# quest-moonshot.cyou — SUSPICIOUS

> quest-moonshot.cyou hosted a phishing page mimicking voting services. Medium risk; users should avoid interaction and report suspicious sites.

## Summary
PhishDestroy identifies quest-moonshot.cyou as a generic phishing domain designed to deceive users through a fake voting interface titled "Vote to List — Powered by Moonshot." This domain was created recently on March 05, 2026, and classified as medium risk due to its presence on multiple security blocklists and partial detection by antivirus engines. The domain aimed to trick victims into submitting sensitive information under the guise of a legitimate voting service.

Technically, quest-moonshot.cyou resolved to the IP address 172.67.173.139 and was registered via NameSilo, LLC. VirusTotal analysis flagged the domain by 4 out of 95 security vendors, reflecting moderate but credible suspicion. Its inclusion on four independent blocklists further corroborates its malicious use. The domain infrastructure leveraged a .cyou top-level domain, which is occasionally favored by threat actors for its low cost and less stringent registration requirements.

Currently, the domain is offline and no longer resolves, indicating a takedown or abandonment likely due to detection and reporting. Users are advised to remain vigilant against similar phishing attempts and avoid interacting with suspicious voting or listing websites. PhishDestroy recommends reporting any related phishing messages and maintaining updated security measures to mitigate risks from such evolving threats.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 0)
- Page title: Vote to List — Powered by Moonshot

## Domain Intelligence
- Registered: 2026-03-05 03:07:01
- Registrar: NameSilo, LLC
- Country: US
- IP: 172.67.173.139
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ganz.ns.cloudflare.com megan.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 4 vendors flagged
  Vendors: ["alphaMountain.ai", "Gridinsoft", "Kaspersky", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 4 hits
  Lists: ["PhishDestroy", "MetaMask", "ScamSniffer", "SEAL"]

## Evidence
- Screenshot: https://i.ibb.co/1GCfk0G8/9479b6ee101c.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/quest-moonshot.cyou
- PhishDestroy: https://phishdestroy.io/domain/quest-moonshot.cyou/
- LLM endpoint: https://phishdestroy.io/domain/quest-moonshot.cyou/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/quest-moonshot.cyou/
Last updated: 2026-03-19