# xaman-usa.icu — SUSPICIOUS

> xaman-usa.icu poses a credential theft threat with 0/95 VirusTotal detections. This newly registered domain (April 2026) may trick users into handing over.

## Summary
PhishDestroy identifies xaman-usa.icu as a credential theft site designed to trick users into surrendering sensitive login details such as usernames and passwords. The domain mimics legitimate services, likely targeting victims through deceptive emails or social engineering tactics. Once credentials are entered, attackers can hijack accounts, steal personal data, or conduct fraud under the victim’s identity. Avoid interacting with this site entirely—do not click links or enter any information.

This domain was flagged by PhishDestroy due to multiple red flags including a recent creation date of April 06, 2026, and zero detections out of 95 VirusTotal scans, indicating it remains under the radar of major security engines. The site operates from IP address 188.114.97.3 and uses a Let’s Encrypt SSL certificate to appear trustworthy. It was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known for hosting numerous high-risk domains. These technical indicators suggest this is an emerging threat actively evolving to avoid detection.

If you visited xaman-usa.icu, immediately stop interacting with the site and do not enter any credentials or personal information. Run a full antivirus scan on your device to check for malware or unauthorized access. If you entered any login details, change passwords on all related accounts—including email and financial services—using a different, secure device. Enable two-factor authentication where possible. Report the domain to your IT team or security provider and consider blocking it at the network level. Monitor your accounts closely for unusual activity and report any fraud immediately.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-06 21:37:17
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4f4a407e-c559-4186-a9c8-217d76f0c760
- PhishDestroy: https://phishdestroy.io/domain/xaman-usa.icu/
- LLM endpoint: https://phishdestroy.io/domain/xaman-usa.icu/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xaman-usa.icu/
Last updated: 2026-04-11