# capitolbet-resmierisim.vip — SUSPICIOUS

> capitolbet-resmierisim.vip: active crypto drainer phishing campaign; Let's Encrypt SSL, 0/95 VirusTotal detections. Block immediately.

## Summary
PhishDestroy identifies capitolbet-resmierisim.vip as an active crypto drainer phishing domain mimicking CapitolBet to siphon cryptocurrency via fraudulent deposit addresses. The domain employs a generic drainer kit designed to replace legitimate wallet addresses with attacker-controlled ones during transaction initiation. No explicit brand impersonation assets (e.g., fake logos or spoofed UI) were observed in initial scans, suggesting a lightweight but high-risk deployment.  This domain resolves to IP 104.21.9.58 and is registered through DYNADOT LLC. It holds a valid SSL certificate issued by Let's Encrypt as of investigation time. Domain creation date is March 21, 2026, indicating a very recent registration. VirusTotal currently reports 0 detections out of 95 engines, and the domain remains unflagged in Google Safe Browsing (GSB) and common threat intelligence blocklists. The absence of detections suggests early-stage deployment or evasive configuration.  As of this report, the campaign is active and operational. Immediate blocklisting of the domain and associated IP is recommended due to high risk of cryptocurrency theft. Users interacting with capitolbet-resmierisim.vip should assume compromise and avoid further engagement. Remaining risk is assessed as high; continued monitoring is advised as detection signatures may emerge post-publication.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-21 18:39:15
- Registrar: DYNADOT LLC
- IP: 104.21.9.58

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/80c4d085-d01b-4c50-bfb7-1e4956532985
- PhishDestroy: https://phishdestroy.io/domain/capitolbet-resmierisim.vip/
- LLM endpoint: https://phishdestroy.io/domain/capitolbet-resmierisim.vip/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/capitolbet-resmierisim.vip/
Last updated: 2026-03-22