# hydri4.github.io — SUSPICIOUS

> PhishDestroy identifies hydri4.github.io as a live brand impersonation phishing page hosted on GitHub Pages with a clean VirusTotal score.

## Summary
PhishDestroy has opened an active investigation into hydri4.github.io for hosting a brand impersonation phishing page that mimics a well-known financial service provider.

This domain was flagged by 0 of 95 VirusTotal vendors at the time of analysis, is registered through GitHub, Inc., and resolves to IP address 185.199.108.153. The Let's Encrypt SSL certificate and GitHub Pages hosting obscure the malicious intent behind a legitimate-looking surface, making detection challenging for end-users.

The current status remains active and under investigation with a risk level classified as 'under_investigation'. Recommendations include blocking the IP 185.199.108.153 at the network perimeter, disabling access to hydri4.github.io in corporate DNS filters, and educating users to verify domain spellings and avoid entering credentials on third-party hosting pages. Domain reputation will be updated as additional IOCs and takedown actions emerge.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: GitHub, Inc.
- IP: 185.199.108.153

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/04591d97-91b6-44eb-93d4-85712064e33a
- PhishDestroy: https://phishdestroy.io/domain/hydri4.github.io/
- LLM endpoint: https://phishdestroy.io/domain/hydri4.github.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/hydri4.github.io/
Last updated: 2026-03-28