Is searchrouter.com safe?

encoded payload

suspicious base64-like blobs detected in page content

social engineering

Site presents itself as a general content/news aggregator but the meta description explicitly states 'Credit cards from the best banks and loan recommendations'. The visible content is lifestyle/career articles with no financial product content shown, creating a deceptive mismatch designed to lure users under false pretenses toward undisclosed financial offers. (location: metadata.json og:description and page.html <meta name='description'>)

brand impersonation

Site name 'searchrouter' and domain 'searchrouter.com' mimics the concept of a search engine/router, a generic but authoritative-sounding brand. Assets are served from cdn1.vzadtech.com (vzadtech), a third-party ad-tech CDN not affiliated with the site's presented identity, indicating the site is a thin front operated by an ad-tech entity under a deceptive generic brand name. (location: page.html - all CDN asset references (cdn1.vzadtech.com))

social engineering

Article titled 'How to Get Robux on Roblox' appears four times with identical content and timestamps seconds apart, clearly targeting minors with Roblox/gaming content. The snippet states 'You will remain on the same website' — a reassurance phrase commonly used to mask redirect behavior or bait-and-switch affiliate flows. This pattern targets a young/vulnerable audience for financial product funneling. (location: page.html lines 14-17, page-text.txt lines 9-12)

malicious redirect

All internal navigation links (Home, News, Tips, Loan, article links) use empty href='' combined with JavaScript class 'retain-query-link retain-query-link-anchor', indicating all clicks are intercepted by JavaScript to append and forward query parameters (likely affiliate/tracking tokens). This pattern is used to silently redirect users through affiliate chains or inject tracking data without user awareness. (location: page.html - all <a href='' class='retain-query-link retain-query-link-anchor'> elements throughout)

social engineering

Article body content is systematically mismatched from article titles. For example, 'Mastering Public Speaking' contains text about exercise benefits; 'Navigating the World of Freelance Translation' contains text about education; 'The Best Time to Apply for Jobs' contains text about IT professionals. This is hallmark AI-spun filler content used to inflate page count for SEO/ad revenue while deceiving users about actual content. (location: page.html lines 12-22, page-text.txt lines 7-17)

phishing

Site prominently advertises financial products (credit cards, loans) in its meta description and footer disclaimer, while displaying unrelated lifestyle content as bait. The disclaimer warns 'Under no circumstance we will require you to pay in order to release any type of product' — a statement that implicitly acknowledges the risk of scam behavior on or through the site, suggesting users are funneled to third-party offers that may request payment. (location: page.html footer DISCLAIMER section, page-text.txt line 18)

hidden content

A zero-dimension hidden GTM iframe is embedded via noscript tag: <iframe src='https://www.googletagmanager.com/ns.html?id=GTM-WT658H85' height='0' width='0' style='display:none;visibility:hidden'>. While GTM itself is a known service, this GTM container ID (GTM-WT658H85) could load arbitrary third-party scripts and tracking pixels invisible to the user, including fingerprinting or behavioral tracking payloads. (location: page.html line 4 - noscript GTM iframe, page-text.txt line 1)

social engineering

PushAlert push notification script is loaded from cdn.pushalert.co on page load (integrate_e9245f707b2d78c721a806a971332316.js). This is used to prompt users to accept browser push notifications, a common technique for persistent ad/spam delivery and user re-engagement without consent, often abused for malvertising campaigns. (location: page.html line 1 - <script id='push-notification' src='https://cdn.pushalert.co/integrate_e9245f707b2d78c721a806a971332316.js'>)