# ooha13.github.io — MALICIOUS

> Beware: ooha13.github.io is a crypto drainer impersonating a legitimate service. This domain was flagged by 17/95 VirusTotal vendors.

## Summary
PhishDestroy identifies the domain ooha13.github.io as an active crypto drainer, posing an elevated risk to unsuspecting users. This malicious site leverages GitHub Pages to host fraudulent content designed to siphon cryptocurrency assets under false pretenses.  
This domain resolves to the IP address 185.199.108.153 and operates under a valid Let's Encrypt SSL certificate, which may lend it an air of legitimacy. VirusTotal analysis reveals a concerning detection rate, with 17 out of 95 security vendors flagging the domain as malicious. Registered via GitHub, Inc., this platform is often exploited by threat actors to deploy phishing campaigns due to its widespread trust and minimal friction for domain creation. The use of GitHub Pages further obscures the malicious intent, blending in with legitimate development activities.  
Mitigation for this crypto drainer threat involves heightened scrutiny when interacting with unsolicited links or unfamiliar domains. Users should verify the legitimacy of any GitHub-hosted site through PhishDestroy or similar threat intelligence platforms before proceeding. Avoid entering sensitive information, such as wallet credentials or private keys, on any page hosted at ooha13.github.io. Block the IP address 185.199.108.153 at the network perimeter if observed in connection with suspicious activity. Additionally, organizations should update endpoint detection rules to flag this domain and its associated IP as indicators of compromise (IoCs).

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: GitHub, Inc.
- IP: 185.199.108.153

## Detection Status
- VirusTotal: 17 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/cab03eda-7133-4c73-a42e-a7a95a11a0e2
- PhishDestroy: https://phishdestroy.io/domain/ooha13.github.io/
- LLM endpoint: https://phishdestroy.io/domain/ooha13.github.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ooha13.github.io/
Last updated: 2026-03-29