# abdo267.github.io — MALICIOUS > The domain abdo267.github.io has been identified as a crypto drainer site. 17 antivirus engines at VirusTotal flag it. Block access immediately. ## Summary The domain abdo267.github.io has been detected as a crypto drainer site. This means it is designed to deceive visitors into connecting a cryptocurrency wallet, then silently siphon tokens without consent. No specific drainer kit signature is publicly tagged yet, but the behavior aligns with generic cryptocurrency wallet-draining scripts, which typically invoke fake transaction prompts, permission requests, or token airdrop simulations. While GitHub is the hosting platform, the repository owner serves the malicious content under a seemingly personal account, leveraging the platform’s trusted brand to bypass initial suspicion. Technical indicators reveal high-risk attributes: VirusTotal lists 17 of 95 security vendors as flagging this domain. It resolves to IP 185.199.108.153 and is served via a Let’s Encrypt SSL certificate. The domain was registered through GitHub, Inc., suggesting it was created using GitHub Pages. Google Safe Browsing classifies it under SOCIAL_ENGINEERING, confirming malicious intent through social-engineering tactics. With multiple AV engines in consensus, the domain is actively circulating in threat feeds. This domain is currently active and poses a high risk to users interacting with it. Immediate blocking at network and endpoint levels is recommended. Organizations should add 185.199.108.153 and abdo267.github.io to blocklists and disable access via firewalls and DNS filtering. Remaining risk includes potential for lateral propagation if users unknowingly authenticate wallet connections. Continued monitoring for newly spun-up variants under GitHub Pages is advised due to the ease of domain creation on the platform. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.108.153 ## Detection Status - VirusTotal: 17 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/7c03fccf-66fd-4c80-b981-70730cfecd93 - PhishDestroy: https://phishdestroy.io/domain/abdo267.github.io/ - LLM endpoint: https://phishdestroy.io/domain/abdo267.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/abdo267.github.io/ Last updated: 2026-03-24