# xpresscapitalmarket.io — MALICIOUS

> Xpresscapitalmarket.io is an active phishing domain posing medium risk. Learn how this threat impacts users and steps to stay protected.

## Summary
PhishDestroy identifies xpresscapitalmarket.io as an active phishing domain posing a medium-level risk to internet users. This threat is significant because phishing attacks frequently aim to steal sensitive information such as login credentials and financial data, potentially leading to identity theft and financial loss.

The domain xpresscapitalmarket.io was registered recently on February 21, 2026, and resolves to the IP address 147.93.38.92. It has been flagged in two AlienVault OTX threat intelligence pulses and appears on one security blocklist, with 9 out of 95 security vendors on VirusTotal marking it as suspicious. The domain’s page title reads "Xpresscapital," which might be used to lend a false sense of legitimacy.

Users should exercise caution when encountering communications or websites linked to xpresscapitalmarket.io. It is advisable not to click on unfamiliar links or provide any personal information through this domain. Employing up-to-date security software and verifying URLs before interaction are essential steps to avoid falling victim to this phishing scheme.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 530)
- Page title: Xpresscapital

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- IP: 147.93.38.92
- SSL Issuer: R12

## Detection Status
- VirusTotal: 9 vendors flagged
  Vendors: ["alphaMountain.ai", "CyRadar", "ESET", "Emsisoft", "Fortinet", "Gridinsoft", "Lionic", "SOCRadar", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bb221-e0f1-711c-ae1f-10aacbbdb4dd.png
- PhishDestroy: https://phishdestroy.io/domain/xpresscapitalmarket.io/
- LLM endpoint: https://phishdestroy.io/domain/xpresscapitalmarket.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xpresscapitalmarket.io/
Last updated: 2026-03-19