# hieunbk765.github.io — MALICIOUS > hieunbk765.github.io hosts a crypto drainer phishing scam, mimicking legitimate crypto services. 18/95 security vendors flag this GitHub-hosted domain. ## Summary PhishDestroy identifies hieunbk765.github.io as an active crypto drainer phishing domain designed to steal cryptocurrency wallet credentials and assets. The domain is configured to impersonate legitimate crypto platforms, luring victims with fake investment portals or wallet authentication pages. Security researchers have confirmed the presence of drainer scripts, such as clipboard hijackers and malicious wallet connection prompts, which exfiltrate private keys or initiate unauthorized transactions upon user interaction. This domain represents a high-risk threat to cryptocurrency users, particularly those engaging with decentralized finance (DeFi) or NFT platforms. Technical analysis reveals this domain resolves to IP address 185.199.108.153 and is registered via GitHub, Inc., leveraging their Pages service to host malicious content under a seemingly legitimate subdomain. VirusTotal analysis shows 18 out of 95 security vendors flag this domain as malicious, with Google Safe Browsing classifying it under the SOCIAL_ENGINEERING category. The domain is protected by a Let's Encrypt SSL certificate, adding a false sense of legitimacy. Additionally, it appears on 1 security blocklist, including the OISD blocklist, though this coverage remains limited given the domain’s recent activation and GitHub-hosted infrastructure. The exact creation date is not publicly disclosed, but the combination of hosting provider, SSL certificate, and detection metrics suggests it is a recently deployed threat. This domain remains active and poses a significant risk to users who may inadvertently visit the URL or interact with embedded content. PhishDestroy has flagged hieunbk765.github.io as a high-risk threat, and immediate caution is advised. Users are strongly encouraged to verify any suspicious URLs through PhishDestroy’s database before proceeding. While GitHub has not yet taken down this subdomain, the growing detection rate across security vendors may lead to future takedowns. However, the domain’s low blocklist presence highlights gaps in real-time threat intelligence dissemination. Remaining risk is high due to the domain’s active status, cryptocurrency-focused lures, and the potential for drainer kits to evolve or be replaced by similar threats hosted under GitHub’s Pages service. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.108.153 ## Detection Status - VirusTotal: 18 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 1 hits Lists: ["OISD"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/hieunbk765.github.io - PhishDestroy: https://phishdestroy.io/domain/hieunbk765.github.io/ - LLM endpoint: https://phishdestroy.io/domain/hieunbk765.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/hieunbk765.github.io/ Last updated: 2026-04-10