We have inspected the email and found that it promotes a fraudulent scheme. This scam email is disguised as a notification from Coinbase regarding wallet transitions. Its purpose is to lure unsuspecting recipients into taking actions that could result in the theft of their cryptocurrency. This ema
We have inspected the page (dapp-hyperswap[.]network) and found that it is a copy of the original HyperSwap site (hyperswap.exchange). The fake website promotes a fake airdrop to trick users into taking actions that allow scammers to steal their cryptocurrency. Such pages should be identified as s
We have examined stylemeshconnect[.]com and concluded that the purpose of this page is to promote the "You've visited illegal infected website" scam and obtain permission to show notifications. If allowed, stylemeshconnect[.]com can send deceptive notifications to promote more scams and other onli
UraLocker is ransomware that we discovered during our routine inspection of samples uploaded to VirusTotal. Upon execution, UraLocker encrypts files and appends its extension (".rdplocked"). For example, it renames "1.jpg" to "1.jpg.rdplocked" and "2.png" to "2.png.rdplocked". UraLocker also chang
Our analysis has shown that it is a deceptive web page promoting a fake airdrop (cryptocurrency giveaway). The scammers behind this site aim to trick users into connecting their wallets, which allows them to steal cryptocurrency. Such sites should be closed if ever encountered to avoid monetary lo
Our analysis indicates that this is a fraudulent website (rabbywallet[.]io) mimicking the official Rabby Wallet site. Its purpose is to deceive users into disclosing personal information, enabling scammers to steal their digital assets. To prevent financial loss, users should immediately close suc
After reading this "We Have Your Search Requests And Webcam Footage" email, we determined that it is a sextortion scam. This spam message claims that Russian hacker affiliates have obtained the recipient's information and recorded a sexually explicit video of them. If the recipient does not meet
Our researchers found this imitator "Xverse" webpage (xversewallets[.]com; potentially other domains) during a routine investigative session. This is a phishing page that impersonates the official website of the Xverse wallet (xverse.app). The scam targets cryptowallet log-in credentials. IM
While investigating suspicious sites, our researchers discovered this fake "AMLBot Crypto Checking" webpage. It is disguised as the official website of the AMLBot platform (amlbot.com). The purpose of this scam is to trick users into exposing their digital wallets to a cryptocurrency drainer.
Our research team found the tracktransit.co[.]in rogue page while investigating suspect websites. After inspecting this webpage, we found that it promotes browser notification spam and redirects users to other (likely unreliable/hazardous) sites. Most visitors to tracktransit.co[.]in and pages ak