# llori807.github.io — SUSPICIOUS > llori807.github.io is a live crypto drainer kit page that abuses GitHub Pages & Let’s Encrypt SSL. It is flagged by VirusTotal 4/95 and Google Safe Browsing. ## Summary PhishDestroy identifies llori807.github.io as an active generic phishing host impersonating legitimate cryptocurrency services to trick victims into connecting malicious wallet drainer scripts. The domain serves no legitimate purpose and instead embeds a crypto-draining kit that silently siphons funds upon wallet connection. No brand is directly spoofed; the payload is generic and re-purposed across multiple similar campaigns to maximise opportunistic theft across different chains. llori807.github.io resolves to IP 185.199.108.153, is hosted on GitHub Pages via GitHub Inc., and leverages a Let’s Encrypt SSL certificate to appear trustworthy. According to VirusTotal, 4 out of 95 security vendors currently flag the domain. Google Safe Browsing lists it under SOCIAL_ENGINEERING for deceptive content. The domain was registered through GitHub’s Pages service and lacks any identifiable creation timestamp due to GitHub’s ephemeral naming convention for Pages sites. This domain remains ACTIVE as of the latest scan. Immediate response includes blocking 185.199.108.153 at the network perimeter and disabling access to llori807.github.io via DNS sinkhole or corporate blocklists. Users should treat this domain as HIGH RISK until further takedown; the persistence vector via GitHub Pages means full removal may require multi-party escalation. Remaining risk is elevated due to the drainer’s generic deployment model and SSL-backed deception. Continue monitoring feeds seeded by 8c0609 for newly observed sinkholes or replacement domains. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.108.153 ## Detection Status - VirusTotal: 4 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/4c96e2aa-0e3a-4d11-ac2f-84394304d481 - PhishDestroy: https://phishdestroy.io/domain/llori807.github.io/ - LLM endpoint: https://phishdestroy.io/domain/llori807.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/llori807.github.io/ Last updated: 2026-03-29