# rxmathi143.github.io — MALICIOUS > rxmathi143.github.io is a live crypto drainer impersonating a brand. 18/95 security vendors flag this domain. Verify safety on PhishDestroy now. ## Summary PhishDestroy identifies rxmathi143.github.io as an active crypto drainer domain designed to steal cryptocurrency from unwitting victims. This GitHub-hosted page is not a legitimate service but a malicious impersonation likely targeting users through social engineering tactics such as fake giveaways or fraudulent wallet connections. The infrastructure suggests a drainer kit is actively deployed, leveraging deceptive user interfaces to trick individuals into authorizing unauthorized transactions. This domain resolves to IP address 185.199.108.153 and is flagged by 18 out of 95 security vendors on VirusTotal, indicating a high detection rate among cybersecurity tools. Registered through GitHub, Inc., the domain has been categorized by Google Safe Browsing as a SOCIAL_ENGINEERING site, which is a clear indicator of malicious intent designed to deceive users. The SSL certificate, issued by Let’s Encrypt, lends a false sense of legitimacy, while its presence on the OpenPhish blocklist underscores its malicious nature. These technical indicators collectively paint a picture of a well-configured but malicious domain with a short operational lifespan. As of the latest assessment, rxmathi143.github.io remains active with a high-risk status. Immediate response actions include blocking the domain at the network perimeter and updating firewall rules to deny traffic to 185.199.108.153. While this domain is currently flagged by multiple security platforms, the risk of new variants emerging remains significant due to the ease of creating new GitHub pages. Users are strongly advised to verify any suspicious links using PhishDestroy and avoid interacting with this domain or any associated URLs. Remaining vigilant and relying on trusted threat intelligence sources is critical to mitigating exposure to this and similar crypto drainer campaigns. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.108.153 ## Detection Status - VirusTotal: 18 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 1 hits Lists: ["OpenPhish"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/b20a9309-ce51-4fb2-9c67-665a8f60a983 - PhishDestroy: https://phishdestroy.io/domain/rxmathi143.github.io/ - LLM endpoint: https://phishdestroy.io/domain/rxmathi143.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/rxmathi143.github.io/ Last updated: 2026-03-27