While browsing questionable websites, our researchers found the girlzsportteam[.]top rogue page. After inspecting it, we determined that this webpage pushes spam browser notifications and redirects to different (likely unreliable or hazardous) sites. Visitors to girlzsportteam[.]top and similar p
After examining the "Wells Fargo - Account Verification Required" email, we determined that it is fake. This spam letter warns that the recipient risks having their bank account suspended if they do not renew their information. This deceptive mail aims to steal victims' online banking accounts thr
Our analysis of the claim.debridgefinace[.]com site revealed that it is a fake website, a copy of the legitimate debridge[.]finance web page. We found that scammers use claim.debridgefinace[.]com to drain their victims' cryptocurrency wallets. Thus, claim.debridgefinace[.]com and similar fake plat
Hotsearch.io is the address of a fake search engine. We found this page promoted by the HotSearch browser extension. It operates as a browser hijacker, i.e., modifies browser settings to generate redirects to the hotsearch.io site. HotSearch was installed on our test machine by a rogue installati
We have examined the Three Seconds AdBlock Lite browser extension and concluded that it functions as adware. When added and active, Three Seconds AdBlock Lite shows various advertisements. Also, this extension can read various data. Thus, users should not trust Three Seconds AdBlock Lite and remov
While investigating suspect sites, our research team discovered the dwhitdoedsrag[.]org rogue webpage. Upon examination, we determined that it promotes browser notification spam and redirects users elsewhere (likely dubious/malicious websites). Pages like dwhitdoedsrag[.]org are most commonly acc
Our researchers found the Xam ransomware during a routine inspection of new file submissions to the VirusTotal platform. Ransomware is a type of malware that encrypts files in order to demand payment for the decryption (data recovery). We obtained a sample of Xam and executed it on our testing sy
Upon examining the site (token-usdt[.]com), we discovered that it is a scan website copying tether[.]to. The purpose of the fake page is to trick visitors into believing that they can participate in an airdrop and receive cryptocurrency for free. The ultimate goal is to steal cryptocurrency assets
After inspecting the "Request To Cancel Your Services" email, we determined that it is spam. This mail falsely claims that the recipient's email account was blocked due to a cancellation request sent to the service provider. The purpose of this fake message is to deceive users into providing their
We have inspected the email and concluded that it is a scam offering recipients an investment opportunity. Typically, fraudsters behind such emails aim to extract money and (or) personal information from unsuspecting individuals. This and similar emails should be ignored. The sender claims