# sairao4102.github.io — MALICIOUS

> PhishDestroy flags sairao4102.github.io as an active crypto-draining phishing page that mimics a login portal. 15 of 95 VirusTotal scanners already detect it.

## Summary
PhishDestroy identifies sairao4102.github.io as an active crypto-draining phishing site. If visited, the page attempts to trick users into connecting a cryptocurrency wallet and signing malicious transactions that silently drain funds. This is not a generic login trap; it is designed specifically to steal digital assets by exploiting wallet-connect workflows.  

This domain was flagged by 15 of 95 VirusTotal security vendors and is hosted on GitHub Pages (registrar: GitHub, Inc.) at IP 185.199.108.153 with a Let’s Encrypt SSL certificate. It appeared recently as a GitHub user page, making it easy to blend in with legitimate developer content.  

If you visited sairao4102.github.io, immediately disconnect your wallet from any prompts, revoke any unauthorized permissions in your wallet settings, move remaining funds to a new address, and run a malware scan on your device. Report the domain to PhishDestroy so others are warned, and avoid clicking similar links in the future.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: GitHub, Inc.
- IP: 185.199.108.153

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/3b21adfd-2c3e-4dae-8406-8124e8d846c8
- PhishDestroy: https://phishdestroy.io/domain/sairao4102.github.io/
- LLM endpoint: https://phishdestroy.io/domain/sairao4102.github.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sairao4102.github.io/
Last updated: 2026-03-29