# PhishDestroy threat dossier — chamolineetu89-del.github.io ================================================================ Fetched: 2026-07-13 06:30:24 UTC Canonical: https://phishdestroy.io/domain/chamolineetu89-del.github.io/ ## VERDICT ---------------------------------------------------------------- CRITICAL THREAT — DO NOT VISIT Composite threat score: 100/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 7/91 security vendors flagged this domain Flagging vendors: alphaMountain.ai, Emsisoft, G-Data, Gridinsoft, Netcraft, Sophos, Webroot Public blocklists: listed on 1 independent blocklist ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 185.199.110.153 (US, San Francisco) ASN: AS54113 Fastly, Inc. Hosting org: GitHub, Inc Registrar: GitHub, Inc. Nameservers: NS_NOT_FOUND Page title: Site not found · GitHub Pages ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / YR2 Expires: 2026-09-02 Status: INVALID chain Fingerprint: 32491b26bfaf7bfb556029ef32299ac4374db34d09eecd4ffd01f21b2c5a8567 Subject Alternative Names (related infrastructure — often same operator): - github.com - github.io - githubusercontent.com ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- First detected: 2026-07-12 14:35:07 UTC (by PhishDestroy tracker) Last verified: 2026-07-13 08:20:41 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019f5652-9afa-763d-840c-70a0291569ba/ Wayback Machine: https://web.archive.org/web/*/chamolineetu89-del.github.io crt.sh CT logs: https://crt.sh/?q=%25.chamolineetu89-del.github.io Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=chamolineetu89-del.github.io AlienVault OTX: https://otx.alienvault.com/indicator/domain/chamolineetu89-del.github.io URLhaus: https://urlhaus.abuse.ch/host/chamolineetu89-del.github.io/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-07-13 00:15:22 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] This domain, chamolineetu89-del.github.io, is currently listed as active and classified as a generic phishing site. The page title returned by the host is "Site not found · GitHub Pages", indicating that the underlying GitHub Pages service is serving a default error page rather than a custom landing page. The domain resolves to the IP address 185.199.110.153, which belongs to the GitHub, Inc. infrastructure located in the United States. The TLS certificate is issued by Let’s Encrypt and is currently valid, which is typical for GitHub‑hosted sites. Infrastructure fingerprinting shows the presence of Varnish, Fastly and GitHub Pages, confirming that the site is being delivered through the standard GitHub static‑site pipeline. The domain appears on two external phishing blocklists, specifically PhishDestroy and OpenPhish, and its status in those feeds is "active". No additional intelligence such as malware payloads, credential‑stealing forms, or compromised user data has been observed. VirusTotal has recorded scans from 95 vendors, none of which have raised a detection, but the absence of detections does not constitute proof of safety. The nameserver information is not available in the current data set. Given the presence on reputable phishing feeds, the generic phishing classification, and the lack of any observed benign activity, defenders should treat the domain as malicious. Recommended actions include blocking the domain at perimeter firewalls, DNS resolvers, and proxy devices, monitoring for any outbound connections to the IP address, and adding the domain to internal blocklists. Continuous re‑evaluation is advised, as the site may change content or become inactive in the future. ## EVIDENCE HASHES ---------------------------------------------------------------- Favicon MD5: 6b0c3a937095705c09335887d2269e9d TLS cert SHA-256: 32491b26bfaf7bfb556029ef32299ac4374db34d09eecd4ffd01f21b2c5a8567 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (operator takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/chamolineetu89-del.github.io/ JSON API: https://api.destroy.tools/v1/check?domain=chamolineetu89-del.github.io Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: independent open-source threat-intelligence platform. Tracked: 178,020 domains (49,754 alive under monitoring, 128,266 confirmed takedowns/dead). Site: https://phishdestroy.io