[Bender]

VirusTotal [1] is lighting up on that site. Do not click those links and I would remove the links from HN.

[Edit] HN Moderator removed it.

[1] - https://www.virustotal.com/gui/url/f298f1b568fccc7d942aa39c1...

[xaxaxb]

I just clicked and went straight to the site. What do I do now?

[Bender]

Ensure your anti-malware is up to date. If its a work computer let your security team know. If its yours probably clear cache close browser install anti-malware and scan the machine. I dont have time to dig into whats on that site to see what it does.

[disqard]

Probably a phishing site to steal username + password.

[Nextgrid]

I wonder if it's someone's reverse-proxy to bypass censorship of the main site.

[tyingq]

It does look like a live proxy rather than a copy/clone.

The responses have headers like "X-GitHub-Request-Id", which would be a pretty easy detail to forget if it were a copy.

[robbedpeter]

To bypass the great firewall? Or possibly, to bypass country level restrictions on content blocks? You might have just outed some group in China.

[magpi3]

github is not blocked in China

[egberts]

Someone is going to have to be brave enough to login and see if their private repositories got cloned as well.

I have no private repo. It would suck if that too got cloned.

[nostoc]

Don't do that, it's obviously a phishing site

[mosdl]

To steal passwords?

[tony-allan]

More likely just to read the website in China

[smoldesu]

Looks like a social engineering attack of some sort.

[piyh]

Is this basically a MitM attack as a proxy?

[omarhaneef]

Bob: Susan, remember not to make the GitHub staging site public by accident.

Susan: or what?

Bob: someone might me see it!

Susan: an obscure url like that? not a chance.

Bob: still, a small chance

Susan: and so what if someone sees it? it’s not like it will show up on the front page of Hacker News!