# bhaveshkransan.github.io — SUSPICIOUS

> bhaveshkransan.github.io impersonates Aave with 3/95 VirusTotal flags. Avoid connecting crypto wallets or entering credentials.

## Summary
PhishDestroy identifies bhaveshkransan.github.io as an active brand impersonation site targeting users of the Aave DeFi protocol. The page mimics Aave’s branding to trick visitors into connecting cryptocurrency wallets or submitting sensitive data such as seed phrases and private keys. Because the attackers’ goal is to steal digital assets or harvest credentials for later account takeovers, visiting this site can lead to irreversible financial loss.  

This domain was flagged by 3 out of 95 VirusTotal security vendors and is served from IP address 185.199.108.153 behind a Let’s Encrypt SSL certificate. It is hosted on GitHub Pages under the account bhaveshkransan, a pattern commonly abused for low-cost impersonation campaigns against decentralized finance projects. The site’s content closely mirrors legitimate Aave interfaces, increasing the risk of accidental interaction.  

If you already visited bhaveshkransan.github.io, immediately disconnect any connected wallets, revoke any permissions you may have granted, and run a malware scan on your device. Do not enter credentials or seed phrases on the page. Report the URL to Aave’s official security team and consider rotating wallet addresses and keys used for DeFi interactions. Always verify site URLs against official Aave channels before entering sensitive information.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Aave

## Domain Intelligence
- Registrar: GitHub, Inc.
- IP: 185.199.108.153

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/bb1596dd-9593-46aa-89a7-e4c3f5908bb0
- PhishDestroy: https://phishdestroy.io/domain/bhaveshkransan.github.io/
- LLM endpoint: https://phishdestroy.io/domain/bhaveshkransan.github.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bhaveshkransan.github.io/
Last updated: 2026-03-26