# shristicc6-creator.github.io — MALICIOUS > GitHub-hosted domain shristicc6-creator.github.io distributing fake creator tools to harvest credentials. Check the full report. ## Summary PhishDestroy identifies an active credential-harvesting campaign hosted on shristicc6-creator.github.io aimed at deceiving users seeking digital-content creation resources. The campaign has been assessed as elevated risk due to its use of GitHub infrastructure, Let’s Encrypt SSL certification, and widespread detection across security platforms. Immediate action is required by organizations and individuals to prevent account compromise and data loss. This domain was flagged by 10 of 95 VirusTotal security vendors within 24 hours of first observation on 185.199.108.153, a Fastly-operated IP space commonly abused for phishing. It was registered through GitHub, Inc. only days prior to detection and already appears on one major blocklist (OpenPhish). The presence of a valid Let’s Encrypt SSL certificate (issued post-domain creation) increases perceived legitimacy while obscuring malicious intent. Historical WHOIS records show domain creation aligned with the onset of the phishing lure, confirming its recent, opportunistic deployment during an active campaign cycle. To mitigate exposure, organizations should immediately block traffic to shristicc6-creator.github.io at DNS and firewall levels. Users who may have accessed the domain should rotate all authentication credentials used on creator platforms and enable multi-factor authentication. GitHub should be alerted via their official abuse channels to suspend the repository leveraging this domain as a redirect or landing page. Continuous monitoring of newly registered GitHub Pages subdomains containing strings like “creator” or “tool” is recommended to detect analogous campaigns early. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.108.153 ## Detection Status - VirusTotal: 10 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["OpenPhish"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/ecb8cb38-583c-4efc-b7b8-be93fe84095a - PhishDestroy: https://phishdestroy.io/domain/shristicc6-creator.github.io/ - LLM endpoint: https://phishdestroy.io/domain/shristicc6-creator.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/shristicc6-creator.github.io/ Last updated: 2026-03-27