Edit tour

Windows Analysis Report
https://t.ly/31-te

Overview

General Information

Sample URL:	https://t.ly/31-te
Analysis ID:	1559457
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected suspicious crossdomain redirect

Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5940 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1740 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1980,i,3477016076006715460,3977212518384502136,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6292 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.ly/31-te" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-20T15:09:41.464364+0100	2018316	1	A Network Trojan was detected	1.1.1.1	53	192.168.2.4	61321	UDP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://t.ly/31-te

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49773 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: t.ly to https://bradenonlinesalesllc.com/n/?c3y9bzm2nv8xx3zvawnljnjhbmq9wjjgawvwrt0mdwlkpvvtrvixmda3mjaynfvosvfvrteyntywnzewmtgymdi0mjaynda3mta1njeymtg=n0123n

Source: Network traffic

Suricata IDS: 2018316 - Severity 1 - ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses : 1.1.1.1:53 -> 192.168.2.4:61321

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63

Source: global traffic	HTTP traffic detected: GET /31-te HTTP/1.1Host: t.lyConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=LM+ugVDOZVU1Ea8&MD=nCkRpfYD HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=LM+ugVDOZVU1Ea8&MD=nCkRpfYD HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: global traffic	DNS traffic detected: DNS query: t.ly
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: bradenonlinesalesllc.com
Source: global traffic	DNS traffic detected: DNS query: google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49773 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@23/0@33/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1980,i,3477016076006715460,3977212518384502136,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.ly/31-te"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1980,i,3477016076006715460,3977212518384502136,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://t.ly/31-te	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering
https://t.ly/31-te	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
t.ly	104.20.7.133	true	false	high
google.com	142.250.181.142	true	false	high
www.google.com	142.250.181.68	true	false	high
bradenonlinesalesllc.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://t.ly/31-te	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.20.7.133	t.ly	United States	13335	CLOUDFLARENETUS	false
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.8
192.168.2.9
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1559457
Start date and time:	2024-11-20 15:07:49 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 5s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://t.ly/31-te
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@23/0@33/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.21.35, 172.217.19.238, 74.125.205.84, 34.104.35.123, 199.232.210.172, 192.229.221.95, 172.217.17.35
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, otelrules.azureedge.net, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://t.ly/31-te

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: https://t.ly Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": true, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: https://t.ly

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

⊘No static file info

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-20T15:09:41.464364+0100	2018316	ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses	1	1.1.1.1	53	192.168.2.4	61321	UDP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 20, 2024 15:08:49.894289970 CET	49675	443	192.168.2.4	173.222.162.32
Nov 20, 2024 15:08:52.401559114 CET	49735	443	192.168.2.4	104.20.7.133
Nov 20, 2024 15:08:52.401607990 CET	443	49735	104.20.7.133	192.168.2.4
Nov 20, 2024 15:08:52.401874065 CET	49735	443	192.168.2.4	104.20.7.133
Nov 20, 2024 15:08:52.402120113 CET	49736	443	192.168.2.4	104.20.7.133
Nov 20, 2024 15:08:52.402173042 CET	443	49736	104.20.7.133	192.168.2.4
Nov 20, 2024 15:08:52.402251959 CET	49736	443	192.168.2.4	104.20.7.133
Nov 20, 2024 15:08:52.402299881 CET	49735	443	192.168.2.4	104.20.7.133
Nov 20, 2024 15:08:52.402318954 CET	443	49735	104.20.7.133	192.168.2.4
Nov 20, 2024 15:08:52.402453899 CET	49736	443	192.168.2.4	104.20.7.133
Nov 20, 2024 15:08:52.402478933 CET	443	49736	104.20.7.133	192.168.2.4
Nov 20, 2024 15:08:53.637311935 CET	443	49736	104.20.7.133	192.168.2.4
Nov 20, 2024 15:08:53.637732029 CET	49736	443	192.168.2.4	104.20.7.133
Nov 20, 2024 15:08:53.637742996 CET	443	49736	104.20.7.133	192.168.2.4
Nov 20, 2024 15:08:53.639446020 CET	443	49736	104.20.7.133	192.168.2.4
Nov 20, 2024 15:08:53.639525890 CET	49736	443	192.168.2.4	104.20.7.133
Nov 20, 2024 15:08:53.652739048 CET	49736	443	192.168.2.4	104.20.7.133
Nov 20, 2024 15:08:53.652739048 CET	49736	443	192.168.2.4	104.20.7.133
Nov 20, 2024 15:08:53.652776957 CET	443	49736	104.20.7.133	192.168.2.4
Nov 20, 2024 15:08:53.652867079 CET	443	49736	104.20.7.133	192.168.2.4
Nov 20, 2024 15:08:53.674524069 CET	443	49735	104.20.7.133	192.168.2.4
Nov 20, 2024 15:08:53.674943924 CET	49735	443	192.168.2.4	104.20.7.133
Nov 20, 2024 15:08:53.674967051 CET	443	49735	104.20.7.133	192.168.2.4
Nov 20, 2024 15:08:53.676731110 CET	443	49735	104.20.7.133	192.168.2.4
Nov 20, 2024 15:08:53.676805973 CET	49735	443	192.168.2.4	104.20.7.133
Nov 20, 2024 15:08:53.677439928 CET	49735	443	192.168.2.4	104.20.7.133
Nov 20, 2024 15:08:53.677520990 CET	443	49735	104.20.7.133	192.168.2.4
Nov 20, 2024 15:08:53.700102091 CET	49736	443	192.168.2.4	104.20.7.133
Nov 20, 2024 15:08:53.700110912 CET	443	49736	104.20.7.133	192.168.2.4
Nov 20, 2024 15:08:53.724066973 CET	49735	443	192.168.2.4	104.20.7.133
Nov 20, 2024 15:08:53.724082947 CET	443	49735	104.20.7.133	192.168.2.4
Nov 20, 2024 15:08:53.746148109 CET	49736	443	192.168.2.4	104.20.7.133
Nov 20, 2024 15:08:53.777031898 CET	49735	443	192.168.2.4	104.20.7.133
Nov 20, 2024 15:08:54.224220037 CET	443	49736	104.20.7.133	192.168.2.4
Nov 20, 2024 15:08:54.224550962 CET	443	49736	104.20.7.133	192.168.2.4
Nov 20, 2024 15:08:54.224608898 CET	49736	443	192.168.2.4	104.20.7.133
Nov 20, 2024 15:08:54.226429939 CET	49736	443	192.168.2.4	104.20.7.133
Nov 20, 2024 15:08:54.226429939 CET	49736	443	192.168.2.4	104.20.7.133
Nov 20, 2024 15:08:54.226459026 CET	443	49736	104.20.7.133	192.168.2.4
Nov 20, 2024 15:08:54.226561069 CET	49736	443	192.168.2.4	104.20.7.133
Nov 20, 2024 15:08:54.363429070 CET	49739	443	192.168.2.4	142.250.181.68
Nov 20, 2024 15:08:54.363483906 CET	443	49739	142.250.181.68	192.168.2.4
Nov 20, 2024 15:08:54.363539934 CET	49739	443	192.168.2.4	142.250.181.68
Nov 20, 2024 15:08:54.364090919 CET	49739	443	192.168.2.4	142.250.181.68
Nov 20, 2024 15:08:54.364104986 CET	443	49739	142.250.181.68	192.168.2.4
Nov 20, 2024 15:08:54.983838081 CET	49740	443	192.168.2.4	23.218.208.109
Nov 20, 2024 15:08:54.983891964 CET	443	49740	23.218.208.109	192.168.2.4
Nov 20, 2024 15:08:54.983975887 CET	49740	443	192.168.2.4	23.218.208.109
Nov 20, 2024 15:08:55.031898975 CET	49740	443	192.168.2.4	23.218.208.109
Nov 20, 2024 15:08:55.031929016 CET	443	49740	23.218.208.109	192.168.2.4
Nov 20, 2024 15:08:56.111171007 CET	443	49739	142.250.181.68	192.168.2.4
Nov 20, 2024 15:08:56.159156084 CET	49739	443	192.168.2.4	142.250.181.68
Nov 20, 2024 15:08:56.182327032 CET	49739	443	192.168.2.4	142.250.181.68
Nov 20, 2024 15:08:56.182341099 CET	443	49739	142.250.181.68	192.168.2.4
Nov 20, 2024 15:08:56.183549881 CET	443	49739	142.250.181.68	192.168.2.4
Nov 20, 2024 15:08:56.183603048 CET	49739	443	192.168.2.4	142.250.181.68
Nov 20, 2024 15:08:56.186244011 CET	49739	443	192.168.2.4	142.250.181.68
Nov 20, 2024 15:08:56.186357975 CET	443	49739	142.250.181.68	192.168.2.4
Nov 20, 2024 15:08:56.237296104 CET	49739	443	192.168.2.4	142.250.181.68
Nov 20, 2024 15:08:56.237319946 CET	443	49739	142.250.181.68	192.168.2.4
Nov 20, 2024 15:08:56.284152985 CET	49739	443	192.168.2.4	142.250.181.68
Nov 20, 2024 15:08:56.427596092 CET	443	49740	23.218.208.109	192.168.2.4
Nov 20, 2024 15:08:56.427664995 CET	49740	443	192.168.2.4	23.218.208.109
Nov 20, 2024 15:08:56.430881023 CET	49740	443	192.168.2.4	23.218.208.109
Nov 20, 2024 15:08:56.430886030 CET	443	49740	23.218.208.109	192.168.2.4
Nov 20, 2024 15:08:56.431123972 CET	443	49740	23.218.208.109	192.168.2.4
Nov 20, 2024 15:08:56.470578909 CET	49740	443	192.168.2.4	23.218.208.109
Nov 20, 2024 15:08:56.515332937 CET	443	49740	23.218.208.109	192.168.2.4
Nov 20, 2024 15:08:56.981296062 CET	443	49740	23.218.208.109	192.168.2.4
Nov 20, 2024 15:08:56.981362104 CET	443	49740	23.218.208.109	192.168.2.4
Nov 20, 2024 15:08:56.981496096 CET	49740	443	192.168.2.4	23.218.208.109
Nov 20, 2024 15:08:56.981532097 CET	443	49740	23.218.208.109	192.168.2.4
Nov 20, 2024 15:08:56.981581926 CET	49740	443	192.168.2.4	23.218.208.109
Nov 20, 2024 15:08:56.981581926 CET	49740	443	192.168.2.4	23.218.208.109
Nov 20, 2024 15:08:56.981590033 CET	443	49740	23.218.208.109	192.168.2.4
Nov 20, 2024 15:08:56.981597900 CET	443	49740	23.218.208.109	192.168.2.4
Nov 20, 2024 15:08:57.167707920 CET	49741	443	192.168.2.4	23.218.208.109
Nov 20, 2024 15:08:57.167742968 CET	443	49741	23.218.208.109	192.168.2.4
Nov 20, 2024 15:08:57.167824984 CET	49741	443	192.168.2.4	23.218.208.109
Nov 20, 2024 15:08:57.168201923 CET	49741	443	192.168.2.4	23.218.208.109
Nov 20, 2024 15:08:57.168214083 CET	443	49741	23.218.208.109	192.168.2.4
Nov 20, 2024 15:08:58.547369957 CET	443	49741	23.218.208.109	192.168.2.4
Nov 20, 2024 15:08:58.547460079 CET	49741	443	192.168.2.4	23.218.208.109
Nov 20, 2024 15:08:58.555663109 CET	49741	443	192.168.2.4	23.218.208.109
Nov 20, 2024 15:08:58.555681944 CET	443	49741	23.218.208.109	192.168.2.4
Nov 20, 2024 15:08:58.556006908 CET	443	49741	23.218.208.109	192.168.2.4
Nov 20, 2024 15:08:58.569591045 CET	49741	443	192.168.2.4	23.218.208.109
Nov 20, 2024 15:08:58.611342907 CET	443	49741	23.218.208.109	192.168.2.4
Nov 20, 2024 15:08:59.067888975 CET	443	49741	23.218.208.109	192.168.2.4
Nov 20, 2024 15:08:59.067974091 CET	443	49741	23.218.208.109	192.168.2.4
Nov 20, 2024 15:08:59.068954945 CET	49741	443	192.168.2.4	23.218.208.109
Nov 20, 2024 15:08:59.068954945 CET	49741	443	192.168.2.4	23.218.208.109
Nov 20, 2024 15:08:59.068954945 CET	49741	443	192.168.2.4	23.218.208.109
Nov 20, 2024 15:08:59.369765997 CET	49741	443	192.168.2.4	23.218.208.109
Nov 20, 2024 15:08:59.369788885 CET	443	49741	23.218.208.109	192.168.2.4
Nov 20, 2024 15:09:01.549663067 CET	49672	443	192.168.2.4	173.222.162.32
Nov 20, 2024 15:09:01.549710035 CET	443	49672	173.222.162.32	192.168.2.4
Nov 20, 2024 15:09:03.380753994 CET	49742	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:03.380798101 CET	443	49742	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:03.380913019 CET	49742	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:03.382206917 CET	49742	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:03.382225037 CET	443	49742	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:05.066287994 CET	443	49742	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:05.066426992 CET	49742	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:05.069262981 CET	49742	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:05.069274902 CET	443	49742	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:05.069566965 CET	443	49742	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:05.112229109 CET	49742	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:05.792994976 CET	443	49739	142.250.181.68	192.168.2.4
Nov 20, 2024 15:09:05.793056011 CET	443	49739	142.250.181.68	192.168.2.4
Nov 20, 2024 15:09:05.793098927 CET	49739	443	192.168.2.4	142.250.181.68
Nov 20, 2024 15:09:06.596071005 CET	49739	443	192.168.2.4	142.250.181.68
Nov 20, 2024 15:09:06.596111059 CET	443	49739	142.250.181.68	192.168.2.4
Nov 20, 2024 15:09:06.905941963 CET	49742	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:06.913737059 CET	49723	80	192.168.2.4	199.232.214.172
Nov 20, 2024 15:09:06.951327085 CET	443	49742	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:07.033704042 CET	80	49723	199.232.214.172	192.168.2.4
Nov 20, 2024 15:09:07.033884048 CET	49723	80	192.168.2.4	199.232.214.172
Nov 20, 2024 15:09:07.499334097 CET	443	49742	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:07.499361992 CET	443	49742	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:07.499370098 CET	443	49742	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:07.499378920 CET	443	49742	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:07.499412060 CET	443	49742	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:07.499447107 CET	49742	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:07.499489069 CET	443	49742	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:07.499505043 CET	49742	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:07.499541998 CET	49742	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:07.517424107 CET	443	49742	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:07.517504930 CET	49742	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:07.517517090 CET	443	49742	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:07.517529011 CET	443	49742	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:07.517560959 CET	49742	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:08.463381052 CET	443	49735	104.20.7.133	192.168.2.4
Nov 20, 2024 15:09:08.463463068 CET	443	49735	104.20.7.133	192.168.2.4
Nov 20, 2024 15:09:08.463507891 CET	49735	443	192.168.2.4	104.20.7.133
Nov 20, 2024 15:09:08.566596031 CET	49735	443	192.168.2.4	104.20.7.133
Nov 20, 2024 15:09:08.566623926 CET	443	49735	104.20.7.133	192.168.2.4
Nov 20, 2024 15:09:08.875806093 CET	49742	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:08.875848055 CET	443	49742	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:08.875865936 CET	49742	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:08.875874043 CET	443	49742	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:40.347889900 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:40.347930908 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:40.348010063 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:40.348354101 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:40.348368883 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:42.225312948 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:42.225464106 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:42.229317904 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:42.229330063 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:42.229587078 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:42.237426996 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:42.279339075 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:42.951919079 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:42.951945066 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:42.951960087 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:42.952033043 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:42.952065945 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:42.952117920 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.148485899 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.148514032 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.148657084 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.148686886 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.148734093 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.188292027 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.188323021 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.188424110 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.188457966 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.188503981 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.311958075 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.311981916 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.312125921 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.312144995 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.312191963 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.354537010 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.354569912 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.354698896 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.354729891 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.354773998 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.384864092 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.384900093 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.384959936 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.384989023 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.385009050 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.385030985 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.416507006 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.416537046 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.416651011 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.416682959 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.416726112 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.510838032 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.510859013 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.510988951 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.511020899 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.511070967 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.531758070 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.531776905 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.531879902 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.531919003 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.532006979 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.554388046 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.554409027 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.554492950 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.554512978 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.554559946 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.569545984 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.569571972 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.569616079 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.569632053 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.569663048 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.569677114 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.580528021 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.580549955 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.580600977 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.580610037 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.580635071 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.580662012 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.594810009 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.594888926 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.594913006 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.594924927 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.594950914 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.594974041 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.600178003 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.600264072 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.600270987 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.600318909 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.600361109 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.600373030 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.600389004 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.600397110 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.600409031 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.600409985 CET	49748	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.600425005 CET	443	49748	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.639574051 CET	49749	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.639612913 CET	443	49749	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.639703035 CET	49749	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.639853954 CET	49749	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.639858961 CET	443	49749	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.641469955 CET	49750	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.641510010 CET	443	49750	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.641575098 CET	49750	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.642090082 CET	49751	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.642106056 CET	443	49751	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.642143011 CET	49750	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.642157078 CET	49751	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.642158031 CET	443	49750	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.642240047 CET	49751	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.642245054 CET	443	49751	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.643599033 CET	49752	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.643640041 CET	443	49752	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.643686056 CET	49752	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.644146919 CET	49753	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.644184113 CET	443	49753	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.644231081 CET	49753	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.644264936 CET	49752	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.644278049 CET	443	49752	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:43.644349098 CET	49753	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:43.644361019 CET	443	49753	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.243666887 CET	49754	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:45.243720055 CET	443	49754	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:45.243793011 CET	49754	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:45.244152069 CET	49754	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:45.244173050 CET	443	49754	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:45.261100054 CET	443	49752	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.261610031 CET	49752	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:45.261641026 CET	443	49752	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.262073994 CET	49752	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:45.262080908 CET	443	49752	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.463217974 CET	443	49751	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.483644962 CET	49751	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:45.483664989 CET	443	49751	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.484097004 CET	49751	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:45.484102011 CET	443	49751	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.541913986 CET	443	49753	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.542229891 CET	443	49749	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.542406082 CET	49753	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:45.542423964 CET	443	49753	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.542763948 CET	49749	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:45.542778015 CET	443	49749	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.542939901 CET	49753	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:45.542944908 CET	443	49753	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.543171883 CET	49749	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:45.543175936 CET	443	49749	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.593200922 CET	443	49750	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.593691111 CET	49750	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:45.593703985 CET	443	49750	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.594150066 CET	49750	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:45.594157934 CET	443	49750	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.708126068 CET	443	49752	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.708153963 CET	443	49752	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.708237886 CET	49752	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:45.708266973 CET	443	49752	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.708506107 CET	49752	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:45.708518982 CET	443	49752	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.708527088 CET	49752	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:45.708647013 CET	443	49752	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.708677053 CET	443	49752	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.708834887 CET	49752	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:45.711395979 CET	49755	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:45.711438894 CET	443	49755	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.711514950 CET	49755	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:45.711699963 CET	49755	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:45.711709976 CET	443	49755	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.907715082 CET	443	49751	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.907779932 CET	443	49751	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.907835960 CET	49751	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:45.908081055 CET	49751	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:45.908097982 CET	443	49751	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.908107996 CET	49751	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:45.908113003 CET	443	49751	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.911192894 CET	49756	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:45.911237955 CET	443	49756	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:45.911345005 CET	49756	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:45.911525965 CET	49756	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:45.911535978 CET	443	49756	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:46.019407988 CET	443	49753	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:46.019465923 CET	443	49753	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:46.019521952 CET	49753	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:46.019716024 CET	49753	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:46.019737959 CET	443	49753	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:46.019748926 CET	49753	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:46.019754887 CET	443	49753	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:46.022783995 CET	49757	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:46.022814989 CET	443	49757	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:46.022891998 CET	49757	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:46.023062944 CET	49757	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:46.023072958 CET	443	49757	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:46.025661945 CET	443	49749	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:46.025682926 CET	443	49749	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:46.025726080 CET	49749	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:46.025736094 CET	443	49749	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:46.025769949 CET	49749	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:46.025949955 CET	49749	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:46.025954008 CET	443	49749	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:46.025978088 CET	49749	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:46.026094913 CET	443	49749	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:46.026118040 CET	443	49749	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:46.026155949 CET	49749	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:46.028039932 CET	49758	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:46.028089046 CET	443	49758	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:46.028150082 CET	49758	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:46.028280020 CET	49758	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:46.028296947 CET	443	49758	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:46.056967020 CET	443	49750	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:46.056993008 CET	443	49750	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:46.057086945 CET	49750	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:46.057113886 CET	443	49750	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:46.057152987 CET	49750	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:46.057327986 CET	49750	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:46.057333946 CET	443	49750	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:46.057349920 CET	49750	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:46.057475090 CET	443	49750	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:46.057512045 CET	443	49750	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:46.057544947 CET	49750	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:46.059628010 CET	49759	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:46.059643984 CET	443	49759	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:46.059700966 CET	49759	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:46.059844971 CET	49759	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:46.059851885 CET	443	49759	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:46.957948923 CET	443	49754	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:46.958069086 CET	49754	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:46.959714890 CET	49754	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:46.959724903 CET	443	49754	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:46.960136890 CET	443	49754	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:46.969065905 CET	49754	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:47.015336037 CET	443	49754	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:47.516319990 CET	443	49754	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:47.516386032 CET	443	49754	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:47.516429901 CET	443	49754	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:47.516454935 CET	49754	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:47.516473055 CET	443	49754	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:47.516498089 CET	49754	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:47.516522884 CET	49754	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:47.604835987 CET	443	49755	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:47.605464935 CET	49755	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:47.605488062 CET	443	49755	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:47.606019974 CET	49755	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:47.606025934 CET	443	49755	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:47.669630051 CET	443	49754	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:47.669687033 CET	443	49754	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:47.669735909 CET	49754	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:47.669758081 CET	443	49754	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:47.669774055 CET	49754	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:47.669857025 CET	49754	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:47.669864893 CET	443	49754	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:47.669879913 CET	49754	443	192.168.2.4	172.202.163.200
Nov 20, 2024 15:09:47.669909954 CET	443	49754	172.202.163.200	192.168.2.4
Nov 20, 2024 15:09:47.752085924 CET	443	49756	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:47.752796888 CET	49756	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:47.752825022 CET	443	49756	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:47.753446102 CET	49756	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:47.753458977 CET	443	49756	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:47.864284992 CET	443	49757	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:47.865062952 CET	49757	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:47.865106106 CET	443	49757	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:47.865750074 CET	49757	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:47.865762949 CET	443	49757	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:47.925750017 CET	443	49759	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:47.926184893 CET	49759	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:47.926203012 CET	443	49759	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:47.926626921 CET	49759	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:47.926631927 CET	443	49759	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:47.943412066 CET	443	49758	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:47.943830013 CET	49758	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:47.943855047 CET	443	49758	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:47.944314003 CET	49758	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:47.944324970 CET	443	49758	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.083843946 CET	443	49755	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.083909988 CET	443	49755	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.083965063 CET	49755	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.084239960 CET	49755	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.084256887 CET	443	49755	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.084294081 CET	49755	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.084300041 CET	443	49755	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.086905003 CET	49760	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.086940050 CET	443	49760	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.087001085 CET	49760	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.087172031 CET	49760	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.087181091 CET	443	49760	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.197277069 CET	443	49756	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.197367907 CET	443	49756	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.197628021 CET	49756	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.197719097 CET	49756	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.197719097 CET	49756	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.197758913 CET	443	49756	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.197784901 CET	443	49756	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.200613976 CET	49761	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.200665951 CET	443	49761	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.200752020 CET	49761	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.200934887 CET	49761	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.200948000 CET	443	49761	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.310183048 CET	443	49757	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.310271978 CET	443	49757	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.310553074 CET	49757	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.310604095 CET	49757	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.310630083 CET	443	49757	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.310641050 CET	49757	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.310647011 CET	443	49757	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.313369036 CET	49762	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.313415051 CET	443	49762	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.313494921 CET	49762	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.313666105 CET	49762	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.313682079 CET	443	49762	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.372598886 CET	443	49759	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.372757912 CET	443	49759	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.372843027 CET	49759	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.372981071 CET	49759	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.372992992 CET	443	49759	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.373006105 CET	49759	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.373009920 CET	443	49759	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.375834942 CET	49763	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.375895023 CET	443	49763	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.376095057 CET	49763	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.376235962 CET	49763	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.376243114 CET	443	49763	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.410881996 CET	443	49758	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.410970926 CET	443	49758	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.411058903 CET	49758	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.411371946 CET	49758	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.411371946 CET	49758	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.411420107 CET	443	49758	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.411449909 CET	443	49758	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.414329052 CET	49764	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.414360046 CET	443	49764	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:48.414624929 CET	49764	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.414815903 CET	49764	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:48.414830923 CET	443	49764	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:49.861368895 CET	443	49760	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:49.862257957 CET	49760	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:49.862277985 CET	443	49760	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:49.862652063 CET	49760	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:49.862662077 CET	443	49760	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:49.931056976 CET	443	49761	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:49.931504965 CET	49761	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:49.931545019 CET	443	49761	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:49.931972027 CET	49761	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:49.931981087 CET	443	49761	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.059360981 CET	443	49762	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.059909105 CET	49762	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.059922934 CET	443	49762	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.060339928 CET	49762	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.060345888 CET	443	49762	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.194256067 CET	443	49763	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.194780111 CET	49763	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.194844007 CET	443	49763	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.195231915 CET	49763	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.195249081 CET	443	49763	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.282823086 CET	443	49764	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.283291101 CET	49764	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.283299923 CET	443	49764	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.283901930 CET	49764	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.283905983 CET	443	49764	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.299052000 CET	443	49760	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.299118996 CET	443	49760	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.299194098 CET	49760	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.299638033 CET	49760	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.299652100 CET	443	49760	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.299659967 CET	49760	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.299666882 CET	443	49760	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.302376032 CET	49766	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.302391052 CET	443	49766	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.302472115 CET	49766	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.302622080 CET	49766	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.302628994 CET	443	49766	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.391959906 CET	443	49761	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.392175913 CET	443	49761	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.392246008 CET	49761	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.392350912 CET	49761	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.392350912 CET	49761	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.392385006 CET	443	49761	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.392409086 CET	443	49761	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.395262957 CET	49767	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.395334959 CET	443	49767	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.395412922 CET	49767	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.395550966 CET	49767	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.395570040 CET	443	49767	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.504309893 CET	443	49762	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.504390955 CET	443	49762	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.504435062 CET	49762	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.504654884 CET	49762	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.504673004 CET	443	49762	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.504683971 CET	49762	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.504688978 CET	443	49762	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.507628918 CET	49768	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.507678986 CET	443	49768	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.507742882 CET	49768	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.507870913 CET	49768	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.507879019 CET	443	49768	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.676038027 CET	443	49763	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.676136971 CET	443	49763	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.676207066 CET	49763	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.676386118 CET	49763	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.676386118 CET	49763	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.676435947 CET	443	49763	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.676465034 CET	443	49763	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.679166079 CET	49769	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.679214001 CET	443	49769	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.679275036 CET	49769	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.679419994 CET	49769	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.679431915 CET	443	49769	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.747447014 CET	443	49764	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.747533083 CET	443	49764	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.747582912 CET	49764	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.747786999 CET	49764	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.747821093 CET	443	49764	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.747833967 CET	49764	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.747843027 CET	443	49764	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.750686884 CET	49770	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.750737906 CET	443	49770	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:50.750799894 CET	49770	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.750946045 CET	49770	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:50.750956059 CET	443	49770	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:51.815265894 CET	49724	80	192.168.2.4	199.232.214.172
Nov 20, 2024 15:09:51.935117006 CET	80	49724	199.232.214.172	192.168.2.4
Nov 20, 2024 15:09:51.935322046 CET	49724	80	192.168.2.4	199.232.214.172
Nov 20, 2024 15:09:52.093342066 CET	443	49766	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.093974113 CET	49766	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.093986988 CET	443	49766	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.094444990 CET	49766	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.094449997 CET	443	49766	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.121515989 CET	443	49767	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.122015953 CET	49767	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.122049093 CET	443	49767	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.122497082 CET	49767	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.122503042 CET	443	49767	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.245371103 CET	443	49768	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.245935917 CET	49768	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.245956898 CET	443	49768	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.246397018 CET	49768	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.246402979 CET	443	49768	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.505086899 CET	443	49769	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.505754948 CET	49769	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.505786896 CET	443	49769	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.506095886 CET	49769	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.506103039 CET	443	49769	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.556716919 CET	443	49767	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.556934118 CET	443	49767	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.557002068 CET	49767	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.557070017 CET	49767	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.557090998 CET	443	49767	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.557101965 CET	49767	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.557107925 CET	443	49767	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.559963942 CET	49771	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.560023069 CET	443	49771	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.560117006 CET	49771	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.560292006 CET	49771	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.560313940 CET	443	49771	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.569927931 CET	443	49770	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.570353985 CET	49770	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.570375919 CET	443	49770	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.570796967 CET	49770	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.570801973 CET	443	49770	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.578514099 CET	443	49766	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.578572035 CET	443	49766	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.578619957 CET	49766	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.578778982 CET	49766	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.578800917 CET	443	49766	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.578815937 CET	49766	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.578823090 CET	443	49766	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.581465006 CET	49772	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.581516981 CET	443	49772	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.581609964 CET	49772	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.581759930 CET	49772	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.581782103 CET	443	49772	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.697187901 CET	443	49768	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.697254896 CET	443	49768	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.697464943 CET	49768	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.697545052 CET	49768	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.697565079 CET	443	49768	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.697587967 CET	49768	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.697592974 CET	443	49768	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.700476885 CET	49773	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.700524092 CET	443	49773	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.700598001 CET	49773	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.700736046 CET	49773	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.700751066 CET	443	49773	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.955255985 CET	443	49769	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.955363989 CET	443	49769	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.955564022 CET	49769	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.955809116 CET	49769	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.955828905 CET	443	49769	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.955842018 CET	49769	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.955848932 CET	443	49769	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.958797932 CET	49774	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.958853006 CET	443	49774	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:52.958940983 CET	49774	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.959110975 CET	49774	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:52.959131956 CET	443	49774	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:53.039252043 CET	443	49770	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:53.039335966 CET	443	49770	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:53.039539099 CET	49770	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:53.040889978 CET	49770	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:53.040908098 CET	443	49770	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:53.040919065 CET	49770	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:53.040925026 CET	443	49770	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:53.043719053 CET	49775	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:53.043771982 CET	443	49775	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:53.043853998 CET	49775	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:53.044038057 CET	49775	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:53.044051886 CET	443	49775	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.285049915 CET	49776	443	192.168.2.4	142.250.181.68
Nov 20, 2024 15:09:54.285092115 CET	443	49776	142.250.181.68	192.168.2.4
Nov 20, 2024 15:09:54.285233021 CET	49776	443	192.168.2.4	142.250.181.68
Nov 20, 2024 15:09:54.285485983 CET	49776	443	192.168.2.4	142.250.181.68
Nov 20, 2024 15:09:54.285506010 CET	443	49776	142.250.181.68	192.168.2.4
Nov 20, 2024 15:09:54.364926100 CET	443	49772	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.365498066 CET	49772	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.365525007 CET	443	49772	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.365943909 CET	49772	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.365951061 CET	443	49772	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.434287071 CET	443	49771	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.434801102 CET	49771	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.434859991 CET	443	49771	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.435261011 CET	49771	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.435269117 CET	443	49771	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.509953976 CET	443	49773	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.510574102 CET	49773	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.510602951 CET	443	49773	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.511040926 CET	49773	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.511044979 CET	443	49773	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.682864904 CET	443	49774	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.683646917 CET	49774	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.683672905 CET	443	49774	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.684129953 CET	49774	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.684134960 CET	443	49774	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.763978958 CET	443	49775	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.767467022 CET	49775	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.767496109 CET	443	49775	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.767932892 CET	49775	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.767940044 CET	443	49775	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.808942080 CET	443	49772	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.809050083 CET	443	49772	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.809305906 CET	49772	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.809340954 CET	49772	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.809355974 CET	443	49772	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.809371948 CET	49772	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.809376955 CET	443	49772	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.812155008 CET	49777	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.812207937 CET	443	49777	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.812273979 CET	49777	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.812402964 CET	49777	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.812422037 CET	443	49777	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.895416975 CET	443	49771	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.895498037 CET	443	49771	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.895776033 CET	49771	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.895828009 CET	49771	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.895828009 CET	49771	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.895860910 CET	443	49771	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.895869017 CET	443	49771	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.898819923 CET	49778	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.898864985 CET	443	49778	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.898936987 CET	49778	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.899070024 CET	49778	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.899081945 CET	443	49778	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.954375982 CET	443	49773	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.954451084 CET	443	49773	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.954617977 CET	49773	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.954869986 CET	49773	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.954884052 CET	443	49773	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.954895973 CET	49773	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.954901934 CET	443	49773	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.957931995 CET	49779	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.957967043 CET	443	49779	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:54.958045006 CET	49779	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.958250999 CET	49779	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:54.958264112 CET	443	49779	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:55.122807026 CET	443	49774	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:55.122980118 CET	443	49774	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:55.123043060 CET	49774	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:55.123152971 CET	49774	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:55.123167992 CET	443	49774	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:55.123178959 CET	49774	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:55.123183966 CET	443	49774	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:55.126126051 CET	49780	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:55.126188040 CET	443	49780	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:55.126276016 CET	49780	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:55.126446009 CET	49780	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:55.126458883 CET	443	49780	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:55.212287903 CET	443	49775	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:55.212424994 CET	443	49775	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:55.212485075 CET	49775	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:55.212682009 CET	49775	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:55.212698936 CET	443	49775	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:55.212711096 CET	49775	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:55.212717056 CET	443	49775	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:55.215727091 CET	49781	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:55.215766907 CET	443	49781	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:55.215847015 CET	49781	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:55.216048956 CET	49781	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:55.216059923 CET	443	49781	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:56.025382996 CET	443	49776	142.250.181.68	192.168.2.4
Nov 20, 2024 15:09:56.026061058 CET	49776	443	192.168.2.4	142.250.181.68
Nov 20, 2024 15:09:56.026081085 CET	443	49776	142.250.181.68	192.168.2.4
Nov 20, 2024 15:09:56.026465893 CET	443	49776	142.250.181.68	192.168.2.4
Nov 20, 2024 15:09:56.027169943 CET	49776	443	192.168.2.4	142.250.181.68
Nov 20, 2024 15:09:56.027236938 CET	443	49776	142.250.181.68	192.168.2.4
Nov 20, 2024 15:09:56.080427885 CET	49776	443	192.168.2.4	142.250.181.68
Nov 20, 2024 15:09:56.600203991 CET	443	49777	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:56.600663900 CET	49777	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:56.600688934 CET	443	49777	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:56.601113081 CET	49777	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:56.601119041 CET	443	49777	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:56.766449928 CET	443	49779	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:56.766942978 CET	49779	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:56.766969919 CET	443	49779	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:56.767420053 CET	49779	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:56.767425060 CET	443	49779	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:56.799160957 CET	443	49778	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:56.799622059 CET	49778	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:56.799642086 CET	443	49778	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:56.800179005 CET	49778	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:56.800184965 CET	443	49778	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:56.946326017 CET	443	49781	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:56.946962118 CET	49781	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:56.947037935 CET	443	49781	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:56.947504997 CET	49781	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:56.947525024 CET	443	49781	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:56.961139917 CET	443	49780	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:56.961481094 CET	49780	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:56.961508989 CET	443	49780	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:56.961843014 CET	49780	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:56.961848974 CET	443	49780	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.056355953 CET	443	49777	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.056447029 CET	443	49777	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.056660891 CET	49777	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.056699991 CET	49777	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.056721926 CET	443	49777	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.056731939 CET	49777	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.056737900 CET	443	49777	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.059638977 CET	49782	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.059683084 CET	443	49782	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.059762955 CET	49782	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.059931040 CET	49782	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.059942007 CET	443	49782	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.211590052 CET	443	49779	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.211667061 CET	443	49779	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.211916924 CET	49779	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.212078094 CET	49779	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.212078094 CET	49779	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.212094069 CET	443	49779	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.212104082 CET	443	49779	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.214696884 CET	49783	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.214783907 CET	443	49783	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.214910984 CET	49783	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.215065002 CET	49783	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.215102911 CET	443	49783	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.271897078 CET	443	49778	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.272058010 CET	443	49778	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.272239923 CET	49778	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.272337914 CET	49778	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.272384882 CET	443	49778	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.272438049 CET	49778	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.272455931 CET	443	49778	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.275023937 CET	49784	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.275060892 CET	443	49784	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.275124073 CET	49784	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.275258064 CET	49784	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.275268078 CET	443	49784	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.384526968 CET	443	49781	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.384609938 CET	443	49781	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.384885073 CET	49781	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.384948015 CET	49781	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.384948015 CET	49781	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.384987116 CET	443	49781	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.385020018 CET	443	49781	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.387518883 CET	49785	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.387552977 CET	443	49785	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.387629986 CET	49785	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.387761116 CET	49785	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.387773991 CET	443	49785	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.410428047 CET	443	49780	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.410505056 CET	443	49780	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.410691977 CET	49780	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.410727024 CET	49780	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.410747051 CET	443	49780	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.410757065 CET	49780	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.410762072 CET	443	49780	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.413135052 CET	49786	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.413180113 CET	443	49786	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:57.413255930 CET	49786	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.413367987 CET	49786	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:57.413379908 CET	443	49786	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:58.792277098 CET	443	49782	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:58.792959929 CET	49782	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:58.792987108 CET	443	49782	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:58.793421984 CET	49782	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:58.793426991 CET	443	49782	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.105750084 CET	443	49783	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.106369019 CET	49783	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.106390953 CET	443	49783	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.106872082 CET	49783	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.106878042 CET	443	49783	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.122658968 CET	443	49784	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.123020887 CET	49784	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.123047113 CET	443	49784	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.123446941 CET	49784	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.123451948 CET	443	49784	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.171094894 CET	443	49785	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.171603918 CET	49785	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.171623945 CET	443	49785	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.172080994 CET	49785	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.172089100 CET	443	49785	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.196702003 CET	443	49786	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.197103977 CET	49786	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.197127104 CET	443	49786	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.197596073 CET	49786	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.197602034 CET	443	49786	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.235142946 CET	443	49782	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.235246897 CET	443	49782	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.235305071 CET	49782	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.235446930 CET	49782	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.235467911 CET	443	49782	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.235479116 CET	49782	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.235485077 CET	443	49782	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.238738060 CET	49787	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.238789082 CET	443	49787	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.238863945 CET	49787	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.239008904 CET	49787	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.239025116 CET	443	49787	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.573513985 CET	443	49784	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.573610067 CET	443	49784	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.573661089 CET	49784	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.573905945 CET	49784	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.573926926 CET	443	49784	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.573937893 CET	49784	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.573944092 CET	443	49784	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.575249910 CET	443	49783	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.575306892 CET	443	49783	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.575440884 CET	49783	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.576015949 CET	49783	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.576039076 CET	443	49783	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.576050043 CET	49783	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.576056004 CET	443	49783	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.580569983 CET	49788	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.580616951 CET	443	49788	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.580677032 CET	49788	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.582393885 CET	49789	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.582436085 CET	443	49789	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.582488060 CET	49789	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.582906008 CET	49788	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.582920074 CET	443	49788	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.583358049 CET	49789	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.583369017 CET	443	49789	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.608555079 CET	443	49785	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.608654022 CET	443	49785	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.608711004 CET	49785	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.608899117 CET	49785	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.608913898 CET	443	49785	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.608927965 CET	49785	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.608935118 CET	443	49785	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.611772060 CET	49790	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.611797094 CET	443	49790	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.611918926 CET	49790	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.612123966 CET	49790	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.612135887 CET	443	49790	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.644416094 CET	443	49786	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.644489050 CET	443	49786	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.644537926 CET	49786	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.644716024 CET	49786	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.644728899 CET	443	49786	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.644737959 CET	49786	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.644742012 CET	443	49786	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.647536039 CET	49791	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.647566080 CET	443	49791	13.107.246.63	192.168.2.4
Nov 20, 2024 15:09:59.647629023 CET	49791	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.647784948 CET	49791	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:09:59.647793055 CET	443	49791	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.098490000 CET	443	49787	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.099170923 CET	49787	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:01.099199057 CET	443	49787	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.099826097 CET	49787	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:01.099833012 CET	443	49787	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.376023054 CET	443	49788	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.376682043 CET	49788	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:01.376708984 CET	443	49788	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.377322912 CET	49788	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:01.377327919 CET	443	49788	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.557476044 CET	443	49787	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.557537079 CET	443	49787	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.557590008 CET	49787	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:01.557837009 CET	49787	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:01.557861090 CET	443	49787	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.557876110 CET	49787	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:01.557883978 CET	443	49787	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.561269045 CET	49792	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:01.561311007 CET	443	49792	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.561407089 CET	49792	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:01.561580896 CET	49792	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:01.561593056 CET	443	49792	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.574227095 CET	443	49791	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.574736118 CET	49791	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:01.574767113 CET	443	49791	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.575350046 CET	49791	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:01.575360060 CET	443	49791	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.592382908 CET	443	49789	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.592787027 CET	49789	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:01.592808962 CET	443	49789	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.593271017 CET	49789	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:01.593277931 CET	443	49789	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.594955921 CET	443	49790	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.595220089 CET	49790	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:01.595246077 CET	443	49790	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.595660925 CET	49790	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:01.595666885 CET	443	49790	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.819463968 CET	443	49788	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.819550991 CET	443	49788	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.819616079 CET	49788	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:01.819788933 CET	49788	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:01.819808960 CET	443	49788	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.819820881 CET	49788	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:01.819825888 CET	443	49788	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.823082924 CET	49793	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:01.823127031 CET	443	49793	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:01.823225021 CET	49793	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:01.823393106 CET	49793	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:01.823410988 CET	443	49793	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:02.019438982 CET	443	49791	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:02.019509077 CET	443	49791	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:02.019598961 CET	49791	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:02.019821882 CET	49791	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:02.019838095 CET	443	49791	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:02.019848108 CET	49791	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:02.019854069 CET	443	49791	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:02.023144007 CET	49794	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:02.023195028 CET	443	49794	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:02.023283958 CET	49794	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:02.023452997 CET	49794	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:02.023468971 CET	443	49794	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:02.058262110 CET	443	49790	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:02.058327913 CET	443	49790	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:02.058404922 CET	49790	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:02.058613062 CET	49790	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:02.058631897 CET	443	49790	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:02.058640957 CET	49790	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:02.058646917 CET	443	49790	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:02.061709881 CET	49795	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:02.061744928 CET	443	49795	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:02.061830044 CET	49795	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:02.062000990 CET	49795	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:02.062012911 CET	443	49795	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:02.142091990 CET	443	49789	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:02.142188072 CET	443	49789	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:02.142263889 CET	49789	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:02.142538071 CET	49789	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:02.142556906 CET	443	49789	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:02.142569065 CET	49789	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:02.142575979 CET	443	49789	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:02.145797968 CET	49796	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:02.145844936 CET	443	49796	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:02.145929098 CET	49796	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:02.146101952 CET	49796	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:02.146120071 CET	443	49796	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:03.367109060 CET	443	49792	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:03.368247986 CET	49792	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:03.368288994 CET	443	49792	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:03.372335911 CET	49792	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:03.372344017 CET	443	49792	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:03.702368021 CET	443	49793	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:03.710798979 CET	49793	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:03.710814953 CET	443	49793	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:03.711621046 CET	49793	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:03.711626053 CET	443	49793	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:03.798440933 CET	443	49795	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:03.799036980 CET	49795	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:03.799050093 CET	443	49795	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:03.800242901 CET	49795	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:03.800247908 CET	443	49795	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:03.814796925 CET	443	49792	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:03.814964056 CET	443	49792	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:03.815025091 CET	49792	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:03.815083981 CET	49792	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:03.815100908 CET	443	49792	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:03.815114021 CET	49792	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:03.815119028 CET	443	49792	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:03.820480108 CET	49797	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:03.820508003 CET	443	49797	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:03.820573092 CET	49797	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:03.820836067 CET	49797	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:03.820851088 CET	443	49797	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:03.824810982 CET	443	49794	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:03.825290918 CET	49794	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:03.825314045 CET	443	49794	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:03.825949907 CET	49794	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:03.825954914 CET	443	49794	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:03.933542967 CET	443	49796	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:03.934211969 CET	49796	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:03.934232950 CET	443	49796	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:03.934849977 CET	49796	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:03.934856892 CET	443	49796	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:04.162878036 CET	443	49793	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:04.162966967 CET	443	49793	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:04.163187981 CET	49793	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:04.163229942 CET	49793	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:04.163229942 CET	49793	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:04.163243055 CET	443	49793	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:04.163252115 CET	443	49793	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:04.166389942 CET	49798	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:04.166430950 CET	443	49798	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:04.166517019 CET	49798	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:04.166660070 CET	49798	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:04.166671038 CET	443	49798	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:04.235227108 CET	443	49795	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:04.235305071 CET	443	49795	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:04.235518932 CET	49795	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:04.235546112 CET	49795	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:04.235560894 CET	443	49795	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:04.235570908 CET	49795	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:04.235575914 CET	443	49795	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:04.239219904 CET	49799	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:04.239262104 CET	443	49799	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:04.239346027 CET	49799	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:04.239496946 CET	49799	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:04.239509106 CET	443	49799	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:04.284481049 CET	443	49794	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:04.284543037 CET	443	49794	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:04.284647942 CET	49794	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:04.285007954 CET	49794	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:04.285024881 CET	443	49794	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:04.285059929 CET	49794	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:04.285064936 CET	443	49794	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:04.287904978 CET	49800	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:04.287935019 CET	443	49800	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:04.288003922 CET	49800	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:04.288187981 CET	49800	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:04.288196087 CET	443	49800	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:04.386806965 CET	443	49796	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:04.386890888 CET	443	49796	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:04.387036085 CET	49796	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:04.389769077 CET	49796	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:04.389797926 CET	443	49796	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:04.389816046 CET	49796	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:04.389822960 CET	443	49796	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:04.392653942 CET	49801	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:04.392693996 CET	443	49801	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:04.392764091 CET	49801	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:04.393148899 CET	49801	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:04.393162966 CET	443	49801	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:05.641083002 CET	443	49797	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:05.641601086 CET	49797	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:05.641624928 CET	443	49797	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:05.642076015 CET	49797	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:05.642081022 CET	443	49797	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:05.717417955 CET	443	49776	142.250.181.68	192.168.2.4
Nov 20, 2024 15:10:05.717483997 CET	443	49776	142.250.181.68	192.168.2.4
Nov 20, 2024 15:10:05.717533112 CET	49776	443	192.168.2.4	142.250.181.68
Nov 20, 2024 15:10:06.022764921 CET	443	49800	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.023456097 CET	49800	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.023489952 CET	443	49800	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.023919106 CET	49800	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.023925066 CET	443	49800	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.031548023 CET	443	49799	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.032433987 CET	49799	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.032460928 CET	443	49799	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.032793999 CET	49799	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.032799006 CET	443	49799	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.085743904 CET	443	49797	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.085830927 CET	443	49797	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.086085081 CET	49797	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.086210012 CET	49797	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.086216927 CET	443	49797	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.086282969 CET	49797	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.086287975 CET	443	49797	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.088888884 CET	49802	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.088918924 CET	443	49802	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.089009047 CET	49802	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.089164019 CET	49802	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.089173079 CET	443	49802	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.163743019 CET	443	49798	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.164597034 CET	49798	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.164637089 CET	443	49798	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.165059090 CET	49798	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.165067911 CET	443	49798	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.240763903 CET	443	49801	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.241384029 CET	49801	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.241420031 CET	443	49801	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.241852999 CET	49801	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.241858959 CET	443	49801	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.474770069 CET	443	49800	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.474837065 CET	443	49800	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.474930048 CET	49800	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.475066900 CET	49800	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.475087881 CET	443	49800	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.475097895 CET	49800	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.475102901 CET	443	49800	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.477874994 CET	49803	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.477926970 CET	443	49803	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.477983952 CET	49803	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.478214025 CET	49803	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.478228092 CET	443	49803	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.479895115 CET	443	49799	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.480063915 CET	443	49799	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.480118036 CET	49799	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.480155945 CET	49799	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.480169058 CET	443	49799	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.480184078 CET	49799	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.480190039 CET	443	49799	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.482291937 CET	49804	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.482328892 CET	443	49804	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.482417107 CET	49804	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.482549906 CET	49804	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.482564926 CET	443	49804	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.567735910 CET	49776	443	192.168.2.4	142.250.181.68
Nov 20, 2024 15:10:06.567768097 CET	443	49776	142.250.181.68	192.168.2.4
Nov 20, 2024 15:10:06.619831085 CET	443	49798	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.620002985 CET	443	49798	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.620076895 CET	49798	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.620214939 CET	49798	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.620239019 CET	443	49798	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.620249033 CET	49798	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.620254993 CET	443	49798	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.623075962 CET	49805	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.623172045 CET	443	49805	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.623266935 CET	49805	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.623428106 CET	49805	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.623469114 CET	443	49805	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.695770025 CET	443	49801	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.695837975 CET	443	49801	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.695923090 CET	49801	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.696132898 CET	49801	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.696154118 CET	443	49801	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.696166992 CET	49801	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.696171999 CET	443	49801	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.698980093 CET	49806	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.699018955 CET	443	49806	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:06.699095011 CET	49806	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.699274063 CET	49806	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:06.699286938 CET	443	49806	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:07.969588041 CET	443	49802	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:07.970194101 CET	49802	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:07.970222950 CET	443	49802	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:07.970789909 CET	49802	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:07.970798969 CET	443	49802	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.255604029 CET	443	49803	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.256200075 CET	49803	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.256213903 CET	443	49803	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.256603003 CET	49803	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.256608963 CET	443	49803	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.342573881 CET	443	49804	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.343197107 CET	49804	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.343214035 CET	443	49804	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.343655109 CET	49804	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.343660116 CET	443	49804	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.433176041 CET	443	49802	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.433243036 CET	443	49802	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.433310032 CET	49802	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.433516026 CET	49802	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.433527946 CET	443	49802	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.433537006 CET	49802	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.433542013 CET	443	49802	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.436455011 CET	49807	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.436521053 CET	443	49807	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.436610937 CET	49807	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.436762094 CET	49807	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.436784029 CET	443	49807	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.511594057 CET	443	49805	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.512152910 CET	49805	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.512185097 CET	443	49805	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.512608051 CET	49805	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.512614012 CET	443	49805	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.513376951 CET	443	49806	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.513828039 CET	49806	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.513864994 CET	443	49806	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.514210939 CET	49806	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.514216900 CET	443	49806	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.711051941 CET	443	49803	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.711155891 CET	443	49803	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.711241007 CET	49803	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.711467028 CET	49803	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.711493969 CET	443	49803	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.711507082 CET	49803	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.711513042 CET	443	49803	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.714934111 CET	49808	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.714984894 CET	443	49808	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.715080976 CET	49808	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.715241909 CET	49808	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.715254068 CET	443	49808	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.798858881 CET	443	49804	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.798954010 CET	443	49804	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.799051046 CET	49804	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.799375057 CET	49804	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.799401045 CET	443	49804	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.799418926 CET	49804	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.799427032 CET	443	49804	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.802572012 CET	49809	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.802618980 CET	443	49809	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.802722931 CET	49809	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.803047895 CET	49809	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.803061008 CET	443	49809	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.957432032 CET	443	49806	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.957539082 CET	443	49806	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.957648993 CET	49806	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.957853079 CET	49806	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.957886934 CET	443	49806	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.957902908 CET	49806	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.957911968 CET	443	49806	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.960949898 CET	49810	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.961004972 CET	443	49810	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.961111069 CET	49810	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.961304903 CET	49810	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.961325884 CET	443	49810	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.965630054 CET	443	49805	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.965699911 CET	443	49805	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.965774059 CET	49805	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.965975046 CET	49805	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.965975046 CET	49805	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.966018915 CET	443	49805	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.966046095 CET	443	49805	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.968691111 CET	49811	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.968741894 CET	443	49811	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:08.968864918 CET	49811	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.969047070 CET	49811	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:08.969064951 CET	443	49811	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:10.285384893 CET	443	49807	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:10.286087036 CET	49807	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:10.286128998 CET	443	49807	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:10.286569118 CET	49807	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:10.286576033 CET	443	49807	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:10.562114000 CET	443	49808	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:10.562649965 CET	49808	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:10.562679052 CET	443	49808	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:10.563138008 CET	49808	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:10.563153028 CET	443	49808	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:10.700077057 CET	443	49811	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:10.700248003 CET	443	49809	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:10.700589895 CET	49811	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:10.700613976 CET	443	49811	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:10.701070070 CET	49811	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:10.701076984 CET	443	49811	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:10.701278925 CET	49809	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:10.701286077 CET	443	49809	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:10.701611996 CET	49809	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:10.701617002 CET	443	49809	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:10.743772030 CET	443	49807	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:10.743837118 CET	443	49807	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:10.743886948 CET	49807	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:10.744203091 CET	49807	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:10.744225025 CET	443	49807	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:10.744237900 CET	49807	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:10.744244099 CET	443	49807	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:10.747010946 CET	49812	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:10.747036934 CET	443	49812	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:10.747109890 CET	49812	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:10.747273922 CET	49812	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:10.747283936 CET	443	49812	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:10.752190113 CET	443	49810	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:10.752551079 CET	49810	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:10.752588034 CET	443	49810	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:10.752964973 CET	49810	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:10.752975941 CET	443	49810	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:11.016226053 CET	443	49808	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:11.016307116 CET	443	49808	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:11.016365051 CET	49808	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:11.016594887 CET	49808	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:11.016616106 CET	443	49808	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:11.016625881 CET	49808	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:11.016632080 CET	443	49808	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:11.019938946 CET	49813	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:11.019999981 CET	443	49813	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:11.020209074 CET	49813	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:11.020210028 CET	49813	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:11.020246983 CET	443	49813	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:11.142750025 CET	443	49811	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:11.142839909 CET	443	49811	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:11.142894030 CET	49811	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:11.143131018 CET	49811	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:11.143156052 CET	443	49811	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:11.143167973 CET	49811	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:11.143173933 CET	443	49811	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:11.146107912 CET	49814	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:11.146151066 CET	443	49814	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:11.146245956 CET	49814	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:11.146428108 CET	49814	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:11.146437883 CET	443	49814	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:11.156251907 CET	443	49809	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:11.156338930 CET	443	49809	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:11.156397104 CET	49809	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:11.156513929 CET	49809	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:11.156527042 CET	443	49809	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:11.156537056 CET	49809	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:11.156542063 CET	443	49809	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:11.158968925 CET	49815	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:11.159010887 CET	443	49815	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:11.159064054 CET	49815	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:11.159213066 CET	49815	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:11.159224033 CET	443	49815	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:11.282006025 CET	443	49810	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:11.282113075 CET	443	49810	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:11.282169104 CET	49810	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:11.282341003 CET	49810	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:11.282363892 CET	443	49810	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:11.282373905 CET	49810	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:11.282380104 CET	443	49810	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:11.285223007 CET	49816	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:11.285269976 CET	443	49816	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:11.285377979 CET	49816	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:11.285526991 CET	49816	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:11.285542965 CET	443	49816	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:12.564131975 CET	443	49812	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:12.564703941 CET	49812	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:12.564729929 CET	443	49812	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:12.565157890 CET	49812	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:12.565164089 CET	443	49812	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:12.802563906 CET	443	49814	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:12.803169012 CET	49814	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:12.803195953 CET	443	49814	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:12.803797960 CET	49814	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:12.803811073 CET	443	49814	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:12.888139009 CET	443	49813	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:12.888683081 CET	49813	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:12.888717890 CET	443	49813	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:12.889147043 CET	49813	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:12.889153957 CET	443	49813	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:12.969475031 CET	443	49815	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:12.970175028 CET	49815	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:12.970212936 CET	443	49815	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:12.970519066 CET	49815	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:12.970535040 CET	443	49815	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.015042067 CET	443	49812	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.015206099 CET	443	49812	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.015286922 CET	49812	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.015403032 CET	49812	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.015403032 CET	49812	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.015454054 CET	443	49812	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.015481949 CET	443	49812	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.018064976 CET	49817	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.018104076 CET	443	49817	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.018182039 CET	49817	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.018295050 CET	49817	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.018307924 CET	443	49817	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.088968992 CET	443	49816	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.089636087 CET	49816	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.089659929 CET	443	49816	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.090086937 CET	49816	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.090090990 CET	443	49816	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.310559988 CET	443	49814	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.310650110 CET	443	49814	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.310718060 CET	49814	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.310903072 CET	49814	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.310923100 CET	443	49814	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.310934067 CET	49814	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.310940981 CET	443	49814	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.314404964 CET	49818	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.314441919 CET	443	49818	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.314558029 CET	49818	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.314716101 CET	49818	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.314728022 CET	443	49818	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.350560904 CET	443	49813	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.350639105 CET	443	49813	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.350687027 CET	49813	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.350810051 CET	49813	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.350832939 CET	443	49813	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.350845098 CET	49813	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.350851059 CET	443	49813	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.353418112 CET	49819	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.353466988 CET	443	49819	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.353528976 CET	49819	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.353646040 CET	49819	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.353656054 CET	443	49819	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.418322086 CET	443	49815	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.418487072 CET	443	49815	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.418556929 CET	49815	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.418627977 CET	49815	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.418652058 CET	443	49815	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.418663979 CET	49815	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.418670893 CET	443	49815	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.421442032 CET	49820	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.421478033 CET	443	49820	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.421571970 CET	49820	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.421745062 CET	49820	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.421758890 CET	443	49820	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.544120073 CET	443	49816	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.544188023 CET	443	49816	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.544398069 CET	49816	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.544562101 CET	49816	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.544562101 CET	49816	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.544581890 CET	443	49816	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.544593096 CET	443	49816	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.547193050 CET	49821	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.547246933 CET	443	49821	13.107.246.63	192.168.2.4
Nov 20, 2024 15:10:13.547311068 CET	49821	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.547458887 CET	49821	443	192.168.2.4	13.107.246.63
Nov 20, 2024 15:10:13.547468901 CET	443	49821	13.107.246.63	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 20, 2024 15:08:50.423609972 CET	53	53077	1.1.1.1	192.168.2.4
Nov 20, 2024 15:08:50.461411953 CET	53	49559	1.1.1.1	192.168.2.4
Nov 20, 2024 15:08:52.260926008 CET	57069	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:08:52.261261940 CET	62123	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:08:52.398050070 CET	53	57069	1.1.1.1	192.168.2.4
Nov 20, 2024 15:08:52.400351048 CET	53	62123	1.1.1.1	192.168.2.4
Nov 20, 2024 15:08:53.236469984 CET	53	54095	1.1.1.1	192.168.2.4
Nov 20, 2024 15:08:54.223280907 CET	52078	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:08:54.223474026 CET	59892	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:08:54.227252960 CET	63687	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:08:54.227402925 CET	54468	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:08:54.362138987 CET	53	52078	1.1.1.1	192.168.2.4
Nov 20, 2024 15:08:54.362581968 CET	53	59892	1.1.1.1	192.168.2.4
Nov 20, 2024 15:08:54.449736118 CET	53	63687	1.1.1.1	192.168.2.4
Nov 20, 2024 15:08:54.462878942 CET	53	54468	1.1.1.1	192.168.2.4
Nov 20, 2024 15:08:54.463691950 CET	57302	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:08:54.602644920 CET	53	57302	1.1.1.1	192.168.2.4
Nov 20, 2024 15:08:54.637635946 CET	60632	53	192.168.2.4	8.8.8.8
Nov 20, 2024 15:08:54.638319016 CET	57487	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:08:54.773761988 CET	53	60632	8.8.8.8	192.168.2.4
Nov 20, 2024 15:08:54.777885914 CET	53	57487	1.1.1.1	192.168.2.4
Nov 20, 2024 15:08:55.653444052 CET	60601	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:08:55.653809071 CET	55117	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:08:55.790226936 CET	53	60601	1.1.1.1	192.168.2.4
Nov 20, 2024 15:08:55.792980909 CET	53	55117	1.1.1.1	192.168.2.4
Nov 20, 2024 15:09:00.823754072 CET	56416	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:09:00.823914051 CET	62601	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:09:00.962116957 CET	53	56416	1.1.1.1	192.168.2.4
Nov 20, 2024 15:09:00.963377953 CET	53	62601	1.1.1.1	192.168.2.4
Nov 20, 2024 15:09:00.964296103 CET	56849	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:09:01.103950977 CET	53	56849	1.1.1.1	192.168.2.4
Nov 20, 2024 15:09:03.179708004 CET	56697	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:09:03.179913998 CET	50856	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:09:03.241869926 CET	138	138	192.168.2.4	192.168.2.255
Nov 20, 2024 15:09:03.323982954 CET	53	56697	1.1.1.1	192.168.2.4
Nov 20, 2024 15:09:03.328783035 CET	53	50856	1.1.1.1	192.168.2.4
Nov 20, 2024 15:09:03.342653990 CET	53237	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:09:03.343049049 CET	56627	53	192.168.2.4	8.8.8.8
Nov 20, 2024 15:09:03.484333992 CET	53	56627	8.8.8.8	192.168.2.4
Nov 20, 2024 15:09:03.485768080 CET	53	53237	1.1.1.1	192.168.2.4
Nov 20, 2024 15:09:10.272192955 CET	53	54758	1.1.1.1	192.168.2.4
Nov 20, 2024 15:09:10.998625994 CET	53853	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:09:10.998778105 CET	51651	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:09:11.137809992 CET	53	53853	1.1.1.1	192.168.2.4
Nov 20, 2024 15:09:11.138684988 CET	53	51651	1.1.1.1	192.168.2.4
Nov 20, 2024 15:09:11.139384031 CET	60697	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:09:11.277643919 CET	53	60697	1.1.1.1	192.168.2.4
Nov 20, 2024 15:09:11.290493965 CET	54903	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:09:11.290781021 CET	54472	53	192.168.2.4	8.8.8.8
Nov 20, 2024 15:09:11.425313950 CET	53	54472	8.8.8.8	192.168.2.4
Nov 20, 2024 15:09:11.431756973 CET	53	54903	1.1.1.1	192.168.2.4
Nov 20, 2024 15:09:25.237936020 CET	59662	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:09:25.380441904 CET	53	59662	1.1.1.1	192.168.2.4
Nov 20, 2024 15:09:29.140856028 CET	53	63509	1.1.1.1	192.168.2.4
Nov 20, 2024 15:09:41.311578035 CET	61321	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:09:41.311940908 CET	60509	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:09:41.459439039 CET	53	60509	1.1.1.1	192.168.2.4
Nov 20, 2024 15:09:41.464364052 CET	53	61321	1.1.1.1	192.168.2.4
Nov 20, 2024 15:09:41.465167999 CET	58736	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:09:41.614886999 CET	53	58736	1.1.1.1	192.168.2.4
Nov 20, 2024 15:09:49.927011013 CET	53	50555	1.1.1.1	192.168.2.4
Nov 20, 2024 15:09:52.095119953 CET	53	60098	1.1.1.1	192.168.2.4
Nov 20, 2024 15:10:04.801553965 CET	54827	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:10:04.939342976 CET	53	54827	1.1.1.1	192.168.2.4
Nov 20, 2024 15:10:05.373233080 CET	62068	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:10:05.373514891 CET	56266	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:10:05.512566090 CET	53	56266	1.1.1.1	192.168.2.4
Nov 20, 2024 15:10:05.513078928 CET	53	62068	1.1.1.1	192.168.2.4
Nov 20, 2024 15:10:05.514549017 CET	64043	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:10:05.652470112 CET	53	64043	1.1.1.1	192.168.2.4
Nov 20, 2024 15:10:05.664578915 CET	57623	53	192.168.2.4	1.1.1.1
Nov 20, 2024 15:10:05.665189981 CET	56402	53	192.168.2.4	8.8.8.8
Nov 20, 2024 15:10:05.799138069 CET	53	56402	8.8.8.8	192.168.2.4
Nov 20, 2024 15:10:05.805463076 CET	53	57623	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 20, 2024 15:08:52.260926008 CET	192.168.2.4	1.1.1.1	0x49de	Standard query (0)	t.ly	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:08:52.261261940 CET	192.168.2.4	1.1.1.1	0x56a6	Standard query (0)	t.ly	65	IN (0x0001)	false
Nov 20, 2024 15:08:54.223280907 CET	192.168.2.4	1.1.1.1	0x182c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:08:54.223474026 CET	192.168.2.4	1.1.1.1	0xf215	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 20, 2024 15:08:54.227252960 CET	192.168.2.4	1.1.1.1	0xc03	Standard query (0)	bradenonlinesalesllc.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:08:54.227402925 CET	192.168.2.4	1.1.1.1	0x7b18	Standard query (0)	bradenonlinesalesllc.com	65	IN (0x0001)	false
Nov 20, 2024 15:08:54.463691950 CET	192.168.2.4	1.1.1.1	0x3234	Standard query (0)	bradenonlinesalesllc.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:08:54.637635946 CET	192.168.2.4	8.8.8.8	0x4344	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:08:54.638319016 CET	192.168.2.4	1.1.1.1	0x4901	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:08:55.653444052 CET	192.168.2.4	1.1.1.1	0x8eb3	Standard query (0)	bradenonlinesalesllc.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:08:55.653809071 CET	192.168.2.4	1.1.1.1	0x3c0a	Standard query (0)	bradenonlinesalesllc.com	65	IN (0x0001)	false
Nov 20, 2024 15:09:00.823754072 CET	192.168.2.4	1.1.1.1	0xf25a	Standard query (0)	bradenonlinesalesllc.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:00.823914051 CET	192.168.2.4	1.1.1.1	0x2cff	Standard query (0)	bradenonlinesalesllc.com	65	IN (0x0001)	false
Nov 20, 2024 15:09:00.964296103 CET	192.168.2.4	1.1.1.1	0xd463	Standard query (0)	bradenonlinesalesllc.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:03.179708004 CET	192.168.2.4	1.1.1.1	0xb12d	Standard query (0)	bradenonlinesalesllc.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:03.179913998 CET	192.168.2.4	1.1.1.1	0xe89a	Standard query (0)	bradenonlinesalesllc.com	65	IN (0x0001)	false
Nov 20, 2024 15:09:03.342653990 CET	192.168.2.4	1.1.1.1	0xe701	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:03.343049049 CET	192.168.2.4	8.8.8.8	0x70d	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:10.998625994 CET	192.168.2.4	1.1.1.1	0xde67	Standard query (0)	bradenonlinesalesllc.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:10.998778105 CET	192.168.2.4	1.1.1.1	0xdae6	Standard query (0)	bradenonlinesalesllc.com	65	IN (0x0001)	false
Nov 20, 2024 15:09:11.139384031 CET	192.168.2.4	1.1.1.1	0xedf7	Standard query (0)	bradenonlinesalesllc.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:11.290493965 CET	192.168.2.4	1.1.1.1	0xb3d3	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:11.290781021 CET	192.168.2.4	8.8.8.8	0x22d8	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:25.237936020 CET	192.168.2.4	1.1.1.1	0xc195	Standard query (0)	bradenonlinesalesllc.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:41.311578035 CET	192.168.2.4	1.1.1.1	0xebcc	Standard query (0)	bradenonlinesalesllc.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:41.311940908 CET	192.168.2.4	1.1.1.1	0x5901	Standard query (0)	bradenonlinesalesllc.com	65	IN (0x0001)	false
Nov 20, 2024 15:09:41.465167999 CET	192.168.2.4	1.1.1.1	0x1bdd	Standard query (0)	bradenonlinesalesllc.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:10:04.801553965 CET	192.168.2.4	1.1.1.1	0xa44f	Standard query (0)	bradenonlinesalesllc.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:10:05.373233080 CET	192.168.2.4	1.1.1.1	0x39a5	Standard query (0)	bradenonlinesalesllc.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:10:05.373514891 CET	192.168.2.4	1.1.1.1	0xe2e	Standard query (0)	bradenonlinesalesllc.com	65	IN (0x0001)	false
Nov 20, 2024 15:10:05.514549017 CET	192.168.2.4	1.1.1.1	0x57c6	Standard query (0)	bradenonlinesalesllc.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:10:05.664578915 CET	192.168.2.4	1.1.1.1	0xf603	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:10:05.665189981 CET	192.168.2.4	8.8.8.8	0x8e11	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 20, 2024 15:08:52.398050070 CET	1.1.1.1	192.168.2.4	0x49de	No error (0)	t.ly		104.20.7.133	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:08:52.398050070 CET	1.1.1.1	192.168.2.4	0x49de	No error (0)	t.ly		104.20.6.133	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:08:52.400351048 CET	1.1.1.1	192.168.2.4	0x56a6	No error (0)	t.ly			65	IN (0x0001)	false
Nov 20, 2024 15:08:54.362138987 CET	1.1.1.1	192.168.2.4	0x182c	No error (0)	www.google.com		142.250.181.68	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:08:54.362581968 CET	1.1.1.1	192.168.2.4	0xf215	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 20, 2024 15:08:54.449736118 CET	1.1.1.1	192.168.2.4	0xc03	Name error (3)	bradenonlinesalesllc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:08:54.462878942 CET	1.1.1.1	192.168.2.4	0x7b18	Name error (3)	bradenonlinesalesllc.com	none	none	65	IN (0x0001)	false
Nov 20, 2024 15:08:54.602644920 CET	1.1.1.1	192.168.2.4	0x3234	Name error (3)	bradenonlinesalesllc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:08:54.773761988 CET	8.8.8.8	192.168.2.4	0x4344	No error (0)	google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:08:54.777885914 CET	1.1.1.1	192.168.2.4	0x4901	No error (0)	google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:08:55.790226936 CET	1.1.1.1	192.168.2.4	0x8eb3	Name error (3)	bradenonlinesalesllc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:08:55.792980909 CET	1.1.1.1	192.168.2.4	0x3c0a	Name error (3)	bradenonlinesalesllc.com	none	none	65	IN (0x0001)	false
Nov 20, 2024 15:09:00.962116957 CET	1.1.1.1	192.168.2.4	0xf25a	Name error (3)	bradenonlinesalesllc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:00.963377953 CET	1.1.1.1	192.168.2.4	0x2cff	Name error (3)	bradenonlinesalesllc.com	none	none	65	IN (0x0001)	false
Nov 20, 2024 15:09:01.103950977 CET	1.1.1.1	192.168.2.4	0xd463	Name error (3)	bradenonlinesalesllc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:03.323982954 CET	1.1.1.1	192.168.2.4	0xb12d	Name error (3)	bradenonlinesalesllc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:03.328783035 CET	1.1.1.1	192.168.2.4	0xe89a	Name error (3)	bradenonlinesalesllc.com	none	none	65	IN (0x0001)	false
Nov 20, 2024 15:09:03.484333992 CET	8.8.8.8	192.168.2.4	0x70d	No error (0)	google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:03.485768080 CET	1.1.1.1	192.168.2.4	0xe701	No error (0)	google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:11.137809992 CET	1.1.1.1	192.168.2.4	0xde67	Name error (3)	bradenonlinesalesllc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:11.138684988 CET	1.1.1.1	192.168.2.4	0xdae6	Name error (3)	bradenonlinesalesllc.com	none	none	65	IN (0x0001)	false
Nov 20, 2024 15:09:11.277643919 CET	1.1.1.1	192.168.2.4	0xedf7	Name error (3)	bradenonlinesalesllc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:11.425313950 CET	8.8.8.8	192.168.2.4	0x22d8	No error (0)	google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:11.431756973 CET	1.1.1.1	192.168.2.4	0xb3d3	No error (0)	google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:25.380441904 CET	1.1.1.1	192.168.2.4	0xc195	Name error (3)	bradenonlinesalesllc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:41.459439039 CET	1.1.1.1	192.168.2.4	0x5901	Name error (3)	bradenonlinesalesllc.com	none	none	65	IN (0x0001)	false
Nov 20, 2024 15:09:41.464364052 CET	1.1.1.1	192.168.2.4	0xebcc	Name error (3)	bradenonlinesalesllc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:41.614886999 CET	1.1.1.1	192.168.2.4	0x1bdd	Name error (3)	bradenonlinesalesllc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:10:04.939342976 CET	1.1.1.1	192.168.2.4	0xa44f	Name error (3)	bradenonlinesalesllc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:10:05.512566090 CET	1.1.1.1	192.168.2.4	0xe2e	Name error (3)	bradenonlinesalesllc.com	none	none	65	IN (0x0001)	false
Nov 20, 2024 15:10:05.513078928 CET	1.1.1.1	192.168.2.4	0x39a5	Name error (3)	bradenonlinesalesllc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:10:05.652470112 CET	1.1.1.1	192.168.2.4	0x57c6	Name error (3)	bradenonlinesalesllc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:10:05.799138069 CET	8.8.8.8	192.168.2.4	0x8e11	No error (0)	google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:10:05.805463076 CET	1.1.1.1	192.168.2.4	0xf603	No error (0)	google.com		142.250.181.142	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

t.ly

fs.microsoft.com

slscr.update.microsoft.com

otelrules.azureedge.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	104.20.7.133	443	1740	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:08:53 UTC	652	OUT	GET /31-te HTTP/1.1 Host: t.ly Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-20 14:08:54 UTC	835	IN	HTTP/1.1 302 Found Date: Wed, 20 Nov 2024 14:08:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: public, max-age=600, stale-if-error=86400, stale-while-revalidate=600, no-store location: https://bradenonlinesalesllc.com/n/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9WjJGaWVWRT0mdWlkPVVTRVIxMDA3MjAyNFVOSVFVRTEyNTYwNzEwMTgyMDI0MjAyNDA3MTA1NjEyMTg=N0123N x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-whom: tly-app x-do-app-origin: 86336e98-11a6-477d-b2fb-e3113d9e1e21 x-do-orig-status: 302 Vary: Accept-Encoding CF-Cache-Status: MISS Server-Timing: cfCacheStatus;desc="MISS" Strict-Transport-Security: max-age=15552000; includeSubDomains; preload Server: cloudflare CF-RAY: 8e5903c0ebfdc477-EWR alt-svc: h3=":443"; ma=86400
2024-11-20 14:08:54 UTC	534	IN	Data Raw: 35 32 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 27 68 74 74 70 73 3a 2f 2f 62 72 61 64 65 6e 6f 6e 6c 69 6e 65 73 61 6c 65 73 6c 6c 63 2e 63 6f 6d 2f 6e 2f 3f 63 33 59 39 62 7a 4d 32 4e 56 38 78 58 33 5a 76 61 57 4e 6c 4a 6e 4a 68 62 6d 51 39 57 6a 4a 47 61 57 56 57 52 54 30 6d 64 57 6c 6b 50 56 56 54 52 56 49 78 4d 44 41 33 4d 6a 41 79 4e 46 56 4f 53 56 46 56 52 54 45 79 4e 54 59 77 4e 7a 45 77 4d 54 67 79 4d 44 49 30 4d 6a 41 79 4e 44 41 33 Data Ascii: 527<!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='https://bradenonlinesalesllc.com/n/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9WjJGaWVWRT0mdWlkPVVTRVIxMDA3MjAyNFVOSVFVRTEyNTYwNzEwMTgyMDI0MjAyNDA3
2024-11-20 14:08:54 UTC	792	IN	Data Raw: 61 64 65 6e 6f 6e 6c 69 6e 65 73 61 6c 65 73 6c 6c 63 2e 63 6f 6d 2f 6e 2f 3f 63 33 59 39 62 7a 4d 32 4e 56 38 78 58 33 5a 76 61 57 4e 6c 4a 6e 4a 68 62 6d 51 39 57 6a 4a 47 61 57 56 57 52 54 30 6d 64 57 6c 6b 50 56 56 54 52 56 49 78 4d 44 41 33 4d 6a 41 79 4e 46 56 4f 53 56 46 56 52 54 45 79 4e 54 59 77 4e 7a 45 77 4d 54 67 79 4d 44 49 30 4d 6a 41 79 4e 44 41 33 4d 54 41 31 4e 6a 45 79 4d 54 67 3d 4e 30 31 32 33 4e 22 3e 68 74 74 70 73 3a 2f 2f 62 72 61 64 65 6e 6f 6e 6c 69 6e 65 73 61 6c 65 73 6c 6c 63 2e 63 6f 6d 2f 6e 2f 3f 63 33 59 39 62 7a 4d 32 4e 56 38 78 58 33 5a 76 61 57 4e 6c 4a 6e 4a 68 62 6d 51 39 57 6a 4a 47 61 57 56 57 52 54 30 6d 64 57 6c 6b 50 56 56 54 52 56 49 78 4d 44 41 33 4d 6a 41 79 4e 46 56 4f 53 56 46 56 52 54 45 79 4e 54 59 77 4e Data Ascii: adenonlinesalesllc.com/n/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9WjJGaWVWRT0mdWlkPVVTRVIxMDA3MjAyNFVOSVFVRTEyNTYwNzEwMTgyMDI0MjAyNDA3MTA1NjEyMTg=N0123N">https://bradenonlinesalesllc.com/n/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9WjJGaWVWRT0mdWlkPVVTRVIxMDA3MjAyNFVOSVFVRTEyNTYwN
2024-11-20 14:08:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49740	23.218.208.109	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:08:56 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-20 14:08:56 UTC	465	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF57) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=9390 Date: Wed, 20 Nov 2024 14:08:56 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49741	23.218.208.109	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:08:58 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-20 14:08:59 UTC	533	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=9352 Date: Wed, 20 Nov 2024 14:08:58 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-20 14:08:59 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49742	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:06 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=LM+ugVDOZVU1Ea8&MD=nCkRpfYD HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-20 14:09:07 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 94e4aba9-a7ac-42a3-94a2-a390e5f3d3ae MS-RequestId: 1fa9efd0-c785-4117-bb7f-8c427e7fbe41 MS-CV: bL55uAIw7UaGpUX4.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 20 Nov 2024 14:09:06 GMT Connection: close Content-Length: 24490
2024-11-20 14:09:07 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-20 14:09:07 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.4	49748	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:42 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:42 UTC	471	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:42 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Tue, 19 Nov 2024 13:10:03 GMT ETag: "0x8DD089B7B2F27B3" x-ms-request-id: 082f1a68-301e-005d-348c-3ae448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140942Z-185f5d8b95cdh56ghC1NYCk1x4000000046000000000cyut x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:42 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-20 14:09:43 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-11-20 14:09:43 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-11-20 14:09:43 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-11-20 14:09:43 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-11-20 14:09:43 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-11-20 14:09:43 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-11-20 14:09:43 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-11-20 14:09:43 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-11-20 14:09:43 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.4	49752	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:45 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:45 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:45 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: 8753231e-501e-008f-038c-3a9054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140945Z-185f5d8b95cx9g8lhC1NYCtgvc00000002p000000000kpe9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:45 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.4	49751	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:45 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:45 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:45 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: ac6669be-e01e-003c-668c-3ac70b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140945Z-1777c6cb7544nvmshC1TEBf7qc00000009dg00000000n20b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:45 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.4	49753	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:45 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:46 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:45 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: e579fe48-a01e-001e-648c-3a49ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140945Z-1777c6cb754j8gqphC1TEB5bf800000009m000000000dqq2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:46 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.4	49749	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:45 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:46 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:45 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: f909c6c7-c01e-0049-518c-3aac27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140945Z-185f5d8b95ckwnflhC1NYCx9qs0000000adg00000000b2a6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:46 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.4	49750	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:45 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:46 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:45 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: d9470d89-501e-0047-17f3-3ace6c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140945Z-185f5d8b95crl6swhC1NYC3ueg0000000aeg00000000hn2k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:46 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49754	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:46 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=LM+ugVDOZVU1Ea8&MD=nCkRpfYD HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-20 14:09:47 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 616bcf7a-adcd-4153-9fae-3f3e16ba16b3 MS-RequestId: 72728402-f9d4-4f4d-9397-ab7d0360d4e5 MS-CV: dFEBaiJxlU2JXP1N.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 20 Nov 2024 14:09:46 GMT Connection: close Content-Length: 30005
2024-11-20 14:09:47 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-11-20 14:09:47 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.4	49755	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:47 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:48 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:47 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 3126d9de-f01e-0099-4d8c-3a9171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140947Z-185f5d8b95ctl8xlhC1NYCn94g0000000af0000000006b38 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:48 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.4	49756	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:47 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:48 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:48 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: bfe6cc7a-201e-006e-7e8c-3abbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140948Z-185f5d8b95c4bhwphC1NYCs8gw0000000aeg00000000f0bq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:48 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.4	49757	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:47 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:48 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:48 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 1e988f1d-b01e-0070-1b8c-3a1cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140948Z-r1d97b99577ckpmjhC1TEBrzs0000000090000000000ad0w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:48 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.4	49759	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:47 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:48 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:48 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: 7f65a9a1-801e-0067-788c-3afe30000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140948Z-1777c6cb7544n7p6hC1TEByvb400000009v000000000ah38 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:48 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	49758	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:47 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:48 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:48 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 70a275ef-201e-0051-048c-3a7340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140948Z-1777c6cb754xlpjshC1TEBv8cc00000009qg00000000ra91 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:48 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49760	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:49 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:50 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:50 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 79148a84-101e-0017-578c-3a47c7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140950Z-1777c6cb754j8gqphC1TEB5bf800000009q00000000049mh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:50 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49761	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:49 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:50 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:50 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: eb1ded04-b01e-0097-298c-3a4f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140950Z-185f5d8b95crwqd8hC1NYCps680000000a8g00000000mw3d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:50 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49762	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:50 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:50 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:50 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: bdf962e5-c01e-0066-1b8c-3aa1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140950Z-r1d97b995774n5h6hC1TEBvf8400000009000000000050wr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:50 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49763	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:50 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:50 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:50 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: a1d80e42-301e-0096-338c-3ae71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140950Z-r1d97b99577656nchC1TEBk98c00000008wg00000000hg9c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:50 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49764	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:50 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:50 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:50 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: b82db720-b01e-0053-528c-3acdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140950Z-185f5d8b95crwqd8hC1NYCps680000000a9000000000hm0c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:50 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49766	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:52 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:52 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:52 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 4a7db69e-a01e-0084-45ec-3a9ccd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140952Z-185f5d8b95c68cvnhC1NYCfn7s0000000adg000000002txd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:52 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49767	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:52 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:52 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:52 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: b82db7f7-b01e-0053-188c-3acdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140952Z-185f5d8b95cqnkdjhC1NYCm8w80000000a7g0000000082ns x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:52 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49768	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:52 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:52 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:52 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 76a157b4-e01e-00aa-258c-3aceda000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140952Z-r1d97b99577kk29chC1TEBemmg00000008yg00000000fpwe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:52 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49769	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:52 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:52 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:52 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 302bdaed-601e-003e-338c-3a3248000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140952Z-185f5d8b95ctl8xlhC1NYCn94g0000000aeg0000000097eb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:52 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49770	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:52 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:53 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:52 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: a1cde93a-f01e-0020-638c-3a956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140952Z-185f5d8b95csp6jmhC1NYCwy6s0000000a7000000000mr3r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:53 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49772	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:54 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:54 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:54 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 107b228c-c01e-00a2-1f8c-3a2327000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140954Z-1777c6cb754j47wfhC1TEB5wrw00000005m0000000005enu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:54 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49771	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:54 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:54 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:54 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 0f1ce2f4-701e-0001-5e8c-3ab110000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140954Z-1777c6cb754gvvgfhC1TEBz4rg00000009n000000000qk9w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:54 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49773	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:54 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:54 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:54 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 70a27cfc-201e-0051-268c-3a7340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140954Z-1777c6cb7549j9hhhC1TEBzmcc00000009m000000000d9nm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:54 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49774	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:54 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:55 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:54 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 70a27cfa-201e-0051-248c-3a7340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140954Z-r1d97b9957789nh9hC1TEBxha8000000093g000000008s02 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:55 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49775	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:54 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:55 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:55 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 947c7cf8-001e-00a2-018c-3ad4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140955Z-r1d97b99577mrt4rhC1TEBftkc00000008tg00000000g90c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:55 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49777	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:56 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:57 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:56 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: be70ec4e-301e-000c-088c-3a323f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140956Z-185f5d8b95c4hl5whC1NYCeex00000000a8000000000eb26 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:57 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49779	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:56 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:57 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:57 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: c6b0c23f-801e-0048-738c-3af3fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140957Z-r1d97b995774n5h6hC1TEBvf84000000090g000000003are x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:57 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49778	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:56 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:57 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:57 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 7f65af6f-801e-0067-5f8c-3afe30000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140957Z-185f5d8b95cdcwrthC1NYCy5b80000000aa000000000d5yg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:57 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49781	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:56 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:57 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:57 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 65766a7e-a01e-0002-4f8c-3a5074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140957Z-185f5d8b95c4vwv8hC1NYCy4v40000000ae000000000hzr5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:57 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49780	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:56 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:57 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:57 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: 657669b3-a01e-0002-118c-3a5074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140957Z-r1d97b99577dd2gchC1TEBz5ys00000008q000000000m0nc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:57 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49782	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:58 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:59 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:59 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 65766a9d-a01e-0002-6d8c-3a5074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140959Z-1777c6cb754dqf99hC1TEB5nps00000009f000000000kr73 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:59 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49783	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:59 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:59 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:59 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: fdab78a3-101e-005a-1d8c-3a882b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140959Z-185f5d8b95c95vpshC1NYC759c0000000a9000000000md5d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:59 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	49784	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:59 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:59 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:59 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: 538c974f-101e-0028-648c-3a8f64000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140959Z-r1d97b995774zjnrhC1TEBv1ww00000008vg00000000evk7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:59 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	49785	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:59 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:59 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:59 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: ac667451-e01e-003c-3e8c-3ac70b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140959Z-185f5d8b95c68cvnhC1NYCfn7s0000000a7g00000000s31m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:59 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	49786	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:59 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:09:59 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:59 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: f14fa7ac-201e-000c-4a8c-3a79c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T140959Z-1777c6cb7544nvmshC1TEBf7qc00000009eg00000000g0b2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:09:59 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	49787	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:01 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:01 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:01 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 70a27ff5-201e-0051-4e8c-3a7340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141001Z-185f5d8b95cmd8vfhC1NYC0g40000000067g00000000bw2b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:01 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	49788	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:01 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:01 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:01 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: e83eb970-001e-0046-777e-3ada4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141001Z-185f5d8b95c4bhwphC1NYCs8gw0000000abg00000000rzhq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:01 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	49791	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:01 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:02 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:01 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: 89a68f82-d01e-0066-4c17-3bea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141001Z-r1d97b99577ckpmjhC1TEBrzs00000000920000000005ycz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:02 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	49789	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:01 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:02 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:01 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: feb02638-401e-0067-7b8c-3a09c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141001Z-185f5d8b95crwqd8hC1NYCps680000000a8000000000qy0s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:02 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	49790	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:01 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:02 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:01 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: bfe6d614-201e-006e-7a8c-3abbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141001Z-r1d97b99577ckpmjhC1TEBrzs000000009100000000088s6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:02 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49792	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:03 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:03 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:03 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 62f36519-501e-0016-468c-3a181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141003Z-185f5d8b95cf7qddhC1NYC66an0000000abg00000000hwh9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:03 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49793	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:03 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:04 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:03 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 7511d71d-801e-0083-6e8c-3af0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141003Z-1777c6cb754lv4cqhC1TEB13us00000009n000000000kr91 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:04 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49795	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:03 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:04 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:04 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: e456cfdf-c01e-0014-248c-3aa6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141004Z-185f5d8b95ctl8xlhC1NYCn94g0000000aag00000000pt14 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:04 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49794	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:03 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:04 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:04 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: c1a1e3cb-901e-005b-1f8c-3a2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141004Z-185f5d8b95cf7qddhC1NYC66an0000000acg00000000euaw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:04 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	49796	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:03 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:04 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:04 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: 5b8b83f7-201e-0033-0b8c-3ab167000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141004Z-185f5d8b95crl6swhC1NYC3ueg0000000acg00000000rzgg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:04 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	49797	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:05 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:06 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:05 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: a1cdeef9-f01e-0020-348c-3a956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141005Z-r1d97b99577l6wbzhC1TEB3fwn000000094g000000005ah6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:06 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	49800	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:06 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:06 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:06 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 7511da03-801e-0083-3b8c-3af0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141006Z-185f5d8b95c68cvnhC1NYCfn7s0000000aag00000000g4eq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:06 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	49799	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:06 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:06 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:06 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 5cb5275b-201e-0033-36eb-3ab167000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141006Z-r1d97b99577kk29chC1TEBemmg00000008yg00000000fqrd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:06 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	49798	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:06 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:06 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:06 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 0514cbb3-901e-00ac-0281-3ab69e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141006Z-185f5d8b95cx9g8lhC1NYCtgvc00000002mg00000000qqth x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:06 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	49801	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:06 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:06 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:06 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: f8f789e1-e01e-0020-49f7-3ade90000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141006Z-r1d97b995774n5h6hC1TEBvf8400000008zg00000000741f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:06 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	49802	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:07 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:08 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:08 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 7bd180c9-401e-008c-0e8c-3a86c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141008Z-1777c6cb754n67brhC1TEBcp9c00000009rg00000000eed0 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:08 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.4	49803	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:08 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:08 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:08 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 2155a01d-401e-00a3-768c-3a8b09000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141008Z-185f5d8b95cwtv72hC1NYC141w0000000a8000000000dmtp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:08 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.4	49804	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:08 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:08 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:08 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 5633ff77-c01e-0014-30eb-3aa6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141008Z-r1d97b99577mrt4rhC1TEBftkc00000008x00000000064y5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:08 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	49805	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:08 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:08 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:08 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: 538c9d0d-101e-0028-1c8c-3a8f64000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141008Z-185f5d8b95cjbkr4hC1NYCeu240000000a4g00000000kysy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:08 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	49806	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:08 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:08 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:08 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: 8e68b2a4-701e-005c-1a8c-3abb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141008Z-1777c6cb754xlpjshC1TEBv8cc00000009x00000000047ss x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:08 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	49807	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:10 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:10 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:10 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: f37cb76d-d01e-0017-2085-3ab035000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141010Z-1777c6cb754mrj2shC1TEB6k7w00000009xg000000001qw7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:10 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.4	49808	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:10 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:11 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:10 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 961908b5-401e-0016-178c-3a53e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141010Z-185f5d8b95c4hl5whC1NYCeex00000000a6000000000mcx9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:11 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	49811	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:10 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:11 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:10 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: 5c70d6ce-001e-00ad-368c-3a554b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141010Z-1777c6cb754n67brhC1TEBcp9c00000009q000000000kres x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:11 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	49809	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:10 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:11 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:10 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: af4852c5-601e-000d-3a8c-3a2618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141010Z-185f5d8b95c5lcmhhC1NYCsnsw0000000af0000000005y5z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:11 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.4	49810	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:10 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:11 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:11 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: 38897a0b-401e-000a-7a8c-3a4a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141011Z-1777c6cb754vxwc9hC1TEBykgw00000009m000000000mdve x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:11 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	49812	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:12 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:13 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:12 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 733c43f5-901e-007b-0e8c-3aac50000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141012Z-1777c6cb754j8gqphC1TEB5bf800000009ng000000009n4v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:13 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.4	49814	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:12 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:13 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:13 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: d35eaebc-501e-0064-178c-3a1f54000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141013Z-1777c6cb754xlpjshC1TEBv8cc00000009v000000000ay72 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:13 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.4	49813	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:12 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:13 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:13 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: 0cd4e810-101e-0079-148c-3a5913000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141013Z-185f5d8b95cgrrn8hC1NYCgwh40000000a5g00000000gs4s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:13 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.4	49815	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:12 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:13 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:13 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: 495def62-b01e-0098-458c-3acead000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141013Z-185f5d8b95c9mqtvhC1NYCghtc0000000ae000000000aekb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:13 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.4	49816	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:13 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:13 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:13 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 9cc78053-901e-008f-7b8c-3a67a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141013Z-1777c6cb7544n7p6hC1TEByvb400000009x00000000040q2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:13 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.4	49817	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:14 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:15 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:15 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: bfe6dbcf-201e-006e-678c-3abbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141015Z-185f5d8b95c9mqtvhC1NYCghtc0000000af0000000005cgz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:15 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.4	49818	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:15 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:15 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:15 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: 41283c59-801e-0015-058c-3af97f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141015Z-1777c6cb7544n7p6hC1TEByvb400000009rg00000000kmsy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:15 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.4	49820	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:15 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:15 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:15 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 5c5a59ff-301e-003f-5b8c-3a266f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141015Z-r1d97b995777mdbwhC1TEBezag000000090g000000002vbe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:15 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.4	49819	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:15 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:15 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:15 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 9cb1ed33-701e-0021-398c-3a3d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141015Z-185f5d8b95c68cvnhC1NYCfn7s0000000ae00000000001pc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:15 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.4	49821	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:15 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:15 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:15 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: 4f8e9926-c01e-00ad-7c8c-3aa2b9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141015Z-185f5d8b95cgrrn8hC1NYCgwh40000000a8g0000000051cz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:15 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5940, Parent PID: 3568

General

Target ID:	0
Start time:	09:08:45
Start date:	20/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1740, Parent PID: 5940

General

Target ID:	2
Start time:	09:08:48
Start date:	20/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1980,i,3477016076006715460,3977212518384502136,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6292, Parent PID: 3568

General

Target ID:	3
Start time:	09:08:51
Start date:	20/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.ly/31-te"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://t.ly/31-te

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5940, Parent PID: 3568

General

Chronological Activities

Analysis Process: chrome.exePID: 1740, Parent PID: 5940

General

Chronological Activities

Analysis Process: chrome.exePID: 6292, Parent PID: 3568

General

Chronological Activities

Disassembly

Windows Analysis Report
https://t.ly/31-te