Catch phishing pages before blocklists do.

Entity: Unión Nacional de Gobiernos Locales | The website claims to be an official national digital certificate system involving the Central Bank of Costa Rica and SUGEF, but is hosted on a 'workers.dev' subdomain instead of a legitimate '.go.cr' or '.fi.cr' government domain.; Using a generic cloud hosting platform like Cloudflare Workers for a sensitive institutional portal is a common indicator of a phishing site designed to harvest credentials or personal data.

Entity: Fix It Sticks | The domain uses a common phishing pattern by adding 'official' to a brand name and using a .shop TLD rather than the legitimate fixitsticks.com domain.; The website layout shows technical glitches such as overlapping navigation text and logos which are typical indicators of a poorly constructed fraudulent site.

Entity: Southwest Airlines | The domain southwest-air.com.ru is a clear impersonation of the official southwest.com domain, using a Russian top-level domain for a US-based airline.; The entire website is in Russian while targeting Southwest Airlines, which is highly inconsistent with the brand's primary operations and official digital presence.

Entity: bet365 | The domain 'bet365-lisbon.com' is not an official domain for the Bet365 brand and follows a common pattern used by phishing or unauthorized affiliate sites to lure users.; The website impersonates the official brand while providing links to 'bonuses' which likely lead to malicious redirects or unregulated gambling platforms.

Entity: Shopee | The website is hosted on a 'pages.dev' subdomain, a free platform frequently used to host phishing sites, rather than an official Shopee corporate domain.; The site impersonates the Shopee brand to solicit login credentials (email and password) for a purported affiliate tool, which is a common tactic for credential harvesting.

Entity: Google Meet | The domain 'googlemeeets.click' uses a typosquatted version of 'google' and an extra 'e' in 'meets', which is a classic phishing technique.; The page visual identity is an exact clone of the Google Meet joining screen, used to deceive users into providing credentials or sensitive information on a fraudulent domain.

Entity: The Star | The domain star-casino-brisbane.com is a spoof of the official 'The Star Brisbane' brand which uses the domain thestarbrisbane.com.au.; The website promotes online gambling ('Play Now!') which is inconsistent with the regulated land-based operations of this specific brand in Australia.

The website is hosted on a free 'pages.dev' subdomain, which is a common practice for malicious sites to bypass reputation filters and avoid domain costs.; The content asks users to transfer USDT cryptocurrency directly to a provided wallet address without any verifiable brand identity, which is a hallmark of crypto-recharge scams.

Entity: Ziraat Bankası | The website uses the official Ziraat Bankası logo and branding on the suspicious domain 'ziraatoffshore.online', which is not an official domain for this major Turkish financial institution.; Major banks typically use their primary top-level domain (like .com.tr or .com) for international branches rather than a generic .online domain, which is a common indicator of a phishing site.