# ocra-so.site — MALICIOUS

> ocra-so.site is identified as a high-risk phishing domain targeting users with fake trade services. Learn how to stay protected from this active threat.

## Summary
PhishDestroy identifies ocra-so.site as a high-risk phishing domain engaging in generic phishing activities. The site masquerades under the title "Orca | Trade" to lure victims, posing significant risks to unsuspecting users by attempting to steal sensitive credentials or financial information.

Supporting this assessment, ocra-so.site was created recently on February 21, 2026, which is a common trait among fraudulent domains seeking quick exploitation. The domain currently resolves to the IP address 67.223.118.116 and remains active. It has been flagged by 13 out of 95 security vendors on VirusTotal and appears on two separate security blocklists, reinforcing its malicious intent and confirming community-wide recognition of its threat.

Users are strongly advised to avoid interacting with ocra-so.site and to verify the authenticity of trade-related websites carefully. Employing up-to-date security solutions and enabling phishing filters in browsers can reduce the risk of exposure. PhishDestroy continues to monitor the domain, which remains active and poses an ongoing threat to internet users.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 530)
- Page title: Orca | Trade

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- IP: 67.223.118.116
- SSL Issuer: Sectigo Public Server Authentication CA DV R36

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Seclookup", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a6e77-cdd9-769b-9eab-2c7981918285.png
- PhishDestroy: https://phishdestroy.io/domain/ocra-so.site/
- LLM endpoint: https://phishdestroy.io/domain/ocra-so.site/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ocra-so.site/
Last updated: 2026-03-19