# nidhisa20.github.io — MALICIOUS

> nidhisa20.github.io operates as a crypto drainer fraudulently harvesting wallet credentials with 13/95 VirusTotal detections. Immediate action required.

## Summary
PhishDestroy identifies nidhisa20.github.io as a live crypto drainer hosting active credential theft infrastructure. This GitHub Pages subdomain is currently distributing malware under the guise of a legitimate service, with confirmed malicious payload exfiltrating cryptocurrency wallet credentials. The threat remains active with elevated risk to unsuspecting visitors.  nidhisa20.github.io was flagged by 13 of 95 VirusTotal security vendors and appears on one public blocklist. The domain resolves to IP 185.199.108.153 through GitHub, Inc. registration. This active crypto drainer mimics legitimate crypto services while executing unauthorized wallet transactions. Its SSL certificate from Let's Encrypt provides false trust indicators despite malicious intent.  This domain represents immediate financial risk to cryptocurrency holders. PhishDestroy recommends immediate blocking at network and endpoint levels. Users should verify any crypto service URL through official channels before interaction. Security teams should investigate network logs for communications with 185.199.108.153. GitHub should be notified to suspend this fraudulent subdomain under their abuse policy. All cryptocurrency wallet access should use hardware wallet isolation until this threat is neutralized.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: GitHub, Inc.
- IP: 185.199.108.153

## Detection Status
- VirusTotal: 13 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["OpenPhish"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/245d024b-c7ea-4d3b-922f-f4f44eb7b2b9
- PhishDestroy: https://phishdestroy.io/domain/nidhisa20.github.io/
- LLM endpoint: https://phishdestroy.io/domain/nidhisa20.github.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/nidhisa20.github.io/
Last updated: 2026-04-12