Our researchers discovered the advfandom[.]com rogue page during a routine inspection of untrustworthy websites. This webpage is designed to push browser notification spam; at the time of research, it did so by using fake CAPTCHA verification. Additionally, this site can redirect visitors to other
While investigating suspicious websites, our research team discovered the advatravel[.]com rogue page. It operates by pushing browser notification spam and redirecting users to other (likely unreliable/dangerous) sites. Most visitors to advatravel[.]com and similar webpages enter them through red
ArchiveOperation is an application that we discovered while reviewing new submissions to VirusTotal. After analyzing this app, we learned that it is adware belonging to the AdLoad malware family. Adware stands for advertising-supported software. It displays ads (e.g., pop-ups, banners, c
We have examined advdomlab[.]com and learned that the purpose of this page is to trick visitors into allowing it to show notifications. Also, advdomlab[.]com redirects visitors to other untrustworthy websites. Our team discovered advdomlab[.]com while inspecting pages that use shady advertising ne
Wave analyzed mediumhiquality[.]com and found that this page displays a deceptive message to trick visitors into allowing it to show notifications. Also, mediumhiquality[.]com redirects to other websites that use clickbait techniques to receive permission to display notifications. Mediumhi
While testing the Search-News Default Search application, we found that it functions as a browser hijacker. It promotes a fake search engine (search-news.xyz) by changing some of the settings of a web browser. We discovered Search-News Default Search on a shady web page. Search-News Defaul
It is a fake virus message displayed by a deceptive website (a technical support scam site). The purpose of this page is to trick unsuspecting visitors into calling the provided number. None of the messages on this page are real. Thus, this website should be ignored. This scam page shows a
Venadvstar[.]com is one of the many websites that display deceptive messages to trick visitors into allowing them to show notifications. Additionally, venadvstar[.]com redirects visitors to other shady websites. We discovered venadvstar[.]com while inspecting sites that use shady advertising netwo
Our researchers discovered the Nlb ransomware while investigating new submissions to VirusTotal. This malicious program is part of the Dharma ransomware family. Once we launched a sample of Nlb on our testing system, it encrypted files and altered their titles. Original filenames were appended wi
R0n is ransomware that encrypts files and appends the victim's ID, ronvest@tutanota.de email address, and the ".r0n" extension to filenames. Also, R0n provides two ransom notes: it displays a pop-up window and creates the "info.txt". Our team discovered R0n while inspecting malware samples submitt