# bluewhalellc.shop — SUSPICIOUS

> bluewhalellc.shop is a newly registered domain pushing fake invoices. Check the full report for IOCs and risk details.

## Summary
PhishDestroy identifies bluewhalellc.shop as an active fake invoice phishing domain currently under investigation. This site masquerades as a legitimate vendor to trick users into downloading malicious attachments or entering payment details on spoofed checkout pages.

This domain was flagged with zero detections on VirusTotal (0/95), resolving to IP 107.174.47.231 and registered through NAMECHEAP INC on August 26, 2025. It holds a Let’s Encrypt SSL certificate, suggesting an attempt to appear trustworthy despite its recent creation and lack of historical reputation data. No blocklist entries or trust score improvements have been recorded to date.

Organizations should block bluewhalellc.shop at the firewall and DNS level, warn users about unsolicited invoice emails, and scan endpoints for signs of credential harvesting or malware download attempts. Given the absence of AV coverage and the domain’s fresh registration, this threat remains unmitigated until further IOCs are collected and shared.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-08-26 07:03:29
- Registrar: NAMECHEAP INC
- IP: 107.174.47.231

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ac807e6c-c109-4f51-b50a-c1a9c9a3ccec
- PhishDestroy: https://phishdestroy.io/domain/bluewhalellc.shop/
- LLM endpoint: https://phishdestroy.io/domain/bluewhalellc.shop/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bluewhalellc.shop/
Last updated: 2026-03-30