moonpay-commerce-nh8cagtat-heliofi.vercel.app
Category: Phishing
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.
Description of moonpay-commerce-nh8cagtat-heliofi.vercel.app
This website appears to present itself as a cryptocurrency payments and commerce portal branded as “MoonPay Commerce.” Based on the page title, meta description, and visible interface, it claims to help merchants accept crypto payments through pay links, checkout widgets, subscriptions, and related e-commerce tools. The page includes an email entry field, a wallet sign-in option, and links to documentation and social platforms, which suggests it is designed to collect user credentials or initiate account access flows.
However, the scanned domain is a subdomain hosted on vercel.app rather than an obvious primary corporate domain for MoonPay. The page also references branding assets associated with MoonPay and Helio, which may indicate an attempt to imitate a legitimate financial-services or crypto-commerce brand. Based on the available data and the domain structure, this page appears to be a branded landing page that may be intended to resemble an authentic crypto payment service login or onboarding portal.
Safety Assessment for moonpay-commerce-nh8cagtat-heliofi.vercel.app
Multiple independent security signals indicate elevated risk at the time of this scan. The domain was flagged by 20 out of 91 security engines, and several web-classification providers categorized it as phishing or fraud-related. In addition, a major threat database listed the URL for social-engineering activity, which is a strong content-risk indicator. The domain’s IP address is also listed on one mail-reputation blocklist; that signal is weaker than phishing detections, but it adds a small amount of additional caution.
The page visually imitates a cryptocurrency commerce login or onboarding experience and uses branding associated with a well-known payment company, while being hosted on a third-party subdomain rather than a clearly official primary domain. That combination can be consistent with credential-harvesting or brand-impersonation campaigns, especially when paired with broad multi-engine phishing detections. Although the malware file scan did not detect malicious files at the time of analysis, phishing pages often rely on deceptive content rather than downloadable malware.
Based on these findings, this website may pose potential risks to visitors.
Technical Description
The site is hosted on Vercel infrastructure and resolves to IP address 64.29.17.195 in the United States. It uses a valid TLS certificate issued by a mainstream certificate authority, with expiry shown as 2026-09-26. DNS is delegated to Vercel nameservers, and DNSSEC appears to be unsigned. The page loads as a modern JavaScript application with Next.js-style static asset paths and references external assets from hel.io, along with links to commerce.moonpay.com and other third-party domains.
From a technical standpoint, the presence of HTTPS only indicates encrypted transport and should not be treated as proof of legitimacy. The main concern here is not server misconfiguration but the apparent mismatch between the branded financial-service presentation and the hosted subdomain environment, combined with strong phishing-related detections from multiple security sources at the time of this scan.
Share your experience with this website. Was it safe? Did you encounter any issues?