# moonshot-up.app — MALICIOUS

> Discover the risks behind moonshot-up.app, a phishing domain now offline. Learn how it operated and steps to stay protected.

## Summary
PhishDestroy identifies moonshot-up.app as a phishing domain posing a medium threat level. This site was designed to deceive users by impersonating legitimate services, aiming to steal sensitive information such as login credentials or personal data. Phishing domains like this exploit trust and urgency to trick users into sharing private details, potentially leading to account compromise or identity theft.

The phishing tactic linked to moonshot-up.app typically involves luring victims through emails or messages containing malicious links. Once visited, the domain might show fake login pages or deceptive content that mimics authentic websites to collect user inputs. Despite being created recently on February 21, 2026, this domain appeared in several threat intelligence sources and was listed on multiple security blocklists before being taken offline, indicating active malicious use within a short time frame.

If a user has accessed moonshot-up.app, it is important to immediately review any accounts that may have been entered, change passwords, and enable multi-factor authentication where possible. Running comprehensive malware and antivirus scans is also recommended to detect potential infections. Staying vigilant against suspicious emails and links can help prevent falling victim to similar phishing attempts in the future.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 104.21.94.232
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["dean.ns.cloudflare.com", "priscilla.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 9 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "CRDF", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "Gridinsoft", "Seclookup", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 4 hits
  Lists: ["PhishDestroy", "MetaMask", "ScamSniffer", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c7fa2-4b95-754f-aba2-1b01b295c5ca.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/54727676-f66c-4e1e-8118-32f89f9d7b69
- PhishDestroy: https://phishdestroy.io/domain/moonshot-up.app/
- LLM endpoint: https://phishdestroy.io/domain/moonshot-up.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/moonshot-up.app/
Last updated: 2026-03-19