# prashantverma14.github.io — MALICIOUS > Domain prashantverma14.github.io is a currently active phishing page hosted on GitHub Pages that delivers invoice-themed malware via a Let's Encrypt-secured. ## Summary PhishDestroy identifies prashantverma14.github.io as an active invoice-themed phishing domain designed to impersonate legitimate billing portals. This domain is part of a broader campaign distributing malicious JavaScript payloads disguised as unpaid invoices. Threat actors leverage GitHub Pages to host the phishing kit, granting them temporary legitimacy through Let's Encrypt SSL certificates and GitHub’s trusted infrastructure. The infrastructure resolves to IP 185.199.108.153, a known GitHub Pages range, enabling the threat actors to bypass traditional domain-based detection while hosting their malicious content on a reputable platform. This domain was flagged by 14 of 95 security vendors on VirusTotal, indicating significant but not universal detection coverage. Additionally, the domain is registered through GitHub, Inc., which highlights the attackers’ use of a legitimate infrastructure provider to carry out their campaign. The combination of a trusted platform, SSL encryption, and a generic yet professional-sounding username (prashantverma14) suggests a deliberate effort to evade suspicion. While the exact creation date of the domain is not publicly disclosed, the presence of multiple security vendor detections and the active status of the campaign imply recent deployment. Users who have visited prashantverma14.github.io should immediately cease any interaction with the page and avoid downloading any files presented as invoices or bills. If any credentials, payment details, or personal information were entered, users must reset passwords for any accounts that may have been exposed and monitor financial accounts for unauthorized transactions. GitHub has been notified, and the domain is expected to be taken down, but users should remain cautious of similar campaigns. To prevent future exposure, users are advised to enable multi-factor authentication on all accounts, verify the legitimacy of unexpected billing notices, and use security tools that block known malicious domains. Report any suspicious activity to your organization’s security team or to relevant cybercrime reporting authorities. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.108.153 ## Detection Status - VirusTotal: 14 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/1a09610e-b815-4c4e-82fb-2bb80c5c7b1b - PhishDestroy: https://phishdestroy.io/domain/prashantverma14.github.io/ - LLM endpoint: https://phishdestroy.io/domain/prashantverma14.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/prashantverma14.github.io/ Last updated: 2026-04-15