Edit tour

Windows Analysis Report
https://u16183263.ct.sendgrid.net/wf/open?upn=u001.LbdK8BCmU4cThiZUgdj4O-2Brr7LEZx9adUXCce-2BGqxhFKKedSwdGiUZlyaFCxouMP6yAHa3sE81XcktOA4ll-2F-2Boy7ZxURTcxJ6ei744zm-2FsW2VpgmU7-2BzW8SBWRXbSvxa569By3X8bKbLoXlQ-2B78Azs16ulbStIEH2RqQu1GHbt6OL-2Bbafh1KooCAVWas0SrOdoASj8TLtqJeMLSQ7E-2FDCF6lMDfiiOV-2Bm387S

Overview

General Information

Sample URL:	https://u16183263.ct.sendgrid.net/wf/open?upn=u001.LbdK8BCmU4cThiZUgdj4O-2Brr7LEZx9adUXCce-2BGqxhFKKedSwdGiUZlyaFCxouMP6yAHa3sE81XcktOA4ll-2F-2Boy7ZxURTcxJ6ei744zm-2FsW2VpgmU7-2BzW8SBWRXbSvxa569By3X8b
Analysis ID:	1559927
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5728 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4080 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2052,i,1542489696027141276,1030454398163110319,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6308 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u16183263.ct.sendgrid.net/wf/open?upn=u001.LbdK8BCmU4cThiZUgdj4O-2Brr7LEZx9adUXCce-2BGqxhFKKedSwdGiUZlyaFCxouMP6yAHa3sE81XcktOA4ll-2F-2Boy7ZxURTcxJ6ei744zm-2FsW2VpgmU7-2BzW8SBWRXbSvxa569By3X8bKbLoXlQ-2B78Azs16ulbStIEH2RqQu1GHbt6OL-2Bbafh1KooCAVWas0SrOdoASj8TLtqJeMLSQ7E-2FDCF6lMDfiiOV-2Bm387S7bft9A-3D" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://u16183263.ct.sendgrid.net/wf/open?upn=u001.LbdK8BCmU4cThiZUgdj4O-2Brr7LEZx9adUXCce-2BGqxhFKKedSwdGiUZlyaFCxouMP6yAHa3sE81XcktOA4ll-2F-2Boy7ZxURTcxJ6ei744zm-2FsW2VpgmU7-2BzW8SBWRXbSvxa569By3X8bKbLoXlQ-2B78Azs16ulbStIEH2RqQu1GHbt6OL-2Bbafh1KooCAVWas0SrOdoASj8TLtqJeMLSQ7E-2FDCF6lMDfiiOV-2Bm387S7bft9A-3D

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49750 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.4:49735 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 167.89.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 167.89.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 167.89.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 167.89.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 167.89.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 167.89.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 167.89.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 167.89.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 167.89.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 167.89.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 167.89.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 167.89.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 167.89.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 167.89.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 167.89.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 167.89.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 167.89.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 167.89.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 167.89.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 167.89.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 167.89.118.28
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56

Source: global traffic	HTTP traffic detected: GET /wf/open?upn=u001.LbdK8BCmU4cThiZUgdj4O-2Brr7LEZx9adUXCce-2BGqxhFKKedSwdGiUZlyaFCxouMP6yAHa3sE81XcktOA4ll-2F-2Boy7ZxURTcxJ6ei744zm-2FsW2VpgmU7-2BzW8SBWRXbSvxa569By3X8bKbLoXlQ-2B78Azs16ulbStIEH2RqQu1GHbt6OL-2Bbafh1KooCAVWas0SrOdoASj8TLtqJeMLSQ7E-2FDCF6lMDfiiOV-2Bm387S7bft9A-3D HTTP/1.1Host: u16183263.ct.sendgrid.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: u16183263.ct.sendgrid.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://u16183263.ct.sendgrid.net/wf/open?upn=u001.LbdK8BCmU4cThiZUgdj4O-2Brr7LEZx9adUXCce-2BGqxhFKKedSwdGiUZlyaFCxouMP6yAHa3sE81XcktOA4ll-2F-2Boy7ZxURTcxJ6ei744zm-2FsW2VpgmU7-2BzW8SBWRXbSvxa569By3X8bKbLoXlQ-2B78Azs16ulbStIEH2RqQu1GHbt6OL-2Bbafh1KooCAVWas0SrOdoASj8TLtqJeMLSQ7E-2FDCF6lMDfiiOV-2Bm387S7bft9A-3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=g78oe88YOKk82sY&MD=OzyWVgad HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=g78oe88YOKk82sY&MD=OzyWVgad HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: global traffic	DNS traffic detected: DNS query: u16183263.ct.sendgrid.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 21 Nov 2024 06:21:22 GMTContent-Type: text/htmlContent-Length: 564Connection: close

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49750 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@16/2@4/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2052,i,1542489696027141276,1030454398163110319,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u16183263.ct.sendgrid.net/wf/open?upn=u001.LbdK8BCmU4cThiZUgdj4O-2Brr7LEZx9adUXCce-2BGqxhFKKedSwdGiUZlyaFCxouMP6yAHa3sE81XcktOA4ll-2F-2Boy7ZxURTcxJ6ei744zm-2FsW2VpgmU7-2BzW8SBWRXbSvxa569By3X8bKbLoXlQ-2B78Azs16ulbStIEH2RqQu1GHbt6OL-2Bbafh1KooCAVWas0SrOdoASj8TLtqJeMLSQ7E-2FDCF6lMDfiiOV-2Bm387S7bft9A-3D"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2052,i,1542489696027141276,1030454398163110319,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://u16183263.ct.sendgrid.net/wf/open?upn=u001.LbdK8BCmU4cThiZUgdj4O-2Brr7LEZx9adUXCce-2BGqxhFKKedSwdGiUZlyaFCxouMP6yAHa3sE81XcktOA4ll-2F-2Boy7ZxURTcxJ6ei744zm-2FsW2VpgmU7-2BzW8SBWRXbSvxa569By3X8bKbLoXlQ-2B78Azs16ulbStIEH2RqQu1GHbt6OL-2Bbafh1KooCAVWas0SrOdoASj8TLtqJeMLSQ7E-2FDCF6lMDfiiOV-2Bm387S7bft9A-3D	0%	Avira URL Cloud	safe
https://u16183263.ct.sendgrid.net/wf/open?upn=u001.LbdK8BCmU4cThiZUgdj4O-2Brr7LEZx9adUXCce-2BGqxhFKKedSwdGiUZlyaFCxouMP6yAHa3sE81XcktOA4ll-2F-2Boy7ZxURTcxJ6ei744zm-2FsW2VpgmU7-2BzW8SBWRXbSvxa569By3X8bKbLoXlQ-2B78Azs16ulbStIEH2RqQu1GHbt6OL-2Bbafh1KooCAVWas0SrOdoASj8TLtqJeMLSQ7E-2FDCF6lMDfiiOV-2Bm387S7bft9A-3D	1%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
u16183263.ct.sendgrid.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://u16183263.ct.sendgrid.net/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	142.250.186.36	true	false		high
u16183263.ct.sendgrid.net	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://u16183263.ct.sendgrid.net/wf/open?upn=u001.LbdK8BCmU4cThiZUgdj4O-2Brr7LEZx9adUXCce-2BGqxhFKKedSwdGiUZlyaFCxouMP6yAHa3sE81XcktOA4ll-2F-2Boy7ZxURTcxJ6ei744zm-2FsW2VpgmU7-2BzW8SBWRXbSvxa569By3X8bKbLoXlQ-2B78Azs16ulbStIEH2RqQu1GHbt6OL-2Bbafh1KooCAVWas0SrOdoASj8TLtqJeMLSQ7E-2FDCF6lMDfiiOV-2Bm387S7bft9A-3D	false		unknown
https://u16183263.ct.sendgrid.net/favicon.ico	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.36	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
167.89.118.28	unknown	United States	11377	SENDGRIDUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1559927
Start date and time:	2024-11-21 07:20:22 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 54s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://u16183263.ct.sendgrid.net/wf/open?upn=u001.LbdK8BCmU4cThiZUgdj4O-2Brr7LEZx9adUXCce-2BGqxhFKKedSwdGiUZlyaFCxouMP6yAHa3sE81XcktOA4ll-2F-2Boy7ZxURTcxJ6ei744zm-2FsW2VpgmU7-2BzW8SBWRXbSvxa569By3X8bKbLoXlQ-2B78Azs16ulbStIEH2RqQu1GHbt6OL-2Bbafh1KooCAVWas0SrOdoASj8TLtqJeMLSQ7E-2FDCF6lMDfiiOV-2Bm387S7bft9A-3D
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@16/2@4/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.131, 142.250.185.238, 74.125.133.84, 34.104.35.123, 199.232.210.172, 192.229.221.95, 142.250.185.195
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, otelrules.azureedge.net, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: https://sendgrid.net Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://sendgrid.net

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 40

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	564
Entropy (8bit):	4.72971822420855
Encrypted:	false
SSDEEP:	12:TjeRHdHiHZdtklI5r8INGlTF5TF5TF5TF5TF5TFK:neRH988DTPTPTPTPTPTc
MD5:	8E325DC2FEA7C8900FC6C4B8C6C394FE
SHA1:	1B3291D4EEA179C84145B2814CB53E6A506EC201
SHA-256:	0B52C5338AF355699530A47683420E48C7344E779D3E815FF9943CBFDC153CF2
SHA-512:	084C608F1F860FB08EF03B155658EA9988B3628D3C0F0E9561FDFF930E5912004CDDBCC43B1FA90C21FE7F5A481AC47C64B8CAA066C2BDF3CF533E152BF96C14
Malicious:	false
Reputation:	low
URL:	https://u16183263.ct.sendgrid.net/favicon.ico
Preview:	<html>..<head><title>404 Not Found</title></head>..<body bgcolor="white">..<center><h1>404 Not Found</h1></center>..<hr><center>nginx</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 21, 2024 07:21:16.869837999 CET	49675	443	192.168.2.4	173.222.162.32
Nov 21, 2024 07:21:19.052344084 CET	49735	53	192.168.2.4	1.1.1.1
Nov 21, 2024 07:21:19.171921968 CET	53	49735	1.1.1.1	192.168.2.4
Nov 21, 2024 07:21:19.172116041 CET	49735	53	192.168.2.4	1.1.1.1
Nov 21, 2024 07:21:19.172116995 CET	49735	53	192.168.2.4	1.1.1.1
Nov 21, 2024 07:21:19.172116995 CET	49735	53	192.168.2.4	1.1.1.1
Nov 21, 2024 07:21:19.292037010 CET	53	49735	1.1.1.1	192.168.2.4
Nov 21, 2024 07:21:19.292054892 CET	53	49735	1.1.1.1	192.168.2.4
Nov 21, 2024 07:21:20.306065083 CET	53	49735	1.1.1.1	192.168.2.4
Nov 21, 2024 07:21:20.308901072 CET	49738	443	192.168.2.4	167.89.118.28
Nov 21, 2024 07:21:20.308998108 CET	443	49738	167.89.118.28	192.168.2.4
Nov 21, 2024 07:21:20.308999062 CET	49735	53	192.168.2.4	1.1.1.1
Nov 21, 2024 07:21:20.309082985 CET	49738	443	192.168.2.4	167.89.118.28
Nov 21, 2024 07:21:20.309699059 CET	49739	443	192.168.2.4	167.89.118.28
Nov 21, 2024 07:21:20.309746981 CET	443	49739	167.89.118.28	192.168.2.4
Nov 21, 2024 07:21:20.309811115 CET	49739	443	192.168.2.4	167.89.118.28
Nov 21, 2024 07:21:20.309941053 CET	49738	443	192.168.2.4	167.89.118.28
Nov 21, 2024 07:21:20.309981108 CET	443	49738	167.89.118.28	192.168.2.4
Nov 21, 2024 07:21:20.310144901 CET	49739	443	192.168.2.4	167.89.118.28
Nov 21, 2024 07:21:20.310165882 CET	443	49739	167.89.118.28	192.168.2.4
Nov 21, 2024 07:21:20.430355072 CET	53	49735	1.1.1.1	192.168.2.4
Nov 21, 2024 07:21:20.432475090 CET	49735	53	192.168.2.4	1.1.1.1
Nov 21, 2024 07:21:21.269088984 CET	49740	443	192.168.2.4	142.250.186.36
Nov 21, 2024 07:21:21.269121885 CET	443	49740	142.250.186.36	192.168.2.4
Nov 21, 2024 07:21:21.269251108 CET	49740	443	192.168.2.4	142.250.186.36
Nov 21, 2024 07:21:21.269467115 CET	49740	443	192.168.2.4	142.250.186.36
Nov 21, 2024 07:21:21.269479990 CET	443	49740	142.250.186.36	192.168.2.4
Nov 21, 2024 07:21:21.573950052 CET	49741	443	192.168.2.4	184.28.90.27
Nov 21, 2024 07:21:21.574039936 CET	443	49741	184.28.90.27	192.168.2.4
Nov 21, 2024 07:21:21.574155092 CET	49741	443	192.168.2.4	184.28.90.27
Nov 21, 2024 07:21:21.575828075 CET	49741	443	192.168.2.4	184.28.90.27
Nov 21, 2024 07:21:21.575865030 CET	443	49741	184.28.90.27	192.168.2.4
Nov 21, 2024 07:21:22.180207014 CET	443	49738	167.89.118.28	192.168.2.4
Nov 21, 2024 07:21:22.180495024 CET	49738	443	192.168.2.4	167.89.118.28
Nov 21, 2024 07:21:22.180558920 CET	443	49738	167.89.118.28	192.168.2.4
Nov 21, 2024 07:21:22.182068110 CET	443	49738	167.89.118.28	192.168.2.4
Nov 21, 2024 07:21:22.182142973 CET	49738	443	192.168.2.4	167.89.118.28
Nov 21, 2024 07:21:22.183248043 CET	49738	443	192.168.2.4	167.89.118.28
Nov 21, 2024 07:21:22.183409929 CET	443	49738	167.89.118.28	192.168.2.4
Nov 21, 2024 07:21:22.183610916 CET	49738	443	192.168.2.4	167.89.118.28
Nov 21, 2024 07:21:22.183629036 CET	443	49738	167.89.118.28	192.168.2.4
Nov 21, 2024 07:21:22.223987103 CET	443	49739	167.89.118.28	192.168.2.4
Nov 21, 2024 07:21:22.224246025 CET	49739	443	192.168.2.4	167.89.118.28
Nov 21, 2024 07:21:22.224309921 CET	443	49739	167.89.118.28	192.168.2.4
Nov 21, 2024 07:21:22.227921009 CET	443	49739	167.89.118.28	192.168.2.4
Nov 21, 2024 07:21:22.228008986 CET	49739	443	192.168.2.4	167.89.118.28
Nov 21, 2024 07:21:22.228389025 CET	49739	443	192.168.2.4	167.89.118.28
Nov 21, 2024 07:21:22.228569031 CET	443	49739	167.89.118.28	192.168.2.4
Nov 21, 2024 07:21:22.234900951 CET	49738	443	192.168.2.4	167.89.118.28
Nov 21, 2024 07:21:22.282182932 CET	49739	443	192.168.2.4	167.89.118.28
Nov 21, 2024 07:21:22.282192945 CET	443	49739	167.89.118.28	192.168.2.4
Nov 21, 2024 07:21:22.327862978 CET	49739	443	192.168.2.4	167.89.118.28
Nov 21, 2024 07:21:22.603203058 CET	443	49738	167.89.118.28	192.168.2.4
Nov 21, 2024 07:21:22.603480101 CET	443	49738	167.89.118.28	192.168.2.4
Nov 21, 2024 07:21:22.603544950 CET	49738	443	192.168.2.4	167.89.118.28
Nov 21, 2024 07:21:22.604341030 CET	49738	443	192.168.2.4	167.89.118.28
Nov 21, 2024 07:21:22.604372025 CET	443	49738	167.89.118.28	192.168.2.4
Nov 21, 2024 07:21:22.649399996 CET	49739	443	192.168.2.4	167.89.118.28
Nov 21, 2024 07:21:22.695334911 CET	443	49739	167.89.118.28	192.168.2.4
Nov 21, 2024 07:21:22.703860998 CET	443	49740	142.250.186.36	192.168.2.4
Nov 21, 2024 07:21:22.704144955 CET	49740	443	192.168.2.4	142.250.186.36
Nov 21, 2024 07:21:22.704155922 CET	443	49740	142.250.186.36	192.168.2.4
Nov 21, 2024 07:21:22.705353022 CET	443	49740	142.250.186.36	192.168.2.4
Nov 21, 2024 07:21:22.705420017 CET	49740	443	192.168.2.4	142.250.186.36
Nov 21, 2024 07:21:22.706429005 CET	49740	443	192.168.2.4	142.250.186.36
Nov 21, 2024 07:21:22.706495047 CET	443	49740	142.250.186.36	192.168.2.4
Nov 21, 2024 07:21:22.761357069 CET	49740	443	192.168.2.4	142.250.186.36
Nov 21, 2024 07:21:22.761369944 CET	443	49740	142.250.186.36	192.168.2.4
Nov 21, 2024 07:21:22.807776928 CET	49740	443	192.168.2.4	142.250.186.36
Nov 21, 2024 07:21:23.074362993 CET	443	49741	184.28.90.27	192.168.2.4
Nov 21, 2024 07:21:23.074450970 CET	49741	443	192.168.2.4	184.28.90.27
Nov 21, 2024 07:21:23.074665070 CET	443	49739	167.89.118.28	192.168.2.4
Nov 21, 2024 07:21:23.074769974 CET	443	49739	167.89.118.28	192.168.2.4
Nov 21, 2024 07:21:23.075122118 CET	49739	443	192.168.2.4	167.89.118.28
Nov 21, 2024 07:21:23.078085899 CET	49741	443	192.168.2.4	184.28.90.27
Nov 21, 2024 07:21:23.078099012 CET	443	49741	184.28.90.27	192.168.2.4
Nov 21, 2024 07:21:23.078505039 CET	443	49741	184.28.90.27	192.168.2.4
Nov 21, 2024 07:21:23.079669952 CET	49739	443	192.168.2.4	167.89.118.28
Nov 21, 2024 07:21:23.079685926 CET	443	49739	167.89.118.28	192.168.2.4
Nov 21, 2024 07:21:23.118424892 CET	49741	443	192.168.2.4	184.28.90.27
Nov 21, 2024 07:21:23.327485085 CET	49741	443	192.168.2.4	184.28.90.27
Nov 21, 2024 07:21:23.375355005 CET	443	49741	184.28.90.27	192.168.2.4
Nov 21, 2024 07:21:23.768527985 CET	443	49741	184.28.90.27	192.168.2.4
Nov 21, 2024 07:21:23.768609047 CET	443	49741	184.28.90.27	192.168.2.4
Nov 21, 2024 07:21:23.768661976 CET	49741	443	192.168.2.4	184.28.90.27
Nov 21, 2024 07:21:23.768753052 CET	49741	443	192.168.2.4	184.28.90.27
Nov 21, 2024 07:21:23.768779993 CET	443	49741	184.28.90.27	192.168.2.4
Nov 21, 2024 07:21:23.768795967 CET	49741	443	192.168.2.4	184.28.90.27
Nov 21, 2024 07:21:23.768802881 CET	443	49741	184.28.90.27	192.168.2.4
Nov 21, 2024 07:21:23.818156004 CET	49742	443	192.168.2.4	184.28.90.27
Nov 21, 2024 07:21:23.818201065 CET	443	49742	184.28.90.27	192.168.2.4
Nov 21, 2024 07:21:23.818268061 CET	49742	443	192.168.2.4	184.28.90.27
Nov 21, 2024 07:21:23.818758965 CET	49742	443	192.168.2.4	184.28.90.27
Nov 21, 2024 07:21:23.818773031 CET	443	49742	184.28.90.27	192.168.2.4
Nov 21, 2024 07:21:25.319458961 CET	443	49742	184.28.90.27	192.168.2.4
Nov 21, 2024 07:21:25.319722891 CET	49742	443	192.168.2.4	184.28.90.27
Nov 21, 2024 07:21:25.320804119 CET	49742	443	192.168.2.4	184.28.90.27
Nov 21, 2024 07:21:25.320832968 CET	443	49742	184.28.90.27	192.168.2.4
Nov 21, 2024 07:21:25.321582079 CET	443	49742	184.28.90.27	192.168.2.4
Nov 21, 2024 07:21:25.323637962 CET	49742	443	192.168.2.4	184.28.90.27
Nov 21, 2024 07:21:25.367376089 CET	443	49742	184.28.90.27	192.168.2.4
Nov 21, 2024 07:21:25.876077890 CET	443	49742	184.28.90.27	192.168.2.4
Nov 21, 2024 07:21:25.876250982 CET	443	49742	184.28.90.27	192.168.2.4
Nov 21, 2024 07:21:25.876466036 CET	49742	443	192.168.2.4	184.28.90.27
Nov 21, 2024 07:21:25.877131939 CET	49742	443	192.168.2.4	184.28.90.27
Nov 21, 2024 07:21:25.877151966 CET	443	49742	184.28.90.27	192.168.2.4
Nov 21, 2024 07:21:25.877166033 CET	49742	443	192.168.2.4	184.28.90.27
Nov 21, 2024 07:21:25.877173901 CET	443	49742	184.28.90.27	192.168.2.4
Nov 21, 2024 07:21:29.999334097 CET	49743	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:21:29.999370098 CET	443	49743	4.245.163.56	192.168.2.4
Nov 21, 2024 07:21:29.999490023 CET	49743	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:21:30.001013041 CET	49743	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:21:30.001029015 CET	443	49743	4.245.163.56	192.168.2.4
Nov 21, 2024 07:21:31.865961075 CET	443	49743	4.245.163.56	192.168.2.4
Nov 21, 2024 07:21:31.866034031 CET	49743	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:21:31.871112108 CET	49743	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:21:31.871119022 CET	443	49743	4.245.163.56	192.168.2.4
Nov 21, 2024 07:21:31.871542931 CET	443	49743	4.245.163.56	192.168.2.4
Nov 21, 2024 07:21:31.915703058 CET	49743	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:21:32.493129969 CET	443	49740	142.250.186.36	192.168.2.4
Nov 21, 2024 07:21:32.493192911 CET	443	49740	142.250.186.36	192.168.2.4
Nov 21, 2024 07:21:32.493324995 CET	49740	443	192.168.2.4	142.250.186.36
Nov 21, 2024 07:21:33.136327982 CET	49740	443	192.168.2.4	142.250.186.36
Nov 21, 2024 07:21:33.136359930 CET	443	49740	142.250.186.36	192.168.2.4
Nov 21, 2024 07:21:33.522979975 CET	49743	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:21:33.563357115 CET	443	49743	4.245.163.56	192.168.2.4
Nov 21, 2024 07:21:34.138081074 CET	443	49743	4.245.163.56	192.168.2.4
Nov 21, 2024 07:21:34.138112068 CET	443	49743	4.245.163.56	192.168.2.4
Nov 21, 2024 07:21:34.138119936 CET	443	49743	4.245.163.56	192.168.2.4
Nov 21, 2024 07:21:34.138139009 CET	443	49743	4.245.163.56	192.168.2.4
Nov 21, 2024 07:21:34.138168097 CET	443	49743	4.245.163.56	192.168.2.4
Nov 21, 2024 07:21:34.138230085 CET	49743	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:21:34.138263941 CET	443	49743	4.245.163.56	192.168.2.4
Nov 21, 2024 07:21:34.138282061 CET	49743	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:21:34.138314962 CET	49743	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:21:34.159133911 CET	443	49743	4.245.163.56	192.168.2.4
Nov 21, 2024 07:21:34.159229040 CET	49743	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:21:34.159244061 CET	443	49743	4.245.163.56	192.168.2.4
Nov 21, 2024 07:21:34.159385920 CET	443	49743	4.245.163.56	192.168.2.4
Nov 21, 2024 07:21:34.159441948 CET	49743	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:21:35.461491108 CET	49743	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:21:35.461512089 CET	443	49743	4.245.163.56	192.168.2.4
Nov 21, 2024 07:21:35.461522102 CET	49743	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:21:35.461528063 CET	443	49743	4.245.163.56	192.168.2.4
Nov 21, 2024 07:21:37.705718994 CET	49723	80	192.168.2.4	199.232.214.172
Nov 21, 2024 07:21:37.825752020 CET	80	49723	199.232.214.172	192.168.2.4
Nov 21, 2024 07:21:37.825803041 CET	49723	80	192.168.2.4	199.232.214.172
Nov 21, 2024 07:22:11.898549080 CET	49749	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:22:11.898603916 CET	443	49749	4.245.163.56	192.168.2.4
Nov 21, 2024 07:22:11.898685932 CET	49749	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:22:11.899055004 CET	49749	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:22:11.899079084 CET	443	49749	4.245.163.56	192.168.2.4
Nov 21, 2024 07:22:12.183599949 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:12.183687925 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:12.183845997 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:12.184842110 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:12.184876919 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:13.638223886 CET	443	49749	4.245.163.56	192.168.2.4
Nov 21, 2024 07:22:13.638362885 CET	49749	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:22:13.641810894 CET	49749	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:22:13.641841888 CET	443	49749	4.245.163.56	192.168.2.4
Nov 21, 2024 07:22:13.642580986 CET	443	49749	4.245.163.56	192.168.2.4
Nov 21, 2024 07:22:13.652149916 CET	49749	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:22:13.695382118 CET	443	49749	4.245.163.56	192.168.2.4
Nov 21, 2024 07:22:13.913786888 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:13.913924932 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:13.915410042 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:13.915441036 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:13.915802002 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:13.923425913 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:13.967370987 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.336034060 CET	443	49749	4.245.163.56	192.168.2.4
Nov 21, 2024 07:22:14.336097956 CET	443	49749	4.245.163.56	192.168.2.4
Nov 21, 2024 07:22:14.336138010 CET	443	49749	4.245.163.56	192.168.2.4
Nov 21, 2024 07:22:14.336272955 CET	49749	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:22:14.336338997 CET	443	49749	4.245.163.56	192.168.2.4
Nov 21, 2024 07:22:14.336375952 CET	49749	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:22:14.336422920 CET	49749	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:22:14.376849890 CET	443	49749	4.245.163.56	192.168.2.4
Nov 21, 2024 07:22:14.376936913 CET	443	49749	4.245.163.56	192.168.2.4
Nov 21, 2024 07:22:14.376985073 CET	49749	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:22:14.377011061 CET	443	49749	4.245.163.56	192.168.2.4
Nov 21, 2024 07:22:14.377037048 CET	49749	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:22:14.377083063 CET	443	49749	4.245.163.56	192.168.2.4
Nov 21, 2024 07:22:14.377191067 CET	49749	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:22:14.377237082 CET	443	49749	4.245.163.56	192.168.2.4
Nov 21, 2024 07:22:14.377265930 CET	49749	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:22:14.377265930 CET	49749	443	192.168.2.4	4.245.163.56
Nov 21, 2024 07:22:14.377286911 CET	443	49749	4.245.163.56	192.168.2.4
Nov 21, 2024 07:22:14.377305031 CET	443	49749	4.245.163.56	192.168.2.4
Nov 21, 2024 07:22:14.388909101 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.388958931 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.388999939 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.389040947 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.389101982 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.389137983 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.389166117 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.572899103 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.572953939 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.572983027 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.573014021 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.573035955 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.573052883 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.621645927 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.621706963 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.621721983 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.621752977 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.621774912 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.621788025 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.748739004 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.748785019 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.748924017 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.748999119 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.749054909 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.785269976 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.785314083 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.785424948 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.785440922 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.785518885 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.806695938 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.806739092 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.806889057 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.806902885 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.806977034 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.827836990 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.827879906 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.827969074 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.827986956 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.828053951 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.935818911 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.935863018 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.936016083 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.936016083 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.936036110 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.936086893 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.951471090 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.951523066 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.951548100 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.951566935 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.951704025 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.951704025 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.967992067 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.968053102 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.968085051 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.968097925 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.968220949 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.968220949 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.984252930 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.984296083 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.984365940 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.984380007 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.984503031 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.984503031 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.999587059 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.999631882 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.999676943 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.999689102 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:14.999720097 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:14.999738932 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:15.112224102 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:15.112287998 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:15.112339020 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:15.112358093 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:15.112390995 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:15.112410069 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:15.116059065 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:15.116142988 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:15.116154909 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:15.116204023 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:15.116218090 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:15.116242886 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:15.116271973 CET	49750	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:15.116280079 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:15.116302013 CET	443	49750	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:15.169605017 CET	49751	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:15.169684887 CET	443	49751	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:15.169771910 CET	49751	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:15.170535088 CET	49752	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:15.170578003 CET	443	49752	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:15.170655012 CET	49752	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:15.171139956 CET	49753	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:15.171201944 CET	443	49753	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:15.171274900 CET	49753	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:15.172039986 CET	49754	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:15.172050953 CET	443	49754	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:15.172152042 CET	49754	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:15.172202110 CET	49751	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:15.172235966 CET	443	49751	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:15.172339916 CET	49754	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:15.172339916 CET	49752	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:15.172353029 CET	443	49754	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:15.172369957 CET	443	49752	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:15.172727108 CET	49753	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:15.172755003 CET	443	49753	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:15.173238993 CET	49755	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:15.173270941 CET	443	49755	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:15.173325062 CET	49755	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:15.173440933 CET	49755	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:15.173460007 CET	443	49755	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:16.895586014 CET	443	49752	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:16.896495104 CET	49752	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:16.896512985 CET	443	49752	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:16.897106886 CET	49752	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:16.897111893 CET	443	49752	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:16.954363108 CET	443	49753	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:16.954972982 CET	49753	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:16.955035925 CET	443	49753	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:16.955497980 CET	49753	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:16.955512047 CET	443	49753	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:16.976453066 CET	443	49755	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:16.976845026 CET	49755	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:16.976880074 CET	443	49755	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:16.977238894 CET	49755	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:16.977248907 CET	443	49755	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.017149925 CET	443	49754	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.017656088 CET	49754	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.017688990 CET	443	49754	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.018227100 CET	49754	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.018234015 CET	443	49754	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.025999069 CET	443	49751	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.026288986 CET	49751	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.026340008 CET	443	49751	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.026767969 CET	49751	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.026782036 CET	443	49751	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.342098951 CET	443	49752	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.342433929 CET	443	49752	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.342504978 CET	49752	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.342542887 CET	49752	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.342557907 CET	443	49752	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.342569113 CET	49752	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.342573881 CET	443	49752	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.345854998 CET	49757	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.345948935 CET	443	49757	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.346040010 CET	49757	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.346159935 CET	49757	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.346191883 CET	443	49757	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.407843113 CET	443	49753	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.407861948 CET	443	49753	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.407933950 CET	49753	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.407999039 CET	443	49753	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.408060074 CET	49753	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.408170938 CET	49753	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.408189058 CET	443	49753	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.408221006 CET	49753	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.408361912 CET	443	49753	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.408390045 CET	443	49753	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.408449888 CET	49753	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.411032915 CET	49758	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.411137104 CET	443	49758	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.411246061 CET	49758	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.411389112 CET	49758	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.411417961 CET	443	49758	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.459567070 CET	443	49755	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.459654093 CET	443	49755	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.459827900 CET	49755	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.459875107 CET	49755	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.459875107 CET	49755	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.459908962 CET	443	49755	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.459933043 CET	443	49755	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.462991953 CET	49759	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.463041067 CET	443	49759	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.463129044 CET	49759	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.463274002 CET	49759	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.463287115 CET	443	49759	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.478238106 CET	443	49754	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.478256941 CET	443	49754	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.478363991 CET	49754	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.478377104 CET	443	49754	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.478704929 CET	49754	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.478704929 CET	49754	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.478717089 CET	443	49754	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.478837013 CET	443	49754	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.478868008 CET	443	49754	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.478909016 CET	49754	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.480937958 CET	49760	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.481026888 CET	443	49760	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.481129885 CET	49760	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.481254101 CET	49760	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.481290102 CET	443	49760	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.490456104 CET	443	49751	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.490513086 CET	443	49751	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.490609884 CET	49751	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.490641117 CET	443	49751	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.490710020 CET	49751	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.490760088 CET	49751	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.490761042 CET	49751	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.490803957 CET	443	49751	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.490834951 CET	443	49751	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.493000031 CET	49761	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.493058920 CET	443	49761	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:17.493144035 CET	49761	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.493267059 CET	49761	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:17.493287086 CET	443	49761	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.137660980 CET	443	49757	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.138813972 CET	49757	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.138844967 CET	443	49757	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.139471054 CET	49757	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.139482975 CET	443	49757	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.190448046 CET	443	49758	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.191004038 CET	49758	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.191071987 CET	443	49758	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.191617966 CET	49758	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.191633940 CET	443	49758	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.251163960 CET	443	49759	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.251791954 CET	49759	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.251883030 CET	443	49759	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.252326965 CET	49759	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.252340078 CET	443	49759	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.262494087 CET	443	49760	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.262824059 CET	49760	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.262870073 CET	443	49760	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.263329029 CET	49760	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.263341904 CET	443	49760	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.283845901 CET	443	49761	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.284415007 CET	49761	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.284449100 CET	443	49761	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.284928083 CET	49761	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.284944057 CET	443	49761	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.635575056 CET	443	49758	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.635639906 CET	443	49758	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.635756016 CET	49758	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.635910034 CET	49758	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.635971069 CET	443	49758	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.636014938 CET	49758	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.636030912 CET	443	49758	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.639293909 CET	49762	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.639394045 CET	443	49762	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.639533997 CET	49762	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.639720917 CET	49762	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.639763117 CET	443	49762	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.644845963 CET	443	49757	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.645013094 CET	443	49757	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.645082951 CET	49757	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.645152092 CET	49757	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.645152092 CET	49757	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.645207882 CET	443	49757	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.645231962 CET	443	49757	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.647417068 CET	49763	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.647502899 CET	443	49763	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.647576094 CET	49763	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.647752047 CET	49763	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.647784948 CET	443	49763	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.696341991 CET	443	49759	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.696504116 CET	443	49759	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.696696997 CET	49759	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.696732044 CET	49759	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.696739912 CET	443	49759	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.696753025 CET	49759	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.696758032 CET	443	49759	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.699390888 CET	49764	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.699434996 CET	443	49764	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.699501991 CET	49764	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.699646950 CET	49764	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.699664116 CET	443	49764	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.706861019 CET	443	49760	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.706940889 CET	443	49760	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.707065105 CET	49760	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.707118988 CET	49760	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.707118988 CET	49760	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.707155943 CET	443	49760	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.707179070 CET	443	49760	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.709409952 CET	49765	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.709453106 CET	443	49765	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.709615946 CET	49765	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.709769964 CET	49765	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.709786892 CET	443	49765	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.727771044 CET	443	49761	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.727921009 CET	443	49761	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.727982998 CET	49761	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.728038073 CET	49761	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.728038073 CET	49761	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.728085041 CET	443	49761	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.728108883 CET	443	49761	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.730549097 CET	49766	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.730586052 CET	443	49766	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:19.730726957 CET	49766	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.730892897 CET	49766	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:19.730910063 CET	443	49766	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.104984045 CET	49767	443	192.168.2.4	142.250.186.36
Nov 21, 2024 07:22:21.105015993 CET	443	49767	142.250.186.36	192.168.2.4
Nov 21, 2024 07:22:21.105113983 CET	49767	443	192.168.2.4	142.250.186.36
Nov 21, 2024 07:22:21.105468035 CET	49767	443	192.168.2.4	142.250.186.36
Nov 21, 2024 07:22:21.105484009 CET	443	49767	142.250.186.36	192.168.2.4
Nov 21, 2024 07:22:21.421045065 CET	443	49762	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.421643019 CET	49762	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.421684027 CET	443	49762	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.422244072 CET	49762	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.422261000 CET	443	49762	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.425909042 CET	443	49764	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.426251888 CET	49764	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.426314116 CET	443	49764	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.426692963 CET	49764	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.426712036 CET	443	49764	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.436873913 CET	443	49763	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.437218904 CET	49763	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.437262058 CET	443	49763	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.437694073 CET	49763	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.437705040 CET	443	49763	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.492743015 CET	443	49765	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.493283033 CET	49765	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.493355989 CET	443	49765	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.493973970 CET	49765	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.493988991 CET	443	49765	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.514281034 CET	443	49766	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.514681101 CET	49766	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.514714003 CET	443	49766	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.515233994 CET	49766	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.515247107 CET	443	49766	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.861512899 CET	443	49764	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.861686945 CET	443	49764	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.861756086 CET	49764	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.861934900 CET	49764	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.861984968 CET	443	49764	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.862039089 CET	49764	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.862056017 CET	443	49764	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.864413977 CET	443	49762	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.864486933 CET	443	49762	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.864537001 CET	49762	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.864880085 CET	49762	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.864902020 CET	443	49762	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.864916086 CET	49762	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.864923000 CET	443	49762	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.867742062 CET	49768	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.867769957 CET	443	49768	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.867835999 CET	49768	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.868478060 CET	49769	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.868516922 CET	49768	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.868530989 CET	443	49768	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.868549109 CET	443	49769	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.868623018 CET	49769	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.869059086 CET	49769	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.869091988 CET	443	49769	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.890607119 CET	443	49763	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.890759945 CET	443	49763	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.890821934 CET	49763	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.893596888 CET	49763	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.893618107 CET	443	49763	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.893631935 CET	49763	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.893637896 CET	443	49763	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.905069113 CET	49770	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.905097961 CET	443	49770	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.905160904 CET	49770	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.906179905 CET	49770	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.906194925 CET	443	49770	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.943098068 CET	443	49765	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.943171024 CET	443	49765	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.943248987 CET	49765	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.943416119 CET	49765	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.943454981 CET	443	49765	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.943480015 CET	49765	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.943495035 CET	443	49765	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.946872950 CET	49771	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.946932077 CET	443	49771	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.947016954 CET	49771	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.947185993 CET	49771	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.947211981 CET	443	49771	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.959791899 CET	443	49766	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.959949970 CET	443	49766	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.960021973 CET	49766	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.960067034 CET	49766	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.960091114 CET	443	49766	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.960114956 CET	49766	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.960127115 CET	443	49766	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.962996006 CET	49772	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.963076115 CET	443	49772	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:21.963160038 CET	49772	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.963296890 CET	49772	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:21.963342905 CET	443	49772	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:22.589123964 CET	443	49767	142.250.186.36	192.168.2.4
Nov 21, 2024 07:22:22.590869904 CET	49767	443	192.168.2.4	142.250.186.36
Nov 21, 2024 07:22:22.590890884 CET	443	49767	142.250.186.36	192.168.2.4
Nov 21, 2024 07:22:22.591698885 CET	443	49767	142.250.186.36	192.168.2.4
Nov 21, 2024 07:22:22.595419884 CET	49767	443	192.168.2.4	142.250.186.36
Nov 21, 2024 07:22:22.595508099 CET	443	49767	142.250.186.36	192.168.2.4
Nov 21, 2024 07:22:22.649960041 CET	49767	443	192.168.2.4	142.250.186.36
Nov 21, 2024 07:22:23.623110056 CET	443	49770	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:23.623826027 CET	49770	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:23.623840094 CET	443	49770	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:23.624386072 CET	49770	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:23.624396086 CET	443	49770	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:23.669145107 CET	443	49771	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:23.669547081 CET	49771	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:23.669569969 CET	443	49771	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:23.669965029 CET	49771	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:23.669970036 CET	443	49771	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:23.700668097 CET	443	49772	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:23.701061964 CET	49772	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:23.701122046 CET	443	49772	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:23.701426983 CET	49772	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:23.701441050 CET	443	49772	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:23.714528084 CET	443	49768	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:23.714814901 CET	49768	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:23.714823008 CET	443	49768	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:23.715187073 CET	49768	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:23.715190887 CET	443	49768	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:23.729053974 CET	443	49769	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:23.729420900 CET	49769	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:23.729451895 CET	443	49769	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:23.729660034 CET	49769	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:23.729671001 CET	443	49769	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.069786072 CET	443	49770	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.069947004 CET	443	49770	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.070106983 CET	49770	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.070162058 CET	49770	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.070162058 CET	49770	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.070202112 CET	443	49770	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.070230961 CET	443	49770	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.073256969 CET	49773	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.073348999 CET	443	49773	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.073431015 CET	49773	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.073563099 CET	49773	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.073597908 CET	443	49773	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.108793020 CET	443	49771	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.108881950 CET	443	49771	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.108952999 CET	49771	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.109164000 CET	49771	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.109164000 CET	49771	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.109195948 CET	443	49771	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.109219074 CET	443	49771	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.111627102 CET	49774	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.111675978 CET	443	49774	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.111752987 CET	49774	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.111886978 CET	49774	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.111907005 CET	443	49774	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.141406059 CET	443	49772	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.141575098 CET	443	49772	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.141722918 CET	49772	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.141722918 CET	49772	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.141722918 CET	49772	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.144397020 CET	49775	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.144429922 CET	443	49775	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.144510031 CET	49775	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.144629955 CET	49775	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.144654989 CET	443	49775	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.173280001 CET	443	49768	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.173335075 CET	443	49768	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.173466921 CET	49768	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.173466921 CET	49768	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.174715996 CET	49768	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.174731970 CET	443	49768	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.175659895 CET	49776	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.175745010 CET	443	49776	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.175825119 CET	49776	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.175919056 CET	49776	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.175952911 CET	443	49776	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.188349962 CET	443	49769	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.188440084 CET	443	49769	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.188498020 CET	49769	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.188676119 CET	49769	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.188677073 CET	49769	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.188700914 CET	443	49769	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.188723087 CET	443	49769	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.190793037 CET	49777	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.190814972 CET	443	49777	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.190887928 CET	49777	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.191005945 CET	49777	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.191023111 CET	443	49777	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:24.275288105 CET	49724	80	192.168.2.4	199.232.214.172
Nov 21, 2024 07:22:24.395287037 CET	80	49724	199.232.214.172	192.168.2.4
Nov 21, 2024 07:22:24.395462990 CET	49724	80	192.168.2.4	199.232.214.172
Nov 21, 2024 07:22:24.446840048 CET	49772	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:24.446873903 CET	443	49772	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:25.859085083 CET	443	49773	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:25.859716892 CET	49773	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:25.859775066 CET	443	49773	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:25.860157013 CET	49773	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:25.860168934 CET	443	49773	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:25.897557020 CET	443	49774	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:25.898112059 CET	49774	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:25.898171902 CET	443	49774	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:25.898433924 CET	49774	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:25.898447037 CET	443	49774	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:25.953773022 CET	443	49775	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:25.954282045 CET	49775	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:25.954340935 CET	443	49775	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:25.954659939 CET	49775	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:25.954674006 CET	443	49775	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:25.985059023 CET	443	49776	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:25.985481024 CET	49776	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:25.985568047 CET	443	49776	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:25.985764980 CET	49776	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:25.985780001 CET	443	49776	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:25.994906902 CET	443	49777	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:25.999114037 CET	49777	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:25.999130964 CET	443	49777	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:25.999665976 CET	49777	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:25.999674082 CET	443	49777	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.302232981 CET	443	49773	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.302428961 CET	443	49773	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.302704096 CET	49773	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.302704096 CET	49773	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.302704096 CET	49773	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.305792093 CET	49778	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.305860043 CET	443	49778	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.306018114 CET	49778	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.306199074 CET	49778	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.306219101 CET	443	49778	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.345655918 CET	443	49774	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.345819950 CET	443	49774	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.346024036 CET	49774	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.346024036 CET	49774	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.346024036 CET	49774	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.348393917 CET	49779	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.348434925 CET	443	49779	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.348509073 CET	49779	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.348697901 CET	49779	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.348715067 CET	443	49779	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.397964001 CET	443	49775	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.398125887 CET	443	49775	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.398430109 CET	49775	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.398430109 CET	49775	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.398430109 CET	49775	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.400806904 CET	49780	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.400871038 CET	443	49780	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.400988102 CET	49780	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.401098967 CET	49780	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.401130915 CET	443	49780	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.429061890 CET	443	49776	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.429125071 CET	443	49776	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.429311991 CET	49776	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.429481030 CET	49776	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.429481983 CET	49776	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.429514885 CET	443	49776	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.429538965 CET	443	49776	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.431881905 CET	49781	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.431957006 CET	443	49781	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.432039976 CET	49781	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.432205915 CET	49781	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.432238102 CET	443	49781	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.438257933 CET	443	49777	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.438499928 CET	443	49777	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.438572884 CET	49777	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.438596964 CET	49777	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.438615084 CET	443	49777	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.438626051 CET	49777	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.438632011 CET	443	49777	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.440622091 CET	49782	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.440689087 CET	443	49782	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.440783978 CET	49782	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.440964937 CET	49782	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.440993071 CET	443	49782	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.602885962 CET	49773	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.602921963 CET	443	49773	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.649897099 CET	49774	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.649962902 CET	443	49774	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:26.712169886 CET	49775	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:26.712198973 CET	443	49775	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.038000107 CET	443	49778	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.038551092 CET	49778	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.038587093 CET	443	49778	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.039309978 CET	49778	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.039345980 CET	443	49778	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.195694923 CET	443	49779	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.196293116 CET	49779	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.196309090 CET	443	49779	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.197082996 CET	49779	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.197101116 CET	443	49779	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.211930037 CET	443	49781	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.212415934 CET	49781	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.212454081 CET	443	49781	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.212819099 CET	49781	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.212831020 CET	443	49781	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.246481895 CET	443	49782	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.246859074 CET	49782	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.246921062 CET	443	49782	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.247183084 CET	49782	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.247199059 CET	443	49782	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.252063036 CET	443	49780	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.252465010 CET	49780	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.252480984 CET	443	49780	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.252785921 CET	49780	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.252796888 CET	443	49780	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.473356962 CET	443	49778	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.473529100 CET	443	49778	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.473618984 CET	49778	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.473772049 CET	49778	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.473805904 CET	443	49778	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.473833084 CET	49778	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.473848104 CET	443	49778	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.477241993 CET	49783	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.477319956 CET	443	49783	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.477437973 CET	49783	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.477665901 CET	49783	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.477700949 CET	443	49783	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.649058104 CET	443	49779	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.649213076 CET	443	49779	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.649543047 CET	49779	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.649589062 CET	49779	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.649605989 CET	443	49779	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.649621964 CET	49779	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.649627924 CET	443	49779	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.652695894 CET	49784	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.652791023 CET	443	49784	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.652901888 CET	49784	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.653101921 CET	49784	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.653134108 CET	443	49784	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.657879114 CET	443	49781	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.657937050 CET	443	49781	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.658093929 CET	49781	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.658148050 CET	49781	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.658148050 CET	49781	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.658175945 CET	443	49781	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.658199072 CET	443	49781	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.660578012 CET	49785	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.660624027 CET	443	49785	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.660710096 CET	49785	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.660855055 CET	49785	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.660873890 CET	443	49785	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.691606998 CET	443	49782	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.691684008 CET	443	49782	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.691768885 CET	49782	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.691885948 CET	49782	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.691926003 CET	443	49782	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.691962004 CET	49782	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.691978931 CET	443	49782	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.694431067 CET	49786	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.694464922 CET	443	49786	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.694549084 CET	49786	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.694752932 CET	49786	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.694780111 CET	443	49786	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.705089092 CET	443	49780	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.705230951 CET	443	49780	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.705368042 CET	49780	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.705421925 CET	49780	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.705439091 CET	443	49780	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.705461979 CET	49780	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.705471992 CET	443	49780	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.708092928 CET	49787	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.708179951 CET	443	49787	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:28.708266020 CET	49787	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.708496094 CET	49787	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:28.708532095 CET	443	49787	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.271559954 CET	443	49783	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.272278070 CET	49783	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.272330999 CET	443	49783	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.272829056 CET	49783	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.272842884 CET	443	49783	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.386662960 CET	443	49784	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.387418032 CET	49784	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.387514114 CET	443	49784	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.387938023 CET	49784	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.387952089 CET	443	49784	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.412317991 CET	443	49785	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.412862062 CET	49785	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.412893057 CET	443	49785	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.413149118 CET	49785	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.413171053 CET	443	49785	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.491091013 CET	443	49786	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.491547108 CET	49786	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.491619110 CET	443	49786	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.491857052 CET	49786	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.491869926 CET	443	49786	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.514384985 CET	443	49787	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.514955997 CET	49787	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.515018940 CET	443	49787	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.515233040 CET	49787	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.515249014 CET	443	49787	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.718349934 CET	443	49783	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.718503952 CET	443	49783	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.718568087 CET	49783	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.718682051 CET	49783	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.718704939 CET	443	49783	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.718719006 CET	49783	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.718725920 CET	443	49783	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.723295927 CET	49788	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.723368883 CET	443	49788	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.723454952 CET	49788	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.723599911 CET	49788	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.723622084 CET	443	49788	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.821227074 CET	443	49784	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.821372032 CET	443	49784	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.821444035 CET	49784	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.821549892 CET	49784	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.821551085 CET	49784	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.821594000 CET	443	49784	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.821621895 CET	443	49784	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.824479103 CET	49789	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.824582100 CET	443	49789	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.824662924 CET	49789	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.824865103 CET	49789	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.824899912 CET	443	49789	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.847815990 CET	443	49785	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.847887039 CET	443	49785	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.847950935 CET	49785	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.848145008 CET	49785	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.848190069 CET	443	49785	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.848217964 CET	49785	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.848233938 CET	443	49785	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.852128029 CET	49790	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.852193117 CET	443	49790	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.852299929 CET	49790	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.852566004 CET	49790	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.852600098 CET	443	49790	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.944727898 CET	443	49786	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.944787979 CET	443	49786	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.944839001 CET	49786	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.945127010 CET	49786	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.945152044 CET	443	49786	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.945177078 CET	49786	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.945190907 CET	443	49786	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.948138952 CET	49791	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.948174953 CET	443	49791	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.948247910 CET	49791	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.948441982 CET	49791	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.948465109 CET	443	49791	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.961987972 CET	443	49787	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.962155104 CET	443	49787	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.962213039 CET	49787	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.962236881 CET	49787	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.962249041 CET	443	49787	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.962256908 CET	49787	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.962261915 CET	443	49787	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.964395046 CET	49792	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.964459896 CET	443	49792	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:30.964534998 CET	49792	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.964687109 CET	49792	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:30.964713097 CET	443	49792	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:32.417738914 CET	443	49767	142.250.186.36	192.168.2.4
Nov 21, 2024 07:22:32.417884111 CET	443	49767	142.250.186.36	192.168.2.4
Nov 21, 2024 07:22:32.418277025 CET	49767	443	192.168.2.4	142.250.186.36
Nov 21, 2024 07:22:32.444976091 CET	443	49788	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:32.445812941 CET	49788	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:32.445873976 CET	443	49788	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:32.446409941 CET	49788	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:32.446424007 CET	443	49788	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:32.630600929 CET	443	49789	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:32.631345987 CET	49789	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:32.631409883 CET	443	49789	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:32.631818056 CET	49789	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:32.631830931 CET	443	49789	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:32.668819904 CET	443	49791	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:32.669382095 CET	49791	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:32.669466019 CET	443	49791	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:32.669926882 CET	49791	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:32.669939995 CET	443	49791	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:32.713752985 CET	443	49790	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:32.714219093 CET	49790	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:32.714272976 CET	443	49790	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:32.714777946 CET	49790	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:32.714788914 CET	443	49790	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:32.820228100 CET	443	49792	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:32.820904970 CET	49792	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:32.820940971 CET	443	49792	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:32.821487904 CET	49792	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:32.821495056 CET	443	49792	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:32.880983114 CET	443	49788	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:32.881089926 CET	443	49788	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:32.881175995 CET	49788	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:32.881331921 CET	49788	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:32.881371975 CET	443	49788	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:32.881398916 CET	49788	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:32.881413937 CET	443	49788	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:32.884951115 CET	49793	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:32.885047913 CET	443	49793	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:32.885132074 CET	49793	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:32.885273933 CET	49793	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:32.885293007 CET	443	49793	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:33.076910019 CET	443	49789	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:33.077080011 CET	443	49789	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:33.077155113 CET	49789	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:33.077249050 CET	49789	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:33.077271938 CET	443	49789	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:33.077290058 CET	49789	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:33.077297926 CET	443	49789	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:33.080573082 CET	49794	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:33.080648899 CET	443	49794	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:33.080760956 CET	49794	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:33.080924034 CET	49794	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:33.080944061 CET	443	49794	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:33.105545998 CET	443	49791	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:33.105695963 CET	443	49791	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:33.105766058 CET	49791	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:33.105840921 CET	49791	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:33.105850935 CET	443	49791	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:33.105881929 CET	49791	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:33.105886936 CET	443	49791	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:33.109272003 CET	49795	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:33.109334946 CET	443	49795	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:33.109428883 CET	49795	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:33.109572887 CET	49795	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:33.109605074 CET	443	49795	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:33.137166977 CET	49767	443	192.168.2.4	142.250.186.36
Nov 21, 2024 07:22:33.137187958 CET	443	49767	142.250.186.36	192.168.2.4
Nov 21, 2024 07:22:33.172780991 CET	443	49790	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:33.172935963 CET	443	49790	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:33.173008919 CET	49790	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:33.173065901 CET	49790	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:33.173094988 CET	443	49790	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:33.173121929 CET	49790	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:33.173135042 CET	443	49790	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:33.175627947 CET	49796	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:33.175683975 CET	443	49796	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:33.175774097 CET	49796	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:33.175909996 CET	49796	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:33.175940037 CET	443	49796	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:33.276196957 CET	443	49792	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:33.276349068 CET	443	49792	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:33.276462078 CET	49792	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:33.276520967 CET	49792	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:33.276521921 CET	49792	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:33.276549101 CET	443	49792	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:33.276572943 CET	443	49792	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:33.278919935 CET	49797	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:33.279023886 CET	443	49797	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:33.279109955 CET	49797	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:33.279227972 CET	49797	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:33.279246092 CET	443	49797	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:34.483019114 CET	443	49793	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:34.483544111 CET	49793	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:34.483611107 CET	443	49793	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:34.484263897 CET	49793	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:34.484278917 CET	443	49793	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:34.849020004 CET	443	49795	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:34.849673986 CET	49795	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:34.849721909 CET	443	49795	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:34.850234985 CET	49795	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:34.850246906 CET	443	49795	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:34.869123936 CET	443	49794	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:34.869692087 CET	49794	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:34.869774103 CET	443	49794	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:34.870177984 CET	49794	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:34.870194912 CET	443	49794	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:34.927906036 CET	443	49793	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:34.928076982 CET	443	49793	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:34.928271055 CET	49793	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:34.928271055 CET	49793	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:34.928271055 CET	49793	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:34.931973934 CET	49798	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:34.932064056 CET	443	49798	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:34.932157040 CET	49798	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:34.932339907 CET	49798	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:34.932363033 CET	443	49798	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:34.965028048 CET	443	49796	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:34.965647936 CET	49796	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:34.965734959 CET	443	49796	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:34.966190100 CET	49796	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:34.966243029 CET	443	49796	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.064661980 CET	443	49797	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.065121889 CET	49797	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.065180063 CET	443	49797	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.065534115 CET	49797	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.065547943 CET	443	49797	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.228729963 CET	49793	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.228773117 CET	443	49793	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.284704924 CET	443	49795	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.284809113 CET	443	49795	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.284909964 CET	49795	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.285474062 CET	49795	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.285474062 CET	49795	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.285500050 CET	443	49795	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.285521030 CET	443	49795	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.288836956 CET	49799	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.288913965 CET	443	49799	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.289031029 CET	49799	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.289230108 CET	49799	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.289263010 CET	443	49799	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.332875967 CET	443	49794	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.333055973 CET	443	49794	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.333195925 CET	49794	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.333491087 CET	49794	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.333537102 CET	443	49794	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.333565950 CET	49794	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.333581924 CET	443	49794	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.336236000 CET	49800	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.336309910 CET	443	49800	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.336407900 CET	49800	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.336604118 CET	49800	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.336635113 CET	443	49800	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.409420013 CET	443	49796	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.409593105 CET	443	49796	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.409801960 CET	49796	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.410048962 CET	49796	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.410096884 CET	443	49796	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.410128117 CET	49796	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.410144091 CET	443	49796	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.412718058 CET	49801	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.412755966 CET	443	49801	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.412954092 CET	49801	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.413084030 CET	49801	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.413100958 CET	443	49801	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.506778955 CET	443	49797	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.506923914 CET	443	49797	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.507081032 CET	49797	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.507239103 CET	49797	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.507239103 CET	49797	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.507268906 CET	443	49797	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.507292032 CET	443	49797	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.510067940 CET	49802	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.510107994 CET	443	49802	13.107.246.45	192.168.2.4
Nov 21, 2024 07:22:35.510195971 CET	49802	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.510363102 CET	49802	443	192.168.2.4	13.107.246.45
Nov 21, 2024 07:22:35.510375977 CET	443	49802	13.107.246.45	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 21, 2024 07:21:17.127022982 CET	53	59207	1.1.1.1	192.168.2.4
Nov 21, 2024 07:21:17.142398119 CET	53	58799	1.1.1.1	192.168.2.4
Nov 21, 2024 07:21:18.823914051 CET	52520	53	192.168.2.4	1.1.1.1
Nov 21, 2024 07:21:18.824233055 CET	57993	53	192.168.2.4	1.1.1.1
Nov 21, 2024 07:21:19.051798105 CET	53	52520	1.1.1.1	192.168.2.4
Nov 21, 2024 07:21:19.051815033 CET	53	57993	1.1.1.1	192.168.2.4
Nov 21, 2024 07:21:19.490921021 CET	53	56522	1.1.1.1	192.168.2.4
Nov 21, 2024 07:21:21.041096926 CET	62396	53	192.168.2.4	1.1.1.1
Nov 21, 2024 07:21:21.041371107 CET	50979	53	192.168.2.4	1.1.1.1
Nov 21, 2024 07:21:21.267616987 CET	53	62396	1.1.1.1	192.168.2.4
Nov 21, 2024 07:21:21.268007994 CET	53	50979	1.1.1.1	192.168.2.4
Nov 21, 2024 07:21:35.849456072 CET	138	138	192.168.2.4	192.168.2.255
Nov 21, 2024 07:21:36.519732952 CET	53	64092	1.1.1.1	192.168.2.4
Nov 21, 2024 07:21:55.224168062 CET	53	57869	1.1.1.1	192.168.2.4
Nov 21, 2024 07:22:16.599726915 CET	53	49965	1.1.1.1	192.168.2.4
Nov 21, 2024 07:22:17.909730911 CET	53	58207	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 21, 2024 07:21:18.823914051 CET	192.168.2.4	1.1.1.1	0xfe21	Standard query (0)	u16183263.ct.sendgrid.net	A (IP address)	IN (0x0001)	false
Nov 21, 2024 07:21:18.824233055 CET	192.168.2.4	1.1.1.1	0x5140	Standard query (0)	u16183263.ct.sendgrid.net	65	IN (0x0001)	false
Nov 21, 2024 07:21:21.041096926 CET	192.168.2.4	1.1.1.1	0xd1ad	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 21, 2024 07:21:21.041371107 CET	192.168.2.4	1.1.1.1	0x4727	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 21, 2024 07:21:21.267616987 CET	1.1.1.1	192.168.2.4	0xd1ad	No error (0)	www.google.com		142.250.186.36	A (IP address)	IN (0x0001)	false
Nov 21, 2024 07:21:21.268007994 CET	1.1.1.1	192.168.2.4	0x4727	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

u16183263.ct.sendgrid.net

https:

fs.microsoft.com

slscr.update.microsoft.com

otelrules.azureedge.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49738	167.89.118.28	443	4080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:21:22 UTC	943	OUT	GET /wf/open?upn=u001.LbdK8BCmU4cThiZUgdj4O-2Brr7LEZx9adUXCce-2BGqxhFKKedSwdGiUZlyaFCxouMP6yAHa3sE81XcktOA4ll-2F-2Boy7ZxURTcxJ6ei744zm-2FsW2VpgmU7-2BzW8SBWRXbSvxa569By3X8bKbLoXlQ-2B78Azs16ulbStIEH2RqQu1GHbt6OL-2Bbafh1KooCAVWas0SrOdoASj8TLtqJeMLSQ7E-2FDCF6lMDfiiOV-2Bm387S7bft9A-3D HTTP/1.1 Host: u16183263.ct.sendgrid.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-21 06:21:22 UTC	287	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 21 Nov 2024 06:21:22 GMT Content-Type: image/gif Content-Length: 43 Connection: close Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Sat, 15 Jul 2000 05:00:00 GMT X-Robots-Tag: noindex, nofollow
2024-11-21 06:21:22 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49739	167.89.118.28	443	4080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:21:22 UTC	881	OUT	GET /favicon.ico HTTP/1.1 Host: u16183263.ct.sendgrid.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://u16183263.ct.sendgrid.net/wf/open?upn=u001.LbdK8BCmU4cThiZUgdj4O-2Brr7LEZx9adUXCce-2BGqxhFKKedSwdGiUZlyaFCxouMP6yAHa3sE81XcktOA4ll-2F-2Boy7ZxURTcxJ6ei744zm-2FsW2VpgmU7-2BzW8SBWRXbSvxa569By3X8bKbLoXlQ-2B78Azs16ulbStIEH2RqQu1GHbt6OL-2Bbafh1KooCAVWas0SrOdoASj8TLtqJeMLSQ7E-2FDCF6lMDfiiOV-2Bm387S7bft9A-3D Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-21 06:21:23 UTC	143	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 21 Nov 2024 06:21:22 GMT Content-Type: text/html Content-Length: 564 Connection: close
2024-11-21 06:21:23 UTC	564	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49741	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:21:23 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-21 06:21:23 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF70) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=210248 Date: Thu, 21 Nov 2024 06:21:23 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49742	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:21:25 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-21 06:21:25 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=210205 Date: Thu, 21 Nov 2024 06:21:25 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-21 06:21:25 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49743	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:21:33 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=g78oe88YOKk82sY&MD=OzyWVgad HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-21 06:21:34 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: e581096d-e02e-4d5e-aa5a-d3466293f0c0 MS-RequestId: 375d6354-5b8f-44be-83b3-903a5f0dde51 MS-CV: wLI2hfhRy0q+AA0e.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 21 Nov 2024 06:21:32 GMT Connection: close Content-Length: 24490
2024-11-21 06:21:34 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-21 06:21:34 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49749	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:13 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=g78oe88YOKk82sY&MD=OzyWVgad HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-21 06:22:14 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: e3af4715-d3a9-4a64-b97b-7b6416a0529a MS-RequestId: 4c4d117c-c3a2-49f1-8a2c-38a9414299c0 MS-CV: BSitDbDdkkOTP61c.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 21 Nov 2024 06:22:13 GMT Connection: close Content-Length: 30005
2024-11-21 06:22:14 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-11-21 06:22:14 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.4	49750	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:13 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:14 UTC	492	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:14 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Tue, 19 Nov 2024 16:37:24 GMT ETag: "0x8DD08B87243495C" x-ms-request-id: b5254561-a01e-0070-0158-3b573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062214Z-178bfbc474bgvl54hC1NYCsfuw00000000y000000000r95e x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:14 UTC	15892	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-21 06:22:14 UTC	16384	IN	Data Raw: 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 Data Ascii: <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V
2024-11-21 06:22:14 UTC	16384	IN	Data Raw: 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 Data Ascii: 20v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="T
2024-11-21 06:22:14 UTC	16384	IN	Data Raw: 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d Data Ascii: T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F=
2024-11-21 06:22:14 UTC	16384	IN	Data Raw: 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a Data Ascii: alse"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C>
2024-11-21 06:22:14 UTC	16384	IN	Data Raw: 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 Data Ascii: I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="Cleanup
2024-11-21 06:22:14 UTC	16384	IN	Data Raw: 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 Data Ascii: </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R>
2024-11-21 06:22:14 UTC	16384	IN	Data Raw: 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 Data Ascii: </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C>
2024-11-21 06:22:14 UTC	16384	IN	Data Raw: 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" />
2024-11-21 06:22:14 UTC	16384	IN	Data Raw: 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 Data Ascii: <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.4	49752	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:16 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:17 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:17 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: ac6669be-e01e-003c-668c-3ac70b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062217Z-1777c6cb754xrr98hC1TEB3kag0000000am0000000005ace x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:17 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.4	49753	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:16 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:17 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:17 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: dc5d8209-b01e-003e-6698-3b8e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062217Z-r1d97b99577l6wbzhC1TEB3fwn0000000a0g00000000fh9b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-21 06:22:17 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.4	49755	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:16 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:17 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:17 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 154c12fa-301e-0033-25a6-3bfa9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062217Z-r1d97b99577lxltfhC1TEByw2s00000009yg00000000cdpp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-21 06:22:17 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.4	49754	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:17 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:17 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:17 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: 8ba33068-a01e-0070-5caa-3b573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062217Z-r1d97b995774zjnrhC1TEBv1ww00000009vg00000000e5uv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-21 06:22:17 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.4	49751	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:17 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:17 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:17 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: b2486168-801e-0048-04ba-3bf3fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062217Z-r1d97b995774zjnrhC1TEBv1ww00000009wg00000000b60f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:17 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.4	49757	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:19 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:19 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:19 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 02a2c6fa-b01e-0001-107b-3b46e2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062219Z-178bfbc474btvfdfhC1NYCa2en0000000160000000005z42 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:19 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.4	49758	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:19 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:19 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:19 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: a6bfa609-001e-00a2-4d66-3bd4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062219Z-178bfbc474bscnbchC1NYCe7eg000000019g000000003mtd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:19 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.4	49759	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:19 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:19 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:19 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 17c3c293-501e-00a3-6567-3bc0f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062219Z-178bfbc474bwlrhlhC1NYCy3kg000000012g0000000094dh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-21 06:22:19 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	49760	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:19 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:19 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:19 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 70a275ef-201e-0051-048c-3a7340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062219Z-1777c6cb754lv4cqhC1TEB13us0000000aqg0000000099t7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:19 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49761	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:19 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:19 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:19 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: 7f65a9a1-801e-0067-788c-3afe30000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062219Z-178bfbc474bwlrhlhC1NYCy3kg00000001400000000060ag x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-21 06:22:19 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49762	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:21 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:21 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:21 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 561f43d7-f01e-0096-2f75-3b10ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062221Z-1777c6cb754gvvgfhC1TEBz4rg0000000ap000000000p362 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:21 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49764	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:21 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:21 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:21 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 922c5f4e-601e-005c-577c-3bf06f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062221Z-1777c6cb754j8gqphC1TEB5bf80000000an0000000008wfm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-21 06:22:21 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49763	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:21 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:21 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:21 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 4e7b5ce8-701e-0098-117a-3b395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062221Z-178bfbc474bv7whqhC1NYC1fg40000000150000000003awz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:21 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49765	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:21 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:21 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:21 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: a1d80e42-301e-0096-338c-3ae71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062221Z-1777c6cb754b7tdghC1TEBwwa40000000asg00000000fa51 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:21 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49766	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:21 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:21 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:21 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: d1e74057-c01e-0014-6563-3ba6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062221Z-178bfbc474b9xljthC1NYCtw94000000011g000000003ukp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-21 06:22:21 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49770	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:23 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:24 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:23 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 76a157b4-e01e-00aa-258c-3aceda000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062223Z-1777c6cb754whff4hC1TEBcd6c00000009d0000000004b3s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:24 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49771	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:23 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:24 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:23 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 8189730a-201e-0003-216a-3bf85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062223Z-178bfbc474bscnbchC1NYCe7eg000000017g0000000080ff x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-21 06:22:24 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49772	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:23 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:24 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:23 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: a1cde93a-f01e-0020-638c-3a956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062223Z-1777c6cb754xrr98hC1TEB3kag0000000agg00000000cqsy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:24 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49768	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:23 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:24 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:24 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 63e0f5a8-701e-0032-207a-3ba540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062224Z-1777c6cb7549x5qchC1TEBggbg0000000au0000000005cf1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:24 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49769	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:23 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:24 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:24 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: b82db7f7-b01e-0053-188c-3acdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062224Z-1777c6cb754vxwc9hC1TEBykgw0000000amg00000000m51x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:24 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49773	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:25 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:26 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:26 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 367ebca4-601e-0070-6762-3ba0c9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062226Z-178bfbc474brk967hC1NYCfu6000000000s000000000qugt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:26 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49774	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:25 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:26 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:26 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 1b8ab84b-001e-0082-570c-3b5880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062226Z-r1d97b99577mrt4rhC1TEBftkc00000009vg0000000082wx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:26 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49775	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:25 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:26 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:26 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 70a27cfc-201e-0051-268c-3a7340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062226Z-178bfbc474bw8bwphC1NYC38b400000000z0000000003qh9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-21 06:22:26 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49776	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:25 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:26 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:26 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 20c6f849-701e-005c-2e61-3bbb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062226Z-178bfbc474bwh9gmhC1NYCy3rs000000014000000000bg2c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:26 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49777	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:25 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:26 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:26 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 947c7cf8-001e-00a2-018c-3ad4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062226Z-r1d97b995774n5h6hC1TEBvf840000000a000000000049mt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:26 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49778	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:28 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:28 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:28 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: be70ec4e-301e-000c-088c-3a323f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062228Z-1777c6cb754xlpjshC1TEBv8cc0000000av000000000a37d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:28 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49779	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:28 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:28 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:28 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 6a83a5f2-e01e-000c-157b-3b8e36000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062228Z-178bfbc474bwh9gmhC1NYCy3rs000000014000000000bg4p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:28 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49781	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:28 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:28 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:28 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: 3029707a-401e-0047-3163-3b8597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062228Z-178bfbc474bfw4gbhC1NYCunf400000000z000000000qra7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:28 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49782	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:28 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:28 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:28 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 3af7945d-501e-0016-1564-3b181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062228Z-178bfbc474bh5zbqhC1NYCkdug000000011g0000000053pg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:28 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49780	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:28 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:28 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:28 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 94562d6e-b01e-0001-80db-3b46e2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062228Z-r1d97b99577xdmfxhC1TEBqbhg00000001pg0000000048wm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-21 06:22:28 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49783	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:30 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:30 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:30 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 16271672-201e-00aa-62ac-3b3928000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062230Z-r1d97b99577dd2gchC1TEBz5ys00000009t000000000aar1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-21 06:22:30 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	49784	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:30 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:30 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:30 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: fdab78a3-101e-005a-1d8c-3a882b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062230Z-1777c6cb754g9zd5hC1TEBfvpw0000000arg00000000ns8y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:30 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	49785	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:30 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:30 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:30 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: 79192ebf-401e-0035-7e68-3b82d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062230Z-178bfbc474bq2pr7hC1NYCkfgg000000013g00000000n5vw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-21 06:22:30 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	49786	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:30 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:30 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:30 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 20caaba8-701e-005c-0363-3bbb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062230Z-178bfbc474brk967hC1NYCfu6000000000v000000000cyqp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-21 06:22:30 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	49787	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:30 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:30 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:30 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: f14fa7ac-201e-000c-4a8c-3a79c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062230Z-1777c6cb754gvvgfhC1TEBz4rg0000000ang00000000rmtb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-21 06:22:30 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	49788	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:32 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:32 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:32 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 9f194ed4-601e-0070-357c-3ba0c9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062232Z-178bfbc474bw8bwphC1NYC38b400000000v000000000gakv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:32 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	49789	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:32 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:33 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:32 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: ae8c6dce-101e-008d-4280-3b92e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062232Z-1777c6cb754g9zd5hC1TEBfvpw0000000av0000000009n3w x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:33 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	49791	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:32 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:33 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:32 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: bfe6d614-201e-006e-7a8c-3abbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062232Z-1777c6cb754rz2pghC1TEBghen0000000ahg00000000esgg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-21 06:22:33 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	49790	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:32 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:33 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:32 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 20e2cd06-701e-005c-2869-3bbb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062232Z-178bfbc474bw8bwphC1NYC38b400000000wg00000000ar8u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-21 06:22:33 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49792	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:32 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:33 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:33 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: a1d815ed-301e-0096-3f8c-3ae71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062233Z-1777c6cb7549x5qchC1TEBggbg0000000aug000000003xm3 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:33 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49793	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:34 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:34 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:34 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: c2180679-501e-008f-16bc-3b9054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062234Z-178bfbc474b9fdhphC1NYCac0n00000001400000000001f1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:34 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49795	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:34 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:35 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:35 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 2250be27-501e-007b-7961-3b5ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062235Z-178bfbc474bp8mkvhC1NYCzqnn00000000x000000000amdm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:35 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49794	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:34 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:35 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:35 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 7511d71d-801e-0083-6e8c-3af0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062235Z-r1d97b995774zjnrhC1TEBv1ww00000009x0000000009f7f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:35 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	49796	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:34 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:35 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:35 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 5b8d3f05-a01e-006f-2465-3b13cd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062235Z-178bfbc474bh5zbqhC1NYCkdug00000000w000000000suyv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-21 06:22:35 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	49797	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:35 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:35 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:35 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: f9d2b1a4-b01e-003d-337e-3bd32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062235Z-1777c6cb754xrr98hC1TEB3kag0000000afg00000000esh7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:35 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	49798	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:36 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:37 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:37 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 24f33e75-301e-006e-0fb5-3bf018000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062237Z-1777c6cb754n67brhC1TEBcp9c0000000ar000000000e0z9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:37 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	49800	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:37 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:37 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:37 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: b82dc135-b01e-0053-1a8c-3acdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062237Z-1777c6cb754gc8g6hC1TEB966c0000000ang00000000ev62 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:37 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	49801	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:37 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:37 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:37 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 7511da03-801e-0083-3b8c-3af0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062237Z-178bfbc474bp8mkvhC1NYCzqnn00000000yg000000007fxk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:37 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	49799	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:37 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:37 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:37 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 1aaae978-201e-0096-4377-3bace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062237Z-178bfbc474bxkclvhC1NYC69g4000000011g0000000065fw x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:37 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	49802	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 06:22:37 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 06:22:37 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 06:22:37 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: 38a668eb-401e-00ac-34a1-3b0a97000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T062237Z-r1d97b9957747b9jhC1TEBgyec0000000a6000000000174x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 06:22:37 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5728, Parent PID: 5956

General

Target ID:	0
Start time:	01:21:10
Start date:	21/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4080, Parent PID: 5728

General

Target ID:	2
Start time:	01:21:14
Start date:	21/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2052,i,1542489696027141276,1030454398163110319,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6308, Parent PID: 5956

General

Target ID:	3
Start time:	01:21:17
Start date:	21/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u16183263.ct.sendgrid.net/wf/open?upn=u001.LbdK8BCmU4cThiZUgdj4O-2Brr7LEZx9adUXCce-2BGqxhFKKedSwdGiUZlyaFCxouMP6yAHa3sE81XcktOA4ll-2F-2Boy7ZxURTcxJ6ei744zm-2FsW2VpgmU7-2BzW8SBWRXbSvxa569By3X8bKbLoXlQ-2B78Azs16ulbStIEH2RqQu1GHbt6OL-2Bbafh1KooCAVWas0SrOdoASj8TLtqJeMLSQ7E-2FDCF6lMDfiiOV-2Bm387S7bft9A-3D"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 40

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5728, Parent PID: 5956

General

Chronological Activities

Analysis Process: chrome.exePID: 4080, Parent PID: 5728

General

Chronological Activities

Analysis Process: chrome.exePID: 6308, Parent PID: 5956

General

Chronological Activities

Disassembly