# v1-wf.greenulus.click — SUSPICIOUS

> Domain v1-wf.greenulus.click flagged for Greentree brand phishing. Zero VirusTotal detections. Check the full report now.

## Summary
PhishDestroy identifies v1-wf.greenulus.click as an active brand phishing domain impersonating the legitimate 'Greentree' service.


This domain was flagged by 0 of 95 VirusTotal vendors, registered through united domains AG on August 04, 2024. The site resolves to IP 77.42.67.175 and holds a valid Let's Encrypt SSL certificate, yet exhibits clear indicators of brand impersonation with no current blocklist presence, creating a deceptive appearance of legitimacy.


While under investigation due to emerging threat patterns, concrete risks include credential theft via fake login interfaces and malware distribution through embedded scripts. Users should avoid interaction, report the domain to hosting providers, and verify any communication purporting to be from Greentree through official channels. Organizations are advised to implement DNS-based blocking of this domain due to active deception tactics.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Page title: Greentree

## Domain Intelligence
- Registered: 2024-08-04 17:01:34
- Registrar: united domains AG
- IP: 77.42.67.175

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5b05ac92-fa2d-41ca-846e-0d4f1f0caac7
- PhishDestroy: https://phishdestroy.io/domain/v1-wf.greenulus.click/
- LLM endpoint: https://phishdestroy.io/domain/v1-wf.greenulus.click/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/v1-wf.greenulus.click/
Last updated: 2026-03-24