Windows Analysis Report
http://hayabyayah.com/

Overview

General Information

Sample URL:	http://hayabyayah.com/
Analysis ID:	1520174
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected non-DNS traffic on DNS port

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://hayabyayah.com/

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://hayabyayah.com/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/js/470.124d8f1e.js	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/js/bootstrap.bundle.min.js	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/css/app.14b691ba.css	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/css/jquery.confirm-1.1.css	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/js/jquery.mask.js	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/api/api.php	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/js/app.0be0ded0.js	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/js/chunk-vendors.56b47b1b.js	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/ResourceConfig/config.json	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/js/la/theme/default/layer.css?v=3.5.1	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/js/jquery.validate.min.js	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/js/la/layer.js	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/img/amex.Csr7hRoy.1696b1b5.svg	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/js/jquery-3.5.1.js	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/css/bootstrap.min.css	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/ResourceConfig/smsConfig.json	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/js/jquery.confirm-1.1.js	Avira URL Cloud: Label: phishing

Phishing

AI detected phishing page

Source: https://hayabyayah.com/#/

LLM: Score: 9 Reasons: The brand VISA is a well-known financial services corporation., The URL 'hayabyayah.com' does not match the legitimate domain 'visa.com'., The URL contains no recognizable association with VISA., The URL has no subdomains or hyphens that could be mistaken for legitimate variations., The input fields are in Japanese, which could be a tactic to target specific users. DOM: 11.0.pages.csv

Source: https://hayabyayah.com/#/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.4:53026 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/jquery.confirm-1.1.css HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /css/bootstrap.min.css HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /css/app.14b691ba.css HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/jquery.mask.js HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/jquery-3.5.1.js HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/jquery.validate.min.js HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /js/la/layer.js HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/jquery.confirm-1.1.js HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /ResourceConfig/smsConfig.json HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /ResourceConfig/config.json HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/bootstrap.bundle.min.js HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hayabyayah.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/jquery.mask.js HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/jquery.validate.min.js HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/jquery-3.5.1.js HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/jquery.confirm-1.1.js HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /ResourceConfig/smsConfig.json HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /ResourceConfig/config.json HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/la/theme/default/layer.css?v=3.5.1 HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/chunk-vendors.56b47b1b.js HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/app.0be0ded0.js HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/la/layer.js HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/bootstrap.bundle.min.js HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/app.0be0ded0.js HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/chunk-vendors.56b47b1b.js HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/470.124d8f1e.js HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/470.124d8f1e.js HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /img/amex.Csr7hRoy.1696b1b5.svg HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /api/api.php HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /img/amex.Csr7hRoy.1696b1b5.svg HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: chromecache_130.2.dr, chromecache_155.2.dr

String found in binary or memory: "gourl":"https://www.yahoo.co.jp/",// equals www.yahoo.com (Yahoo)

Source: global traffic	DNS traffic detected: DNS query: hayabyayah.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown

HTTP traffic detected: POST /api/api.php HTTP/1.1Host: hayabyayah.comConnection: keep-aliveContent-Length: 4sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, */*Content-Type: application/x-www-form-urlencodedsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://hayabyayah.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1

Source: chromecache_157.2.dr	String found in binary or memory: http://blog.igorescobar.com
Source: chromecache_141.2.dr, chromecache_157.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_139.2.dr, chromecache_153.2.dr, chromecache_136.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_139.2.dr, chromecache_153.2.dr, chromecache_136.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_153.2.dr, chromecache_136.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_141.2.dr, chromecache_157.2.dr	String found in binary or memory: https://github.com/umdjs/umd/blob/master/jqueryPluginCommonjs.js
Source: chromecache_130.2.dr, chromecache_155.2.dr	String found in binary or memory: https://www.yahoo.co.jp/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53030
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@22/52@9/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2020,i,6924719032335215308,6941448845817675970,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://hayabyayah.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2020,i,6924719032335215308,6941448845817675970,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
118.107.57.26	hayabyayah.com	Singapore	64050	BCPL-SGBGPNETGlobalASNSG	true

Private

IP
192.168.2.4
192.168.2.5

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.210.172	true
hayabyayah.com	118.107.57.26	true
www.google.com	142.250.186.68	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://hayabyayah.com/css/jquery.confirm-1.1.css	false	Avira URL Cloud: phishing	unknown
https://hayabyayah.com/js/bootstrap.bundle.min.js	false	Avira URL Cloud: phishing	unknown
https://hayabyayah.com/js/jquery.mask.js	false	Avira URL Cloud: phishing	unknown
https://hayabyayah.com/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://hayabyayah.com/js/470.124d8f1e.js	false	Avira URL Cloud: phishing	unknown
https://hayabyayah.com/css/app.14b691ba.css	false	Avira URL Cloud: phishing	unknown
https://hayabyayah.com/js/app.0be0ded0.js	false	Avira URL Cloud: phishing	unknown
https://hayabyayah.com/img/amex.Csr7hRoy.1696b1b5.svg	false	Avira URL Cloud: phishing	unknown
https://hayabyayah.com/js/la/layer.js	false	Avira URL Cloud: phishing	unknown
https://hayabyayah.com/	false	Avira URL Cloud: phishing	unknown
https://hayabyayah.com/ResourceConfig/config.json	false	Avira URL Cloud: phishing	unknown
https://hayabyayah.com/js/chunk-vendors.56b47b1b.js	false	Avira URL Cloud: phishing	unknown
https://hayabyayah.com/js/jquery.validate.min.js	false	Avira URL Cloud: phishing	unknown
https://hayabyayah.com/#/	true		unknown
https://hayabyayah.com/js/la/theme/default/layer.css?v=3.5.1	false	Avira URL Cloud: phishing	unknown
https://hayabyayah.com/api/api.php	false	Avira URL Cloud: phishing	unknown
http://hayabyayah.com/	true		unknown
https://hayabyayah.com/js/jquery-3.5.1.js	false	Avira URL Cloud: phishing	unknown
https://hayabyayah.com/css/bootstrap.min.css	false	Avira URL Cloud: phishing	unknown
https://hayabyayah.com/ResourceConfig/smsConfig.json	false	Avira URL Cloud: phishing	unknown
https://hayabyayah.com/js/jquery.confirm-1.1.js	false	Avira URL Cloud: phishing	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 129	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	974CCC6C4C6E1C7F04606973BEB3BA20	0F96F86D488A4B5805744FA067C3CFD57C928406	265D3F591D92FADFE95F4660C382EE64A23538A7353B9880434205A102833DE0
Chrome Cache Entry: 130	Unicode text, UTF-8 text	1050C8CB808393FE0005D22AEE882C4F	A8C778247B1DFEDB98BEF89B3902CFD1C006398C	F8D39F9C94A65EB7B96F53E8C39503382A96620F4112DCE7DF00F71A2C8ECE99
Chrome Cache Entry: 131	Unicode text, UTF-8 text, with CRLF line terminators	7FDC395CAFB60D8E11A1C80E271C97F0	01DEAFEA7CC7C9B823369502AF13FB9FC77021BF	E17CDD81C5F2239DB64BC4A22B1292F4801D9C7ED37F553450CFD3B1477BBDD5
Chrome Cache Entry: 132	Unicode text, UTF-8 text, with very long lines (22680)	E710AABA7133D392C3AE01BDCC36451D	F02223198F057582EC01C7A02488060687B58C2E	A97E4941CEB1A7DF7BCF5E9631B8D9E8F7B47D7CCB59B5ED3968380465E0E824
Chrome Cache Entry: 133	Unicode text, UTF-8 text, with very long lines (5450), with no line terminators	75DD870A29B28FA100938650D5E71DD0	FFB7D853471E89748B455231267D46B2D6FC412C	7507803C73C45F5E9452808B0976DAD612E7E3A75341F84F1523335D2309C632
Chrome Cache Entry: 134	Unicode text, UTF-8 text, with CRLF line terminators	469BAF2E9DDA9AAC6F74002EF930B5EB	1C5EE64DB9729B3E5BAB2DBDA5694DE64F8315B8	860D9C8853C53116168729E24ECD32C1D5BBF8390D14010AA4A1292BBA195BAA
Chrome Cache Entry: 135	Unicode text, UTF-8 text, with very long lines (14526), with no line terminators	F96BD387A9676A644AADBCF18607C3E8	6A29376F6700EC5623CCECA07D21F1B8357E44EA	109CBFFC2739E7D8F4FA588E8D24B90525E8A1F4E6ED844F079B0C5ABEE59219
Chrome Cache Entry: 136	ASCII text, with very long lines (65299)	A0805BCA912EC901F2A7096228B62D46	3233FD01D87FBA457EAAD8DCBC289F75B170F814	19126B874A32753D42C12DFA6C17892BFD93820A5A5100BA1B34DA4D07599B49
Chrome Cache Entry: 137	Unicode text, UTF-8 text, with very long lines (65535), with no line terminators	7389FBDB56E6360274C63E69CFC6901D	0E6CA4BDB1D71C195A188C17BC95DC03D837CFE5	3D29FD36CE1BA8F6777C6179A9B6EC65DD6649FEAC3FF93E0099E3116C18254B
Chrome Cache Entry: 138	ASCII text, with very long lines (65450), with CRLF line terminators	9AC39DC31635A363E377EDA0F6FBE03F	29FA5AD995E9EC866ECE1D3D0B698FC556580EEE	9A2723C21FB1B7DFF0E2AA5DC6BE24A9670220A17AE21F70FDBC602D1F8ACD38
Chrome Cache Entry: 139	ASCII text, with very long lines (65326)	A4B3F509E79C54A512B890D73235EF04	1BE37B62306C8C0C6775BB4C93C5E4C4E13D9775	F886516F3D41E9E7BD994C7F7A39A89CAFAE9483F90396CB0DDEAFE8D1EA5E72
Chrome Cache Entry: 140	Unicode text, UTF-8 text, with very long lines (22680)	E710AABA7133D392C3AE01BDCC36451D	F02223198F057582EC01C7A02488060687B58C2E	A97E4941CEB1A7DF7BCF5E9631B8D9E8F7B47D7CCB59B5ED3968380465E0E824
Chrome Cache Entry: 141	ASCII text, with CRLF line terminators	5A9420282B190338F03C975892366A9E	BD3693FD6AACF397E04859565E39BD8B82EC27EF	D207D7942AA5BD788378F92AAE9FD3AAE7EC1245776F16B6680BC1E312DB3F51
Chrome Cache Entry: 142	Unicode text, UTF-8 text	978BEB4DACD098E4469E69894F42C978	A04D30D708351F1925B4BACB5C492F03BEDBD08D	3BE18D6E5B8C056079362295B6EF22AAFA119ADCDDA3AE6E8DF831469FA95499
Chrome Cache Entry: 143	ASCII text, with no line terminators	CF9ECEF1DDD7CE69CE309C6D90324930	2BBC46058883F4EDF564FE10666A9EA0A1FD1DBA	8E09B2662D710CF8A1752C1A1615D4110B9946C128900F6A5F9C2E1316DA4416
Chrome Cache Entry: 144	SVG Scalable Vector Graphics image	9654894FD9E80B62865B5B3EA77DE442	40509A66A4D0249D37CBA6D0806976B272A76FE9	52E9DF98F3B613210F76F2E4F077D723F8592B90555EE16DC525AEA5599A1A01
Chrome Cache Entry: 145	JSON data	B9E754ADD75D51D888CE7585DC9DFE41	0FD53114199A1A46E887032B7EFA05F1FD74C807	7A97B9B4D758A3929B8A2BE53FBE189C9BA9378D6FBB8190D37F7CC14F5CF5D3
Chrome Cache Entry: 146	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	974CCC6C4C6E1C7F04606973BEB3BA20	0F96F86D488A4B5805744FA067C3CFD57C928406	265D3F591D92FADFE95F4660C382EE64A23538A7353B9880434205A102833DE0
Chrome Cache Entry: 147	HTML document, Unicode text, UTF-8 text, with very long lines (638)	A45C166EC04B558851AE37AD8A910C09	AC159239D94F0AFC41469E6795544D5E6D2313D7	A35B7B7A8A3E9CA60FBF071B825021777452825A1DFE95ABA1E577217673B75B
Chrome Cache Entry: 148	Unicode text, UTF-8 text, with CRLF line terminators	7FDC395CAFB60D8E11A1C80E271C97F0	01DEAFEA7CC7C9B823369502AF13FB9FC77021BF	E17CDD81C5F2239DB64BC4A22B1292F4801D9C7ED37F553450CFD3B1477BBDD5
Chrome Cache Entry: 149	Unicode text, UTF-8 text, with very long lines (5450), with no line terminators	75DD870A29B28FA100938650D5E71DD0	FFB7D853471E89748B455231267D46B2D6FC412C	7507803C73C45F5E9452808B0976DAD612E7E3A75341F84F1523335D2309C632
Chrome Cache Entry: 150	SVG Scalable Vector Graphics image	9654894FD9E80B62865B5B3EA77DE442	40509A66A4D0249D37CBA6D0806976B272A76FE9	52E9DF98F3B613210F76F2E4F077D723F8592B90555EE16DC525AEA5599A1A01
Chrome Cache Entry: 151	Unicode text, UTF-8 text, with very long lines (65535), with no line terminators	7389FBDB56E6360274C63E69CFC6901D	0E6CA4BDB1D71C195A188C17BC95DC03D837CFE5	3D29FD36CE1BA8F6777C6179A9B6EC65DD6649FEAC3FF93E0099E3116C18254B
Chrome Cache Entry: 152	Unicode text, UTF-8 text	978BEB4DACD098E4469E69894F42C978	A04D30D708351F1925B4BACB5C492F03BEDBD08D	3BE18D6E5B8C056079362295B6EF22AAFA119ADCDDA3AE6E8DF831469FA95499
Chrome Cache Entry: 153	ASCII text, with very long lines (65299)	A0805BCA912EC901F2A7096228B62D46	3233FD01D87FBA457EAAD8DCBC289F75B170F814	19126B874A32753D42C12DFA6C17892BFD93820A5A5100BA1B34DA4D07599B49
Chrome Cache Entry: 154	ASCII text, with very long lines (833), with CRLF line terminators	5FA423DC779F202530B0622E5863255D	C929609311FFD1908B40EB34BD7F6949BC69259C	FDE03DC107F1CFD899199F6BC9410E18FB317A3017E2431C884E05CF45C76205
Chrome Cache Entry: 155	Unicode text, UTF-8 text	1050C8CB808393FE0005D22AEE882C4F	A8C778247B1DFEDB98BEF89B3902CFD1C006398C	F8D39F9C94A65EB7B96F53E8C39503382A96620F4112DCE7DF00F71A2C8ECE99
Chrome Cache Entry: 156	ASCII text, with very long lines (65450), with CRLF line terminators	9AC39DC31635A363E377EDA0F6FBE03F	29FA5AD995E9EC866ECE1D3D0B698FC556580EEE	9A2723C21FB1B7DFF0E2AA5DC6BE24A9670220A17AE21F70FDBC602D1F8ACD38
Chrome Cache Entry: 157	ASCII text, with CRLF line terminators	5A9420282B190338F03C975892366A9E	BD3693FD6AACF397E04859565E39BD8B82EC27EF	D207D7942AA5BD788378F92AAE9FD3AAE7EC1245776F16B6680BC1E312DB3F51
Chrome Cache Entry: 158	ASCII text, with no line terminators	C84094FE6EF3F3740302C6C8CA94520C	B71260D19869CE9CB463DB15CE72141648CCEF77	F8418E2065E5FD09ED449494DDA2B648F40EBE782901E003FD6018C0967CF241
Chrome Cache Entry: 159	ASCII text, with very long lines (833), with CRLF line terminators	5FA423DC779F202530B0622E5863255D	C929609311FFD1908B40EB34BD7F6949BC69259C	FDE03DC107F1CFD899199F6BC9410E18FB317A3017E2431C884E05CF45C76205
Chrome Cache Entry: 160	Unicode text, UTF-8 text, with very long lines (14526), with no line terminators	F96BD387A9676A644AADBCF18607C3E8	6A29376F6700EC5623CCECA07D21F1B8357E44EA	109CBFFC2739E7D8F4FA588E8D24B90525E8A1F4E6ED844F079B0C5ABEE59219
Chrome Cache Entry: 161	ASCII text, with very long lines (14271), with no line terminators	C234EB06D5F32055092294E78957F17D	F15EE0BCB9694F32F5E1D524F2653AA0DD043402	5CDF3EDB27B0C9F8E48918C486E9AE65A9E5BEAB806B64C4A7BC5BAC53C0F540

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://hayabyayah.com/

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://hayabyayah.com/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/js/470.124d8f1e.js	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/js/bootstrap.bundle.min.js	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/css/app.14b691ba.css	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/css/jquery.confirm-1.1.css	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/js/jquery.mask.js	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/api/api.php	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/js/app.0be0ded0.js	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/js/chunk-vendors.56b47b1b.js	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/ResourceConfig/config.json	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/js/la/theme/default/layer.css?v=3.5.1	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/js/jquery.validate.min.js	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/js/la/layer.js	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/img/amex.Csr7hRoy.1696b1b5.svg	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/js/jquery-3.5.1.js	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/css/bootstrap.min.css	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/ResourceConfig/smsConfig.json	Avira URL Cloud: Label: phishing
Source: https://hayabyayah.com/js/jquery.confirm-1.1.js	Avira URL Cloud: Label: phishing

Phishing

AI detected phishing page

Source: https://hayabyayah.com/#/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.4:53026 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/jquery.confirm-1.1.css HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /css/bootstrap.min.css HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /css/app.14b691ba.css HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/jquery.mask.js HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/jquery-3.5.1.js HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/jquery.validate.min.js HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /js/la/layer.js HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/jquery.confirm-1.1.js HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /ResourceConfig/smsConfig.json HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /ResourceConfig/config.json HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/bootstrap.bundle.min.js HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hayabyayah.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/jquery.mask.js HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/jquery.validate.min.js HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/jquery-3.5.1.js HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/jquery.confirm-1.1.js HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /ResourceConfig/smsConfig.json HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /ResourceConfig/config.json HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/la/theme/default/layer.css?v=3.5.1 HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/chunk-vendors.56b47b1b.js HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/app.0be0ded0.js HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/la/layer.js HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/bootstrap.bundle.min.js HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/app.0be0ded0.js HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/chunk-vendors.56b47b1b.js HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/470.124d8f1e.js HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /js/470.124d8f1e.js HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /img/amex.Csr7hRoy.1696b1b5.svg HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: hayabyayah.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hayabyayah.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /api/api.php HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /img/amex.Csr7hRoy.1696b1b5.svg HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8c7613b8a37784c3ae3c7b833a909aa1
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hayabyayah.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: chromecache_130.2.dr, chromecache_155.2.dr

String found in binary or memory: "gourl":"https://www.yahoo.co.jp/",// equals www.yahoo.com (Yahoo)

Source: global traffic	DNS traffic detected: DNS query: hayabyayah.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown

Source: chromecache_157.2.dr	String found in binary or memory: http://blog.igorescobar.com
Source: chromecache_141.2.dr, chromecache_157.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_139.2.dr, chromecache_153.2.dr, chromecache_136.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_139.2.dr, chromecache_153.2.dr, chromecache_136.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_153.2.dr, chromecache_136.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_141.2.dr, chromecache_157.2.dr	String found in binary or memory: https://github.com/umdjs/umd/blob/master/jqueryPluginCommonjs.js
Source: chromecache_130.2.dr, chromecache_155.2.dr	String found in binary or memory: https://www.yahoo.co.jp/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53030
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@22/52@9/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2020,i,6924719032335215308,6941448845817675970,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://hayabyayah.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2020,i,6924719032335215308,6941448845817675970,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1520174
Product:	CloudBasic
Start time:	06:06:42
Start date:	27.09.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://hayabyayah.com/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://hayabyayah.com/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://hayabyayah.com/