0/100

low Risk

greenbullet.su

https://greenbullet.su/

104.20.36.48 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

—

HTTP

200 · 19.0s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Portal Home - GreenBullet"

Save

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

GreenBullet

Vendors

29/30

Status

partial

✓ avg✓ brightcloud✓ sophos✓ yandex✓ bitdefender✓ avast✓ polyswarm✓ norton✓ apple✓ emsisoft✓ openphish✓ phishreport✓ apwg✓ netcraft✓ urlscan✓ cisa✓ urlabuse✓ drweb✓ google✓ kaspersky✓ isitphish✓ spamhaus✓ urlquery✓ phishtank✓ microsoft✓ virustotal✗ eset✓ mcafee✓ threatyeti✓ fortiguard

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

GreenBullet

Unknown

technology | hosting | ecommerce · 4/5/2026

Summary

The page presents branding for GreenBullet, including logo assets and a site titled Portal Home - GreenBullet. However, the domain greenbullet.su is not a known or official domain for GreenBullet and is a suspicious, potentially typosquatting/brand-impersonation attempt. Visual assets and page content mimic a professional hosting/product site, but the domain and SSL details raise concern due to recent issuance and CF-backed hosting; no explicit credential harvesting form was observed in the static HTML, but a live chat widget and extensive external asset loading are present. Given the mismatch between domain and branding, this should be investigated for impersonation risk, with monitoring and potential takedown actions if corroborated by additional signals.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸Distinctive asset clues: core.min.js, scripts.min.js, fontawesome-all.min.css, site.css, logo_big_inverse.32781949.png, logo_small_inverse.434239279.png.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: No

Credential Signals

Forms: 1

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 47

Hosts: 4

Domains: 4

Suspicious Endpoints

hxxps://greenbullet[.]su/#

Attack Techniques (1)

Brand impersonation signals (page uses GreenBullet branding on a non-official domain).

Indicators of Compromise (0)

No specific IOCs identified in source

Risk AssessmentUsed in abuse reports

The domain greenbullet.su presents GreenBullet branding, but it is not the canonical domain for GreenBullet and therefore presents impersonation risk. The page loads multiple external resources, a live chat widget, and uses a modern, feature-rich UI that could be used for credential collection if forms are later rendered by JavaScript. The SSL cert appears valid but is issued to the suspicious domain, and the IP is behind Cloudflare, which is common for phishing hosts. Given the branding mismatch and potential for deceptive impersonation, this warrants elevated scrutiny and possible action if corroborated by registrars/hosts.

Recommended Action

Monitor

Cross-Reference9

URL Intelligence