Our examination has revealed that rbtchk11.co[.]in is an untrustworthy website that uses clickbait to trick visitors into consenting to receive notifications. If permission is given, rbtchk11.co[.]in can show misleading notifications (e.g., fake alerts) to promote other potentially malicious sites
While testing ProcessOffers, we uncovered that this is an unwanted application designed to deliver unwanted and annoying advertisements. Apps of this type are classified as adware. Moreover, our analysis shows that multiple security vendors flag ProcessOffers as malicious. Thus, users should avo
Our team has discovered that this is a phishing email posing as an important notification from the "email security team". It contains a deceptive link designed to open a fake web page (a phishing site). On that site, visitors are instructed to disclose personal information. The consequence of fall
We have reviewed the email and determined that it is a phishing attempt disguised as a notification from the email service provider. Fraudsters behind this scam email aim to deceive recipients into opening a fake website and entering personal information. Victims of this scam may lose access to pe
Our analysis has revealed that this website (2025-event[.]xyz) is fraudulent. It poses as the original Solana site (solana.com) to lure visitors into taking actions that can result in cryptocurrency theft. It is highly advisable to examine crypto-related pages before interacting with them to avoid
While analysing malware samples uploaded to VirusTotal, we found Ripper, which is ransomware designed to encrpypt files. In addition to blocking access to files, Ripper changes the desktop wallpaper, creates a ransom note ("READ_NOTE.html"), and appends the ".ripper12" extension to files. For ins
Lockis is ransomware from the GlobeImposter family. We discovered it while inspecting malware samples submitted to VirusTotal. During our examination, we found that Lockis encrypts files and appends the ".lockis" extension to them. It also creates a text file ("how_to_back_files.html") containing
We examined the website (infrared-finance[.]pro) and discovered that it is a clone of the Infrared site, infrared.finance. It is a fraudulent website created to steal cryptocurrency from users' wallets. To avoid losing funds, users should steer clear of this and other unofficial copies. IMPO
We have inspected the website (gensyn-token[.]network) and found that it is a copy of the original Gensyn page, gensyn.ai. It is a scam website designed to drain wallets (steal cryptocurrency from unsuspecting users). This and similar unofficial pages should be avoided to prevent cryptocurrency th
Upon examining tapverge[.]com, we found that the site uses a deceptive technique to trick visitors into accepting its notifications. If permission is given, tapverge[.]com can display fake warnings, offers, and similar messages. Its notifications can expose users to scams and other threats. Thus,