# validate-gobmx.iceiy.com — MALICIOUS

> validate-gobmx.iceiy.com is an active generic phishing domain impersonating legitimate services, flagged by 13/95 security vendors.

## Summary
PhishDestroy identifies validate-gobmx.iceiy.com as an active generic phishing domain hosting a credential harvesting kit targeting unsuspecting users under the guise of validation services. The domain does not appear to impersonate a specific brand but leverages generic lures to deceive visitors into entering sensitive information. The infrastructure supports a phishing drainer kit designed to siphon credentials and session tokens, likely distributed via spam emails, fake ads, or compromised redirects. This campaign prioritizes mass targeting over brand-specific deception, exploiting trust in generic validation narratives.

Technical analysis confirms the following indicators: the domain was registered through Porkbun LLC, resolved to IP address 185.27.134.163, and carries a ZeroSSL certificate. The domain was created on December 06, 2020, and currently exhibits a VirusTotal detection score of 13 out of 95 security vendors. While Google Safe Browsing (GSB) status is not explicitly confirmed in the dataset, the low VT score indicates limited but active detection across security ecosystems. The domain remains unlisted on major blocklists as of latest checks, suggesting ongoing operational status without widespread takedown enforcement.

Current status remains active as of seed 2f5e07. Immediate response actions include DNS and IP blocking of 185.27.134.163 and validate-gobmx.iceiy.com across networks and endpoints. Users are advised to avoid any interaction with the domain, including links or attachments. Security teams should flag the domain in proxy filters and email gateways, and monitor for related infrastructure pivots. Remaining risk is elevated due to active use and low blocklist coverage. Proactive takedown requests to the registrar and hosting provider are recommended, alongside user awareness campaigns to reduce exposure to generic phishing lure campaigns.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2020-12-06 10:50:01
- Registrar: Porkbun LLC
- IP: 185.27.134.163

## Detection Status
- VirusTotal: 13 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/657e4030-476c-4cf8-bca9-54dc78879c8a
- PhishDestroy: https://phishdestroy.io/domain/validate-gobmx.iceiy.com/
- LLM endpoint: https://phishdestroy.io/domain/validate-gobmx.iceiy.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/validate-gobmx.iceiy.com/
Last updated: 2026-03-29