# h5.xauulive.com — SUSPICIOUS

> Discover how h5.xauulive.com lures victims with fake streaming services. Full phishing report with IP, VT data, and safety steps. Check the full report.

## Summary
PhishDestroy identifies h5.xauulive.com as an active phishing domain impersonating a popular streaming service to harvest user credentials. The domain was flagged under investigation with a risk level of under_investigation, indicating potential but unverified harm to end users.

Analysis reveals this domain resolves to IP 172.67.162.122 and was registered on February 24, 2026, through GMO Internet, Inc., a common registrar associated with malicious domains. Despite utilizing a Let's Encrypt SSL certificate for perceived legitimacy, the domain shows 0 out of 95 detections on VirusTotal, suggesting it has evaded detection by most antivirus engines. Current blocklist status remains unverified, but the recent registration date and lack of detections raise concerns about its rapid deployment in ongoing campaigns.

Users targeted by this domain may experience credential theft, financial fraud, or malware exposure. Mitigation includes blocking the domain and IP at the network perimeter, disabling automatic SSL certificate validation for suspicious domains, and educating employees or users about verifying domain authenticity. Immediate reporting to PhishDestroy or relevant CERT teams is advised to prevent further exploitation. For comprehensive indicators of compromise and remediation steps, access the full threat report.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-24 23:34:04
- Registrar: GMO Internet, Inc.
- IP: 172.67.162.122

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/h5.xauulive.com
- PhishDestroy: https://phishdestroy.io/domain/h5.xauulive.com/
- LLM endpoint: https://phishdestroy.io/domain/h5.xauulive.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/h5.xauulive.com/
Last updated: 2026-04-06