Windows Analysis Report
https://epayln.site.tb-hosting.com/

Overview

General Information

Sample URL:	https://epayln.site.tb-hosting.com/
Analysis ID:	1521654
Tags:	openphish
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://epayln.site.tb-hosting.com/

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social usering

Source: https://epayln.site.tb-hosting.com/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49752 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: epayln.site.tb-hosting.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /statics/css/style.css HTTP/1.1Host: epayln.site.tb-hosting.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://epayln.site.tb-hosting.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik9ZVjhZc3NKbzZYaDNSSXlyWGtlL0E9PSIsInZhbHVlIjoiMWhHOVVqa3dDOWNOY3FtZjlYYTZodGhJOXFyWHVaVFV2SjBnY1d0aVZnRkxrcXkrOFUwbUZwV2VIai9PdnZ0VEV3aUcySTlEQVpnUGc5R2I0UDVyTW5tN2pKbmVYbUVueXJhWFhoR0drMDNDeXVHTkkxdWdoYzJ3cUsvM0FWeUwiLCJtYWMiOiJlOGRkMGEwZTg0ZDQwZWViNmVhNDZlODA0YmI3ZGQ1ZmZmMjIzMDVjMWU1MTY5YTNlNDBiZmFmOWQ2Y2Q3ZDY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVndGJjKytTZnFqRUVDczByS1BtVEE9PSIsInZhbHVlIjoiZXRTM0J2dk1wTm9xSHBZeGRtMnVsQzBSZGRLTk94OXRMQ0JMUXNZTDRTUVhGbzQ2eHpoYU9ScWVGNWhzZi8xbVZrVUJYajNMdkxOM1Mvc1pLUXFFWmxRUFN4bnVsNXdUMnU1akFpNjJXMTFYUElEbkp0ajNCK05wS2xhbFY1NE4iLCJtYWMiOiJhMWExY2JlZTI4M2VlZjBlZjQzMjJmNDg1MDg5MjJlMTU4YWEzMzBmNDQ2N2EzMWE0ZTZmMDMwNjNiZGE1NDJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /imask HTTP/1.1Host: unpkg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://epayln.site.tb-hosting.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /statics/pictures/identity-main.svg HTTP/1.1Host: epayln.site.tb-hosting.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://epayln.site.tb-hosting.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik9ZVjhZc3NKbzZYaDNSSXlyWGtlL0E9PSIsInZhbHVlIjoiMWhHOVVqa3dDOWNOY3FtZjlYYTZodGhJOXFyWHVaVFV2SjBnY1d0aVZnRkxrcXkrOFUwbUZwV2VIai9PdnZ0VEV3aUcySTlEQVpnUGc5R2I0UDVyTW5tN2pKbmVYbUVueXJhWFhoR0drMDNDeXVHTkkxdWdoYzJ3cUsvM0FWeUwiLCJtYWMiOiJlOGRkMGEwZTg0ZDQwZWViNmVhNDZlODA0YmI3ZGQ1ZmZmMjIzMDVjMWU1MTY5YTNlNDBiZmFmOWQ2Y2Q3ZDY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVndGJjKytTZnFqRUVDczByS1BtVEE9PSIsInZhbHVlIjoiZXRTM0J2dk1wTm9xSHBZeGRtMnVsQzBSZGRLTk94OXRMQ0JMUXNZTDRTUVhGbzQ2eHpoYU9ScWVGNWhzZi8xbVZrVUJYajNMdkxOM1Mvc1pLUXFFWmxRUFN4bnVsNXdUMnU1akFpNjJXMTFYUElEbkp0ajNCK05wS2xhbFY1NE4iLCJtYWMiOiJhMWExY2JlZTI4M2VlZjBlZjQzMjJmNDg1MDg5MjJlMTU4YWEzMzBmNDQ2N2EzMWE0ZTZmMDMwNjNiZGE1NDJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /livewire/livewire.js?id=90730a3b0e7144480175 HTTP/1.1Host: epayln.site.tb-hosting.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://epayln.site.tb-hosting.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik9ZVjhZc3NKbzZYaDNSSXlyWGtlL0E9PSIsInZhbHVlIjoiMWhHOVVqa3dDOWNOY3FtZjlYYTZodGhJOXFyWHVaVFV2SjBnY1d0aVZnRkxrcXkrOFUwbUZwV2VIai9PdnZ0VEV3aUcySTlEQVpnUGc5R2I0UDVyTW5tN2pKbmVYbUVueXJhWFhoR0drMDNDeXVHTkkxdWdoYzJ3cUsvM0FWeUwiLCJtYWMiOiJlOGRkMGEwZTg0ZDQwZWViNmVhNDZlODA0YmI3ZGQ1ZmZmMjIzMDVjMWU1MTY5YTNlNDBiZmFmOWQ2Y2Q3ZDY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVndGJjKytTZnFqRUVDczByS1BtVEE9PSIsInZhbHVlIjoiZXRTM0J2dk1wTm9xSHBZeGRtMnVsQzBSZGRLTk94OXRMQ0JMUXNZTDRTUVhGbzQ2eHpoYU9ScWVGNWhzZi8xbVZrVUJYajNMdkxOM1Mvc1pLUXFFWmxRUFN4bnVsNXdUMnU1akFpNjJXMTFYUElEbkp0ajNCK05wS2xhbFY1NE4iLCJtYWMiOiJhMWExY2JlZTI4M2VlZjBlZjQzMjJmNDg1MDg5MjJlMTU4YWEzMzBmNDQ2N2EzMWE0ZTZmMDMwNjNiZGE1NDJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /imask@7.6.1 HTTP/1.1Host: unpkg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://epayln.site.tb-hosting.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /imask@7.6.1/dist/imask.js HTTP/1.1Host: unpkg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://epayln.site.tb-hosting.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /statics/fonts/poppins.regular.ttf HTTP/1.1Host: epayln.site.tb-hosting.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://epayln.site.tb-hosting.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://epayln.site.tb-hosting.com/statics/css/style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik9ZVjhZc3NKbzZYaDNSSXlyWGtlL0E9PSIsInZhbHVlIjoiMWhHOVVqa3dDOWNOY3FtZjlYYTZodGhJOXFyWHVaVFV2SjBnY1d0aVZnRkxrcXkrOFUwbUZwV2VIai9PdnZ0VEV3aUcySTlEQVpnUGc5R2I0UDVyTW5tN2pKbmVYbUVueXJhWFhoR0drMDNDeXVHTkkxdWdoYzJ3cUsvM0FWeUwiLCJtYWMiOiJlOGRkMGEwZTg0ZDQwZWViNmVhNDZlODA0YmI3ZGQ1ZmZmMjIzMDVjMWU1MTY5YTNlNDBiZmFmOWQ2Y2Q3ZDY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVndGJjKytTZnFqRUVDczByS1BtVEE9PSIsInZhbHVlIjoiZXRTM0J2dk1wTm9xSHBZeGRtMnVsQzBSZGRLTk94OXRMQ0JMUXNZTDRTUVhGbzQ2eHpoYU9ScWVGNWhzZi8xbVZrVUJYajNMdkxOM1Mvc1pLUXFFWmxRUFN4bnVsNXdUMnU1akFpNjJXMTFYUElEbkp0ajNCK05wS2xhbFY1NE4iLCJtYWMiOiJhMWExY2JlZTI4M2VlZjBlZjQzMjJmNDg1MDg5MjJlMTU4YWEzMzBmNDQ2N2EzMWE0ZTZmMDMwNjNiZGE1NDJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /statics/pictures/identity-main.svg HTTP/1.1Host: epayln.site.tb-hosting.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik9ZVjhZc3NKbzZYaDNSSXlyWGtlL0E9PSIsInZhbHVlIjoiMWhHOVVqa3dDOWNOY3FtZjlYYTZodGhJOXFyWHVaVFV2SjBnY1d0aVZnRkxrcXkrOFUwbUZwV2VIai9PdnZ0VEV3aUcySTlEQVpnUGc5R2I0UDVyTW5tN2pKbmVYbUVueXJhWFhoR0drMDNDeXVHTkkxdWdoYzJ3cUsvM0FWeUwiLCJtYWMiOiJlOGRkMGEwZTg0ZDQwZWViNmVhNDZlODA0YmI3ZGQ1ZmZmMjIzMDVjMWU1MTY5YTNlNDBiZmFmOWQ2Y2Q3ZDY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVndGJjKytTZnFqRUVDczByS1BtVEE9PSIsInZhbHVlIjoiZXRTM0J2dk1wTm9xSHBZeGRtMnVsQzBSZGRLTk94OXRMQ0JMUXNZTDRTUVhGbzQ2eHpoYU9ScWVGNWhzZi8xbVZrVUJYajNMdkxOM1Mvc1pLUXFFWmxRUFN4bnVsNXdUMnU1akFpNjJXMTFYUElEbkp0ajNCK05wS2xhbFY1NE4iLCJtYWMiOiJhMWExY2JlZTI4M2VlZjBlZjQzMjJmNDg1MDg5MjJlMTU4YWEzMzBmNDQ2N2EzMWE0ZTZmMDMwNjNiZGE1NDJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /livewire/livewire.js?id=90730a3b0e7144480175 HTTP/1.1Host: epayln.site.tb-hosting.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik9ZVjhZc3NKbzZYaDNSSXlyWGtlL0E9PSIsInZhbHVlIjoiMWhHOVVqa3dDOWNOY3FtZjlYYTZodGhJOXFyWHVaVFV2SjBnY1d0aVZnRkxrcXkrOFUwbUZwV2VIai9PdnZ0VEV3aUcySTlEQVpnUGc5R2I0UDVyTW5tN2pKbmVYbUVueXJhWFhoR0drMDNDeXVHTkkxdWdoYzJ3cUsvM0FWeUwiLCJtYWMiOiJlOGRkMGEwZTg0ZDQwZWViNmVhNDZlODA0YmI3ZGQ1ZmZmMjIzMDVjMWU1MTY5YTNlNDBiZmFmOWQ2Y2Q3ZDY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVndGJjKytTZnFqRUVDczByS1BtVEE9PSIsInZhbHVlIjoiZXRTM0J2dk1wTm9xSHBZeGRtMnVsQzBSZGRLTk94OXRMQ0JMUXNZTDRTUVhGbzQ2eHpoYU9ScWVGNWhzZi8xbVZrVUJYajNMdkxOM1Mvc1pLUXFFWmxRUFN4bnVsNXdUMnU1akFpNjJXMTFYUElEbkp0ajNCK05wS2xhbFY1NE4iLCJtYWMiOiJhMWExY2JlZTI4M2VlZjBlZjQzMjJmNDg1MDg5MjJlMTU4YWEzMzBmNDQ2N2EzMWE0ZTZmMDMwNjNiZGE1NDJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: epayln.site.tb-hosting.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://epayln.site.tb-hosting.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik9ZVjhZc3NKbzZYaDNSSXlyWGtlL0E9PSIsInZhbHVlIjoiMWhHOVVqa3dDOWNOY3FtZjlYYTZodGhJOXFyWHVaVFV2SjBnY1d0aVZnRkxrcXkrOFUwbUZwV2VIai9PdnZ0VEV3aUcySTlEQVpnUGc5R2I0UDVyTW5tN2pKbmVYbUVueXJhWFhoR0drMDNDeXVHTkkxdWdoYzJ3cUsvM0FWeUwiLCJtYWMiOiJlOGRkMGEwZTg0ZDQwZWViNmVhNDZlODA0YmI3ZGQ1ZmZmMjIzMDVjMWU1MTY5YTNlNDBiZmFmOWQ2Y2Q3ZDY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVndGJjKytTZnFqRUVDczByS1BtVEE9PSIsInZhbHVlIjoiZXRTM0J2dk1wTm9xSHBZeGRtMnVsQzBSZGRLTk94OXRMQ0JMUXNZTDRTUVhGbzQ2eHpoYU9ScWVGNWhzZi8xbVZrVUJYajNMdkxOM1Mvc1pLUXFFWmxRUFN4bnVsNXdUMnU1akFpNjJXMTFYUElEbkp0ajNCK05wS2xhbFY1NE4iLCJtYWMiOiJhMWExY2JlZTI4M2VlZjBlZjQzMjJmNDg1MDg5MjJlMTU4YWEzMzBmNDQ2N2EzMWE0ZTZmMDMwNjNiZGE1NDJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /imask@7.6.1/dist/imask.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: epayln.site.tb-hosting.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik9ZVjhZc3NKbzZYaDNSSXlyWGtlL0E9PSIsInZhbHVlIjoiMWhHOVVqa3dDOWNOY3FtZjlYYTZodGhJOXFyWHVaVFV2SjBnY1d0aVZnRkxrcXkrOFUwbUZwV2VIai9PdnZ0VEV3aUcySTlEQVpnUGc5R2I0UDVyTW5tN2pKbmVYbUVueXJhWFhoR0drMDNDeXVHTkkxdWdoYzJ3cUsvM0FWeUwiLCJtYWMiOiJlOGRkMGEwZTg0ZDQwZWViNmVhNDZlODA0YmI3ZGQ1ZmZmMjIzMDVjMWU1MTY5YTNlNDBiZmFmOWQ2Y2Q3ZDY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVndGJjKytTZnFqRUVDczByS1BtVEE9PSIsInZhbHVlIjoiZXRTM0J2dk1wTm9xSHBZeGRtMnVsQzBSZGRLTk94OXRMQ0JMUXNZTDRTUVhGbzQ2eHpoYU9ScWVGNWhzZi8xbVZrVUJYajNMdkxOM1Mvc1pLUXFFWmxRUFN4bnVsNXdUMnU1akFpNjJXMTFYUElEbkp0ajNCK05wS2xhbFY1NE4iLCJtYWMiOiJhMWExY2JlZTI4M2VlZjBlZjQzMjJmNDg1MDg5MjJlMTU4YWEzMzBmNDQ2N2EzMWE0ZTZmMDMwNjNiZGE1NDJhIiwidGFnIjoiIn0%3D

Source: global traffic	DNS traffic detected: DNS query: epayln.site.tb-hosting.com
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: unpkg.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_56.2.dr	String found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL
Source: chromecache_52.2.dr, chromecache_53.2.dr	String found in binary or memory: http://stackoverflow.com/a/22075070
Source: chromecache_54.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_52.2.dr, chromecache_53.2.dr	String found in binary or memory: https://github.com/epoberezkin/fast-deep-equal
Source: chromecache_58.2.dr, chromecache_57.2.dr	String found in binary or memory: https://github.com/jonschlinkert/get-value
Source: chromecache_58.2.dr, chromecache_57.2.dr	String found in binary or memory: https://github.com/jonschlinkert/isobject
Source: chromecache_52.2.dr, chromecache_53.2.dr	String found in binary or memory: https://github.com/microsoft/TypeScript/issues/50754
Source: chromecache_52.2.dr, chromecache_53.2.dr	String found in binary or memory: https://github.com/microsoft/TypeScript/issues/6223
Source: chromecache_54.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_52.2.dr, chromecache_53.2.dr	String found in binary or memory: https://github.com/uNmAnNeR/imaskjs/issues/134
Source: chromecache_56.2.dr	String found in binary or memory: https://indiantypefoundry.comThis
Source: chromecache_52.2.dr, chromecache_53.2.dr	String found in binary or memory: https://stackoverflow.com/questions/2901102/how-to-print-a-number-with-commas-as-thousands-separator

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49752 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@16/18@14/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1700,i,12017164564101457797,5329295057376494313,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://epayln.site.tb-hosting.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1700,i,12017164564101457797,5329295057376494313,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.246.203	unknown	United States	13335	CLOUDFLARENETUS	false
104.17.248.203	unpkg.com	United States	13335	CLOUDFLARENETUS	false
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
213.158.94.185	epayln.site.tb-hosting.com	Italy	12389	ROSTELECOM-ASRU	false

Private

IP
192.168.2.6
192.168.2.5

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.210.172	true
www.google.com	216.58.206.36	true
epayln.site.tb-hosting.com	213.158.94.185	true
unpkg.com	104.17.248.203	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
cdn.jsdelivr.net	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://epayln.site.tb-hosting.com/livewire/livewire.js?id=90730a3b0e7144480175	true	unknown
https://unpkg.com/imask@7.6.1	false	unknown
https://epayln.site.tb-hosting.com/favicon.ico	true	unknown
https://unpkg.com/imask@7.6.1/dist/imask.js	false	unknown
https://unpkg.com/imask	false	unknown
https://epayln.site.tb-hosting.com/statics/css/style.css	true	unknown
https://epayln.site.tb-hosting.com/	true	unknown
https://epayln.site.tb-hosting.com/statics/pictures/identity-main.svg	true	unknown
https://epayln.site.tb-hosting.com/statics/fonts/poppins.regular.ttf	true	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 50	ASCII text, with very long lines (39369)	382E629B180F49ED81F57B3025B9497C	7EE8826FE796831D33F4645CC4B1942BAB2EC45A	358D9AFBB1AB5BEFA2F48061A30776E5BCD7707F410A606BA985F98BC3B1C034
Chrome Cache Entry: 51	ASCII text	6969E5E9D1AF0314BC9D17B8341C01B2	648FFF8D8633B9BE17A9D36BBC3C69E3E43F4CEC	92762D92CEE61A7F070427230BDF13B0CF894BD1BBEDF64A1B657837DC6A9285
Chrome Cache Entry: 52	C++ source, ASCII text, with very long lines (2154)	2C87E2F35EA8AB00EA8158B106549788	154CF5157119E081354560FE6D4CAE04174C75E5	90B57AFBD3C669438D15EB8B3E65CDEA42685CA6D1BEED64E781F1F99FCA5492
Chrome Cache Entry: 53	C++ source, ASCII text, with very long lines (2154)	2C87E2F35EA8AB00EA8158B106549788	154CF5157119E081354560FE6D4CAE04174C75E5	90B57AFBD3C669438D15EB8B3E65CDEA42685CA6D1BEED64E781F1F99FCA5492
Chrome Cache Entry: 54	Unicode text, UTF-8 text, with very long lines (65335)	5B42276B3039EAF18CC199CB4C8DB7B8	719956AA52DB4C8AFDC5C0CFB3CBDEAD6258B8A6	932EA15108928991BCF0C0A46415FC652DE5FFC0158C35205357B90C65EEB386
Chrome Cache Entry: 55	ASCII text, with very long lines (39369)	382E629B180F49ED81F57B3025B9497C	7EE8826FE796831D33F4645CC4B1942BAB2EC45A	358D9AFBB1AB5BEFA2F48061A30776E5BCD7707F410A606BA985F98BC3B1C034
Chrome Cache Entry: 56	TrueType Font data, digitally signed, 15 tables, 1st "DSIG", 13 names, Microsoft, language 0x409, Copyright 2014-2017 Indian Type Foundry (info@indiantypefoundry.com)PoppinsRegular3.010;ITFO;Pop	731A28A413D642522667A2DE8681FF35	440DC8992517A306D66E55CB0AFED0CFE9B971B5	2425EBBC021BFDD18FE55EDBEEB1539D22A217212C14430A7D4D75266A333BBC
Chrome Cache Entry: 57	Algol 68 source, Unicode text, UTF-8 text, with very long lines (53585)	0E377E741F7D57DA94C0D5AED41693CD	F2619196A61C34B00491F62774A84F778134B974	38A4DC885F9D1267BBFAF361E24FBF51994BD7F6743784EC3E4A267BBE74A0BE
Chrome Cache Entry: 58	Algol 68 source, Unicode text, UTF-8 text, with very long lines (53585)	0E377E741F7D57DA94C0D5AED41693CD	F2619196A61C34B00491F62774A84F778134B974	38A4DC885F9D1267BBFAF361E24FBF51994BD7F6743784EC3E4A267BBE74A0BE
Chrome Cache Entry: 59	SVG Scalable Vector Graphics image	CE0780B0472840523A646F196C31C0BC	3CF969C40BF394DDE5729D4A07FD3A7D155C2FB6	755EDC5B26465DA4EA363E856963E39CE975702797EB1D16E1AA7CBEE5110861
Chrome Cache Entry: 60	SVG Scalable Vector Graphics image	CE0780B0472840523A646F196C31C0BC	3CF969C40BF394DDE5729D4A07FD3A7D155C2FB6	755EDC5B26465DA4EA363E856963E39CE975702797EB1D16E1AA7CBEE5110861

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://epayln.site.tb-hosting.com/

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social usering

Source: https://epayln.site.tb-hosting.com/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49752 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: epayln.site.tb-hosting.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /statics/css/style.css HTTP/1.1Host: epayln.site.tb-hosting.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://epayln.site.tb-hosting.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik9ZVjhZc3NKbzZYaDNSSXlyWGtlL0E9PSIsInZhbHVlIjoiMWhHOVVqa3dDOWNOY3FtZjlYYTZodGhJOXFyWHVaVFV2SjBnY1d0aVZnRkxrcXkrOFUwbUZwV2VIai9PdnZ0VEV3aUcySTlEQVpnUGc5R2I0UDVyTW5tN2pKbmVYbUVueXJhWFhoR0drMDNDeXVHTkkxdWdoYzJ3cUsvM0FWeUwiLCJtYWMiOiJlOGRkMGEwZTg0ZDQwZWViNmVhNDZlODA0YmI3ZGQ1ZmZmMjIzMDVjMWU1MTY5YTNlNDBiZmFmOWQ2Y2Q3ZDY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVndGJjKytTZnFqRUVDczByS1BtVEE9PSIsInZhbHVlIjoiZXRTM0J2dk1wTm9xSHBZeGRtMnVsQzBSZGRLTk94OXRMQ0JMUXNZTDRTUVhGbzQ2eHpoYU9ScWVGNWhzZi8xbVZrVUJYajNMdkxOM1Mvc1pLUXFFWmxRUFN4bnVsNXdUMnU1akFpNjJXMTFYUElEbkp0ajNCK05wS2xhbFY1NE4iLCJtYWMiOiJhMWExY2JlZTI4M2VlZjBlZjQzMjJmNDg1MDg5MjJlMTU4YWEzMzBmNDQ2N2EzMWE0ZTZmMDMwNjNiZGE1NDJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /imask HTTP/1.1Host: unpkg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://epayln.site.tb-hosting.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /statics/pictures/identity-main.svg HTTP/1.1Host: epayln.site.tb-hosting.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://epayln.site.tb-hosting.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik9ZVjhZc3NKbzZYaDNSSXlyWGtlL0E9PSIsInZhbHVlIjoiMWhHOVVqa3dDOWNOY3FtZjlYYTZodGhJOXFyWHVaVFV2SjBnY1d0aVZnRkxrcXkrOFUwbUZwV2VIai9PdnZ0VEV3aUcySTlEQVpnUGc5R2I0UDVyTW5tN2pKbmVYbUVueXJhWFhoR0drMDNDeXVHTkkxdWdoYzJ3cUsvM0FWeUwiLCJtYWMiOiJlOGRkMGEwZTg0ZDQwZWViNmVhNDZlODA0YmI3ZGQ1ZmZmMjIzMDVjMWU1MTY5YTNlNDBiZmFmOWQ2Y2Q3ZDY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVndGJjKytTZnFqRUVDczByS1BtVEE9PSIsInZhbHVlIjoiZXRTM0J2dk1wTm9xSHBZeGRtMnVsQzBSZGRLTk94OXRMQ0JMUXNZTDRTUVhGbzQ2eHpoYU9ScWVGNWhzZi8xbVZrVUJYajNMdkxOM1Mvc1pLUXFFWmxRUFN4bnVsNXdUMnU1akFpNjJXMTFYUElEbkp0ajNCK05wS2xhbFY1NE4iLCJtYWMiOiJhMWExY2JlZTI4M2VlZjBlZjQzMjJmNDg1MDg5MjJlMTU4YWEzMzBmNDQ2N2EzMWE0ZTZmMDMwNjNiZGE1NDJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /livewire/livewire.js?id=90730a3b0e7144480175 HTTP/1.1Host: epayln.site.tb-hosting.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://epayln.site.tb-hosting.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik9ZVjhZc3NKbzZYaDNSSXlyWGtlL0E9PSIsInZhbHVlIjoiMWhHOVVqa3dDOWNOY3FtZjlYYTZodGhJOXFyWHVaVFV2SjBnY1d0aVZnRkxrcXkrOFUwbUZwV2VIai9PdnZ0VEV3aUcySTlEQVpnUGc5R2I0UDVyTW5tN2pKbmVYbUVueXJhWFhoR0drMDNDeXVHTkkxdWdoYzJ3cUsvM0FWeUwiLCJtYWMiOiJlOGRkMGEwZTg0ZDQwZWViNmVhNDZlODA0YmI3ZGQ1ZmZmMjIzMDVjMWU1MTY5YTNlNDBiZmFmOWQ2Y2Q3ZDY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVndGJjKytTZnFqRUVDczByS1BtVEE9PSIsInZhbHVlIjoiZXRTM0J2dk1wTm9xSHBZeGRtMnVsQzBSZGRLTk94OXRMQ0JMUXNZTDRTUVhGbzQ2eHpoYU9ScWVGNWhzZi8xbVZrVUJYajNMdkxOM1Mvc1pLUXFFWmxRUFN4bnVsNXdUMnU1akFpNjJXMTFYUElEbkp0ajNCK05wS2xhbFY1NE4iLCJtYWMiOiJhMWExY2JlZTI4M2VlZjBlZjQzMjJmNDg1MDg5MjJlMTU4YWEzMzBmNDQ2N2EzMWE0ZTZmMDMwNjNiZGE1NDJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /imask@7.6.1 HTTP/1.1Host: unpkg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://epayln.site.tb-hosting.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /imask@7.6.1/dist/imask.js HTTP/1.1Host: unpkg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://epayln.site.tb-hosting.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /statics/fonts/poppins.regular.ttf HTTP/1.1Host: epayln.site.tb-hosting.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://epayln.site.tb-hosting.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://epayln.site.tb-hosting.com/statics/css/style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik9ZVjhZc3NKbzZYaDNSSXlyWGtlL0E9PSIsInZhbHVlIjoiMWhHOVVqa3dDOWNOY3FtZjlYYTZodGhJOXFyWHVaVFV2SjBnY1d0aVZnRkxrcXkrOFUwbUZwV2VIai9PdnZ0VEV3aUcySTlEQVpnUGc5R2I0UDVyTW5tN2pKbmVYbUVueXJhWFhoR0drMDNDeXVHTkkxdWdoYzJ3cUsvM0FWeUwiLCJtYWMiOiJlOGRkMGEwZTg0ZDQwZWViNmVhNDZlODA0YmI3ZGQ1ZmZmMjIzMDVjMWU1MTY5YTNlNDBiZmFmOWQ2Y2Q3ZDY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVndGJjKytTZnFqRUVDczByS1BtVEE9PSIsInZhbHVlIjoiZXRTM0J2dk1wTm9xSHBZeGRtMnVsQzBSZGRLTk94OXRMQ0JMUXNZTDRTUVhGbzQ2eHpoYU9ScWVGNWhzZi8xbVZrVUJYajNMdkxOM1Mvc1pLUXFFWmxRUFN4bnVsNXdUMnU1akFpNjJXMTFYUElEbkp0ajNCK05wS2xhbFY1NE4iLCJtYWMiOiJhMWExY2JlZTI4M2VlZjBlZjQzMjJmNDg1MDg5MjJlMTU4YWEzMzBmNDQ2N2EzMWE0ZTZmMDMwNjNiZGE1NDJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /statics/pictures/identity-main.svg HTTP/1.1Host: epayln.site.tb-hosting.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik9ZVjhZc3NKbzZYaDNSSXlyWGtlL0E9PSIsInZhbHVlIjoiMWhHOVVqa3dDOWNOY3FtZjlYYTZodGhJOXFyWHVaVFV2SjBnY1d0aVZnRkxrcXkrOFUwbUZwV2VIai9PdnZ0VEV3aUcySTlEQVpnUGc5R2I0UDVyTW5tN2pKbmVYbUVueXJhWFhoR0drMDNDeXVHTkkxdWdoYzJ3cUsvM0FWeUwiLCJtYWMiOiJlOGRkMGEwZTg0ZDQwZWViNmVhNDZlODA0YmI3ZGQ1ZmZmMjIzMDVjMWU1MTY5YTNlNDBiZmFmOWQ2Y2Q3ZDY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVndGJjKytTZnFqRUVDczByS1BtVEE9PSIsInZhbHVlIjoiZXRTM0J2dk1wTm9xSHBZeGRtMnVsQzBSZGRLTk94OXRMQ0JMUXNZTDRTUVhGbzQ2eHpoYU9ScWVGNWhzZi8xbVZrVUJYajNMdkxOM1Mvc1pLUXFFWmxRUFN4bnVsNXdUMnU1akFpNjJXMTFYUElEbkp0ajNCK05wS2xhbFY1NE4iLCJtYWMiOiJhMWExY2JlZTI4M2VlZjBlZjQzMjJmNDg1MDg5MjJlMTU4YWEzMzBmNDQ2N2EzMWE0ZTZmMDMwNjNiZGE1NDJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /livewire/livewire.js?id=90730a3b0e7144480175 HTTP/1.1Host: epayln.site.tb-hosting.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik9ZVjhZc3NKbzZYaDNSSXlyWGtlL0E9PSIsInZhbHVlIjoiMWhHOVVqa3dDOWNOY3FtZjlYYTZodGhJOXFyWHVaVFV2SjBnY1d0aVZnRkxrcXkrOFUwbUZwV2VIai9PdnZ0VEV3aUcySTlEQVpnUGc5R2I0UDVyTW5tN2pKbmVYbUVueXJhWFhoR0drMDNDeXVHTkkxdWdoYzJ3cUsvM0FWeUwiLCJtYWMiOiJlOGRkMGEwZTg0ZDQwZWViNmVhNDZlODA0YmI3ZGQ1ZmZmMjIzMDVjMWU1MTY5YTNlNDBiZmFmOWQ2Y2Q3ZDY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVndGJjKytTZnFqRUVDczByS1BtVEE9PSIsInZhbHVlIjoiZXRTM0J2dk1wTm9xSHBZeGRtMnVsQzBSZGRLTk94OXRMQ0JMUXNZTDRTUVhGbzQ2eHpoYU9ScWVGNWhzZi8xbVZrVUJYajNMdkxOM1Mvc1pLUXFFWmxRUFN4bnVsNXdUMnU1akFpNjJXMTFYUElEbkp0ajNCK05wS2xhbFY1NE4iLCJtYWMiOiJhMWExY2JlZTI4M2VlZjBlZjQzMjJmNDg1MDg5MjJlMTU4YWEzMzBmNDQ2N2EzMWE0ZTZmMDMwNjNiZGE1NDJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: epayln.site.tb-hosting.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://epayln.site.tb-hosting.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik9ZVjhZc3NKbzZYaDNSSXlyWGtlL0E9PSIsInZhbHVlIjoiMWhHOVVqa3dDOWNOY3FtZjlYYTZodGhJOXFyWHVaVFV2SjBnY1d0aVZnRkxrcXkrOFUwbUZwV2VIai9PdnZ0VEV3aUcySTlEQVpnUGc5R2I0UDVyTW5tN2pKbmVYbUVueXJhWFhoR0drMDNDeXVHTkkxdWdoYzJ3cUsvM0FWeUwiLCJtYWMiOiJlOGRkMGEwZTg0ZDQwZWViNmVhNDZlODA0YmI3ZGQ1ZmZmMjIzMDVjMWU1MTY5YTNlNDBiZmFmOWQ2Y2Q3ZDY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVndGJjKytTZnFqRUVDczByS1BtVEE9PSIsInZhbHVlIjoiZXRTM0J2dk1wTm9xSHBZeGRtMnVsQzBSZGRLTk94OXRMQ0JMUXNZTDRTUVhGbzQ2eHpoYU9ScWVGNWhzZi8xbVZrVUJYajNMdkxOM1Mvc1pLUXFFWmxRUFN4bnVsNXdUMnU1akFpNjJXMTFYUElEbkp0ajNCK05wS2xhbFY1NE4iLCJtYWMiOiJhMWExY2JlZTI4M2VlZjBlZjQzMjJmNDg1MDg5MjJlMTU4YWEzMzBmNDQ2N2EzMWE0ZTZmMDMwNjNiZGE1NDJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /imask@7.6.1/dist/imask.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: epayln.site.tb-hosting.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik9ZVjhZc3NKbzZYaDNSSXlyWGtlL0E9PSIsInZhbHVlIjoiMWhHOVVqa3dDOWNOY3FtZjlYYTZodGhJOXFyWHVaVFV2SjBnY1d0aVZnRkxrcXkrOFUwbUZwV2VIai9PdnZ0VEV3aUcySTlEQVpnUGc5R2I0UDVyTW5tN2pKbmVYbUVueXJhWFhoR0drMDNDeXVHTkkxdWdoYzJ3cUsvM0FWeUwiLCJtYWMiOiJlOGRkMGEwZTg0ZDQwZWViNmVhNDZlODA0YmI3ZGQ1ZmZmMjIzMDVjMWU1MTY5YTNlNDBiZmFmOWQ2Y2Q3ZDY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVndGJjKytTZnFqRUVDczByS1BtVEE9PSIsInZhbHVlIjoiZXRTM0J2dk1wTm9xSHBZeGRtMnVsQzBSZGRLTk94OXRMQ0JMUXNZTDRTUVhGbzQ2eHpoYU9ScWVGNWhzZi8xbVZrVUJYajNMdkxOM1Mvc1pLUXFFWmxRUFN4bnVsNXdUMnU1akFpNjJXMTFYUElEbkp0ajNCK05wS2xhbFY1NE4iLCJtYWMiOiJhMWExY2JlZTI4M2VlZjBlZjQzMjJmNDg1MDg5MjJlMTU4YWEzMzBmNDQ2N2EzMWE0ZTZmMDMwNjNiZGE1NDJhIiwidGFnIjoiIn0%3D

Source: global traffic	DNS traffic detected: DNS query: epayln.site.tb-hosting.com
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: unpkg.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_56.2.dr	String found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL
Source: chromecache_52.2.dr, chromecache_53.2.dr	String found in binary or memory: http://stackoverflow.com/a/22075070
Source: chromecache_54.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_52.2.dr, chromecache_53.2.dr	String found in binary or memory: https://github.com/epoberezkin/fast-deep-equal
Source: chromecache_58.2.dr, chromecache_57.2.dr	String found in binary or memory: https://github.com/jonschlinkert/get-value
Source: chromecache_58.2.dr, chromecache_57.2.dr	String found in binary or memory: https://github.com/jonschlinkert/isobject
Source: chromecache_52.2.dr, chromecache_53.2.dr	String found in binary or memory: https://github.com/microsoft/TypeScript/issues/50754
Source: chromecache_52.2.dr, chromecache_53.2.dr	String found in binary or memory: https://github.com/microsoft/TypeScript/issues/6223
Source: chromecache_54.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_52.2.dr, chromecache_53.2.dr	String found in binary or memory: https://github.com/uNmAnNeR/imaskjs/issues/134
Source: chromecache_56.2.dr	String found in binary or memory: https://indiantypefoundry.comThis
Source: chromecache_52.2.dr, chromecache_53.2.dr	String found in binary or memory: https://stackoverflow.com/questions/2901102/how-to-print-a-number-with-commas-as-thousands-separator

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49752 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@16/18@14/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1700,i,12017164564101457797,5329295057376494313,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://epayln.site.tb-hosting.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1700,i,12017164564101457797,5329295057376494313,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1521654
Product:	CloudBasic
Start time:	01:40:04
Start date:	29.09.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://epayln.site.tb-hosting.com/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://epayln.site.tb-hosting.com/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://epayln.site.tb-hosting.com/