# avinashcreates.github.io — MALICIOUS

> Avinashcreates.github.io is a credential-harvesting phishing page flagged by 12/95 VirusTotal vendors and Google Safe Browsing.

## Summary
PhishDestroy identifies avinashcreates.github.io as a live credential-harvesting phishing domain posing a HIGH risk to users. This domain, hosted on GitHub Pages, serves as a front for social-engineering attacks designed to trick visitors into submitting sensitive login information.  This domain was flagged by 12 of 95 VirusTotal security vendors, Google Safe Browsing under the SOCIAL_ENGINEERING category, and is resolved to 185.199.108.153. It operates under a Let’s Encrypt SSL certificate, which is commonly abused to lend false legitimacy to phishing pages. Despite being registered through GitHub, Inc., the domain is not inherently trusted—GitHub Pages can be weaponized for malicious hosting if content is crafted to deceive users.  Organizations and individuals must treat avinashcreates.github.io as an ACTIVE threat. Users should avoid clicking links, entering credentials, or interacting with any content hosted at this domain. All login portals and sensitive web forms should be accessed only via known, verified domains. If discovered in logs, this IP and domain should be immediately blocked at the firewall and DNS level. Report the domain to your security team and relevant threat intelligence platforms to prevent further propagation. Monitor for follow-on attacks leveraging stolen credentials.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: GitHub, Inc.
- IP: 185.199.108.153

## Detection Status
- VirusTotal: 12 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/34985f70-91ad-4388-ac58-557179dbdfed
- PhishDestroy: https://phishdestroy.io/domain/avinashcreates.github.io/
- LLM endpoint: https://phishdestroy.io/domain/avinashcreates.github.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/avinashcreates.github.io/
Last updated: 2026-04-01