# joao-robertoo.github.io — MALICIOUS > joao-robertoo.github.io is impersonating legitimate platforms to steal credentials, with 16/95 security vendors flagging it. ## Summary PhishDestroy identifies joao-robertoo.github.io as an active generic phishing domain leveraging GitHub Pages to host malicious content. This domain specifically poses as a credential-harvesting scam, likely targeting unaware users under false pretenses. The threat involves a generic draineer kit, commonly used to siphon login details under the guise of a legitimate service or document. The domain resolves to IP address 185.199.108.153 and was registered through GitHub, Inc., a common tactic to exploit trusted hosting environments for malicious ends. This domain has been independently verified by 16 out of 95 VirusTotal security vendors as malicious, indicating a moderate but credible threat level. The SSL certificate issued by Let’s Encrypt further legitimizes the appearance of the page, enhancing its deception potential. Registered as a GitHub Pages subdomain, the domain likely evades immediate detection while maintaining low operational costs for attackers. As of the latest analysis, joao-robertoo.github.io remains active and unblocked by major blocklists, maintaining an elevated risk profile. Users should avoid interacting with this domain entirely, and organizations are advised to implement network-level blocking using the IP and domain indicators listed. While GitHub may eventually suspend the page upon notification, the reactive nature of takedowns means users must remain cautious. Remaining risk includes ongoing credential theft attempts and potential lateral movement into affiliated systems if credentials are reused. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.108.153 ## Detection Status - VirusTotal: 16 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/4afd2ecf-ad21-4143-a316-d0ec3936a8ef - PhishDestroy: https://phishdestroy.io/domain/joao-robertoo.github.io/ - LLM endpoint: https://phishdestroy.io/domain/joao-robertoo.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/joao-robertoo.github.io/ Last updated: 2026-03-24