# guilldapp.xyz — SUSPICIOUS

> guilldapp.xyz is a credential harvesting phishing site flagged by 3 blocklists. Resolves to 188.114.96.3 and registered March 22, 2026.

## Summary
This domain, guilldapp.xyz, is actively engaged in credential harvesting, a form of phishing designed to trick users into surrendering sensitive login information such as usernames, passwords, or financial details. The site mimics legitimate services to deceive visitors into believing they are interacting with a trusted entity, often leading to account takeovers, financial fraud, or identity theft. Users who enter their credentials on this domain risk immediate exposure of their personal and financial data to malicious actors, who can exploit these details for unauthorized access, fraudulent transactions, or further social engineering attacks. PhishDestroy identifies this domain as a high-priority threat due to its active distribution and the severe consequences of falling victim to credential harvesting schemes.  PhishDestroy’s investigation reveals guilldapp.xyz is a recently registered domain, created on March 22, 2026, which is a common tactic among cybercriminals to evade detection by security systems that monitor older domains. The domain is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar that has been associated with numerous malicious domains in the past. This domain resolves to the IP address 188.114.96.3 and has been flagged by 3 security blocklists, including PhishDestroy and OISD, demonstrating its widespread recognition as a threat. Additionally, VirusTotal’s analysis shows that 3 out of 95 security vendors have flagged this domain, further validating its malicious nature. The domain also utilizes a Let’s Encrypt SSL certificate, a feature often exploited by threat actors to lend an air of legitimacy to their fraudulent sites.  If you have visited guilldapp.xyz, immediately cease any interaction with the site and avoid entering any login credentials, personal information, or financial details. Change the passwords for any accounts where you may have reused the same credentials, starting with email and financial accounts, as these are prime targets for credential stuffing attacks. Enable multi-factor authentication (MFA) on all critical accounts to add an extra layer of security. Report the domain to your email provider or organization’s security team, and consider using a reputable password manager to monitor for any unauthorized access. Stay vigilant for unusual activity, such as unexpected login attempts or unfamiliar transactions, and report any suspicious behavior to the appropriate authorities or your financial institution. Proactively monitoring your accounts can help mitigate the impact of credential harvesting and prevent further compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-22 04:51:28
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "OISD", "Hagezi"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ca5c8487-c1ca-4065-914a-9d15bfcc7a94
- PhishDestroy: https://phishdestroy.io/domain/guilldapp.xyz/
- LLM endpoint: https://phishdestroy.io/domain/guilldapp.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/guilldapp.xyz/
Last updated: 2026-03-31