# gokul-unni93.github.io — SUSPICIOUS

> gokul-unni93.github.io is a GitHub-hosted credential phishing page impersonating login portals, detected by 0/95 VirusTotal engines.

## Summary
gokul-unni93.github.io is an active credential-harvesting scam hosted on GitHub Pages at IP 185.199.108.153 under the Let's Encrypt SSL certificate. VirusTotal currently records 0 detections across 95 engines, indicating the page remains largely undetected by antivirus platforms. PhishDestroy identifies this site as part of a broader campaign leveraging free GitHub.io subdomains to mimic legitimate login interfaces and steal user credentials; the page has been tagged under_investigation and is confirmed active.

This domain was flagged via seed 6b483e and is registered through GitHub, Inc. The underlying server resolves to 185.199.108.153, a known GitHub Pages IP range. Despite zero VirusTotal detections at the time of analysis, the page’s purpose is to mimic trusted login portals, posing a direct risk of credential theft and subsequent account compromise. There are no current entries in major blocklists such as PhishTank or OpenPhish, and the domain lacks historical trust signals, reinforcing its malicious intent.

Users encountering this site should immediately cease interaction and avoid entering any login credentials. Report the domain to your email provider, browser vendor, and security teams. Organizations are advised to block 185.199.108.153 and the domain at the network perimeter. If credentials were entered, rotate passwords immediately, enable multi-factor authentication where possible, and monitor for signs of account takeover or fraudulent activity.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: GitHub, Inc.
- IP: 185.199.108.153

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/gokul-unni93.github.io
- PhishDestroy: https://phishdestroy.io/domain/gokul-unni93.github.io/
- LLM endpoint: https://phishdestroy.io/domain/gokul-unni93.github.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/gokul-unni93.github.io/
Last updated: 2026-04-03