# zmelto.cfd — MALICIOUS

> zmelto.cfd is a live credential-harvesting phishing domain with 6/95 VirusTotal detections and was registered on April 2, 2026. Check the full report.

## Summary
zmelto.cfd represents an elevated credential-harvesting threat actively luring victims to disclose sensitive login details.

This domain was flagged by six independent security vendors on VirusTotal and is already blocked by OpenPhish and PhishingArmy. It resolves to IP 69.49.246.105, carries a Let’s Encrypt SSL certificate, and was registered on April 2, 2026 through Dominet (HK) Limited.

To mitigate credential-harvesting attempts against zmelto.cfd, immediately block the domain at DNS and network levels, inspect egress traffic for connections to 69.49.246.105, and warn users never to enter credentials on zmelto.cfd or any subpages.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-02 17:37:40
- Registrar: Dominet (HK) Limited
- IP: 69.49.246.105

## Detection Status
- VirusTotal: 6 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["OpenPhish", "PhishingArmy"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/zmelto.cfd
- PhishDestroy: https://phishdestroy.io/domain/zmelto.cfd/
- LLM endpoint: https://phishdestroy.io/domain/zmelto.cfd/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/zmelto.cfd/
Last updated: 2026-04-10