JavaScript profiling scripts executed from this domain would automatically prompt the targets to install a malicious add-on named FriarFox if they were using the Firefox web browser and logged into their Gmail account. Phishing emails delivered by the TA413 attackers to their targets' mailboxes redirected them to the attacker-controlled you-tubetv domain that displays a fake Adobe Flash Player Update landing page. TA413 attack flow ( Proofpoint) The malicious FriarFox browser extension