# promo.travelledger.org — SUSPICIOUS > PhishDestroy identifies promo.travelledger.org as a brand impersonation site targeting Aave. VirusTotal shows 0/95 detections. ## Summary PhishDestroy identifies promo.travelledger.org as a brand impersonation domain masquerading as Aave, a leading decentralized finance (DeFi) protocol. The site is suspected to host a crypto drainer kit designed to siphon funds from unsuspecting users by tricking them into connecting their wallets or entering sensitive credentials. Given the domain’s naming convention and alignment with Aave’s branding, this appears to be a targeted attempt to exploit trust in the DeFi ecosystem, where users frequently interact with protocols like Aave. The inclusion of the word 'promo' in the subdomain may be leveraging urgency or exclusivity to lure victims into engaging with the fraudulent site. Technical indicators for promo.travelledger.org reveal a concerning profile that warrants heightened scrutiny. The domain resolves to IP address 185.158.133.1 and is registered through NETWORK SOLUTIONS, LLC., a legitimate registrar that has been exploited in past phishing campaigns. The domain was created on January 23, 2018, which, while not inherently suspicious, provides ample time for abuse if left unchecked. Notably, the SSL certificate is issued by Google Trust Services, a detail often leveraged by threat actors to lend false legitimacy to malicious sites. As of the latest assessment, VirusTotal reports 0 detections out of 95 scanners, indicating that mainstream security tools have not yet flagged this domain. This lack of detection highlights the evolving tactics of threat actors, who frequently rotate infrastructure and employ obfuscation techniques to evade detection. The absence from Google Safe Browsing (GSB) and other blocklists further underscores the need for proactive user vigilance. The current status of promo.travelledger.org remains active and under investigation, with no immediate takedown action observed. Given the domain’s specific targeting of Aave users and the potential for financial harm, PhishDestroy advises users to exercise extreme caution when encountering this domain or any associated links. Avoid clicking on promotional materials or unsolicited communications referencing this domain. If you have already interacted with the site, disconnect your wallet immediately, revoke any unauthorized permissions, and transfer funds to a secure wallet. Report the domain to your antivirus provider, browser vendor, and relevant authorities (e.g., Google Safe Browsing, PhishTank) to aid in its eventual blacklisting. The remaining risk is classified as high due to the domain’s active status, lack of detections, and the sophisticated nature of crypto drainer campaigns. Users are urged to verify URLs manually and cross-check domains against official Aave communications before engaging. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Aave ## Domain Intelligence - Registered: 2018-01-23 12:53:06 - Registrar: NETWORK SOLUTIONS, LLC. - IP: 185.158.133.1 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/5a887e64-7b34-4f1f-bbbc-ffd047350a7b - PhishDestroy: https://phishdestroy.io/domain/promo.travelledger.org/ - LLM endpoint: https://phishdestroy.io/domain/promo.travelledger.org/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/promo.travelledger.org/ Last updated: 2026-03-24