Edit tour

Windows Analysis Report
https://www3.lead.app/unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&body

Overview

General Information

Sample URL:	https://www3.lead.app/unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQab
Analysis ID:	1560306
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3512 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2676 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2232,i,18017423527719494357,15146598028070794422,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6348 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www3.lead.app/unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&body" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&bodylang=en&email_address=csilla.szep@skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4=&body= HTTP/1.1Host: www3.lead.appConnection: keep-aliveContent-Length: 15sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: */*Origin: https://www3.lead.appSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www3.lead.app/unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&bodyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 2.18.82.9:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.18.82.9:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49755 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@16/5@12/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2232,i,18017423527719494357,15146598028070794422,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www3.lead.app/unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&body"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2232,i,18017423527719494357,15146598028070794422,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://www3.lead.app/unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&body	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://www3.lead.app/unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&bodylang=en&email_address=csilla.szep@skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4=&body=	0%	Avira URL Cloud	safe
https://www.lead.app/favicon.ico	0%	Avira URL Cloud	safe
https://lead.app/favicon.ico	0%	Avira URL Cloud	safe
https://www3.lead.app/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.lead.app	50.17.178.148	true	false	unknown
mainlb.mycorpprovider.net	15.204.31.59	true	false	unknown
www.google.com	142.250.181.100	true	false	high
i0.wp.com	192.0.77.2	true	false	high
lead.app	50.17.178.148	true	false	unknown
www3.lead.app	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www3.lead.app/unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&body	false		unknown
https://www3.lead.app/unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&bodylang=en&email_address=csilla.szep@skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4=&body=	false	Avira URL Cloud: safe	unknown
https://i0.wp.com/www.lead.app/wp-content/uploads/2019/07/cropped-lead_icon.png?fit=32%2C32&ssl=1	false		high
https://www3.lead.app/favicon.ico	false	Avira URL Cloud: safe	unknown
https://lead.app/favicon.ico	false	Avira URL Cloud: safe	unknown
https://www.lead.app/favicon.ico	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
50.17.178.148	www.lead.app	United States	14618	AMAZON-AESUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
15.204.31.59	mainlb.mycorpprovider.net	United States	71	HP-INTERNET-ASUS	false
192.0.77.2	i0.wp.com	United States	2635	AUTOMATTICUS	false
142.250.181.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1560306
Start date and time:	2024-11-21 16:49:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 56s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://www3.lead.app/unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&body
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@16/5@12/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.19.227, 172.217.19.238, 64.233.165.84, 34.104.35.123, 178.79.238.0, 192.229.221.95, 172.217.17.35
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, otelrules.azureedge.net, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://www3.lead.app/unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&body

Input	Output
URL: https://www3.lead.app Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://www3.lead.app
URL: https://www3.lead.app/unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&body Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Kindly confirm your intention to unsubscribe from our mailing list.", "prominent_button_name": "Confirm", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://www3.lead.app/unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&body Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Remove from Mailing List", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://www3.lead.app/unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&body Model: Joe Sandbox AI	{ "brands": [] }
	{ "brands": [] }
URL: https://www3.lead.app/unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&body Model: Joe Sandbox AI	{ "brands": [] }
	{ "brands": [] }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	1432
Entropy (8bit):	7.8449545495429645
Encrypted:	false
SSDEEP:	24:Yuv8wLWPF7P2cn5DTgjyUIjUEMwS/J+pxUXP4qCIqCAbDF+MCji1CcR5NtJgNR2w:VI7P2c5DQojXMD/JP4qCBCA8MCqhO5+E
MD5:	6F519A787167E5DA1A0AA525DAAA7761
SHA1:	B40BD3439FA2EE416046EA3ED423A1D04AEB5407
SHA-256:	A6FF86B9C377935C418A1D56A9C377940617B253915FE757381599B295430DCC
SHA-512:	5716721CCB85FEB808E71AEADEE19F7281A87F0807C81FEF0BE98B93BE495BBBC75364A286D009234098B05F18905419F639052F7B27C4C8C0BEF3E3E1B86224
Malicious:	false
Reputation:	low
URL:	https://i0.wp.com/www.lead.app/wp-content/uploads/2019/07/cropped-lead_icon.png?fit=32%2C32&ssl=1
Preview:	RIFF....WEBPVP8L..../.....3m.h~...G"...x.....$....V...E.$)-a.._........]..K.HU.....$..m;..~...m...D......B3.m..$...../..]...m../...\|..?.&..../....&ov..W.m{.9./n)..-.r..\|.[sw2M+...Y.L.J.Yt......yn:.m..yb.U..2U.6J'.m.m..;..`.....,J.\|....{o.m....\.F..u}.k.........x..w,...=.h."y_6._aC]+7p...U...y.....\.....]O.jIE1e........-n.^.9W.J.n.../&....&...."h."...H.x.m.N5.2l..gR>...E.R(. \|.......4.s..\.l.......R..8@$..(....P.....[.f.u....6..z..X....E..A.."..Vt...U...fs.D...../......c.?...J...IW. PD!...S.Vq.8.G.^...S...R.I..sx...K..A.".).8..3.v.7.....H.......c.e............}.p..&........$Y"....1..Z.."Y.N.....t..&V.z0`.`.PY...j..Tr.C.........'+......fDY.....o..F[..E. .%.0..=z..$..$i.I..K.....\|#..}O...,.H. ..A...JT.=...J.G...7..5...PB.N.........!}b.P..u...$H...HV....L.G.v......\-.<.,'H.(_..D....`....c-`......4...B.a4......[.X...n..Qh."..d....L.........>...=..,.N.PU..\.D..1.M....GZ.E.i....-.U....{...5k...7~..U....,).%.1......P......t4..-.. .../.="...

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	3671
Entropy (8bit):	4.629053924330316
Encrypted:	false
SSDEEP:	96:bF/S0F70BFBgRzXPGqm1SgVT62CO/Hl6LXMxgc0uz:5F7mFBgRzfG1CO/Hl6L8Jz
MD5:	407518617290AAF592663C9C955E9F7C
SHA1:	C2247DED84772C1B5385FFE9F41DF326A1679ECF
SHA-256:	F34FD2A2935FAE9F232BC2C8C05433A1DC02E306B02E78288D366F49371C6D40
SHA-512:	FD1E19A7213924F5F0F8D6019C89DA51EBFC8B59F04D15797B34D874A7334B5964C672B8A762FAA5478B1FB1B6C7274AF12395BD220D19C6C1538A941C644AF6
Malicious:	false
Reputation:	low
URL:	https://www3.lead.app/unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&body
Preview:	<!DOCTYPE html>.<html lang="en">..<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>. Remove from Mailing List.</title>. <style>. body {. font-family: Arial, sans-serif;. background-color: #f4f4f4;. text-align: center;. padding: 20px;. }.. h1 {. color: #333;. }.. p {. color: #555;. }.. .container {. max-width: 600px;. margin: 0 auto;. background-color: #ffffff;. padding: 20px;. border-radius: 5px;. box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);. z-index: 1;. filter: blur(5px);. }.. #confirmationBox {. display: flex;. position: fixed;. top: 0;. left: 0;. width: 100%;. height: 100%;. background: rgba(0, 0, 0, 0.5);. ju

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1518
Entropy (8bit):	7.739579136604126
Encrypted:	false
SSDEEP:	24:hCC0jJSLXLBHbgieMibRtYoVOjE6JHgfbyNyFZvZce0+mFrA2hcNh/29VgS34yHe:hRWcLXLBfe9bRtYoOjH67ROeHmlKNh/P
MD5:	624BDF1F7E9B55E5E4FCDA0E1AAF36D2
SHA1:	A82D1517F8C555F0B072D23D191C9863D7F9B744
SHA-256:	F0B15C082E8B79B113582DBCADBAA80BDB1C989BDB9E23720BA7F8AA8897AD5E
SHA-512:	21470EBCDE2B288B23CFC4F3C90AA977A77C4650C387473F69103E0553FC9E0F707462200ED093664C312FCA60FCFE3F3F71F5232B313071B5011F4D18904FAE
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR... ... .....D.......PLTEGpL~..;...42..........:..%s.....,.................7........../4.23....I?)..6.........................&.......Z).d$. x.;M....n..E0....-5(}.;D.....z..6r)g..ZA.T..H-....=1u.....S".H=......oN.....O.......VR.@Pb...C5.\|P.l&...h....]....mQ.tNv.........+:....sP.bc.hQ..@..~...............-Y...5...PT.gR.>W.)6.=0.Q..RY..[..Z......J\.>W.xV........B.8\..6n...z..&l..u.....S..2.R..........!...,6\|......=0.p ...d............^%.Y'.S).t..N+....i"..........C.].....,Q.8<.>5....W..Q!........)7.......23......#..(.........d#.H-......r..x..n..L&.i..H....0I.#b.&\..82.x.....q......................YF.y...62.YS.HUR.."......X....Z..[..V.......h..{.....z.D-....s........5].x..D/.,@.!j..+J7.4D...........$8...q....,9......bR......0.......0b.........8W.......>S.3X...+k.(r.Cv....,...\|d.K....\|tRNS...'Z........O.....Q0....`.F.h..'..\.......3p...j.y.?....C.T.L...>...#....x....=....e...Y...?..\|.K...F.-..)......q.......;=....!IDAT8.c`@.."GR......q........5.Ni[..[..j..]..

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 21, 2024 16:49:56.983429909 CET	49675	443	192.168.2.4	173.222.162.32
Nov 21, 2024 16:50:06.591061115 CET	49675	443	192.168.2.4	173.222.162.32
Nov 21, 2024 16:50:07.386993885 CET	49735	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:07.387077093 CET	443	49735	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:07.387260914 CET	49735	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:07.387551069 CET	49736	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:07.387650013 CET	443	49736	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:07.387782097 CET	49735	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:07.387811899 CET	49736	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:07.387816906 CET	443	49735	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:07.388040066 CET	49736	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:07.388073921 CET	443	49736	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:08.758012056 CET	443	49735	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:08.758377075 CET	49735	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:08.758418083 CET	443	49735	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:08.759390116 CET	443	49735	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:08.759460926 CET	49735	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:08.760991096 CET	49735	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:08.761068106 CET	443	49735	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:08.761421919 CET	49735	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:08.761440039 CET	443	49735	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:08.810724020 CET	49735	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:08.829278946 CET	443	49736	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:08.881751060 CET	49736	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:08.933983088 CET	49736	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:08.934001923 CET	443	49736	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:08.937985897 CET	443	49736	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:08.938019991 CET	443	49736	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:08.938062906 CET	49736	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:08.938996077 CET	49736	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:08.939187050 CET	443	49736	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:08.985205889 CET	49736	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:08.985224962 CET	443	49736	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:09.025257111 CET	49736	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:09.265681028 CET	443	49735	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:09.265722036 CET	443	49735	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:09.265811920 CET	49735	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:09.265852928 CET	443	49735	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:09.265877962 CET	443	49735	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:09.265933037 CET	49735	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:09.265933037 CET	49735	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:09.267265081 CET	49735	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:09.267298937 CET	443	49735	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:09.365632057 CET	49736	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:09.406043053 CET	49740	443	192.168.2.4	142.250.181.100
Nov 21, 2024 16:50:09.406092882 CET	443	49740	142.250.181.100	192.168.2.4
Nov 21, 2024 16:50:09.406194925 CET	49740	443	192.168.2.4	142.250.181.100
Nov 21, 2024 16:50:09.406608105 CET	49740	443	192.168.2.4	142.250.181.100
Nov 21, 2024 16:50:09.406657934 CET	443	49740	142.250.181.100	192.168.2.4
Nov 21, 2024 16:50:09.407346010 CET	443	49736	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:09.766287088 CET	443	49736	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:09.766472101 CET	443	49736	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:09.766542912 CET	49736	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:09.766875982 CET	49736	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:09.766923904 CET	443	49736	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:09.766953945 CET	49736	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:09.766999006 CET	49736	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:09.998163939 CET	49741	443	192.168.2.4	50.17.178.148
Nov 21, 2024 16:50:09.998217106 CET	443	49741	50.17.178.148	192.168.2.4
Nov 21, 2024 16:50:09.998294115 CET	49741	443	192.168.2.4	50.17.178.148
Nov 21, 2024 16:50:09.998529911 CET	49741	443	192.168.2.4	50.17.178.148
Nov 21, 2024 16:50:09.998563051 CET	443	49741	50.17.178.148	192.168.2.4
Nov 21, 2024 16:50:10.288690090 CET	49742	443	192.168.2.4	2.18.82.9
Nov 21, 2024 16:50:10.288777113 CET	443	49742	2.18.82.9	192.168.2.4
Nov 21, 2024 16:50:10.288882017 CET	49742	443	192.168.2.4	2.18.82.9
Nov 21, 2024 16:50:10.290946960 CET	49742	443	192.168.2.4	2.18.82.9
Nov 21, 2024 16:50:10.290977955 CET	443	49742	2.18.82.9	192.168.2.4
Nov 21, 2024 16:50:11.097290993 CET	443	49740	142.250.181.100	192.168.2.4
Nov 21, 2024 16:50:11.097644091 CET	49740	443	192.168.2.4	142.250.181.100
Nov 21, 2024 16:50:11.097706079 CET	443	49740	142.250.181.100	192.168.2.4
Nov 21, 2024 16:50:11.098711967 CET	443	49740	142.250.181.100	192.168.2.4
Nov 21, 2024 16:50:11.098788023 CET	49740	443	192.168.2.4	142.250.181.100
Nov 21, 2024 16:50:11.100188017 CET	49740	443	192.168.2.4	142.250.181.100
Nov 21, 2024 16:50:11.100255966 CET	443	49740	142.250.181.100	192.168.2.4
Nov 21, 2024 16:50:11.154872894 CET	49740	443	192.168.2.4	142.250.181.100
Nov 21, 2024 16:50:11.154900074 CET	443	49740	142.250.181.100	192.168.2.4
Nov 21, 2024 16:50:11.201787949 CET	49740	443	192.168.2.4	142.250.181.100
Nov 21, 2024 16:50:11.273422003 CET	443	49741	50.17.178.148	192.168.2.4
Nov 21, 2024 16:50:11.273813009 CET	49741	443	192.168.2.4	50.17.178.148
Nov 21, 2024 16:50:11.273838043 CET	443	49741	50.17.178.148	192.168.2.4
Nov 21, 2024 16:50:11.275257111 CET	443	49741	50.17.178.148	192.168.2.4
Nov 21, 2024 16:50:11.275337934 CET	49741	443	192.168.2.4	50.17.178.148
Nov 21, 2024 16:50:11.276604891 CET	49741	443	192.168.2.4	50.17.178.148
Nov 21, 2024 16:50:11.276771069 CET	443	49741	50.17.178.148	192.168.2.4
Nov 21, 2024 16:50:11.277036905 CET	49741	443	192.168.2.4	50.17.178.148
Nov 21, 2024 16:50:11.277051926 CET	443	49741	50.17.178.148	192.168.2.4
Nov 21, 2024 16:50:11.326744080 CET	49741	443	192.168.2.4	50.17.178.148
Nov 21, 2024 16:50:11.685507059 CET	443	49742	2.18.82.9	192.168.2.4
Nov 21, 2024 16:50:11.685585022 CET	49742	443	192.168.2.4	2.18.82.9
Nov 21, 2024 16:50:11.715080023 CET	443	49741	50.17.178.148	192.168.2.4
Nov 21, 2024 16:50:11.715157032 CET	443	49741	50.17.178.148	192.168.2.4
Nov 21, 2024 16:50:11.715292931 CET	49741	443	192.168.2.4	50.17.178.148
Nov 21, 2024 16:50:11.724026918 CET	49742	443	192.168.2.4	2.18.82.9
Nov 21, 2024 16:50:11.724055052 CET	443	49742	2.18.82.9	192.168.2.4
Nov 21, 2024 16:50:11.724252939 CET	443	49742	2.18.82.9	192.168.2.4
Nov 21, 2024 16:50:11.764264107 CET	49742	443	192.168.2.4	2.18.82.9
Nov 21, 2024 16:50:11.764980078 CET	49741	443	192.168.2.4	50.17.178.148
Nov 21, 2024 16:50:11.765031099 CET	443	49741	50.17.178.148	192.168.2.4
Nov 21, 2024 16:50:11.808058023 CET	49742	443	192.168.2.4	2.18.82.9
Nov 21, 2024 16:50:11.855334997 CET	443	49742	2.18.82.9	192.168.2.4
Nov 21, 2024 16:50:11.907092094 CET	49743	443	192.168.2.4	50.17.178.148
Nov 21, 2024 16:50:11.907131910 CET	443	49743	50.17.178.148	192.168.2.4
Nov 21, 2024 16:50:11.907213926 CET	49743	443	192.168.2.4	50.17.178.148
Nov 21, 2024 16:50:11.907486916 CET	49743	443	192.168.2.4	50.17.178.148
Nov 21, 2024 16:50:11.907511950 CET	443	49743	50.17.178.148	192.168.2.4
Nov 21, 2024 16:50:12.214562893 CET	443	49742	2.18.82.9	192.168.2.4
Nov 21, 2024 16:50:12.214605093 CET	443	49742	2.18.82.9	192.168.2.4
Nov 21, 2024 16:50:12.214709044 CET	49742	443	192.168.2.4	2.18.82.9
Nov 21, 2024 16:50:12.214853048 CET	49742	443	192.168.2.4	2.18.82.9
Nov 21, 2024 16:50:12.214894056 CET	443	49742	2.18.82.9	192.168.2.4
Nov 21, 2024 16:50:12.214929104 CET	49742	443	192.168.2.4	2.18.82.9
Nov 21, 2024 16:50:12.214946032 CET	443	49742	2.18.82.9	192.168.2.4
Nov 21, 2024 16:50:12.253499985 CET	49744	443	192.168.2.4	2.18.82.9
Nov 21, 2024 16:50:12.253529072 CET	443	49744	2.18.82.9	192.168.2.4
Nov 21, 2024 16:50:12.253607035 CET	49744	443	192.168.2.4	2.18.82.9
Nov 21, 2024 16:50:12.253930092 CET	49744	443	192.168.2.4	2.18.82.9
Nov 21, 2024 16:50:12.253941059 CET	443	49744	2.18.82.9	192.168.2.4
Nov 21, 2024 16:50:13.221755028 CET	443	49743	50.17.178.148	192.168.2.4
Nov 21, 2024 16:50:13.222160101 CET	49743	443	192.168.2.4	50.17.178.148
Nov 21, 2024 16:50:13.222222090 CET	443	49743	50.17.178.148	192.168.2.4
Nov 21, 2024 16:50:13.225760937 CET	443	49743	50.17.178.148	192.168.2.4
Nov 21, 2024 16:50:13.225843906 CET	49743	443	192.168.2.4	50.17.178.148
Nov 21, 2024 16:50:13.231517076 CET	49743	443	192.168.2.4	50.17.178.148
Nov 21, 2024 16:50:13.231606007 CET	443	49743	50.17.178.148	192.168.2.4
Nov 21, 2024 16:50:13.231745958 CET	49743	443	192.168.2.4	50.17.178.148
Nov 21, 2024 16:50:13.231776953 CET	443	49743	50.17.178.148	192.168.2.4
Nov 21, 2024 16:50:13.279361010 CET	49743	443	192.168.2.4	50.17.178.148
Nov 21, 2024 16:50:13.648494005 CET	443	49744	2.18.82.9	192.168.2.4
Nov 21, 2024 16:50:13.648571014 CET	49744	443	192.168.2.4	2.18.82.9
Nov 21, 2024 16:50:13.649964094 CET	49744	443	192.168.2.4	2.18.82.9
Nov 21, 2024 16:50:13.649974108 CET	443	49744	2.18.82.9	192.168.2.4
Nov 21, 2024 16:50:13.650204897 CET	443	49744	2.18.82.9	192.168.2.4
Nov 21, 2024 16:50:13.651704073 CET	49744	443	192.168.2.4	2.18.82.9
Nov 21, 2024 16:50:13.695374966 CET	443	49744	2.18.82.9	192.168.2.4
Nov 21, 2024 16:50:13.982012033 CET	443	49743	50.17.178.148	192.168.2.4
Nov 21, 2024 16:50:13.982167959 CET	443	49743	50.17.178.148	192.168.2.4
Nov 21, 2024 16:50:13.982698917 CET	49743	443	192.168.2.4	50.17.178.148
Nov 21, 2024 16:50:13.982742071 CET	443	49743	50.17.178.148	192.168.2.4
Nov 21, 2024 16:50:13.982773066 CET	49743	443	192.168.2.4	50.17.178.148
Nov 21, 2024 16:50:13.982805967 CET	49743	443	192.168.2.4	50.17.178.148
Nov 21, 2024 16:50:14.123866081 CET	49745	443	192.168.2.4	192.0.77.2
Nov 21, 2024 16:50:14.123902082 CET	443	49745	192.0.77.2	192.168.2.4
Nov 21, 2024 16:50:14.124010086 CET	49745	443	192.168.2.4	192.0.77.2
Nov 21, 2024 16:50:14.124315023 CET	49745	443	192.168.2.4	192.0.77.2
Nov 21, 2024 16:50:14.124330044 CET	443	49745	192.0.77.2	192.168.2.4
Nov 21, 2024 16:50:14.172753096 CET	443	49744	2.18.82.9	192.168.2.4
Nov 21, 2024 16:50:14.172797918 CET	443	49744	2.18.82.9	192.168.2.4
Nov 21, 2024 16:50:14.172900915 CET	49744	443	192.168.2.4	2.18.82.9
Nov 21, 2024 16:50:14.173974037 CET	49744	443	192.168.2.4	2.18.82.9
Nov 21, 2024 16:50:14.173974037 CET	49744	443	192.168.2.4	2.18.82.9
Nov 21, 2024 16:50:14.173980951 CET	443	49744	2.18.82.9	192.168.2.4
Nov 21, 2024 16:50:14.173989058 CET	443	49744	2.18.82.9	192.168.2.4
Nov 21, 2024 16:50:15.443167925 CET	443	49745	192.0.77.2	192.168.2.4
Nov 21, 2024 16:50:15.443445921 CET	49745	443	192.168.2.4	192.0.77.2
Nov 21, 2024 16:50:15.443459988 CET	443	49745	192.0.77.2	192.168.2.4
Nov 21, 2024 16:50:15.444905996 CET	443	49745	192.0.77.2	192.168.2.4
Nov 21, 2024 16:50:15.444981098 CET	49745	443	192.168.2.4	192.0.77.2
Nov 21, 2024 16:50:15.446224928 CET	49745	443	192.168.2.4	192.0.77.2
Nov 21, 2024 16:50:15.446367025 CET	443	49745	192.0.77.2	192.168.2.4
Nov 21, 2024 16:50:15.446515083 CET	49745	443	192.168.2.4	192.0.77.2
Nov 21, 2024 16:50:15.446521997 CET	443	49745	192.0.77.2	192.168.2.4
Nov 21, 2024 16:50:15.498111010 CET	49745	443	192.168.2.4	192.0.77.2
Nov 21, 2024 16:50:15.884938002 CET	443	49745	192.0.77.2	192.168.2.4
Nov 21, 2024 16:50:15.885067940 CET	443	49745	192.0.77.2	192.168.2.4
Nov 21, 2024 16:50:15.885118961 CET	49745	443	192.168.2.4	192.0.77.2
Nov 21, 2024 16:50:15.885149956 CET	443	49745	192.0.77.2	192.168.2.4
Nov 21, 2024 16:50:15.885211945 CET	443	49745	192.0.77.2	192.168.2.4
Nov 21, 2024 16:50:15.885262966 CET	49745	443	192.168.2.4	192.0.77.2
Nov 21, 2024 16:50:15.885550976 CET	49745	443	192.168.2.4	192.0.77.2
Nov 21, 2024 16:50:15.885566950 CET	443	49745	192.0.77.2	192.168.2.4
Nov 21, 2024 16:50:16.035016060 CET	49746	443	192.168.2.4	192.0.77.2
Nov 21, 2024 16:50:16.035100937 CET	443	49746	192.0.77.2	192.168.2.4
Nov 21, 2024 16:50:16.035202026 CET	49746	443	192.168.2.4	192.0.77.2
Nov 21, 2024 16:50:16.035417080 CET	49746	443	192.168.2.4	192.0.77.2
Nov 21, 2024 16:50:16.035451889 CET	443	49746	192.0.77.2	192.168.2.4
Nov 21, 2024 16:50:17.299155951 CET	443	49746	192.0.77.2	192.168.2.4
Nov 21, 2024 16:50:17.299462080 CET	49746	443	192.168.2.4	192.0.77.2
Nov 21, 2024 16:50:17.299525023 CET	443	49746	192.0.77.2	192.168.2.4
Nov 21, 2024 16:50:17.303195953 CET	443	49746	192.0.77.2	192.168.2.4
Nov 21, 2024 16:50:17.303299904 CET	49746	443	192.168.2.4	192.0.77.2
Nov 21, 2024 16:50:17.303668022 CET	49746	443	192.168.2.4	192.0.77.2
Nov 21, 2024 16:50:17.303812981 CET	49746	443	192.168.2.4	192.0.77.2
Nov 21, 2024 16:50:17.303881884 CET	443	49746	192.0.77.2	192.168.2.4
Nov 21, 2024 16:50:17.357391119 CET	49746	443	192.168.2.4	192.0.77.2
Nov 21, 2024 16:50:17.357412100 CET	443	49746	192.0.77.2	192.168.2.4
Nov 21, 2024 16:50:17.404362917 CET	49746	443	192.168.2.4	192.0.77.2
Nov 21, 2024 16:50:17.745482922 CET	443	49746	192.0.77.2	192.168.2.4
Nov 21, 2024 16:50:17.745599031 CET	443	49746	192.0.77.2	192.168.2.4
Nov 21, 2024 16:50:17.745655060 CET	49746	443	192.168.2.4	192.0.77.2
Nov 21, 2024 16:50:17.745683908 CET	443	49746	192.0.77.2	192.168.2.4
Nov 21, 2024 16:50:17.745743036 CET	443	49746	192.0.77.2	192.168.2.4
Nov 21, 2024 16:50:17.745795012 CET	49746	443	192.168.2.4	192.0.77.2
Nov 21, 2024 16:50:17.747009993 CET	49746	443	192.168.2.4	192.0.77.2
Nov 21, 2024 16:50:17.747040033 CET	443	49746	192.0.77.2	192.168.2.4
Nov 21, 2024 16:50:18.769402027 CET	49747	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:18.769486904 CET	443	49747	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:18.769684076 CET	49747	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:18.769942045 CET	49747	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:18.769974947 CET	443	49747	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:19.893381119 CET	49748	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:50:19.893407106 CET	443	49748	20.109.210.53	192.168.2.4
Nov 21, 2024 16:50:19.893485069 CET	49748	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:50:19.894560099 CET	49748	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:50:19.894583941 CET	443	49748	20.109.210.53	192.168.2.4
Nov 21, 2024 16:50:20.199502945 CET	443	49747	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:20.200341940 CET	49747	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:20.200387955 CET	443	49747	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:20.200895071 CET	443	49747	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:20.201256990 CET	49747	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:20.201349020 CET	443	49747	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:20.201421022 CET	49747	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:20.243335009 CET	443	49747	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:20.790951014 CET	443	49740	142.250.181.100	192.168.2.4
Nov 21, 2024 16:50:20.791035891 CET	443	49740	142.250.181.100	192.168.2.4
Nov 21, 2024 16:50:20.791199923 CET	49740	443	192.168.2.4	142.250.181.100
Nov 21, 2024 16:50:20.794230938 CET	443	49747	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:20.794342041 CET	443	49747	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:20.794430971 CET	49747	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:20.818602085 CET	49747	443	192.168.2.4	15.204.31.59
Nov 21, 2024 16:50:20.818645000 CET	443	49747	15.204.31.59	192.168.2.4
Nov 21, 2024 16:50:21.603106976 CET	443	49748	20.109.210.53	192.168.2.4
Nov 21, 2024 16:50:21.603216887 CET	49748	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:50:21.607167959 CET	49748	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:50:21.607181072 CET	443	49748	20.109.210.53	192.168.2.4
Nov 21, 2024 16:50:21.607508898 CET	443	49748	20.109.210.53	192.168.2.4
Nov 21, 2024 16:50:21.653835058 CET	49748	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:50:21.874628067 CET	49740	443	192.168.2.4	142.250.181.100
Nov 21, 2024 16:50:21.874675035 CET	443	49740	142.250.181.100	192.168.2.4
Nov 21, 2024 16:50:23.485670090 CET	49748	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:50:23.527370930 CET	443	49748	20.109.210.53	192.168.2.4
Nov 21, 2024 16:50:24.054506063 CET	443	49748	20.109.210.53	192.168.2.4
Nov 21, 2024 16:50:24.054538965 CET	443	49748	20.109.210.53	192.168.2.4
Nov 21, 2024 16:50:24.054548025 CET	443	49748	20.109.210.53	192.168.2.4
Nov 21, 2024 16:50:24.054560900 CET	443	49748	20.109.210.53	192.168.2.4
Nov 21, 2024 16:50:24.054600954 CET	443	49748	20.109.210.53	192.168.2.4
Nov 21, 2024 16:50:24.054656029 CET	49748	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:50:24.054678917 CET	443	49748	20.109.210.53	192.168.2.4
Nov 21, 2024 16:50:24.054701090 CET	49748	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:50:24.054733992 CET	49748	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:50:24.074184895 CET	443	49748	20.109.210.53	192.168.2.4
Nov 21, 2024 16:50:24.074278116 CET	49748	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:50:24.074282885 CET	443	49748	20.109.210.53	192.168.2.4
Nov 21, 2024 16:50:24.074342966 CET	49748	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:50:25.769701004 CET	49748	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:50:25.769720078 CET	443	49748	20.109.210.53	192.168.2.4
Nov 21, 2024 16:50:59.726763010 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:50:59.726804018 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:50:59.726912022 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:50:59.727338076 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:50:59.727349043 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:01.458328009 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:01.458484888 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:01.463577032 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:01.463639975 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:01.463838100 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:01.474617958 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:01.519331932 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:01.939712048 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:01.939735889 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:01.939749956 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:01.939852953 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:01.939888954 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:01.939924002 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:01.939955950 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.090374947 CET	49755	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:51:02.090420961 CET	443	49755	20.109.210.53	192.168.2.4
Nov 21, 2024 16:51:02.090517998 CET	49755	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:51:02.091031075 CET	49755	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:51:02.091046095 CET	443	49755	20.109.210.53	192.168.2.4
Nov 21, 2024 16:51:02.121244907 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.121264935 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.121368885 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.121387005 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.121434927 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.170897007 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.170922041 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.170986891 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.171000957 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.171037912 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.171063900 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.290011883 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.290029049 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.290154934 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.290168047 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.290227890 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.334552050 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.334569931 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.334661961 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.334672928 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.334728956 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.355855942 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.355874062 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.355981112 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.355988979 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.356036901 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.377090931 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.377106905 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.377221107 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.377228022 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.377284050 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.476171970 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.476188898 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.476285934 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.476296902 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.476346970 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.494550943 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.494565010 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.494657040 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.494664907 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.494712114 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.515912056 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.515925884 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.515997887 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.516005039 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.516052008 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.530009985 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.530024052 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.530102015 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.530109882 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.530164003 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.539793015 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.539808035 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.539910078 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.539917946 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.539967060 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.541690111 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.541728020 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.541784048 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.542556047 CET	49754	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.542572975 CET	443	49754	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.586184025 CET	49757	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.586215973 CET	49756	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.586256981 CET	443	49756	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.586292982 CET	443	49757	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.586339951 CET	49756	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.586400986 CET	49757	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.586735964 CET	49756	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.586755991 CET	443	49756	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.586882114 CET	49757	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.586916924 CET	443	49757	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.588593960 CET	49758	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.588603020 CET	443	49758	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.588663101 CET	49758	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.588850021 CET	49758	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.588861942 CET	443	49758	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.590322971 CET	49759	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.590347052 CET	443	49759	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.590428114 CET	49759	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.591198921 CET	49760	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.591274023 CET	443	49760	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.591368914 CET	49760	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.591398001 CET	49759	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.591422081 CET	443	49759	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:02.591531038 CET	49760	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:02.591564894 CET	443	49760	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:03.849646091 CET	443	49755	20.109.210.53	192.168.2.4
Nov 21, 2024 16:51:03.849848986 CET	49755	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:51:03.852035999 CET	49755	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:51:03.852045059 CET	443	49755	20.109.210.53	192.168.2.4
Nov 21, 2024 16:51:03.852443933 CET	443	49755	20.109.210.53	192.168.2.4
Nov 21, 2024 16:51:03.860066891 CET	49755	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:51:03.903328896 CET	443	49755	20.109.210.53	192.168.2.4
Nov 21, 2024 16:51:04.304579973 CET	443	49757	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.304666042 CET	443	49756	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.305205107 CET	49756	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.305228949 CET	443	49756	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.305237055 CET	49757	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.305282116 CET	443	49757	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.305685043 CET	49756	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.305690050 CET	443	49756	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.305947065 CET	49757	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.305959940 CET	443	49757	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.374315977 CET	443	49758	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.374713898 CET	49758	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.374723911 CET	443	49758	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.375113010 CET	49758	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.375116110 CET	443	49758	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.384968042 CET	443	49759	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.385292053 CET	49759	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.385312080 CET	443	49759	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.385643005 CET	49759	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.385653019 CET	443	49759	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.467200994 CET	443	49760	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.467778921 CET	49760	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.467850924 CET	443	49760	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.468242884 CET	49760	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.468256950 CET	443	49760	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.548090935 CET	443	49755	20.109.210.53	192.168.2.4
Nov 21, 2024 16:51:04.548161983 CET	443	49755	20.109.210.53	192.168.2.4
Nov 21, 2024 16:51:04.548214912 CET	443	49755	20.109.210.53	192.168.2.4
Nov 21, 2024 16:51:04.548259974 CET	49755	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:51:04.548280954 CET	443	49755	20.109.210.53	192.168.2.4
Nov 21, 2024 16:51:04.548312902 CET	49755	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:51:04.548345089 CET	49755	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:51:04.586036921 CET	443	49755	20.109.210.53	192.168.2.4
Nov 21, 2024 16:51:04.586148977 CET	443	49755	20.109.210.53	192.168.2.4
Nov 21, 2024 16:51:04.586257935 CET	49755	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:51:04.586270094 CET	443	49755	20.109.210.53	192.168.2.4
Nov 21, 2024 16:51:04.586288929 CET	443	49755	20.109.210.53	192.168.2.4
Nov 21, 2024 16:51:04.586348057 CET	49755	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:51:04.586523056 CET	49755	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:51:04.586545944 CET	443	49755	20.109.210.53	192.168.2.4
Nov 21, 2024 16:51:04.586572886 CET	49755	443	192.168.2.4	20.109.210.53
Nov 21, 2024 16:51:04.586584091 CET	443	49755	20.109.210.53	192.168.2.4
Nov 21, 2024 16:51:04.742136955 CET	443	49757	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.742181063 CET	443	49757	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.742245913 CET	49757	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.742508888 CET	49757	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.742508888 CET	49757	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.742556095 CET	443	49757	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.742583990 CET	443	49757	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.745635033 CET	443	49756	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.745651007 CET	443	49756	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.745729923 CET	49756	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.745758057 CET	443	49756	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.745804071 CET	49756	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.746809959 CET	49761	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.746917009 CET	443	49761	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.747014999 CET	49761	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.747031927 CET	49756	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.747036934 CET	443	49756	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.747075081 CET	49756	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.747185946 CET	443	49756	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.747212887 CET	443	49756	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.747257948 CET	49756	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.748028040 CET	49761	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.748061895 CET	443	49761	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.749876976 CET	49762	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.749982119 CET	443	49762	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.750056982 CET	49762	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.750159979 CET	49762	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.750197887 CET	443	49762	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.823241949 CET	443	49758	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.823268890 CET	443	49758	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.823342085 CET	49758	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.823354006 CET	443	49758	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.823399067 CET	49758	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.823622942 CET	49758	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.823626995 CET	443	49758	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.823647022 CET	49758	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.823829889 CET	443	49758	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.823860884 CET	443	49758	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.823915005 CET	49758	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.826220989 CET	49763	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.826251030 CET	443	49763	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.826369047 CET	49763	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.826539993 CET	49763	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.826565027 CET	443	49763	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.828989983 CET	443	49759	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.829035044 CET	443	49759	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.829088926 CET	49759	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.829263926 CET	49759	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.829283953 CET	443	49759	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.829308987 CET	49759	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.829323053 CET	443	49759	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.839667082 CET	49764	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.839699984 CET	443	49764	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.839781046 CET	49764	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.840034962 CET	49764	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.840054035 CET	443	49764	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.920536995 CET	443	49760	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.920598030 CET	443	49760	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.920669079 CET	49760	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.920708895 CET	443	49760	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.920902967 CET	49760	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.920924902 CET	443	49760	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.920960903 CET	49760	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.921017885 CET	443	49760	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.923194885 CET	49765	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.923264980 CET	443	49765	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:04.923352957 CET	49765	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.923507929 CET	49765	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:04.923537970 CET	443	49765	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.467870951 CET	443	49761	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.468487978 CET	49761	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:06.468543053 CET	443	49761	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.468866110 CET	49761	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:06.468882084 CET	443	49761	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.540625095 CET	443	49762	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.541188002 CET	49762	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:06.541254997 CET	443	49762	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.541621923 CET	49762	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:06.541635990 CET	443	49762	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.611665964 CET	443	49763	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.612246037 CET	49763	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:06.612270117 CET	443	49763	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.612523079 CET	49763	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:06.612534046 CET	443	49763	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.698708057 CET	443	49764	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.699572086 CET	49764	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:06.699585915 CET	443	49764	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.699877024 CET	49764	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:06.699882984 CET	443	49764	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.785221100 CET	443	49765	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.785736084 CET	49765	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:06.785794973 CET	443	49765	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.786269903 CET	49765	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:06.786288977 CET	443	49765	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.904057980 CET	443	49761	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.904233932 CET	443	49761	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.904457092 CET	49761	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:06.904717922 CET	49761	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:06.904759884 CET	443	49761	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.904788017 CET	49761	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:06.904803038 CET	443	49761	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.908205986 CET	49767	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:06.908268929 CET	443	49767	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.908375978 CET	49767	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:06.908588886 CET	49767	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:06.908611059 CET	443	49767	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.986058950 CET	443	49762	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.986107111 CET	443	49762	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.986275911 CET	49762	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:06.986471891 CET	49762	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:06.986485004 CET	443	49762	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.986496925 CET	49762	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:06.986502886 CET	443	49762	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.989840984 CET	49768	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:06.989881992 CET	443	49768	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:06.989984035 CET	49768	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:06.990187883 CET	49768	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:06.990209103 CET	443	49768	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:07.061073065 CET	443	49763	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:07.061260939 CET	443	49763	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:07.061340094 CET	49763	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:07.061418056 CET	49763	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:07.061451912 CET	443	49763	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:07.061480045 CET	49763	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:07.061510086 CET	443	49763	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:07.064487934 CET	49769	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:07.064517021 CET	443	49769	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:07.064598083 CET	49769	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:07.064804077 CET	49769	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:07.064817905 CET	443	49769	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:07.156488895 CET	443	49764	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:07.156574965 CET	443	49764	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:07.156641960 CET	49764	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:07.156902075 CET	49764	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:07.156917095 CET	443	49764	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:07.156929970 CET	49764	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:07.156936884 CET	443	49764	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:07.160617113 CET	49770	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:07.160635948 CET	443	49770	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:07.160713911 CET	49770	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:07.160933971 CET	49770	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:07.160948038 CET	443	49770	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:07.239515066 CET	443	49765	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:07.239561081 CET	443	49765	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:07.239726067 CET	49765	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:07.239931107 CET	49765	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:07.239976883 CET	443	49765	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:07.240006924 CET	49765	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:07.240021944 CET	443	49765	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:07.243244886 CET	49771	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:07.243271112 CET	443	49771	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:07.243367910 CET	49771	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:07.243577957 CET	49771	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:07.243591070 CET	443	49771	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:08.792718887 CET	443	49768	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:08.793451071 CET	49768	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:08.793529034 CET	443	49768	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:08.794086933 CET	49768	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:08.794102907 CET	443	49768	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:08.812153101 CET	443	49767	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:08.812813044 CET	49767	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:08.812885046 CET	443	49767	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:08.813146114 CET	49767	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:08.813163042 CET	443	49767	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:08.855432987 CET	443	49769	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:08.856066942 CET	49769	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:08.856089115 CET	443	49769	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:08.856576920 CET	49769	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:08.856586933 CET	443	49769	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:08.958376884 CET	443	49770	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:08.959254980 CET	49770	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:08.959290981 CET	443	49770	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:08.959755898 CET	49770	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:08.959784031 CET	443	49770	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.022998095 CET	443	49771	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.023696899 CET	49771	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.023772001 CET	443	49771	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.024451017 CET	49771	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.024463892 CET	443	49771	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.239690065 CET	443	49768	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.239749908 CET	443	49768	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.239831924 CET	49768	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.240268946 CET	49768	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.240268946 CET	49768	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.240314007 CET	443	49768	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.240361929 CET	443	49768	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.244118929 CET	49772	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.244187117 CET	443	49772	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.244283915 CET	49772	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.244546890 CET	49772	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.244574070 CET	443	49772	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.263633966 CET	443	49767	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.263787031 CET	443	49767	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.263974905 CET	49767	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.264296055 CET	49767	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.264331102 CET	443	49767	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.264384031 CET	49767	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.264400959 CET	443	49767	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.267277002 CET	49773	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.267381907 CET	443	49773	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.267493963 CET	49773	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.267666101 CET	49773	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.267695904 CET	443	49773	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.298795938 CET	443	49769	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.299035072 CET	443	49769	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.299124002 CET	49769	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.299184084 CET	49769	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.299184084 CET	49769	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.299217939 CET	443	49769	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.299258947 CET	443	49769	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.301937103 CET	49774	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.301984072 CET	443	49774	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.302088976 CET	49774	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.302242041 CET	49774	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.302263021 CET	443	49774	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.327924967 CET	49775	443	192.168.2.4	142.250.181.100
Nov 21, 2024 16:51:09.328012943 CET	443	49775	142.250.181.100	192.168.2.4
Nov 21, 2024 16:51:09.328130960 CET	49775	443	192.168.2.4	142.250.181.100
Nov 21, 2024 16:51:09.328366995 CET	49775	443	192.168.2.4	142.250.181.100
Nov 21, 2024 16:51:09.328401089 CET	443	49775	142.250.181.100	192.168.2.4
Nov 21, 2024 16:51:09.402615070 CET	443	49770	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.402719021 CET	443	49770	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.402918100 CET	49770	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.403058052 CET	49770	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.403090954 CET	443	49770	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.403117895 CET	49770	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.403132915 CET	443	49770	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.405927896 CET	49776	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.405982971 CET	443	49776	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.406068087 CET	49776	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.406260967 CET	49776	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.406290054 CET	443	49776	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.468427896 CET	443	49771	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.468499899 CET	443	49771	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.468609095 CET	49771	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.468797922 CET	49771	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.468815088 CET	443	49771	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.468874931 CET	49771	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.468889952 CET	443	49771	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.471514940 CET	49777	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.471568108 CET	443	49777	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:09.471676111 CET	49777	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.471847057 CET	49777	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:09.471879005 CET	443	49777	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:10.975816965 CET	443	49772	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:10.976385117 CET	49772	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:10.976419926 CET	443	49772	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:10.977020979 CET	49772	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:10.977026939 CET	443	49772	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.060313940 CET	443	49773	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.061001062 CET	49773	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.061078072 CET	443	49773	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.061528921 CET	49773	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.061541080 CET	443	49773	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.074295044 CET	443	49775	142.250.181.100	192.168.2.4
Nov 21, 2024 16:51:11.074714899 CET	49775	443	192.168.2.4	142.250.181.100
Nov 21, 2024 16:51:11.074779987 CET	443	49775	142.250.181.100	192.168.2.4
Nov 21, 2024 16:51:11.075967073 CET	443	49775	142.250.181.100	192.168.2.4
Nov 21, 2024 16:51:11.076447010 CET	49775	443	192.168.2.4	142.250.181.100
Nov 21, 2024 16:51:11.076524973 CET	443	49775	142.250.181.100	192.168.2.4
Nov 21, 2024 16:51:11.098150969 CET	443	49774	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.098551035 CET	49774	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.098570108 CET	443	49774	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.099176884 CET	49774	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.099183083 CET	443	49774	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.123471975 CET	49775	443	192.168.2.4	142.250.181.100
Nov 21, 2024 16:51:11.126705885 CET	443	49776	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.127067089 CET	49776	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.127162933 CET	443	49776	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.127578974 CET	49776	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.127593994 CET	443	49776	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.251151085 CET	443	49777	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.251766920 CET	49777	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.251826048 CET	443	49777	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.252243996 CET	49777	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.252259970 CET	443	49777	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.569597006 CET	443	49772	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.569685936 CET	443	49772	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.569745064 CET	49772	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.569946051 CET	49772	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.569967985 CET	443	49772	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.569978952 CET	49772	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.569986105 CET	443	49772	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.573621988 CET	49778	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.573719025 CET	443	49778	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.573821068 CET	49778	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.574007034 CET	49778	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.574040890 CET	443	49778	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.576741934 CET	443	49773	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.576801062 CET	443	49773	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.576864004 CET	49773	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.576982021 CET	49773	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.577028990 CET	443	49773	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.577058077 CET	49773	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.577074051 CET	443	49773	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.580046892 CET	49779	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.580135107 CET	443	49779	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.580224991 CET	49779	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.580358028 CET	49779	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.580389977 CET	443	49779	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.689090014 CET	443	49776	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.689166069 CET	443	49776	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.689419031 CET	49776	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.689532995 CET	49776	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.689568996 CET	443	49776	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.689610004 CET	49776	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.689625025 CET	443	49776	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.692733049 CET	49780	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.692799091 CET	443	49780	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.692887068 CET	49780	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.693049908 CET	49780	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.693080902 CET	443	49780	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.696471930 CET	443	49777	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.696552038 CET	443	49777	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.696611881 CET	49777	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.696702957 CET	49777	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.696738005 CET	443	49777	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.696764946 CET	49777	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.696779013 CET	443	49777	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.699039936 CET	49781	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.699084044 CET	443	49781	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.699148893 CET	49781	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.699274063 CET	49781	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.699287891 CET	443	49781	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.701417923 CET	443	49774	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.701498985 CET	443	49774	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.701544046 CET	49774	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.701632977 CET	49774	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.701642036 CET	443	49774	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.701651096 CET	49774	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.701656103 CET	443	49774	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.703402996 CET	49782	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.703428984 CET	443	49782	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:11.703497887 CET	49782	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.703612089 CET	49782	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:11.703636885 CET	443	49782	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.405841112 CET	443	49779	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.406656027 CET	49779	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:13.406719923 CET	443	49779	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.407074928 CET	49779	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:13.407089949 CET	443	49779	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.415898085 CET	443	49780	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.416323900 CET	49780	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:13.416410923 CET	443	49780	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.416906118 CET	49780	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:13.416960001 CET	443	49780	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.419951916 CET	443	49778	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.420353889 CET	49778	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:13.420383930 CET	443	49778	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.420711040 CET	49778	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:13.420717001 CET	443	49778	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.851516008 CET	443	49779	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.851744890 CET	443	49779	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.852166891 CET	49779	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:13.852166891 CET	49779	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:13.852166891 CET	49779	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:13.852613926 CET	443	49780	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.852684021 CET	443	49780	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.852765083 CET	49780	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:13.852982044 CET	49780	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:13.853007078 CET	443	49780	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.853027105 CET	49780	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:13.853034019 CET	443	49780	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.855534077 CET	49784	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:13.855544090 CET	49783	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:13.855598927 CET	443	49783	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.855648041 CET	443	49784	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.855683088 CET	49783	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:13.855736971 CET	49784	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:13.855869055 CET	49784	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:13.855897903 CET	443	49784	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.855927944 CET	49783	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:13.855947018 CET	443	49783	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.874722004 CET	443	49778	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.874784946 CET	443	49778	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.874887943 CET	49778	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:13.875108957 CET	49778	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:13.875108957 CET	49778	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:13.875149965 CET	443	49778	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.875176907 CET	443	49778	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.878360033 CET	49785	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:13.878401995 CET	443	49785	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:13.878509045 CET	49785	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:13.878626108 CET	49785	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:13.878643990 CET	443	49785	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:14.154531002 CET	49779	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:14.154598951 CET	443	49779	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:15.616614103 CET	443	49783	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:15.617266893 CET	49783	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:15.617300987 CET	443	49783	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:15.618052959 CET	49783	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:15.618061066 CET	443	49783	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:15.686712027 CET	443	49785	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:15.687565088 CET	49785	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:15.687630892 CET	443	49785	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:15.688662052 CET	49785	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:15.688678980 CET	443	49785	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:15.690670967 CET	443	49784	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:15.691106081 CET	49784	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:15.691148996 CET	443	49784	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:15.691687107 CET	49784	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:15.691701889 CET	443	49784	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:16.064332008 CET	443	49783	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:16.064434052 CET	443	49783	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:16.064591885 CET	49783	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:16.064748049 CET	49783	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:16.064770937 CET	443	49783	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:16.064785004 CET	49783	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:16.064791918 CET	443	49783	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:16.068496943 CET	49786	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:16.068610907 CET	443	49786	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:16.068717003 CET	49786	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:16.069046021 CET	49786	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:16.069077015 CET	443	49786	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:16.130388021 CET	443	49785	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:16.130448103 CET	443	49785	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:16.130512953 CET	49785	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:16.130759954 CET	49785	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:16.130793095 CET	443	49785	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:16.130810022 CET	49785	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:16.130820036 CET	443	49785	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:16.134731054 CET	49787	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:16.134764910 CET	443	49787	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:16.134836912 CET	49787	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:16.135111094 CET	49787	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:16.135130882 CET	443	49787	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:16.135991096 CET	443	49784	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:16.136082888 CET	443	49784	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:16.136145115 CET	49784	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:16.136307955 CET	49784	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:16.136332989 CET	443	49784	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:16.136363029 CET	49784	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:16.136375904 CET	443	49784	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:16.139121056 CET	49788	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:16.139168024 CET	443	49788	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:16.139256954 CET	49788	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:16.139549971 CET	49788	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:16.139566898 CET	443	49788	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:17.849710941 CET	443	49786	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:17.850720882 CET	49786	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:17.850752115 CET	443	49786	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:17.851377964 CET	49786	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:17.851387024 CET	443	49786	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:17.959857941 CET	443	49787	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:17.960546017 CET	49787	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:17.960611105 CET	443	49787	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:17.961172104 CET	49787	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:17.961185932 CET	443	49787	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:17.962111950 CET	443	49788	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:17.962456942 CET	49788	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:17.962521076 CET	443	49788	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:17.962917089 CET	49788	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:17.962930918 CET	443	49788	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:18.296649933 CET	443	49786	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:18.296717882 CET	443	49786	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:18.296778917 CET	49786	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:18.297050953 CET	49786	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:18.297074080 CET	443	49786	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:18.297090054 CET	49786	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:18.297096968 CET	443	49786	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:18.300992012 CET	49789	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:18.301029921 CET	443	49789	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:18.301100016 CET	49789	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:18.301378012 CET	49789	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:18.301388979 CET	443	49789	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:18.406750917 CET	443	49788	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:18.406836987 CET	443	49788	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:18.406897068 CET	49788	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:18.407116890 CET	49788	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:18.407135010 CET	443	49788	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:18.407145977 CET	49788	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:18.407150984 CET	443	49788	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:18.411062002 CET	49790	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:18.411084890 CET	443	49790	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:18.411144972 CET	49790	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:18.411325932 CET	49790	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:18.411334038 CET	443	49790	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:18.418456078 CET	443	49787	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:18.418524981 CET	443	49787	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:18.418603897 CET	49787	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:18.418741941 CET	49787	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:18.418776989 CET	443	49787	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:18.418807983 CET	49787	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:18.418824911 CET	443	49787	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:18.421684980 CET	49791	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:18.421710968 CET	443	49791	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:18.421773911 CET	49791	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:18.421994925 CET	49791	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:18.422008038 CET	443	49791	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.105762959 CET	443	49789	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.106532097 CET	49789	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:20.106590986 CET	443	49789	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.107151031 CET	49789	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:20.107157946 CET	443	49789	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.205503941 CET	443	49790	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.206226110 CET	49790	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:20.206269026 CET	443	49790	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.207076073 CET	49790	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:20.207092047 CET	443	49790	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.286734104 CET	443	49791	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.287337065 CET	49791	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:20.287372112 CET	443	49791	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.288086891 CET	49791	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:20.288094997 CET	443	49791	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.555124044 CET	443	49789	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.555214882 CET	443	49789	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.555270910 CET	49789	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:20.555473089 CET	49789	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:20.555497885 CET	443	49789	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.555510998 CET	49789	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:20.555519104 CET	443	49789	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.559412956 CET	49792	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:20.559509993 CET	443	49792	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.559645891 CET	49792	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:20.559762955 CET	49792	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:20.559799910 CET	443	49792	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.650901079 CET	443	49790	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.650973082 CET	443	49790	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.651036978 CET	49790	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:20.651230097 CET	49790	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:20.651254892 CET	443	49790	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.651268959 CET	49790	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:20.651276112 CET	443	49790	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.654441118 CET	49793	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:20.654536009 CET	443	49793	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.654663086 CET	49793	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:20.654872894 CET	49793	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:20.654912949 CET	443	49793	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.745363951 CET	443	49791	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.745433092 CET	443	49791	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.745532990 CET	49791	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:20.745807886 CET	49791	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:20.745831013 CET	443	49791	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.745843887 CET	49791	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:20.745851994 CET	443	49791	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.748831987 CET	49794	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:20.748933077 CET	443	49794	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.749031067 CET	49794	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:20.749178886 CET	49794	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:20.749207020 CET	443	49794	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:20.754976034 CET	443	49775	142.250.181.100	192.168.2.4
Nov 21, 2024 16:51:20.755042076 CET	443	49775	142.250.181.100	192.168.2.4
Nov 21, 2024 16:51:20.755094051 CET	49775	443	192.168.2.4	142.250.181.100
Nov 21, 2024 16:51:21.874883890 CET	49775	443	192.168.2.4	142.250.181.100
Nov 21, 2024 16:51:21.874954939 CET	443	49775	142.250.181.100	192.168.2.4
Nov 21, 2024 16:51:22.349205017 CET	443	49792	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:22.352422953 CET	49792	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:22.352461100 CET	443	49792	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:22.352904081 CET	49792	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:22.352910995 CET	443	49792	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:22.506356955 CET	443	49793	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:22.507023096 CET	49793	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:22.507086039 CET	443	49793	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:22.507524014 CET	49793	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:22.507555962 CET	443	49793	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:22.610678911 CET	443	49794	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:22.611166954 CET	49794	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:22.611243963 CET	443	49794	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:22.611579895 CET	49794	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:22.611593962 CET	443	49794	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:22.794723034 CET	443	49792	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:22.794919968 CET	443	49792	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:22.795027971 CET	49792	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:22.795300961 CET	49792	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:22.795337915 CET	443	49792	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:22.795361042 CET	49792	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:22.795370102 CET	443	49792	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:22.798099995 CET	49795	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:22.798191071 CET	443	49795	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:22.798280001 CET	49795	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:22.798455000 CET	49795	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:22.798485041 CET	443	49795	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:22.960349083 CET	443	49793	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:22.960431099 CET	443	49793	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:22.960509062 CET	49793	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:22.960628986 CET	49793	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:22.960628986 CET	49793	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:22.960669994 CET	443	49793	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:22.960695982 CET	443	49793	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:22.963167906 CET	49796	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:22.963212013 CET	443	49796	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:22.963289976 CET	49796	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:22.963407993 CET	49796	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:22.963416100 CET	443	49796	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:23.103593111 CET	443	49794	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:23.103657007 CET	443	49794	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:23.103895903 CET	49794	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:23.104001045 CET	49794	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:23.104001045 CET	49794	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:23.104046106 CET	443	49794	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:23.104074955 CET	443	49794	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:23.106486082 CET	49797	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:23.106527090 CET	443	49797	13.107.246.63	192.168.2.4
Nov 21, 2024 16:51:23.106601954 CET	49797	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:23.106739998 CET	49797	443	192.168.2.4	13.107.246.63
Nov 21, 2024 16:51:23.106759071 CET	443	49797	13.107.246.63	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 21, 2024 16:50:05.552352905 CET	53	50794	1.1.1.1	192.168.2.4
Nov 21, 2024 16:50:05.602128029 CET	53	62788	1.1.1.1	192.168.2.4
Nov 21, 2024 16:50:07.247704029 CET	49534	53	192.168.2.4	1.1.1.1
Nov 21, 2024 16:50:07.247932911 CET	50052	53	192.168.2.4	1.1.1.1
Nov 21, 2024 16:50:07.385763884 CET	53	50052	1.1.1.1	192.168.2.4
Nov 21, 2024 16:50:07.386385918 CET	53	49534	1.1.1.1	192.168.2.4
Nov 21, 2024 16:50:08.408694029 CET	53	63407	1.1.1.1	192.168.2.4
Nov 21, 2024 16:50:09.264736891 CET	55175	53	192.168.2.4	1.1.1.1
Nov 21, 2024 16:50:09.265053034 CET	51745	53	192.168.2.4	1.1.1.1
Nov 21, 2024 16:50:09.402093887 CET	53	51745	1.1.1.1	192.168.2.4
Nov 21, 2024 16:50:09.402312040 CET	53	55175	1.1.1.1	192.168.2.4
Nov 21, 2024 16:50:09.769186974 CET	57656	53	192.168.2.4	1.1.1.1
Nov 21, 2024 16:50:09.769493103 CET	60371	53	192.168.2.4	1.1.1.1
Nov 21, 2024 16:50:09.988614082 CET	53	57656	1.1.1.1	192.168.2.4
Nov 21, 2024 16:50:09.997590065 CET	53	60371	1.1.1.1	192.168.2.4
Nov 21, 2024 16:50:11.767915964 CET	54790	53	192.168.2.4	1.1.1.1
Nov 21, 2024 16:50:11.768268108 CET	52856	53	192.168.2.4	1.1.1.1
Nov 21, 2024 16:50:11.906136036 CET	53	52856	1.1.1.1	192.168.2.4
Nov 21, 2024 16:50:11.906478882 CET	53	54790	1.1.1.1	192.168.2.4
Nov 21, 2024 16:50:13.984256983 CET	56778	53	192.168.2.4	1.1.1.1
Nov 21, 2024 16:50:13.984457016 CET	60914	53	192.168.2.4	1.1.1.1
Nov 21, 2024 16:50:14.122514009 CET	53	60914	1.1.1.1	192.168.2.4
Nov 21, 2024 16:50:14.123172998 CET	53	56778	1.1.1.1	192.168.2.4
Nov 21, 2024 16:50:15.891932964 CET	49568	53	192.168.2.4	1.1.1.1
Nov 21, 2024 16:50:15.892086029 CET	53631	53	192.168.2.4	1.1.1.1
Nov 21, 2024 16:50:16.029225111 CET	53	49568	1.1.1.1	192.168.2.4
Nov 21, 2024 16:50:16.034437895 CET	53	53631	1.1.1.1	192.168.2.4
Nov 21, 2024 16:50:22.614063025 CET	138	138	192.168.2.4	192.168.2.255
Nov 21, 2024 16:50:25.540230036 CET	53	50870	1.1.1.1	192.168.2.4
Nov 21, 2024 16:50:44.435008049 CET	53	54236	1.1.1.1	192.168.2.4
Nov 21, 2024 16:51:05.357480049 CET	53	52049	1.1.1.1	192.168.2.4
Nov 21, 2024 16:51:06.856539965 CET	53	56260	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 21, 2024 16:50:07.247704029 CET	192.168.2.4	1.1.1.1	0x57af	Standard query (0)	www3.lead.app	A (IP address)	IN (0x0001)	false
Nov 21, 2024 16:50:07.247932911 CET	192.168.2.4	1.1.1.1	0x6c7b	Standard query (0)	www3.lead.app	65	IN (0x0001)	false
Nov 21, 2024 16:50:09.264736891 CET	192.168.2.4	1.1.1.1	0x9f5d	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 21, 2024 16:50:09.265053034 CET	192.168.2.4	1.1.1.1	0x928f	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 21, 2024 16:50:09.769186974 CET	192.168.2.4	1.1.1.1	0xa2a8	Standard query (0)	lead.app	A (IP address)	IN (0x0001)	false
Nov 21, 2024 16:50:09.769493103 CET	192.168.2.4	1.1.1.1	0xa8e2	Standard query (0)	lead.app	65	IN (0x0001)	false
Nov 21, 2024 16:50:11.767915964 CET	192.168.2.4	1.1.1.1	0xa5c2	Standard query (0)	www.lead.app	A (IP address)	IN (0x0001)	false
Nov 21, 2024 16:50:11.768268108 CET	192.168.2.4	1.1.1.1	0xff6f	Standard query (0)	www.lead.app	65	IN (0x0001)	false
Nov 21, 2024 16:50:13.984256983 CET	192.168.2.4	1.1.1.1	0xebc0	Standard query (0)	i0.wp.com	A (IP address)	IN (0x0001)	false
Nov 21, 2024 16:50:13.984457016 CET	192.168.2.4	1.1.1.1	0xc9b8	Standard query (0)	i0.wp.com	65	IN (0x0001)	false
Nov 21, 2024 16:50:15.891932964 CET	192.168.2.4	1.1.1.1	0xae2e	Standard query (0)	i0.wp.com	A (IP address)	IN (0x0001)	false
Nov 21, 2024 16:50:15.892086029 CET	192.168.2.4	1.1.1.1	0x7f7a	Standard query (0)	i0.wp.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 21, 2024 16:50:07.385763884 CET	1.1.1.1	192.168.2.4	0x6c7b	No error (0)	www3.lead.app	bka4nncin8swww3.mycorpprovider.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 16:50:07.386385918 CET	1.1.1.1	192.168.2.4	0x57af	No error (0)	www3.lead.app	bka4nncin8swww3.mycorpprovider.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 16:50:07.386385918 CET	1.1.1.1	192.168.2.4	0x57af	No error (0)	bka4nncin8swww3.mycorpprovider.net	mainlb.mycorpprovider.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2024 16:50:07.386385918 CET	1.1.1.1	192.168.2.4	0x57af	No error (0)	mainlb.mycorpprovider.net		15.204.31.59	A (IP address)	IN (0x0001)	false
Nov 21, 2024 16:50:09.402093887 CET	1.1.1.1	192.168.2.4	0x928f	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 21, 2024 16:50:09.402312040 CET	1.1.1.1	192.168.2.4	0x9f5d	No error (0)	www.google.com		142.250.181.100	A (IP address)	IN (0x0001)	false
Nov 21, 2024 16:50:09.988614082 CET	1.1.1.1	192.168.2.4	0xa2a8	No error (0)	lead.app		50.17.178.148	A (IP address)	IN (0x0001)	false
Nov 21, 2024 16:50:11.906478882 CET	1.1.1.1	192.168.2.4	0xa5c2	No error (0)	www.lead.app		50.17.178.148	A (IP address)	IN (0x0001)	false
Nov 21, 2024 16:50:14.123172998 CET	1.1.1.1	192.168.2.4	0xebc0	No error (0)	i0.wp.com		192.0.77.2	A (IP address)	IN (0x0001)	false
Nov 21, 2024 16:50:16.029225111 CET	1.1.1.1	192.168.2.4	0xae2e	No error (0)	i0.wp.com		192.0.77.2	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www3.lead.app

https:

lead.app

www.lead.app

i0.wp.com

fs.microsoft.com

slscr.update.microsoft.com

otelrules.azureedge.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	15.204.31.59	443	2676	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:50:08 UTC	853	OUT	GET /unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&body HTTP/1.1 Host: www3.lead.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-21 15:50:09 UTC	154	IN	HTTP/1.1 200 OK Content-Length: 3671 Content-Type: text/html; charset=utf-8 Date: Thu, 21 Nov 2024 15:50:08 GMT Server: uvicorn Connection: close
2024-11-21 15:50:09 UTC	1032	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 20 52 65 6d 6f 76 65 20 66 72 6f 6d 20 4d 61 69 6c 69 6e 67 20 4c 69 73 74 0a 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title> Remove from Mailing List</title> <style> body { font-family: Arial, sa
2024-11-21 15:50:09 UTC	2372	IN	Data Raw: 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7a 2d 69 6e 64 65 78 3a 20 32 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 66 69 72 6d 61 74 69 6f 6e 43 6f 6e 74 65 6e 74 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 62 75 74 74 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 Data Ascii: align-items: center; z-index: 2; } .confirmationContent { background: #fff; padding: 20px; border-radius: 5px; text-align: center; } button { marg
2024-11-21 15:50:09 UTC	267	IN	Data Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 3a 20 7b 7d 2c 0a 20 20 20 20 20 20 20 20 7d 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 72 65 73 70 6f 6e 73 65 20 3d 3e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 27 50 4f 53 54 20 72 65 71 75 65 73 74 20 73 65 6e 74 20 73 75 63 63 65 73 73 66 75 6c 6c 79 27 29 3b 0a 20 20 20 20 20 20 20 20 7d 29 0a 20 20 20 20 20 20 20 20 2e 63 61 74 63 68 28 65 72 72 6f 72 20 3d 3e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 27 45 72 72 6f 72 20 73 65 6e 64 69 6e 67 20 50 4f 53 54 20 72 65 71 75 65 73 74 3a 27 2c 20 65 72 72 6f 72 29 3b 0a 20 20 20 20 20 20 20 20 7d 29 3b 0a 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 Data Ascii: body: {}, }) .then(response => { console.log('POST request sent successfully'); }) .catch(error => { console.error('Error sending POST request:', error); }); }</script></b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	15.204.31.59	443	2676	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:50:09 UTC	779	OUT	GET /favicon.ico HTTP/1.1 Host: www3.lead.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www3.lead.app/unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&body Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-21 15:50:09 UTC	193	IN	HTTP/1.1 301 Moved Permanently Content-Length: 40 Content-Type: text/plain Date: Thu, 21 Nov 2024 15:50:09 GMT Location: https://lead.app/favicon.ico Server: uvicorn Connection: close
2024-11-21 15:50:09 UTC	40	IN	Data Raw: 52 65 64 69 72 65 63 74 65 64 20 68 74 74 70 73 3a 2f 2f 6c 65 61 64 2e 61 70 70 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 0a Data Ascii: Redirected https://lead.app/favicon.ico

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49741	50.17.178.148	443	2676	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:50:11 UTC	575	OUT	GET /favicon.ico HTTP/1.1 Host: lead.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www3.lead.app/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-21 15:50:11 UTC	216	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 21 Nov 2024 15:50:11 GMT Server: Apache Location: https://www.lead.app/favicon.ico Content-Length: 240 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-11-21 15:50:11 UTC	240	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6c 65 61 64 2e 61 70 70 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.lead.app/favicon.ico">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49742	2.18.82.9	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:50:11 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-21 15:50:12 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF70) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=176147 Date: Thu, 21 Nov 2024 15:50:12 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49743	50.17.178.148	443	2676	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:50:13 UTC	579	OUT	GET /favicon.ico HTTP/1.1 Host: www.lead.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www3.lead.app/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-21 15:50:13 UTC	397	IN	HTTP/1.1 302 Found Date: Thu, 21 Nov 2024 15:50:13 GMT Server: Apache Disabled-plugins: 0 on 2024-11-21 03:50:13 Link: <https://www.lead.app/wp-json/>; rel="https://api.w.org/" X-Redirect-By: WordPress Location: https://i0.wp.com/www.lead.app/wp-content/uploads/2019/07/cropped-lead_icon.png?fit=32%2C32&ssl=1 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49744	2.18.82.9	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:50:13 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-21 15:50:14 UTC	535	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=176144 Date: Thu, 21 Nov 2024 15:50:13 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-21 15:50:14 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49745	192.0.77.2	443	2676	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:50:15 UTC	645	OUT	GET /www.lead.app/wp-content/uploads/2019/07/cropped-lead_icon.png?fit=32%2C32&ssl=1 HTTP/1.1 Host: i0.wp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www3.lead.app/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-21 15:50:15 UTC	578	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 21 Nov 2024 15:50:15 GMT Content-Type: image/webp Content-Length: 1432 Connection: close Last-Modified: Tue, 30 Jul 2024 20:41:49 GMT Expires: Fri, 31 Jul 2026 08:41:49 GMT Cache-Control: public, max-age=63115200 Link: <https://www.lead.app/wp-content/uploads/2019/07/cropped-lead_icon.png>; rel="canonical" X-Content-Type-Options: nosniff ETag: "dbb6f3412a7a886e" Vary: Accept X-nc: HIT jfk 4 Alt-Svc: h3=":443"; ma=86400 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD Timing-Allow-Origin: *
2024-11-21 15:50:15 UTC	791	IN	Data Raw: 52 49 46 46 90 05 00 00 57 45 42 50 56 50 38 4c 84 05 00 00 2f 1f c0 07 10 09 33 6d db 68 7e 1b fe 84 47 22 a2 ff b1 78 c9 ae 85 9a b6 91 24 97 cb 1f e9 56 ef 1d 10 45 8d 24 29 2d 61 9f eb 5f 19 1e 83 86 a1 ef 7f 04 5d 00 f0 4b 0a 48 55 93 0f e0 cc 95 99 24 92 b4 6d 3b 9e e7 7e be b8 b6 6d db b6 c7 dd 44 bb 81 0e bb 01 ae 42 33 db b6 6d 9b c9 a7 24 ef fb 14 f9 bf 2f dd c1 5d bb 95 b3 6d fb f9 2f d7 fd f9 7c fe f6 3f bb 26 db 1e 8d 8d 2f a0 b6 8e a6 26 6f 76 8d ff 57 90 6d 7b b5 39 d9 ae 2f 6e 29 b6 b5 2d db 72 ce f5 7c 82 5b 73 77 32 4d 2b 99 f6 cf 80 59 e8 4c 9c 4a a2 59 74 e9 0e d5 1d be ff 79 6e 3a b4 6d 1b db b3 79 62 db b6 55 d9 b6 9d 32 55 2a 95 36 4a 27 a5 6d db b6 6d db c6 8f 3b 01 80 60 cc c1 df 8f f6 04 2c 4a 88 7c 19 fa ad 9c 7b 6f c0 6d 80 0f Data Ascii: RIFFWEBPVP8L/3mh~G"x$VE$)-a_]KHU$m;~mDB3m$/]m/\|?&/&ovWm{9/n)-r\|[sw2M+YLJYtyn:mybU2U*6J'mm;`,J\|{om
2024-11-21 15:50:15 UTC	641	IN	Data Raw: c8 24 48 91 18 aa 48 56 18 ed bb 93 1e be 4c bc 47 c5 76 e7 d7 dc ca 1e cb a4 5c 2d 94 3c 86 2c 27 48 01 28 5f cb e5 44 af a1 c3 9d db aa 60 a1 d0 eb e6 b5 ad 63 2d 60 e7 e7 02 fd 8c e3 34 b0 2e 8e 42 11 61 34 ee d3 94 df a0 82 80 a2 5b d7 58 80 e4 c1 6e eb d1 51 68 94 22 88 a0 64 1a 12 f5 1a 4c 15 a8 b2 ed c1 ad bb 0b 00 3e 92 83 96 3d c8 d7 2c a5 4e a3 50 55 eb b8 9f 01 5c ad 44 af cc 31 15 4d 05 02 e8 c7 47 5a ab 45 7f 69 a1 0a aa 94 2d 86 55 b5 9b ac ba 7b df fe 9b 35 6b 9c 8f 81 37 7e 1d af 55 2e 16 ff a2 2c 29 99 25 97 31 a5 06 c0 13 d7 fe 50 aa 06 10 05 08 91 74 34 1e 08 2d 82 d4 20 1b d1 e0 2f c6 3d 22 d3 cc c2 05 cb f3 d6 2b 97 16 90 40 b1 14 00 7e d4 72 fd ae 81 6e c9 31 c8 66 70 71 14 09 90 94 1c 94 a8 23 32 9d ff 27 53 89 3a 7f 31 f9 3e 16 1e Data Ascii: $HHVLGv\-<,'H(_D`c-`4.Ba4[XnQh"dL>=,NPU\D1MGZEi-U{5k7~U.,)%1Pt4- /="+@~rn1fpq#2'S:1>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49746	192.0.77.2	443	2676	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:50:17 UTC	412	OUT	GET /www.lead.app/wp-content/uploads/2019/07/cropped-lead_icon.png?fit=32%2C32&ssl=1 HTTP/1.1 Host: i0.wp.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-21 15:50:17 UTC	597	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 21 Nov 2024 15:50:17 GMT Content-Type: image/png Content-Length: 1518 Connection: close Last-Modified: Thu, 10 Oct 2024 21:37:11 GMT Expires: Sun, 11 Oct 2026 09:37:11 GMT Cache-Control: public, max-age=63115200 Link: <https://www.lead.app/wp-content/uploads/2019/07/cropped-lead_icon.png>; rel="canonical" X-Content-Type-Options: nosniff ETag: "c01be0f603263537" X-Bytes-Saved: 226 Vary: Accept X-nc: HIT jfk 4 Alt-Svc: h3=":443"; ma=86400 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD Timing-Allow-Origin: *
2024-11-21 15:50:17 UTC	772	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 03 00 00 00 44 a4 8a c6 00 00 03 00 50 4c 54 45 47 70 4c 7e 16 94 3b c7 e3 f2 34 32 ff ae 10 ff b6 00 ff b0 0e 8b 3a 8b b0 25 73 fb 86 18 e4 c0 2c 7f 12 92 81 07 96 81 08 95 81 0d 93 81 07 96 f8 84 37 fd a3 18 ff b0 0b 0c b3 e2 f2 2f 34 f3 32 33 ff b1 0a f5 49 3f 29 8e c9 36 97 be 81 09 94 80 0d 92 81 06 96 fb a8 1d fe ad 16 82 0c 93 81 09 95 ff a1 26 83 0d 96 ff ae 14 f7 5a 29 f9 64 24 9f 20 78 cb 3b 4d ff b0 18 f9 6e 1f f5 45 30 80 11 90 f2 2d 35 28 7d cd 3b 44 bd fd 96 13 f9 7a 1c 9c 36 72 29 67 ca d0 5a 41 2e 54 c8 f5 48 2d fb 8a 18 f3 3d 31 75 0b 9c fe a3 10 53 22 b0 48 3d b3 f0 94 19 15 9b d8 b6 6f 4e ff ae 0a b0 8b 4f 16 8d da 0e 9f e0 f3 56 52 ef 40 50 62 1a a6 ea 43 35 f0 Data Ascii: PNGIHDR DPLTEGpL~;42:%s,7/423I?)6&Z)d$ x;MnE0-5(};Dz6r)gZA.TH-=1uS"H=oNOVR@PbC5
2024-11-21 15:50:17 UTC	746	IN	Data Raw: 19 f5 38 57 ed e7 16 fb ef 09 f7 3e 53 f5 33 58 1e a2 cd 2b 6b c7 28 72 cd 43 76 b5 2e 88 c5 2c 8e c7 80 9b 7c 64 b4 4b 86 00 00 00 7c 74 52 4e 53 00 13 03 27 5a 04 f6 01 08 fe 0c 1c e7 a4 4f ed 10 fe d5 87 ef 51 30 18 fe fe ac 60 f6 46 b7 68 be 1b 27 fa 1f 5c fe fe 97 a4 c9 2e ff 33 70 86 db fe 6a fe 79 d4 3f 97 cf e0 e9 43 fe 54 fe 4c fe d5 f9 3e 10 87 fe 23 fe 05 fe fe 78 c3 2e d2 cf 3d fe f4 ce fe 65 fe fe fe 59 db 97 fa 9e 3f fe fb 7c da 4b d6 d5 f4 46 f0 2d f4 9b 29 fd 1a bc fc ec fd 71 fe fd fe ef 9a fe fc cf 3b 3d 1b 00 00 02 21 49 44 41 54 38 cb 63 60 40 05 a2 22 47 52 99 19 f0 01 e6 14 71 06 f2 00 93 ae 91 89 9e 35 07 4e 69 5b c7 1d 5b a7 cf b8 6a e5 ca 88 5d 81 b0 d3 ee 5d db b6 cc dc 34 bb cd 42 1b 9b 7e e1 83 7b 1f df 9b fe 70 e6 86 a9 1b 1b Data Ascii: 8W>S3X+k(rCv.,\|dK\|tRNS'ZOQ0`Fh'\.3pjy?CTL>#x.=eY?\|KF-)q;=!IDAT8c`@"GRq5Ni[[j]]4B~{p

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49747	15.204.31.59	443	2676	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:50:20 UTC	1196	OUT	POST /unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&bodylang=en&email_address=csilla.szep@skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4=&body= HTTP/1.1 Host: www3.lead.app Connection: keep-alive Content-Length: 15 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: / Origin: https://www3.lead.app Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www3.lead.app/unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&body Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-21 15:50:20 UTC	15	OUT	Data Raw: 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d Data Ascii: [object Object]
2024-11-21 15:50:20 UTC	172	IN	HTTP/1.1 500 Internal Server Error Content-Length: 21 Content-Type: text/plain; charset=utf-8 Date: Thu, 21 Nov 2024 15:50:20 GMT Server: uvicorn Connection: close
2024-11-21 15:50:20 UTC	21	IN	Data Raw: 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 Data Ascii: Internal Server Error

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49748	20.109.210.53	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:50:23 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Hn4y8eznr6rbdzs&MD=e4lauX6s HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-21 15:50:24 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 8007c02f-fe14-4498-b858-9f4e08ad888c MS-RequestId: dba8fbf0-b5a5-4c6a-84d4-6f4ef33d286c MS-CV: Yq0Cv3Uv20m2WhhB.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 21 Nov 2024 15:50:22 GMT Connection: close Content-Length: 24490
2024-11-21 15:50:24 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-21 15:50:24 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.4	49754	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:01 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:01 UTC	471	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:01 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Tue, 19 Nov 2024 16:37:24 GMT ETag: "0x8DD08B87243495C" x-ms-request-id: b5254561-a01e-0070-0158-3b573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155101Z-1777c6cb754dqf99hC1TEB5nps0000000b3g00000000htx5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:01 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-21 15:51:02 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-11-21 15:51:02 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-11-21 15:51:02 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-11-21 15:51:02 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-11-21 15:51:02 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-11-21 15:51:02 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-11-21 15:51:02 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-11-21 15:51:02 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-11-21 15:51:02 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49755	20.109.210.53	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:03 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Hn4y8eznr6rbdzs&MD=e4lauX6s HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-21 15:51:04 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 79f58348-8173-4b1a-8891-cc1504299be9 MS-RequestId: 6d8df331-f7f9-4da3-a76f-84989c1416bf MS-CV: u9WwQ4LUeUGdPdeK.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 21 Nov 2024 15:51:03 GMT Connection: close Content-Length: 30005
2024-11-21 15:51:04 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-11-21 15:51:04 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.4	49756	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:04 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:04 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:04 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: b2486168-801e-0048-04ba-3bf3fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155104Z-r1d97b995774zjnrhC1TEBv1ww0000000acg00000000q1cx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:04 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.4	49757	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:04 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:04 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:04 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: 704ea499-801e-00ac-498c-3bfd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155104Z-r1d97b99577jlrkbhC1TEBq8d00000000aag00000000rcvt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:04 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.4	49758	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:04 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:04 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:04 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 1aa7a34d-201e-0096-3676-3bace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155104Z-178bfbc474bwh9gmhC1NYCy3rs00000001sg00000000e3xg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:04 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	49759	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:04 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:04 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:04 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: f3d0c3d3-f01e-003c-676b-3b8cf0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155104Z-178bfbc474bw8bwphC1NYC38b400000001kg0000000061zx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:04 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49760	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:04 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:04 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:04 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: 7268c357-001e-0066-5863-3b561e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155104Z-178bfbc474bnwsh4hC1NYC2ubs00000001sg00000000db5x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:04 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49761	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:06 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:06 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:06 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 02a2c6fa-b01e-0001-107b-3b46e2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155106Z-178bfbc474bnwsh4hC1NYC2ubs00000001ng00000000wah3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:06 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49762	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:06 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:06 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:06 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: a6bfa609-001e-00a2-4d66-3bd4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155106Z-178bfbc474bnwsh4hC1NYC2ubs00000001q000000000ryf6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:06 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49763	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:06 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:07 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:06 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 1e988f1d-b01e-0070-1b8c-3a1cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155106Z-1777c6cb754wcxkwhC1TEB3c6w0000000b7g00000000bvu5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:07 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49764	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:06 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:07 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:06 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 5e8702c1-301e-000c-0b8f-3b323f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155106Z-1777c6cb754b7tdghC1TEBwwa40000000bf0000000008gtd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:07 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49765	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:06 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:07 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:07 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: ae573645-101e-008d-516d-3b92e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155107Z-1777c6cb754j47wfhC1TEB5wrw000000073g00000000g947 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:07 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49768	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:08 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:09 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:09 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 4e7b5ce8-701e-0098-117a-3b395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155109Z-178bfbc474b7cbwqhC1NYC8z4n00000001n000000000a1vg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:09 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49767	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:08 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:09 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:09 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 561f43d7-f01e-0096-2f75-3b10ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155109Z-178bfbc474bpnd5vhC1NYC4vr400000001t0000000000qvg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:09 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49769	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:08 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:09 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:09 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 922c5f4e-601e-005c-577c-3bf06f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155109Z-1777c6cb754xrr98hC1TEB3kag0000000b70000000005193 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:09 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49770	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:08 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:09 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:09 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: 0176f65f-901e-007b-6aca-3bac50000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155109Z-r1d97b99577sdxndhC1TEBec5n0000000ap000000000g5yk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:09 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49771	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:09 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:09 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:09 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: b82db720-b01e-0053-528c-3acdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155109Z-1777c6cb7542p5p4hC1TEBq0980000000b7g00000000kgft x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:09 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49772	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:10 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:11 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:11 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 835fb09e-e01e-0003-07ce-3b0fa8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155111Z-r1d97b99577xdmfxhC1TEBqbhg000000023000000000pt1h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:11 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49773	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:11 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:11 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:11 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: b82db7f7-b01e-0053-188c-3acdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155111Z-1777c6cb754xjpthhC1TEBexs80000000b4g00000000e7s9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:11 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49774	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:11 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:11 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:11 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 76a157b4-e01e-00aa-258c-3aceda000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155111Z-r1d97b99577gg97qhC1TEBcrf40000000ac000000000erkg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:11 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49776	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:11 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:11 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:11 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 8189730a-201e-0003-216a-3bf85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155111Z-178bfbc474bpnd5vhC1NYC4vr400000001t0000000000r27 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:11 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49777	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:11 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:11 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:11 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: a1cde93a-f01e-0020-638c-3a956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155111Z-1777c6cb754vxwc9hC1TEBykgw0000000bb0000000007627 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:11 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49779	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:13 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:13 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:13 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 107b228c-c01e-00a2-1f8c-3a2327000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155113Z-178bfbc474bwlrhlhC1NYCy3kg00000001q000000000eu6s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:13 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49780	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:13 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:13 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:13 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 70a27cfc-201e-0051-268c-3a7340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155113Z-178bfbc474brk967hC1NYCfu6000000001fg00000000eahq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:13 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49778	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:13 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:13 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:13 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: a56dfe0e-901e-0029-2976-3b274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155113Z-1777c6cb754vxwc9hC1TEBykgw0000000b5g00000000u6q6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:13 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49783	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:15 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:16 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:15 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: be70ec4e-301e-000c-088c-3a323f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155115Z-1777c6cb7549x5qchC1TEBggbg0000000bb000000000f933 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:16 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49785	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:15 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:16 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:15 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: a24720e5-f01e-0096-3f65-3b10ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155115Z-178bfbc474bnwsh4hC1NYC2ubs00000001t000000000axb6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:16 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49784	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:15 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:16 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:15 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 6a83a5f2-e01e-000c-157b-3b8e36000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155115Z-178bfbc474bfw4gbhC1NYCunf400000001q000000000fhuf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:16 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	49786	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:17 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:18 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:18 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: 3029707a-401e-0047-3163-3b8597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155118Z-178bfbc474bbcwv4hC1NYCypys00000001dg00000000w11u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:18 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	49787	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:17 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:18 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:18 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 3af7945d-501e-0016-1564-3b181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155118Z-178bfbc474btvfdfhC1NYCa2en00000001ng00000000vay1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:18 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	49788	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:17 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:18 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:18 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 65766a9d-a01e-0002-6d8c-3a5074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155118Z-178bfbc474bmqmgjhC1NYCy16c00000001t000000000c7a9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:18 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	49789	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:20 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:20 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:20 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: 76e93f39-101e-0034-5559-3b96ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155120Z-178bfbc474bwlrhlhC1NYCy3kg00000001hg00000000yqm7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:20 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	49790	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:20 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:20 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:20 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: c296684d-b01e-0053-2a99-3bcdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155120Z-r1d97b99577brct2hC1TEBambg000000045g00000000m23p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:20 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	49791	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:20 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:20 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:20 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: bf645307-501e-007b-7599-3b5ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155120Z-r1d97b99577jlrkbhC1TEBq8d00000000ab000000000p9kr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:20 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	49792	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:22 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:22 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:22 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: f14fa7ac-201e-000c-4a8c-3a79c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155122Z-1777c6cb754mqztshC1TEB4mkc0000000b8000000000qes5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:22 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	49793	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:22 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:22 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:22 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 9f194ed4-601e-0070-357c-3ba0c9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155122Z-178bfbc474bbbqrhhC1NYCvw7400000001x0000000004w0w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:22 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49794	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:22 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:23 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:22 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: d277967d-801e-0047-0163-3b7265000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155122Z-178bfbc474bv7whqhC1NYC1fg400000001q000000000esnp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:23 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49795	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:24 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:25 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:25 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 20e2cd06-701e-005c-2869-3bbb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155125Z-178bfbc474bq2pr7hC1NYCkfgg00000001xg000000001z6p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:25 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49796	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:24 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:25 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:25 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 792329fd-401e-0035-1f6c-3b82d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155125Z-178bfbc474bv587zhC1NYCny5w00000001eg00000000w0m3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:25 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49797	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-21 15:51:24 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-21 15:51:25 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 15:51:25 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: 171ae584-101e-005a-6763-3b882b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241121T155125Z-178bfbc474bscnbchC1NYCe7eg00000001ug00000000fd7n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-21 15:51:25 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Target ID:	0
Start time:	10:50:00
Start date:	21/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	10:50:03
Start date:	21/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2232,i,18017423527719494357,15146598028070794422,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	10:50:05
Start date:	21/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www3.lead.app/unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&body"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: https://www3.lead.app/unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&body	HTTP Parser: No favicon
Source: https://www3.lead.app/unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&body	HTTP Parser: No favicon

Source: global traffic	HTTP traffic detected: GET /unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&body HTTP/1.1Host: www3.lead.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www3.lead.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www3.lead.app/unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&bodyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: lead.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www3.lead.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.lead.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www3.lead.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /www.lead.app/wp-content/uploads/2019/07/cropped-lead_icon.png?fit=32%2C32&ssl=1 HTTP/1.1Host: i0.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www3.lead.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /www.lead.app/wp-content/uploads/2019/07/cropped-lead_icon.png?fit=32%2C32&ssl=1 HTTP/1.1Host: i0.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Hn4y8eznr6rbdzs&MD=e4lauX6s HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Hn4y8eznr6rbdzs&MD=e4lauX6s HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: global traffic	DNS traffic detected: DNS query: www3.lead.app
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: lead.app
Source: global traffic	DNS traffic detected: DNS query: www.lead.app
Source: global traffic	DNS traffic detected: DNS query: i0.wp.com

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.82.9
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.82.9
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.82.9
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.82.9
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.82.9
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.82.9
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.82.9
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.82.9
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.82.9
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.82.9
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.82.9
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.82.9
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.82.9
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.82.9
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.82.9
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.82.9
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.82.9
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.82.9
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.82.9
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www3.lead.app/unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&body

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 40

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3512, Parent PID: 824

General

Chronological Activities

Analysis Process: chrome.exePID: 2676, Parent PID: 3512

General

Chronological Activities

Analysis Process: chrome.exePID: 6348, Parent PID: 824

General

Chronological Activities

Disassembly

Windows Analysis Report
https://www3.lead.app/unsubscribe?lang=en&email_address=csilla.szep%40skolverket.se&u_token=gAAAAABnPuap06Ak8tBYbNOkJ3L3rremZJaZp9Qu6cgvFQ22dcQ4-nY10yZY1qgWzSwY7CriOpLOA6Vi1rVxvF24fCtTaqj2NHF7bbzqSQabh7x2PdA5tJ4%3D&body