# moonshot-list.top — SUSPICIOUS > moonshot-list.top identified as brand impersonation scam targeting Moonshot, flagged by 0 of 95 VirusTotal vendors. Avoid this domain immediately. ## Summary PhishDestroy identifies moonshot-list.top as an active brand impersonation scam targeting Moonshot (crypto drainer). The domain is currently under investigation but remains accessible and operational. This threat leverages the Moonshot brand to deceive users into connecting wallets or submitting sensitive credentials, enabling cryptocurrency theft or credential harvesting. The threat actor’s methodology includes mimicking legitimate services associated with Moonshot to establish trust and facilitate malicious activities. Given the domain’s recent registration and lack of detections, users are urged to exercise extreme caution when encountering this domain. This domain was flagged by 0 of 95 VirusTotal vendors at the time of analysis, indicating a low detection rate despite active malicious activities. The domain was registered on March 31, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known for hosting a significant volume of malicious domains. The IP address 104.21.14.110 resolves to this domain and is associated with prior malicious campaigns, including crypto drainers and credential theft operations. The domain holds no trust scores and has not been listed on major threat intelligence blocklists, though its recent creation and low detection rate suggest it is a newly deployed threat. The SSL certificate issued by Let’s Encrypt adds a veneer of legitimacy, which threat actors frequently exploit to bypass user skepticism. The current status of moonshot-list.top remains active, with no immediate signs of takedown. Threat analysts should monitor this domain for changes in infrastructure or behavior, including shifts in IP addresses, SSL certificates, or domain registrant details. For users, the recommended actions include avoiding interaction with this domain entirely, blocking the IP address 104.21.14.110 at the network level, and reporting any encountered instances to threat intelligence platforms or relevant authorities. Organizations are advised to update internal blocklists and educate employees or users about the risks of brand impersonation scams, particularly those targeting cryptocurrency or financial services. Proactive threat hunting for similar domains using the registrar NICENIC INTERNATIONAL GROUP CO., LIMITED or the IP address may reveal additional malicious infrastructure linked to this campaign. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Moonshot ## Domain Intelligence - Registered: 2026-03-31 22:48:11 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 104.21.14.110 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/moonshot-list.top - PhishDestroy: https://phishdestroy.io/domain/moonshot-list.top/ - LLM endpoint: https://phishdestroy.io/domain/moonshot-list.top/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/moonshot-list.top/ Last updated: 2026-04-02