# moltenevent.net — SUSPICIOUS

> moltenevent.net is a fake event ticket drainer caught stealing crypto from unsuspecting users. Scan the full report to verify safety.

## Summary
This domain, moltenevent.net, has been confirmed as a fake event ticket drainer actively targeting victims through phishing campaigns. Analysis indicates that the infrastructure is designed to mimic legitimate event ticketing services to trick users into connecting wallets and approving malicious token transfers. No specific brand or drainer kit has been directly linked to the domain yet, but its behavior aligns with common crypto drainer toolkits seen in recent campaigns. The domain’s infrastructure and operational patterns suggest a focus on event-related fraud, likely leveraging urgency and scarcity tactics to pressure victims into action. Further investigation is ongoing to identify additional infrastructure and potential affiliations with known threat actors.


Technical indicators confirm the domain’s malicious nature. VirusTotal currently shows 0 out of 95 detections, indicating the domain remains undetected by most antivirus engines. The domain was registered through PDR Ltd. d/b/a PublicDomainRegistry.com and resolves to IP address 104.21.90.188. It was created on March 14, 2026, and has already appeared on one security blocklist. Notably, ScamSniffer has blocked this domain, and it holds a valid SSL certificate issued by Let's Encrypt, which may be used to enhance its credibility with potential victims. The combination of recent creation, low detection rates, and active blocking by reputable tools highlights the stealth and emerging nature of this threat.


The current status of moltenevent.net is classified as active, with a risk level currently under investigation. Response actions include blocking by ScamSniffer and inclusion on at least one blocklist, though broader detection remains limited based on VirusTotal’s 0/95 score. Remaining risk is assessed as moderate due to the domain’s active status, valid SSL certificate, and low antivirus detection—factors that could allow the threat to persist undetected for some time. Users are strongly advised to avoid interacting with moltenevent.net and similar domains, verify all event ticket purchases through official channels, and report any suspicious activities to relevant security teams. Organizations should consider proactive blocking of this domain and associated IP address (104.21.90.188) to prevent potential compromise of their networks or employees.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-14 06:05:24
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 104.21.90.188

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["ScamSniffer"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4561224e-9bf6-4d58-94e4-e2fc3d63ee86
- PhishDestroy: https://phishdestroy.io/domain/moltenevent.net/
- LLM endpoint: https://phishdestroy.io/domain/moltenevent.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/moltenevent.net/
Last updated: 2026-03-29