# pokgh.com — MALICIOUS

> pokgh.com is a crypto-draining phishing domain, active since March 2026, flagged by 9/95 VirusTotal scanners.

## Summary
PhishDestroy identifies pokgh.com as a live cryptocurrency-draining domain that actively lures victims under the guise of a spoofed brand interface. This domain operates a generic crypto-drainer kit designed to siphon private keys and tokens from unsuspecting users during wallet connection flows. No specific brand impersonation has been confirmed at this stage, but the drainer employs obfuscated JavaScript to intercept and exfiltrate transaction approvals without user consent.

This domain resolves to IP 64.236.164.8 and leverages a Let’s Encrypt SSL certificate to appear legitimate. It was registered on March 24, 2026 through OwnRegistrar, Inc., and currently shows a VirusTotal detection score of 9 out of 95 security vendors. Google Safe Browsing (GSB) has not yet blacklisted this domain, and no public blocklist hits are recorded in major threat intelligence feeds. Despite its recent creation, the domain has already drawn attention from multiple AV engines, signaling elevated malicious intent.

As of this report, pokgh.com remains active and unblocked across most network defenses. Immediate response includes updating browser and DNS blocklists to include this domain and IP. Users are strongly advised to avoid visiting pokgh.com and to verify any similar domains using PhishDestroy’s real-time threat lookup. While the risk is elevated due to active hosting and cryptocurrency targeting, proactive blocking can prevent further compromise. Remaining risk persists for users who may encounter the domain through social engineering campaigns or malvertising.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-24 08:40:31
- Registrar: OwnRegistrar, Inc.
- IP: 64.236.164.8

## Detection Status
- VirusTotal: 9 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/3a12bf03-4adb-424f-803c-9ec0d0339bb7
- PhishDestroy: https://phishdestroy.io/domain/pokgh.com/
- LLM endpoint: https://phishdestroy.io/domain/pokgh.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/pokgh.com/
Last updated: 2026-03-30