# rafael-ods.github.io — MALICIOUS

> rafael-ods.github.io hosts credential harvesting phishing targeting users. 14/95 vendors flag it. Check the full report.

## Summary
PhishDestroy identifies rafael-ods.github.io as an active credential harvesting phishing domain with an elevated risk level. This threat specifically targets users by attempting to steal login credentials, posing significant risks to personal and organizational security.

This domain resolves to IP address 185.199.108.153 and is registered through GitHub, Inc., utilizing a Let's Encrypt SSL certificate. VirusTotal reports that 14 out of 95 security vendors have flagged this domain as malicious. It appears on one security blocklist and is blocked by OpenPhish, indicating recognized malicious activity. These indicators collectively suggest a high likelihood that the domain is being used for phishing purposes.

To mitigate risks from this credential harvesting threat, users and organizations should avoid interacting with content hosted on rafael-ods.github.io. Implementing email filtering to block messages containing this domain, enforcing multi-factor authentication on sensitive accounts, and regularly updating endpoint protection are recommended. Security teams should monitor blocklists and update detection rules to prevent credential compromise associated with this domain.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: GitHub, Inc.
- IP: 185.199.108.153

## Detection Status
- VirusTotal: 14 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["OpenPhish"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/79992c41-16f7-4509-a06a-e6db51fbf4c9
- PhishDestroy: https://phishdestroy.io/domain/rafael-ods.github.io/
- LLM endpoint: https://phishdestroy.io/domain/rafael-ods.github.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/rafael-ods.github.io/
Last updated: 2026-03-27