moonpay-commerce-3l3h0x6ae-heliofi.vercel.app
Category: Phishing
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.
Description of moonpay-commerce-3l3h0x6ae-heliofi.vercel.app
This URL appears to present itself as a MoonPay Commerce login or onboarding page related to cryptocurrency payments. The page title and meta description describe a service for accepting crypto payments, pay links, checkout widgets, subscriptions, and instant deposits, and the screenshot shows a minimalist sign-in interface asking for an email address or wallet connection.
Based on the domain structure, however, this is not hosted on MoonPay's primary domain. Instead, it is a subdomain under vercel.app with a generated-looking hostname that includes the MoonPay name and a reference to heliofi. The page also loads assets from hel.io and references commerce.moonpay.com, which suggests it may be attempting to imitate or proxy branding associated with crypto payment services rather than operating as a clearly official standalone MoonPay property.
The site appears to be operated through Vercel-hosted infrastructure rather than an obvious first-party corporate domain. In practical terms, it looks like a web app or landing page intended to capture sign-ins for a crypto-commerce workflow, but the branding and hosting context raise questions about whether it is an authorized deployment.
Safety Assessment for moonpay-commerce-3l3h0x6ae-heliofi.vercel.app
Scan results indicate elevated risk at the time of this scan. The URL was flagged by 18 out of 91 security engines, with multiple detections classifying it as phishing or malicious, and it was also listed by a major threat database for social-engineering activity. Those are strong indicators compared with a single low-confidence heuristic, especially because the page is requesting user input and presents itself as a branded crypto-payment login experience.
The domain name and page presentation may also increase the likelihood of confusion for visitors. It uses the MoonPay brand inside a long vercel.app subdomain rather than a clearly official MoonPay-owned domain, while visually presenting a sign-in page for "MoonPay Commerce." That kind of branding mismatch can be consistent with credential-harvesting or wallet-targeting campaigns. Although one malware scan reported the page itself as clean and a referenced domain was only marked with a generic heuristic, those signals are outweighed here by the broader multi-engine phishing consensus.
There is also a DNS-based mail-reputation blocklist listing on the server IP, but that is a weaker signal than the phishing detections and should be treated as secondary context. Based on these findings, this website may pose potential risks to visitors.
Technical Description
The site is hosted on Vercel infrastructure and resolves to IP address 64.29.17.67 in the United States. It uses a valid TLS certificate issued by Google Trust Services, expiring in September 2026. The page appears to be built with a modern JavaScript framework, likely Next.js, based on the referenced _next/static assets. DNSSEC is unsigned.
From a security-review perspective, the main concern is not the TLS setup but the application and branding context: a crypto-related login page hosted on a third-party app platform subdomain rather than an obvious first-party corporate domain, combined with strong phishing detections from multiple security engines and a social-engineering listing in threat databases at the time of this scan.
Share your experience with this website. Was it safe? Did you encounter any issues?