# lilys-rewards.xyz — MALICIOUS > PhishDestroy identifies lilys-rewards.xyz as a malicious reward scam domain hosted on 188.114.97.3. Flagged by 5/95 VirusTotal engines, avoid entering any. ## Summary PhishDestroy identifies lilys-rewards.xyz as a live reward-themed phishing domain engineered to mimic legitimate loyalty programs. Impersonating a rewards portal, this domain employs social engineering tactics to trick victims into surrendering sensitive credentials or payment data under the guise of redeeming fake prizes. The site is hosted on a single IP address (188.114.97.3), indicating a lightweight, rapidly deployable infrastructure likely controlled by the threat actor. Historically, such reward lures are frequently used to harvest login details for financial accounts or prime targets for further spear-phishing campaigns. This domain exhibits multiple red flags confirmed by aggregated intelligence. VirusTotal’s security stack of 95 engines detected malicious intent in 5 independent evaluations, indicative of a heightened, though not universal, detection consensus. Registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on March 22, 2026, the domain is only days old at the time of writing, reinforcing its opportunistic nature and avoidance of established reputation systems. While the domain secures HTTPS via a Let’s Encrypt certificate—intended to bolster perceived legitimacy—this alone cannot guarantee safety, as threat actors routinely abuse trusted issuers to lend credibility to phishing fronts. The combination of youth, low detection overlap, and thematic deception elevates the risk profile to “elevated”. Users who visited lilys-rewards.xyz should immediately cease any interaction and avoid entering personal or financial data. Inspect browser autofills and saved passwords for exposure, then revoke any credentials that may have been transmitted to the domain. Review financial statements and enable two-factor authentication on high-value accounts as a precaution. If possible, clear browser cache or use a private window to purge residual session data. Report the domain to your organization’s SOC or to public blocklists such as PhishDestroy to aid collective defense. Exercise heightened scrutiny for follow-on spear-phishing or credential-stuffing attempts in the coming days. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-22 22:50:03 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.97.3 ## Detection Status - VirusTotal: 5 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/3e3e3a26-d479-4af7-9b3b-e34bacc47991 - PhishDestroy: https://phishdestroy.io/domain/lilys-rewards.xyz/ - LLM endpoint: https://phishdestroy.io/domain/lilys-rewards.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/lilys-rewards.xyz/ Last updated: 2026-03-25