Threat Feed
https://yonlendeiiyonuz7290012.duckdns.org/login_up.php
2026-06-01T16:32:01.496
malicious
URL
Close
https://yonlendeiiyonuz7290012.duckdns.org/login_up.php
malicious
SHA256:
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections indicates a phishing website
4/5
Phishing page detected via Machine Learning
2/5
Performs DNS request for known DDNS domain
2/5
Page uses an invalid certificate
1/5
Page presents itself as a logon page
1/5
Content matched by YARA rules
1/5
Logon form detected via Computer Vision
Phishing
http://49.51.43.12/v3/signin/identifier?amp%3Bfollowup=https%3A%2F%2Faccounts.google.com&%3Bifkv=AWnogHe_pDujLaO-hl3d_3DQFjS6PW6JGM3LRrD13mxmiaQWTJuHz9b6nwmaSIh76M5SMOelnJex7g&%3Bpassive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWa2Pau8XT0ZqaFb983VLo567oj2MA9uP48L-fFgCfL7G4-0WkZzDn6mVKab2AqH9MjCWornz945&dsh=S1831033761%3A1780315914184779
2026-06-01T16:23:52.462
malicious
URL
Close
http://49.51.43.12/v3/signin/identifier?amp%3Bfollowup=https%3A%2F%2Faccounts.google.com&%3Bifkv=AWnogHe_pDujLaO-hl3d_3DQFjS6PW6JGM3LRrD13mxmiaQWTJuHz9b6nwmaSIh76M5SMOelnJex7g&%3Bpassive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWa2Pau8XT0ZqaFb983VLo567oj2MA9uP48L-fFgCfL7G4-0WkZzDn6mVKab2AqH9MjCWornz945&dsh=S1831033761%3A1780315914184779
malicious
SHA256:
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections indicates a phishing website
4/5
Phishing page detected via Machine Learning
2/5
Branded Logon form detected via Computer Vision
2/5
Page uses exact same title as that of a popular online service
1/5
HTTPS page insecurely loads resources via HTTP
1/5
Branding image detected via Computer Vision
1/5
Page presents itself as a logon page
1/5
Content matched by YARA rules
Phishing
z14lNV-9088759885926.exe
2026-06-01T16:19:29.447
malicious
Windows Exe (x86-32)
Close
z14lNV-9088759885926.exe
malicious
SHA256:
309ec9ea0e7c9580b181da9c4c87dfce070912789b6e25596f85e814292daf28
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Modifies Windows Defender configuration
4/5
Process Hollowing
3/5
Monitors keyboard input
3/5
Bypasses PowerShell execution policy
3/5
Tries to detect the presence of antivirus software
2/5
Searches for sensitive browser data
2/5
Collects hardware properties
2/5
Deletes file after execution
2/5
Executes PowerShell with hidden window
2/5
Executes PowerShell without default profile
2/5
Searches for sensitive mail data
2/5
Reads sensitive mail data
2/5
Modifies control flow of a process started from a created or modified executable
2/5
Queries OS info via WMI
2/5
Tries to detect debugger
1/5
Accesses Microsoft Security Software registry keys
1/5
Writes an unusually large amount of data to the registry
1/5
Creates process with hidden window
1/5
Executes WMI query
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
1/5
Obfuscates control flow
1/5
Resolves API functions dynamically
1/5
Query OS Information
1/5
Reads from memory of another process
1/5
Creates a page with write and execute permissions
1/5
Enables process privileges
1/5
Enumerates running processes
1/5
Creates mutex
1/5
Installs system startup script or application
1/5
Possibly does reconnaissance
1/5
Reads system data
Spyware
Injector
umhAUf9JBT0flY0S.exe
2026-06-01T16:17:24.691
malicious
Windows Exe (x86-32)
Close
umhAUf9JBT0flY0S.exe
malicious
SHA256:
dfa20257c42064b8ee196a683a73570299fca2392cd85163611ad0b76637eee3
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Malicious content matched by YARA rules
4/5
Modifies Windows Defender configuration
3/5
Bypasses PowerShell execution policy
3/5
Suspicious content matched by YARA rules
3/5
Performs DNS request for known DDNS domain
2/5
Deletes file after execution
2/5
Executes PowerShell with hidden window
2/5
Sets up server that accepts incoming connections
2/5
Schedules task
1/5
Timestamp manipulation
1/5
Creates mutex
1/5
Query OS Information
1/5
Creates process with hidden window
1/5
Accesses Microsoft Security Software registry keys
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Drops PE file
1/5
Enables process privileges
1/5
Loads a dropped DLL
Spyware
EZ69P6mvYmBtNKJO.exe
2026-06-01T16:17:04.679
malicious
Windows Exe (x86-32)
Close
EZ69P6mvYmBtNKJO.exe
malicious
SHA256:
caf31fe887be4180b1b03ba4e3c56f503c946016c4f9422aa195351393457063
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
QuasarRAT configuration was extracted
3/5
Obscures a file's origin
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Collects BIOS properties
2/5
Deletes file after execution
1/5
Connects to remote host
1/5
Query OS Information
1/5
Resolves API functions dynamically
1/5
Performs DNS request
1/5
Creates mutex
1/5
Creates process with hidden window
1/5
Tries to connect using an uncommon port
1/5
Checks external IP address
1/5
Content matched by YARA rules
Backdoor