# ahmad-344.github.io — MALICIOUS

> Investigate ahmad-344.github.io, a GitHub-hosted site flagged for fake login phishing. 15/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies ahmad-344.github.io as a live social-engineering phishing page hosted on GitHub Pages. The site mimics a legitimate login portal to steal credentials and personal information from unsuspecting users. Visitors are greeted with convincing but fraudulent forms that harvest usernames, passwords, and other sensitive data, which are then transmitted to attacker-controlled servers. Google Safe Browsing already classifies the domain under SOCIAL_ENGINEERING, confirming its malicious intent.  This domain was flagged by 15 out of 95 VirusTotal security vendors and is blocked by PhishingDB and one additional blocklist. It resolves to IP 185.199.108.153 and uses a Let’s Encrypt SSL certificate to appear trustworthy. Registered through GitHub, Inc., the page has been active long enough to accumulate these detections, indicating ongoing abuse rather than a hastily deployed campaign.  If you have visited ahmad-344.github.io, immediately change any passwords you may have entered and enable multi-factor authentication on all related accounts. Scan your device with updated antivirus software to detect any follow-on malware. Report the domain to your security team and avoid interacting with similar links in the future. Always verify URLs and use official portals for login—never through unsolicited or unexpected prompts.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: GitHub, Inc.
- IP: 185.199.108.153

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 1 hits
  Lists: ["PhishingDB"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ce434c95-5d1d-4302-83dd-a8f6721f72d1
- PhishDestroy: https://phishdestroy.io/domain/ahmad-344.github.io/
- LLM endpoint: https://phishdestroy.io/domain/ahmad-344.github.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ahmad-344.github.io/
Last updated: 2026-03-24