# muramex.com — SUSPICIOUS

> Muramex.com impersonates MEXC with a fake crypto casino site. Learn how this medium-risk phishing domain was identified and its current offline status.

## Summary
PhishDestroy identifies muramex.com as a medium-risk brand impersonation domain targeting the cryptocurrency exchange MEXC. The domain advertised a fraudulent site named "Muramex: Elon Musk’s Official Crypto Casino Powered by Blockchain," attempting to exploit brand trust and lure victims into a cryptocurrency-related scam. This tactic is consistent with phishing campaigns aiming to harvest credentials or cryptocurrency assets by leveraging well-known crypto brands.

The domain muramex.com was registered on March 4, 2026, through Hello Internet Corp and resolved to the IP address 188.114.96.3. It appeared on one security blocklist and was flagged by 4 of 95 security vendors on VirusTotal, indicating moderate detection by security tools. The infrastructure details suggest a straightforward setup, typical for phishing schemes designed to appear legitimate but with limited longevity.

Currently, muramex.com is offline and no longer resolving, reducing immediate risk to users. PhishDestroy recommends continued monitoring of similar brand impersonation domains targeting MEXC and other crypto platforms. Users should remain vigilant for suspicious domains offering crypto services, especially those claiming celebrity endorsements or unusual promotions. Reporting and blocking such domains early helps prevent phishing success.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 666)
- Target brand: MEXC
- Page title: Muramex: Elon Musk’s Official Crypto Casino Powered by Blockchain

## Domain Intelligence
- Registered: 2026-03-04 17:07:02
- Registrar: Hello Internet Corp
- Country: US
- IP: 188.114.96.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: bayan.ns.cloudflare.com heidi.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 4 vendors flagged
  Vendors: ["G-Data", "Gridinsoft", "SOCRadar", "Sophos"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://i.ibb.co/zWRxgzrn/223ae5105728.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/muramex.com
- PhishDestroy: https://phishdestroy.io/domain/muramex.com/
- LLM endpoint: https://phishdestroy.io/domain/muramex.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/muramex.com/
Last updated: 2026-03-19