# soorajvarrma.github.io — MALICIOUS

> PhishDestroy identifies soorajvarrma.github.io as an active phishing domain hosting a drainer kit. 14 of 95 security vendors flagged it; avoid interactions.

## Summary
PhishDestroy identifies soorajvarrma.github.io as an active phishing domain distributing a cryptocurrency drainer kit designed to siphon funds from unsuspecting victims. The site masquerades as a legitimate GitHub Pages domain but is engineered to exploit users’ trust in the platform by prompting fraudulent transactions. No specific brand is mimicked in this campaign, but the drainer kit is a known malicious payload that automates the theft of digital assets by replacing wallet addresses during transfers.  

This domain was flagged by security vendors with a detection score of 14 out of 95 on VirusTotal, indicating partial but not universal recognition of the threat. It is registered through GitHub, Inc., resolving to IP address 185.199.108.153 and secured with a Let's Encrypt SSL certificate to appear legitimate. The domain was created recently and has been added to multiple threat intelligence blocklists due to its association with phishing infrastructure.  

The domain remains active and poses an elevated risk to users who may interact with it. GitHub has been notified and the domain is under review for takedown. Users are strongly advised to avoid visiting soorajvarrma.github.io and to report any suspicious activity. Remaining risk is moderate due to the domain’s recent registration and partial detection coverage, but active monitoring and blocking are recommended.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: GitHub, Inc.
- IP: 185.199.108.153

## Detection Status
- VirusTotal: 14 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5d2424de-d5fe-416e-8268-2cf2dfd70d24
- PhishDestroy: https://phishdestroy.io/domain/soorajvarrma.github.io/
- LLM endpoint: https://phishdestroy.io/domain/soorajvarrma.github.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/soorajvarrma.github.io/
Last updated: 2026-03-23