# xaman-team.icu — SUSPICIOUS > xaman-team.icu is a credential theft phishing domain flagged by 4/95 VirusTotal vendors. SSL-backed domain registered April 2026 via NICENIC INTERNATIONAL. ## Summary PhishDestroy identifies xaman-team.icu as an active credential theft phishing campaign targeting users under the guise of a legitimate team portal. The domain exhibits multiple red flags including low trust scores and recent registration, indicating a high-risk threat vector. xaman-team.icu was registered on April 06, 2026 through NICENIC INTERNATIONAL GROUP CO., LIMITED and resolves to IP 188.114.96.3. The domain carries a Let's Encrypt SSL certificate and has been flagged by 4 out of 95 VirusTotal security vendors, suggesting minimal but concerning detection. With a recent creation date and no established reputation, this domain is likely part of a short-lived campaign designed for rapid credential harvesting. Unlike long-running phishing operations, this domain’s newness and low detection rate increase the risk of successful user exploitation. This threat specifically targets unsuspecting users through deceptive login interfaces, aiming to steal usernames, passwords, and potentially two-factor authentication codes under the guise of a legitimate Xaman team portal. The infrastructure (188.114.96.3) has been associated with low-reputation hosting, further indicating malicious intent. Given the absence of widespread blocklisting and the use of a trusted SSL certificate, users may unknowingly enter credentials into fraudulent forms. Immediate mitigation includes blocking the domain xaman-team.icu at the network and DNS level. Users should verify any unexpected login prompts by cross-referencing official channels and avoid entering credentials unless the URL and SSL certificate are verified. Security teams should monitor for exfiltrated credentials and update firewall rules to block traffic to 188.114.96.3. Proactive user education on identifying phishing lures and verifying domains is essential to reduce successful credential theft incidents. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-06 21:37:33 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.96.3 ## Detection Status - VirusTotal: 4 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/1b9768e8-21f8-4a0f-85bd-c9c9701c57af - PhishDestroy: https://phishdestroy.io/domain/xaman-team.icu/ - LLM endpoint: https://phishdestroy.io/domain/xaman-team.icu/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/xaman-team.icu/ Last updated: 2026-04-11