# presale-moonbag.pages.dev — MALICIOUS > PhishDestroy identifies presale-moonbag.pages.dev impersonating a fake MoonBag crypto airdrop. Check the full report. ## Summary PhishDestroy identifies active phishing infrastructure at presale-moonbag.pages.dev, impersonating a fake MoonBag cryptocurrency airdrop campaign using a drainer kit. The domain is hosted on Cloudflare Pages and leverages a Google Trust Services SSL certificate to appear legitimate. This campaign specifically targets cryptocurrency users by mimicking a presale event for MoonBag, a known token, to trick victims into connecting wallets and authorizing fraudulent transactions. This domain was flagged with a VirusTotal detection rate of 14/95 security vendors, is registered through Cloudflare, Inc., and resolves to IP 188.114.96.3. The domain appears on 2 security blocklists and is blocked by Enkrypt and ScamSniffer. The SSL certificate is issued by Google Trust Services, indicating an attempt to establish trustworthiness through a reputable issuer. The campaign is currently active and poses an elevated risk to cryptocurrency users. Immediate actions include blocking the domain at network and DNS levels and updating threat intelligence feeds. While current blocklists provide partial coverage, the domain remains accessible and may evade detection through legitimate hosting services. Users are advised to avoid interacting with this domain or any associated links and to verify presale events through official channels only. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 14 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["Enkrypt", "ScamSniffer"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/presale-moonbag.pages.dev - PhishDestroy: https://phishdestroy.io/domain/presale-moonbag.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/presale-moonbag.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/presale-moonbag.pages.dev/ Last updated: 2026-04-08