# onlinepharmrx.com — MALICIOUS

> onlinepharmrx.com linked to fake online pharmacy phishing, flagged by 6/95 VirusTotal engines. Check the full report.

## Summary
PhishDestroy identifies onlinepharmrx.com as an active fake online pharmacy phishing domain designed to deceive users into purchasing counterfeit or unregulated medications. This domain mimics legitimate pharmacy storefronts to harvest payment credentials and personal data under the guise of prescription fulfillment. The threat actor employs social engineering tactics, leveraging urgency (e.g., "limited stock" or "exclusive offers") to bypass user skepticism and drive illicit conversions. No known drainer kit signatures (e.g., MetaMask, wallet drainers) are associated with this domain at this time; the primary vector appears to be credential theft through spoofed checkout flows.

Technical analysis confirms elevated risk. VirusTotal reports 6 out of 95 security vendors detect malicious activity, while the domain is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. It resolves to IP 141.98.11.218 and was created on April 07, 2025. The domain holds a valid Let's Encrypt SSL certificate, possibly to enhance perceived legitimacy. It appears on 1 security blocklist and is actively blocked by PhishDestroy. The recent registration date and low detection rate (6/95) suggest a rapidly evolving threat with potential to evade detection.

As of today, onlinepharmrx.com remains active and poses a persistent risk to users seeking legitimate pharmaceutical services. Immediate remediation includes blocking the domain at the network level and disabling access via DNS sinkholing. Users are advised to avoid visiting this domain, verify pharmacy credentials through regulatory bodies, and report any interaction to their security teams. Remaining risk is elevated due to the domain's recent activation and low initial detection coverage. Continuous monitoring is required to track propagation and potential rebranding attempts by the threat actor.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-04-07 11:14:21
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 141.98.11.218

## Detection Status
- VirusTotal: 6 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2c5e05a6-1193-4658-8a39-e9c9256ef9e0
- PhishDestroy: https://phishdestroy.io/domain/onlinepharmrx.com/
- LLM endpoint: https://phishdestroy.io/domain/onlinepharmrx.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/onlinepharmrx.com/
Last updated: 2026-03-27