MalwareTips
Security Review

Is enlineagalicia.github.io legit or a scam?

Our verdict:Dangerous· 1/100

A brand-new phishing page hosted on GitHub Pages that clones banking login screens to harvest sensitive financial credentials.

Top reasons
Domain is less than 24 hours old.Multiple antivirus engines (Emsisoft, Netcraft, alphaMountain.ai) flag it as phishing.Listed on major browser blocklists for social engineering.
enlineagalicia.github.ioScanned 1d ago
Post Facebook
0
Trust score
DANGEROUS
Heuristics 0·MT 5
Category tags
phishingfinancial services#phishing#clone site#data harvester95% MT confidence

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
3/92
Engines flagged this URL
Domain Age
0 days old
Registration date unknown
MT Intelligence
Dangerous
Critical likelihood · 95% confidence
DANGEROUS

Phishing site — do not log in

Flagged on major browser safety blocklists as social engineering. This page looks designed to steal credentials. Don't log in — and if you already did, change the password anywhere you reused it and turn on two-factor authentication.

Website Preview

Screenshot of enlineagalicia.github.io
LIVE RENDER
enlineagalicia.github.io
1Page renders a 404 error

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. See full visual analysis →

Visual Screenshot Analysis

We capture a fresh screenshot of the live page and ask a vision model to look for scam visual patterns — fake trust badges, countdown timers, overlay pop-ups, and visual clones of legitimate brands.

50
/ 100
High visual risk

Visual red flags detected in the screenshot

The screenshot shows a standard GitHub Pages 404 error indicating that no site is currently published at this address.

Visual risk50/100

What our vision model saw

1 signal

Page renders a 404 error

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Critical scam likelihoodengineMT · Guardiantrust5/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
The domain was registered today and immediately began hosting banking login templates, which is a classic sign of a disposable phishing attack. Our antivirus network, including Emsisoft and Netcraft, has already flagged the site for phishing and malicious activity. Major browser blocklists have also blacklisted the URL for social engineering. The site specifically targets the '/personas/' path, a common login structure for Spanish-language banking services. There is no evidence of legitimate business operations, and the use of a free hosting provider like GitHub Pages is a common tactic for hosting short-lived scams.
Full dossier
Analysis complete

Page Content

The site is designed to mimic the login portals of major banks, specifically targeting users of Abanca and Banco Galicia. Our analysis identified specific paths like '/personas/' and '/ganadot/' which are used in phishing kits to capture usernames and passwords. While the main page currently shows a 404 error, this often indicates the attacker has moved the phishing content to a subfolder or the hosting provider has partially disabled the site.

Infrastructure

The site is hosted on GitHub Pages infrastructure. While GitHub is a legitimate service, it is frequently abused by scammers to host free, SSL-secured phishing pages that are difficult to block at the IP level. The SSL certificate is valid but was issued recently, providing a false sense of security to unsuspecting visitors.

Domain History

The domain age is 0 days, meaning it was created within the last 24 hours. Legitimate financial services do not operate from brand-new subdomains on free hosting platforms. This 'disposable' domain strategy is intended to bypass reputation-based filters before the site is eventually taken down.

Web Reputation

The site has a toxic reputation across the security community. It is explicitly listed in multiple threat intelligence feeds as an active online banking threat. We found no positive reviews or legitimate business registrations associated with this address, confirming its status as a fraudulent setup.
Risk Factors
6
  • Domain is less than 24 hours old.
  • Multiple antivirus engines (Emsisoft, Netcraft, alphaMountain.ai) flag it as phishing.
  • Listed on major browser blocklists for social engineering.
  • Impersonates legitimate banking login structures (Abanca/Banco Galicia).
  • Hosted on a free platform (GitHub Pages) commonly used for temporary scams.
  • Identified in phishing databases targeting financial credentials.
Positive Signals
1
  • Uses a valid SSL certificate from a recognized issuer.
AI Recommendation
Do not enter any login credentials, card numbers, or personal information on this site. If you have already provided information, contact your bank immediately to freeze your accounts.
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for enlineagalicia.github.io, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
0 days
Brand-new domains are higher-risk by default.
Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Clone check
Clones abanca.com or bancogalicia.com
The page impersonates a well-known brand's site.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
4 scam reports
Key findings
6 headline facts from open-web research
  • Domain is a brand-new GitHub Pages site (age: 0 days) hosted on 185.199.108.153 (GitHub Fastly IPs).
  • Explicitly listed in OpenPhish feed and aggregated on PhishStats.info as an Online Banking phishing site targeting /personas/ path.
  • URLAbuse blacklist includes multiple subpaths (/personas/, /dfdf/, etc.) reported as phishing on 2026-06-27/28 by opencti.
  • urlscan.io and URLQuery reports show scans of suspicious paths like /ganadot/, /banesco.pa/, /HSHS/ associated with this domain in phishing contexts.
  • Related to similar phishing GitHub.io domains (e.g. bdvenlineaw.github.io/galicia.com) impersonating banking login pages.
  • No legitimate business, reviews, or registration found; consistent with disposable phishing kit hosted on GitHub Pages.
Scam reports (4)
Direct quotes from public scam databases, forums, and news.
  • PhishStatsopen

    "Online Banking. https://enlineagalicia.github.io/personas/. Threat Level: Low (Not Calculated)."

  • URLAbuseopen

    "https://enlineagalicia.github.io/personas/, Other, 2026-06-27, phishing, opencti"

  • DreamjTech Network Monitoropen

    "Phishing URL: enlineagalicia.github.io . OpenPhish | 全球. OpenPhish 社群免費清單;URL=https://enlineagalicia.github.io/personas/"

  • urlscan.io / URLQueryopen

    "Multiple scans of paths like /dfdf/, /ganadot/, /banesco.pa/ on enlineagalicia.github.io flagged in phishing context"

Impersonation / typosquat
Clone of abanca.com or bancogalicia.com

Path /personas/ is standard for Spanish/Galician online banking login (Abanca, formerly Caixa Galicia); listed as Online Banking phishing in multiple feeds

Research summary
Narrative write-up from our AI analyst, grounded on the facts above
Our research uncovered four distinct scam reports from security monitoring platforms. These reports identify the site as an active phishing threat targeting banking credentials, specifically mentioning the '/personas/' and '/banesco.pa/' paths. No positive reviews or legitimate business registrations exist for this domain, which is consistent with a malicious setup.

Scam Network Intelligence

Cross-site correlation

This site shares signals with a broader cluster

High correlation

Many scams don't operate alone. We correlate third-party scripts, hosting infrastructure, brand-impersonation signals, and the AI evidence package to detect when a site is part of a broader scam network.

Suspicion score
0/100
ClearLowModerateHighCritical
Evidence (2)
  • Evidence confirms this site is a clone of abanca.com or bancogalicia.com.
  • Domain is only 0 days old and already carries multiple network-level red flags.
Linked signals (1)
Clone of abanca.com or bancogalicia.com

Antivirus Engines

Detection matrix · live
3 engines flagged this URL

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

3Malicious0Suspicious58Harmless92Engines
0
of 92
alphaMountain.ai
Malicious· phishing
Emsisoft
Malicious· phishing
Netcraft
Malicious· malicious

3 antivirus engines flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check
This URL appears on threat lists

Detected threat categories: SOCIAL_ENGINEERING.

Domain & Encryption

Domain History
Age0 days old
RegistrarHidden
RegisteredUnknown
ExpiresUnknown
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerLet's Encrypt · YR2
ExpiresSep 2, 2026 (65d)
Self-signedNo
Hosting & Technology
HostingGitHub, Inc.
Server locationUS

Server Reputation

Abuse Intelligence
Confidence score17%
Reports on file16
ISPGitHub, Inc.
Usage typeContent Delivery Network

Scam-Type Likelihood

2 scam-type patterns detected
Scam-Type Likelihood

2 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Phishing
Phishing
Moderate likelihood
35/100
  • Google Safe Browsing flagged this as social engineering / phishing.
  • AI analyst tagged this as phishing / data-harvesting.
Brand Impersonation
Moderate likelihood
30/100
  • AI analyst tagged this as a brand / clone-site impersonation.
  • Clustered with known brand-impersonation infrastructure.

Phishing site — act fast

This page shows signs of attempting to steal credentials or impersonate a trusted brand.

  • Do not interact with enlineagalicia.github.io

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • If you already typed your password — change it now

    Change the password on the legitimate site and anywhere else you re-used it. Turn on two-factor authentication. Review recent account activity.

  • Report the phishing URL

    APWG (Anti-Phishing Working Group) accepts phishing reports at reportphishing@apwg.org. Google Safe Browsing reports help protect other users.

    Open
  • Get help on the forum

    MalwareTips members can help you assess damage and next steps.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
ListedCheck ↗
VirusTotal
ListedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review flags enlineagalicia.github.io as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
  • No — enlineagalicia.github.io scored 1/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
  • Yes. enlineagalicia.github.io presents a valid TLSv1.3 certificate issued by Let's Encrypt · YR2, expiring in 65 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • enlineagalicia.github.io is 0 days old. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • 3 out of 92 antivirus engines in our malware network flagged enlineagalicia.github.io as malicious or suspicious (3 outright malicious). Even one detection is a meaningful signal.
  • Yes. The major browser blocklist feeds flagged enlineagalicia.github.io with the following threat categories: SOCIAL_ENGINEERING. This protects billions of browser users from visiting the site.
  • enlineagalicia.github.io resolves to an IP operated by GitHub, Inc. in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • This is a permanent record of the scan run on June 28, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around enlineagalicia.github.io have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Final Verdict

0
Trust / 100
Final Verdict·enlineagalicia.github.io
DANGEROUS

This is a malicious phishing site designed to steal online banking credentials by impersonating legitimate financial institutions like Abanca or Banco Galicia. Multiple security engines have flagged it as a threat, and it is currently listed on several phishing blocklists.

Do not enter any login credentials, card numbers, or personal information on this site. If you have already provided information, contact your bank immediately to freeze your accounts.

AV engines
92
MT passes
2
Net signals
1
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Dangerous reports

Browse all reports
Dangeroustrust3
ofleax.netlify.app
33m ago
Read the review
Dangeroustrust1
prjrv.an1zf.xyz
3h ago
Read the review
Dangeroustrust1
tftue.an1zf.xyz
3h ago
Read the review
Dangeroustrust1
f36v.top
3h ago
Read the review
Dangeroustrust1
xbt8x82irz1kbcyq.hgsa226.com
3h ago
Read the review
Dangeroustrust1
allegro-powiadomienia.shop
4h ago
Read the review
Dangeroustrust1
glovent.vu
4h ago
Read the review
Dangeroustrust1
ws.page-instant-whatsapp.com.cn
4h ago
Read the review
Dangeroustrust1
nachocebu.hostel.town
4h ago
Read the review
Dangeroustrust1
one.fallup.xyz
4h ago
Read the review
Dangeroustrust8
connexion-ar24.nmuser.fr
4h ago
Read the review
Dangeroustrust1
frisorgittejagd.dk
4h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.