# pramodgc04.github.io — MALICIOUS > WARNING: pramodgc04.github.io is a confirmed crypto drainer impersonating Poly Network. 16/95 VirusTotal engines detected this threat—verify safety on. ## Summary The domain pramodgc04.github.io hosted on GitHub Pages is a confirmed generic phishing site classified as a high-risk crypto drainer used to steal cryptocurrency assets. This site impersonates Poly Network, a legitimate cross-chain interoperability protocol, by deploying malicious JavaScript libraries embedded within a fake web interface. These drainer kits are designed to intercept wallet connections, manipulate transaction metadata, and siphon funds to attacker-controlled wallets under the guise of transaction verification or gas fee payments. The attackers leverage GitHub’s free hosting to evade traditional email and domain-based filtering, capitalizing on the platform’s trusted reputation to deliver a sophisticated social engineering attack vector aimed at Web3 users. PhishDestroy’s forensic analysis reveals the following technical indicators: this domain resolves to IP 185.199.108.153 and was issued an SSL certificate via Let’s Encrypt, providing a false sense of legitimacy. As of current data, the domain was created under GitHub Pages, which does not publicly expose the exact registration date but was flagged on May 14, 2024. VirusTotal detection stands at 16 out of 95 security vendors, while Google Safe Browsing labels it under “SOCIAL_ENGINEERING” for deceptive content. This domain has been blocked by one known security blocklist and is actively monitored for changes in infrastructure or payload delivery mechanisms. The presence of a Let’s Encrypt certificate indicates that the site purports to be secure, but such SSL certificates are trivial for attackers to obtain and do not validate authenticity or intent. As of this report, pramodgc04.github.io remains active and has not been taken down. PhishDestroy has flagged the domain and blocked access across its infrastructure. Users are strongly advised not to interact with this site and to report any encounter via PhishDestroy’s verification portal. While GitHub has not yet responded to takedown requests, continued escalation by cybersecurity teams and hosting providers is expected. The remaining risk remains high due to the site’s operational status and the persistent threat of cloned variations being deployed across GitHub Pages or alternative free hosting services. Users must remain vigilant, verify all transaction links via trusted sources, and utilize hardware wallet isolation and transaction simulation tools to prevent fund loss. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.108.153 ## Detection Status - VirusTotal: 16 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 1 hits Lists: ["PhishingDB"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/pramodgc04.github.io - PhishDestroy: https://phishdestroy.io/domain/pramodgc04.github.io/ - LLM endpoint: https://phishdestroy.io/domain/pramodgc04.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/pramodgc04.github.io/ Last updated: 2026-04-10