# nagamanip1702.github.io — MALICIOUS > Fake cryptocurrency drainer site nagamanip1702.github.io detected with 14/95 VirusTotal detections. Review full technical report now. ## Summary PhishDestroy identifies nagamanip1702.github.io as an active cryptocurrency drainer phishing domain, leveraging a spoofed interface to trick users into connecting fraudulent wallets. The domain mimics legitimate crypto platforms, suggesting a targeted attempt to harvest private keys and drain victim funds. Security teams should treat this as a high-fidelity threat due to its operational infrastructure and multi-engine detection coverage. The domain resolves to IP 185.199.108.153 and is registered through GitHub, Inc., with a Let's Encrypt SSL certificate in place. VirusTotal analysis shows 14 out of 95 security vendors flagging this domain, indicating partial but not universal detection. The GitHub-hosted nature and IP allocation suggest opportunistic abuse of a trusted platform to host malicious content, while the SSL certificate may be used to lend superficial legitimacy to the phishing page. No specific brand is directly impersonated in the known intelligence, pointing to a generic but high-risk drainer campaign. This domain remains active and poses an elevated risk to cryptocurrency users. Immediate mitigation includes blocking the domain at DNS and network levels, flagging the associated IP (185.199.108.153), and monitoring for related wallet drain events. Despite the elevated status, the partial detection rate and reliance on GitHub hosting suggest this campaign may still be evolving. Organizations should prioritize user awareness training focused on wallet connection security and implement real-time transaction monitoring to detect anomalous outflows linked to this infrastructure. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.108.153 ## Detection Status - VirusTotal: 14 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/nagamanip1702.github.io - PhishDestroy: https://phishdestroy.io/domain/nagamanip1702.github.io/ - LLM endpoint: https://phishdestroy.io/domain/nagamanip1702.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/nagamanip1702.github.io/ Last updated: 2026-04-07