# nancy-1029.github.io — MALICIOUS

> nancy-1029.github.io is a crypto credential theft phishing domain flagged by 13/95 VirusTotal vendors and Google Safe Browsing.

## Summary
PhishDestroy identifies nancy-1029.github.io as a high-risk domain actively engaged in crypto credential theft operations, leveraging GitHub Pages hosting to deliver a phishing payload disguised as a legitimate service. The domain exhibits characteristics of sophisticated social engineering tactics, specifically targeting users in cryptocurrency transactions through fraudulent credential harvesting pages. While no specific drainer kit fingerprint was detected in available intelligence, the infrastructure aligns with known patterns of crypto-focused phishing campaigns that intercept wallet seeds or exchange login credentials.  This domain resolves to IP 185.199.108.153 and was registered through GitHub Pages infrastructure, with a Let's Encrypt SSL certificate provisioned for 13/95 security vendors on VirusTotal — including Google Safe Browsing's SOCIAL_ENGINEERING classification. The combination of GitHub's legitimate hosting platform with malicious content delivery demonstrates evasion techniques commonly employed to bypass traditional web filtering solutions.  The domain remains in active status with no observed takedown actions as of current analysis. Immediate blocking at DNS and network levels is recommended, along with user awareness campaigns highlighting the risks of entering credentials on unknown crypto platforms. While the current infrastructure shows high persistence through GitHub's free hosting tier, the lack of direct takedown suggests ongoing threat activity that may expand to other platforms or domains. Enhanced monitoring for related cryptocurrency-themed phishing domains is advised due to the observed evasion patterns.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: GitHub, Inc.
- IP: 185.199.108.153

## Detection Status
- VirusTotal: 13 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/29d4382f-10b8-4745-865b-63d7cbdcde29
- PhishDestroy: https://phishdestroy.io/domain/nancy-1029.github.io/
- LLM endpoint: https://phishdestroy.io/domain/nancy-1029.github.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/nancy-1029.github.io/
Last updated: 2026-03-24