Cybersecurity Reach Foundation
Back to Investigations
/Follow-Up Alert

ALERT: SpiderFoot Scam Resurfaced on spiderrfoot.com

The misleading SpiderFoot distribution site we previously investigated on spiderfoot[.]org has now appeared on a second domain: spiderrfoot[.]com. Because SpiderFoot has no official website, any domain can be mistaken for the real thing.

This is a follow-up to our previous investigation: Spiderfoot.org: Google Search Mislabels an Unofficial SpiderFoot Site.

What Happened

The same deceptive SpiderFoot distribution scheme we documented on spiderfoot[.]org has resurfaced on a new domain: spiderrfoot[.]com (note the doubled letter 'r').

This is typosquatting, a technique where a domain is registered to look nearly identical to the real project name so users don't notice the difference.

Why SpiderFoot Is a Target

SpiderFoot is a well-known open-source OSINT automation tool used by cybersecurity professionals. However, the project does not maintain an official website. The only legitimate source is the GitHub repository.

This makes SpiderFoot particularly vulnerable to this kind of abuse. Without an official website to point to, any third-party domain that presents itself as a SpiderFoot resource (whether spiderfoot[.]org, spiderrfoot[.]com, or any future variation) can be perceived as the real thing. There is no official site for users to compare against, and search engines have no authoritative web presence to prioritize.

As long as this gap exists, we expect more domains like these to appear.

What's Different This Time

In our original investigation, Google's AI Overview was actively identifying spiderfoot[.]org as the official SpiderFoot website. That is no longer the case. The AI-generated summary no longer labels it as official.

However, the underlying problem remains. Unofficial sites still appear prominently in search results, and without an official website, users have no easy way to distinguish legitimate from illegitimate sources.

Recommendations

  • Do not download SpiderFoot from spiderrfoot[.]com or spiderfoot[.]org. Neither is affiliated with the official project.
  • The only trusted source is GitHub: github.com/smicallef/spiderfoot.
  • Always verify the source before downloading any cybersecurity tool.

Published April 13, 2026. The Cybersecurity Reach Foundation does not link to suspected malicious domains directly.

Stay Protected

Use our free tools to protect yourself from the threats discussed in this investigation.

Explore Our ToolsSupport Our Work
← Back to All Investigations