I've seen it used to impersonate github themselves and serve backdoored versions of their software (the banner is pretty easy to avoid: link to the readme of the malicious commit with an anchor tag and put a nice big download link in it).