# azuregray.github.io — SUSPICIOUS > azuregray.github.io mimics Microsoft 365 portals to trick users into surrendering credentials. GitHub-hosted site resolves to 185.199.111. ## Summary azuregray.github.io is an active phishing domain detected by PhishDestroy under seed 9a2dc4. The site poses a high risk of enterprise credential theft by masquerading as a legitimate Microsoft 365 login portal. Victims entering their corporate credentials risk lateral-movement attacks, data breaches, and follow-on ransomware campaigns. Risk level is under_investigation; however, the identified threat is SPECIFIC Microsoft credential harvesting with potentially severe business impact. The domain resolves to IP 185.199.111.153 and is registered via GitHub, Inc. VirusTotal shows zero detections (0/95 engines) despite the server already being flagged by Google Safe Browsing for SOCIAL_ENGINEERING. The site holds a valid Let’s Encrypt SSL certificate, which lowers user suspicion and increases the chance of successful deception. Mitigation against this style of credential-phishing site must focus on user education and automated detection. Employees should be drilled to check the exact URL and browser padlock origin before entering credentials; ideally, corporate SSO should block external domains from collecting login secrets. Security teams should feed the domain into SIEM/SOAR playbooks to quarantine any outbound connections to 185.199.111.153 and to alert any users who may have already typed credentials into the page. Users who suspect interaction should rotate passwords immediately and run a malware scan of affected machines. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.111.153 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/azuregray.github.io - PhishDestroy: https://phishdestroy.io/domain/azuregray.github.io/ - LLM endpoint: https://phishdestroy.io/domain/azuregray.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/azuregray.github.io/ Last updated: 2026-04-05