PhishEye Blog
Field notes on phishing detection, typosquat enforcement, search-threat strategy, and the takedown metrics that actually reduce customer harm — not vanity dashboards.
Featured
Research · · 14 min readPart 1 of 2
An infostealer log exposed one operator inside a Middle East-wide Find My smishing ecosystem: 243 domains, 69 SMS gateways, and a pipeline run from Afghanistan with PhantomUltimate.
By PhishEye Research · Threat Intelligence
Read moreResearch · · 15 min read
A live ClickFix campaign poisons your clipboard via a fake CAPTCHA and hides its C2 on the Polygon blockchain (EtherHiding) to defeat takedowns. Full chain, 97-domain IOC feed, defenses.
Read moreCybersecurity · · 11 min read
Build a phishing-reporting pipeline with APIs: validate a URL, submit to Safe Browsing and urlscan, find host and registrar abuse contacts via RDAP, and escalate.
Read moreResearch · · 10 min read
PrizeBuzz runs one fake-prize-survey kit across 318 .buzz domains, cloning OMT, Coca-Cola, Vodafone and ~26 more brands over WhatsApp behind Cloudflare. IoCs inside.
Read moreResearch · · 11 min read
INTERPOL's Operation Ramz dismantled Sniper Dz, a decade-old phishing-as-a-service platform: 20,000+ domains, 80 brand kits, and 201 arrests across 13 countries.
Read moreCybersecurity · · 10 min read
Online brand protection explained: the threats, how detection and takedown work, the channels to cover, and how to build a program in 2026.
Read moreCybersecurity · · 9 min read
How phishing, website, and domain takedown services work — detection, evidence, registrar and host abuse channels, SLAs, recycle tracking, and how to choose a provider.
Read moreCybersecurity · · 9 min read
What brand protection software does, the types of tools (domain, social, ad, app, dark web), the features that matter, and how to choose the right one.
Read moreCybersecurity · · 8 min read
A step-by-step guide to getting a phishing website removed: confirm it, gather evidence, report to the host, registrar, and Safe Browsing, then escalate.
Read moreCybersecurity · · 9 min read
How to evaluate brand protection companies and vendors: provider categories, the criteria that matter, a 30-day pilot method, and red flags to avoid.
Read moreResearch · · 10 min read
A fake DirBuster 'GitHub' page weaponized ClickFix clipboard hijacking to run a base64/zsh one-liner that installs Atomic Stealer (AMOS) on macOS — no exploit, just copy-and-paste. Analysis, IoCs, and defenses.
Read moreResearch · · 8 min readPart 2 of 2
Defender annex: defanged live domains, nameserver pivots, PhantomUltimate kit fingerprints, timeline, and FAQ.
Read moreCybersecurity · · 18 min read
A practical 2026 playbook for detecting typosquat and lookalike domains, scoring risk, packaging evidence, and routing takedowns through the right channel.
Read moreCybersecurity · · 16 min read
A 2026 playbook for detecting and removing executive impersonation across email, social, voice, and deepfake channels — with severity, evidence, and KPI guidance.
Read moreCybersecurity · · 12 min read
How to run search threat monitoring for SEO poisoning, fake support sites, and paid impersonation with one evidence-led workflow.
Read moreCybersecurity · · 11 min read
A practical hybrid phishing detection architecture: where deterministic rules win, where AI adds value, and which KPIs prove impact.
Read moreCybersecurity · · 14 min read
A neutral shortlist for evaluating brand protection platforms using evidence quality, impersonation coverage, and enforcement readiness.
Read moreCybersecurity · · 15 min read
A practical buyer checklist for phishing detection and takedown platforms, focused on alert-to-case conversion and closure metrics.
Read moreProduct updates · · 12 min read
Why enterprises centralize digital risk management across phishing, typosquatting, fake apps, and impersonation with shared governance.
Read moreCybersecurity · · 10 min read
Takedown KPIs beyond detection volume: time-to-triage, time-to-suspend, recycle rate, and search-channel exposure metrics.
Read moreSubscribe to the RSS feed for new posts, or get in touch with the team behind the investigations.
