# moon-shot.icu — MALICIOUS

> moon-shot.icu was a high-risk phishing site targeting crypto holders. Stay alert and avoid suspicious links. Learn more about this threat now.

## Summary
PhishDestroy identifies moon-shot.icu as a high-risk generic phishing domain primarily targeting cryptocurrency users. The domain was designed to deceive victims with a fake 'Vote to Earn SOL | Moonshot' page, likely aiming to harvest credentials or crypto wallet information.

Supporting evidence includes the domain's creation date on March 4, 2026, and its resolution to the IP address 104.21.87.32. The domain was flagged by 10 out of 95 security vendors on VirusTotal and appeared on three distinct security blocklists. It registered through PDR Ltd. d/b/a PublicDomainRegistry.com and holds a Gridinsoft trust score of 0 out of 100, indicating extremely low trustworthiness and high suspicion.

Currently, moon-shot.icu is offline, mitigating immediate risk. Users are advised to remain vigilant against similar phishing attempts, avoid interacting with suspicious crypto-related voting or earning schemes, and keep security software up to date. PhishDestroy continues to monitor domains like moon-shot.icu to protect users from evolving phishing threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Page title: Vote to Earn SOL | Moonshot

## Domain Intelligence
- Registered: 2026-03-04 21:07:01
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- Country: IN
- IP: 104.21.87.32
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: aida.ns.cloudflare.com burt.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 10 vendors flagged
  Vendors: ["CRDF", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "Gridinsoft", "Kaspersky", "SOCRadar", "URLQuery", "alphaMountain.ai"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://i.ibb.co/1fJv9QCG/9872b94affbd.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/moon-shot.icu
- PhishDestroy: https://phishdestroy.io/domain/moon-shot.icu/
- LLM endpoint: https://phishdestroy.io/domain/moon-shot.icu/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/moon-shot.icu/
Last updated: 2026-03-19