0/100

critical Risk

control.gamingvote.com

https://control.gamingvote.com/

172.67.193.80 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

0 days ⚠

HTTP

200 · 18.3s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "PANELITO Admin"

Save

Domain Intelligence: gamingvote.com

Scanned 13 times since Mar 10, 2026, 11:26 AM UTC

✗ Critical (100)

Registered-domain escalation suggested

Suggested now

Submit gamingvote.com as the primary IOC, enriched with evidence from hostile subdomains like control.gamingvote.com.

4 hostile subdomains across 13 completed scans were observed under this registered domain. Recent hosts: osrsjagex.gamingvote.com, rsoldschools.gamingvote.com, rsoldschool.gamingvote.com, osrsaccount.gamingvote.com.

Take this site down

Report to 50+ vendors instantly

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

PANELITO

Credential Phishing

technology | finance | ecommerce | cryptocurrency | other · 4/5/2026

Summary

This page at control.gamingvote.com presents a PANELITO Admin login UI, imitating an admin panel. The page title reads 'PANELITO Admin' and the static HTML shows a login section with a username default of 'admin' and a password field, while the domain is control.gamingvote.com which is a new domain (0 days old) under Cloudflare hosting. Network activity includes an off-domain endpoint and SPA-style credential capture potential via admin.js and a password field rendered in the SPA, indicating credential collection」という impersonation of an admin panel brand. The SSL certificate covers gamingvote.com and control.gamingvote.com, but the brand shown is PANELITO, not gamingvote, flagging brand impersonation and credential harvesting potential.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸Canonical stage contains password collection UI.

▸Off-domain submission or API endpoints observed: https://usb.b63ccd22db3b4e5a4c4d.workers.dev/datasound/discord.mp3.

▸Distinctive asset clues: admin.js, v8c78df7c7c0f484497ecbca7046644da1771523124516, admin.css.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: No

Credential Signals

Forms: 0

Password fields: 1

Late-stage login UI: No

Resource Signals

Resources: 9

Hosts: 3

Domains: 3

Suspicious Endpoints

hxxps://usb[.]b63ccd22db3b4e5a4c4d[.]workers[.]dev/datasound/discord.mp3

Off-Domain Posts

hxxps://usb[.]b63ccd22db3b4e5a4c4d[.]workers[.]dev/datasound/discord.mp3

Attack Techniques (7)

Typosquatting domain? No direct brand name mismatch in domain; brand is PANELITO while domain is gamingvote family suggesting impersonation via SPA UICloned/admin panel UI with logo-free but branding-heavy login screenPassword field present in static HTML (sensitive credential collection risk) and SPA rendering of login formsExternal script admin.js and off-domain endpoints indicating credential exfiltration potentialNew domain age (0 days) and Cloudflare hosting with recent SSL certOff-domain API/endpoint usage observed for data collectionWAF/bot-protection evasion indicators via dynamic script loading and unusual beacon calls

Indicators of Compromise (6)

▸Domain: control.gamingvote.com (new domain, Cloudflare-hosted) – IOC

▸Page title: PANELITO Admin – branding not matching gamingvote.com domain; visual impersonation of an admin panel

▸Login UI includes Username field preset to 'admin' and Password field with placeholder referencing secret management

▸Network requests include admin.js and beacon.min.js indicating SPA/analytics loading, plus post to /cdn-cgi/rum? (off-domain exfiltration pattern)

▸Off-domain resource: https://usb.b63ccd22db3b4e5a4c4d.workers.dev/datasound/discord.mp3 – suspicious external asset

▸SSL SAN includes gamingvote.com and control.gamingvote.com; certificate issued very recently (0 days)

Risk AssessmentUsed in abuse reports

Scanner captured a new, unsigned admin panel mimic hosted at control.gamingvote.com. The page title and UI clearly imitate an unknown 'PANELITO' admin panel, while the domain is an unrelated, freshly registered subdomain under gamingvote branding. The static HTML contains a password field and a JavaScript bundle named admin.js, suggesting credential capture within a SPA. Off-domain exfiltration endpoints and beacon calls imply data collection and potential leakage. The combination of a brand-mismatch impersonation, a password input field, a 0-day domain, and suspicious external endpoints warrants immediate takedown action and suspension of the domain and hosting to prevent credential harvesting.

Recommended Action

Suspend Domain

Cross-Reference8

URL Intelligence