The purpose of to2s[.]biz is to trick visitors into agreeing to receive its notifications and promote various potentially malicious pages. It is pretty similar to rssincewhil[.]xyz, wholedailyfeed[.]com, news-cetugu[.]cc, and hundreds of other pages. To2s[.]biz loads a fake CAPTCHA encoura
Vtua is a piece of malicious software belonging to the Djvu ransomware family. It is designed to encrypt data (lock files) and demand ransoms for the decryption. Affected files are appended with the ".vtua" extension. For example, a file initially titled "1.jpg" would appear as "1.jpg.vtua", "2.j
Exlock belongs to a family of ransomware called MedusaLocker. It encrypts files and modifies their filenames by appending the ".exlock" extension (for example, it renames "1.jpg" to "1.jpg.exlock", "2.jpg" to "2.jpg.exlock"). Other variants of Exlock ransomware may append extension additionally co
Wholedailyfeed[.]com is an untrustworthy page designed to open other pages of this kind and ask for permission to show notifications (often in a deceptive way). There are many examples of other websites of this type. Some of them are 761d[.]site, serviceone[.]info, and get-positive[.]net.
Hot is a ransomware-type program designed to encrypt data (render files inaccessible) and demand payment for the decryption (access recovery). Compromised files are appended with a ".hot" extension. For example, a file like "1.jpg" would appear as "1.jpg.hot", "2.jpg" as "2.jpg.hot", "3.jpg" as "
Rssincewhil[.]xyz is designed to use a clickbait technique to lure visitors into granting it permission to deliver notifications and open other untrustworthy websites. Pages like rssincewhil[.]xyz are promoted through potentially unwanted applications (PUAs), shady advertisements, or sites. Users
J3ster is a ransomware-type program. It is designed to encrypt data (render the files inaccessible) and demand ransoms for the decryption. During the encryption process, files are appended with a ".j3ster" extension. For example, a file originally named "1.jpg" would appear as "1.jpg.j3ster", "2.
Diavol ransomware encrypts files (using an asymmetric encryption algorithm) and renames them by appending the ".lock64" extension (for example, it renames "1.jpg" to "1.jpg.lock64", "2.jpg" to "2.jpg.lock64"). Diavol also changes the desktop wallpaper and generates the "README_FOR_DECRYPT.txt" fil
Hauhitec is a piece of malicious software categorized as ransomware. It operates by encrypting data and demanding payment for the decryption. In other words, this ransomware locks victims' files and asks them to pay - to unlock the data. Affected files are appended with ".hauhitec", e.g., a file
News-cetugu[.]cc displays questionable content, asks for permission to show notifications, and opens shady websites. It is similar to many other sites, for example, get-positive[.]net, premium-shops-around[.]me, and positiveweb[.]org. Pages like news-cetugu[.]cc are promoted through potentially un