# migrate-pomkori.xyz — SUSPICIOUS > migrate-pomkori.xyz is a newly detected PayPal phishing domain with 0 VirusTotal detections. Check the full report for IOCs and mitigation steps. ## Summary PhishDestroy identifies migrate-pomkori.xyz as a live PayPal phishing domain currently under investigation. The site is actively resolving and leverages a recently registered domain to impersonate PayPal, a high-risk financial brand. No indicators of compromise have been published by major threat feeds, but the domain's behavior and infrastructure warrant immediate scrutiny. This domain was flagged by 0 of 95 VirusTotal vendors as of March 16, 2026. Migrate-pomkori.xyz is registered through OwnRegistrar, Inc. and resolves to IP 188.114.97.3. Originally created on March 16, 2026, the domain has not yet appeared on any major blocklists and maintains a neutral-to-positive trust score across reputation engines, which is atypical for confirmed phishing infrastructure. The Let's Encrypt SSL certificate suggests an attempt to appear legitimate, while the lack of detections indicates a potential zero-day campaign. The current status of migrate-pomkori.xyz remains active with no active takedown efforts detected. Organizations and users should block traffic to this domain at the firewall and DNS levels. Employees and customers should be warned about PayPal-themed phishing lures, especially those involving account verification or payment issues. Security teams are advised to monitor for related domains registered around the same time or resolving to the same IP, as well as any observed TLS certificate issuance patterns. Immediate IOC ingestion is recommended to prevent lateral movement in case of credential theft. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-16 21:40:03 - Registrar: OwnRegistrar, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/984aca21-cbc6-4794-8da7-c4f14e918065 - PhishDestroy: https://phishdestroy.io/domain/migrate-pomkori.xyz/ - LLM endpoint: https://phishdestroy.io/domain/migrate-pomkori.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/migrate-pomkori.xyz/ Last updated: 2026-03-24