El Dorado (Eldorado) is ransomware derived from another ransomware known as LostTrust. It encrypts files, appends the ".00000001" extension to filenames, and creates a ransom note ("HOW_RETURN_YOUR_DATA.TXT"). An example of how El Dorado changes filenames: it renames "1.jpg" to "1.jpg.00000001", "
After investigating the "Bank Account Details" email, we determined that it is spam. The letter in question claims that the recipient has recently changed their banking information and that they can review their payment receipt in the attached file. Instead, this attachment redirects to a phishing
We discovered the bectrocks[.]com rogue website while inspecting unreliable webpages. This site promotes browser notification spam and redirects users to other (likely dubious/hazardous) pages. The majority of visitors to bectrocks[.]com and webpages akin to it access them via redirects caused by
Our inspection of udesmail[.]com revealed that it is a rogue webpage, which aims to lure visitors into permitting it to spam them with browser notifications. Furthermore, this page is capable of redirecting users to different (likely dubious/dangerous) websites. Udesmail[.]com and similar sites a
Wpboostbuddy[.]com is a rogue page promoting browser notification spam and generating redirects to different (likely unreliable/dangerous) websites. Our research team discovered this webpage during a routine investigation of questionable sites. Users primarily enter pages like wpboostbuddy[.]com
While investigating dubious sites, our researchers found the romancerocket[.]click rogue page. Our analysis revealed that this webpage promotes deceptive content and browser notification spam. Romancerocket[.]click is also capable of generating redirects to other (likely questionable/dangerous) we
Yournetti[.]com is the address of a rogue page discovered by our researchers during a routine investigation of untrustworthy websites. The purpose of this webpage is to deceive visitors into allowing browser notification delivery. Additionally, yournetti[.]com can cause redirects to other (likely
Our researchers discovered the zxdret[.]click rogue webpage while browsing suspicious sites. This page is designed to promote browser notification spam and generate redirects to other (likely unreliable/hazardous) websites. Most visitors enter zxdret[.]click and similar pages via redirects caused
Our analysis of yourlloydsllc[.]com has revealed that it is an untrustworthy website. Once accessed, it displays deceptive content to trick visitors into agreeing to receive notifications. Also, yourlloydsllc[.]com can redirect visitors to similar web pages. Thus, users should avoid visiting yourl
Our researchers discovered theamovies[.]com during a routine investigation of suspect websites. This rogue page endorses spam browser notifications and redirects users to different (likely dubious/malicious) sites. Most visitors to webpages like theamovie[.]com access them through redirects gener