# greenwall-monvex.com — MALICIOUS > Greenwall-monvex.com is a credential theft domain with 15/95 VirusTotal detections. Block and investigate before users access it. Avoid at all costs. ## Summary PhishDestroy identifies greenwall-monvex.com as a live credential theft domain, currently ranked at high risk with confirmed active status. This domain, registered through NETIM on December 08, 2025, operates as a malicious endpoint dedicated to harvesting user credentials under the guise of legitimate services. The domain has already been flagged by 15 of 95 leading security vendors on VirusTotal and listed by Google Safe Browsing under the SOCIAL_ENGINEERING category, indicating ongoing exploitation for fraudulent purposes. Its SSL certificate, issued by Let's Encrypt, enhances its appearance of legitimacy, while resolution to 91.236.116.172 suggests a hosted infrastructure likely controlled by threat actors. The recent creation date and multiple blocklist inclusions further underscore the urgency for immediate defensive action. Technical indicators associated with this domain include the IP address 91.236.116.172, which has been linked to prior malicious campaigns involving credential harvesting frameworks. The low trust score, reflected in the partial detection rate and active classification under social engineering, signals a domain designed to deceive users into entering sensitive login details. The combination of a freshly registered domain, rapid activation, and partial yet significant detection coverage highlights a sophisticated threat actor leveraging evasion tactics such as free SSL certificates to appear benign. Continuous monitoring of this IP and related domains is essential to prevent lateral movement within compromised networks. To mitigate exposure, SOC teams should immediately block greenwall-monvex.com at the network and DNS levels, and flag 91.236.116.172 in firewall rules. Users must be warned via internal advisories not to interact with the domain or enter credentials. Conduct retrospective analysis of DNS logs for queries to this domain and inspect endpoint logs for signs of credential submission to external sites. Additionally, review SIEM alerts for compromised accounts and reset credentials if any have been entered. Proactive threat hunting is recommended to detect any exfiltration of harvested data to external C2 servers associated with this campaign. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-12-08 21:29:40 - Registrar: NETIM - IP: 91.236.116.172 ## Detection Status - VirusTotal: 15 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/072edbb9-c7e4-4afa-9b74-a9600566d223 - PhishDestroy: https://phishdestroy.io/domain/greenwall-monvex.com/ - LLM endpoint: https://phishdestroy.io/domain/greenwall-monvex.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/greenwall-monvex.com/ Last updated: 2026-03-22