# siri008.github.io — MALICIOUS

> siri008.github.io impersonates Amazon in a high-risk phishing scam. Domain flagged and taken offline. Learn how to stay safe from this threat.

## Summary
PhishDestroy has identified siri008.github.io as a high-risk phishing domain impersonating the Amazon brand. This site posed a significant danger by attempting to trick users into disclosing sensitive personal and financial information under the guise of Amazon's reputable service.

This phishing operation exploited brand trust by mimicking Amazon’s official web presence, including using the page title 'Amazon' to deceive victims. Hosted through GitHub, Inc. and resolving to the IP address 185.199.111.153, the domain was detected on one security blocklist and flagged by multiple security vendors, leading to its swift takedown.

If you have visited siri008.github.io, it is crucial to immediately inspect your accounts for unauthorized activity, especially your Amazon and financial accounts. Change your passwords promptly and monitor for suspicious emails or communications. Reporting any suspicious incidents to Amazon and your financial institutions can help mitigate potential damage. Staying vigilant against similar scams helps preserve your online security.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 404)
- Target brand: Amazon
- Page title: Amazon

## Domain Intelligence
- Registrar: GitHub, Inc.
- Country: US
- IP: 185.199.111.153
- IP Country: US
- IP City: San Francisco
- IP Org: AS54113 Fastly, Inc.
- Nameservers: NS_NOT_FOUND
- SSL Issuer: Let's Encrypt / R12

## Detection Status
- VirusTotal: 17 vendors flagged
  Vendors: ["Criminal IP", "alphaMountain.ai", "BitDefender", "Chong Lua Dao", "CRDF", "CyRadar", "Ermes", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ca2f4-6437-72fa-8556-971bb5219906.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/9105fddf-f9f5-4c5c-8af2-9f4bec4a6f96
- Wayback Machine: https://web.archive.org/web/https://siri008.github.io
- PhishDestroy: https://phishdestroy.io/domain/siri008.github.io/
- LLM endpoint: https://phishdestroy.io/domain/siri008.github.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/siri008.github.io/
Last updated: 2026-03-19