# toolethal.github.io — MALICIOUS > PhishDestroy identifies toolethal.github.io as a high-risk cryptocurrency drainer phishing domain. It has a 15/95 VirusTotal detection rate and was blocked by. ## Summary PhishDestroy has identified toolethal.github.io as an active cryptocurrency drainer phishing domain, currently leveraging GitHub Pages for hosting. This domain does not impersonate a specific brand but instead focuses on deploying malicious cryptocurrency drainer scripts. The threat is classified as a high-risk drainer kit, designed to siphon funds from unwitting victims by intercepting and modifying cryptocurrency wallet transactions in real time. The infrastructure is hosted on GitHub Pages, which is commonly abused for phishing campaigns due to its trusted domain reputation and ease of deployment. The technical indicators associated with this domain are as follows: VirusTotal reports a detection score of 15 out of 95 security vendors, indicating moderate but significant recognition as malicious. The domain resolves to the IP address 185.199.109.153 and is registered through GitHub, Inc. via GitHub Pages. Google Safe Browsing has flagged this domain under the category of SOCIAL_ENGINEERING, while it appears on 1 security blocklist. The domain utilizes a Let's Encrypt SSL certificate, which further legitimizes its appearance to potential victims. These indicators collectively highlight the domain's malicious intent and its infrastructure designed to deceive users. As of the latest assessment, toolethal.github.io remains active and poses a high risk to users who may interact with it. Immediate response actions include blocking the domain at the network perimeter and ensuring endpoint detection rules are updated to flag the associated IP address and SSL certificate. Despite these measures, the domain's use of GitHub Pages and SSL certificates complicates complete mitigation, leaving a residual risk that users may still encounter phishing lures via alternative vectors. Users are strongly advised to avoid interacting with this domain and to verify the legitimacy of any unsolicited links or websites claiming to offer cryptocurrency services. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.109.153 ## Detection Status - VirusTotal: 15 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 1 hits Lists: ["OpenPhish"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/a091b02e-60d8-4a3b-a8fe-9e43817a6718 - PhishDestroy: https://phishdestroy.io/domain/toolethal.github.io/ - LLM endpoint: https://phishdestroy.io/domain/toolethal.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/toolethal.github.io/ Last updated: 2026-03-27