds a veneer of legitimacy, tricking users into believing the site is secure. To mitigate exposure to this credential theft phishing domain, organizations and individuals should immediately block hiper-ofertas.com and its associated IP address (80.209.249.242) at the network firewall or DNS level. Users should verify website authenticity before entering credentials and avoid clicking on unsolicited links. Security teams are advised to update threat intelligence feeds with this domain's indicators and conduct user awareness training to recognize phishing attempts. Timely action is critical to prevent credential compromise and potential downstream attacks. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2019-06-12 12:59:38 - Registrar: GoDaddy.com, LLC - IP: 80.209.249.242 ## Detection Status - VirusTotal: 15 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/link.hiper-ofertas.com - PhishDestroy: https://phishdestroy.io/domain/link.hiper-ofertas.com/ - LLM endpoint: https://phishdestroy.io/domain/link.hiper-ofertas.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/link.hiper-ofertas.com/ Last updated: 2026-04-10