Edit tour

Windows Analysis Report
https://mail.sapo.pt@www.bing.com/ck/a?!&&p=35b6df18bbec504aJmltdHM9MTcyNzIyMjQwMCZpZ3VpZD0yMDU5MDFlMi05N2Q5LTZjNjItMjIzNS0xNGU3OTY0MzZkZGMmaW5zaWQ9NTI5MQ&ptn=3&ver=2&hsh=3&fclid=205901e2-97d9-6c62-2235-14e796436ddc&u=a1aHR0cHM6Ly9ienNzLnB0L3dwLWNvbnRlbnQvcGx1Z2lucy9ibS1wYWdlYnVpbGRlci9pbmNfcGhwL3V4

Overview

General Information

Sample URL:	https://mail.sapo.pt@www.bing.com/ck/a?!&&p=35b6df18bbec504aJmltdHM9MTcyNzIyMjQwMCZpZ3VpZD0yMDU5MDFlMi05N2Q5LTZjNjItMjIzNS0xNGU3OTY0MzZkZGMmaW5zaWQ9NTI5MQ&ptn=3&ver=2&hsh=3&fclid=205901e2-97d9-6c62-22
Analysis ID:	1563311
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

AI detected suspicious URL

URL contains potential PII (phishing indication)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2128 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3868 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2000,i,7447874065688442827,3344386527575224330,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6368 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mail.sapo.pt@www.bing.com/ck/a?!&&p=35b6df18bbec504aJmltdHM9MTcyNzIyMjQwMCZpZ3VpZD0yMDU5MDFlMi05N2Q5LTZjNjItMjIzNS0xNGU3OTY0MzZkZGMmaW5zaWQ9NTI5MQ&ptn=3&ver=2&hsh=3&fclid=205901e2-97d9-6c62-2235-14e796436ddc&u=a1aHR0cHM6Ly9ienNzLnB0L3dwLWNvbnRlbnQvcGx1Z2lucy9ibS1wYWdlYnVpbGRlci9pbmNfcGhwL3V4LXBiLXRoZW1lLWFqYXgucGhwIzp-OnRleHQ9Ynpzcy5wdA&ntb=1" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://bzss.pt/wp-content/plugins/bm-pagebuilder/inc_php/ux-pb-theme-ajax.php	Avira URL Cloud: Label: malware
Source: https://bzss.pt/wp-content/plugins/bm-pagebuilder/inc_php/ux-pb-theme-ajax.php#:~:text=bzss.pt	Avira URL Cloud: Label: malware

Phishing

AI detected suspicious URL

Source: Email

Joe Sandbox AI: AI detected Brand spoofing attempt in URL: https://mail.sapo.pt@www.bing.com

Source: https://mail.sapo.pt@www.bing.com/ck/a?!&&p=35b6df18bbec504aJmltdHM9MTcyNzIyMjQwMCZpZ3VpZD0yMDU5MDFlMi05N2Q5LTZjNjItMjIzNS0xNGU3OTY0MzZkZGMmaW5zaWQ9NTI5MQ&ptn=3&ver=2&hsh=3&fclid=205901e2-97d9-6c62-2235-14e796436ddc&u=a1aHR0cHM6Ly9ienNzLnB0L3dwLWNvbnRlbnQvcGx1Z2lucy9ibS1wYWdlYnVpbGRlci9pbmNfcGhwL3V4LXBiLXRoZW1lLWFqYXgucGhwIzp-OnRleHQ9Ynpzcy5wdA&ntb=1

Sample URL: PII: mail.sapo.pt@www.bing.com

Source: https://mail.sapo.pt@www.bing.com/ck/a?!&&p=35b6df18bbec504aJmltdHM9MTcyNzIyMjQwMCZpZ3VpZD0yMDU5MDFlMi05N2Q5LTZjNjItMjIzNS0xNGU3OTY0MzZkZGMmaW5zaWQ9NTI5MQ&ptn=3&ver=2&hsh=3&fclid=205901e2-97d9-6c62-2235-14e796436ddc&u=a1aHR0cHM6Ly9ienNzLnB0L3dwLWNvbnRlbnQvcGx1Z2lucy9ibS1wYWdlYnVpbGRlci9pbmNfcGhwL3V4LXBiLXRoZW1lLWFqYXgucGhwIzp-OnRleHQ9Ynpzcy5wdA&ntb=1	HTTP Parser: No favicon
Source: https://mail.sapo.pt@www.bing.com/ck/a?!&&p=35b6df18bbec504aJmltdHM9MTcyNzIyMjQwMCZpZ3VpZD0yMDU5MDFlMi05N2Q5LTZjNjItMjIzNS0xNGU3OTY0MzZkZGMmaW5zaWQ9NTI5MQ&ptn=3&ver=2&hsh=3&fclid=205901e2-97d9-6c62-2235-14e796436ddc&u=a1aHR0cHM6Ly9ienNzLnB0L3dwLWNvbnRlbnQvcGx1Z2lucy9ibS1wYWdlYnVpbGRlci9pbmNfcGhwL3V4LXBiLXRoZW1lLWFqYXgucGhwIzp-OnRleHQ9Ynpzcy5wdA&ntb=1	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.52.182.8:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.52.182.8:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49752 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.182.8
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/bm-pagebuilder/inc_php/ux-pb-theme-ajax.php HTTP/1.1Host: bzss.ptConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=WwP4smcYlWEnmxv&MD=ZDWbG9Oe HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=WwP4smcYlWEnmxv&MD=ZDWbG9Oe HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: bzss.pt
Source: global traffic	DNS traffic detected: DNS query: www.gomalapos.com
Source: global traffic	DNS traffic detected: DNS query: google.com

Source: chromecache_40.2.dr

String found in binary or memory: https://bzss.pt/wp-content/plugins/bm-pagebuilder/inc_php/ux-pb-theme-ajax.php#:~:text=bzss.pt

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.52.182.8:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.52.182.8:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49752 version: TLS 1.2

Source: classification engine

Classification label: mal52.win@22/2@27/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2000,i,7447874065688442827,3344386527575224330,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mail.sapo.pt@www.bing.com/ck/a?!&&p=35b6df18bbec504aJmltdHM9MTcyNzIyMjQwMCZpZ3VpZD0yMDU5MDFlMi05N2Q5LTZjNjItMjIzNS0xNGU3OTY0MzZkZGMmaW5zaWQ9NTI5MQ&ptn=3&ver=2&hsh=3&fclid=205901e2-97d9-6c62-2235-14e796436ddc&u=a1aHR0cHM6Ly9ienNzLnB0L3dwLWNvbnRlbnQvcGx1Z2lucy9ibS1wYWdlYnVpbGRlci9pbmNfcGhwL3V4LXBiLXRoZW1lLWFqYXgucGhwIzp-OnRleHQ9Ynpzcy5wdA&ntb=1"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2000,i,7447874065688442827,3344386527575224330,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mail.sapo.pt@www.bing.com/ck/a?!&&p=35b6df18bbec504aJmltdHM9MTcyNzIyMjQwMCZpZ3VpZD0yMDU5MDFlMi05N2Q5LTZjNjItMjIzNS0xNGU3OTY0MzZkZGMmaW5zaWQ9NTI5MQ&ptn=3&ver=2&hsh=3&fclid=205901e2-97d9-6c62-2235-14e796436ddc&u=a1aHR0cHM6Ly9ienNzLnB0L3dwLWNvbnRlbnQvcGx1Z2lucy9ibS1wYWdlYnVpbGRlci9pbmNfcGhwL3V4LXBiLXRoZW1lLWFqYXgucGhwIzp-OnRleHQ9Ynpzcy5wdA&ntb=1"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://mail.sapo.pt@www.bing.com/ck/a?!&&p=35b6df18bbec504aJmltdHM9MTcyNzIyMjQwMCZpZ3VpZD0yMDU5MDFlMi05N2Q5LTZjNjItMjIzNS0xNGU3OTY0MzZkZGMmaW5zaWQ9NTI5MQ&ptn=3&ver=2&hsh=3&fclid=205901e2-97d9-6c62-2235-14e796436ddc&u=a1aHR0cHM6Ly9ienNzLnB0L3dwLWNvbnRlbnQvcGx1Z2lucy9ibS1wYWdlYnVpbGRlci9pbmNfcGhwL3V4LXBiLXRoZW1lLWFqYXgucGhwIzp-OnRleHQ9Ynpzcy5wdA&ntb=1	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://bzss.pt/wp-content/plugins/bm-pagebuilder/inc_php/ux-pb-theme-ajax.php	100%	Avira URL Cloud	malware
https://bzss.pt/wp-content/plugins/bm-pagebuilder/inc_php/ux-pb-theme-ajax.php#:~:text=bzss.pt	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bzss.pt	94.46.183.96	true	false	unknown
google.com	172.217.17.46	true	false	high
www.google.com	142.250.181.100	true	false	high
www.gomalapos.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://bzss.pt/wp-content/plugins/bm-pagebuilder/inc_php/ux-pb-theme-ajax.php	false	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://bzss.pt/wp-content/plugins/bm-pagebuilder/inc_php/ux-pb-theme-ajax.php#:~:text=bzss.pt	chromecache_40.2.dr	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
94.46.183.96	bzss.pt	Portugal	24768	ALMOUROLTECPT	false
142.250.181.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1563311
Start date and time:	2024-11-26 19:42:18 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 48s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://mail.sapo.pt@www.bing.com/ck/a?!&&p=35b6df18bbec504aJmltdHM9MTcyNzIyMjQwMCZpZ3VpZD0yMDU5MDFlMi05N2Q5LTZjNjItMjIzNS0xNGU3OTY0MzZkZGMmaW5zaWQ9NTI5MQ&ptn=3&ver=2&hsh=3&fclid=205901e2-97d9-6c62-2235-14e796436ddc&u=a1aHR0cHM6Ly9ienNzLnB0L3dwLWNvbnRlbnQvcGx1Z2lucy9ibS1wYWdlYnVpbGRlci9pbmNfcGhwL3V4LXBiLXRoZW1lLWFqYXgucGhwIzp-OnRleHQ9Ynpzcy5wdA&ntb=1
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.win@22/2@27/4

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.208.227, 64.233.165.84, 172.217.17.46, 104.116.245.89, 104.116.245.90, 104.116.245.113, 104.116.245.122, 2.16.158.233, 2.16.158.232, 104.116.245.115, 104.116.245.114, 2.16.158.234, 34.104.35.123, 2.20.68.201, 192.229.221.95, 172.217.17.35
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://mail.sapo.pt@www.bing.com/ck/a?!&&p=35b6df18bbec504aJmltdHM9MTcyNzIyMjQwMCZpZ3VpZD0yMDU5MDFlMi05N2Q5LTZjNjItMjIzNS0xNGU3OTY0MzZkZGMmaW5zaWQ9NTI5MQ&ptn=3&ver=2&hsh=3&fclid=205901e2-97d9-6c62-2235-14e796436ddc&u=a1aHR0cHM6Ly9ienNzLnB0L3dwLWNvbnRlbnQvcGx1Z2lucy9ibS1wYWdlYnVpbGRlci9pbmNfcGhwL3V4LXBiLXRoZW1lLWFqYXgucGhwIzp-OnRleHQ9Ynpzcy5wdA&ntb=1

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: https://mail.sapo.pt@www.bing.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": true, "contains_email_address": true, "known_domain": true, "brand_spoofing_attempt": true, "third_party_hosting": true }
URL: https://mail.sapo.pt@www.bing.com

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 40

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (425), with CRLF line terminators
Category:	downloaded
Size (bytes):	2020
Entropy (8bit):	5.149757232012924
Encrypted:	false
SSDEEP:	24:hPIzWgR8CC07ERsePmCcxtBQ2iBZWGFr1ebxeVZeV+eBmRRDihFMZEnNJ/6cqeXh:tTg7YeDQZWSXepmvih+ZuJCrITKbA
MD5:	10730B3DD5D339BD31E6D742D17583D8
SHA1:	3AD7D0888557D30EFAF3DF79AF2B20B3783A7EC7
SHA-256:	866D5EC3A7482E0B1487F715112DCBBF72BA877087AAA3D7FC09E059C9D7F085
SHA-512:	3560F66553FE3A25C9F1B7F96566922E2F9FBDEBBBC3E18258FC9251200F40246ABBEFB695C2965F8DE65C1594835FDBB4A867373BF0E3385FBB4AF5731327CF
Malicious:	false
Reputation:	low
URL:	https://www.bing.com/ck/a?!&&p=35b6df18bbec504aJmltdHM9MTcyNzIyMjQwMCZpZ3VpZD0yMDU5MDFlMi05N2Q5LTZjNjItMjIzNS0xNGU3OTY0MzZkZGMmaW5zaWQ9NTI5MQ&ptn=3&ver=2&hsh=3&fclid=205901e2-97d9-6c62-2235-14e796436ddc&u=a1aHR0cHM6Ly9ienNzLnB0L3dwLWNvbnRlbnQvcGx1Z2lucy9ibS1wYWdlYnVpbGRlci9pbmNfcGhwL3V4LXBiLXRoZW1lLWFqYXgucGhwIzp-OnRleHQ9Ynpzcy5wdA&ntb=1
Preview:	<!DOCTYPE html>..<html lang="en">.. <head>.. <meta charset="utf-8">.. <meta name="referrer" content="origin-when-cross-origin">.. <script>//<![CDATA[.. var s = false;.. function l() {.. setTimeout(f, 10000);.. if (document.referrer) {.. try {.. var pm = /(^\|&\|\?)px=([^&]*)(&\|$)/i;.. var px = window.location.href.match(pm);.. var rs = document.referrer;.. if (px != null) {.. if (rs.match(pm)).. rs = rs.replace(pm, "$1px=" + px[2] + "$3");.. else if (rs.indexOf("?") != -1).. rs = rs + "&px=" + px[2];.. else.. rs = rs + "?px=" + px[2];.. }.. history.replaceState({}, "Bing", rs);.. window.addEventListener("pageshow", function(e) { if (e.persisted \|\| (typeof window.performance != "undefined" && window.performance.navigation.type === 2)) window.location.reload(); });.. s = true;..

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 26, 2024 19:43:18.535712004 CET	49739	443	192.168.2.4	142.250.181.100
Nov 26, 2024 19:43:18.535758018 CET	443	49739	142.250.181.100	192.168.2.4
Nov 26, 2024 19:43:18.535835028 CET	49739	443	192.168.2.4	142.250.181.100
Nov 26, 2024 19:43:18.536142111 CET	49739	443	192.168.2.4	142.250.181.100
Nov 26, 2024 19:43:18.536160946 CET	443	49739	142.250.181.100	192.168.2.4
Nov 26, 2024 19:43:19.667953014 CET	49740	443	192.168.2.4	23.52.182.8
Nov 26, 2024 19:43:19.668006897 CET	443	49740	23.52.182.8	192.168.2.4
Nov 26, 2024 19:43:19.668071032 CET	49740	443	192.168.2.4	23.52.182.8
Nov 26, 2024 19:43:19.670954943 CET	49740	443	192.168.2.4	23.52.182.8
Nov 26, 2024 19:43:19.670973063 CET	443	49740	23.52.182.8	192.168.2.4
Nov 26, 2024 19:43:20.284086943 CET	443	49739	142.250.181.100	192.168.2.4
Nov 26, 2024 19:43:20.284353018 CET	49739	443	192.168.2.4	142.250.181.100
Nov 26, 2024 19:43:20.284387112 CET	443	49739	142.250.181.100	192.168.2.4
Nov 26, 2024 19:43:20.285342932 CET	443	49739	142.250.181.100	192.168.2.4
Nov 26, 2024 19:43:20.285408974 CET	49739	443	192.168.2.4	142.250.181.100
Nov 26, 2024 19:43:20.286521912 CET	49739	443	192.168.2.4	142.250.181.100
Nov 26, 2024 19:43:20.286585093 CET	443	49739	142.250.181.100	192.168.2.4
Nov 26, 2024 19:43:20.327501059 CET	49739	443	192.168.2.4	142.250.181.100
Nov 26, 2024 19:43:20.327533960 CET	443	49739	142.250.181.100	192.168.2.4
Nov 26, 2024 19:43:20.375283957 CET	49739	443	192.168.2.4	142.250.181.100
Nov 26, 2024 19:43:21.123804092 CET	443	49740	23.52.182.8	192.168.2.4
Nov 26, 2024 19:43:21.123923063 CET	49740	443	192.168.2.4	23.52.182.8
Nov 26, 2024 19:43:21.127445936 CET	49740	443	192.168.2.4	23.52.182.8
Nov 26, 2024 19:43:21.127458096 CET	443	49740	23.52.182.8	192.168.2.4
Nov 26, 2024 19:43:21.128088951 CET	443	49740	23.52.182.8	192.168.2.4
Nov 26, 2024 19:43:21.173135996 CET	49740	443	192.168.2.4	23.52.182.8
Nov 26, 2024 19:43:21.178113937 CET	49740	443	192.168.2.4	23.52.182.8
Nov 26, 2024 19:43:21.223332882 CET	443	49740	23.52.182.8	192.168.2.4
Nov 26, 2024 19:43:21.661607027 CET	443	49740	23.52.182.8	192.168.2.4
Nov 26, 2024 19:43:21.661684036 CET	443	49740	23.52.182.8	192.168.2.4
Nov 26, 2024 19:43:21.661778927 CET	49740	443	192.168.2.4	23.52.182.8
Nov 26, 2024 19:43:21.661998034 CET	49740	443	192.168.2.4	23.52.182.8
Nov 26, 2024 19:43:21.662060022 CET	443	49740	23.52.182.8	192.168.2.4
Nov 26, 2024 19:43:21.662098885 CET	49740	443	192.168.2.4	23.52.182.8
Nov 26, 2024 19:43:21.662117004 CET	443	49740	23.52.182.8	192.168.2.4
Nov 26, 2024 19:43:21.725745916 CET	49742	443	192.168.2.4	23.52.182.8
Nov 26, 2024 19:43:21.725810051 CET	443	49742	23.52.182.8	192.168.2.4
Nov 26, 2024 19:43:21.725909948 CET	49742	443	192.168.2.4	23.52.182.8
Nov 26, 2024 19:43:21.726274967 CET	49742	443	192.168.2.4	23.52.182.8
Nov 26, 2024 19:43:21.726316929 CET	443	49742	23.52.182.8	192.168.2.4
Nov 26, 2024 19:43:23.165359020 CET	443	49742	23.52.182.8	192.168.2.4
Nov 26, 2024 19:43:23.165452957 CET	49742	443	192.168.2.4	23.52.182.8
Nov 26, 2024 19:43:23.166790962 CET	49742	443	192.168.2.4	23.52.182.8
Nov 26, 2024 19:43:23.166816950 CET	443	49742	23.52.182.8	192.168.2.4
Nov 26, 2024 19:43:23.167037964 CET	443	49742	23.52.182.8	192.168.2.4
Nov 26, 2024 19:43:23.168251038 CET	49742	443	192.168.2.4	23.52.182.8
Nov 26, 2024 19:43:23.215336084 CET	443	49742	23.52.182.8	192.168.2.4
Nov 26, 2024 19:43:23.642254114 CET	49743	443	192.168.2.4	94.46.183.96
Nov 26, 2024 19:43:23.642302990 CET	443	49743	94.46.183.96	192.168.2.4
Nov 26, 2024 19:43:23.642388105 CET	49743	443	192.168.2.4	94.46.183.96
Nov 26, 2024 19:43:23.642760992 CET	49744	443	192.168.2.4	94.46.183.96
Nov 26, 2024 19:43:23.642811060 CET	443	49744	94.46.183.96	192.168.2.4
Nov 26, 2024 19:43:23.642916918 CET	49743	443	192.168.2.4	94.46.183.96
Nov 26, 2024 19:43:23.642930031 CET	443	49743	94.46.183.96	192.168.2.4
Nov 26, 2024 19:43:23.642961025 CET	49744	443	192.168.2.4	94.46.183.96
Nov 26, 2024 19:43:23.643259048 CET	49744	443	192.168.2.4	94.46.183.96
Nov 26, 2024 19:43:23.643271923 CET	443	49744	94.46.183.96	192.168.2.4
Nov 26, 2024 19:43:24.196116924 CET	443	49742	23.52.182.8	192.168.2.4
Nov 26, 2024 19:43:24.196209908 CET	443	49742	23.52.182.8	192.168.2.4
Nov 26, 2024 19:43:24.196368933 CET	49742	443	192.168.2.4	23.52.182.8
Nov 26, 2024 19:43:24.197029114 CET	49742	443	192.168.2.4	23.52.182.8
Nov 26, 2024 19:43:24.197067022 CET	443	49742	23.52.182.8	192.168.2.4
Nov 26, 2024 19:43:24.197086096 CET	49742	443	192.168.2.4	23.52.182.8
Nov 26, 2024 19:43:24.197097063 CET	443	49742	23.52.182.8	192.168.2.4
Nov 26, 2024 19:43:25.219458103 CET	443	49744	94.46.183.96	192.168.2.4
Nov 26, 2024 19:43:25.219543934 CET	443	49743	94.46.183.96	192.168.2.4
Nov 26, 2024 19:43:25.220021009 CET	49744	443	192.168.2.4	94.46.183.96
Nov 26, 2024 19:43:25.220032930 CET	443	49744	94.46.183.96	192.168.2.4
Nov 26, 2024 19:43:25.220204115 CET	49743	443	192.168.2.4	94.46.183.96
Nov 26, 2024 19:43:25.220217943 CET	443	49743	94.46.183.96	192.168.2.4
Nov 26, 2024 19:43:25.220957994 CET	443	49744	94.46.183.96	192.168.2.4
Nov 26, 2024 19:43:25.221049070 CET	49744	443	192.168.2.4	94.46.183.96
Nov 26, 2024 19:43:25.221081972 CET	443	49743	94.46.183.96	192.168.2.4
Nov 26, 2024 19:43:25.221142054 CET	49743	443	192.168.2.4	94.46.183.96
Nov 26, 2024 19:43:25.225541115 CET	49744	443	192.168.2.4	94.46.183.96
Nov 26, 2024 19:43:25.225605965 CET	443	49744	94.46.183.96	192.168.2.4
Nov 26, 2024 19:43:25.225639105 CET	49743	443	192.168.2.4	94.46.183.96
Nov 26, 2024 19:43:25.225697994 CET	443	49743	94.46.183.96	192.168.2.4
Nov 26, 2024 19:43:25.225903988 CET	49744	443	192.168.2.4	94.46.183.96
Nov 26, 2024 19:43:25.225909948 CET	443	49744	94.46.183.96	192.168.2.4
Nov 26, 2024 19:43:25.267566919 CET	49744	443	192.168.2.4	94.46.183.96
Nov 26, 2024 19:43:25.267653942 CET	49743	443	192.168.2.4	94.46.183.96
Nov 26, 2024 19:43:25.267677069 CET	443	49743	94.46.183.96	192.168.2.4
Nov 26, 2024 19:43:25.313416004 CET	49743	443	192.168.2.4	94.46.183.96
Nov 26, 2024 19:43:25.960413933 CET	49745	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:43:25.960458994 CET	443	49745	4.175.87.197	192.168.2.4
Nov 26, 2024 19:43:25.960566044 CET	49745	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:43:25.961549997 CET	49745	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:43:25.961566925 CET	443	49745	4.175.87.197	192.168.2.4
Nov 26, 2024 19:43:26.627274990 CET	443	49744	94.46.183.96	192.168.2.4
Nov 26, 2024 19:43:26.627487898 CET	443	49744	94.46.183.96	192.168.2.4
Nov 26, 2024 19:43:26.629956961 CET	49744	443	192.168.2.4	94.46.183.96
Nov 26, 2024 19:43:26.629972935 CET	443	49744	94.46.183.96	192.168.2.4
Nov 26, 2024 19:43:26.630017042 CET	49744	443	192.168.2.4	94.46.183.96
Nov 26, 2024 19:43:26.630510092 CET	49744	443	192.168.2.4	94.46.183.96
Nov 26, 2024 19:43:28.064874887 CET	443	49745	4.175.87.197	192.168.2.4
Nov 26, 2024 19:43:28.064970970 CET	49745	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:43:28.067622900 CET	49745	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:43:28.067631006 CET	443	49745	4.175.87.197	192.168.2.4
Nov 26, 2024 19:43:28.068052053 CET	443	49745	4.175.87.197	192.168.2.4
Nov 26, 2024 19:43:28.109394073 CET	49745	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:43:29.835697889 CET	49745	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:43:29.879329920 CET	443	49745	4.175.87.197	192.168.2.4
Nov 26, 2024 19:43:29.965379000 CET	443	49739	142.250.181.100	192.168.2.4
Nov 26, 2024 19:43:29.965435028 CET	443	49739	142.250.181.100	192.168.2.4
Nov 26, 2024 19:43:29.965614080 CET	49739	443	192.168.2.4	142.250.181.100
Nov 26, 2024 19:43:30.460961103 CET	443	49745	4.175.87.197	192.168.2.4
Nov 26, 2024 19:43:30.460988045 CET	443	49745	4.175.87.197	192.168.2.4
Nov 26, 2024 19:43:30.460994959 CET	443	49745	4.175.87.197	192.168.2.4
Nov 26, 2024 19:43:30.461004019 CET	443	49745	4.175.87.197	192.168.2.4
Nov 26, 2024 19:43:30.461035967 CET	443	49745	4.175.87.197	192.168.2.4
Nov 26, 2024 19:43:30.461194992 CET	49745	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:43:30.461195946 CET	49745	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:43:30.461218119 CET	443	49745	4.175.87.197	192.168.2.4
Nov 26, 2024 19:43:30.461267948 CET	49745	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:43:30.481534004 CET	443	49745	4.175.87.197	192.168.2.4
Nov 26, 2024 19:43:30.481610060 CET	443	49745	4.175.87.197	192.168.2.4
Nov 26, 2024 19:43:30.481616020 CET	49745	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:43:30.481661081 CET	49745	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:43:31.057961941 CET	49739	443	192.168.2.4	142.250.181.100
Nov 26, 2024 19:43:31.058011055 CET	443	49739	142.250.181.100	192.168.2.4
Nov 26, 2024 19:43:31.923716068 CET	49745	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:43:31.923751116 CET	443	49745	4.175.87.197	192.168.2.4
Nov 26, 2024 19:43:31.923763990 CET	49745	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:43:31.923780918 CET	443	49745	4.175.87.197	192.168.2.4
Nov 26, 2024 19:44:08.307683945 CET	49751	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:44:08.307775974 CET	443	49751	4.175.87.197	192.168.2.4
Nov 26, 2024 19:44:08.307838917 CET	49751	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:44:08.308521032 CET	49751	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:44:08.308554888 CET	443	49751	4.175.87.197	192.168.2.4
Nov 26, 2024 19:44:08.465403080 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:08.465451002 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:08.465511084 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:08.465945959 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:08.465964079 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:10.116894007 CET	443	49751	4.175.87.197	192.168.2.4
Nov 26, 2024 19:44:10.117048025 CET	49751	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:44:10.120646954 CET	49751	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:44:10.120681047 CET	443	49751	4.175.87.197	192.168.2.4
Nov 26, 2024 19:44:10.120912075 CET	443	49751	4.175.87.197	192.168.2.4
Nov 26, 2024 19:44:10.129765034 CET	49751	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:44:10.175337076 CET	443	49751	4.175.87.197	192.168.2.4
Nov 26, 2024 19:44:10.261507034 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:10.261579037 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:10.263379097 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:10.263391018 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:10.263668060 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:10.273088932 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:10.281625032 CET	49743	443	192.168.2.4	94.46.183.96
Nov 26, 2024 19:44:10.281635046 CET	443	49743	94.46.183.96	192.168.2.4
Nov 26, 2024 19:44:10.315329075 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:10.806628942 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:10.806654930 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:10.806669950 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:10.806813955 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:10.806843996 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:10.806917906 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:10.951849937 CET	443	49751	4.175.87.197	192.168.2.4
Nov 26, 2024 19:44:10.951869965 CET	443	49751	4.175.87.197	192.168.2.4
Nov 26, 2024 19:44:10.951885939 CET	443	49751	4.175.87.197	192.168.2.4
Nov 26, 2024 19:44:10.951976061 CET	49751	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:44:10.952020884 CET	443	49751	4.175.87.197	192.168.2.4
Nov 26, 2024 19:44:10.952039957 CET	49751	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:44:10.952084064 CET	49751	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:44:11.000220060 CET	443	49751	4.175.87.197	192.168.2.4
Nov 26, 2024 19:44:11.000302076 CET	443	49751	4.175.87.197	192.168.2.4
Nov 26, 2024 19:44:11.000329971 CET	443	49751	4.175.87.197	192.168.2.4
Nov 26, 2024 19:44:11.000345945 CET	49751	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:44:11.000422955 CET	49751	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:44:11.000610113 CET	49751	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:44:11.000637054 CET	443	49751	4.175.87.197	192.168.2.4
Nov 26, 2024 19:44:11.000662088 CET	49751	443	192.168.2.4	4.175.87.197
Nov 26, 2024 19:44:11.000670910 CET	443	49751	4.175.87.197	192.168.2.4
Nov 26, 2024 19:44:11.006465912 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.006495953 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.006544113 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.006572008 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.006584883 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.007034063 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.215106964 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.215128899 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.215204000 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.215238094 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.215344906 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.264554024 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.264575958 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.264635086 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.264650106 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.264668941 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.264688015 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.313806057 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.313827038 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.313878059 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.313889027 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.313913107 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.313929081 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.359498024 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.359522104 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.359632015 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.359647036 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.359853983 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.406821012 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.406842947 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.406970978 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.406991005 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.410660028 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.465519905 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.465548038 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.465712070 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.465712070 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.465735912 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.465872049 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.501077890 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.501106977 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.501250982 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.501250982 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.501266956 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.501342058 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.518608093 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.518651009 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.518798113 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.518798113 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.518810987 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.518868923 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.535204887 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.535226107 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.535351038 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.535378933 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.535506964 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.551198959 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.551229954 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.551337004 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.551343918 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.551644087 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.591195107 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.591219902 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.591306925 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.591347933 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.591510057 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.598299980 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.598380089 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.598419905 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.598469973 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.598494053 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.598506927 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.598506927 CET	49752	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.598515034 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.598521948 CET	443	49752	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.649375916 CET	49753	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.649437904 CET	443	49753	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.649525881 CET	49753	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.651027918 CET	49754	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.651062965 CET	443	49754	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.651137114 CET	49754	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.651344061 CET	49753	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.651361942 CET	443	49753	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.652091980 CET	49754	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.652107000 CET	443	49754	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.653023005 CET	49755	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.653031111 CET	443	49755	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.654114962 CET	49756	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.654135942 CET	49755	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.654160023 CET	443	49756	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.654238939 CET	49756	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.654273033 CET	49755	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.654284000 CET	443	49755	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.654401064 CET	49756	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.654416084 CET	443	49756	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.655173063 CET	49757	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.655208111 CET	443	49757	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:11.657087088 CET	49757	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.657332897 CET	49757	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:11.657349110 CET	443	49757	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.409060955 CET	443	49753	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.409962893 CET	49753	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.409989119 CET	443	49753	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.410717964 CET	49753	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.410722971 CET	443	49753	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.500283957 CET	443	49756	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.500510931 CET	443	49754	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.500873089 CET	49756	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.500893116 CET	443	49756	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.501044035 CET	49754	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.501064062 CET	443	49754	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.501696110 CET	49756	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.501704931 CET	443	49756	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.501811981 CET	49754	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.501818895 CET	443	49754	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.598705053 CET	443	49757	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.599302053 CET	49757	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.599348068 CET	443	49757	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.599781036 CET	49757	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.599792957 CET	443	49757	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.603260040 CET	443	49755	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.603705883 CET	49755	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.603727102 CET	443	49755	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.604222059 CET	49755	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.604227066 CET	443	49755	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.882314920 CET	443	49753	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.882337093 CET	443	49753	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.882424116 CET	49753	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.882452011 CET	443	49753	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.882496119 CET	49753	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.882684946 CET	49753	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.882689953 CET	443	49753	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.882705927 CET	49753	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.882827997 CET	443	49753	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.882857084 CET	443	49753	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.885623932 CET	49759	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.885646105 CET	443	49759	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.885653973 CET	49753	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.885708094 CET	49759	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.885848999 CET	49759	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.885864019 CET	443	49759	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.976092100 CET	443	49756	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.976111889 CET	443	49756	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.976214886 CET	49756	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.976237059 CET	443	49756	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.976294041 CET	49756	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.976521969 CET	49756	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.976528883 CET	443	49756	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.976548910 CET	49756	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.976670027 CET	443	49756	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.976696014 CET	443	49756	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.976754904 CET	49756	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.979439020 CET	49760	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.979473114 CET	443	49760	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.979576111 CET	49760	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.979687929 CET	49760	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.979698896 CET	443	49760	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.995285988 CET	443	49754	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.995362997 CET	443	49754	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.995647907 CET	49754	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.995699883 CET	49754	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.995699883 CET	49754	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.995724916 CET	443	49754	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.995733976 CET	443	49754	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.998455048 CET	49761	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.998513937 CET	443	49761	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:13.998590946 CET	49761	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.998744965 CET	49761	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:13.998768091 CET	443	49761	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:14.054480076 CET	443	49757	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:14.054645061 CET	443	49757	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:14.054780006 CET	49757	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:14.054811954 CET	49757	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:14.054833889 CET	443	49757	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:14.054846048 CET	49757	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:14.054852962 CET	443	49757	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:14.058034897 CET	49762	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:14.058051109 CET	443	49762	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:14.058228970 CET	49762	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:14.058324099 CET	49762	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:14.058335066 CET	443	49762	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:14.061449051 CET	443	49755	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:14.061471939 CET	443	49755	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:14.061577082 CET	49755	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:14.061599970 CET	443	49755	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:14.061748981 CET	49755	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:14.061748981 CET	49755	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:14.061764956 CET	443	49755	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:14.061908960 CET	443	49755	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:14.061933994 CET	443	49755	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:14.061980009 CET	49755	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:14.064404964 CET	49763	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:14.064452887 CET	443	49763	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:14.064538002 CET	49763	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:14.064682961 CET	49763	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:14.064702034 CET	443	49763	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:15.799068928 CET	443	49763	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:15.799731970 CET	49763	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:15.799794912 CET	443	49763	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:15.800235987 CET	49763	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:15.800249100 CET	443	49763	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:15.802304029 CET	443	49759	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:15.802623987 CET	49759	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:15.802679062 CET	443	49759	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:15.802958965 CET	49759	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:15.802972078 CET	443	49759	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:15.838264942 CET	443	49760	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:15.838596106 CET	443	49761	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:15.838963985 CET	49761	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:15.838989973 CET	443	49761	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:15.839031935 CET	49760	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:15.839046955 CET	443	49760	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:15.839339018 CET	49760	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:15.839350939 CET	443	49760	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:15.839786053 CET	49761	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:15.839847088 CET	443	49761	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:15.924622059 CET	443	49762	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:15.925410986 CET	49762	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:15.925432920 CET	443	49762	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:15.925862074 CET	49762	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:15.925867081 CET	443	49762	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.249038935 CET	443	49763	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.249126911 CET	443	49763	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.249212980 CET	49763	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.249484062 CET	49763	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.249505997 CET	443	49763	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.249516010 CET	49763	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.249521017 CET	443	49763	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.252779961 CET	49764	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.252808094 CET	443	49764	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.252898932 CET	49764	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.253142118 CET	49764	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.253154039 CET	443	49764	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.257878065 CET	443	49759	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.257941961 CET	443	49759	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.258013964 CET	49759	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.258188963 CET	49759	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.258188963 CET	49759	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.258232117 CET	443	49759	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.258254051 CET	443	49759	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.260797024 CET	49765	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.260847092 CET	443	49765	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.260935068 CET	49765	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.261123896 CET	49765	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.261140108 CET	443	49765	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.305146933 CET	443	49761	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.305205107 CET	443	49761	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.305316925 CET	49761	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.305581093 CET	49761	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.305596113 CET	443	49761	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.305605888 CET	49761	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.305617094 CET	443	49761	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.305676937 CET	443	49760	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.305746078 CET	443	49760	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.305792093 CET	49760	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.306129932 CET	49760	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.306147099 CET	443	49760	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.306159973 CET	49760	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.306166887 CET	443	49760	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.309092999 CET	49766	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.309113979 CET	443	49766	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.309180975 CET	49766	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.309392929 CET	49766	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.309402943 CET	443	49766	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.309551954 CET	49767	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.309581041 CET	443	49767	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.309638977 CET	49767	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.309720039 CET	49767	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.309734106 CET	443	49767	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.372646093 CET	443	49762	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.372747898 CET	443	49762	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.372795105 CET	49762	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.373081923 CET	49762	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.373094082 CET	443	49762	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.373106956 CET	49762	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.373111963 CET	443	49762	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.377032042 CET	49768	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.377054930 CET	443	49768	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:16.377115011 CET	49768	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.377535105 CET	49768	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:16.377547026 CET	443	49768	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.184134960 CET	443	49764	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.184801102 CET	49764	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.184823036 CET	443	49764	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.185098886 CET	443	49767	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.185252905 CET	49764	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.185260057 CET	443	49764	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.185375929 CET	49767	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.185395002 CET	443	49767	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.185703039 CET	49767	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.185709000 CET	443	49767	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.208774090 CET	443	49765	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.208965063 CET	443	49766	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.209213972 CET	49765	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.209228039 CET	443	49765	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.209342003 CET	49766	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.209352970 CET	443	49766	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.209650993 CET	49765	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.209656000 CET	443	49765	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.209820986 CET	49766	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.209825993 CET	443	49766	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.307320118 CET	443	49768	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.307892084 CET	49768	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.307915926 CET	443	49768	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.308358908 CET	49768	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.308362961 CET	443	49768	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.454655886 CET	49769	443	192.168.2.4	142.250.181.100
Nov 26, 2024 19:44:18.454683065 CET	443	49769	142.250.181.100	192.168.2.4
Nov 26, 2024 19:44:18.454758883 CET	49769	443	192.168.2.4	142.250.181.100
Nov 26, 2024 19:44:18.455044985 CET	49769	443	192.168.2.4	142.250.181.100
Nov 26, 2024 19:44:18.455059052 CET	443	49769	142.250.181.100	192.168.2.4
Nov 26, 2024 19:44:18.638899088 CET	443	49764	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.639065027 CET	443	49764	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.639139891 CET	49764	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.639251947 CET	49764	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.639270067 CET	443	49764	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.639281034 CET	49764	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.639286041 CET	443	49764	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.639621973 CET	443	49767	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.639686108 CET	443	49767	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.639743090 CET	49767	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.639822960 CET	49767	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.639851093 CET	443	49767	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.639867067 CET	49767	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.639874935 CET	443	49767	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.642187119 CET	49770	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.642227888 CET	443	49770	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.642302990 CET	49770	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.642508030 CET	49770	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.642522097 CET	443	49770	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.643394947 CET	49771	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.643424034 CET	443	49771	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.643496990 CET	49771	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.643609047 CET	49771	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.643630028 CET	443	49771	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.680759907 CET	443	49766	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.680819988 CET	443	49766	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.680872917 CET	49766	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.681056023 CET	49766	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.681066990 CET	443	49766	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.681077957 CET	49766	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.681082964 CET	443	49766	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.681298018 CET	443	49765	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.681346893 CET	443	49765	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.681392908 CET	49765	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.681468964 CET	49765	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.681494951 CET	443	49765	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.681509018 CET	49765	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.681514978 CET	443	49765	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.684040070 CET	49772	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.684066057 CET	443	49772	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.684092999 CET	49773	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.684138060 CET	49772	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.684143066 CET	443	49773	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.684194088 CET	49773	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.684324980 CET	49772	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.684334993 CET	443	49772	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.684354067 CET	49773	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.684366941 CET	443	49773	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.754935026 CET	443	49768	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.755094051 CET	443	49768	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.755170107 CET	49768	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.755286932 CET	49768	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.755323887 CET	443	49768	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.755342960 CET	49768	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.755348921 CET	443	49768	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.758474112 CET	49774	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.758485079 CET	443	49774	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:18.758604050 CET	49774	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.758789062 CET	49774	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:18.758802891 CET	443	49774	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:20.266138077 CET	443	49769	142.250.181.100	192.168.2.4
Nov 26, 2024 19:44:20.266556978 CET	49769	443	192.168.2.4	142.250.181.100
Nov 26, 2024 19:44:20.266597986 CET	443	49769	142.250.181.100	192.168.2.4
Nov 26, 2024 19:44:20.267026901 CET	443	49769	142.250.181.100	192.168.2.4
Nov 26, 2024 19:44:20.267374039 CET	49769	443	192.168.2.4	142.250.181.100
Nov 26, 2024 19:44:20.267438889 CET	443	49769	142.250.181.100	192.168.2.4
Nov 26, 2024 19:44:20.312181950 CET	49769	443	192.168.2.4	142.250.181.100
Nov 26, 2024 19:44:20.565453053 CET	443	49771	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:20.566051960 CET	49771	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:20.566077948 CET	443	49771	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:20.566519976 CET	49771	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:20.566525936 CET	443	49771	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:20.567576885 CET	443	49773	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:20.567827940 CET	49773	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:20.567846060 CET	443	49773	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:20.568150997 CET	49773	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:20.568156004 CET	443	49773	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:20.585891008 CET	443	49770	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:20.585899115 CET	443	49772	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:20.586375952 CET	49772	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:20.586395025 CET	49770	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:20.586400032 CET	443	49772	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:20.586430073 CET	443	49770	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:20.586699963 CET	49772	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:20.586704969 CET	443	49772	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:20.586858034 CET	49770	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:20.586865902 CET	443	49770	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:20.654558897 CET	443	49774	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:20.655184031 CET	49774	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:20.655215979 CET	443	49774	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:20.655652046 CET	49774	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:20.655657053 CET	443	49774	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.060952902 CET	443	49773	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.060967922 CET	443	49771	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.061023951 CET	443	49771	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.061029911 CET	443	49773	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.061111927 CET	49771	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.061116934 CET	49773	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.061326027 CET	49771	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.061328888 CET	49773	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.061357975 CET	443	49771	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.061357975 CET	443	49773	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.061369896 CET	49771	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.061371088 CET	49773	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.061376095 CET	443	49771	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.061377048 CET	443	49773	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.064210892 CET	49775	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.064239025 CET	443	49775	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.064325094 CET	49775	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.064445019 CET	49775	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.064457893 CET	443	49775	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.065202951 CET	49776	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.065233946 CET	443	49776	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.065296888 CET	49776	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.065453053 CET	49776	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.065469027 CET	443	49776	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.068550110 CET	443	49770	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.068624973 CET	443	49770	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.068679094 CET	49770	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.068787098 CET	49770	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.068806887 CET	443	49770	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.068816900 CET	49770	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.068821907 CET	443	49770	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.069701910 CET	443	49772	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.069761038 CET	443	49772	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.069808960 CET	49772	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.069922924 CET	49772	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.069941998 CET	443	49772	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.069960117 CET	49772	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.069968939 CET	443	49772	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.071214914 CET	49777	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.071242094 CET	443	49777	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.071331024 CET	49777	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.071422100 CET	49777	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.071432114 CET	443	49777	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.071950912 CET	49778	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.071979046 CET	443	49778	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.072036028 CET	49778	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.072165012 CET	49778	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.072175026 CET	443	49778	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.110241890 CET	443	49774	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.110316038 CET	443	49774	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.110367060 CET	49774	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.110652924 CET	49774	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.110652924 CET	49774	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.110670090 CET	443	49774	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.110680103 CET	443	49774	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.113354921 CET	49779	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.113405943 CET	443	49779	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:21.113490105 CET	49779	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.113658905 CET	49779	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:21.113677025 CET	443	49779	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:22.990627050 CET	443	49779	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:22.991290092 CET	49779	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:22.991308928 CET	443	49779	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:22.991738081 CET	49779	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:22.991743088 CET	443	49779	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:22.992207050 CET	443	49777	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:22.992470026 CET	49777	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:22.992477894 CET	443	49777	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:22.992799044 CET	49777	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:22.992803097 CET	443	49777	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.019859076 CET	443	49778	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.024482012 CET	49778	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.024512053 CET	443	49778	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.024941921 CET	49778	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.024945974 CET	443	49778	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.029339075 CET	443	49775	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.029665947 CET	443	49776	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.029959917 CET	49775	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.030004025 CET	443	49775	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.030282021 CET	49776	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.030292988 CET	443	49776	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.030373096 CET	49775	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.030378103 CET	443	49775	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.030718088 CET	49776	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.030725002 CET	443	49776	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.445543051 CET	443	49779	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.445727110 CET	443	49779	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.445863962 CET	49779	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.445911884 CET	49779	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.445911884 CET	49779	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.445939064 CET	443	49779	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.445950985 CET	443	49779	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.447238922 CET	443	49777	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.447323084 CET	443	49777	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.448065042 CET	49777	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.448103905 CET	49777	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.448108912 CET	443	49777	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.448118925 CET	49777	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.448123932 CET	443	49777	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.448982954 CET	49780	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.449034929 CET	443	49780	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.449980974 CET	49781	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.450016975 CET	443	49781	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.450035095 CET	49780	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.450062990 CET	49781	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.450190067 CET	49781	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.450200081 CET	49780	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.450203896 CET	443	49781	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.450226068 CET	443	49780	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.469033957 CET	443	49778	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.469103098 CET	443	49778	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.470451117 CET	49778	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.470518112 CET	49778	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.470535994 CET	443	49778	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.470545053 CET	49778	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.470551014 CET	443	49778	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.472851992 CET	49782	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.472893000 CET	443	49782	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.472969055 CET	49782	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.473123074 CET	49782	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.473140955 CET	443	49782	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.479022980 CET	443	49775	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.479094028 CET	443	49775	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.479166031 CET	443	49776	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.479218006 CET	443	49776	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.479228020 CET	49775	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.479258060 CET	49776	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.479268074 CET	49775	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.479281902 CET	443	49775	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.479294062 CET	49775	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.479300022 CET	443	49775	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.479326963 CET	49776	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.479334116 CET	443	49776	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.479341984 CET	49776	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.479345083 CET	443	49776	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.481447935 CET	49783	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.481479883 CET	443	49783	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.481508017 CET	49784	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.481549025 CET	443	49784	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.481551886 CET	49783	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.481604099 CET	49784	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.481666088 CET	49783	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.481678009 CET	443	49783	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:23.481759071 CET	49784	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:23.481776953 CET	443	49784	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.022025108 CET	443	49743	94.46.183.96	192.168.2.4
Nov 26, 2024 19:44:25.022100925 CET	443	49743	94.46.183.96	192.168.2.4
Nov 26, 2024 19:44:25.022270918 CET	49743	443	192.168.2.4	94.46.183.96
Nov 26, 2024 19:44:25.190026045 CET	443	49781	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.190638065 CET	49781	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.190650940 CET	443	49781	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.191087961 CET	49781	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.191093922 CET	443	49781	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.233824968 CET	443	49784	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.234487057 CET	49784	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.234540939 CET	443	49784	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.235100985 CET	49784	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.235106945 CET	443	49784	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.276565075 CET	443	49783	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.277292013 CET	49783	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.277298927 CET	443	49783	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.277669907 CET	49783	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.277673960 CET	443	49783	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.328824043 CET	443	49782	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.329353094 CET	49782	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.329372883 CET	443	49782	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.329891920 CET	49782	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.329899073 CET	443	49782	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.337613106 CET	443	49780	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.338088036 CET	49780	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.338124037 CET	443	49780	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.338527918 CET	49780	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.338536024 CET	443	49780	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.729903936 CET	443	49781	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.729968071 CET	443	49781	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.730015993 CET	49781	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.730276108 CET	49781	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.730289936 CET	443	49781	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.730304003 CET	49781	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.730309010 CET	443	49781	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.733256102 CET	49785	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.733289957 CET	443	49785	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.733396053 CET	49785	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.733567953 CET	49785	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.733581066 CET	443	49785	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.848964930 CET	443	49784	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.849023104 CET	443	49784	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.849109888 CET	49784	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.849383116 CET	49784	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.849406004 CET	443	49784	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.849416971 CET	49784	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.849422932 CET	443	49784	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.852169991 CET	49786	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.852193117 CET	443	49786	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.852273941 CET	49786	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.852406025 CET	49786	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.852421045 CET	443	49786	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.868155003 CET	443	49782	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.868230104 CET	443	49782	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.868320942 CET	49782	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.868478060 CET	49782	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.868505955 CET	443	49782	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.868521929 CET	49782	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.868530035 CET	443	49782	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.869321108 CET	443	49783	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.869388103 CET	443	49783	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.869438887 CET	49783	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.869628906 CET	49783	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.869657040 CET	443	49783	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.869673967 CET	49783	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.869680882 CET	443	49783	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.871134996 CET	49787	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.871166945 CET	443	49787	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.871750116 CET	49788	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.871793985 CET	443	49788	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.871808052 CET	49787	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.871943951 CET	49787	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.871961117 CET	443	49787	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.871972084 CET	49788	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.872107983 CET	49788	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.872123003 CET	443	49788	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.964844942 CET	443	49780	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.964915037 CET	443	49780	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.965195894 CET	49780	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.965245008 CET	49780	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.965267897 CET	443	49780	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.965281963 CET	49780	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.965287924 CET	443	49780	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.968027115 CET	49789	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.968061924 CET	443	49789	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:25.968132019 CET	49789	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.968359947 CET	49789	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:25.968369961 CET	443	49789	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:27.016851902 CET	49743	443	192.168.2.4	94.46.183.96
Nov 26, 2024 19:44:27.016872883 CET	443	49743	94.46.183.96	192.168.2.4
Nov 26, 2024 19:44:27.629646063 CET	443	49785	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:27.630268097 CET	49785	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:27.630279064 CET	443	49785	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:27.630697012 CET	49785	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:27.630701065 CET	443	49785	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:27.754147053 CET	443	49786	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:27.754631996 CET	49786	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:27.754646063 CET	443	49786	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:27.755074978 CET	49786	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:27.755080938 CET	443	49786	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:27.863221884 CET	443	49787	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:27.863765001 CET	49787	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:27.863778114 CET	443	49787	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:27.864280939 CET	49787	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:27.864286900 CET	443	49787	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:27.886807919 CET	443	49789	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:27.887156963 CET	49789	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:27.887180090 CET	443	49789	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:27.887546062 CET	443	49788	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:27.887548923 CET	49789	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:27.887558937 CET	443	49789	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:27.887765884 CET	49788	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:27.887789011 CET	443	49788	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:27.888103962 CET	49788	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:27.888108969 CET	443	49788	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.263422966 CET	443	49785	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.263504028 CET	443	49785	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.263674021 CET	49785	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.264000893 CET	49785	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.264000893 CET	49785	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.264022112 CET	443	49785	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.264033079 CET	443	49785	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.267764091 CET	49790	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.267807007 CET	443	49790	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.267879009 CET	49790	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.268030882 CET	49790	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.268044949 CET	443	49790	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.386445045 CET	443	49787	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.386519909 CET	443	49787	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.386589050 CET	49787	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.386815071 CET	49787	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.386815071 CET	49787	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.386831045 CET	443	49787	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.386841059 CET	443	49787	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.389779091 CET	49791	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.389803886 CET	443	49791	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.389868975 CET	49791	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.390002012 CET	49791	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.390008926 CET	443	49791	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.394279957 CET	443	49786	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.394345999 CET	443	49786	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.394398928 CET	49786	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.394532919 CET	49786	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.394553900 CET	443	49786	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.394593000 CET	49786	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.394599915 CET	443	49786	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.395092010 CET	443	49788	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.395165920 CET	443	49788	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.395219088 CET	49788	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.395456076 CET	49788	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.395473003 CET	443	49788	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.395483971 CET	49788	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.395488977 CET	443	49788	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.397325993 CET	49792	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.397360086 CET	443	49792	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.397423983 CET	49792	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.397535086 CET	49792	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.397550106 CET	443	49792	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.398288965 CET	49793	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.398320913 CET	443	49793	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.398406982 CET	49793	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.398499012 CET	49793	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.398509026 CET	443	49793	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.398657084 CET	443	49789	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.398718119 CET	443	49789	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.398757935 CET	49789	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.398880005 CET	49789	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.398889065 CET	443	49789	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.401072979 CET	49794	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.401101112 CET	443	49794	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:28.401166916 CET	49794	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.401328087 CET	49794	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:28.401344061 CET	443	49794	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:29.936053991 CET	443	49769	142.250.181.100	192.168.2.4
Nov 26, 2024 19:44:29.936121941 CET	443	49769	142.250.181.100	192.168.2.4
Nov 26, 2024 19:44:29.936182976 CET	49769	443	192.168.2.4	142.250.181.100
Nov 26, 2024 19:44:30.017194033 CET	443	49790	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.017918110 CET	49790	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.017937899 CET	443	49790	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.018259048 CET	49790	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.018265009 CET	443	49790	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.204135895 CET	443	49793	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.204576969 CET	443	49792	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.204751015 CET	49793	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.204758883 CET	443	49793	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.204926968 CET	49792	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.204956055 CET	443	49792	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.205285072 CET	49793	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.205288887 CET	443	49793	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.205419064 CET	49792	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.205427885 CET	443	49792	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.251817942 CET	443	49794	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.252338886 CET	49794	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.252358913 CET	443	49794	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.252654076 CET	49794	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.252660990 CET	443	49794	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.280865908 CET	443	49791	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.281305075 CET	49791	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.281318903 CET	443	49791	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.281730890 CET	49791	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.281735897 CET	443	49791	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.456482887 CET	443	49790	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.456536055 CET	443	49790	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.456584930 CET	49790	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.456883907 CET	49790	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.456883907 CET	49790	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.456892014 CET	443	49790	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.456899881 CET	443	49790	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.459788084 CET	49795	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.459814072 CET	443	49795	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.459961891 CET	49795	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.460072994 CET	49795	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.460083008 CET	443	49795	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.782123089 CET	443	49793	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.782203913 CET	443	49793	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.782272100 CET	49793	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.782285929 CET	443	49792	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.782460928 CET	443	49792	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.782566071 CET	49792	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.782566071 CET	49792	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.782566071 CET	49792	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.782573938 CET	49793	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.782573938 CET	49793	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.782593012 CET	443	49793	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.782603025 CET	443	49793	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.785320044 CET	49796	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.785353899 CET	443	49796	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.785401106 CET	49797	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.785433054 CET	443	49797	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.785456896 CET	49796	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.785485029 CET	49797	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.785573959 CET	49796	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.785588980 CET	443	49796	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.785667896 CET	49797	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.785679102 CET	443	49797	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.796540976 CET	443	49794	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.796590090 CET	443	49794	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.796636105 CET	49794	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.796816111 CET	49794	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.796816111 CET	49794	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.796825886 CET	443	49794	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.796835899 CET	443	49794	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.798789024 CET	49798	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.798800945 CET	443	49798	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.798870087 CET	49798	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.799009085 CET	49798	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.799022913 CET	443	49798	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.808099985 CET	443	49791	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.808154106 CET	443	49791	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.808199883 CET	49791	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.808293104 CET	49791	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.808300972 CET	443	49791	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.808310986 CET	49791	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.808315039 CET	443	49791	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.810219049 CET	49799	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.810230970 CET	443	49799	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:30.810307026 CET	49799	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.810431957 CET	49799	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:30.810437918 CET	443	49799	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:31.017616987 CET	49769	443	192.168.2.4	142.250.181.100
Nov 26, 2024 19:44:31.017628908 CET	443	49769	142.250.181.100	192.168.2.4
Nov 26, 2024 19:44:31.093894005 CET	49792	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:31.093923092 CET	443	49792	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:32.622389078 CET	443	49795	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:32.622950077 CET	49795	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:32.622967005 CET	443	49795	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:32.623419046 CET	49795	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:32.623425007 CET	443	49795	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:32.709945917 CET	443	49799	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:32.710342884 CET	49799	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:32.710350990 CET	443	49799	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:32.710737944 CET	49799	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:32.710742950 CET	443	49799	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:32.727848053 CET	443	49796	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:32.728266954 CET	49796	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:32.728286028 CET	443	49796	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:32.728754044 CET	49796	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:32.728760004 CET	443	49796	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:32.736732006 CET	443	49797	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:32.737068892 CET	49797	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:32.737080097 CET	443	49797	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:32.737512112 CET	49797	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:32.737515926 CET	443	49797	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:32.853703976 CET	443	49798	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:32.854113102 CET	49798	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:32.854130030 CET	443	49798	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:32.854548931 CET	49798	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:32.854553938 CET	443	49798	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.141787052 CET	443	49795	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.141840935 CET	443	49795	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.142056942 CET	49795	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.142091990 CET	49795	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.142102003 CET	443	49795	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.142111063 CET	49795	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.142116070 CET	443	49795	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.144531012 CET	49800	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.144562960 CET	443	49800	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.144627094 CET	49800	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.144778967 CET	49800	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.144793034 CET	443	49800	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.162594080 CET	443	49799	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.162653923 CET	443	49799	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.162772894 CET	49799	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.162792921 CET	49799	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.162806034 CET	443	49799	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.162821054 CET	49799	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.162826061 CET	443	49799	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.164913893 CET	49801	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.164952040 CET	443	49801	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.165009022 CET	49801	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.165137053 CET	49801	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.165149927 CET	443	49801	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.251646996 CET	443	49796	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.251715899 CET	443	49796	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.251826048 CET	443	49797	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.251830101 CET	49796	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.251854897 CET	49796	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.251868963 CET	443	49796	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.251885891 CET	443	49797	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.251894951 CET	49796	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.251900911 CET	443	49796	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.251940012 CET	49797	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.252070904 CET	49797	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.252070904 CET	49797	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.252084970 CET	443	49797	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.252093077 CET	443	49797	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.254790068 CET	49802	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.254812002 CET	443	49802	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.254854918 CET	49803	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.254873991 CET	443	49803	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.254884005 CET	49802	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.254923105 CET	49803	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.255007982 CET	49802	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.255019903 CET	443	49802	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.255069971 CET	49803	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.255084038 CET	443	49803	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.309422016 CET	443	49798	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.309478998 CET	443	49798	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.309541941 CET	49798	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.309735060 CET	49798	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.309740067 CET	443	49798	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.309748888 CET	49798	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.309752941 CET	443	49798	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.312279940 CET	49804	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.312308073 CET	443	49804	13.107.246.63	192.168.2.4
Nov 26, 2024 19:44:33.313694954 CET	49804	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.313952923 CET	49804	443	192.168.2.4	13.107.246.63
Nov 26, 2024 19:44:33.313971043 CET	443	49804	13.107.246.63	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 26, 2024 19:43:14.645376921 CET	53	61414	1.1.1.1	192.168.2.4
Nov 26, 2024 19:43:14.647599936 CET	53	60191	1.1.1.1	192.168.2.4
Nov 26, 2024 19:43:17.471519947 CET	53	64596	1.1.1.1	192.168.2.4
Nov 26, 2024 19:43:18.391978025 CET	49817	53	192.168.2.4	1.1.1.1
Nov 26, 2024 19:43:18.392210960 CET	55580	53	192.168.2.4	1.1.1.1
Nov 26, 2024 19:43:18.533859015 CET	53	49817	1.1.1.1	192.168.2.4
Nov 26, 2024 19:43:18.533943892 CET	53	55580	1.1.1.1	192.168.2.4
Nov 26, 2024 19:43:19.611399889 CET	59438	53	192.168.2.4	1.1.1.1
Nov 26, 2024 19:43:19.611558914 CET	57863	53	192.168.2.4	1.1.1.1
Nov 26, 2024 19:43:20.623893976 CET	53954	53	192.168.2.4	1.1.1.1
Nov 26, 2024 19:43:20.624255896 CET	54266	53	192.168.2.4	1.1.1.1
Nov 26, 2024 19:43:22.657579899 CET	59643	53	192.168.2.4	1.1.1.1
Nov 26, 2024 19:43:23.638248920 CET	53	54266	1.1.1.1	192.168.2.4
Nov 26, 2024 19:43:23.638336897 CET	53	57863	1.1.1.1	192.168.2.4
Nov 26, 2024 19:43:23.638900995 CET	53	59438	1.1.1.1	192.168.2.4
Nov 26, 2024 19:43:23.638959885 CET	53	59643	1.1.1.1	192.168.2.4
Nov 26, 2024 19:43:23.639097929 CET	53	53954	1.1.1.1	192.168.2.4
Nov 26, 2024 19:43:26.629939079 CET	58556	53	192.168.2.4	1.1.1.1
Nov 26, 2024 19:43:26.630316019 CET	50733	53	192.168.2.4	1.1.1.1
Nov 26, 2024 19:43:26.880098104 CET	53	50733	1.1.1.1	192.168.2.4
Nov 26, 2024 19:43:26.880953074 CET	53	58556	1.1.1.1	192.168.2.4
Nov 26, 2024 19:43:26.881660938 CET	52717	53	192.168.2.4	1.1.1.1
Nov 26, 2024 19:43:27.106017113 CET	53	52717	1.1.1.1	192.168.2.4
Nov 26, 2024 19:43:27.134845972 CET	57663	53	192.168.2.4	8.8.8.8
Nov 26, 2024 19:43:27.135483980 CET	62098	53	192.168.2.4	1.1.1.1
Nov 26, 2024 19:43:27.289683104 CET	53	62098	1.1.1.1	192.168.2.4
Nov 26, 2024 19:43:27.406874895 CET	53	57663	8.8.8.8	192.168.2.4
Nov 26, 2024 19:43:28.150713921 CET	53385	53	192.168.2.4	1.1.1.1
Nov 26, 2024 19:43:28.150854111 CET	65202	53	192.168.2.4	1.1.1.1
Nov 26, 2024 19:43:28.295192957 CET	53	65202	1.1.1.1	192.168.2.4
Nov 26, 2024 19:43:28.296817064 CET	53	53385	1.1.1.1	192.168.2.4
Nov 26, 2024 19:43:31.226644993 CET	138	138	192.168.2.4	192.168.2.255
Nov 26, 2024 19:43:33.320087910 CET	54402	53	192.168.2.4	1.1.1.1
Nov 26, 2024 19:43:33.320087910 CET	62451	53	192.168.2.4	1.1.1.1
Nov 26, 2024 19:43:33.461303949 CET	53	54402	1.1.1.1	192.168.2.4
Nov 26, 2024 19:43:33.511482954 CET	53	62451	1.1.1.1	192.168.2.4
Nov 26, 2024 19:43:33.512042999 CET	62196	53	192.168.2.4	1.1.1.1
Nov 26, 2024 19:43:33.653182983 CET	53	62196	1.1.1.1	192.168.2.4
Nov 26, 2024 19:43:34.544337034 CET	53	53226	1.1.1.1	192.168.2.4
Nov 26, 2024 19:43:34.730633974 CET	62783	53	192.168.2.4	1.1.1.1
Nov 26, 2024 19:43:34.730833054 CET	54613	53	192.168.2.4	1.1.1.1
Nov 26, 2024 19:43:34.880815983 CET	53	54613	1.1.1.1	192.168.2.4
Nov 26, 2024 19:43:34.881449938 CET	53	62783	1.1.1.1	192.168.2.4
Nov 26, 2024 19:43:34.893660069 CET	64900	53	192.168.2.4	1.1.1.1
Nov 26, 2024 19:43:34.894361973 CET	51573	53	192.168.2.4	8.8.8.8
Nov 26, 2024 19:43:35.029167891 CET	53	51573	8.8.8.8	192.168.2.4
Nov 26, 2024 19:43:35.032332897 CET	53	64900	1.1.1.1	192.168.2.4
Nov 26, 2024 19:43:49.438477993 CET	62482	53	192.168.2.4	1.1.1.1
Nov 26, 2024 19:43:49.595067024 CET	53	62482	1.1.1.1	192.168.2.4
Nov 26, 2024 19:43:53.376178026 CET	53	60244	1.1.1.1	192.168.2.4
Nov 26, 2024 19:44:04.196511030 CET	52365	53	192.168.2.4	1.1.1.1
Nov 26, 2024 19:44:04.196692944 CET	57758	53	192.168.2.4	1.1.1.1
Nov 26, 2024 19:44:04.386389017 CET	53	57758	1.1.1.1	192.168.2.4
Nov 26, 2024 19:44:04.386893034 CET	53	52365	1.1.1.1	192.168.2.4
Nov 26, 2024 19:44:04.387552023 CET	62168	53	192.168.2.4	1.1.1.1
Nov 26, 2024 19:44:04.537970066 CET	53	62168	1.1.1.1	192.168.2.4
Nov 26, 2024 19:44:04.551086903 CET	50827	53	192.168.2.4	1.1.1.1
Nov 26, 2024 19:44:04.551532030 CET	59028	53	192.168.2.4	8.8.8.8
Nov 26, 2024 19:44:04.686075926 CET	53	59028	8.8.8.8	192.168.2.4
Nov 26, 2024 19:44:04.696752071 CET	53	50827	1.1.1.1	192.168.2.4
Nov 26, 2024 19:44:13.824676037 CET	53	63488	1.1.1.1	192.168.2.4
Nov 26, 2024 19:44:15.990117073 CET	53	50081	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Nov 26, 2024 19:43:23.638386011 CET	192.168.2.4	1.1.1.1	c225	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 26, 2024 19:43:18.391978025 CET	192.168.2.4	1.1.1.1	0xdf1a	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:18.392210960 CET	192.168.2.4	1.1.1.1	0x9974	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 26, 2024 19:43:19.611399889 CET	192.168.2.4	1.1.1.1	0x46c2	Standard query (0)	bzss.pt	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:19.611558914 CET	192.168.2.4	1.1.1.1	0x2577	Standard query (0)	bzss.pt	65	IN (0x0001)	false
Nov 26, 2024 19:43:20.623893976 CET	192.168.2.4	1.1.1.1	0xfa01	Standard query (0)	bzss.pt	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:20.624255896 CET	192.168.2.4	1.1.1.1	0x2005	Standard query (0)	bzss.pt	65	IN (0x0001)	false
Nov 26, 2024 19:43:22.657579899 CET	192.168.2.4	1.1.1.1	0x2f89	Standard query (0)	bzss.pt	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:26.629939079 CET	192.168.2.4	1.1.1.1	0xdb86	Standard query (0)	www.gomalapos.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:26.630316019 CET	192.168.2.4	1.1.1.1	0x852	Standard query (0)	www.gomalapos.com	65	IN (0x0001)	false
Nov 26, 2024 19:43:26.881660938 CET	192.168.2.4	1.1.1.1	0x175f	Standard query (0)	www.gomalapos.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:27.134845972 CET	192.168.2.4	8.8.8.8	0x5cd4	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:27.135483980 CET	192.168.2.4	1.1.1.1	0xec15	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:28.150713921 CET	192.168.2.4	1.1.1.1	0xaba9	Standard query (0)	www.gomalapos.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:28.150854111 CET	192.168.2.4	1.1.1.1	0x4fdb	Standard query (0)	www.gomalapos.com	65	IN (0x0001)	false
Nov 26, 2024 19:43:33.320087910 CET	192.168.2.4	1.1.1.1	0xa2ad	Standard query (0)	www.gomalapos.com	65	IN (0x0001)	false
Nov 26, 2024 19:43:33.320087910 CET	192.168.2.4	1.1.1.1	0x495f	Standard query (0)	www.gomalapos.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:33.512042999 CET	192.168.2.4	1.1.1.1	0x8850	Standard query (0)	www.gomalapos.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:34.730633974 CET	192.168.2.4	1.1.1.1	0x92df	Standard query (0)	www.gomalapos.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:34.730833054 CET	192.168.2.4	1.1.1.1	0x22a0	Standard query (0)	www.gomalapos.com	65	IN (0x0001)	false
Nov 26, 2024 19:43:34.893660069 CET	192.168.2.4	1.1.1.1	0x7e9e	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:34.894361973 CET	192.168.2.4	8.8.8.8	0x332	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:49.438477993 CET	192.168.2.4	1.1.1.1	0xf425	Standard query (0)	www.gomalapos.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:44:04.196511030 CET	192.168.2.4	1.1.1.1	0x3604	Standard query (0)	www.gomalapos.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:44:04.196692944 CET	192.168.2.4	1.1.1.1	0x2aed	Standard query (0)	www.gomalapos.com	65	IN (0x0001)	false
Nov 26, 2024 19:44:04.387552023 CET	192.168.2.4	1.1.1.1	0x1653	Standard query (0)	www.gomalapos.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:44:04.551086903 CET	192.168.2.4	1.1.1.1	0x7a39	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:44:04.551532030 CET	192.168.2.4	8.8.8.8	0xc7f1	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 26, 2024 19:43:18.533859015 CET	1.1.1.1	192.168.2.4	0xdf1a	No error (0)	www.google.com		142.250.181.100	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:18.533943892 CET	1.1.1.1	192.168.2.4	0x9974	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 26, 2024 19:43:23.638900995 CET	1.1.1.1	192.168.2.4	0x46c2	No error (0)	bzss.pt		94.46.183.96	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:23.638959885 CET	1.1.1.1	192.168.2.4	0x2f89	No error (0)	bzss.pt		94.46.183.96	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:23.639097929 CET	1.1.1.1	192.168.2.4	0xfa01	No error (0)	bzss.pt		94.46.183.96	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:26.880098104 CET	1.1.1.1	192.168.2.4	0x852	Name error (3)	www.gomalapos.com	none	none	65	IN (0x0001)	false
Nov 26, 2024 19:43:26.880953074 CET	1.1.1.1	192.168.2.4	0xdb86	Name error (3)	www.gomalapos.com	none	none	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:27.106017113 CET	1.1.1.1	192.168.2.4	0x175f	Name error (3)	www.gomalapos.com	none	none	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:27.289683104 CET	1.1.1.1	192.168.2.4	0xec15	No error (0)	google.com		172.217.17.46	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:27.406874895 CET	8.8.8.8	192.168.2.4	0x5cd4	No error (0)	google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:28.295192957 CET	1.1.1.1	192.168.2.4	0x4fdb	Name error (3)	www.gomalapos.com	none	none	65	IN (0x0001)	false
Nov 26, 2024 19:43:28.296817064 CET	1.1.1.1	192.168.2.4	0xaba9	Name error (3)	www.gomalapos.com	none	none	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:33.461303949 CET	1.1.1.1	192.168.2.4	0xa2ad	Name error (3)	www.gomalapos.com	none	none	65	IN (0x0001)	false
Nov 26, 2024 19:43:33.511482954 CET	1.1.1.1	192.168.2.4	0x495f	Name error (3)	www.gomalapos.com	none	none	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:33.653182983 CET	1.1.1.1	192.168.2.4	0x8850	Name error (3)	www.gomalapos.com	none	none	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:34.880815983 CET	1.1.1.1	192.168.2.4	0x22a0	Name error (3)	www.gomalapos.com	none	none	65	IN (0x0001)	false
Nov 26, 2024 19:43:34.881449938 CET	1.1.1.1	192.168.2.4	0x92df	Name error (3)	www.gomalapos.com	none	none	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:35.029167891 CET	8.8.8.8	192.168.2.4	0x332	No error (0)	google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:35.032332897 CET	1.1.1.1	192.168.2.4	0x7e9e	No error (0)	google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:43:49.595067024 CET	1.1.1.1	192.168.2.4	0xf425	Name error (3)	www.gomalapos.com	none	none	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:44:04.386389017 CET	1.1.1.1	192.168.2.4	0x2aed	Name error (3)	www.gomalapos.com	none	none	65	IN (0x0001)	false
Nov 26, 2024 19:44:04.386893034 CET	1.1.1.1	192.168.2.4	0x3604	Name error (3)	www.gomalapos.com	none	none	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:44:04.537970066 CET	1.1.1.1	192.168.2.4	0x1653	Name error (3)	www.gomalapos.com	none	none	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:44:04.686075926 CET	8.8.8.8	192.168.2.4	0xc7f1	No error (0)	google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Nov 26, 2024 19:44:04.696752071 CET	1.1.1.1	192.168.2.4	0x7a39	No error (0)	google.com		142.250.181.142	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

https:

bzss.pt

slscr.update.microsoft.com

otelrules.azureedge.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49740	23.52.182.8	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:43:21 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-26 18:43:21 UTC	479	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Server: Kestrel ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-OSID: 2 X-CID: 2 X-CCC: GB Cache-Control: public, max-age=200215 Date: Tue, 26 Nov 2024 18:43:21 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49742	23.52.182.8	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:43:23 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-26 18:43:24 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=200216 Date: Tue, 26 Nov 2024 18:43:23 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-26 18:43:24 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49744	94.46.183.96	443	3868	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:43:25 UTC	730	OUT	GET /wp-content/plugins/bm-pagebuilder/inc_php/ux-pb-theme-ajax.php HTTP/1.1 Host: bzss.pt Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://www.bing.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-26 18:43:26 UTC	258	IN	HTTP/1.1 302 Moved Temporarily Server: nginx Date: Tue, 26 Nov 2024 18:43:25 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: close X-Powered-By: PHP/7.4.33 Location: https://www.gomalapos.com X-Scale: YXBvY2FzQGdpdGh1Yg==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49745	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:43:29 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=WwP4smcYlWEnmxv&MD=ZDWbG9Oe HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-26 18:43:30 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 48d02b41-9e38-4624-9391-96c436145ff8 MS-RequestId: 07d25233-e379-433e-943f-c4fd4b8c0fda MS-CV: 1Y2BL++mGEWjXaXn.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 26 Nov 2024 18:43:29 GMT Connection: close Content-Length: 24490
2024-11-26 18:43:30 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-26 18:43:30 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49751	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:10 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=WwP4smcYlWEnmxv&MD=ZDWbG9Oe HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-26 18:44:10 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 52a67840-0466-437d-9fd7-282783c265ae MS-RequestId: 058cdd1d-e020-4c6a-b026-9377061e61fe MS-CV: my5I+ZtUtEOoe7KF.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 26 Nov 2024 18:44:09 GMT Connection: close Content-Length: 30005
2024-11-26 18:44:10 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-11-26 18:44:10 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.4	49752	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:10 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:10 UTC	471	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:10 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Mon, 25 Nov 2024 13:17:46 GMT ETag: "0x8DD0D538D5EA1E0" x-ms-request-id: f5f75198-101e-00a2-8091-3f9f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184410Z-174f7845968kvnqxhC1EWRmf3g0000000eh000000000s89z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:10 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-26 18:44:11 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-11-26 18:44:11 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-11-26 18:44:11 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-11-26 18:44:11 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-11-26 18:44:11 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-11-26 18:44:11 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-11-26 18:44:11 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-11-26 18:44:11 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-11-26 18:44:11 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.4	49753	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:13 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:13 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:13 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 0b3277ea-501e-00a0-5e91-3f9d9f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184413Z-174f7845968g6hv8hC1EWR1v2n00000003s000000000c8xx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:13 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.4	49756	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:13 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:13 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:13 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 0a3cdbcf-401e-0016-597f-3f53e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184413Z-174f7845968g6hv8hC1EWR1v2n00000003vg000000000c59 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:13 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.4	49754	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:13 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:13 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:13 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: 59158d4f-901e-00a0-5491-3f6a6d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184413Z-174f7845968zgtf6hC1EWRqd8s0000000nrg00000000h0ty x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:13 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.4	49757	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:13 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:14 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:13 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: dc0e4179-901e-005b-2991-3f2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184413Z-174f7845968glpgnhC1EWR7uec0000000w20000000002wfg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:14 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.4	49755	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:13 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:14 UTC	494	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:13 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: 6eac4bdd-a01e-006f-1c91-3f13cd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184413Z-174f7845968pf68xhC1EWRr4h80000000vyg00000000tr2c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:14 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.4	49763	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:15 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:16 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:16 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: 3360fb1d-601e-0097-3291-3ff33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184416Z-174f7845968v75bwhC1EWRuqen0000000gqg00000000n7pu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:16 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.4	49759	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:15 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:16 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:16 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 8ccd6c39-f01e-0085-6e81-3f88ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184416Z-174f7845968cdxdrhC1EWRg0en0000000vt000000000d5vr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:16 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.4	49760	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:15 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:16 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:16 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: f5d49257-301e-005d-758c-3fe448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184416Z-174f7845968kdththC1EWRzvxn000000083000000000ned2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:16 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.4	49761	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:15 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:16 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:16 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 30944020-a01e-0053-5e8b-3f8603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184416Z-174f7845968pf68xhC1EWRr4h80000000w5g000000001s51 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:16 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	49762	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:15 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:16 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:16 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 6f96f590-e01e-0099-0e7f-3fda8a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184416Z-174f7845968kdththC1EWRzvxn000000081g00000000u15q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:16 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49764	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:18 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:18 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:18 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: ed9dfa2a-401e-0015-7891-3f0e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184418Z-174f7845968g6hv8hC1EWR1v2n00000003q000000000mqeq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:18 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49767	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:18 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:18 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:18 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: dc0e488f-901e-005b-3891-3f2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184418Z-174f7845968px8v7hC1EWR08ng0000000w0000000000qe0b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:18 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49765	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:18 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:18 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:18 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 6eac52fb-a01e-006f-2191-3f13cd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184418Z-174f7845968cdxdrhC1EWRg0en0000000vt000000000d5zf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:18 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49766	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:18 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:18 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:18 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: c665a67d-901e-002a-1b91-3f7a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184418Z-174f7845968qj8jrhC1EWRh41s0000000vpg00000000swg9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:18 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49768	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:18 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:18 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:18 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: ff98645e-b01e-0001-1091-3f46e2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184418Z-174f7845968n2hr8hC1EWR9cag0000000vg00000000093a7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:18 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49771	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:20 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:21 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:20 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 106d127d-401e-008c-1a91-3f86c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184420Z-174f7845968glpgnhC1EWR7uec0000000vz000000000e09k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:21 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49773	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:20 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:21 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:20 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: e9babc56-001e-0049-5291-3f5bd5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184420Z-174f7845968cpnpfhC1EWR3afc0000000vcg00000000ktqw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:21 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49772	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:20 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:21 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:20 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: a99e6065-701e-006f-4d91-3fafc4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184420Z-174f7845968n2hr8hC1EWR9cag0000000ve000000000fewd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:21 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49770	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:20 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:21 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:20 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 417b6c53-401e-0029-0d91-3f9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184420Z-174f78459684bddphC1EWRbht40000000vkg00000000akaz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:21 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49774	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:20 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:21 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:20 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 3fc8b732-401e-0083-1091-3f075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184420Z-174f7845968cdxdrhC1EWRg0en0000000vq000000000sp0p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:21 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49779	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:22 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:23 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:23 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: b254496e-901e-0016-2991-3fefe9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184423Z-174f7845968psccphC1EWRuz9s0000000w500000000038da x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:23 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49777	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:22 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:23 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:23 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: f5c4af5a-301e-005d-6385-3fe448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184423Z-174f7845968swgbqhC1EWRmnb40000000vyg00000000ekdf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:23 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49778	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:23 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:23 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:23 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: f5817373-b01e-003e-3591-3f8e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184423Z-174f7845968kvnqxhC1EWRmf3g0000000epg000000007m3v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:23 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49775	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:23 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:23 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:23 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 02716611-001e-00ad-7089-3f554b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184423Z-174f78459685726chC1EWRsnbg0000000vwg00000000azg5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:23 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49776	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:23 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:23 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:23 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: b18988de-c01e-0079-2891-3fe51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184423Z-174f7845968cdxdrhC1EWRg0en0000000vqg00000000qwyh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:23 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49781	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:25 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:25 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:25 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: f440c5dc-801e-0047-7891-3f7265000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184425Z-174f78459688l8rvhC1EWRtzr000000008fg000000004ufk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:25 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49784	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:25 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:25 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:25 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: baa0830a-001e-0082-4291-3f5880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184425Z-174f7845968v75bwhC1EWRuqen0000000gng00000000v3qn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:25 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49783	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:25 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:25 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:25 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: c3d74fa2-201e-0003-1d91-3ff85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184425Z-174f7845968kdththC1EWRzvxn00000008700000000071pw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:25 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49782	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:25 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:25 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:25 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 6c824192-201e-0051-0a91-3f7340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184425Z-174f7845968zgtf6hC1EWRqd8s0000000npg00000000sg21 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:25 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49780	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:25 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:25 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:25 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 89e88ad2-001e-0065-4491-3f0b73000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184425Z-174f7845968vqt9xhC1EWRgten0000000vz0000000001pdq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:25 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49785	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:27 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:28 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:28 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: d3507608-601e-003d-4b91-3f6f25000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184428Z-174f7845968px8v7hC1EWR08ng0000000w5g00000000205m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:28 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49786	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:27 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:28 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:28 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: dc0e5a4e-901e-005b-0191-3f2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184428Z-174f7845968v75bwhC1EWRuqen0000000gv000000000568b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:28 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	49787	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:27 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:28 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:28 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: 5810d2d2-301e-0000-6891-3feecc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184428Z-174f7845968v75bwhC1EWRuqen0000000gpg00000000s108 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:28 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	49789	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:27 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:28 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:28 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: dc0e6055-901e-005b-2d91-3f2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184428Z-174f7845968pf68xhC1EWRr4h80000000w3g000000008q6y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:28 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	49788	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:27 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:28 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:28 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: fac497c4-501e-008f-4391-3f9054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184428Z-174f7845968j6t2phC1EWRcfe80000000w0000000000auk9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:28 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	49790	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:30 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:30 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:30 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 1fa1b817-401e-0067-5691-3f09c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184430Z-174f7845968cdxdrhC1EWRg0en0000000vwg0000000004pc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:30 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	49793	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:30 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:30 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:30 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 6760f0bc-801e-002a-1f91-3f31dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184430Z-174f7845968qj8jrhC1EWRh41s0000000vrg00000000gu69 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:30 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	49792	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:30 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:30 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:30 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: be7987d0-001e-0034-1e91-3fdd04000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184430Z-174f7845968cpnpfhC1EWR3afc0000000vgg000000005kw8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:30 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	49794	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:30 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:30 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:30 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: 8dfbf447-101e-0028-0f8e-3f8f64000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184430Z-174f7845968qj8jrhC1EWRh41s0000000vrg00000000gu6c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:30 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	49791	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:30 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:30 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:30 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: e52ede4a-001e-0017-0591-3f0c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184430Z-174f7845968g6hv8hC1EWR1v2n00000003q000000000mrad x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:30 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49795	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:32 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:33 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:32 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: cb9203b6-501e-0029-2691-3fd0b8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184432Z-174f78459684bddphC1EWRbht40000000vm0000000008gn9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:33 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49799	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:32 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:33 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:32 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: 3fc8ca9f-401e-0083-6c91-3f075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184432Z-174f7845968qj8jrhC1EWRh41s0000000vn000000000yktk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:33 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49796	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:32 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:33 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:33 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: e14f358b-d01e-007a-5d7e-3ff38c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184433Z-174f7845968psccphC1EWRuz9s0000000w600000000002qh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:33 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49797	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:32 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:33 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:33 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: fac49ef3-501e-008f-0a91-3f9054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184433Z-174f7845968px8v7hC1EWR08ng0000000w5g0000000020hp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:33 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	49798	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:32 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-26 18:44:33 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 18:44:33 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 5cf18591-601e-000d-7e91-3f2618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241126T184433Z-174f7845968frfdmhC1EWRxxbw0000000vsg00000000s6br x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-26 18:44:33 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	49800	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:34 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	49801	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:34 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	49803	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:35 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	49802	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:35 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	49804	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-26 18:44:35 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2128, Parent PID: 2516

General

Target ID:	0
Start time:	13:43:07
Start date:	26/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3868, Parent PID: 2128

General

Target ID:	2
Start time:	13:43:12
Start date:	26/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2000,i,7447874065688442827,3344386527575224330,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6368, Parent PID: 2516

General

Target ID:	3
Start time:	13:43:16
Start date:	26/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mail.sapo.pt@www.bing.com/ck/a?!&&p=35b6df18bbec504aJmltdHM9MTcyNzIyMjQwMCZpZ3VpZD0yMDU5MDFlMi05N2Q5LTZjNjItMjIzNS0xNGU3OTY0MzZkZGMmaW5zaWQ9NTI5MQ&ptn=3&ver=2&hsh=3&fclid=205901e2-97d9-6c62-2235-14e796436ddc&u=a1aHR0cHM6Ly9ienNzLnB0L3dwLWNvbnRlbnQvcGx1Z2lucy9ibS1wYWdlYnVpbGRlci9pbmNfcGhwL3V4LXBiLXRoZW1lLWFqYXgucGhwIzp-OnRleHQ9Ynpzcy5wdA&ntb=1"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 40

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2128, Parent PID: 2516

General

Chronological Activities

Analysis Process: chrome.exePID: 3868, Parent PID: 2128

General

Chronological Activities

Analysis Process: chrome.exePID: 6368, Parent PID: 2516

General

Chronological Activities

Disassembly