# londahlatshwayo.github.io — MALICIOUS > PhishDestroy warns this GitHub Pages domain hosts a crypto drainer scam. 8/95 security vendors flag londahlatshwayo.github.io. Verify before you click. ## Summary PhishDestroy identifies londahlatshwayo.github.io as an active crypto-draining phishing site hosted on GitHub Pages. This fraudulent page masquerades as a legitimate cryptocurrency wallet interface, luring victims into connecting their wallets and authorizing malicious token approvals that silently drain funds to attacker-controlled addresses. Security telemetry confirms the presence of a multi-chain drainer kit designed to exfiltrate assets across Ethereum, Polygon, and BSC ecosystems. The infrastructure leverages GitHub’s free hosting to evade traditional email and web filters, demonstrating a deliberate attempt to weaponize legitimate services for illicit gain. This domain resolves to IP 185.199.108.153 and is registered through GitHub, Inc., exploiting the platform’s Pages service to host the drainer kit. VirusTotal analysis shows 8 out of 95 security vendors have flagged the domain as malicious, while it remains unlisted by Google Safe Browsing. The domain was observed on active blocklists maintained by multiple threat intelligence feeds, indicating widespread recognition of its fraudulent nature. Despite its recent deployment, the campaign has already triggered multiple incident reports from crypto communities highlighting unauthorized token transfers and drained wallets. As of the latest assessment, londahlatshwayo.github.io remains active and responsive to requests, posing an elevated ongoing risk to cryptocurrency users. GitHub has been notified and the repository hosting the drainer kit is under review for takedown. Users are strongly advised to avoid interacting with this domain and verify any crypto-related sites using PhishDestroy’s real-time scanning tool. Remaining risk includes potential rebranding under new subdomains or domains using similar kits. Immediate action includes wallet transaction scanning and revoking any unauthorized token approvals detected in connection with this campaign. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.108.153 ## Detection Status - VirusTotal: 8 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - PhishDestroy: https://phishdestroy.io/domain/londahlatshwayo.github.io/ - LLM endpoint: https://phishdestroy.io/domain/londahlatshwayo.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/londahlatshwayo.github.io/ Last updated: 2026-03-26