# lingnaiguodao-alt.github.io — SUSPICIOUS

> PhishDestroy identifies lingnaiguodao-alt.github.io as a credential theft phishing site with 0/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies lingnaiguodao-alt.github.io as an active credential theft phishing domain under investigation. The site mimics legitimate Chinese-language services to harvest user login credentials, posing a direct threat to account security and sensitive data exposure. Initial intelligence confirms the domain is configured with a valid Let's Encrypt SSL certificate, which enhances its deceptive appearance and increases the risk of successful deception among users. The domain resolves to IP address 185.199.108.153 and is currently hosted on GitHub Pages, leveraging the platform’s trusted infrastructure to bypass traditional email filtering and reputation checks. Despite hosting on a reputable service, the site has not yet been flagged by security vendors, with VirusTotal reporting 0 detections out of 95 engines, indicating poor early-stage detection coverage.

This domain was flagged due to emerging behavioral indicators consistent with credential harvesting campaigns, including impersonation of regional financial or news services. As of the latest scan, the domain shows no entries in major blocklists such as PhishTank, OpenPhish, or Google Safe Browsing, and has not been assigned a trust score by services like Webroot BrightCloud or Cisco Talos. The SSL certificate is valid and issued recently, suggesting recent domain activation. The use of GitHub Pages as a hosting provider complicates rapid takedown, as GitHub typically requires formal abuse reports or legal requests to disable malicious repositories. This combination of factors—low detection, clean reputation, and leveraged trusted infrastructure—creates elevated risk for users accessing the site under false pretenses.

To mitigate risk from this credential theft phishing domain, users should avoid accessing lingnaiguodao-alt.github.io entirely and verify any unexpected links through official channels. Organizations should block the domain at DNS and gateway levels, and inspect outbound traffic for connections to 185.199.108.153. Suspicious login attempts or credential reuse should be treated as potential compromise. Security teams should submit the domain to threat intelligence platforms and report it to GitHub’s abuse team via their DMCA/Takedown portal using the repository path or landing page URL. Continuous monitoring is advised due to the domain’s active status and low vendor detection, which may increase as the campaign evolves.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: GitHub, Inc.
- IP: 185.199.108.153

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/837546fa-115a-4f2f-8ada-536709e820d3
- PhishDestroy: https://phishdestroy.io/domain/lingnaiguodao-alt.github.io/
- LLM endpoint: https://phishdestroy.io/domain/lingnaiguodao-alt.github.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/lingnaiguodao-alt.github.io/
Last updated: 2026-03-26