# juli-chothani.github.io — MALICIOUS

> juli-chothani.github.io is hosting active crypto drainer malware, flagged by 11/95 VirusTotal scanners. Check the full report to assess exposure risk.

## Summary
PhishDestroy identifies juli-chothani.github.io as an active crypto drainer domain distributing malicious scripts designed to siphon cryptocurrency assets from unsuspecting users. The domain leverages GitHub Pages to host a fraudulent interface mimicking legitimate crypto platforms, specifically targeting wallet connections to trigger unauthorized transactions. No specific brand impersonation is confirmed at this time, but the drainer kit employs obfuscated JavaScript to evade detection and manipulate transaction parameters.  

This domain was flagged by 11 out of 95 VirusTotal security vendors, indicating elevated risk. Registered through GitHub, Inc., it resolves to IP address 185.199.108.153 and utilizes a Let's Encrypt SSL certificate for credibility. The domain is currently unlisted in Google Safe Browsing (GSB) and has not been widely blocked by major threat intelligence platforms, leaving users vulnerable to exposure. Technical indicators include a high-risk profile with no prior clean reputation, compounded by its recent deployment via GitHub’s free hosting service.  

As of the latest assessment, juli-chothani.github.io remains an active threat with no confirmed takedown actions. Users are advised to block access at the network level and avoid interaction. Remaining risk is classified as elevated due to the drainer’s ability to execute real-time asset theft upon wallet connection. Immediate mitigation includes updating browser security policies and deploying DNS-based blocking rules to prevent further propagation.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: GitHub, Inc.
- IP: 185.199.108.153

## Detection Status
- VirusTotal: 11 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c7613786-b2c2-4304-b043-7f2390956b02
- PhishDestroy: https://phishdestroy.io/domain/juli-chothani.github.io/
- LLM endpoint: https://phishdestroy.io/domain/juli-chothani.github.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/juli-chothani.github.io/
Last updated: 2026-03-23