# mustajab-codes.github.io — SUSPICIOUS > mustajab-codes.github.io hosts an active crypto drainer phishing campaign with 0/95 VirusTotal detections. Immediate inspection required to prevent asset theft. ## Summary PhishDestroy identifies an active crypto drainer campaign operating via mustajab-codes.github.io, a GitHub-hosted domain under investigation for malicious intent. This site masquerades as legitimate software repositories to trick users into connecting crypto wallets, then silently drains assets via malicious smart contracts. The threat remains undetected by security vendors despite hosting on GitHub’s infrastructure (185.199.108.153), using a Let’s Encrypt SSL certificate for perceived legitimacy. This domain was flagged with 0 detections on VirusTotal out of 95 scanners, indicating a fresh or highly evasive threat. The site’s infrastructure includes a TLS certificate issued by Let’s Encrypt and resolves to 185.199.108.153, a GitHub Pages IP range. GitHub’s fast-flux hosting allows threat actors to rapidly deploy and discard phishing pages, complicating takedown efforts. The domain likely targets unsuspecting developers searching for coding tools or libraries. If you accessed this domain, immediately disconnect any connected crypto wallets and revoke permissions via blockchain explorers (e.g., Etherscan for Ethereum). Scan your device with reputable antivirus tools and review wallet transaction history for unauthorized transfers. Report the domain to GitHub Abuse and your wallet provider to prevent further exploitation. Never enter private keys or seed phrases into unknown sites. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.108.153 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/mustajab-codes.github.io - PhishDestroy: https://phishdestroy.io/domain/mustajab-codes.github.io/ - LLM endpoint: https://phishdestroy.io/domain/mustajab-codes.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/mustajab-codes.github.io/ Last updated: 2026-04-03