# mandiris.mnfin365.top — SUSPICIOUS > Domain mandiris.mnfin365.top is a credential theft phishing host with 0/95 VirusTotal detections. Block it now to protect accounts. ## Summary PhishDestroy identifies an active credential theft campaign hosted on the domain mandiris.mnfin365.top, which was registered through NameSilo, LLC on March 26, 2026. This domain resolves to IP 112.213.124.3 and operates under an SSL certificate issued by Let's Encrypt, creating a false sense of legitimacy for unsuspecting users. The domain remains undetected by 95 security vendors on VirusTotal, allowing threat actors to evade immediate detection while harvesting login credentials under the guise of a legitimate service. This domain was flagged as a generic phishing host with a status of active and a seed identifier of dfcddc. The technical indicators include a recent domain creation date three days prior to the investigation, utilization of a free SSL certificate to mimic trusted sites, and hosting on a dedicated IP address with no prior association to known legitimate services. Despite zero detections on VirusTotal, the domain’s structure and rapid deployment suggest it is part of a broader credential theft operation targeting users who may mistake it for a financial or login portal. The absence of blocklist entries indicates this domain is newly weaponized and spreading rapidly across unsuspecting networks. Users who visited mandiris.mnfin365.top should immediately audit their accounts for unauthorized access, reset passwords using a verified and secure method, and scan devices with updated antivirus software. Enable multi-factor authentication on all critical accounts to mitigate the risk of credential theft. Report the domain to your security team or use trusted threat intelligence platforms to help block this host before it spreads further. Monitor financial accounts for suspicious transactions if credentials were entered on this site. Act now to prevent prolonged exposure and potential data loss. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-26 20:08:24 - Registrar: NameSilo, LLC - IP: 112.213.124.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/f59bf6fb-6c71-4cf3-8261-bd6934080457 - PhishDestroy: https://phishdestroy.io/domain/mandiris.mnfin365.top/ - LLM endpoint: https://phishdestroy.io/domain/mandiris.mnfin365.top/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/mandiris.mnfin365.top/ Last updated: 2026-03-27