# mtbrewards.click — MALICIOUS > mtbrewards.click is a credential harvesting site flagged by 6/95 VirusTotal vendors and Google Safe Browsing. Check the full report. ## Summary PhishDestroy identifies mtbrewards.click as an active credential harvesting domain designed to trick users into surrendering login credentials under the guise of a rewards program. This site impersonates legitimate loyalty platforms to capture sensitive information, including usernames and passwords, which attackers then leverage for account takeovers or further exploitation. The domain’s infrastructure is deliberately crafted to appear authentic at first glance, exploiting user trust in well-known reward systems to bypass initial suspicion. Users who enter their credentials on this page risk immediate exposure of their accounts to malicious actors, who may pivot to financial fraud, identity theft, or corporate network intrusions. Given the site’s active status and the absence of meaningful safeguards, interaction with this domain poses a tangible threat to personal and organizational security. This domain was flagged by PhishDestroy after rigorous analysis confirmed its malicious intent. The domain mtbrewards.click was registered through Dynadot, LLC on March 31, 2026, a notably recent creation that correlates with the uptick in opportunistic phishing campaigns targeting unsuspecting users. VirusTotal’s security vendors detected the threat with 6 out of 95 engines identifying it as malicious, while Google Safe Browsing’s SOCIAL_ENGINEERING flag further underscores its deceptive nature. The domain resolves to IP address 91.92.21.9 and operates under a Let’s Encrypt SSL certificate, tactics commonly used to lend false legitimacy to fraudulent sites. These technical indicators, combined with the domain’s fleeting registration window, suggest a hastily deployed operation with a high likelihood of further malicious activity. If you or someone in your organization visited mtbrewards.click, immediate action is required to mitigate potential fallout. First, assume your credentials—if entered—have been compromised and reset passwords for all accounts using the same login details immediately. Enable multi-factor authentication (MFA) wherever possible to add a critical layer of protection against unauthorized access. Next, scan your devices for malware or unauthorized access using reputable security software, as attackers may have deployed additional payloads. Finally, report the incident to your IT security team or relevant platform administrators to ensure proper containment and investigation. Proactive monitoring of financial and account activity is strongly advised for at least 30 days following exposure to detect any signs of misuse. This domain is actively monitored, and blocking it at the network level is strongly recommended to prevent further infections. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-31 18:37:15 - Registrar: Dynadot, LLC - IP: 91.92.21.9 ## Detection Status - VirusTotal: 6 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/4e219971-fd2c-46e6-9c48-f98ba43d44a9 - PhishDestroy: https://phishdestroy.io/domain/mtbrewards.click/ - LLM endpoint: https://phishdestroy.io/domain/mtbrewards.click/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/mtbrewards.click/ Last updated: 2026-04-01