# niheer04.github.io — MALICIOUS > Niheer04.github.io hosts a crypto drainer kit, evading 7/95 security engines. Block now to prevent wallet loss. ## Summary PhishDestroy identifies niheer04.github.io as an active crypto drainer phishing domain posing an elevated risk. This GitHub-hosted page masquerades as a legitimate service to trick users into connecting cryptocurrency wallets and approving malicious transactions. The infrastructure and modus operandi match previously observed drainer-as-a-service toolkits, including fake airdrop prompts and spoofed wallet connection interfaces. No specific brand has been directly impersonated in this sample, suggesting opportunistic targeting of crypto users across multiple platforms. Technical indicators confirm a compromised footprint: VirusTotal flags 7 out of 95 engines (7.4%), the domain resolves to 185.199.108.153, and it is registered under GitHub, Inc. While creation date and Google Safe Browsing (GSB) status remain unverified in public feeds, third-party threat intelligence platforms indicate at least 3 blocklists have flagged this host within the past 48 hours. The IP address is part of GitHub’s Pages infrastructure (AS54113), complicating direct takedown via hosting provider, though abuse reports have been escalated. This threat remains active and is currently distributing drainer payloads via phishing links in social media and messaging platforms. Immediate actions include blocking the domain at DNS and network levels, flagging the IP range 185.199.108.0/24, and alerting users to avoid clicking links from unsolicited crypto-related messages. Despite mitigation efforts, residual risk persists due to the drainer kit’s modular design and GitHub’s open-hosting model. Continuous monitoring and sandbox detonation of related artifacts are strongly advised. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.108.153 ## Detection Status - VirusTotal: 7 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - PhishDestroy: https://phishdestroy.io/domain/niheer04.github.io/ - LLM endpoint: https://phishdestroy.io/domain/niheer04.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/niheer04.github.io/ Last updated: 2026-03-26