# y0ussef-elnagar.github.io — MALICIOUS > PhishDestroy identifies y0ussef-elnagar.github.io as an active crypto drainer posing as an impersonation scam. 18 out of 95 VirusTotal engines flag this page. ## Summary PhishDestroy has identified an active crypto drainer campaign hosted at y0ussef-elnagar.github.io. This domain is part of a rapidly expanding set of GitHub-pages phishing pages that surreptitiously drain cryptocurrency wallets via malicious JavaScript. The threat is classified as elevated due to the confirmed capability to extract private keys and sign unauthorized transactions without user awareness. This domain was flagged by PhishDestroy and correlates with the seed 1cef0f. It resolves to the IP address 185.199.108.153 and is served over a valid Let's Encrypt SSL certificate. The page has been classified as malicious by 18 of 95 VirusTotal security vendors and is blocked by OpenPhish. The domain was registered through GitHub, Inc., which allows rapid deployment using their free Pages service, making takedown more complex. No creation date is publicly available due to GitHub’s privacy masking, but the page is currently live and actively serving content. Crypto drainers like this frequently impersonate legitimate DeFi platforms, NFT projects, or wallet interfaces to trick users into connecting their wallets and granting malicious signing permissions. Malicious JavaScript loaded from this domain likely listens for wallet connections and silently requests transaction approvals or private key exposure. Given the 18/95 detection rate, many standard security tools may not block it, increasing the risk of successful compromise. Users who visit this site and connect a wallet—especially on mobile—face high risk of irreversible fund theft. Mitigation requires immediate blocking of the domain y0ussef-elnagar.github.io at the network and endpoint levels. Organizations should deploy custom DNS blocklists and endpoint protection rules referencing the IP 185.199.108.153 and the URL path pattern. Users must be advised to never connect wallets on untrusted sites, verify URLs manually, and revoke suspicious wallet permissions via blockchain explorers. This domain should be reported to GitHub via their abuse channels and flagged in threat intelligence feeds to prevent re-use. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.108.153 ## Detection Status - VirusTotal: 18 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["OpenPhish"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/09bd2a05-1ff4-44e3-a434-f6dd0f09a012 - PhishDestroy: https://phishdestroy.io/domain/y0ussef-elnagar.github.io/ - LLM endpoint: https://phishdestroy.io/domain/y0ussef-elnagar.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/y0ussef-elnagar.github.io/ Last updated: 2026-03-31