# sermazade.com — SUSPICIOUS > PhishDestroy identifies sermazade.com as a fake coupon scam posing as a retail rewards site. Resolves to IP 91.236.116. ## Summary PhishDestroy has placed sermazade.com under active investigation as a generic phishing domain designed to harvest credentials under the guise of a retail rewards program. The site masquerades as a legitimate coupon or loyalty portal, luring visitors with false discounts and requiring login or payment-card entry to "claim offers." All traffic is directed to the single IP address 91.236.116.172, which currently hosts no other benign content, indicating a dedicated phishing infrastructure. Domain telemetry confirms sermazade.com was registered on March 1, 2026 through NETIM and secured with a Let’s Encrypt SSL certificate, a common tactic to appear trustworthy. VirusTotal analysis at the time of flagging returned 0 detections out of 95 engines, leaving the domain unlisted on major blocklists and yielding neutral trust scores across all reputation services. Despite the absence of current blocklist entries, the domain’s age (hours old) and the singular hosting IP strongly correlate with newly spun-up phishing campaigns that evade signature-based detection in their infancy. To mitigate exposure, users should refrain from visiting sermazade.com or clicking any links purportedly sent via email, SMS, or social media. Network defenders are advised to block the IP 91.236.116.172 at the perimeter and to monitor internal DNS queries for the domain. If credentials or payment details were entered, immediately rotate passwords, revoke saved payment methods, and report the incident to the relevant financial institution. Domain registrars and hosting providers should be notified to expedite takedown using the seed identifier d79e38 to accelerate cross-vendor response. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-01 16:30:55 - Registrar: NETIM - IP: 91.236.116.172 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/925780c1-a22f-4333-8ee7-cb0e20d1cf9a - PhishDestroy: https://phishdestroy.io/domain/sermazade.com/ - LLM endpoint: https://phishdestroy.io/domain/sermazade.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/sermazade.com/ Last updated: 2026-03-23