# moonshot-voter.app — MALICIOUS

> moonshot-voter.app is a dangerous phishing site pretending to collect votes. Avoid it now and protect your personal data from theft.

## Summary
PhishDestroy identifies moonshot-voter.app as a high-risk phishing domain that was designed to trick users into submitting sensitive information under the guise of a voting platform. This site poses a significant danger by attempting to capture personal data, potentially leading to identity theft or unauthorized access to accounts.

This phishing attack works by mimicking a legitimate voting interface titled "Vote to List — Powered by Moonshot," enticing victims to engage and input confidential data. The domain was registered in early 2026 and, despite being taken offline, had been flagged by multiple security blocklists and 14 antivirus vendors on VirusTotal. The IP address associated with this domain is 104.21.68.223, and it was registered through NiceNIC International Group, which has been linked to fraudulent registrations in the past.

If you have visited moonshot-voter.app, it is critical to immediately change any passwords you may have entered and monitor your accounts for suspicious activity. Avoid clicking any links or providing information on similar phishing sites. Use reliable security software to scan your device and consider reporting the incident to your local cybersecurity authority or the platform where you encountered the domain. Staying vigilant can prevent further harm from attacks leveraging deceptive domains like this.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Vote to List — Powered by Moonshot

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 104.21.68.223
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["dean.ns.cloudflare.com", "priscilla.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "Ermes", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Lionic", "Seclookup", "SOCRadar", "Sophos"]
- Google Safe Browsing: clean
- Blocklists: 4 hits
  Lists: ["PhishDestroy", "MetaMask", "ScamSniffer", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bd8d0-53ff-703d-95ca-886df52424df.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/8491bff4-9bd9-4a2e-9ece-3e6868e585e1
- PhishDestroy: https://phishdestroy.io/domain/moonshot-voter.app/
- LLM endpoint: https://phishdestroy.io/domain/moonshot-voter.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/moonshot-voter.app/
Last updated: 2026-03-19