# authports.pages.dev — MALICIOUS

> PhishDestroy identifies authports.pages.dev as a crypto drainer. This site was flagged by 5 of 95 VirusTotal vendors.

## Summary
PhishDestroy confirms that authports.pages.dev is actively hosting a crypto drainer phishing operation as of seed 524cc5. The threat involves deceptive cryptocurrency wallet drainer scripts designed to steal digital assets from unsuspecting users. The domain is currently live and poses an elevated risk to visitors engaging with wallet connection prompts or transaction approvals.


This domain resolves to IP address 188.114.96.3 and was flagged by 5 of 95 VirusTotal security vendors. It is registered through Cloudflare, Inc., and holds a valid SSL certificate issued by Google Trust Services. While the registration date is not specified in available intelligence, the combination of low detection rates and active infrastructure suggests recent deployment designed to evade early-stage blocklists.


Given the elevated threat level and confirmed malicious activity, PhishDestroy recommends immediate avoidance of this domain. Users who may have already interacted with wallet connection prompts or provided transaction approvals should revoke all recent crypto approvals and transfer remaining assets to a newly generated wallet. Monitor blockchain transaction histories for unauthorized transfers and report suspicious wallet addresses to relevant blockchain security teams. Always verify domains against PhishDestroy’s database before entering sensitive information or connecting wallets.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 5 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/da83eaf6-df4b-4e93-9d70-fd8162df5905
- PhishDestroy: https://phishdestroy.io/domain/authports.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/authports.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/authports.pages.dev/
Last updated: 2026-03-21