# defimarketcap.de.com — SUSPICIOUS > defimarketcap.de.com is a crypto drainer posing as a legitimate platform. Users should avoid this domain—VirusTotal shows 0/95 detections despite active. ## Summary PhishDestroy identifies defimarketcap.de.com as an active crypto drainer domain posing as a legitimate cryptocurrency platform. This domain is designed to trick users into connecting their wallets, leading to unauthorized token transfers and asset theft. The threat involves malicious JavaScript payloads that intercept wallet connections, approve token spends, and drain funds without user consent. Technical indicators reveal this domain is part of a broader campaign targeting cryptocurrency enthusiasts, with a focus on mimicking legitimate marketcap tracking services to build credibility. Users who interact with this domain risk immediate financial loss, as the malicious scripts execute wallet-draining operations upon connection. This domain is currently unresolved by major threat intelligence platforms, leaving it operational and dangerous for unaware users. This domain resolves to IP address 104.21.55.113 and utilizes a Let's Encrypt SSL certificate to appear legitimate. VirusTotal analysis shows 0 detections out of 95 security vendors, indicating this domain has evaded current detection mechanisms. The domain was registered with an unknown registrar and shows recent creation activity, suggesting it is a newly deployed threat actor resource. Despite its low detection rate, this domain is flagged as active in ongoing threat intelligence monitoring due to observed crypto drainer behavior. The lack of detections highlights the evolving nature of these attacks, which increasingly rely on short-lived domains and encrypted traffic to bypass security controls. Users should treat this domain as hostile and avoid any interaction, including visiting the site or clicking any links associated with it. Users who have visited defimarketcap.de.com should immediately revoke any wallet connections established from this domain using their wallet provider’s connection management interface. Disconnect the domain from your wallet and check for unauthorized token approvals or transfers. If any unauthorized transactions occurred, report the incident to your wallet provider and file a complaint with relevant financial authorities. Enable transaction alerts on your wallet to detect suspicious activity in real time. Avoid reconnecting wallets to any unknown domains, especially those mimicking legitimate services. Use hardware wallets for critical assets and ensure your device’s security software is updated to detect emerging threats. Stay vigilant against similar domains and verify URLs through official channels before any interaction. 62a00e ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 104.21.55.113 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/60a0bba6-808d-40df-8725-d947f474f9bf - PhishDestroy: https://phishdestroy.io/domain/defimarketcap.de.com/ - LLM endpoint: https://phishdestroy.io/domain/defimarketcap.de.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/defimarketcap.de.com/ Last updated: 2026-03-22