# mooncake.life — SUSPICIOUS > mooncake.life is a newly registered scam domain hosting a fake giveaway impersonating a major brand. VirusTotal shows 0/95 detections despite active hosting on. ## Summary PhishDestroy identifies mooncake.life as an active malicious domain propagating a fraudulent giveaway scam, likely impersonating a well-known brand to deceive users into surrendering sensitive information or funds. The threat actor leverages urgency and perceived legitimacy to trick victims into clicking malicious links or downloading compromised attachments. This domain was flagged under investigation as part of a broader trend of newly registered domains weaponized within 48 hours of creation to evade detection by legacy security tools. mooncake.life presents a clear and immediate risk due to its recent creation on October 02, 2025, only days ago, and its registration through GoDaddy.com, LLC. Hosting infrastructure analysis reveals resolution to IP address 216.24.57.1, while VirusTotal community scans currently show zero detections out of 95 engines. This unusually low detection rate suggests the domain is either brand-new to threat feeds or employs evasion techniques to bypass traditional antivirus signatures. Despite the absence of detections, the domain’s behavior and metadata strongly correlate with active phishing campaigns targeting unsuspecting users. Historical tracking indicates this domain has not yet been flagged on major threat intelligence blocklists, further increasing its potential reach and dwell time. Users who have visited mooncake.life should immediately cease any interaction and avoid entering credentials, personal data, or payment information. If any data was entered, change passwords immediately and monitor financial accounts for unauthorized activity. The domain’s SSL certificate, issued by Google Trust Services, does not indicate legitimacy—SSL certificates are trivial for threat actors to obtain and should never be used as a trust indicator. Block the domain at the network level using 216.24.57.1 and mooncake.life in DNS filtering policies. Report the domain to your security team and consider submitting indicators to threat intelligence platforms to enhance collective defense. This domain remains active and should be treated as hostile until further analysis confirms otherwise. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-10-02 03:56:20 - Registrar: GoDaddy.com, LLC - IP: 216.24.57.1 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/bf3a58aa-fa11-4758-a42f-971e80d3f364 - PhishDestroy: https://phishdestroy.io/domain/mooncake.life/ - LLM endpoint: https://phishdestroy.io/domain/mooncake.life/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/mooncake.life/ Last updated: 2026-03-29