# iomas.xyz — MALICIOUS

> iomas.xyz was identified as a phishing domain and is now offline. Learn how this site posed risks and steps to stay safe from scams.

## Summary
PhishDestroy identifies iomas.xyz as a medium-risk phishing domain that was actively used to deceive users into revealing sensitive information. Despite being recently created, the domain triggered alerts due to suspicious behavior and appeared on a security blocklist, placing visitors at risk of identity theft or financial loss.

This phishing operation exploited encrypted connections but failed SSL handshake, possibly to mimic legitimate sites and lure users into entering credentials or personal data. By impersonating trusted services, iomas.xyz attempted to harvest confidential information, making it critical to avoid interacting with suspicious links or unsecured forms.

Since iomas.xyz is currently offline, immediate threat exposure is reduced; however, anyone who visited the site should monitor their accounts for unusual activity and change passwords if credentials were submitted. Users are encouraged to enable multi-factor authentication and keep security software updated to defend against similar phishing attempts.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Page title: iomas.xyz | 525: SSL handshake failed

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 172.67.173.79
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["khloe.ns.cloudflare.com", "melnicoff.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 5 vendors flagged
  Vendors: ["Ermes", "Forcepoint ThreatSeeker", "Fortinet", "Gridinsoft", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ba82e-3277-7367-9893-9f90d9e8e3c8.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/ca3ecaa0-eff4-443a-8110-629b634e998b
- PhishDestroy: https://phishdestroy.io/domain/iomas.xyz/
- LLM endpoint: https://phishdestroy.io/domain/iomas.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/iomas.xyz/
Last updated: 2026-03-19