This URL was first detected by ConcealBrowse on February 21st; the same day other security vendors started reporting on it. Initially, only five security vendors marked the page as malicious, but currently there are 15 vendors flagging the page. ConcealBrowse successfully intervened with a 28% risk assessment due to suspicious activity.

When ConcealBrowse first intervened, this page was a Microsoft tech support scam. Malicious actors utilize Azure’s web application services to create Microsoft-branded pages that appear trustworthy. Although the page has since been removed from Microsoft, ConcealBrowse caught the malicious behavior prior to Microsoft intervening. Users are protected in real-time even before the owners of the domain can respond to reports of platform abuse.

Conceal Recommendation: Sites like these can be tricky to detect early, due to their trusted domain names and IP addresses to evade filtering technologies. Live analysis through ConcealBrowse is the best way to protect users in these scenarios.

This URL was detected by ConcealBrowse on February 8th, 2024, with a 28% risk assessment. It was first seen by four security vendors in June of 2023 and is currently detected by 17 vendors. ConcealBrowse intervened on this page due to suspicious activity.

While the website is currently down, this page is an example of brand impersonation by pretending to be the United States Postal Service. These scams usually come in the form of a message saying that there is a package that was lost in the mail. When users click on the link, they are shown a page that looks very similar to the USPS site and asked to provide a return address and pay for shipping. Brand impersonations can be very hard to recognize, which is why using browser protection is critical.

Conceal Recommendation: This URL and IP should be blocked with ConcealBrowse’s policies and other perimeter security tools your organization may be using.

This URL was detected by ConcealBrowse on January 22nd, 2024. Six security vendors began reporting on this site later the same day. As of this report,the site is detected by 15 vendors. ConcealBrowse isolated the page with a 28% risk due to suspicion of phishing.

This page pretends to be Yahoo’s login page and is used to steal email credentials. Email credentials carry significant risk, because they can be used to steal accounts connected to the email address. Without 2 factor authentication, all an attacker needs is access to the email associated with the account to change the password and take it over. An attacker might also launch attacks against all contacts in the address book of the account because users are more likely to click on links from someone they know.

Conceal recommendation: Educating users how to spot potential phishing sites is an important aspect of a layered security approach. However, it is important to address those who may not identify phishing sites with a solution, like ConcealBrowse, that prevents users from entering credentials into sites that they fail to recognize as phishing by preventing username and password input in suspicious sites.

This URL was detected by ConcealBrowse on January 10th, 2024. It was first identified by 2 security vendors on the same day, with 3 reporting to date. ConcealBrowse intervened assigning the page a 14% risk due to suspicion.

Upon first look, the webpage itself is using a malicious Top-Level Domain (TLD) that is notoriously used globally for malware distribution and phishing campaigns. The domain itself is also leveraging deception, as there is a legitimate Robin AI used by many. Due to this, vendors have annotated this site as phishing. Further, the page is seen downloading an HTML file that has also been annotated as suspicious by two reputable anti-virus vendors. More grandeur, the hosting IP address was flagged and is delivering other copycat websites to users. With that, users should always confirm login page addresses before divulging credentials and other personal information.

ConcealBrowse detected this URL on December 29th, 2023. It was first identified by three security vendors on October 3rd, 2023, and to date, by five vendors in total. ConcealBrowse intervened due to the abundance of signals around the page’s structure. With that, the site was assigned a 14% risk score.

The innocuous news site appears safe at first glance, giving insight to those seeking information on the Affordable Care Act and employee rights. Sites like this often use various marketing tags to track analytics to gain insight into their site visitors. These tags often rely on popular management systems such as Google Tag Manager, and one can see the HTTP requests from the page to the tag manager system. However, one such HTTP request from the site reaches out to a mimicked tag manager, which then loads the script to the page. The script, if loaded, notifies the user to update their browser, which runs a PowerShell script that introduces the NetSupport Remote Access Trojan to the endpoint. This gives adversaries remote access to the endpoint for follow-up actions. This active site should be avoided until the site admins remedy their issue.