# portal-yield.xyz — SUSPICIOUS > portal-yield.xyz impersonates financial portals to steal cryptocurrency wallet credentials. This domain, created March 17, 2026, is linked to IP 104.21.82. ## Summary PhishDestroy identifies portal-yield.xyz as an active cryptocurrency wallet credential theft scam posing as a financial yield portal. The domain leverages impersonation tactics targeting users seeking investment opportunities, with infrastructure designed to harvest private keys, seed phrases, or API access tokens from wallets connected to decentralized finance (DeFi) platforms. No known drainer kit signatures were detected in this sample, suggesting the threat actors may employ custom or obfuscated JavaScript payloads executed via cloned interface overlays. The campaign’s objective is clear: to exfiltrate wallet credentials to facilitate immediate fund abstraction or long-term account takeover in high-value DeFi ecosystems. This domain was flagged with a VirusTotal detection score of 0/95 as of investigation start date using seed a2538f, indicating zero antivirus coverage despite active malicious hosting. It resolves to IPv4 address 104.21.82.50 and was registered through Dynadot LLC on March 17, 2026. Google Safe Browsing (GSB) currently lists this domain as under_investigation with no active block status. Third-party threat intelligence platforms have not yet flagged this domain in common blocklists, increasing exposure risk to users reliant on real-time domain reputation services. The combination of recent registration, low detection coverage, and lack of GSB blocking creates a high-risk window for propagation through unsuspecting users. The scam remains active with domain infrastructure operational and SSL certificate issued by Let’s Encrypt, providing a false sense of legitimacy via HTTPS. Immediate response actions include coordinated takedown requests to the hosting provider (Cloudflare for 104.21.82.50), domain registrar (Dynadot LLC), and SSL issuer to revoke certificate and suspend hosting. Users should block portal-yield.xyz at DNS and browser levels, and report the domain through official channels (e.g., Google Safe Browsing Report Page). Remaining risk is elevated due to low detection coverage and lack of widespread blocking. Users interacting with any financial portal must verify domain authenticity via official project websites, use hardware wallets for transactions, and avoid entering wallet credentials on web interfaces not explicitly trusted. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-17 23:23:26 - Registrar: Dynadot LLC - IP: 104.21.82.50 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/af0c0b62-eeb9-4b73-9373-2a2514e1ae79 - PhishDestroy: https://phishdestroy.io/domain/portal-yield.xyz/ - LLM endpoint: https://phishdestroy.io/domain/portal-yield.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/portal-yield.xyz/ Last updated: 2026-03-30