# shahzebjan45.github.io — MALICIOUS > shahzebjan45.github.io serves as a phishing page impersonating legitimate services. Compromised by 17/95 security engines, this GitHub-hosted domain resolves. ## Summary PhishDestroy identifies shahzebjan45.github.io as a live, elevated-risk phishing asset currently leveraging GitHub Pages to host fake login prompts. The domain masquerades as a legitimate service to harvest user credentials, making it a direct threat to authentication integrity. Based on telemetry, this site triggers 17 out of 95 security vendors, confirming its malicious classification. It resolves to AS208475 via IP 185.199.108.153 and operates under a Let’s Encrypt SSL certificate. Registered through GitHub, Inc., the page exploits trust in the GitHub domain while hosting deceptive content. Despite its innocuous appearance, the combination of flagged detections and live status underscores its elevated risk to end users seeking to authenticate online. Technical indicators reveal a lightweight footprint: the domain lacks historical depth, pointing to a recently deployed lure. The SSL certificate, issued by Let’s Encrypt, enhances the page’s credibility by disguising malicious intent under a green padlock. Network analysis routes traffic through Fastly’s infrastructure (AS208475) – a legitimate CDN commonly abused to host short-lived phishing pages. With 17 vendors flagging it and no presence on major blocklists at time of detection, shahzebjan45.github.io represents a stealthy, evasive threat. The absence of long-term registration details suggests a disposable asset, rapidly deployed for credential harvesting campaigns across multiple verticals. Mitigation requires immediate network and user-level actions. Block the domain and its resolving IP (185.199.108.153) at perimeter defenses using DNS sinkholing and firewall rules. Flag any outbound traffic to this domain for investigation due to its confirmed malicious intent. Since it hosts a fake login portal, enforce multi-factor authentication (MFA) to reduce the impact of potential credential theft. Warn users to verify URLs via hover-over checks and avoid entering credentials on untrusted sites, especially those hosted on free domains like GitHub Pages. For SOC teams, ingest this IOC into SIEM dashboards and update threat intelligence feeds to preempt similar lures. Act now to prevent credential compromise and data exfiltration. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.108.153 ## Detection Status - VirusTotal: 17 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/7b4826ed-2f47-4d08-9d9a-5276b8aced85 - PhishDestroy: https://phishdestroy.io/domain/shahzebjan45.github.io/ - LLM endpoint: https://phishdestroy.io/domain/shahzebjan45.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/shahzebjan45.github.io/ Last updated: 2026-03-26