# proposal-moonwell.fi — SUSPICIOUS

> proposal-moonwell.fi hosts a crypto-drainer mimicking Moonwell protocol. Flagged by 0 of 95 VirusTotal vendors—act now to avoid asset loss. Do not engage.

## Summary
PhishDestroy identifies the domain proposal-moonwell.fi as an active brand-impersonation phishing page targeting users of the Moonwell decentralized finance protocol.

Security telemetry shows this domain—registered on March 18, 2026 through Key-Systems GmbH—resolves to IP 188.114.96.3 and carries a Let’s Encrypt certificate. As of the latest analysis, 0 of 95 VirusTotal vendors have flagged the URL; cryptocurrency-drainer fingerprints remain undetected on public blocklists, with no historical trust scores from Cisco Talos or OpenPhish.

Until further IOC expansion, PhishDestroy currently rates this campaign as under-investigation; risk may escalate to high once drainer payloads are confirmed. Users are advised to block both the domain and IP at network and browser levels, refrain from clicking any wallet-connect prompts, and verify all protocol URLs via their official Moonwell channels before any transaction approvals.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-18 00:00:00
- Registrar: Key-Systems GmbH
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/cecd75c9-a3bb-4766-86d8-10267937179a
- PhishDestroy: https://phishdestroy.io/domain/proposal-moonwell.fi/
- LLM endpoint: https://phishdestroy.io/domain/proposal-moonwell.fi/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/proposal-moonwell.fi/
Last updated: 2026-03-23