# tejal-hande.github.io — MALICIOUS

> Active LinkedIn credential phishing on tejal-hande.github.io detected—flagged by 17 of 95 VirusTotal vendors.

## Summary
PhishDestroy identifies tejal-hande.github.io as an active LinkedIn credential harvesting domain. The site purports to mimic LinkedIn’s login interface to deceive visitors into surrendering corporate and personal credentials. The campaign is currently live, leveraging GitHub Pages to host spoofed content and collect harvested authentication data. Targets are likely engaged via spear-phishing emails impersonating LinkedIn corporate communications.


This domain was flagged by 17 of 95 VirusTotal security vendors as malicious, indicating early-stage but growing detection across major endpoint protection platforms. It resolves to IP 185.199.108.153 and is registered through GitHub, Inc., a known hosting provider frequently abused in low-friction phishing operations due to Swift page deployment and minimal abuse response times. The domain employs a Let’s Encrypt SSL certificate to enhance authenticity, increasing the likelihood of user trust and credential submission. Based on passive DNS and certificate transparency logs, the domain appears recently registered, but no public creation date is available due to GitHub’s default WHOIS masking.


As of threat review, tejal-hande.github.io remains actively accessible and unresolved in major blocklists. PhishDestroy assesses risk as elevated due to the combination of live hosting, social engineering targeting, and partial detection coverage. Immediate remediation is required: organizations should block the domain at DNS and network levels using exact domain matching (tejal-hande.github.io), block the underlying IP (185.199.108.153), and update email security gateways to detect LinkedIn-themed lures. Users who may have entered credentials should reset passwords immediately, enable multi-factor authentication across all LinkedIn accounts, and scan for follow-on spear-phishing attempts. This site is part of a broader GitHub Pages phishing cluster currently undergoing takedown efforts by GitHub Trust & Safety.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: GitHub, Inc.
- IP: 185.199.108.153

## Detection Status
- VirusTotal: 17 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/fd761f1d-3ef4-4864-b87f-c1c57287e4e6
- PhishDestroy: https://phishdestroy.io/domain/tejal-hande.github.io/
- LLM endpoint: https://phishdestroy.io/domain/tejal-hande.github.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/tejal-hande.github.io/
Last updated: 2026-03-26