plusvaliaperu.com

Risk Category: Confirmed Phishing & Credential Theft

URLert.com has classified plusvaliaperu.com as a high-risk domain following the discovery of active credential harvesting campaigns. While the root domain purports to be an industrial plumbing supply site, specific subdirectories are being utilized to host sophisticated phishing pages designed to steal sensitive user information.

• Deceptive Document Impersonation: Security analysis has identified pages (specifically under the /mydetailsandcompleteID/ path) that impersonate legitimate document-sharing services. These pages use a fake "Access Your Document" overlay to create a false sense of urgency.
• Multi-Provider Credential Theft: The site features malicious "Continue with" buttons for major service providers, including Microsoft, Google, and Yahoo. These are not legitimate OAuth integrations but are instead designed to capture and exfiltrate usernames and passwords directly to attackers.
• Significant Domain Mismatch: There is a total lack of alignment between the domain name (plusvaliaperu.com), the Turkish-language plumbing content ("Kelepce.org"), and the English-language phishing overlays. This inconsistency is a primary indicator of a compromised domain or a site established solely for malicious redirection.
• Infrastructure Obfuscation: The site utilizes Cloudflare to mask its true origin, a common tactic used by threat actors to prolong the lifespan of phishing campaigns.

Recommendation: Do not interact with this website or enter any credentials into its forms. If you have already submitted information on this domain, change your passwords immediately for your email and corporate accounts, and enable Multi-Factor Authentication (MFA) to prevent unauthorized access.