moonpay-commerce-r1qbys462-heliofi.vercel.app
Category: Phishing
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.
Description of moonpay-commerce-r1qbys462-heliofi.vercel.app
This URL appears to present itself as a MoonPay Commerce login or onboarding page related to cryptocurrency payments. The page title and visible branding reference "MoonPay Commerce," and the content suggests a service for accepting crypto payments, with options such as entering an email address or signing in with a wallet. The page also references assets associated with hel.io and includes links to commerce.moonpay.com, indicating that it is attempting to resemble a crypto-commerce or payment workflow.
However, the scanned address is hosted on a vercel.app subdomain rather than on MoonPay's primary domain. That structure may indicate a temporary deployment, preview environment, or a page designed to imitate a legitimate crypto-payment brand. Based on the domain name, page metadata, and screenshot, this appears to be a cryptocurrency-related web page focused on merchant payments or account access rather than a general informational site.
Safety Assessment for moonpay-commerce-r1qbys462-heliofi.vercel.app
Multiple security signals raise concern about this page at the time of the scan. It was flagged by 16 out of 91 security engines, with many of those detections classifying it as phishing or otherwise malicious. The page also uses branding associated with MoonPay while operating from a third-party hosting subdomain, which may indicate an attempt to resemble a legitimate service in a way that could confuse visitors.
Blacklist and threat-database results were mixed. Major content-malice databases shown in the scan did not report the URL at the time of checking, but the domain's IP address was listed on one mail-reputation blocklist, which is a weaker signal and does not by itself prove harmful website content. The malware scan did not find flagged files on the page itself, although one referenced domain was marked with a generic suspicious heuristic; that specific heuristic is lower-confidence than the broader multi-engine phishing consensus.
Taken together, the strongest indicators here are the substantial multi-engine phishing detections, the very low trust score provided in the scan context, the lack of established traffic ranking, and the use of brand-like crypto-payment presentation on a hosted subdomain. Based on these findings, this website may pose potential risks to visitors.
Technical Description
The site is hosted on Vercel infrastructure and resolves to an IP address in the United States. It uses a valid SSL/TLS certificate issued by a mainstream certificate authority, which means the connection appears encrypted in transit; however, HTTPS alone does not verify that the operator or page intent is trustworthy. The web stack appears to be a modern JavaScript application with Next.js-style static assets served from the same vercel.app deployment.
DNSSEC is unsigned, so DNS responses do not appear to have DNSSEC validation protection. The domain age shown in the scan is several years, but because this is a subdomain deployment on a hosting platform, the age of the parent registration does not necessarily reflect how long this specific page has been active. From a security perspective, the main concern is not TLS configuration but the apparent mismatch between the branded content and the hosted subdomain environment, alongside the phishing detections reported by multiple security engines.
Share your experience with this website. Was it safe? Did you encounter any issues?