# vote-moonshots.app — MALICIOUS

> vote-moonshots.app engaged in high-risk phishing activity. Domain now offline. Stay vigilant and avoid suspicious links to protect your data.

## Summary
PhishDestroy identifies vote-moonshots.app as a high-risk phishing domain designed to deceive users into divulging sensitive information. This domain targeted unsuspecting victims with malicious intent, posing significant security threats to personal and financial data.

The domain was registered on February 21, 2026, and was promptly flagged by 11 out of 95 security vendors on VirusTotal, indicating widespread detection of suspicious activity. It currently appears on one security blocklist, underlining its malicious reputation. Technical analysis revealed typical phishing infrastructure patterns aimed at tricking users into credential theft.

As of now, vote-moonshots.app has been taken offline, mitigating immediate risks. However, users and organizations should remain cautious of any residual phishing attempts or lookalike domains. It is recommended to maintain updated threat intelligence feeds, educate users about phishing indicators, and implement robust email and web filtering to prevent future exposure.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 104.21.22.80
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["dean.ns.cloudflare.com", "priscilla.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 11 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "CRDF", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "Gridinsoft", "Lionic", "Seclookup", "SOCRadar", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c2142-bae3-74b8-a4fb-0093dab9c8f8.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/8cad5090-31e9-4124-b462-ac4c244a4eaa
- PhishDestroy: https://phishdestroy.io/domain/vote-moonshots.app/
- LLM endpoint: https://phishdestroy.io/domain/vote-moonshots.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/vote-moonshots.app/
Last updated: 2026-03-19