# mubeenahmedyt789-dotcom.github.io — SUSPICIOUS > mubeenahmedyt789-dotcom.github.io flagged for generic credential theft phishing. VirusTotal confirms 1/95 detections. Verify URLs before entering login details. ## Summary PhishDestroy identifies mubeenahmedyt789-dotcom.github.io as an active credential theft domain designed to mimic legitimate services and harvest user login credentials. The domain leverages GitHub Pages hosting to obscure malicious intent, exploiting trust in reputable platforms to deceive victims into entering sensitive information such as usernames and passwords. Security researchers have observed this infrastructure being used in widespread campaigns targeting unsuspecting users through spoofed login portals, where stolen credentials are harvested for subsequent account takeovers or sold on dark web markets. Given the domain's recent registration and rapid deployment, the risk of exposure remains elevated, particularly for users accustomed to GitHub-hosted content. This domain was flagged by PhishDestroy with the following technical indicators: It achieved a low detection ratio of 1 out of 95 security vendors on VirusTotal as of the latest scan, indicating minimal recognition by automated systems despite clear malicious intent. Registered through GitHub, Inc., the domain resolves to IP address 185.199.108.153 and utilizes a valid Let's Encrypt SSL certificate to enhance credibility. The domain name incorporates a deceptive pattern using a common name (Mubeen Ahmed) combined with a random string (yt789) and a .com top-level domain to mimic legitimacy. While no public blocklist data is currently available, the low VT detection combined with known patterns of credential theft activity elevates the threat level to 'elevated' under PhishDestroy’s risk assessment framework. Users who have visited mubeenahmedyt789-dotcom.github.io should immediately review any accounts where credentials may have been entered. Assume compromise and change passwords for affected accounts using a secure, offline method. Enable multi-factor authentication wherever possible and monitor accounts for unauthorized access. Report the domain to your organization's security team or to PhishDestroy using the unique seed identifier 468801. Avoid interacting with similar domains and verify the authenticity of websites via official channels before entering login credentials. If credentials were entered, consider enabling credit monitoring and reviewing financial accounts for signs of fraud. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.108.153 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/959ab025-a484-4c80-a3f5-84cdcf0e3bc3 - PhishDestroy: https://phishdestroy.io/domain/mubeenahmedyt789-dotcom.github.io/ - LLM endpoint: https://phishdestroy.io/domain/mubeenahmedyt789-dotcom.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/mubeenahmedyt789-dotcom.github.io/ Last updated: 2026-03-24