Edit tour

Windows Analysis Report
http://api-analytics.hydro.online

Overview

General Information

Sample URL:	http://api-analytics.hydro.online
Analysis ID:	1499755
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5576 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1744 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2216,i,16730929549553036915,13013467825113805218,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6396 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://api-analytics.hydro.online" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /report/v4?s=Yqo5c%2Beu7PkFMZEYheiQFXZfeLjzdj2%2BtSdxrEWiAOwgHg5%2F4eNrz2Bf01gd5yNkV8byu9aktfOIRfHP4HpriFXphtAtFz3gVFzkMyJOSjVtdAkeEoxEXFI%2FTgsgLKhr7YfK43iXkp0NFkdR HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 396Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.100.168
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.100.168
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api-analytics.hydro.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: api-analytics.hydro.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://api-analytics.hydro.online/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: api-analytics.hydro.online
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 12:48:06 GMTContent-Type: text/plainContent-Length: 18Connection: closeAccess-Control-Allow-Headers: Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETEAccess-Control-Allow-Origin: Strict-Transport-Security: max-age=31536000X-Xss-Protection: 1; mode=blockCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yqo5c%2Beu7PkFMZEYheiQFXZfeLjzdj2%2BtSdxrEWiAOwgHg5%2F4eNrz2Bf01gd5yNkV8byu9aktfOIRfHP4HpriFXphtAtFz3gVFzkMyJOSjVtdAkeEoxEXFI%2FTgsgLKhr7YfK43iXkp0NFkdR"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8b9c2c869a2c41d2-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 12:48:08 GMTContent-Type: text/plainContent-Length: 18Connection: closeAccess-Control-Allow-Headers: Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETEAccess-Control-Allow-Origin: Strict-Transport-Security: max-age=31536000X-Xss-Protection: 1; mode=blockCache-Control: max-age=14400CF-Cache-Status: MISSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R8YG8HH%2Fr7EJxdrfyPgd9AeKMI7WpjPeneCI%2F9ij%2FsACtern%2Fl8w3FLQhgvK3RhfGTngnTofqwlysM1QOudcX7SyeB%2BpLAOG4KJ6vkvQbse67zXfvKESeybNyKlPRjPHiVUxH%2FQTxVEmnbAa"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8b9c2c93c998c35b-EWR

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2216,i,16730929549553036915,13013467825113805218,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://api-analytics.hydro.online"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2216,i,16730929549553036915,13013467825113805218,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Source	Detection	Scanner	Label	Link
https://a.nel.cloudflare.com/report/v4?s=R8YG8HH%2Fr7EJxdrfyPgd9AeKMI7WpjPeneCI%2F9ij%2FsACtern%2Fl8w3FLQhgvK3RhfGTngnTofqwlysM1QOudcX7SyeB%2BpLAOG4KJ6vkvQbse67zXfvKESeybNyKlPRjPHiVUxH%2FQTxVEmnbAa	0%	Avira URL Cloud	safe
https://api-analytics.hydro.online/favicon.ico	0%	Avira URL Cloud	safe

Name	IP	Active	Malicious	Reputation
api-analytics.hydro.online	172.67.73.23	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
www.google.com	142.250.185.196	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
windowsupdatebg.s.llnwi.net	178.79.238.128	true	false	unknown

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.196	www.google.com	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.26.4.66	unknown	United States	13335	CLOUDFLARENETUS	false

IP
192.168.2.16
192.168.2.4

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1499755
Start date and time:	2024-08-27 14:47:11 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://api-analytics.hydro.online
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@17/4@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	18
Entropy (8bit):	3.5724312513221195
Encrypted:	false
SSDEEP:	3:uZuUeB:u5eB
MD5:	53AF239EE5D3E261545DEDEDCB6FFD57
SHA1:	04CA7E137E1E9FEEAD96A7DF45BB67D5AB3DE190
SHA-256:	99EB12F2AB3C4866A353E098FFA3CB7A967E617C49B98480394EC5D8EA92B094
SHA-512:	C734E4A5FF5D335A91518DBF47861BDAF8012AF49371DCD2E3350E269C9A5A1CC094114D17C4F5B053F3757B4B07487EBD0D309C91EF97ACF4665CC5D5C9A2D3
Malicious:	false
Reputation:	low
URL:	https://api-analytics.hydro.online/favicon.ico
Preview:	404 page not found

Name	Malicious	Antivirus Detection	Reputation
https://api-analytics.hydro.online/	false		unknown
https://a.nel.cloudflare.com/report/v4?s=R8YG8HH%2Fr7EJxdrfyPgd9AeKMI7WpjPeneCI%2F9ij%2FsACtern%2Fl8w3FLQhgvK3RhfGTngnTofqwlysM1QOudcX7SyeB%2BpLAOG4KJ6vkvQbse67zXfvKESeybNyKlPRjPHiVUxH%2FQTxVEmnbAa	false	Avira URL Cloud: safe	unknown
https://api-analytics.hydro.online/favicon.ico	false	Avira URL Cloud: safe	unknown

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 27, 2024 14:47:54.693942070 CEST	49675	443	192.168.2.4	173.222.162.32
Aug 27, 2024 14:48:04.334512949 CEST	49675	443	192.168.2.4	173.222.162.32
Aug 27, 2024 14:48:05.612303019 CEST	49735	443	192.168.2.4	104.26.4.66
Aug 27, 2024 14:48:05.612346888 CEST	443	49735	104.26.4.66	192.168.2.4
Aug 27, 2024 14:48:05.612415075 CEST	49735	443	192.168.2.4	104.26.4.66
Aug 27, 2024 14:48:05.612633944 CEST	49735	443	192.168.2.4	104.26.4.66
Aug 27, 2024 14:48:05.612647057 CEST	443	49735	104.26.4.66	192.168.2.4
Aug 27, 2024 14:48:06.101342916 CEST	443	49735	104.26.4.66	192.168.2.4
Aug 27, 2024 14:48:06.101696014 CEST	49735	443	192.168.2.4	104.26.4.66
Aug 27, 2024 14:48:06.101717949 CEST	443	49735	104.26.4.66	192.168.2.4
Aug 27, 2024 14:48:06.102562904 CEST	443	49735	104.26.4.66	192.168.2.4
Aug 27, 2024 14:48:06.102637053 CEST	49735	443	192.168.2.4	104.26.4.66
Aug 27, 2024 14:48:06.103641987 CEST	49735	443	192.168.2.4	104.26.4.66
Aug 27, 2024 14:48:06.103702068 CEST	443	49735	104.26.4.66	192.168.2.4
Aug 27, 2024 14:48:06.103908062 CEST	49735	443	192.168.2.4	104.26.4.66
Aug 27, 2024 14:48:06.103915930 CEST	443	49735	104.26.4.66	192.168.2.4
Aug 27, 2024 14:48:06.150078058 CEST	49735	443	192.168.2.4	104.26.4.66
Aug 27, 2024 14:48:07.520301104 CEST	443	49735	104.26.4.66	192.168.2.4
Aug 27, 2024 14:48:07.520359993 CEST	443	49735	104.26.4.66	192.168.2.4
Aug 27, 2024 14:48:07.520421028 CEST	49735	443	192.168.2.4	104.26.4.66
Aug 27, 2024 14:48:07.542769909 CEST	49738	443	192.168.2.4	142.250.185.196
Aug 27, 2024 14:48:07.542819977 CEST	443	49738	142.250.185.196	192.168.2.4
Aug 27, 2024 14:48:07.542885065 CEST	49738	443	192.168.2.4	142.250.185.196
Aug 27, 2024 14:48:07.543690920 CEST	49738	443	192.168.2.4	142.250.185.196
Aug 27, 2024 14:48:07.543709040 CEST	443	49738	142.250.185.196	192.168.2.4
Aug 27, 2024 14:48:07.547641039 CEST	49735	443	192.168.2.4	104.26.4.66
Aug 27, 2024 14:48:07.547657967 CEST	443	49735	104.26.4.66	192.168.2.4
Aug 27, 2024 14:48:07.558752060 CEST	49739	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:48:07.558769941 CEST	443	49739	35.190.80.1	192.168.2.4
Aug 27, 2024 14:48:07.558825970 CEST	49739	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:48:07.558984995 CEST	49739	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:48:07.558998108 CEST	443	49739	35.190.80.1	192.168.2.4
Aug 27, 2024 14:48:07.701639891 CEST	49740	443	192.168.2.4	104.26.4.66
Aug 27, 2024 14:48:07.701674938 CEST	443	49740	104.26.4.66	192.168.2.4
Aug 27, 2024 14:48:07.701797962 CEST	49740	443	192.168.2.4	104.26.4.66
Aug 27, 2024 14:48:07.702080011 CEST	49740	443	192.168.2.4	104.26.4.66
Aug 27, 2024 14:48:07.702090025 CEST	443	49740	104.26.4.66	192.168.2.4
Aug 27, 2024 14:48:08.018392086 CEST	443	49739	35.190.80.1	192.168.2.4
Aug 27, 2024 14:48:08.018790007 CEST	49739	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:48:08.018804073 CEST	443	49739	35.190.80.1	192.168.2.4
Aug 27, 2024 14:48:08.019676924 CEST	443	49739	35.190.80.1	192.168.2.4
Aug 27, 2024 14:48:08.019730091 CEST	49739	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:48:08.186392069 CEST	443	49738	142.250.185.196	192.168.2.4
Aug 27, 2024 14:48:08.186675072 CEST	49738	443	192.168.2.4	142.250.185.196
Aug 27, 2024 14:48:08.186705112 CEST	443	49738	142.250.185.196	192.168.2.4
Aug 27, 2024 14:48:08.187736988 CEST	443	49738	142.250.185.196	192.168.2.4
Aug 27, 2024 14:48:08.187799931 CEST	49738	443	192.168.2.4	142.250.185.196
Aug 27, 2024 14:48:08.195573092 CEST	443	49740	104.26.4.66	192.168.2.4
Aug 27, 2024 14:48:08.195784092 CEST	49740	443	192.168.2.4	104.26.4.66
Aug 27, 2024 14:48:08.195801020 CEST	443	49740	104.26.4.66	192.168.2.4
Aug 27, 2024 14:48:08.196110964 CEST	443	49740	104.26.4.66	192.168.2.4
Aug 27, 2024 14:48:08.196860075 CEST	49740	443	192.168.2.4	104.26.4.66
Aug 27, 2024 14:48:08.196918964 CEST	443	49740	104.26.4.66	192.168.2.4
Aug 27, 2024 14:48:08.197053909 CEST	49740	443	192.168.2.4	104.26.4.66
Aug 27, 2024 14:48:08.244503975 CEST	443	49740	104.26.4.66	192.168.2.4
Aug 27, 2024 14:48:08.248544931 CEST	49740	443	192.168.2.4	104.26.4.66
Aug 27, 2024 14:48:08.371809959 CEST	49739	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:48:08.371927977 CEST	443	49739	35.190.80.1	192.168.2.4
Aug 27, 2024 14:48:08.372251987 CEST	49738	443	192.168.2.4	142.250.185.196
Aug 27, 2024 14:48:08.372407913 CEST	443	49738	142.250.185.196	192.168.2.4
Aug 27, 2024 14:48:08.372756958 CEST	49739	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:48:08.372771978 CEST	443	49739	35.190.80.1	192.168.2.4
Aug 27, 2024 14:48:08.419337988 CEST	49738	443	192.168.2.4	142.250.185.196
Aug 27, 2024 14:48:08.419351101 CEST	443	49738	142.250.185.196	192.168.2.4
Aug 27, 2024 14:48:08.419389009 CEST	49739	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:48:08.468583107 CEST	49738	443	192.168.2.4	142.250.185.196
Aug 27, 2024 14:48:08.499181986 CEST	443	49739	35.190.80.1	192.168.2.4
Aug 27, 2024 14:48:08.499245882 CEST	443	49739	35.190.80.1	192.168.2.4
Aug 27, 2024 14:48:08.500289917 CEST	49739	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:48:08.503432035 CEST	49739	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:48:08.503452063 CEST	443	49739	35.190.80.1	192.168.2.4
Aug 27, 2024 14:48:08.524871111 CEST	49741	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:48:08.524895906 CEST	443	49741	35.190.80.1	192.168.2.4
Aug 27, 2024 14:48:08.525274992 CEST	49741	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:48:08.535660982 CEST	49741	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:48:08.535680056 CEST	443	49741	35.190.80.1	192.168.2.4
Aug 27, 2024 14:48:08.689279079 CEST	443	49740	104.26.4.66	192.168.2.4
Aug 27, 2024 14:48:08.689346075 CEST	443	49740	104.26.4.66	192.168.2.4
Aug 27, 2024 14:48:08.689393997 CEST	49740	443	192.168.2.4	104.26.4.66
Aug 27, 2024 14:48:09.004800081 CEST	443	49741	35.190.80.1	192.168.2.4
Aug 27, 2024 14:48:09.046715021 CEST	49741	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:48:09.138825893 CEST	49741	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:48:09.138844967 CEST	443	49741	35.190.80.1	192.168.2.4
Aug 27, 2024 14:48:09.139192104 CEST	443	49741	35.190.80.1	192.168.2.4
Aug 27, 2024 14:48:09.140393972 CEST	49741	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:48:09.140453100 CEST	443	49741	35.190.80.1	192.168.2.4
Aug 27, 2024 14:48:09.140836954 CEST	49741	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:48:09.188498020 CEST	443	49741	35.190.80.1	192.168.2.4
Aug 27, 2024 14:48:09.276854992 CEST	443	49741	35.190.80.1	192.168.2.4
Aug 27, 2024 14:48:09.277296066 CEST	443	49741	35.190.80.1	192.168.2.4
Aug 27, 2024 14:48:09.277374983 CEST	49741	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:48:09.307271004 CEST	49741	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:48:09.307286024 CEST	443	49741	35.190.80.1	192.168.2.4
Aug 27, 2024 14:48:09.370450020 CEST	49740	443	192.168.2.4	104.26.4.66
Aug 27, 2024 14:48:09.370467901 CEST	443	49740	104.26.4.66	192.168.2.4
Aug 27, 2024 14:48:09.687741041 CEST	49742	443	192.168.2.4	184.28.90.27
Aug 27, 2024 14:48:09.687762976 CEST	443	49742	184.28.90.27	192.168.2.4
Aug 27, 2024 14:48:09.688023090 CEST	49742	443	192.168.2.4	184.28.90.27
Aug 27, 2024 14:48:09.690655947 CEST	49742	443	192.168.2.4	184.28.90.27
Aug 27, 2024 14:48:09.690666914 CEST	443	49742	184.28.90.27	192.168.2.4
Aug 27, 2024 14:48:10.333664894 CEST	443	49742	184.28.90.27	192.168.2.4
Aug 27, 2024 14:48:10.333734989 CEST	49742	443	192.168.2.4	184.28.90.27
Aug 27, 2024 14:48:10.339235067 CEST	49742	443	192.168.2.4	184.28.90.27
Aug 27, 2024 14:48:10.339241028 CEST	443	49742	184.28.90.27	192.168.2.4
Aug 27, 2024 14:48:10.339447975 CEST	443	49742	184.28.90.27	192.168.2.4
Aug 27, 2024 14:48:10.390449047 CEST	49742	443	192.168.2.4	184.28.90.27
Aug 27, 2024 14:48:10.576348066 CEST	49742	443	192.168.2.4	184.28.90.27
Aug 27, 2024 14:48:10.616499901 CEST	443	49742	184.28.90.27	192.168.2.4
Aug 27, 2024 14:48:10.761336088 CEST	443	49742	184.28.90.27	192.168.2.4
Aug 27, 2024 14:48:10.761380911 CEST	443	49742	184.28.90.27	192.168.2.4
Aug 27, 2024 14:48:10.761476994 CEST	49742	443	192.168.2.4	184.28.90.27
Aug 27, 2024 14:48:10.761776924 CEST	49742	443	192.168.2.4	184.28.90.27
Aug 27, 2024 14:48:10.761790991 CEST	443	49742	184.28.90.27	192.168.2.4
Aug 27, 2024 14:48:10.810957909 CEST	49743	443	192.168.2.4	184.28.90.27
Aug 27, 2024 14:48:10.810988903 CEST	443	49743	184.28.90.27	192.168.2.4
Aug 27, 2024 14:48:10.811053991 CEST	49743	443	192.168.2.4	184.28.90.27
Aug 27, 2024 14:48:10.811429024 CEST	49743	443	192.168.2.4	184.28.90.27
Aug 27, 2024 14:48:10.811441898 CEST	443	49743	184.28.90.27	192.168.2.4
Aug 27, 2024 14:48:11.462373972 CEST	443	49743	184.28.90.27	192.168.2.4
Aug 27, 2024 14:48:11.462441921 CEST	49743	443	192.168.2.4	184.28.90.27
Aug 27, 2024 14:48:11.463752031 CEST	49743	443	192.168.2.4	184.28.90.27
Aug 27, 2024 14:48:11.463757992 CEST	443	49743	184.28.90.27	192.168.2.4
Aug 27, 2024 14:48:11.463952065 CEST	443	49743	184.28.90.27	192.168.2.4
Aug 27, 2024 14:48:11.464956999 CEST	49743	443	192.168.2.4	184.28.90.27
Aug 27, 2024 14:48:11.508511066 CEST	443	49743	184.28.90.27	192.168.2.4
Aug 27, 2024 14:48:11.773474932 CEST	443	49743	184.28.90.27	192.168.2.4
Aug 27, 2024 14:48:11.773554087 CEST	443	49743	184.28.90.27	192.168.2.4
Aug 27, 2024 14:48:11.773612022 CEST	49743	443	192.168.2.4	184.28.90.27
Aug 27, 2024 14:48:11.777178049 CEST	49743	443	192.168.2.4	184.28.90.27
Aug 27, 2024 14:48:11.777200937 CEST	443	49743	184.28.90.27	192.168.2.4
Aug 27, 2024 14:48:11.777210951 CEST	49743	443	192.168.2.4	184.28.90.27
Aug 27, 2024 14:48:11.777216911 CEST	443	49743	184.28.90.27	192.168.2.4
Aug 27, 2024 14:48:18.085220098 CEST	443	49738	142.250.185.196	192.168.2.4
Aug 27, 2024 14:48:18.085283995 CEST	443	49738	142.250.185.196	192.168.2.4
Aug 27, 2024 14:48:18.085330963 CEST	49738	443	192.168.2.4	142.250.185.196
Aug 27, 2024 14:48:18.414216995 CEST	49738	443	192.168.2.4	142.250.185.196
Aug 27, 2024 14:48:18.414248943 CEST	443	49738	142.250.185.196	192.168.2.4
Aug 27, 2024 14:49:02.894113064 CEST	49751	53	192.168.2.4	1.1.1.1
Aug 27, 2024 14:49:02.899771929 CEST	53	49751	1.1.1.1	192.168.2.4
Aug 27, 2024 14:49:02.899878979 CEST	49751	53	192.168.2.4	1.1.1.1
Aug 27, 2024 14:49:02.899935007 CEST	49751	53	192.168.2.4	1.1.1.1
Aug 27, 2024 14:49:02.899935007 CEST	49751	53	192.168.2.4	1.1.1.1
Aug 27, 2024 14:49:02.900049925 CEST	49751	53	192.168.2.4	1.1.1.1
Aug 27, 2024 14:49:02.905108929 CEST	53	49751	1.1.1.1	192.168.2.4
Aug 27, 2024 14:49:02.905122042 CEST	53	49751	1.1.1.1	192.168.2.4
Aug 27, 2024 14:49:02.945518970 CEST	53	49751	1.1.1.1	192.168.2.4
Aug 27, 2024 14:49:03.280590057 CEST	53	49751	1.1.1.1	192.168.2.4
Aug 27, 2024 14:49:03.280703068 CEST	49751	53	192.168.2.4	1.1.1.1
Aug 27, 2024 14:49:06.998348951 CEST	49753	443	192.168.2.4	142.250.185.196
Aug 27, 2024 14:49:06.998395920 CEST	443	49753	142.250.185.196	192.168.2.4
Aug 27, 2024 14:49:06.998637915 CEST	49753	443	192.168.2.4	142.250.185.196
Aug 27, 2024 14:49:06.999778032 CEST	49753	443	192.168.2.4	142.250.185.196
Aug 27, 2024 14:49:06.999797106 CEST	443	49753	142.250.185.196	192.168.2.4
Aug 27, 2024 14:49:07.872535944 CEST	49754	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:49:07.872566938 CEST	443	49754	35.190.80.1	192.168.2.4
Aug 27, 2024 14:49:07.872627974 CEST	49754	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:49:07.872996092 CEST	49754	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:49:07.873009920 CEST	443	49754	35.190.80.1	192.168.2.4
Aug 27, 2024 14:49:07.902112007 CEST	443	49753	142.250.185.196	192.168.2.4
Aug 27, 2024 14:49:07.902484894 CEST	49753	443	192.168.2.4	142.250.185.196
Aug 27, 2024 14:49:07.902513981 CEST	443	49753	142.250.185.196	192.168.2.4
Aug 27, 2024 14:49:07.902848959 CEST	443	49753	142.250.185.196	192.168.2.4
Aug 27, 2024 14:49:07.903410912 CEST	49753	443	192.168.2.4	142.250.185.196
Aug 27, 2024 14:49:07.903501034 CEST	443	49753	142.250.185.196	192.168.2.4
Aug 27, 2024 14:49:07.943233967 CEST	49753	443	192.168.2.4	142.250.185.196
Aug 27, 2024 14:49:08.345500946 CEST	443	49754	35.190.80.1	192.168.2.4
Aug 27, 2024 14:49:08.347357988 CEST	49754	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:49:08.347382069 CEST	443	49754	35.190.80.1	192.168.2.4
Aug 27, 2024 14:49:08.347815037 CEST	443	49754	35.190.80.1	192.168.2.4
Aug 27, 2024 14:49:08.350830078 CEST	49754	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:49:08.350929976 CEST	443	49754	35.190.80.1	192.168.2.4
Aug 27, 2024 14:49:08.351466894 CEST	49754	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:49:08.396497965 CEST	443	49754	35.190.80.1	192.168.2.4
Aug 27, 2024 14:49:08.472662926 CEST	443	49754	35.190.80.1	192.168.2.4
Aug 27, 2024 14:49:08.472819090 CEST	443	49754	35.190.80.1	192.168.2.4
Aug 27, 2024 14:49:08.472866058 CEST	49754	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:49:08.473531008 CEST	49754	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:49:08.473550081 CEST	443	49754	35.190.80.1	192.168.2.4
Aug 27, 2024 14:49:08.477159977 CEST	49755	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:49:08.477185011 CEST	443	49755	35.190.80.1	192.168.2.4
Aug 27, 2024 14:49:08.477247000 CEST	49755	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:49:08.478221893 CEST	49755	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:49:08.478235960 CEST	443	49755	35.190.80.1	192.168.2.4
Aug 27, 2024 14:49:08.942317009 CEST	443	49755	35.190.80.1	192.168.2.4
Aug 27, 2024 14:49:08.943053961 CEST	49755	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:49:08.943068981 CEST	443	49755	35.190.80.1	192.168.2.4
Aug 27, 2024 14:49:08.943419933 CEST	443	49755	35.190.80.1	192.168.2.4
Aug 27, 2024 14:49:08.944518089 CEST	49755	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:49:08.944591045 CEST	443	49755	35.190.80.1	192.168.2.4
Aug 27, 2024 14:49:08.944993973 CEST	49755	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:49:08.988503933 CEST	443	49755	35.190.80.1	192.168.2.4
Aug 27, 2024 14:49:09.072113037 CEST	443	49755	35.190.80.1	192.168.2.4
Aug 27, 2024 14:49:09.072185040 CEST	443	49755	35.190.80.1	192.168.2.4
Aug 27, 2024 14:49:09.072577000 CEST	49755	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:49:09.072588921 CEST	443	49755	35.190.80.1	192.168.2.4
Aug 27, 2024 14:49:09.072618008 CEST	49755	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:49:09.072730064 CEST	49755	443	192.168.2.4	35.190.80.1
Aug 27, 2024 14:49:12.474744081 CEST	49723	80	192.168.2.4	2.16.100.168
Aug 27, 2024 14:49:12.474744081 CEST	49724	80	192.168.2.4	199.232.210.172
Aug 27, 2024 14:49:12.480051994 CEST	80	49723	2.16.100.168	192.168.2.4
Aug 27, 2024 14:49:12.480257988 CEST	49723	80	192.168.2.4	2.16.100.168
Aug 27, 2024 14:49:12.481776953 CEST	80	49724	199.232.210.172	192.168.2.4
Aug 27, 2024 14:49:12.481874943 CEST	49724	80	192.168.2.4	199.232.210.172
Aug 27, 2024 14:49:17.807950020 CEST	443	49753	142.250.185.196	192.168.2.4
Aug 27, 2024 14:49:17.808027983 CEST	443	49753	142.250.185.196	192.168.2.4
Aug 27, 2024 14:49:17.811372995 CEST	49753	443	192.168.2.4	142.250.185.196
Aug 27, 2024 14:49:18.297638893 CEST	49753	443	192.168.2.4	142.250.185.196
Aug 27, 2024 14:49:18.297689915 CEST	443	49753	142.250.185.196	192.168.2.4

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 27, 2024 14:48:03.575819016 CEST	53	57427	1.1.1.1	192.168.2.4
Aug 27, 2024 14:48:03.575843096 CEST	53	62780	1.1.1.1	192.168.2.4
Aug 27, 2024 14:48:04.716017962 CEST	53	64687	1.1.1.1	192.168.2.4
Aug 27, 2024 14:48:05.588171959 CEST	57358	53	192.168.2.4	1.1.1.1
Aug 27, 2024 14:48:05.590097904 CEST	49588	53	192.168.2.4	1.1.1.1
Aug 27, 2024 14:48:05.597826004 CEST	53	57358	1.1.1.1	192.168.2.4
Aug 27, 2024 14:48:05.600219011 CEST	53	49588	1.1.1.1	192.168.2.4
Aug 27, 2024 14:48:05.603976011 CEST	63298	53	192.168.2.4	1.1.1.1
Aug 27, 2024 14:48:05.604150057 CEST	51881	53	192.168.2.4	1.1.1.1
Aug 27, 2024 14:48:05.611200094 CEST	53	63298	1.1.1.1	192.168.2.4
Aug 27, 2024 14:48:05.611917973 CEST	53	51881	1.1.1.1	192.168.2.4
Aug 27, 2024 14:48:06.947446108 CEST	59390	53	192.168.2.4	1.1.1.1
Aug 27, 2024 14:48:06.947685003 CEST	56554	53	192.168.2.4	1.1.1.1
Aug 27, 2024 14:48:07.525010109 CEST	53	56554	1.1.1.1	192.168.2.4
Aug 27, 2024 14:48:07.525022030 CEST	53	59390	1.1.1.1	192.168.2.4
Aug 27, 2024 14:48:07.545306921 CEST	59815	53	192.168.2.4	1.1.1.1
Aug 27, 2024 14:48:07.545846939 CEST	53528	53	192.168.2.4	1.1.1.1
Aug 27, 2024 14:48:07.552294970 CEST	53	59815	1.1.1.1	192.168.2.4
Aug 27, 2024 14:48:07.552768946 CEST	53	53528	1.1.1.1	192.168.2.4
Aug 27, 2024 14:48:21.810568094 CEST	53	61360	1.1.1.1	192.168.2.4
Aug 27, 2024 14:48:24.060887098 CEST	138	138	192.168.2.4	192.168.2.255
Aug 27, 2024 14:48:40.582451105 CEST	53	55044	1.1.1.1	192.168.2.4
Aug 27, 2024 14:49:02.893640041 CEST	53	50109	1.1.1.1	192.168.2.4
Aug 27, 2024 14:49:02.935245991 CEST	53	60659	1.1.1.1	192.168.2.4

Timestamp	Bytes transferred	Direction	Data
2024-08-27 12:48:06 UTC	669	OUT	GET / HTTP/1.1 Host: api-analytics.hydro.online Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 12:48:07 UTC	747	IN	HTTP/1.1 404 Not Found Date: Tue, 27 Aug 2024 12:48:06 GMT Content-Type: text/plain Content-Length: 18 Connection: close Access-Control-Allow-Headers: * Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=31536000 X-Xss-Protection: 1; mode=block CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yqo5c%2Beu7PkFMZEYheiQFXZfeLjzdj2%2BtSdxrEWiAOwgHg5%2F4eNrz2Bf01gd5yNkV8byu9aktfOIRfHP4HpriFXphtAtFz3gVFzkMyJOSjVtdAkeEoxEXFI%2FTgsgLKhr7YfK43iXkp0NFkdR"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9c2c869a2c41d2-EWR
2024-08-27 12:48:07 UTC	18	IN	Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 Data Ascii: 404 page not found

Timestamp	Bytes transferred	Direction	Data
2024-08-27 12:48:08 UTC	608	OUT	GET /favicon.ico HTTP/1.1 Host: api-analytics.hydro.online Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://api-analytics.hydro.online/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 12:48:08 UTC	778	IN	HTTP/1.1 404 Not Found Date: Tue, 27 Aug 2024 12:48:08 GMT Content-Type: text/plain Content-Length: 18 Connection: close Access-Control-Allow-Headers: * Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=31536000 X-Xss-Protection: 1; mode=block Cache-Control: max-age=14400 CF-Cache-Status: MISS Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R8YG8HH%2Fr7EJxdrfyPgd9AeKMI7WpjPeneCI%2F9ij%2FsACtern%2Fl8w3FLQhgvK3RhfGTngnTofqwlysM1QOudcX7SyeB%2BpLAOG4KJ6vkvQbse67zXfvKESeybNyKlPRjPHiVUxH%2FQTxVEmnbAa"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9c2c93c998c35b-EWR
2024-08-27 12:48:08 UTC	18	IN	Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 Data Ascii: 404 page not found

Timestamp	Bytes transferred	Direction	Data
2024-08-27 12:48:08 UTC	559	OUT	OPTIONS /report/v4?s=Yqo5c%2Beu7PkFMZEYheiQFXZfeLjzdj2%2BtSdxrEWiAOwgHg5%2F4eNrz2Bf01gd5yNkV8byu9aktfOIRfHP4HpriFXphtAtFz3gVFzkMyJOSjVtdAkeEoxEXFI%2FTgsgLKhr7YfK43iXkp0NFkdR HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://api-analytics.hydro.online Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 12:48:08 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Tue, 27 Aug 2024 12:48:07 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-08-27 12:48:09 UTC	490	OUT	POST /report/v4?s=Yqo5c%2Beu7PkFMZEYheiQFXZfeLjzdj2%2BtSdxrEWiAOwgHg5%2F4eNrz2Bf01gd5yNkV8byu9aktfOIRfHP4HpriFXphtAtFz3gVFzkMyJOSjVtdAkeEoxEXFI%2FTgsgLKhr7YfK43iXkp0NFkdR HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 396 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 12:48:09 UTC	396	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 31 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 39 32 39 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 36 2e 34 2e 36 36 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 61 70 69 2d 61 6e 61 6c 79 74 69 63 73 2e 68 79 Data Ascii: [{"age":10,"body":{"elapsed_time":1929,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"104.26.4.66","status_code":404,"type":"http.error"},"type":"network-error","url":"https://api-analytics.hy
2024-08-27 12:48:09 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Tue, 27 Aug 2024 12:48:08 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-08-27 12:48:10 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-27 12:48:10 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF17) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=96736 Date: Tue, 27 Aug 2024 12:48:10 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-08-27 12:48:11 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-27 12:48:11 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=100649 Date: Tue, 27 Aug 2024 12:48:11 GMT Content-Length: 55 Connection: close X-CID: 2
2024-08-27 12:48:11 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-08-27 12:49:08 UTC	563	OUT	OPTIONS /report/v4?s=R8YG8HH%2Fr7EJxdrfyPgd9AeKMI7WpjPeneCI%2F9ij%2FsACtern%2Fl8w3FLQhgvK3RhfGTngnTofqwlysM1QOudcX7SyeB%2BpLAOG4KJ6vkvQbse67zXfvKESeybNyKlPRjPHiVUxH%2FQTxVEmnbAa HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://api-analytics.hydro.online Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 12:49:08 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Tue, 27 Aug 2024 12:49:08 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://api-analytics.hydro.online

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5576, Parent PID: 4996

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

Process Activities

Process Created

Process Terminated

Windows Analysis Report
http://api-analytics.hydro.online

Timestamp	Bytes transferred	Direction	Data
2024-08-27 12:49:08 UTC	494	OUT	POST /report/v4?s=R8YG8HH%2Fr7EJxdrfyPgd9AeKMI7WpjPeneCI%2F9ij%2FsACtern%2Fl8w3FLQhgvK3RhfGTngnTofqwlysM1QOudcX7SyeB%2BpLAOG4KJ6vkvQbse67zXfvKESeybNyKlPRjPHiVUxH%2FQTxVEmnbAa HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 445 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 12:49:08 UTC	445	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 35 38 37 33 33 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 34 33 37 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 61 70 69 2d 61 6e 61 6c 79 74 69 63 73 2e 68 79 64 72 6f 2e 6f 6e 6c 69 6e 65 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 36 2e 34 2e 36 36 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d Data Ascii: [{"age":58733,"body":{"elapsed_time":1437,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://api-analytics.hydro.online/","sampling_fraction":1.0,"server_ip":"104.26.4.66","status_code":404,"type":"http.error"},"type":"network-
2024-08-27 12:49:09 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Tue, 27 Aug 2024 12:49:08 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Target ID:	0
Start time:	08:47:57
Start date:	27/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	08:48:01
Start date:	27/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2216,i,16730929549553036915,13013467825113805218,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	08:48:04
Start date:	27/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://api-analytics.hydro.online"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre