# orca-finance-en-us.pages.dev — MALICIOUS

> Orca-finance-en-us.pages.dev is flagged for phishing and social engineering. Learn how it works and what to do if you visited this offline scam site.

## Summary
PhishDestroy identifies orca-finance-en-us.pages.dev as a high-risk phishing domain designed to deceive users into revealing sensitive personal or financial information. Phishing sites like this mimic legitimate services to trick victims into trusting the page, potentially leading to identity theft or financial loss.

This phishing attack operates by presenting a fraudulent website that appears to be related to finance or investment services. Users may be prompted to input login credentials, credit card data, or other private details, which are then harvested by the attackers. The domain was registered recently and is now offline after detection by multiple security vendors and inclusion on several blocklists.

If you have visited orca-finance-en-us.pages.dev, it is critical to immediately change any passwords entered, monitor your financial accounts for unauthorized activity, and consider enabling multi-factor authentication where possible. Avoid interacting with any emails or messages referencing this domain and use trusted antivirus or anti-phishing tools to scan your devices. Staying vigilant helps minimize the risk posed by such fraudulent websites.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.45.46
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["john.ns.cloudflare.com", "elma.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Phishing Database", "Sophos", "Trustwave", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c91c7-5bc5-77a1-9689-7edd0ac07f59.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/1380ea9d-18be-4dc0-81cc-1cd2c399b690
- PhishDestroy: https://phishdestroy.io/domain/orca-finance-en-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/orca-finance-en-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/orca-finance-en-us.pages.dev/
Last updated: 2026-03-19