# rohit-chaurasiya2525.github.io — MALICIOUS > PhishDestroy flags rohit-chaurasiya2525.github.io as an active crypto drainer kit impersonating X (Twitter). 13/95 security vendors detect this threat. ## Summary PhishDestroy identifies rohit-chaurasiya2525.github.io as a live crypto drainer domain designed to mimic X (formerly Twitter), leveraging GitHub Pages to host malicious JavaScript payloads that siphon cryptocurrency wallet credentials and tokens. The threat actor employs a generic phishing vector, targeting users through social engineering lures such as fake giveaways, phishing links, or spoofed login prompts. This domain does not impersonate a traditional financial brand but instead abuses the trust associated with X’s platform to deceive victims into connecting their wallets to a fraudulent dApp interface. Historical analysis indicates this campaign is part of a broader trend where threat actors abuse legitimate cloud hosting services like GitHub Pages to deliver drainer scripts due to their high availability and low cost. This domain resolves to the IP address 185.199.108.153 and was registered via GitHub, Inc., which provides the infrastructure for GitHub Pages hosting. VirusTotal analysis reveals that 13 out of 95 participating security vendors have flagged this domain as malicious, indicating moderate but significant detection coverage. The domain utilizes a valid SSL certificate issued by Let’s Encrypt, which may help it evade basic browser-based security warnings. While the exact creation date is not disclosed in the provided intelligence, the domain’s association with GitHub Pages suggests it was likely deployed recently. As of the latest assessment, this domain remains unblocked in Google Safe Browsing (GSB) and has not been added to major threat intelligence blocklists, leaving users vulnerable to exposure. The lack of proactive blocking by major security vendors and browsers increases the risk of successful exploitation, particularly among users who may overlook subtle URL discrepancies or ignore browser warnings. As of this advisory, rohit-chaurasiya2525.github.io remains active and poses an elevated risk to users who interact with its content. Immediate action should be taken to block this domain at the network and endpoint levels, including corporate firewalls, DNS filters, and endpoint detection and response (EDR) solutions. Users are strongly advised to verify any suspicious links or websites using PhishDestroy’s real-time scanning tool before engaging with them. The domain’s reliance on GitHub Pages infrastructure complicates takedown efforts, as GitHub’s abuse policies may delay or limit the removal of malicious repositories. While GitHub has mechanisms to suspend malicious pages, threat actors can rapidly redeploy similar domains, necessitating continuous monitoring and proactive threat hunting. The remaining risk is elevated due to the domain’s current unblocked status and the potential for further campaigns leveraging similar tactics. Organizations and individuals should prioritize user awareness training to recognize phishing lures and implement wallet protection measures, such as using hardware wallets and verifying contract addresses before approving transactions. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.108.153 ## Detection Status - VirusTotal: 13 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/fe0bd4f3-bc6a-4c3b-9526-cd348c55aca4 - PhishDestroy: https://phishdestroy.io/domain/rohit-chaurasiya2525.github.io/ - LLM endpoint: https://phishdestroy.io/domain/rohit-chaurasiya2525.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/rohit-chaurasiya2525.github.io/ Last updated: 2026-03-26