# moonlistings.xyz — SUSPICIOUS

> PhishDestroy identifies moonlistings.xyz as a crypto listings phishing site with 0/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies moonlistings.xyz as a generic phishing domain designed to steal cryptocurrency through fake investment listings. This fraudulent site mimics legitimate crypto platforms to trick users into depositing funds into attacker-controlled wallets. Visitors may encounter convincing but fake token sale pages or trading interfaces that prompt wallet connections or direct deposits. The domain was registered on March 23, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED, and currently shows no detections on VirusTotal despite its active phishing campaign.  This domain poses an immediate threat to cryptocurrency investors due to its deceptive tactics and recent creation date. VirusTotal scanning reveals 0 detections out of 95 engines, indicating it has evaded widespread recognition as a phishing site. The domain resolves to IP address 172.67.206.32 and holds a valid Let's Encrypt SSL certificate, which attackers often use to appear legitimate. These technical details suggest the operators are actively maintaining operational security while targeting unsuspecting victims.  If you visited moonlistings.xyz, immediately disconnect from the site and revoke any wallet connections or permissions granted through your browser or wallet extension. Check your transaction history for any unauthorized transfers and consider transferring remaining funds to a new wallet. Report the domain to your antivirus provider and file a complaint with relevant authorities such as the FBI Internet Crime Complaint Center (IC3) or your local cybercrime unit. Always verify crypto platforms through official channels before engaging with any investment opportunities.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-23 20:31:54
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.206.32

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b4fefaf6-9816-451a-b19b-0c17a49fe0b2
- PhishDestroy: https://phishdestroy.io/domain/moonlistings.xyz/
- LLM endpoint: https://phishdestroy.io/domain/moonlistings.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/moonlistings.xyz/
Last updated: 2026-03-25