# war-reward.xyz — MALICIOUS

> Stay cautious of war-reward.xyz, a suspicious domain involved in phishing schemes. Avoid sharing personal info or clicking links on this site.

## Summary
PhishDestroy has identified war-reward.xyz as an active domain associated with generic phishing activities. Although the risk level is currently rated as low, users should remain vigilant. Phishing sites like this one attempt to trick visitors into divulging sensitive information such as login credentials, financial details, or personal data by masquerading as legitimate services or offers. The domain was registered recently, on March 5, 2026, which can be a red flag for suspicious activity.

This phishing operation typically works by luring users with enticing messages or fake rewards, aiming to harvest their information through deceptive web forms or downloads. The domain resolves to IP 104.21.96.68 and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar sometimes linked to malicious registrations. Though VirusTotal reports only 2 out of 95 vendors flagging this domain, this low detection rate does not guarantee safety, as phishing infrastructure often evades many automated scanners.

If you have visited war-reward.xyz, it is important to avoid entering any personal or financial information. Immediately clear your browser cache and cookies, and consider running a full antivirus scan on your device. Monitor your accounts for any unusual activity and change passwords if you suspect compromise. Reporting the domain to your security team or using platforms like PhishDestroy can help protect others from falling victim to this phishing attempt.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 530)
- Page title: $WAR DISTRIBUTION

## Domain Intelligence
- Registered: 2026-03-05 21:07:02
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- Country: HK
- IP: 104.21.96.68
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: gwen.ns.cloudflare.com langston.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 5 vendors flagged
  Vendors: ["alphaMountain.ai", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 4 hits
  Lists: ["PhishDestroy", "MetaMask", "ScamSniffer", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cbf91-5c17-7212-88da-e935e7fd719a.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/war-reward.xyz
- PhishDestroy: https://phishdestroy.io/domain/war-reward.xyz/
- LLM endpoint: https://phishdestroy.io/domain/war-reward.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/war-reward.xyz/
Last updated: 2026-03-16