# theking196.github.io — MALICIOUS

> theking196.github.io is a confirmed phishing page flagged for social engineering by Google Safe Browsing.

## Summary
PhishDestroy identifies theking196.github.io as a live phishing domain leveraging GitHub Pages infrastructure to deliver social engineering attacks. This domain does not impersonate a specific brand but functions as a generic phishing page designed to deceive users into entering sensitive information under false pretenses. No known drainer kit or cryptocurrency wallet addresses have been publicly associated with this domain at this time.


Technical indicators for this campaign reveal a VirusTotal detection rate of 15/95 security vendors, with OpenPhish, Google Safe Browsing (classification: SOCIAL_ENGINEERING), and 1 additional blocklist flagging the domain as malicious. The domain was registered through GitHub, Inc., resolves to IP address 185.199.108.153, and is protected with a Let's Encrypt SSL certificate. While the exact creation date is not provided in available data, current signals confirm active status.


This domain remains active as of the latest assessment, with no evidence of takedown or mitigation by GitHub or hosting provider. Users are advised to avoid interaction, as the site continues to pose a high-risk threat to visitors. Response actions include reporting the domain to Google Safe Browsing and OpenPhish, and blocking the IP address 185.199.108.153 at the network level. Despite these measures, residual risk persists due to ongoing accessibility and low detection coverage by some security vendors.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP ?)

## Domain Intelligence
- Registrar: GitHub, Inc.
- IP: 185.199.108.153

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 1 hits
  Lists: ["OpenPhish"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b2375031-f97e-48fe-8e4b-d19a97b80f10
- PhishDestroy: https://phishdestroy.io/domain/theking196.github.io/
- LLM endpoint: https://phishdestroy.io/domain/theking196.github.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/theking196.github.io/
Last updated: 2026-04-14