# ofertasenmayopost.pages.dev — MALICIOUS

> ofertasenmayopost.pages.dev is a fake coupons/discounts phishing page flagged by 15 of 95 VirusTotal vendors. Check the full report.

## Summary
ofertasenmayopost.pages.dev is a confirmed phishing domain impersonating retail brands to distribute counterfeit discount coupons via Cloudflare Pages. This campaign specifically targets Spanish-speaking users with fraudulent "oferta especial" (special offer) lures, requesting payment details for alleged shipping fees. The site remains active as of the latest assessment.    This domain was flagged by 15 of 95 VirusTotal vendors, is registered through Cloudflare, Inc., and resolves to IP 172.66.44.137 with a Google Trust Services SSL certificate. The page appears to leverage Cloudflare Pages’ free hosting to evade traditional takedown measures while maintaining a veneer of legitimacy through HTTPS. Despite its recent creation, the domain has already accumulated multiple blocklist detections in various threat intelligence feeds.    PhishDestroy assesses this phishing attempt as elevated risk due to its combination of HTTPS legitimacy signals, cloud hosting evasion tactics, and targeted social engineering focusing on constrained-time offers. Users who engaged with this page may have submitted sensitive payment information under the guise of processing coupon redemptions. Immediate actions include verifying any recent online transactions, resetting passwords if the same credentials were reused, and reporting the incident to relevant financial institutions. Consumers are advised to ignore unsolicited discount offers and verify promotions directly through official brand channels.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.137

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/7d8d80af-e41d-4861-89a5-3344ecc5cd6e
- PhishDestroy: https://phishdestroy.io/domain/ofertasenmayopost.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ofertasenmayopost.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ofertasenmayopost.pages.dev/
Last updated: 2026-03-26