# portfolio-jan.pages.dev — SUSPICIOUS

> portfolio-jan.pages.dev hosts a fake investment portfolio phishing lure. VirusTotal shows 0/95 detections. Check the full report.

## Summary
PhishDestroy identifies portfolio-jan.pages.dev as a live fake investment portfolio phishing lure currently under investigation. This Cloudflare Pages domain is weaponized to impersonate legitimate financial portfolios, tricking users into divulging sensitive investment credentials or payment data. SSL certification via Let’s Encrypt lends superficial legitimacy, but the domain’s recent creation and pristine detection history warrant caution. Persistent monitoring is required to confirm whether this campaign escalates into broader phishing operations.

Technical indicators confirm the following: VirusTotal shows 0 detections out of 95 engines; the domain resolves to 172.66.44.110 via Cloudflare, Inc.; and registration occurred through Cloudflare’s Pages service, obfuscating true ownership. No blocklist entries or trustworthy reputation scores are currently associated with the domain, indicating it remains in a nascent, high-risk state with minimal historical telemetry.

Immediate mitigation steps include blocking the domain at DNS and network layers, flagging the IP 172.66.44.110 in firewall rules, and educating users to verify portfolio links via official channels before inputting credentials. Security teams should also monitor for newly registered portfolio-themed domains using similar naming patterns to preemptively disrupt copycat campaigns.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.110

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/aaa2f195-c5e3-41bc-9125-af02086e483a
- PhishDestroy: https://phishdestroy.io/domain/portfolio-jan.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/portfolio-jan.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/portfolio-jan.pages.dev/
Last updated: 2026-03-31