# wwv-portfolio-upheld.pro — SUSPICIOUS > PhishDestroy identifies wwv-portfolio-upheld.pro as a crypto-drainer scam. Domain is live with 0/95 VirusTotal detections. Block immediately and warn users. ## Summary PhishDestroy identifies wwv-portfolio-upheld.pro as an active crypto-drainer scam leveraging generic brand impersonation tactics. The domain mimics a professional portfolio site to trick cryptocurrency users into connecting drainer-infested wallets, resulting in immediate fund extraction upon transaction authorization. No known drainer kit signature has been publicly released, suggesting either a zero-day deployment or heavily obfuscated JavaScript payload delivered through fake “portfolio showcase” pages. The threat actor’s goal is direct asset theft via unauthorized token approvals and transaction signing, targeting users actively engaging with Web3 interfaces. Technical indicators confirm malicious infrastructure with zero detections across 95 VirusTotal engines as of analysis time. The domain resolves to IP 188.114.97.3, assigned to Cloudflare infrastructure, and is secured with a Let’s Encrypt SSL certificate issued for domain validation. Domain registration occurred on March 31, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known for bulk registrations and privacy protection services that obscure true ownership. Google Safe Browsing (GSB) currently does not flag the domain, and public blocklists show no prior inclusion, indicating a newly activated campaign with minimal historical exposure. This domain remains active under investigation with an elevated risk profile due to zero detection coverage and rapid deployment. PhishDestroy assesses the campaign as HIGH IMPACT given the likelihood of successful fund extraction upon wallet connection. Immediate blocking at DNS and endpoint levels is recommended, coupled with user awareness campaigns targeting cryptocurrency users. Until full takedown or blocklisting occurs, all interactions with wwv-portfolio-upheld.pro should be treated as high-risk, with potential exposure to unauthorized fund transfers. Real-time monitoring and threat intelligence sharing are critical to prevent further victimization. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-31 19:21:57 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/wwv-portfolio-upheld.pro - PhishDestroy: https://phishdestroy.io/domain/wwv-portfolio-upheld.pro/ - LLM endpoint: https://phishdestroy.io/domain/wwv-portfolio-upheld.pro/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/wwv-portfolio-upheld.pro/ Last updated: 2026-04-04