ThreatFeed
Technology
VMRay DeepResponse
Resources
Try VMRay
Threat Feed
Filter by Classification
Adware
Backdoor
Banker
Banking Trojan
Bot
Crypter
Crypter
Dialer
Downloader
Dropper
Eicar
EICAR
Exploit
Hacktool
HackTool
Injector
Jigsaw
Keylogger
Miner
Phishing
POS
Pua
PUA
Ransomware
RAT
Remote Access Trojan
Rootkit
Skylock
Spyware
Stealer
Trojan
Virus
Wiper
Worm
Xorist
Filter by Sample Type
Excel Document
HTML Application
HTML Application (Shell Link)
HTML Document
Java Archive
Java Class
JScript
Linux ELF Executable (x86-64)
macOS App
macOS Executable
Microsoft Access Database
Microsoft Publisher Document
MSI Setup
PDF Document
Powerpoint Document
PowerShell Script
PowerShell Script (Shell Link)
Python Script
RTF Document
Shell Script
URL
VBScript
Windows ActiveX Control (x86-32)
Windows ActiveX Control (x86-64)
Windows Batch File
Windows Batch File (Shell Link)
Windows DLL (x86-32)
Windows DLL (x86-64)
Windows Driver (x86-32)
Windows Driver (x86-64)
Windows Exe (x86-32)
Windows Exe (x86-64)
Windows Help File
Windows Script File
Word Document
Search
1
2
507916
>
http://49.51.43.12/v3/signin/identifier?flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ASfE1-rIclOs6oq-LtWBRZidWPxLSZJpNRMLkgBNrY34ZC91frmaLfluwLJJu16AoX5oBti7tTqOSA&dsh=S-385208984%3A1771875231321057
2026-02-23T20:38:34.320
malicious
URL
Details
Close
http://49.51.43.12/v3/signin/identifier?flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ASfE1-rIclOs6oq-LtWBRZidWPxLSZJpNRMLkgBNrY34ZC91frmaLfluwLJJu16AoX5oBti7tTqOSA&dsh=S-385208984%3A1771875231321057
malicious
SHA256:
VMRay Threat Identifiers
Severity
Operation
5/5
Combination of other detections indicates a phishing website
4/5
Phishing page detected via Machine Learning
2/5
Branded Logon form detected via Computer Vision
2/5
Page uses exact same title as that of a popular online service
1/5
Branding image detected via Computer Vision
1/5
Page presents itself as a logon page
1/5
HTTPS page insecurely loads resources via HTTP
1/5
Content matched by YARA rules
1/5
Page uses exact favicon of a popular online service
Full Report
Close
Phishing
Full Report
http://49.51.43.12/v3/signin/identifier?amp%3Bfollowup=https%3A%2F%2Faccounts.google.com&%3Bifkv=AWnogHe_pDujLaO-hl3d_3DQFjS6PW6JGM3LRrD13mxmiaQWTJuHz9b6nwmaSIh76M5SMOelnJex7g&%3Bpassive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ASfE1-pK1zljA0F1X4EydhzNxN5F-cg0uY0IOZFYuTdmD-uXT8RDcYdEVtE-NakQtbfAtJh8kdlA4g&dsh=S2133278293%3A1771876980657927
2026-02-23T20:35:14.215
malicious
URL
Details
Close
http://49.51.43.12/v3/signin/identifier?amp%3Bfollowup=https%3A%2F%2Faccounts.google.com&%3Bifkv=AWnogHe_pDujLaO-hl3d_3DQFjS6PW6JGM3LRrD13mxmiaQWTJuHz9b6nwmaSIh76M5SMOelnJex7g&%3Bpassive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ASfE1-pK1zljA0F1X4EydhzNxN5F-cg0uY0IOZFYuTdmD-uXT8RDcYdEVtE-NakQtbfAtJh8kdlA4g&dsh=S2133278293%3A1771876980657927
malicious
SHA256:
VMRay Threat Identifiers
Severity
Operation
5/5
Combination of other detections indicates a phishing website
4/5
Phishing page detected via Machine Learning
2/5
Branded Logon form detected via Computer Vision
2/5
Page uses exact same title as that of a popular online service
1/5
Branding image detected via Computer Vision
1/5
Page presents itself as a logon page
1/5
HTTPS page insecurely loads resources via HTTP
1/5
Content matched by YARA rules
1/5
Page uses exact favicon of a popular online service
Full Report
Close
Phishing
Full Report
http://49.51.43.12/v3/signin/identifier?flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ASfE1-qQq0pYzpPMpTfqZ073nBPV3VCYlICDu6ausaUpWtOc_8Ln7K1chRmQSnrI1EuzajSF-2tfGQ&dsh=S-1171297746%3A1771876873618942
2026-02-23T20:33:11.505
malicious
URL
Details
Close
http://49.51.43.12/v3/signin/identifier?flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ASfE1-qQq0pYzpPMpTfqZ073nBPV3VCYlICDu6ausaUpWtOc_8Ln7K1chRmQSnrI1EuzajSF-2tfGQ&dsh=S-1171297746%3A1771876873618942
malicious
SHA256:
VMRay Threat Identifiers
Severity
Operation
5/5
Combination of other detections indicates a phishing website
4/5
Phishing page detected via Machine Learning
2/5
Page uses exact same title as that of a popular online service
2/5
Branded Logon form detected via Computer Vision
1/5
Content matched by YARA rules
1/5
HTTPS page insecurely loads resources via HTTP
1/5
Branding image detected via Computer Vision
1/5
Page uses exact favicon of a popular online service
1/5
Page presents itself as a logon page
Full Report
Close
Phishing
Full Report
P0-678766887678.js
2026-02-23T20:29:28.807
malicious
JScript
Details
Close
P0-678766887678.js
malicious
SHA256: 0d2291b8f0b26d7cc0232e168776f4f8fb4d9565bbe73c76ec4330811d007ebd
VMRay Threat Identifiers
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Monitors keyboard input
4/5
Writes into the memory of another process
4/5
Reads from memory of another process
4/5
Process Hollowing
4/5
Tries to detect the presence of antivirus software
3/5
Bypasses PowerShell execution policy
2/5
Collects hardware properties
2/5
Executes PowerShell without default profile
2/5
Enables process privileges
2/5
Queries OS info via WMI
1/5
Creates mutex
1/5
Enumerates running processes
1/5
Accesses volumes directly
1/5
Connects to remote host
1/5
Content matched by YARA rules
Full Report
Close
Spyware
Keylogger
Injector
Full Report
Documento_6789789_pdf.js
2026-02-23T20:26:56.645
malicious
JScript
Details
Close
Documento_6789789_pdf.js
malicious
SHA256: 98552e9d476eea24e2c8cb403ff415ed634c4b5e4d8c03e60e76d7a2475461ba
VMRay Threat Identifiers
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Process Hollowing
4/5
Tries to detect the presence of antivirus software
4/5
Writes into the memory of another process
4/5
Reads from memory of another process
3/5
Bypasses PowerShell execution policy
2/5
Collects hardware properties
2/5
Executes PowerShell without default profile
2/5
Tries to connect using an uncommon port
2/5
Enables process privileges
2/5
Queries OS info via WMI
1/5
Connects to remote host
1/5
Content matched by YARA rules
1/5
Creates mutex
Full Report
Close
Spyware
Injector
Full Report
1
2
507916
>