# mahmadv3101-cpu.github.io — MALICIOUS

> PhishDestroy identifies mahmadv3101-cpu.github.io as a brand impersonation site with 6/95 VirusTotal flags. Avoid entering credentials or downloading files.

## Summary
PhishDestroy identifies mahmadv3101-cpu.github.io as a brand impersonation domain actively distributing a crypto drainer kit. This GitHub-hosted page mimics legitimate services to trick users into connecting crypto wallets, enabling unauthorized fund transfers. The domain leverages GitHub Pages to evade traditional email filters, positioning itself as a trusted platform while hosting malicious JavaScript payloads designed to drain digital assets from connected wallets.

Technical indicators confirm elevated risk: VirusTotal reports 6 out of 95 security vendors flagged this domain, with Google Safe Browsing classifying it under SOCIAL_ENGINEERING. Registered through GitHub, Inc., it resolves to IP 185.199.108.153 and operates under a Let's Encrypt SSL certificate. The domain was created recently and remains active despite multiple detection layers. This combination of GitHub infrastructure, low VT coverage, and active hosting elevates the threat profile significantly.

Current status shows an active threat with elevated risk, as confirmed by multiple security vendors and Safe Browsing. Immediate action is required: block the domain at the network level, avoid interaction, and report to GitHub Trust & Safety. Remaining risk stems from GitHub's permissive hosting environment, which allows rapid deployment of new malicious pages. Users should verify all URLs manually and enable wallet protection features to mitigate crypto drainer attacks.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: GitHub, Inc.
- IP: 185.199.108.153

## Detection Status
- VirusTotal: 6 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/mahmadv3101-cpu.github.io
- PhishDestroy: https://phishdestroy.io/domain/mahmadv3101-cpu.github.io/
- LLM endpoint: https://phishdestroy.io/domain/mahmadv3101-cpu.github.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/mahmadv3101-cpu.github.io/
Last updated: 2026-04-09