# f-case-feedback-appeal.github.io — MALICIOUS > GitHub-hosted domain f-case-feedback-appeal.github.io is a confirmed credential-harvesting scam flagged by 18/95 VirusTotal vendors. Check the full report. ## Summary The domain f-case-feedback-appeal.github.io has been confirmed as an active credential-harvesting phishing site targeting users under the guise of an official case-feedback mechanism. This infrastructure leverages GitHub Pages to host a deceptive portal disguised as an appeal form, likely mimicking a legitimate government or corporate service to trick victims into surrendering sensitive credentials. No known drainer kit or JavaScript obfuscation patterns were identified in public sandboxes, indicating a lightweight but effective luring mechanism focused on social engineering rather than technical evasion. Technical indicators confirm this threat with high confidence. The domain was registered through GitHub, Inc. and resolves to IP 185.199.108.153. VirusTotal analysis shows 18 out of 95 security vendors flagging this domain, with Google Safe Browsing classifying it under 'SOCIAL_ENGINEERING.' It appears on 1 active blocklist and is blocked by the OISD threat intelligence feed. The domain utilizes a Let's Encrypt SSL certificate for HTTPS traffic, enhancing its authenticity. This combination of infrastructure and detection flags confirms a high-risk threat operative since deployment. This domain remains actively malicious and is currently unblocked by default on most endpoints. Immediate remediation includes network-level blocking via DNS sinkholing or firewall rules targeting IP 185.199.108.153 and the domain itself. Users should avoid accessing the site and report any accidental exposure. The residual risk remains high due to the domain's legitimate GitHub hosting, which complicates takedown efforts. SOC teams are advised to monitor for follow-on domains leveraging similar naming schemes and to reinforce user awareness regarding unsolicited feedback or appeal requests. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.108.153 ## Detection Status - VirusTotal: 18 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 1 hits Lists: ["OISD"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/2fa5a150-b4b1-474d-bf7a-695c749355fc - PhishDestroy: https://phishdestroy.io/domain/f-case-feedback-appeal.github.io/ - LLM endpoint: https://phishdestroy.io/domain/f-case-feedback-appeal.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/f-case-feedback-appeal.github.io/ Last updated: 2026-03-26