# invoice-crypomus.com — MALICIOUS

> invoice-crypomus.com is flagged as a medium-risk phishing site. Avoid sharing personal or payment info on this domain as it is currently offline.

## Summary
PhishDestroy identifies invoice-crypomus.com as a medium-risk generic phishing domain. This site posed a threat primarily by mimicking legitimate payment services to steal sensitive user information.

Supporting evidence includes detection by 8 out of 95 security vendors on VirusTotal, a zero trust score from Gridinsoft, and its presence on one security blocklist. The domain was created recently on March 4, 2026, registered through NiceNIC International Group Co., Limited, and resolved to IP address 188.114.96.3. The page title 'Cryptomus Payment' suggests it was designed to imitate a cryptocurrency payment gateway.

Currently, invoice-crypomus.com is taken offline, reducing immediate risk. Users are advised to remain cautious of similar domains and avoid submitting any credentials or payment data on suspicious sites. Continuous monitoring and blocking remain essential to prevent renewed phishing attempts from this or related domains.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Page title: Cryptomus Payment

## Domain Intelligence
- Registered: 2026-03-04 17:07:02
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 188.114.96.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: audrey.ns.cloudflare.com lloyd.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 8 vendors flagged
  Vendors: ["alphaMountain.ai", "CyRadar", "Ermes", "Fortinet", "G-Data", "Gridinsoft", "SOCRadar", "Sophos"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cba30-0650-738f-8874-626f1fae429d.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/invoice-crypomus.com
- PhishDestroy: https://phishdestroy.io/domain/invoice-crypomus.com/
- LLM endpoint: https://phishdestroy.io/domain/invoice-crypomus.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/invoice-crypomus.com/
Last updated: 2026-03-19