Threat Feed
https://vote-1780192853.vercel.app/1nw1zyg2
2026-05-31T16:40:20.705
malicious
URL
Close
https://vote-1780192853.vercel.app/1nw1zyg2
malicious
SHA256:
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections indicates a phishing website
2/5
Page is served from a service commonly used for temporary hosting
1/5
Loads image resources from another website
1/5
Logon form detected via Computer Vision
1/5
Content matched by YARA rules
1/5
Page secured via a Domain Validated SSL certificate
1/5
Resource is loaded from a service commonly used for temporary hosting
Phishing
http://49.51.43.12/v3/signin/identifier?amp%3Bfollowup=https%3A%2F%2Faccounts.google.com%2F&%3Bifkv=ASKXGp36_CB8HzfrpuLLHTVjXxiUGDwO6Tj8yz4QrsaGyc3I4H4G7NxTTQJtpw0j07g9O5T5Tx4uyQ&%3Bpassive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWa2PasbuQ5CE1v1g1u8ZVz1S8XLPvaSNEcD58yNI_W4qogEWNP6354TU7Rj6NJGdOKS4-oN-8ViUw&dsh=S-1491194784%3A1780229839772557
2026-05-31T16:37:22.333
malicious
URL
Close
http://49.51.43.12/v3/signin/identifier?amp%3Bfollowup=https%3A%2F%2Faccounts.google.com%2F&%3Bifkv=ASKXGp36_CB8HzfrpuLLHTVjXxiUGDwO6Tj8yz4QrsaGyc3I4H4G7NxTTQJtpw0j07g9O5T5Tx4uyQ&%3Bpassive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWa2PasbuQ5CE1v1g1u8ZVz1S8XLPvaSNEcD58yNI_W4qogEWNP6354TU7Rj6NJGdOKS4-oN-8ViUw&dsh=S-1491194784%3A1780229839772557
malicious
SHA256:
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections indicates a phishing website
4/5
Phishing page detected via Machine Learning
2/5
Branded Logon form detected via Computer Vision
2/5
Page uses exact same title as that of a popular online service
1/5
HTTPS page insecurely loads resources via HTTP
1/5
Branding image detected via Computer Vision
1/5
Page presents itself as a logon page
1/5
Content matched by YARA rules
Phishing
0mGvVUmKhQvXhzM0.exe
2026-05-31T16:34:27.161
malicious
Windows Exe (x86-32)
Close
0mGvVUmKhQvXhzM0.exe
malicious
SHA256:
bebc5e47d4ff46d9c6d9ada500982ba7d8afa493a1c30499c7de8eb354d344d3
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Known malicious mutex name is created
5/5
Malicious content matched by YARA rules
5/5
SalatStealer configuration was extracted
2/5
Reads network adapter information
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Suspicious content matched by YARA rules
2/5
Sets up server that accepts incoming connections
1/5
Enumerates running processes
1/5
Reads system data
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Unusual large memory allocation
Spyware
mGzRV6KqWNYpsRkg.exe
2026-05-31T16:34:23.535
malicious
Windows Exe (x86-32)
Close
mGzRV6KqWNYpsRkg.exe
malicious
SHA256:
582611b6f61639f8ba021bf4ab3c196e3822ecc8689e7de85053bbb67dc36a40
VMRay Threat Identifiers
Close
Severity
Operation
5/5
SalatStealer configuration was extracted
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows configuration discovery
5/5
Tries to read cached credentials of various applications
4/5
Creates a Process with redirected Input
3/5
Takes screenshot
2/5
Reads sensitive browser data
2/5
Sets up server that accepts incoming connections
2/5
Suspicious content matched by YARA rules
2/5
Schedules task
2/5
Collects hardware properties
2/5
Queries OS info via WMI
2/5
Reads network adapter information
2/5
Searches for sensitive application data
2/5
Searches for sensitive browser data
1/5
Timestamp manipulation
1/5
Creates mutex
1/5
Reads system data
1/5
Unusual large memory allocation
1/5
Modifies application directory
1/5
Creates process with hidden window
1/5
Possibly does reconnaissance
1/5
Enumerates running processes
1/5
Resolves API functions dynamically
1/5
Content matched by YARA rules
1/5
Drops PE file
1/5
Accesses Microsoft Security Software registry keys
1/5
Executes dropped PE file
1/5
Performs DNS request
Spyware
lN3BGCYZ7vVhrNtU.exe
2026-05-31T16:34:11.246
malicious
Windows Exe (x86-32)
Close
lN3BGCYZ7vVhrNtU.exe
malicious
SHA256:
b77351f55e64ca6b4bb4894c104df0e4acf5e5680e68b7e4db460c72a6fb706b
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows configuration discovery
5/5
SalatStealer configuration was extracted
5/5
Known malicious mutex name is created
5/5
Tries to read cached credentials of various applications
5/5
Malicious content matched by YARA rules
3/5
Takes screenshot
2/5
Reads sensitive browser data
2/5
Sets up server that accepts incoming connections
2/5
Collects hardware properties
2/5
Queries OS info via WMI
2/5
Reads network adapter information
2/5
Searches for sensitive application data
2/5
Searches for sensitive browser data
2/5
Suspicious content matched by YARA rules
2/5
Schedules task
1/5
Content matched by YARA rules
1/5
Creates process with hidden window
1/5
Accesses Microsoft Security Software registry keys
1/5
Resolves API functions dynamically
1/5
Possibly does reconnaissance
1/5
A monitored process crashed
1/5
Drops PE file
1/5
Reads system data
1/5
Executes dropped PE file
1/5
Enumerates running processes
1/5
Timestamp manipulation
1/5
Performs DNS request
1/5
Unusual large memory allocation
Spyware