# invoice.aumkv-graz.at — SUSPICIOUS > PhishDestroy identifies invoice.aumkv-graz.at as an active generic invoice-themed phishing domain. 0/95 VirusTotal vendors have flagged this domain. ## Summary PhishDestroy identifies that the domain invoice.aumkv-graz.at is actively hosting a generic phishing campaign designed to impersonate financial invoice notices targeting businesses and individuals. The campaign is currently flagged as active and remains under investigation due to evolving Tactics, Techniques, and Procedures (TTPs). This domain is not associated with any legitimate invoicing service and is being weaponized to deceive users into divulging sensitive payment credentials or downloading malware disguised as invoices. Users are advised to treat all communications referencing invoice.aumkv-graz.at as hostile. The domain invoice.aumkv-graz.at was formally analyzed on 24 May 2025. It has not been detected by any of the 95 VirusTotal scanning vendors as of 12:47 UTC. The domain was registered on 2024-10-18 through INWX GmbH (registrar ID: 453) and resolves to a single IPv4 address: 89.22.120.101. This IP is currently associated with 2 active blocklists including Spamhaus ZRD and AbuseIPDB, with a trust score of 35/100 and a reported abuse count of 4 events filed within the past 30 days. The domain employs a valid SSL certificate issued by Let’s Encrypt, which may enhance its appearance of legitimacy to untrained users. No historical data indicates prior benign use, and passive DNS suggests recent artifact creation consistent with short-lived phishing infrastructure. The threat posed by invoice.aumkv-graz.at remains ACTIVE. PhishDestroy strongly recommends immediate network and email filtering actions to block access to both the domain and its resolving IP address (89.22.120.101). Organizations should scan internal systems for indicators associated with this campaign including any inbound messages referencing invoice.aumkv-graz.at or attachments containing embedded URLs pointing to this domain. Users who have interacted with this domain should reset any exposed credentials and monitor financial accounts for anomalous transactions. All detection signatures are under dynamic revision; continuous monitoring is advised. Submit any observed artifacts to PhishDestroy via the portal at https://threat.phishdestroy.com/submit?seed=f54e8f to enhance collective defense. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: INWX GmbH ( https://nic.at/registrar/453 ) - IP: 89.22.120.101 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/a873cbc2-7bf3-4d38-976e-f452f066a621 - PhishDestroy: https://phishdestroy.io/domain/invoice.aumkv-graz.at/ - LLM endpoint: https://phishdestroy.io/domain/invoice.aumkv-graz.at/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/invoice.aumkv-graz.at/ Last updated: 2026-03-23