# sumitverma839154-max.github.io — MALICIOUS

> sumitverma839154-max.github.io is a credential theft phishing domain flagged by 5/95 VirusTotal vendors. Avoid entering sensitive data on this site.

## Summary
PhishDestroy identifies sumitverma839154-max.github.io as an active credential theft campaign mimicking legitimate login portals. The rogue domain leverages GitHub Pages hosting to distribute deceptive forms, tricking users into surrendering credentials under false pretenses. Threat actors behind this campaign typically harvest stolen login details for account takeovers, financial fraud, or further social engineering attacks targeting victims' contacts. This domain was flagged by 5 out of 95 security vendors on VirusTotal as of the latest scan, indicating moderate but concerning detection rates. The domain is registered through GitHub, Inc., which provides no inherent legitimacy guarantee, and resolves to IP 185.199.108.153, a range associated with dynamic content delivery networks. The use of a Let's Encrypt SSL certificate further increases perceived trustworthiness, a tactic commonly exploited in credential theft operations to bypass browser warnings and deceive users.

Technical indicators reinforce elevated risk. The domain was created via GitHub Pages, a platform often abused to host short-lived phishing pages due to its free hosting and reputable domain (github.io). The low VirusTotal detection rate (5/95) suggests either recent deployment or evasion techniques such as obfuscated scripts or delayed payload delivery. The hosting IP (185.199.108.153) falls within GitHub’s edge network (185.199.108.131–185.199.111.255), complicating takedown efforts due to shared infrastructure. This combination of tactics—legitimate hosting provider, valid SSL, and partial detection—creates a plausible deception vector likely targeting users expecting secure content delivery.

Users who visited sumitverma839154-max.github.io must immediately review accounts for unauthorized access, especially email, social media, or financial platforms. Change passwords on affected accounts and enable multi-factor authentication where available. Scan devices with updated antivirus software to detect malware or credential-stealing trojans. Report the domain to your browser’s phishing detection system (e.g., Chrome Safe Browsing or Firefox Phishing Protection) and avoid clicking embedded links or entering data. If credentials were entered, revoke session tokens, enable new passwords, and monitor accounts for suspicious activity. This campaign underscores the need for user vigilance and skepticism toward unexpected or unsolicited login prompts, even on seemingly legitimate domains.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: GitHub, Inc.
- IP: 185.199.108.153

## Detection Status
- VirusTotal: 5 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/7bde2f05-569e-40bf-ac6e-93c90e5a5a26
- PhishDestroy: https://phishdestroy.io/domain/sumitverma839154-max.github.io/
- LLM endpoint: https://phishdestroy.io/domain/sumitverma839154-max.github.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sumitverma839154-max.github.io/
Last updated: 2026-03-28