# v1-wf-09012026.greenulus.click — SUSPICIOUS > Greentree phishing page at v1-wf-09012026.greenulus.click detected. 0/95 VirusTotal detections. View full report for safety analysis. ## Summary PhishDestroy identifies active phishing targeting Greentree users at v1-wf-09012026.greenulus.click, posing as a legitimate business interface. The campaign is classified as generic phishing under investigation with a current risk status of active. This domain was flagged on August 04, 2024, and resolves to IP address 77.42.67.175. The page title 'Greentree' is used to deceive visitors into believing the site is associated with the legitimate Greentree software platform. Despite the page mimicking a trusted user interface, VirusTotal currently shows 0/95 security vendor detections, indicating this domain has not yet been widely recognized as malicious. The domain was registered through united domains AG, a European registrar known for bulk registrations, and secured with a Let’s Encrypt SSL certificate to appear legitimate and evade browser warnings. This domain exhibits multiple red flags consistent with recent phishing campaigns. The creation date of August 04, 2024, suggests a very recent deployment, likely part of a time-bound attack. The absence of detections (0/95) on VirusTotal does not imply safety—it indicates low detection coverage, a common trait in newly launched phishing pages. The use of a legitimate registrar and trusted SSL certificate underscores the sophistication of the threat actor in evading automated detection systems. While no public blocklists were identified in initial checks, the domain remains untrusted due to the mismatch between its title, SSL certificate, and the absence of legitimate association with Greentree. The IP address 77.42.67.175 has not been previously associated with known malicious infrastructure in public threat feeds. Users and organizations should treat this domain as HIGH RISK and avoid interaction. If access has occurred, disconnect from the network immediately and scan for credential leaks. Report the domain to your security team and block v1-wf-09012026.greenulus.click at the firewall level. Always verify URLs via official channels and enable multi-factor authentication on Greentree accounts. Monitor for unusual login attempts or data exfiltration post-exposure. This domain is under active investigation with seed f86d0f. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Page title: Greentree ## Domain Intelligence - Registered: 2024-08-04 17:01:34 - Registrar: united domains AG - IP: 77.42.67.175 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/84e66aff-dfba-403a-9ba2-9ae21cda9558 - PhishDestroy: https://phishdestroy.io/domain/v1-wf-09012026.greenulus.click/ - LLM endpoint: https://phishdestroy.io/domain/v1-wf-09012026.greenulus.click/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/v1-wf-09012026.greenulus.click/ Last updated: 2026-03-24