# guildtop.xyz — SUSPICIOUS > guildtop.xyz is a credential theft phishing site resolving to 188.114.96.3. Avoid login attempts; if visited, reset passwords immediately and scan your device. ## Summary PhishDestroy identifies guildtop.xyz as an active credential-theft phishing domain designed to harvest user login credentials under the guise of a legitimate service. This domain employs social engineering tactics, presenting familiar branding or service interfaces to trick victims into entering their usernames and passwords into counterfeit login forms. Once harvested, these credentials are likely used for unauthorized account access, financial fraud, or further phishing campaigns targeting the victim’s contacts. The domain’s infrastructure lacks advanced obfuscation, relying instead on time-sensitive registration and hosting tactics to evade early detection while maintaining plausible deniability. This domain was flagged with 0 detections out of 95 VirusTotal engines, indicating its novelty and the challenge it poses to signature-based detection systems. It resolves to IP 188.114.96.3 and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known for accommodating high-risk domains. The domain was created on April 02, 2026, and is currently blocked by the OISD blocklist but remains active on one additional security blocklist. Its SSL certificate, issued by Let’s Encrypt, adds a veneer of legitimacy, further complicating user discernment. The combination of recent registration, minimal detection, and blocklist gaps suggests this domain is part of a rapidly evolving phishing operation aimed at exploiting user trust in familiar web interfaces. If you have interacted with guildtop.xyz—whether by visiting the site or entering credentials—immediately assume compromise. Revoke access to any accounts where the same password was reused, enable multi-factor authentication wherever possible, and conduct a full antivirus scan of your device. Monitor financial accounts and inboxes for unusual activity, as stolen credentials may be leveraged within hours. Report the domain to your organization’s security team or through public abuse channels to aid in blocking efforts. Avoid visiting or engaging with this domain in the future, and consider deploying network-level defenses to block traffic to 188.114.96.3 or the domain itself, should it reappear under a new guise. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-02 18:15:20 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["OISD"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/guildtop.xyz - PhishDestroy: https://phishdestroy.io/domain/guildtop.xyz/ - LLM endpoint: https://phishdestroy.io/domain/guildtop.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/guildtop.xyz/ Last updated: 2026-04-04