# arvind67951.github.io — MALICIOUS > GitHub-hosted crypto wallet drainer site arvind67951.github.io evades detection with 14/95 VirusTotal score. ## Summary PhishDestroy identifies the active fake crypto wallet drainer site arvind67951.github.io operating under an elevated generic phishing threat classification. This domain mimics legitimate wallet interfaces to trick users into connecting malicious wallets and draining crypto funds. No specific brand is mimicked in this campaign, indicating a broad opportunistic targeting of crypto users. The drainer kit deployed on this site is designed to prompt wallet connections, request transaction approvals, and exfiltrate private keys or seed phrases, resulting in immediate fund loss. The infrastructure leverages GitHub Pages for free hosting and Let’s Encrypt certificates to build initial trust, a tactic commonly used to bypass corporate email security gateways and personal spam filters. This domain was flagged by OpenPhish and appears on one additional security blocklist, demonstrating limited but meaningful detection coverage. The VirusTotal score stands at 14/95 security vendors, indicating partial visibility across the threat intelligence ecosystem. Registered through GitHub, Inc., the domain resolves to IP address 185.199.109.153, part of GitHub’s Pages infrastructure. The domain is relatively new, suggesting recent deployment to evade historical reputation filters. It is not currently flagged by Google Safe Browsing (GSB), increasing the risk of exposure to users relying solely on GSB for protection. As of the latest analysis, arvind67951.github.io remains active and is actively distributing wallet drainer payloads. Immediate response actions include blocking the domain at DNS and network levels, reporting the domain to GitHub Trust & Safety for abuse takedown, and updating enterprise and personal blocklists with the domain and IP. Despite these measures, the risk remains elevated due to the use of trusted hosting providers and Let’s Encrypt certificates, which can deceive users and security tools alike. Users are strongly advised to avoid clicking links to unknown domains, verify wallet URLs manually via official sources, and use hardware wallets or transaction simulation tools before approving any crypto transactions. The combination of partial detection, recent domain age, and reliance on reputable services underscores the persistent threat this domain poses to the crypto community. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.109.153 ## Detection Status - VirusTotal: 14 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["OpenPhish"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/5ed29499-1c7f-4d67-ba7c-9bda7bbbb120 - PhishDestroy: https://phishdestroy.io/domain/arvind67951.github.io/ - LLM endpoint: https://phishdestroy.io/domain/arvind67951.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/arvind67951.github.io/ Last updated: 2026-04-12