# portalbot-command.pages.dev — MALICIOUS

> PhishDestroy identifies portalbot-command.pages.dev as a credential harvesting page. VirusTotal flags 6/95 vendors. Verify exposure; check full report now.

## Summary
PhishDestroy identifies active credential harvesting operations linked to portalbot-command.pages.dev, a recently registered domain weaponized to steal user login credentials and sensitive session data.

This domain was flagged by six of ninety-five VirusTotal security vendors, indicating a high likelihood of malicious intent. Registered through Cloudflare, Inc. and resolving to IP 172.66.44.88 via Google Trust Services SSL certification, portalbot-command.pages.dev is currently distributing deceptive login portals masquerading as legitimate authentication interfaces. The domain’s recent activation and immediate detection demonstrate a targeted attempt to compromise accounts across multiple platforms, with risk amplification due to its integration with trusted infrastructure providers.

Users who accessed portalbot-command.pages.dev should immediately revoke any entered credentials, log out of affected accounts, and enable multi-factor authentication where available. Conduct a full account audit, including password changes and session review, especially for services previously accessed from shared or public devices. Report the domain to your organization’s security team or via your browser’s safe-browsing tool to prevent further propagation. Monitor financial and personal accounts for unusual activity and remain vigilant against follow-on credential stuffing attacks. Ignoring this warning increases exposure to account takeover and data loss.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.88

## Detection Status
- VirusTotal: 6 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d353fd3e-b42e-4f33-899c-5d72ab54feac
- PhishDestroy: https://phishdestroy.io/domain/portalbot-command.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/portalbot-command.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/portalbot-command.pages.dev/
Last updated: 2026-03-24