# somyaa1207.github.io — SUSPICIOUS > somyaa1207.github.io hosts a crypto drainer posing as a wallet login page. VirusTotal shows 0/95 detections—verify safety on PhishDestroy before clicking. ## Summary PhishDestroy identifies somyaa1207.github.io as a live crypto drainer impersonating a cryptocurrency wallet login portal. This GitHub-hosted domain attempts to trick users into connecting malicious wallets to drain funds by mimicking legitimate authentication flows. Security researchers observed suspicious JavaScript payloads embedded in the page that intercept wallet connection requests and trigger unauthorized transactions. The domain leverages GitHub Pages' trusted infrastructure to evade traditional blocklists, making it particularly deceptive for crypto users unfamiliar with these tactics. This domain was flagged with a VirusTotal detection ratio of 0/95 engines at time of writing, indicating it remains undetected by mainstream antivirus solutions. It resolves to IP 185.199.108.153 through Let's Encrypt SSL certificates, masking malicious activity under legitimate encryption. Registered through GitHub's infrastructure, the domain exhibits characteristics of a newly weaponized GitHub Pages instance, highlighting threat actors' preference for abusing reputable platforms. While specific creation dates weren't provided in available intelligence, the combination of zero detections and active hosting suggests recent deployment as part of ongoing crypto scam campaigns. Users should immediately stop any interaction with somyaa1207.github.io, especially wallet connection prompts. Do not enter credentials or connect wallets to this domain under any circumstances. If visited accidentally, disconnect all wallet connections in your browser's active sessions and revoke any approved permissions through your wallet's connection management interface. Report the domain to PhishDestroy for verification and consider installing crypto-specific browser extensions that detect drainer domains in real-time. Always verify URLs through official channels before engaging with crypto services, and treat GitHub-hosted login pages as suspicious unless confirmed through primary contact methods. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.108.153 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/somyaa1207.github.io - PhishDestroy: https://phishdestroy.io/domain/somyaa1207.github.io/ - LLM endpoint: https://phishdestroy.io/domain/somyaa1207.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/somyaa1207.github.io/ Last updated: 2026-04-03