# orca-rewards.xyz — SUSPICIOUS

> PhishDestroy identifies orca-rewards.xyz as a fake rewards scam site. It mimics legitimate reward programs to steal personal data.

## Summary
PhishDestroy identifies orca-rewards.xyz as a fake rewards phishing domain posing as a legitimate loyalty program to harvest user credentials and payment details. The domain employs deceptive branding to trick victims into submitting sensitive information under the guise of earning rewards. This threat was classified as 'under_investigation' due to ongoing behavioral analysis, but preliminary indicators confirm active phishing operations targeting unsuspecting users.  This domain was flagged by PhishDestroy after being detected on 2 security blocklists, including blocks from SEAL and MetaMask security services. It utilizes a Let's Encrypt SSL certificate to appear legitimate, resolves to IP address 188.114.97.3, and was registered through NameSilo, LLC. VirusTotal currently shows 0 out of 95 security engines detecting the domain, indicating it remains under the radar despite active malicious operations. The domain was created on March 29, 2026, suggesting it is a recently deployed threat designed to exploit short-lived credibility before being flagged by wider security networks.  Mitigation steps for this fake rewards phishing threat require immediate avoidance of the domain and any associated links or emails promoting 'orca-rewards.xyz'. Users should verify the authenticity of reward programs by checking official websites or contacting customer support through verified channels. If any information was entered, users must immediately change passwords, monitor financial accounts for unauthorized transactions, and report the incident to relevant cybersecurity authorities. Organizations should consider blocking the domain at the network level using the IP address 188.114.97.3 and the domain itself to prevent further exposure. Enhanced user education on recognizing phishing tactics, especially those involving fake reward programs, is critical to reducing the risk of credential theft and financial fraud.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-29 03:19:31
- Registrar: NameSilo, LLC
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["SEAL", "MetaMask"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5208b2cc-c890-4211-8be6-e23cdc07837a
- PhishDestroy: https://phishdestroy.io/domain/orca-rewards.xyz/
- LLM endpoint: https://phishdestroy.io/domain/orca-rewards.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/orca-rewards.xyz/
Last updated: 2026-03-29