Exa News
Urgent Safeguarding Alert: Malicious Domain Bypassing Filters
- Date Posted:
- Read time:
- 5 min read
- Written by: Exa Networks
Helping schools implement a safe online environment is a core part of what we do, that’s why we’re issuing this urgent alert about a sophisticated online threat that is currently targeting young people.
The harmful domain viralsvideo(dot)online has been identified as evading standard filters and reaching young users by misusing search engine results and deploying predatory subscription tactics.
This is not just a typical inappropriate website, there are two parts to this threat making it a substantial digital safety concern for schools and families.
How The Exploit Works
Search Engine Manipulation
The operators behind this malicious domain have been exploiting metadata from legitimate university and medical sites so that when users search for everyday educational/health terms, the search results may return links that look innocent at a glance.
However, clicking through leads to a grid of over 100 explicit images, all designed to bypass SafeSearch and standard educational filters.
Fraudulent Subscription Trap
Once a user interacts with the explicit content, they are redirected to a fraudulent VPN subscription page. This is a known “fleeceware” model where the interface displays the last four digits of the user’s credit card information to appear trustworthy and pressures the user into confirming a subscription fee of £11.99 per month. This aims to take payment quickly and without clear confirmation.
However, clicking through leads to a grid of over 100 explicit images, all designed to bypass SafeSearch and standard educational filters.
What We Know
Based on current evidence:
The domain is attracting an estimated 70k+ visits per day.
A significant portion of traffic is originating from the UK and India.
Hosting infrastructure is identified in Frankfurt am Main, Germany.
Reports have been filed with national and international bodies: CERT-In (India), Action Fraud, National Cyber Security Centre
Given the scale and sophistication of this exploitation technique, it is critical that schools and parents act now.
Recommended Actions for Schools & Partners
Add to Block Lists
If you are a SurfProtect customer there’s no need to worry as we have blocked the domain for all users, if not we strongly encourage all schools to ensure that their filtering system is blocking this domain.
For that extra level of reassurance, you may want to ask your ISP/technical support team to review your network activity logs for any web activity related to this domain, to see if anything may have been compromised.
Inform Parents, Carers and Staff
You may want to communicate with your staff about the threat and advise parents to:
Try to block the domain where possible.
Be cautious of unexpected VPN subscription prompts.
Report Any Incidents
Report suspicious behaviour, redirects or attempts to access harmful content via your usual reporting procedures. Early reporting helps speed up mitigation efforts.
Staying ahead of emerging threats is crucial in an increasingly connected world. We’ll continue to share updates and guidance as new information becomes available.
Keep up to date with our news.
Keep up to date with our news
Related News Articles
- 12 November 2025
- 12 November 2025
- 5 min read
- 22 October 2025
- 23 October 2025
- 5 min read