# codebybasil.github.io — SUSPICIOUS > codebybasil.github.io currently hosts a generic phishing page, flagged by Google Safe Browsing for social engineering. ## Summary PhishDestroy identifies the active campaign hosted at codebybasil.github.io as a generic phishing threat currently under investigation for credential harvesting and potential malware distribution. This domain is falsely presenting itself as a legitimate software repository or developer resource to deceive visitors into downloading malicious files or submitting login credentials. No specific brand is currently impersonated; however, the generic nature of the lure suggests opportunistic targeting of developers and tech-savvy users who may trust GitHub-hosted content. Given the lack of detection by security vendors and active domain resolution, immediate scrutiny is required to prevent user compromise. This domain was flagged by Google Safe Browsing’s SOCIAL_ENGINEERING category and shows zero detections on VirusTotal out of 95 vendors tested. It is hosted on GitHub, Inc. infrastructure resolving to IP 185.199.111.153 via a Let's Encrypt SSL certificate. While the exact registration date is not provided, its presence on Google Safe Browsing’s blocklist and absence from major trust databases constitute high-risk indicators. The combination of low vendor coverage and active resolution indicates a newly emerged or evasive campaign leveraging trusted hosting to bypass traditional defenses. The campaign remains ACTIVE as of the latest intelligence cycle. Users are advised to block the domain at the network and DNS levels, avoid unsolicited links to codebybasil.github.io, and report any exposure incidents immediately. Security teams should audit logs for connections to 185.199.111.153 and inspect endpoints for unauthorized data exfiltration or malware execution. Due to the low initial detection rate, proactive monitoring and YARA rule updates are recommended to detect future evasions. This threat is under continuous surveillance using seed 3d6f0c for behavioral correlation. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.111.153 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/15bdf4c8-f06a-47d3-88af-2b4d921485d7 - PhishDestroy: https://phishdestroy.io/domain/codebybasil.github.io/ - LLM endpoint: https://phishdestroy.io/domain/codebybasil.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/codebybasil.github.io/ Last updated: 2026-04-01