# dappconnections-auth.web.app — SUSPICIOUS > PhishDestroy identifies dappconnections-auth.web.app as a crypto drainer impersonating DApp services. VirusTotal shows 0/95 detections so far. ## Summary PhishDestroy flags dappconnections-auth.web.app as an active crypto drainer domain currently under investigation. The infrastructure leverages Google’s Firebase hosting (199.36.158.100) and a Google Trust Services certificate, creating a veneer of legitimacy that may deceive users. This domain specifically targets users of decentralized applications by mimicking authentication endpoints, a tactic commonly used to siphon crypto assets via malicious signature requests or wallet drainers. The absence of VirusTotal detections (0/95) does not indicate safety; rather, it highlights the need for proactive blocking, as adversaries frequently rotate infrastructure to evade signature-based detection. Given the domain’s active status and the high-risk nature of crypto drainer operations, immediate containment is warranted to prevent further victimization. Technical indicators reveal that dappconnections-auth.web.app was registered through Google LLC and resolves to IP 199.36.158.100, which hosts multiple suspicious Firebase applications. The SSL certificate issued by Google Trust Services lends superficial credibility, a tactic frequently exploited in brand impersonation campaigns. VirusTotal currently shows 0/95 detections across antivirus engines, underscoring the inefficacy of reactive detection against novel or obfuscated threats. The domain’s structure—specifically the use of “dappconnections-auth” in the subdomain—suggests an attempt to masquerade as a legitimate DApp authentication portal, a common lure for users signing blockchain transactions. While no blocklist entries have been recorded yet, the lack of historical detection suggests this domain may be newly deployed or recently migrated. To mitigate exposure to this crypto drainer, organizations should immediately block dappconnections-auth.web.app at the DNS and firewall levels. Users interacting with DApps should verify official endpoints through verified sources and avoid clicking unverified links. Security teams are advised to monitor for connections to 199.36.158.100 and inspect outbound traffic for anomalous blockchain-related connections. Additionally, enabling wallet transaction simulation tools and enforcing strict signature request policies can reduce the risk of unauthorized fund transfers. Given the domain’s active status and the absence of detections, proactive threat hunting is strongly recommended to identify lateral movement or related infrastructure. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Google LLC - IP: 199.36.158.100 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/3de9bb43-533e-4e86-a7b8-c868e133fd5a - PhishDestroy: https://phishdestroy.io/domain/dappconnections-auth.web.app/ - LLM endpoint: https://phishdestroy.io/domain/dappconnections-auth.web.app/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/dappconnections-auth.web.app/ Last updated: 2026-03-31