# pubgzhcn.top — MALICIOUS

> pubgzhcn.top is a dangerous phishing domain recently taken offline. Learn how it tricks users and steps to stay protected now.

## Summary
PhishDestroy identifies pubgzhcn.top as a high-risk phishing domain that targeted unsuspecting users with deceptive tactics. Although this domain is currently offline, it posed a significant threat by attempting to steal sensitive information such as login credentials or personal data. Its association with multiple threat intelligence pulses and inclusion in security blocklists highlights the ongoing danger it represented.

This phishing operation worked by masquerading as a legitimate site, likely to lure victims into submitting confidential details. The domain resolved to IP address 213.209.129.98 and was registered through 烟台帝思普网络科技有限公司 in early 2026, indicating a relatively new but aggressive attacker presence. The domain appeared in 13 AlienVault OTX pulses and was flagged by 14 out of 95 VirusTotal security vendors, underscoring its malicious nature.

If you have visited pubgzhcn.top, it is crucial to immediately change any passwords you may have entered and monitor your accounts for suspicious activity. Users should also ensure their devices have updated security software and consider running scans for malware. Staying vigilant against phishing attempts by verifying URLs and avoiding unsolicited links remains the best defense against threats like pubgzhcn.top.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: 烟台帝思普网络科技有限公司
- Country: CN
- IP: 213.209.129.98
- IP Country: RO
- IP City: Bucharest
- IP Org: AS208185 Net Gate Telecom S.R.L.
- Nameservers: ["caroline.dnspod.net.", "burke.dnspod.net."]
- SSL Issuer: none

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Lionic", "Phishing Database", "Seclookup", "SOCRadar", "Sophos", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/0198451a-7711-722e-905c-c290a3cab8c0.png
- PhishDestroy: https://phishdestroy.io/domain/pubgzhcn.top/
- LLM endpoint: https://phishdestroy.io/domain/pubgzhcn.top/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/pubgzhcn.top/
Last updated: 2026-03-19