# 19980406.xyz — MALICIOUS

> Caution: The phishing domain 19980406.xyz posed a serious risk. It is now offline, but users should stay vigilant against related threats.

## Summary
PhishDestroy identifies 19980406.xyz as a high-risk generic phishing domain. Its primary threat involves attempting to deceive users into divulging sensitive information or credentials. Due to this high threat level, exposure to the domain could have led to significant data compromise or financial loss.

Supporting evidence highlights that 19980406.xyz was flagged by 13 out of 95 antivirus and security vendors on VirusTotal, confirming widespread detection among cybersecurity tools. It also appeared on a known security blocklist, underpinning its malicious reputation. The domain was registered recently in February 2026 through a dead domain registrar, a tactic often used by cybercriminals to mask ownership and evade scrutiny.

Mitigation efforts appear successful as the domain is currently offline, reducing immediate risk to users. However, PhishDestroy recommends continued vigilance, as threat actors may attempt to recreate or redirect traffic to similar domains. Users should avoid clicking suspicious links related to this domain and ensure their security software remains up to date to guard against possible phishing attempts.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 530)
- Target brand: Gemini
- Page title: 验证页面 - Gemini Balance

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- IP: 172.67.221.182
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- SSL Issuer: WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["alphaMountain.ai", "CRDF", "CyRadar", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "Gridinsoft", "Lionic", "Netcraft", "Seclookup", "SOCRadar", "Sophos", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ba306-b16c-723c-b8c4-cd89f74603a1.png
- PhishDestroy: https://phishdestroy.io/domain/19980406.xyz/
- LLM endpoint: https://phishdestroy.io/domain/19980406.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/19980406.xyz/
Last updated: 2026-03-19