# chestha20.github.io — MALICIOUS > Analysis of chestha20.github.io hosting fake crypto drainers detected by 8/95 VirusTotal scanners. Check the full report. ## Summary chestha20.github.io is an active phishing domain leveraging GitHub Pages to host fake cryptocurrency drainer kits. The threat is specifically identified as a generic phishing campaign, likely targeting users with deceptive web3 wallet interfaces. No direct brand impersonation has been observed in available telemetry, but its use of a GitHub subdomain suggests opportunistic hosting for malicious payload distribution. The domain resolves to a payload delivery server (185.199.108.153), indicating operational infrastructure for credential harvesting or cryptocurrency theft. This domain was flagged by 8 out of 95 security vendors on VirusTotal, demonstrating partial detection across industry tools. It was registered via GitHub Pages, with SSL encryption provided by Let’s Encrypt. The hosting IP (185.199.108.153) aligns with GitHub’s infrastructure range, confirming legitimate infrastructure abuse. No public record confirms domain creation date, but telemetry suggests recent activation due to low blocklist presence. Google Safe Browsing (GSB) has not yet flagged this domain, and total blocklist inclusion is minimal, indicating limited historical takedown efforts. As of current assessment, chestha20.github.io remains active and poses an elevated risk to cryptocurrency users and web3 service visitors. Immediate response actions include domain takedown requests to GitHub, IP-based blocking at network firewalls, and updating browser security lists. Remaining risk is elevated due to unmitigated hosting on trusted infrastructure and undetected status in major threat feeds. Users should avoid interacting with this domain and report any suspicious activity. Security teams are advised to monitor for similar GitHub Pages abuse and deploy advanced phishing detection rules targeting drainer kit signatures. The threat actor’s reliance on free hosting underscores the need for proactive scanning of GitHub subdomains for malicious content. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.108.153 ## Detection Status - VirusTotal: 8 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/2af585e1-d51d-44be-8d10-25985cf27cdd - PhishDestroy: https://phishdestroy.io/domain/chestha20.github.io/ - LLM endpoint: https://phishdestroy.io/domain/chestha20.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/chestha20.github.io/ Last updated: 2026-03-26