# orvexara-portal.com — MALICIOUS

> orvexara-portal.com is a credential harvesting domain impersonating Microsoft, flagged by 19 of 95 VirusTotal vendors.

## Summary
PhishDestroy identifies orvexara-portal.com as an active credential harvesting domain currently impersonating a Microsoft portal.

This domain was flagged by 19 of 95 VirusTotal security vendors, registered through Dynadot Inc on March 13, 2026. It resolves to IP 172.67.178.108 and utilizes a Let's Encrypt SSL certificate. The domain exhibits elevated risk potential with a 20% detection rate among security vendors.

Current status indicates active operation with high-risk characteristics. Immediate action is required: users must avoid interacting with this domain, verify all login portals through official Microsoft channels, and report suspicious communications. Organizations should update blocklists to include orvexara-portal.com and its associated IP address. Enhanced monitoring for credential theft attempts is strongly recommended during this active campaign period.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-13 06:01:39
- Registrar: Dynadot Inc
- IP: 172.67.178.108

## Detection Status
- VirusTotal: 19 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/fae149f0-b79c-4f16-9394-efc975117d34
- PhishDestroy: https://phishdestroy.io/domain/orvexara-portal.com/
- LLM endpoint: https://phishdestroy.io/domain/orvexara-portal.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/orvexara-portal.com/
Last updated: 2026-04-13