Threat Feed | Online Malware Sandbox

URL

malicious

SHA256:

VMRay Threat Identifiers

Severity

Operation

5/5

Combination of other detections indicates a phishing website

4/5

Phishing page detected via Machine Learning

2/5

Branded Logon form detected via Computer Vision

2/5

Page uses exact same title as that of a popular online service

2/5

Unsecured data

1/5

Content matched by YARA rules

1/5

Branding image detected via Computer Vision

1/5

Page presents itself as a logon page

Phishing

msedge_elf.dll

2026-04-17T23:08:50.412

Windows DLL (x86-64)

msedge_elf.dll

malicious

SHA256: 294a44414b420785c5d07bc9ba2f8d182ab5682c0c43bcc3e6eb95667c5ff0fd

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

5/5

Agent Tesla configuration was extracted

4/5

Process Hollowing

4/5

Writes into the memory of another process

4/5

Modifies control flow of another process

2/5

Reads network adapter information

1/5

Unusual large memory allocation

1/5

Content matched by YARA rules

1/5

Resolves API functions dynamically

1/5

Enumerates running processes

1/5

Creates process with hidden window

1/5

Reads from memory of another process

1/5

Creates a page with write and execute permissions

1/5

Query OS Information

1/5

Enables process privileges

Spyware

Injector

kzCev0DKOtLo5Y8g.html

2026-04-17T23:07:40.553

HTML Document

kzCev0DKOtLo5Y8g.html

malicious

SHA256: 128f26190bd6ff28961713dd00e89526b36a9eda68185500c5c3af110570d07a

VMRay Threat Identifiers

Severity

Operation

5/5

Combination of other detections indicates a phishing website

2/5

Page uses exact same title as that of a popular online service

2/5

The HTML file contains logon form

2/5

Branded Logon form detected via Computer Vision

1/5

Page presents itself as a logon page

Phishing

https://instagram-clone-taupe.vercel.app/login

2026-04-17T22:52:38.488

URL

https://instagram-clone-taupe.vercel.app/login

malicious

SHA256:

VMRay Threat Identifiers

Severity

Operation

5/5

Combination of other detections indicates a phishing website

4/5

Phishing page detected via Machine Learning

2/5

Page uses exact same title as that of a popular online service

2/5

Page is served from a service commonly used for temporary hosting

1/5

Page secured via a Domain Validated SSL certificate

1/5

Logon form detected via Computer Vision

1/5

Content matched by YARA rules

1/5

Page uses exact favicon of a popular online service

1/5

Resource is loaded from a service commonly used for temporary hosting

1/5

Page presents itself as a logon page

Phishing

https://facebook-authentication.secure-datalink.org/landing/form/ba38ec41-dbcd-4362-8f8d-88f0f3cec34d

2026-04-17T22:51:36.061

URL

https://facebook-authentication.secure-datalink.org/landing/form/ba38ec41-dbcd-4362-8f8d-88f0f3cec34d

malicious

SHA256:

VMRay Threat Identifiers

Severity

Operation

5/5

Combination of other detections indicates a phishing website

4/5

Phishing page detected via Machine Learning

2/5

Page title matches the name of a popular online service

2/5

Branded Logon form detected via Computer Vision

1/5

Page presents itself as a logon page

1/5

Page secured via a Domain Validated SSL certificate

1/5

Suspicious page characteristics

Phishing