# atharv2104.github.io — MALICIOUS > PhishDestroy identifies atharv2104.github.io as a credential theft phishing page with 16/95 VirusTotal detections. ## Summary PhishDestroy has confirmed atharv2104.github.io as an active credential theft phishing domain designed to harvest user login credentials through fraudulent login interfaces. This domain leverages GitHub Pages hosting to lend false legitimacy to its malicious operations, while impersonating legitimate service login pages to deceive victims into surrendering sensitive authentication details. The threat actor behind this campaign appears to be targeting users through social engineering tactics, presenting convincing replicas of popular web services to maximize the likelihood of successful credential capture. Analysis of atharv2104.github.io reveals multiple indicators of compromise that substantiate its malicious nature. VirusTotal currently flags this domain with detections from 16 out of 95 participating security vendors, indicating widespread recognition of its harmful intent across multiple detection engines. The domain is registered through GitHub Pages, a legitimate hosting service that has been abused by threat actors to host phishing content due to its trusted domain reputation. Notably, this domain has been blocked by OpenPhish, a respected threat intelligence feed specializing in phishing detection, and appears on one additional security blocklist, further corroborating its malicious status. The SSL certificate issued by Let's Encrypt provides an additional layer of authenticity that may lull victims into a false sense of security while interacting with the fraudulent content. Users who have accessed atharv2104.github.io should immediately assess whether they entered any credentials or sensitive information on the page. If any credentials were submitted, change passwords for the affected account and enable multi-factor authentication where available. Organizations should consider blocking this domain at the network perimeter and reviewing logs for any connections to the associated IP address 185.199.108.153. Implementing additional monitoring for credential stuffing attempts using credentials harvested from this domain is strongly recommended. Always verify the authenticity of login pages through official channels and avoid clicking suspicious links, especially those delivered via unsolicited communications. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.108.153 ## Detection Status - VirusTotal: 16 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["OpenPhish"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/506597ea-f735-4501-b091-cbb531b5878e - PhishDestroy: https://phishdestroy.io/domain/atharv2104.github.io/ - LLM endpoint: https://phishdestroy.io/domain/atharv2104.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/atharv2104.github.io/ Last updated: 2026-03-31