Our research team discovered the safedomains.net fake search engine while examining the Safe Domains by Secure Shell browser hijacker. This extension is presented as a tool that checks domain information before proceeding with a search. However, safedomains.net could be promoted by other software
After inspecting this "DocuSign - Industrial Estate Project" email, we determined that it is fake. This spam message informs the recipient that they must sign the shared document within 48 hours to maintain compliance, funding, and project launch. This is a malspam campaign spreading malicious sof
After examining this "IMAP/POP3 Configuration Error" email, we determined that it is spam. The message claims the recipient has pending emails due to service disruptions. The goal of this phishing campaign is to trick recipients into revealing their email account log-in credentials. The sp
Our examination has revealed that this site (phanstart[.]live) mimics the original Phantom platform, phantom.com. It is designed to trick visitors into believing they can receive free tokens by following the provided steps. However, there is no giveaway on phanstart[.]live and falling for this sca
Our researchers discovered news-lufimi[.]cc while browsing suspicious webpages. This rogue site is designed to promote browser notification spam. It can also redirect users to other (likely unreliable/harmful) websites. Most visitors to news-lufimi[.]cc and analogous pages access them via redirect
News-lihado[.]cc is a rogue webpage discovered by our researchers while investigating suspicious sites. After examining this page, we learned that it promotes spam browser notifications and generates redirects to different (likely untrustworthy/dangerous) websites. The majority of visitors to new
We have examined the email and found it to be a phishing attempt disguised as an important notification from Wells Fargo. It includes a link to a fake website designed to steal personal information from unsuspecting individuals. This scam email should be ignored and deleted if received. Th
Phantom is malware that, once installed, can run hidden web content and engage in automated click fraud. The malware communicates with a remote server for commands and may download additional modules to enhance its capabilities. Victims often get infected through third-party app stores or modified
Our inspection has revealed that news-laheze[.]cc uses clickbait to trick visitors into taking an action that allows the site to send notifications to their devices. Those notifications can promote untrustworthy content. Thus, users should avoid visiting news-laheze[.]cc and should not agree to re
Our analysis of news-kuyage[.]cc shows that the site is intended to trick visitors into enabling its notifications. Websites that rely on deceptive tactics usually send intrusive and misleading notifications. For this reason, users should avoid visiting sites like news-kuyage[.]cc and should never