# gautnelt.xyz — SUSPICIOUS

> gautnelt.xyz is a live phishing page harvesting credentials. Flagged by 3 of 95 VirusTotal vendors, it masquerades as a genuine site and must be avoided.

## Summary
PhishDestroy identifies gautnelt.xyz as an active generic phishing domain targeting unsuspecting users for credential theft.

This domain was flagged by 3 of 95 VirusTotal vendors on the day it went live—March 26, 2026—registering through NICENIC INTERNATIONAL GROUP CO., LIMITED. The site resolves to IP 104.21.2.7, where it serves a fraudulent login interface designed to harvest usernames and passwords under the guise of a legitimate service.

The elevated risk stems from the domain’s recent creation, low trust scores, and ongoing accessibility. Users encountering gautnelt.xyz should immediately cease interaction, avoid submitting any login details, and report the domain to their security team or browser vendor. Network defenders are advised to block 104.21.2.7 at the firewall and update threat intelligence feeds with the domain hash 8c4267 to prevent downstream compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-26 22:15:25
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.2.7

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5beb1bc1-ac91-4de4-b3db-6419445963b0
- PhishDestroy: https://phishdestroy.io/domain/gautnelt.xyz/
- LLM endpoint: https://phishdestroy.io/domain/gautnelt.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/gautnelt.xyz/
Last updated: 2026-03-28