# codedbysonu.github.io — MALICIOUS

> codedbysonu.github.io hosts a crypto wallet drainer, flagged by 16/95 VirusTotal vendors. This GitHub Pages site mimics developer tools to steal credentials.

## Summary
This GitHub Pages domain, codedbysonu.github.io, actively poses as a developer utility to deliver a crypto wallet drainer targeting cryptocurrency users. The site leverages GitHub's trusted infrastructure to host malicious JavaScript that intercepts wallet connection requests and exfiltrates private keys or transaction approvals to attacker-controlled servers.  PhishDestroy identifies this domain as a live crypto credential theft operation. Evidence includes a VirusTotal detection rate of 16 out of 95 security vendors, a Let's Encrypt SSL certificate issued to the domain, and active blocking by the OpenPhish blocklist. The domain resolves to IP address 185.199.108.153 and was registered through GitHub, Inc., which allows Pages hosting without content verification. These technical indicators confirm malicious intent and ongoing distribution.  Users who visited this domain should immediately disconnect from the internet, close all browser sessions, and run a full antivirus scan. If you entered any cryptocurrency wallet credentials or connected a wallet on this site, revoke all session permissions and transfer remaining funds to a new wallet. Report any loss to your wallet provider and file a police report. Avoid revisiting the domain and warn others—this site remains active and dangerous as of seed 6cff32.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: GitHub, Inc.
- IP: 185.199.108.153

## Detection Status
- VirusTotal: 16 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["OpenPhish"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a3fb0b1b-792a-4620-a24d-1c31b67592fa
- PhishDestroy: https://phishdestroy.io/domain/codedbysonu.github.io/
- LLM endpoint: https://phishdestroy.io/domain/codedbysonu.github.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/codedbysonu.github.io/
Last updated: 2026-03-27