# portal-exos-io-en.pages.dev — SUSPICIOUS > portal-exos-io-en.pages.dev is a crypto drainer posing as a legitimate portal, with 3/95 VirusTotal detections. Avoid entering wallet details or credentials. ## Summary PhishDestroy identifies portal-exos-io-en.pages.dev as an active crypto drainer impersonating a legitimate service to steal cryptocurrency assets. This domain leverages Cloudflare Pages hosting to obscure its malicious infrastructure while presenting a deceptive interface designed to trick users into connecting their wallets or entering private keys. The threat actor behind this campaign uses social engineering tactics, likely distributing the URL through phishing emails, fake advertisements, or impersonation of trusted crypto platforms to maximize victim engagement. Once a user interacts with the page, the crypto drainer silently initiates unauthorized transactions, transferring funds to wallets controlled by the attackers without requiring additional confirmation from the victim. Security researchers have observed similar campaigns targeting users of major cryptocurrency exchanges and DeFi platforms, emphasizing the need for heightened vigilance when handling digital assets. This domain was flagged by PhishDestroy with an elevated risk rating due to multiple indicators of compromise. VirusTotal analysis shows that only 3 out of 95 security vendors currently detect the domain as malicious, highlighting the stealthy nature of this campaign and the evasiveness of its infrastructure. The domain is registered through Cloudflare, Inc., a legitimate provider often abused by threat actors to host malicious content behind proxy services that mask the true origin. The SSL certificate issued by Google Trust Services further enhances the domain’s credibility, tricking users into believing the site is secure. Additionally, the domain resolves to IP address 172.66.44.182, which has been associated with previous phishing and malware campaigns. While the exact creation date of the domain is not publicly available, its active status and recent detection by security tools confirm its ongoing malicious operations. Users who have visited portal-exos-io-en.pages.dev should immediately disconnect their wallets from the site and revoke any connected permissions through their wallet’s interface or a reputable blockchain explorer. Do not enter any private keys, seed phrases, or wallet passwords on the site, as these can be captured by the crypto drainer. If you suspect your cryptocurrency has been compromised, report the incident to your wallet provider or exchange and file a complaint with relevant authorities such as the FBI’s Internet Crime Complaint Center (IC3) or your local cybercrime unit. To prevent future exposure, use a hardware wallet for high-value assets, enable multi-factor authentication on all accounts, and verify the legitimacy of URLs before interacting with them. Consider using browser extensions that block known phishing domains and crypto drainers to add an extra layer of protection. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.182 ## Detection Status - VirusTotal: 3 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/3eb7a749-d67b-41ac-80d7-d2cc866569a6 - PhishDestroy: https://phishdestroy.io/domain/portal-exos-io-en.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/portal-exos-io-en.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/portal-exos-io-en.pages.dev/ Last updated: 2026-03-22