# portalpeaqpool.xyz — MALICIOUS > PortalPeaqPool.xyz flagged as a crypto drainer phishing site, already blocked by 3 vendors. VirusTotal shows 6/95 detections. Avoid this domain immediately. ## Summary PhishDestroy identifies portalpeaqpool.xyz as an active crypto drainer phishing domain posing as a legitimate service. This domain mimics the Peaq ecosystem to deceive users into connecting wallets and approving malicious transactions. Attackers leverage a just-in-time domain registration window—created October 08, 2025—to exploit user trust and bypass traditional defenses. This domain was flagged by 6 of 95 VirusTotal security vendors, registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, and already appears on three major blocklists including Polkot, Codeesura, and Enkrypt. It resolves to IP 188.114.96.3 and uses a Google Trust Services SSL certificate to appear legitimate. The combination of freshly registered domains, low detection rates at inception, and rapid flagging by enterprise security platforms indicates a sophisticated and opportunistic campaign likely targeting cryptocurrency users across multiple regions. If you or your organization accessed portalpeaqpool.xyz, disconnect any connected wallets immediately—especially those holding assets on networks like Peaq, Ethereum, or Polkadot. Revoke any unauthorized token approvals via tools such as Etherscan or Revoke.cash. Run a full antivirus scan and audit browser extensions for suspicious activities. Report the domain to your security team or via threat intelligence platforms like Abuse.ch or URLVoid. Proactively warn employees and users about the risks of new crypto-related domains, and consider enforcing DNS filtering rules to block known malicious IPs like 188.114.96.3 across your network. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-10-08 17:55:24 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.96.3 ## Detection Status - VirusTotal: 6 vendors flagged - Google Safe Browsing: clean - Blocklists: 3 hits Lists: ["Polkadot", "Codeesura", "Enkrypt"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/549e2c1e-ffd3-4016-924f-2e42b851425d - PhishDestroy: https://phishdestroy.io/domain/portalpeaqpool.xyz/ - LLM endpoint: https://phishdestroy.io/domain/portalpeaqpool.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/portalpeaqpool.xyz/ Last updated: 2026-03-27