# tanishr28.github.io — MALICIOUS

> Investigation reveals tanishr28.github.io hosting credential-stealing pages. Detected by 13/95 VirusTotal engines. Avoid inputting credentials on this domain.

## Summary
PhishDestroy identifies tanishr28.github.io as an active generic phishing domain serving fake login portals designed to harvest user credentials. The threat actor leverages GitHub's free hosting infrastructure to deploy spoofed login pages impersonating legitimate services, tricking victims into submitting sensitive information. This domain exhibits elevated risk due to its current active status and widespread detection across multiple security platforms.  

This domain was flagged by 13 of 95 VirusTotal security vendors, indicating significant but not universal consensus on its malicious nature. Registered through GitHub, Inc., it resolves to IP address 185.199.108.153 and utilizes a Let's Encrypt SSL certificate to appear legitimate. While the exact creation date isn't specified in available intelligence, the domain's presence on multiple security feeds and its active phishing operations suggest recent deployment. The partial detection rate (13.68%) suggests some advanced evasion techniques may be in use, though the domain remains under active observation by security researchers.  

Users should immediately avoid accessing this domain or entering any credentials. Organizations should consider blocking both the domain and IP address at network boundaries. GitHub should be notified to suspend the malicious repository hosting these phishing pages. Security teams should search for indicators of compromise including IP 185.199.108.153 and domain tanishr28.github.io in their logs. For personal protection, enable multi-factor authentication on all accounts and verify website authenticity through official channels before submitting credentials.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: GitHub, Inc.
- IP: 185.199.108.153

## Detection Status
- VirusTotal: 13 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d0b9f7aa-5807-4161-9482-e28c310a1572
- PhishDestroy: https://phishdestroy.io/domain/tanishr28.github.io/
- LLM endpoint: https://phishdestroy.io/domain/tanishr28.github.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/tanishr28.github.io/
Last updated: 2026-03-24