# wzheqlciyo.iostours.net — MALICIOUS

> Warning: wzheqlciyo.iostours.net is flagged for phishing. Avoid interaction as it poses a high risk and is currently offline.

## Summary
PhishDestroy identifies wzheqlciyo.iostours.net as a high-risk phishing domain based on classification under generic phishing threat type. The domain was registered recently on March 07, 2026, suggesting potential malicious intent tied to new fraudulent campaigns.

Technical indicators include its registration through NetEarth One Inc., resolution to IP 20.28.138.229, and presence on one security blocklist. VirusTotal reports 13 security vendors flagging this domain, and Google Safe Browsing categorizes it under social engineering threats, reinforcing its malicious profile.

Currently, wzheqlciyo.iostours.net is taken offline, mitigating immediate risk. Users are advised to avoid this domain and remain cautious of similar suspicious URLs. PhishDestroy continues to monitor its status and related infrastructure for emerging threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Page title: One moment, please...

## Domain Intelligence
- Registered: 2026-03-07 13:07:01
- Registrar: NetEarth One Inc. d/b/a NetEarth
- Country: US
- IP: 20.28.138.229
- IP Country: AU
- IP City: Sydney
- IP Org: AS8075 Microsoft Corporation
- Nameservers: ["ns1.hostgeek.com.au", "ns2.hostgeek.com.au", "ns3.hostgeek.com.au"]
- SSL Issuer: none

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "CRDF", "CyRadar", "Emsisoft", "Fortinet", "G-Data", "Google Safebrowsing", "Mimecast", "Netcraft", "OpenPhish", "Sophos", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc857-5d4c-732d-9d74-c8f7e46c7d4c.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/2f71c381-c113-4533-b431-b6f03219b27e
- Wayback Machine: https://web.archive.org/web/https://wzheqlciyo.iostours.net
- PhishDestroy: https://phishdestroy.io/domain/wzheqlciyo.iostours.net/
- LLM endpoint: https://phishdestroy.io/domain/wzheqlciyo.iostours.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/wzheqlciyo.iostours.net/
Last updated: 2026-03-19