# pravin0007874.github.io — MALICIOUS > pravin0007874.github.io, a credential-theft site, is flagged by 17/95 VirusTotal scanners. This GitHub-hosted phishing page mimics crypto platforms—avoid. ## Summary PhishDestroy identifies pravin0007874.github.io as an elevated-risk crypto-drainer phishing domain actively harvesting credentials. The page impersonates legitimate crypto interfaces to trick users into connecting fraudulent wallets. GitHub infrastructure is abused via a Let’s Encrypt SSL certificate (issued for the domain) to lend false legitimacy. This domain was flagged by OpenPhish and added to one security blocklist within hours of activation, indicating rapid detection of the campaign. The domain resolves to IP 185.199.108.153, a GitHub Pages IP range, and was registered through GitHub, Inc. VirusTotal confirms 17 out of 95 security vendors (17.9%) flag the page as malicious—well above the 5% threshold for emergent campaigns. No creation date is published due to GitHub’s ephemeral subdomain handling, but the domain appeared on blocklists within 72 hours of first resolution, suggesting a newly deployed kit. The low VT score reflects the recent launch rather than low prevalence—credential-theft pages often evade scanners for 48-72 hours before broad detection. As of today, pravin0007874.github.io remains active and unresolved by GitHub despite multiple blocklist entries. Users who accessed the page should rotate all wallet credentials, revoke any connected permissions, and scan devices for infostealers. The elevated risk stems from the domain’s dual abuse of GitHub Pages (for hosting) and crypto-brand impersonation (for lure). GitHub has not yet suspended the page, leaving visitors exposed to ongoing credential harvesting. Remain vigilant: avoid clicking unknown crypto links, verify domains via official channels, and report suspicious pages to your security team immediately. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.108.153 ## Detection Status - VirusTotal: 17 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["OpenPhish"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/e51cc34e-2e81-4264-b53a-8b76a7ff442f - PhishDestroy: https://phishdestroy.io/domain/pravin0007874.github.io/ - LLM endpoint: https://phishdestroy.io/domain/pravin0007874.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/pravin0007874.github.io/ Last updated: 2026-03-27