# ngaymoiroius.netlify.app — MALICIOUS

> PhishDestroy flags nguyenmoiroius.netlify.app as a crypto-draining phishing site mimicking a major wallet; 12/95 scanners already flag it.

## Summary
PhishDestroy identifies nguyenmoiroius.netlify.app as an active crypto-draining phishing page that lures victims into connecting wallets and silently drains assets. The domain does not impersonate a specific brand but relies on generic “moon/rocket” theming to suggest crypto gains. No publicly documented drainer kit hash is associated with this sample yet; the payload appears to be a live, in-browser JavaScript wallet drainer hosted on Netlify’s static site platform.  

This domain resolves to IP 35.157.26.135 and was registered through Netlify’s platform. VirusTotal shows 12 out of 95 participating security vendors have already flagged the URL as malicious. The domain carries a valid DigiCert SSL certificate, complicating naive browser warnings. It appears on one public blocklist (OpenPhish) and is currently unlisted by Google Safe Browsing. Creation date and registrar details are obscured by Netlify’s proxy registration, limiting historical context.  

As of today the domain remains active and serves the crypto-draining payload. Netlify has not yet suspended the site despite multiple vendor detections. Users should avoid visiting nguyenmoiroius.netlify.app and verify any similar links using PhishDestroy before interacting. Remaining risk is elevated because the domain uses a legitimate hosting provider and HTTPS, which lowers user suspicion. Blocking the IP 35.157.26.135 at the network level is recommended where feasible.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Netlify
- IP: 35.157.26.135

## Detection Status
- VirusTotal: 12 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["OpenPhish"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/ngaymoiroius.netlify.app
- PhishDestroy: https://phishdestroy.io/domain/ngaymoiroius.netlify.app/
- LLM endpoint: https://phishdestroy.io/domain/ngaymoiroius.netlify.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ngaymoiroius.netlify.app/
Last updated: 2026-04-10