Security Transparency

Reported Content

The page is a crypto “airdrop” landing page that lures visitors to connect their wallets and explicitly redirects users to an external, suspicious domain (solanapot.fun). That external redirect can lead to a malicious wallet connector that requests signatures or approvals to drain funds; the page’s UI and copy are deceptive and designed to induce risky wallet interactions.

Reported Content

The pages explicitly promote and sell 18+ sexual content (adult lessons) and instruct visitors how to accept payments and deliver files via Telegram and personal payment links. This content violates the platform's prohibited content policy for adult material and also includes workflows (manual payments to personal accounts and direct Telegram contacts) that increase risk of financial abuse or fraud for visitors.

Reported Content

The page impersonates Truecaller and deceptively presents a fake lookup result while covertly sending submitted phone numbers to an external Telegram bot. This behavior harvests sensitive visitor data and transmits it to an attacker-controlled endpoint, putting users at risk of spam, scams, or doxxing.

Reported Content

This page is an interactive SMS-bombing tool that automates repeated OTP/SMS requests to third‑party services for a supplied phone number, enabling harassment, spam, and service abuse. It directly sends many requests in loops to real provider endpoints and displays success/failure counts, which can cause nuisance, account disruption, and potential downstream costs or fraud for victims.

Reported Content

This page is an automated brute‑force tool that repeatedly submits 4‑digit SMS authentication codes to a ticketing API and logs any successful code (“4‑DIGIT HIT”). It enables unauthorized access to accounts by automating credential cracking against an external service, creating direct harm to account holders and the targeted service. The behavior constitutes active attack tooling and violates platform policies against fraud, credential abuse, and malicious automation.

Reported Content

This page automates bulk queries to Google's account-availability endpoint to determine which Gmail addresses exist and allows exporting those results. That behavior enables large-scale account enumeration and harvesting of valid addresses, which can be used for spam, phishing, or other privacy-abusive campaigns. The tool actively performs high-throughput checks against a Google service and exposes results for download, facilitating misuse.

Reported Content

This page implements an active CORS/sandbox bypass that loads an arbitrary target site into an iframe and injects/executes attacker-supplied JavaScript in the target’s context. That behavior allows theft of page data, session tokens/cookies, and performing actions as the user on the target site, posing severe risk to visitors and downstream services.

Reported Content

This page deliberately masks the real destination by embedding an external site in an iframe while showing a fake URL and messaging that the browser address bar will remain on the hosting page. That behavior is deceptive and can be used to deliver phishing, malware, or other harmful content to visitors while hiding the true origin. The page also embeds and advertises explicit adult sites, which conflicts with platform prohibitions on adult content and deceptive tooling.

Reported Content

Content identified as part of organized game piracy network (Ultimate Game Stash). Distributes copyrighted games without authorization.

Reported Content

Content identified as part of organized game piracy network (Ultimate Game Stash). Distributes copyrighted games without authorization.

Reported Content

Content identified as part of organized game piracy network (Ultimate Game Stash). Distributes copyrighted games without authorization.

Reported Content

Content identified as part of organized game piracy network (Ultimate Game Stash). Distributes copyrighted games without authorization.

Reported Content

The page lures visitors to 'Connect Wallet' then programmatically initiates a token transfer that would send the user's entire USDT balance to an attacker address, requesting a wallet signature. After the transfer it clears the page to hide evidence, creating a high risk that a user who approves the transaction will irreversibly lose funds.

Reported Content

The page contains active anti-inspection and anti-debugging code that blocks right-click and common DevTools shortcuts and will enter an infinite loop if it detects DevTools, freezing the page. This behavior prevents visitors from inspecting or debugging the page and can effectively deny normal use of the site, which is deceptive and harmful to visitors.

Reported Content

This page covertly steals browser data (cookies and the results of a cross-origin request) and transmits it to an external collaborator domain. Stolen cookies or response data can be used to hijack user sessions or disclose private information, posing a direct risk to visitors. Multiple reliable exfiltration channels are implemented to ensure data leaves the victim's browser.

Reported Content

The page programmatically reads the user's document.cookie and transmits it to an external collaborator domain using multiple transport methods. Exfiltrating cookies can expose session tokens and personal data to an attacker, enabling account takeover and other privacy/security breaches.

Reported Content

The page automatically reads visitors' browser cookies and transmits them to an external attacker-controlled server. Stolen cookies can allow account/session hijacking and other privacy-invasive attacks, so this behavior poses direct harm to visitors.

Reported Content

This page auto-triggers when visited with a ?track= link and requests camera and geolocation permissions, captures a selfie, GPS coordinates, IP and device details, and records that sensitive data. Collecting intimate personal data in this way poses a direct privacy invasion and can be used to identify or surveil visitors. The behavior is covert (auto-run from a URL param) and therefore dangerous to visitors.

Reported Content

This page is a proof-of-concept for a Universal XSS (UXSS) exploit that embeds a JavaScript payload inside a Messenger deep-link which reads and renders session cookies and the current URL. If that payload is delivered to a vulnerable Facebook/Messenger webview it can expose session cookies (sensitive authentication tokens) and enable account takeover or further exfiltration. The content functions as a probing/exploit toolkit rather than harmless demo, posing real visitor harm.

Reported Content

Content identified as part of organized game piracy network (Ultimate Game Stash). Distributes copyrighted games without authorization.

Reported Content

Content identified as part of organized game piracy network (Ultimate Game Stash). Distributes copyrighted games without authorization.

Reported Content

Content identified as part of organized game piracy network (Ultimate Game Stash). Distributes copyrighted games without authorization.

Reported Content

This page collects sensitive data (phone number, IP, device fingerprint, geolocation) and captures a webcam photo, then transmits all of it to a hardcoded Telegram bot endpoint. The transmission goes to an external account controlled by the page author and is not disclosed to the user, creating a direct privacy and safety risk. Camera and location prompts combined with a deceptive “gift” UI can trick visitors into revealing highly sensitive information.

Reported Content

The page asks visitors to enter a password and immediately sends that password out of the frame to its parent window (using a wildcard postMessage) without explaining where it goes. This behavior can be used to steal passwords and expose users’ credentials to any embedding site or attacker-controlled parent frame.

Reported Content

The page asks users to enter a password and immediately sends that password out of the frame to its parent window, which can be controlled by an external party. This behavior can be used to steal existing user credentials because the destination is not constrained or disclosed and the password is transmitted off-site.

Reported Content

The page opens external sites and injects code to force those windows into fullscreen, and it advertises/links a Google Apps Script “Chaos Proxy” that claims to bypass protections. Together these behaviors can conceal browser UI and facilitate cookie/session theft, proxying, or other platform-exploitation workflows that harm visitors.

Reported Content

This page is a phishing site impersonating BIGLOBE Webmail that collects users' email and password and transmits them to an attacker-controlled Telegram bot. Stolen credentials can be used for account takeover and further abuse, making this a direct threat to visitors.

Reported Content

This page is a fake login form that captures visitors' email and password and silently sends those credentials to an external Telegram account controlled by the operator. The UI imitates a legitimate membership/login page and deliberately misleads users with error messages and a redirect after repeated attempts, creating a high risk of credential theft and account compromise.

Reported Content

The page hosts explicit/NSFW imagery (title and large gallery of adult images), which violates the platform's prohibited-content policy and is inappropriate for general audiences. The client-side code itself does not exfiltrate data or perform credential theft, but the site’s purpose (adult content behind a password gate) constitutes a Terms-of-Service violation. The password gate is implemented purely in-page (static check) and does not send credentials externally.

Reported Content

The page asks for camera access under a sexually suggestive pretext, captures webcam images, and sends those photos directly to a Telegram bot using an embedded bot token and chat ID. This covert collection plus external transmission exposes visitors' private images and identity without informed consent, creating direct privacy and safety harm.

Reported Content

This page actively builds and shortens links that point to S3-hosted .zip files advertised as “free premium Steam games,” then automatically opens the shortened link—behavior that facilitates distribution of copyright-infringing (and potentially malicious) downloads. The site also decodes a hidden API token and includes a script that attempts to erase/obfuscate its own inline source, indicating intentional concealment of backend credentials and tooling used to distribute those links.

Reported Content

This page is a proof-of-concept that exploits an exposed Android WebView interface to read device files, exfiltrate data, hijack the clipboard, and present a fake inDrive login to harvest credentials. Those behaviors enable privacy invasions and credential theft when run inside a vulnerable app.

Reported Content

This page openly promotes and links to pirated/modified Android APKs — including fake payment apps that explicitly mimic real services — and directs users to external Telegram channels to unlock downloads. Those APKs (hosted on MediaFire, Cloudshare, Limewire/devuploads, Telegram links) can carry malware, steal credentials, enable fraud, or facilitate abusive tools, putting visitors at direct risk.

Reported Content

This page collects email account usernames and passwords and automatically sends them to a third‑party Telegram bot. It covertly transmits sensitive credentials offsite, exposing visitors to account takeover and privacy loss.

Reported Content

This page programmatically generates realistic student identities and polished ID cards that include real university names, logos, and plausible university-email addresses, then packages them for download. Those downloadable artifacts are immediately usable to impersonate students or enable fraud, which poses real risk to third parties and the platform.

Reported Content

This page programmatically fabricates realistic U.S. student identities (names, .edu emails, student IDs) and produces downloadable ID-card images and a students.txt file, explicitly suggesting use by a “bot.” That capability enables impersonation and fraud by producing realistic credentials/documents even though no external data exfiltration occurs. The content therefore facilitates wrongdoing and violates platform terms on fraud/impersonation.

Reported Content

This page hosts an explicit/adult image gallery (page title includes a 🔞 age-warning and image URLs point to hosted photos) which violates the platform’s prohibition on adult content. The client-side password gate is cosmetic (hardcoded in JS) and does not change that the content itself is disallowed and can expose visitors to explicit material.

Reported Content

The page appears to host age-restricted / sexually explicit content (title uses 🔞 and the UI is an adult gallery), which violates the platform's prohibited-content policy and risks exposing minors or harming platform reputation. The site also uses a trivial client-side password gate that does not actually protect users or verify age.

Reported Content

The page impersonates a YouTube verification prompt, requests webcam permission, then covertly captures periodic photos and POSTs base64 images to an external pipedream.net endpoint. Those images are exfiltrated without clear user-informed consent and can contain sensitive personal data, creating a serious privacy risk.

Reported Content

The page impersonates YouTube and lures visitors to enable their camera by claiming a CAPTCHA check. It captures hidden webcam frames and repeatedly uploads those images to an external pipedream.net endpoint, exposing sensitive personal/biometric data. This behavior covertly collects and transmits private user data without proper disclosure.

Reported Content

This page collects phone number, province and precise GPS coordinates and then prompts users to send those details to a specific Telegram account under the pretext of “claiming” a cash prize. That behavior exposes sensitive personal location/contact data to an external third party and supports a likely prize/lead-generation scam that can harm visitors’ privacy and enable fraud. The data is prepared for transmission to an attacker-controlled destination in the UI.

Reported Content

This page requests camera, microphone, and precise location permissions, captures a photo and audio, collects IP and browser fingerprints, and then transmits all of that sensitive data to a hard-coded Telegram bot. The data exfiltration is performed automatically after the user grants permissions and the page does not clearly disclose that the media and location will be sent to an external third party, creating a serious privacy and safety risk for visitors.

Reported Content

This page covertly requests camera, microphone, and geolocation permissions, captures a photo and short audio, collects IP and browser metadata, and automatically sends all of that sensitive data to an attacker-controlled Telegram bot. The behavior happens immediately on page load and is hidden behind a benign-looking thumbnail/status UI, creating a high risk of non-consensual surveillance and privacy violation for visitors.

Reported Content

This page covertly requests camera, microphone and location permissions, captures photos/audio/IP/location and automatically transmits them to an external Telegram bot. It disguises that behavior behind a benign-looking status and a redirect, which risks serious privacy invasion and surveillance of visitors.

Reported Content

The page impersonates the Garena brand and lures visitors to “claim rewards” by entering their Player ID and contacting a listed admin number via WhatsApp or SMS. Although the code does not automatically exfiltrate credentials, it explicitly pre-fills messages to an attacker-controlled phone number — a direct social-engineering vector that can be used to defraud or harvest sensitive information from users.

Reported Content

This page contains code that fetches and eval()s remote JavaScript and provides multiple tools to cloak activity and disable / bypass web filtering. Executing remote code in a visitor's browser can run arbitrary payloads (data theft, malware, or disabling security controls) and the UI explicitly encourages deception to hide activity from teachers.

Reported Content

This site solicits off-site payments (UPI and a hard-coded USDT address) and instructs users to send payment screenshots via WhatsApp to receive activation codes, which matches common manual-payment scam funnels. Because payments are sent directly to external accounts with verification handled outside the platform, visitors risk losing money with no on-site protection or escrow.

Reported Content

The page collects an email and password from visitors and transmits those credentials (plus an account number taken from the URL) to an external server (icehost.eu.org). Sending user passwords to an external endpoint exposes visitors to account takeover and privacy breaches.

Reported Content

The page pretends to generate a legitimate “key” but produces an invalid result and immediately opens an external, suspicious site (earnlinks.in) when the user clicks Generate. This is a deceptive lure that redirects visitors to an unknown third-party destination and can expose them to scams, unwanted ads, or further malicious pages.

Reported Content

This page openly markets and sells massive tiers of child sexual abuse material (CP, incest, rape, snuff) while steering users to a Telegram account and payment portal, meaning it is actively promoting and distributing illegal and deeply harmful content.

Reported Content

This page immediately opens a TronLink wallet deeplink that requests a contract call to the USDT token address, likely prompting a user to sign a transaction without context or consent. That behavior matches common crypto payment/phishing scams and is high risk for token loss.

Reported Content

This page fetches and injects remote HTML into a same-origin blank tab, which allows that remote content to run with the page’s privileges and potentially access or exfiltrate cookies/localStorage or call protected endpoints without clear user consent. The pattern is a high-risk content-injection vector and should be removed or sandboxed.