A phishing website masquerading as Uniswap was hosted on Google Sites and promoted via ads to trick users and steal their assets.
highURL / phishing·
AGS-2026-0001
Fake Uniswap website used for phishing
Affected
- urlPattern
- https://sites.google.com/view/unilabs-dapp-v4-150
- domainExact
- https://sites.google.com/view/unilabs-dapp-v4-150
- urlPattern
- unilabs-dapp
- domainExact
- unilabs-dapp
Self-check
AgentGuard subscribers receive this advisory automatically and their local guard runs the inspection below.
Inspect paths
C:\Users\**\AppData\Local\Google\Chrome\User Data\Default\History~/Library/Application\ Support/Google/Chrome/Default/History~/.config/google-chrome/Default/History/var/log/syslog
Remediation: block_url— 1. Check Local DNS Cache
# Windows
Get-DnsClientCache | Where-Object {$_.Entry -like "*unilabs*"}
2. Inspect Chrome History Files
(Note: Chrome stores history in a SQLite database; scanning it raw via grep/Select-String acts as a quick keyword indicator).
# Windows
Get-ChildItem "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\History" -ErrorAction SilentlyContinue | Select-String "unilabs-dapp"
# macOS
grep -a "unilabs-dapp" ~/Library/Application\ Support/Google/Chrome/Default/History 2>/dev/null
# Linux
grep -a "unilabs-dapp" ~/.config/google-chrome/Default/History 2>/dev/null
grep -a "unilabs-dapp" ~/.config/chromium/Default/History 2>/dev/null
3. Check System-Wide Network Connections and Logs
# macOS: Check active network connections on port 443 filtered by "google"
sudo lsof -i :443 | grep -i "google"
# Linux: Scan system logs for IOC keywords
sudo grep -i "unilabs" /var/log/syslog 2>/dev/null