# xn--guada-lp1b.com — MALICIOUS

> Warning: The phishing domain xn--guada-lp1b.com impersonates Guarda Wallet. Avoid interaction to protect your crypto assets.

## Summary
PhishDestroy identifies xn--guada-lp1b.com as a high-risk generic phishing domain targeting cryptocurrency users by mimicking the official Guarda Wallet website. The page title closely replicates the legitimate service to deceive victims into divulging sensitive information.

This domain was registered on March 11, 2026, through Dynadot LLC and currently resolves to IP address 63.251.122.121. It appears on three separate security blocklists and is flagged by 12 out of 95 VirusTotal security vendors, confirming its malicious intent. The domain infrastructure and registration details align with typical phishing campaign tactics aimed at crypto wallet users.

The campaign remains active and continues to pose a significant threat to users. Immediate caution is advised when encountering communications or links associated with xn--guada-lp1b.com. PhishDestroy recommends blocking this domain and monitoring for any related phishing attempts to mitigate potential credential theft and financial loss.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 200)
- Page title: Guarda Wallet — Secure Multi-Currency Crypto Wallet | Official Website

## Domain Intelligence
- Registered: 2026-03-11 15:07:01
- Registrar: Dynadot LLC
- Country: US
- IP: 63.251.122.121
- IP Country: ES
- IP City: Barcelona
- IP Org: AS200220 servinga GmbH
- Nameservers: ["ns1.fornex.com", "ns2.fornex.com"]
- SSL Issuer: Let's Encrypt / R13

## Detection Status
- VirusTotal: 12 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "CRDF", "CyRadar", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "Gridinsoft", "Mimecast", "Netcraft", "SOCRadar", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce20c-c4e9-723f-8158-86b8d40b9581.png
- PhishDestroy: https://phishdestroy.io/domain/xn--guada-lp1b.com/
- LLM endpoint: https://phishdestroy.io/domain/xn--guada-lp1b.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xn--guada-lp1b.com/
Last updated: 2026-03-19