Edit tour

Windows Analysis Report
http://cpeciadogfoods.com

Overview

General Information

Sample URL:	http://cpeciadogfoods.com
Analysis ID:	1564256
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

AI detected suspicious URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4624 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5012 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2232,i,4201566412960782727,16927088746897606580,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6576 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cpeciadogfoods.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 28 Nov 2024 01:13:03 GMTServer: Apache/2.4.41 (Ubuntu)Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 413Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html;charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 95 92 51 6f d3 30 10 c7 df f7 29 6e 7e 40 db 43 73 4d 57 34 60 8e d1 48 86 56 a9 6b 2b da 09 21 c4 83 13 3b 89 b5 c4 8e 6c 77 1a 7c 7a dc 24 62 45 da 84 78 f2 d9 f7 bb bf ef 7f 3a 7a 9a ad d3 dd b7 cd 0d dc ee ee 96 b0 b9 ff b4 5c a4 40 26 88 5f 2f 52 c4 6c 97 0d 89 8b 68 06 9f 95 e6 0d e2 cd 8a b0 13 5a fb b6 61 27 40 6b c9 45 38 81 7a e5 1b c9 16 5a c8 27 30 25 20 c5 e1 25 30 38 42 34 37 e2 e7 a1 36 fe 8b 0b d7 5e 80 e7 3d 7e 08 2d a3 be 86 47 de a8 4a 27 c4 9b 8e 30 aa da 0a 9c 2d 12 82 aa 30 da 61 de 70 fd 10 55 aa 24 c0 1b 9f 90 ef 8b 74 fd 23 70 e8 eb 43 35 a3 1c 6a 2b cb 84 7c 4c 93 d5 d5 3a c9 08 5b f1 56 52 e4 2f 33 77 81 b9 26 6c c9 9d 87 d6 08 55 2a 29 5e 85 b7 03 bc 55 bf 5e 17 cc 06 26 93 ae b0 aa f3 ca e8 67 14 83 c5 63 ab 85 69 5c c7 83 d7 b7 c1 41 6d 8f a9 01 11 ff 98 46 69 1a 21 ed f1 38 b2 c5 97 61 1c e2 50 fe dc 59 61 da d6 68 24 6c 0c c6 a6 7a 0a c6 3f ac aa 6a 4f d8 6c 3a 9b 4f a6 97 93 f8 12 e2 f7 1f e2 69 e8 f7 65 10 60 f2 27 c5 de e8 dc 75 57 c3 f5 7f 7c e2 b8 01 94 0b 61 a5 73 ec ba e3 45 2d 71 16 cd a3 79 0c 67 f7 f9 5e fb fd 39 6c a5 7d 94 16 b8 87 a2 93 85 e2 c2 54 a5 31 c2 45 c1 10 6c 8c f5 f0 6e 1a 4c 8d 22 41 b7 5f bb b0 67 fd ca fe 06 18 31 33 14 f2 02 00 00 Data Ascii: Qo0)n~@CsMW4`HVk+!;lw|z$bEx:z\@&_/RlhZa'@kE8zZ'0% %08B476^=~-GJ'0-0apU$t#pC5j+|L:[VR/3w&lU*)^U^&gci\AmFi!8aPYah$lz?jOl:Oie`'uW|asE-qyg^9l}T1ElnL"A_g13

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=NoPb2ngz6GThbOs&MD=lvsP7N3e HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=NoPb2ngz6GThbOs&MD=lvsP7N3e HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: cpeciadogfoods.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icons/blank.gif HTTP/1.1Host: cpeciadogfoods.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://cpeciadogfoods.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icons/folder.gif HTTP/1.1Host: cpeciadogfoods.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://cpeciadogfoods.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cpeciadogfoods.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://cpeciadogfoods.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icons/blank.gif HTTP/1.1Host: cpeciadogfoods.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icons/folder.gif HTTP/1.1Host: cpeciadogfoods.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cpeciadogfoods.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 28 Nov 2024 01:13:04 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 280Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 63 70 65 63 69 61 64 6f 67 66 6f 6f 64 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at cpeciadogfoods.com Port 80</address></body></html>

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 184.30.17.174:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.30.17.174:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49786 version: TLS 1.2

Source: classification engine

Classification label: mal68.win@16/10@6/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2232,i,4201566412960782727,16927088746897606580,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cpeciadogfoods.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2232,i,4201566412960782727,16927088746897606580,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://cpeciadogfoods.com	100%	Avira URL Cloud	malware
http://cpeciadogfoods.com	15%	Virustotal		Browse

Source	Detection	Scanner	Label
http://cpeciadogfoods.com/icons/folder.gif	100%	Avira URL Cloud	malware
http://cpeciadogfoods.com/favicon.ico	100%	Avira URL Cloud	malware
http://cpeciadogfoods.com/icons/blank.gif	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	142.250.181.100	true	false		high
cpeciadogfoods.com	72.14.155.139	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://cpeciadogfoods.com/favicon.ico	true	Avira URL Cloud: malware	unknown
http://cpeciadogfoods.com/icons/blank.gif	true	Avira URL Cloud: malware	unknown
http://cpeciadogfoods.com/icons/folder.gif	true	Avira URL Cloud: malware	unknown
http://cpeciadogfoods.com/	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
72.14.155.139	cpeciadogfoods.com	United States	20460	MYTHOSTECHUS	false
142.250.181.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1564256
Start date and time:	2024-11-28 02:12:03 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 41s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://cpeciadogfoods.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.win@16/10@6/4

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.17.46, 74.125.205.84, 216.58.208.227, 34.104.35.123, 199.232.210.172, 192.229.221.95, 172.217.17.67
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, otelrules.azureedge.net, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Input	Output
URL: http://cpeciadogfoods.com Model: Joe Sandbox AI	{ "typosquatting": true, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": true, "third_party_hosting": false }
URL: http://cpeciadogfoods.com
URL: http://cpeciadogfoods.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: http://cpeciadogfoods.com/ Model: Joe Sandbox AI	{ "brands": [] }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 20 x 22
Category:	downloaded
Size (bytes):	225
Entropy (8bit):	6.239162888831268
Encrypted:	false
SSDEEP:	6:RxwbFuDmkMJO3CxZICk9tf6rcTtMlY6Uq5GnDI:MADmFJOyTIf97TOlunDI
MD5:	D342CBA375FEA336967317BDB5D7CF19
SHA1:	768DE3ABB08ABC5FE2DB93454A78C9D3D955D5E4
SHA-256:	FBE5ECA717CFBCB58891D431F9AFAF30AA740D9FCE007E820A599F22AFA0DEE2
SHA-512:	7FBF98D95066A7443805DA1645490E0E98B7674D092E496ACECEA6E6BEBBF74385E687DB788517AB412DD60381D1F7F2243EF167646BD906D460E67EAA15E315
Malicious:	false
Reputation:	low
URL:	http://cpeciadogfoods.com/icons/folder.gif
Preview:	GIF89a................f3333.........!.NThis art is in the public domain. Kevin Hughes, kevinh@eit.com, September 1995.!.......,..........T(...0.IY......E.}d.).@zj..C,.+.....W..<.....IE.qg<..N"4.IRaV.V...x..l<&...z.#,L..;..;

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	280
Entropy (8bit):	5.20851706072313
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIR+knrKBFEcXaoD:J0+oxBeRmR9etdzRxGezH0qnma+
MD5:	4519709E61CEA1A12CAAC62EC4DF1ACF
SHA1:	B9351FA61B02EBE0C7E9B058EE0DD76DFF1E05AF
SHA-256:	2B58EB72535884700655CCE05A7789508459A0345E9FDA022C47A62F1539A432
SHA-512:	7B2393A7535C88764D07D073557B33C2A16FDF7BFBB77CBE5ED2AFE9D8FEC6A32111DE797BC1167DC2BA608E097C283BE8CD49EA4D1DDBC570263AAA50847400
Malicious:	false
Reputation:	low
URL:	http://cpeciadogfoods.com/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<hr>.<address>Apache/2.4.41 (Ubuntu) Server at cpeciadogfoods.com Port 80</address>.</body></html>.

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 20 x 22
Category:	downloaded
Size (bytes):	148
Entropy (8bit):	5.356073575747541
Encrypted:	false
SSDEEP:	3:CNl4aa/tErhuDOSikMNmXQOlFvTM5l/ZICwRADutayEJfllnJIV1xEn:S0EFuDmkMJO3CxZICk9tfEJO1xEn
MD5:	19517FB39A31BE6B8D7CCF53AD84908F
SHA1:	EBBCFDC6ACC99F7AAC3BF7FE72BC55F07F03F7E9
SHA-256:	3CB0E54BABF019703FE671A32FCC3947AAB9079EC2871CF0F9639245CC12D878
SHA-512:	BE752FF4C7AA3AB46FDBD93555A17E422E7C8B8661F40F899F51EC9393B510DCB2E66436A4F2C78A42AF77DD95E01A3438C88CFAA3E0B02694C1912D5294EE16
Malicious:	false
Reputation:	low
URL:	http://cpeciadogfoods.com/icons/blank.gif
Preview:	GIF89a...................!.NThis art is in the public domain. Kevin Hughes, kevinh@eit.com, September 1995.!.......,..........................I..;

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 754
Category:	downloaded
Size (bytes):	413
Entropy (8bit):	7.4709459827199085
Encrypted:	false
SSDEEP:	12:XPKdpbfR80w5T7CKgIe0msvn4R+PRbYWeW69n/:XPOfR8x5Pxgh4gR2RbYWeBF/
MD5:	0A71CD5A2E8C0909759405A9C4D1A731
SHA1:	2CEEDBC82570612D38215FAC51E0F19766DE0370
SHA-256:	5135FA1A26961D03825FDEC9527F7EBA386095A5E6836F7FF9A161367EE49B1B
SHA-512:	B7DD7694936D86BF03416342C9AA6C130253531F58276486FD0317D4DEF16AF1E0CAF87642A0428AAE3CAE5A76BE0F5A8BB3DDBD5FAEC11C162F22A97E8647A6
Malicious:	false
Reputation:	low
URL:	http://cpeciadogfoods.com/
Preview:	............Qo.0....)n~@.CsMW4`..H.V.k+..!..;...lw.\|z.$bE.x.......:z............\.@&._/R.l....h.........Z..a'@k.E8.z....Z.'0% ..%08B47..6....^..=~.-...G.J'..0....-...0.a.p..U.$.....t.#p..C5..j+.\|L...:..[.VR./3w..&l....U*)^....U.^...&.......g...c..i\...Am......Fi.!..8..a..P..Ya..h$l..z..?..jO.l:.O.........i..e.`.'....uW...\|....a.s..E-q..y.g..^..9l.}.........T.1.E..l...n.L."A._..g.....13.....

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 20 x 22
Category:	dropped
Size (bytes):	148
Entropy (8bit):	5.356073575747541
Encrypted:	false
SSDEEP:	3:CNl4aa/tErhuDOSikMNmXQOlFvTM5l/ZICwRADutayEJfllnJIV1xEn:S0EFuDmkMJO3CxZICk9tfEJO1xEn
MD5:	19517FB39A31BE6B8D7CCF53AD84908F
SHA1:	EBBCFDC6ACC99F7AAC3BF7FE72BC55F07F03F7E9
SHA-256:	3CB0E54BABF019703FE671A32FCC3947AAB9079EC2871CF0F9639245CC12D878
SHA-512:	BE752FF4C7AA3AB46FDBD93555A17E422E7C8B8661F40F899F51EC9393B510DCB2E66436A4F2C78A42AF77DD95E01A3438C88CFAA3E0B02694C1912D5294EE16
Malicious:	false
Reputation:	low
Preview:	GIF89a...................!.NThis art is in the public domain. Kevin Hughes, kevinh@eit.com, September 1995.!.......,..........................I..;

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 20 x 22
Category:	dropped
Size (bytes):	225
Entropy (8bit):	6.239162888831268
Encrypted:	false
SSDEEP:	6:RxwbFuDmkMJO3CxZICk9tf6rcTtMlY6Uq5GnDI:MADmFJOyTIf97TOlunDI
MD5:	D342CBA375FEA336967317BDB5D7CF19
SHA1:	768DE3ABB08ABC5FE2DB93454A78C9D3D955D5E4
SHA-256:	FBE5ECA717CFBCB58891D431F9AFAF30AA740D9FCE007E820A599F22AFA0DEE2
SHA-512:	7FBF98D95066A7443805DA1645490E0E98B7674D092E496ACECEA6E6BEBBF74385E687DB788517AB412DD60381D1F7F2243EF167646BD906D460E67EAA15E315
Malicious:	false
Reputation:	low
Preview:	GIF89a................f3333.........!.NThis art is in the public domain. Kevin Hughes, kevinh@eit.com, September 1995.!.......,..........T(...0.IY......E.}d.).@zj..C,.+.....W..<.....IE.qg<..N"4.IRaV.V...x..l<&...z.#,L..;..;

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 28, 2024 02:12:48.484740973 CET	49675	443	192.168.2.4	173.222.162.32
Nov 28, 2024 02:12:58.092869043 CET	49675	443	192.168.2.4	173.222.162.32
Nov 28, 2024 02:13:00.970774889 CET	49737	443	192.168.2.4	142.250.181.100
Nov 28, 2024 02:13:00.970807076 CET	443	49737	142.250.181.100	192.168.2.4
Nov 28, 2024 02:13:00.970875978 CET	49737	443	192.168.2.4	142.250.181.100
Nov 28, 2024 02:13:00.971085072 CET	49737	443	192.168.2.4	142.250.181.100
Nov 28, 2024 02:13:00.971098900 CET	443	49737	142.250.181.100	192.168.2.4
Nov 28, 2024 02:13:01.818155050 CET	49738	443	192.168.2.4	184.30.17.174
Nov 28, 2024 02:13:01.818196058 CET	443	49738	184.30.17.174	192.168.2.4
Nov 28, 2024 02:13:01.818259954 CET	49738	443	192.168.2.4	184.30.17.174
Nov 28, 2024 02:13:01.820348024 CET	49738	443	192.168.2.4	184.30.17.174
Nov 28, 2024 02:13:01.820358038 CET	443	49738	184.30.17.174	192.168.2.4
Nov 28, 2024 02:13:02.570477009 CET	49739	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:02.570857048 CET	49740	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:02.687649965 CET	49741	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:02.694315910 CET	80	49739	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:02.694402933 CET	49739	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:02.694504023 CET	80	49740	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:02.694551945 CET	49739	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:02.694565058 CET	49740	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:02.721205950 CET	443	49737	142.250.181.100	192.168.2.4
Nov 28, 2024 02:13:02.721533060 CET	49737	443	192.168.2.4	142.250.181.100
Nov 28, 2024 02:13:02.721556902 CET	443	49737	142.250.181.100	192.168.2.4
Nov 28, 2024 02:13:02.722415924 CET	443	49737	142.250.181.100	192.168.2.4
Nov 28, 2024 02:13:02.722470999 CET	49737	443	192.168.2.4	142.250.181.100
Nov 28, 2024 02:13:02.723429918 CET	49737	443	192.168.2.4	142.250.181.100
Nov 28, 2024 02:13:02.723488092 CET	443	49737	142.250.181.100	192.168.2.4
Nov 28, 2024 02:13:02.764352083 CET	49737	443	192.168.2.4	142.250.181.100
Nov 28, 2024 02:13:02.764362097 CET	443	49737	142.250.181.100	192.168.2.4
Nov 28, 2024 02:13:02.811456919 CET	80	49741	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:02.811645985 CET	49741	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:02.815490007 CET	49737	443	192.168.2.4	142.250.181.100
Nov 28, 2024 02:13:02.818193913 CET	80	49739	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:03.303889036 CET	443	49738	184.30.17.174	192.168.2.4
Nov 28, 2024 02:13:03.304608107 CET	49738	443	192.168.2.4	184.30.17.174
Nov 28, 2024 02:13:03.306679964 CET	49738	443	192.168.2.4	184.30.17.174
Nov 28, 2024 02:13:03.306690931 CET	443	49738	184.30.17.174	192.168.2.4
Nov 28, 2024 02:13:03.306936979 CET	443	49738	184.30.17.174	192.168.2.4
Nov 28, 2024 02:13:03.339260101 CET	49738	443	192.168.2.4	184.30.17.174
Nov 28, 2024 02:13:03.379338026 CET	443	49738	184.30.17.174	192.168.2.4
Nov 28, 2024 02:13:03.842724085 CET	443	49738	184.30.17.174	192.168.2.4
Nov 28, 2024 02:13:03.842777967 CET	443	49738	184.30.17.174	192.168.2.4
Nov 28, 2024 02:13:03.842828035 CET	49738	443	192.168.2.4	184.30.17.174
Nov 28, 2024 02:13:03.843107939 CET	49738	443	192.168.2.4	184.30.17.174
Nov 28, 2024 02:13:03.843125105 CET	443	49738	184.30.17.174	192.168.2.4
Nov 28, 2024 02:13:03.853435040 CET	80	49739	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:03.892720938 CET	49739	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:03.895437956 CET	49740	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:03.942117929 CET	49742	443	192.168.2.4	184.30.17.174
Nov 28, 2024 02:13:03.942154884 CET	443	49742	184.30.17.174	192.168.2.4
Nov 28, 2024 02:13:03.942228079 CET	49742	443	192.168.2.4	184.30.17.174
Nov 28, 2024 02:13:03.942965031 CET	49742	443	192.168.2.4	184.30.17.174
Nov 28, 2024 02:13:03.942981005 CET	443	49742	184.30.17.174	192.168.2.4
Nov 28, 2024 02:13:04.016457081 CET	80	49739	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:04.019180059 CET	80	49740	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:04.232038021 CET	80	49739	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:04.234736919 CET	80	49740	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:04.244158030 CET	49740	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:04.280517101 CET	49739	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:04.367948055 CET	80	49740	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:04.389215946 CET	49743	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:04.389358997 CET	49744	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:04.499558926 CET	49745	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:04.513597012 CET	80	49743	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:04.513609886 CET	80	49744	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:04.513693094 CET	49744	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:04.513698101 CET	49743	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:04.513936043 CET	49744	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:04.514012098 CET	49743	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:04.585879087 CET	80	49740	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:04.623338938 CET	80	49745	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:04.623426914 CET	49745	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:04.633476973 CET	49740	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:04.637598038 CET	80	49744	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:04.637648106 CET	80	49743	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:05.375158072 CET	443	49742	184.30.17.174	192.168.2.4
Nov 28, 2024 02:13:05.375233889 CET	49742	443	192.168.2.4	184.30.17.174
Nov 28, 2024 02:13:05.376509905 CET	49742	443	192.168.2.4	184.30.17.174
Nov 28, 2024 02:13:05.376519918 CET	443	49742	184.30.17.174	192.168.2.4
Nov 28, 2024 02:13:05.376743078 CET	443	49742	184.30.17.174	192.168.2.4
Nov 28, 2024 02:13:05.377830982 CET	49742	443	192.168.2.4	184.30.17.174
Nov 28, 2024 02:13:05.423376083 CET	443	49742	184.30.17.174	192.168.2.4
Nov 28, 2024 02:13:05.671521902 CET	80	49743	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:05.718003988 CET	49743	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:05.726758003 CET	80	49744	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:05.780329943 CET	49744	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:05.910856009 CET	443	49742	184.30.17.174	192.168.2.4
Nov 28, 2024 02:13:05.910933971 CET	443	49742	184.30.17.174	192.168.2.4
Nov 28, 2024 02:13:05.910991907 CET	49742	443	192.168.2.4	184.30.17.174
Nov 28, 2024 02:13:05.911725998 CET	49742	443	192.168.2.4	184.30.17.174
Nov 28, 2024 02:13:05.911739111 CET	443	49742	184.30.17.174	192.168.2.4
Nov 28, 2024 02:13:05.911751032 CET	49742	443	192.168.2.4	184.30.17.174
Nov 28, 2024 02:13:05.911756992 CET	443	49742	184.30.17.174	192.168.2.4
Nov 28, 2024 02:13:09.234321117 CET	80	49739	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:09.234385014 CET	49739	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:09.283221960 CET	49739	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:09.406934023 CET	80	49739	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:09.588253021 CET	80	49740	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:09.588325024 CET	49740	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:10.306741953 CET	49746	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:10.306777000 CET	443	49746	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:10.307838917 CET	49746	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:10.307838917 CET	49746	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:10.307872057 CET	443	49746	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:10.675513983 CET	80	49743	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:10.679522991 CET	49743	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:10.732060909 CET	80	49744	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:10.732137918 CET	49744	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:11.282356024 CET	49743	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:11.282397985 CET	49744	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:11.282416105 CET	49740	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:11.406168938 CET	80	49743	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:11.406184912 CET	80	49744	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:11.406199932 CET	80	49740	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:12.131069899 CET	443	49746	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:12.131177902 CET	49746	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:12.133765936 CET	49746	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:12.133779049 CET	443	49746	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:12.133980989 CET	443	49746	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:12.186989069 CET	49746	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:12.405817032 CET	443	49737	142.250.181.100	192.168.2.4
Nov 28, 2024 02:13:12.405872107 CET	443	49737	142.250.181.100	192.168.2.4
Nov 28, 2024 02:13:12.405944109 CET	49737	443	192.168.2.4	142.250.181.100
Nov 28, 2024 02:13:13.281786919 CET	49737	443	192.168.2.4	142.250.181.100
Nov 28, 2024 02:13:13.281809092 CET	443	49737	142.250.181.100	192.168.2.4
Nov 28, 2024 02:13:13.656744957 CET	49746	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:13.703341007 CET	443	49746	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:14.262172937 CET	443	49746	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:14.262200117 CET	443	49746	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:14.262211084 CET	443	49746	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:14.262232065 CET	443	49746	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:14.262243986 CET	443	49746	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:14.262254953 CET	443	49746	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:14.262296915 CET	49746	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:14.262322903 CET	443	49746	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:14.262341022 CET	49746	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:14.262373924 CET	49746	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:14.283723116 CET	443	49746	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:14.283806086 CET	443	49746	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:14.283807039 CET	49746	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:14.283850908 CET	49746	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:15.497870922 CET	49746	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:15.497905016 CET	443	49746	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:15.497920990 CET	49746	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:15.497927904 CET	443	49746	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:47.812309980 CET	49741	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:47.936084986 CET	80	49741	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:49.624927998 CET	49745	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:49.748706102 CET	80	49745	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:51.868339062 CET	49752	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:51.868371010 CET	443	49752	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:51.868444920 CET	49752	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:51.868778944 CET	49752	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:51.868793011 CET	443	49752	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:53.634315968 CET	443	49752	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:53.634505987 CET	49752	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:53.638072968 CET	49752	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:53.638082981 CET	443	49752	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:53.638282061 CET	443	49752	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:53.646011114 CET	49752	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:53.691339970 CET	443	49752	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:54.343965054 CET	443	49752	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:54.344000101 CET	443	49752	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:54.344016075 CET	443	49752	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:54.344095945 CET	49752	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:54.344121933 CET	443	49752	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:54.344189882 CET	49752	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:54.382051945 CET	443	49752	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:54.382097960 CET	443	49752	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:54.382158041 CET	443	49752	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:54.382251978 CET	49752	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:54.382455111 CET	49752	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:54.382471085 CET	443	49752	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:54.382481098 CET	49752	443	192.168.2.4	52.149.20.212
Nov 28, 2024 02:13:54.382487059 CET	443	49752	52.149.20.212	192.168.2.4
Nov 28, 2024 02:13:54.604150057 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:54.604181051 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:54.604243994 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:54.604619026 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:54.604634047 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:55.168992043 CET	80	49741	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:55.169074059 CET	49741	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:55.281928062 CET	49741	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:55.405757904 CET	80	49741	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:56.334116936 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:56.334234953 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:56.335695028 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:56.335705042 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:56.335912943 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:56.343054056 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:56.383328915 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:56.821702003 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:56.821722031 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:56.821737051 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:56.821806908 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:56.821818113 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:56.821872950 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.006547928 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.006572962 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.006650925 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.006659985 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.006684065 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.006712914 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.058336973 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.058353901 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.058418989 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.058423042 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.058468103 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.175086975 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.175101042 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.175268888 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.175275087 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.175331116 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.208189964 CET	80	49745	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:57.208276033 CET	49745	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:57.220266104 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.220279932 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.220347881 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.220352888 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.220396042 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.245745897 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.245759964 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.245857000 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.245861053 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.245913982 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.265083075 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.265095949 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.265178919 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.265182972 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.265225887 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.282413960 CET	49745	80	192.168.2.4	72.14.155.139
Nov 28, 2024 02:13:57.367526054 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.367542028 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.367702007 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.367707014 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.367764950 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.385467052 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.385479927 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.385668039 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.385674953 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.385740042 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.403173923 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.403187990 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.403295994 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.403306007 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.403354883 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.406078100 CET	80	49745	72.14.155.139	192.168.2.4
Nov 28, 2024 02:13:57.419940948 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.419954062 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.420053005 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.420058012 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.420115948 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.436295986 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.436310053 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.436400890 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.436405897 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.436455011 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.542918921 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.542933941 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.543009043 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.543013096 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.543064117 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.547149897 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.547193050 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.547221899 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.547280073 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.547504902 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.547513962 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.547523022 CET	49753	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.547528028 CET	443	49753	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.611973047 CET	49755	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.611988068 CET	443	49755	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.612061977 CET	49755	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.616899014 CET	49756	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.616946936 CET	443	49756	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.617014885 CET	49756	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.617481947 CET	49757	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.617520094 CET	443	49757	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.617575884 CET	49757	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.618820906 CET	49755	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.618832111 CET	443	49755	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.620253086 CET	49758	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.620265007 CET	443	49758	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.620325089 CET	49758	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.620556116 CET	49758	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.620573997 CET	443	49758	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.620773077 CET	49756	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.620784044 CET	443	49756	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.620860100 CET	49757	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.620877981 CET	443	49757	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.622387886 CET	49759	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.622395992 CET	443	49759	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:57.622466087 CET	49759	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.622613907 CET	49759	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:57.622625113 CET	443	49759	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.347209930 CET	443	49758	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.347749949 CET	49758	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.347778082 CET	443	49758	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.348191977 CET	49758	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.348196030 CET	443	49758	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.416626930 CET	443	49757	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.416712046 CET	443	49759	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.417053938 CET	49757	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.417082071 CET	443	49757	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.417141914 CET	49759	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.417150974 CET	443	49759	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.417572021 CET	443	49755	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.417659044 CET	49759	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.417663097 CET	443	49759	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.417727947 CET	49757	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.417732000 CET	443	49757	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.417898893 CET	49755	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.417908907 CET	443	49755	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.418415070 CET	49755	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.418418884 CET	443	49755	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.790066004 CET	443	49758	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.790122032 CET	443	49758	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.790177107 CET	49758	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.790513992 CET	49758	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.790513992 CET	49758	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.790529013 CET	443	49758	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.790539980 CET	443	49758	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.793613911 CET	49760	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.793644905 CET	443	49760	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.793730021 CET	49760	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.793900013 CET	49760	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.793910980 CET	443	49760	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.868721962 CET	443	49757	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.868796110 CET	443	49757	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.868855000 CET	49757	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.869024038 CET	49757	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.869040966 CET	443	49757	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.869051933 CET	49757	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.869056940 CET	443	49757	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.871990919 CET	49761	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.872030020 CET	443	49761	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.872112989 CET	49761	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.872273922 CET	49761	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.872287989 CET	443	49761	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.873497009 CET	443	49759	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.873517990 CET	443	49759	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.873567104 CET	49759	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.873578072 CET	443	49759	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.873754025 CET	49759	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.873766899 CET	443	49759	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.873774052 CET	49759	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.873886108 CET	443	49759	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.873919964 CET	443	49759	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.873965979 CET	49759	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.874828100 CET	443	49755	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.874850035 CET	443	49755	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.874929905 CET	49755	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.874942064 CET	443	49755	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.874984980 CET	49755	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.875013113 CET	49755	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.875019073 CET	443	49755	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.875032902 CET	49755	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.875155926 CET	443	49755	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.875180960 CET	443	49755	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.875220060 CET	49755	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.876014948 CET	49762	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.876028061 CET	443	49762	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.876084089 CET	49762	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.876192093 CET	49762	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.876203060 CET	443	49762	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.876653910 CET	49763	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.876661062 CET	443	49763	13.107.246.63	192.168.2.4
Nov 28, 2024 02:13:59.876725912 CET	49763	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.876817942 CET	49763	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:13:59.876828909 CET	443	49763	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:00.246088982 CET	443	49756	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:00.246630907 CET	49756	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:00.246644020 CET	443	49756	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:00.247201920 CET	49756	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:00.247209072 CET	443	49756	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:00.711309910 CET	443	49756	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:00.711380959 CET	443	49756	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:00.711436987 CET	49756	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:00.711447954 CET	443	49756	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:00.711494923 CET	49756	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:00.711690903 CET	49756	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:00.711698055 CET	443	49756	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:00.711714983 CET	49756	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:00.712039948 CET	443	49756	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:00.712119102 CET	443	49756	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:00.712173939 CET	49756	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:00.714385033 CET	49764	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:00.714409113 CET	443	49764	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:00.714473963 CET	49764	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:00.714653015 CET	49764	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:00.714662075 CET	443	49764	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:00.892069101 CET	49765	443	192.168.2.4	142.250.181.100
Nov 28, 2024 02:14:00.892116070 CET	443	49765	142.250.181.100	192.168.2.4
Nov 28, 2024 02:14:00.892179012 CET	49765	443	192.168.2.4	142.250.181.100
Nov 28, 2024 02:14:00.892934084 CET	49765	443	192.168.2.4	142.250.181.100
Nov 28, 2024 02:14:00.892947912 CET	443	49765	142.250.181.100	192.168.2.4
Nov 28, 2024 02:14:01.606414080 CET	443	49760	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:01.606959105 CET	49760	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:01.606982946 CET	443	49760	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:01.607487917 CET	49760	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:01.607495070 CET	443	49760	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:01.666673899 CET	443	49763	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:01.667113066 CET	49763	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:01.667148113 CET	443	49763	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:01.667499065 CET	49763	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:01.667504072 CET	443	49763	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:01.668517113 CET	443	49762	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:01.668822050 CET	49762	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:01.668837070 CET	443	49762	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:01.669199944 CET	49762	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:01.669204950 CET	443	49762	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:01.728115082 CET	443	49761	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:01.728544950 CET	49761	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:01.728555918 CET	443	49761	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:01.728789091 CET	49761	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:01.728794098 CET	443	49761	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.058197975 CET	443	49760	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.058257103 CET	443	49760	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.058402061 CET	49760	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.058533907 CET	49760	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.058547020 CET	443	49760	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.058557034 CET	49760	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.058562994 CET	443	49760	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.061527967 CET	49766	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.061553001 CET	443	49766	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.061638117 CET	49766	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.061769962 CET	49766	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.061785936 CET	443	49766	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.118375063 CET	443	49763	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.118426085 CET	443	49763	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.118565083 CET	49763	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.118587017 CET	49763	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.118599892 CET	443	49763	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.118607998 CET	49763	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.118612051 CET	443	49763	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.120520115 CET	443	49762	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.120558023 CET	49767	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.120568037 CET	443	49762	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.120587111 CET	443	49767	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.120621920 CET	49762	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.120646954 CET	49767	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.120691061 CET	49762	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.120696068 CET	443	49762	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.120706081 CET	49762	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.120708942 CET	443	49762	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.120743036 CET	49767	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.120750904 CET	443	49767	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.122370958 CET	49768	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.122400045 CET	443	49768	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.122459888 CET	49768	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.122556925 CET	49768	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.122571945 CET	443	49768	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.188714981 CET	443	49761	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.188787937 CET	443	49761	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.188924074 CET	49761	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.188924074 CET	49761	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.190646887 CET	49761	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.190651894 CET	443	49761	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.190653086 CET	49769	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.190685034 CET	443	49769	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.190742970 CET	49769	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.190854073 CET	49769	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.190869093 CET	443	49769	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.514272928 CET	443	49764	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.515369892 CET	49764	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.515379906 CET	443	49764	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.515444994 CET	49764	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.515449047 CET	443	49764	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.639029026 CET	443	49765	142.250.181.100	192.168.2.4
Nov 28, 2024 02:14:02.639350891 CET	49765	443	192.168.2.4	142.250.181.100
Nov 28, 2024 02:14:02.639378071 CET	443	49765	142.250.181.100	192.168.2.4
Nov 28, 2024 02:14:02.639667988 CET	443	49765	142.250.181.100	192.168.2.4
Nov 28, 2024 02:14:02.640290976 CET	49765	443	192.168.2.4	142.250.181.100
Nov 28, 2024 02:14:02.640351057 CET	443	49765	142.250.181.100	192.168.2.4
Nov 28, 2024 02:14:02.686502934 CET	49765	443	192.168.2.4	142.250.181.100
Nov 28, 2024 02:14:02.966586113 CET	443	49764	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.966761112 CET	443	49764	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.966908932 CET	49764	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.966952085 CET	49764	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.966967106 CET	443	49764	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.966978073 CET	49764	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.966983080 CET	443	49764	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.969466925 CET	49770	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.969516993 CET	443	49770	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:02.969604015 CET	49770	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.969731092 CET	49770	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:02.969741106 CET	443	49770	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:03.851326942 CET	443	49766	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:03.851799011 CET	49766	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:03.851820946 CET	443	49766	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:03.852341890 CET	49766	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:03.852348089 CET	443	49766	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:03.913147926 CET	443	49767	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:03.913484097 CET	49767	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:03.913511038 CET	443	49767	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:03.913896084 CET	49767	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:03.913899899 CET	443	49767	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:03.914122105 CET	443	49768	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:03.914377928 CET	49768	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:03.914400101 CET	443	49768	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:03.914834023 CET	49768	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:03.914839029 CET	443	49768	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.009274006 CET	443	49769	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.009721041 CET	49769	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.009757996 CET	443	49769	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.010129929 CET	49769	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.010134935 CET	443	49769	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.302578926 CET	443	49766	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.302637100 CET	443	49766	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.302714109 CET	49766	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.302861929 CET	49766	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.302876949 CET	443	49766	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.302886963 CET	49766	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.302894115 CET	443	49766	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.305800915 CET	49771	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.305833101 CET	443	49771	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.305915117 CET	49771	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.306075096 CET	49771	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.306087017 CET	443	49771	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.379829884 CET	443	49767	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.379889965 CET	443	49767	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.379971981 CET	49767	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.380213976 CET	49767	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.380234003 CET	443	49767	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.380243063 CET	49767	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.380249023 CET	443	49767	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.380289078 CET	443	49768	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.380326986 CET	443	49768	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.383172035 CET	49772	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.383199930 CET	443	49772	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.383208036 CET	49768	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.383275032 CET	49772	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.383289099 CET	49768	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.383310080 CET	443	49768	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.383327007 CET	49768	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.383332014 CET	443	49768	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.383444071 CET	49772	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.383460045 CET	443	49772	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.385189056 CET	49773	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.385224104 CET	443	49773	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.385288000 CET	49773	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.385421038 CET	49773	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.385437012 CET	443	49773	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.461159945 CET	443	49769	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.461230993 CET	443	49769	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.461361885 CET	49769	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.461389065 CET	49769	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.461402893 CET	443	49769	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.461415052 CET	49769	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.461420059 CET	443	49769	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.463412046 CET	49774	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.463428020 CET	443	49774	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.463502884 CET	49774	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.463622093 CET	49774	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.463629961 CET	443	49774	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.792887926 CET	443	49770	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.795217991 CET	49770	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.795258045 CET	443	49770	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:04.795610905 CET	49770	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:04.795617104 CET	443	49770	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:05.243293047 CET	443	49770	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:05.243451118 CET	443	49770	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:05.243621111 CET	49770	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:05.243690968 CET	49770	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:05.243705988 CET	443	49770	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:05.243719101 CET	49770	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:05.243724108 CET	443	49770	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:05.247004986 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:05.247040033 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:05.247122049 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:05.247303963 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:05.247324944 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.031065941 CET	443	49771	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.031645060 CET	49771	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.031677961 CET	443	49771	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.032020092 CET	49771	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.032025099 CET	443	49771	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.189448118 CET	443	49772	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.190042973 CET	49772	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.190057039 CET	443	49772	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.190088034 CET	443	49774	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.190355062 CET	49774	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.190361977 CET	443	49774	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.190468073 CET	49772	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.190473080 CET	443	49772	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.190831900 CET	49774	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.190835953 CET	443	49774	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.196151972 CET	443	49773	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.196425915 CET	49773	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.196449041 CET	443	49773	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.196774960 CET	49773	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.196782112 CET	443	49773	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.476553917 CET	443	49771	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.476620913 CET	443	49771	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.476784945 CET	49771	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.476929903 CET	49771	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.476953030 CET	443	49771	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.476963043 CET	49771	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.476969004 CET	443	49771	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.480292082 CET	49776	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.480314970 CET	443	49776	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.480395079 CET	49776	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.480577946 CET	49776	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.480591059 CET	443	49776	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.633486986 CET	443	49774	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.633532047 CET	443	49774	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.633668900 CET	49774	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.633749962 CET	49774	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.633759975 CET	443	49774	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.633768082 CET	49774	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.633771896 CET	443	49774	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.636013985 CET	49777	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.636049032 CET	443	49777	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.636130095 CET	49777	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.636295080 CET	49777	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.636310101 CET	443	49777	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.643708944 CET	443	49772	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.643771887 CET	443	49772	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.643825054 CET	49772	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.643918991 CET	49772	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.643924952 CET	443	49772	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.643955946 CET	49772	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.643960953 CET	443	49772	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.646363020 CET	49778	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.646384954 CET	443	49778	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.646466970 CET	49778	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.646580935 CET	49778	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.646595001 CET	443	49778	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.649797916 CET	443	49773	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.649847031 CET	443	49773	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.649897099 CET	49773	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.649993896 CET	49773	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.650007963 CET	443	49773	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.650018930 CET	49773	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.650022984 CET	443	49773	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.651905060 CET	49779	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.651913881 CET	443	49779	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:06.651978970 CET	49779	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.652103901 CET	49779	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:06.652117014 CET	443	49779	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:08.363181114 CET	443	49777	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:08.363751888 CET	49777	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:08.363789082 CET	443	49777	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:08.364377975 CET	49777	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:08.364382982 CET	443	49777	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:08.446158886 CET	443	49778	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:08.446604967 CET	49778	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:08.446640015 CET	443	49778	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:08.446897984 CET	49778	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:08.446903944 CET	443	49778	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:08.506275892 CET	443	49779	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:08.506819963 CET	49779	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:08.506851912 CET	443	49779	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:08.507232904 CET	49779	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:08.507239103 CET	443	49779	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:08.806022882 CET	443	49777	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:08.806066990 CET	443	49777	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:08.806215048 CET	49777	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:08.806363106 CET	49777	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:08.806379080 CET	443	49777	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:08.806391001 CET	49777	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:08.806396961 CET	443	49777	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:08.809587002 CET	49780	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:08.809634924 CET	443	49780	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:08.809724092 CET	49780	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:08.809885979 CET	49780	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:08.809896946 CET	443	49780	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:08.967544079 CET	443	49779	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:08.967592001 CET	443	49779	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:08.967768908 CET	49779	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:08.967905998 CET	49779	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:08.967916012 CET	443	49779	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:08.971463919 CET	49781	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:08.971484900 CET	443	49781	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:08.971565008 CET	49781	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:08.971754074 CET	49781	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:08.971762896 CET	443	49781	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:10.552710056 CET	443	49776	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:10.553227901 CET	49776	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:10.553263903 CET	443	49776	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:10.553720951 CET	49776	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:10.553726912 CET	443	49776	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:10.664495945 CET	443	49780	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:10.664938927 CET	49780	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:10.664974928 CET	443	49780	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:10.665349960 CET	49780	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:10.665354967 CET	443	49780	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:10.697419882 CET	443	49781	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:10.697770119 CET	49781	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:10.697784901 CET	443	49781	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:10.698128939 CET	49781	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:10.698132992 CET	443	49781	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:11.004429102 CET	443	49776	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:11.004487991 CET	443	49776	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:11.004544973 CET	49776	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:11.004786968 CET	49776	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:11.004805088 CET	443	49776	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:11.004813910 CET	49776	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:11.004818916 CET	443	49776	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:11.007906914 CET	49782	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:11.007942915 CET	443	49782	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:11.008034945 CET	49782	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:11.008179903 CET	49782	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:11.008188963 CET	443	49782	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:11.141436100 CET	443	49781	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:11.141485929 CET	443	49781	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:11.141532898 CET	49781	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:11.141669989 CET	49781	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:11.141680956 CET	443	49781	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:11.141690016 CET	49781	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:11.141695976 CET	443	49781	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:11.143860102 CET	49783	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:11.143876076 CET	443	49783	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:11.143954992 CET	49783	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:11.144088984 CET	49783	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:11.144098043 CET	443	49783	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:11.153177023 CET	443	49780	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:11.153233051 CET	443	49780	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:11.153281927 CET	49780	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:11.153361082 CET	49780	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:11.153373003 CET	443	49780	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:11.153382063 CET	49780	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:11.153387070 CET	443	49780	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:11.155220032 CET	49784	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:11.155256033 CET	443	49784	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:11.155329943 CET	49784	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:11.155462027 CET	49784	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:11.155482054 CET	443	49784	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:12.330765009 CET	443	49765	142.250.181.100	192.168.2.4
Nov 28, 2024 02:14:12.330823898 CET	443	49765	142.250.181.100	192.168.2.4
Nov 28, 2024 02:14:12.330882072 CET	49765	443	192.168.2.4	142.250.181.100
Nov 28, 2024 02:14:12.735503912 CET	443	49782	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:12.736072063 CET	49782	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:12.736099958 CET	443	49782	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:12.736668110 CET	49782	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:12.736673117 CET	443	49782	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:12.934693098 CET	443	49783	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:12.935225964 CET	49783	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:12.935241938 CET	443	49783	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:12.935928106 CET	49783	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:12.935931921 CET	443	49783	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:12.946649075 CET	443	49784	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:12.947105885 CET	49784	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:12.947154045 CET	443	49784	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:12.947608948 CET	49784	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:12.947614908 CET	443	49784	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.178459883 CET	443	49782	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.178515911 CET	443	49782	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.178565979 CET	49782	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.178896904 CET	49782	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.178896904 CET	49782	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.178914070 CET	443	49782	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.178922892 CET	443	49782	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.181860924 CET	49785	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.181891918 CET	443	49785	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.181977034 CET	49785	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.182117939 CET	49785	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.182131052 CET	443	49785	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.284092903 CET	49765	443	192.168.2.4	142.250.181.100
Nov 28, 2024 02:14:13.284117937 CET	443	49765	142.250.181.100	192.168.2.4
Nov 28, 2024 02:14:13.316392899 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.316680908 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.316833019 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.316849947 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.318126917 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.318183899 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.318192959 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.318409920 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.318459988 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.318468094 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.320938110 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.320952892 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.387206078 CET	443	49783	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.387253046 CET	443	49783	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.387300968 CET	49783	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.387620926 CET	49783	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.387620926 CET	49783	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.387630939 CET	443	49783	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.387638092 CET	443	49783	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.390331030 CET	49786	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.390367985 CET	443	49786	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.390435934 CET	49786	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.390573025 CET	49786	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.390588999 CET	443	49786	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.399575949 CET	443	49784	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.399652004 CET	443	49784	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.399704933 CET	49784	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.399769068 CET	49784	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.399775982 CET	443	49784	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.399785995 CET	49784	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.399789095 CET	443	49784	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.401698112 CET	49787	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.401720047 CET	443	49787	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.401778936 CET	49787	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.401906013 CET	49787	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.401920080 CET	443	49787	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.657761097 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.659445047 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.659477949 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.659487009 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.659502029 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.909970045 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:13.910244942 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:13.910258055 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:14.117619991 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:14.171075106 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:14.244888067 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:14.248670101 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:14.248687029 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:14.588574886 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:14.591350079 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:14.591370106 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:14.949891090 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:14.952864885 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:14.952898026 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.038162947 CET	443	49785	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.038577080 CET	49785	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.038599968 CET	443	49785	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.039004087 CET	49785	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.039009094 CET	443	49785	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.157478094 CET	443	49787	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.157557011 CET	49787	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.158567905 CET	49787	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.158572912 CET	443	49787	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.158797026 CET	443	49787	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.159382105 CET	49787	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.207325935 CET	443	49787	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.220263958 CET	443	49786	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.220360041 CET	49786	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.221286058 CET	49786	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.221297026 CET	443	49786	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.221519947 CET	443	49786	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.222058058 CET	49786	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.263329983 CET	443	49786	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.290110111 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.292207956 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.292234898 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.434712887 CET	443	49778	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.434768915 CET	443	49778	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.434822083 CET	49778	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.434952974 CET	49778	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.434967995 CET	443	49778	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.434978008 CET	49778	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.434982061 CET	443	49778	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.438608885 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.438617945 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.499572992 CET	443	49785	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.499633074 CET	443	49785	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.499685049 CET	49785	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.499811888 CET	49785	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.499828100 CET	443	49785	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.499840021 CET	49785	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.499845028 CET	443	49785	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.502224922 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.502233982 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.599440098 CET	443	49787	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.599487066 CET	443	49787	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.599530935 CET	49787	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.599662066 CET	49787	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.599668026 CET	443	49787	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.599677086 CET	49787	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.599680901 CET	443	49787	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.601902962 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.601918936 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.629223108 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.631556988 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.671679974 CET	443	49786	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.671726942 CET	443	49786	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.671772957 CET	49786	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.671907902 CET	49786	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.671921015 CET	443	49786	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.671928883 CET	49786	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.671933889 CET	443	49786	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.673542976 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.673552036 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.843472004 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:15.861407995 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:15.907331944 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:16.020382881 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:16.022593975 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:16.022614002 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:16.023925066 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:16.077238083 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:16.077248096 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:16.079422951 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:16.079518080 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:16.079566002 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:16.080116034 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:16.123342991 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:16.230700016 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:16.233053923 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:16.233072042 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:16.441483974 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:16.443499088 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:16.443515062 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:16.525156021 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:16.577248096 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:16.577270985 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:16.579816103 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:16.579829931 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:16.579931974 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:16.579936981 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:16.645759106 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:16.648854971 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:16.648879051 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:16.651734114 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:16.653644085 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:16.699332952 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:16.862396002 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:16.864881992 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:16.864913940 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:16.945647955 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:16.947700024 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:16.947721958 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:16.949584961 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:16.991343975 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:17.069250107 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:17.071576118 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:17.071598053 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:17.073776960 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:17.115372896 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:17.279906988 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:17.282130003 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:17.282182932 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:17.369112015 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:17.370896101 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:17.370914936 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:17.372545004 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:17.419328928 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:17.493622065 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:17.495556116 CET	49775	443	192.168.2.4	13.107.246.63
Nov 28, 2024 02:14:17.495584011 CET	443	49775	13.107.246.63	192.168.2.4
Nov 28, 2024 02:14:17.497145891 CET	49775	443	192.168.2.4	13.107.246.63

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 28, 2024 02:12:57.051558971 CET	53	50135	1.1.1.1	192.168.2.4
Nov 28, 2024 02:12:57.052514076 CET	53	63968	1.1.1.1	192.168.2.4
Nov 28, 2024 02:13:00.011960983 CET	53	60414	1.1.1.1	192.168.2.4
Nov 28, 2024 02:13:00.828006029 CET	54315	53	192.168.2.4	1.1.1.1
Nov 28, 2024 02:13:00.828128099 CET	49581	53	192.168.2.4	1.1.1.1
Nov 28, 2024 02:13:00.969537973 CET	53	54315	1.1.1.1	192.168.2.4
Nov 28, 2024 02:13:00.969553947 CET	53	49581	1.1.1.1	192.168.2.4
Nov 28, 2024 02:13:02.425827026 CET	53105	53	192.168.2.4	1.1.1.1
Nov 28, 2024 02:13:02.425950050 CET	50160	53	192.168.2.4	1.1.1.1
Nov 28, 2024 02:13:02.569741011 CET	53	50160	1.1.1.1	192.168.2.4
Nov 28, 2024 02:13:02.569839954 CET	53	53105	1.1.1.1	192.168.2.4
Nov 28, 2024 02:13:04.246679068 CET	49502	53	192.168.2.4	1.1.1.1
Nov 28, 2024 02:13:04.246877909 CET	60709	53	192.168.2.4	1.1.1.1
Nov 28, 2024 02:13:04.388696909 CET	53	49502	1.1.1.1	192.168.2.4
Nov 28, 2024 02:13:04.388708115 CET	53	60709	1.1.1.1	192.168.2.4
Nov 28, 2024 02:13:17.064819098 CET	53	63552	1.1.1.1	192.168.2.4
Nov 28, 2024 02:13:17.292040110 CET	138	138	192.168.2.4	192.168.2.255
Nov 28, 2024 02:13:36.000644922 CET	53	58001	1.1.1.1	192.168.2.4
Nov 28, 2024 02:13:56.659708023 CET	53	65316	1.1.1.1	192.168.2.4
Nov 28, 2024 02:13:58.455096006 CET	53	62167	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 28, 2024 02:13:00.828006029 CET	192.168.2.4	1.1.1.1	0x2f38	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 28, 2024 02:13:00.828128099 CET	192.168.2.4	1.1.1.1	0x11b3	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 28, 2024 02:13:02.425827026 CET	192.168.2.4	1.1.1.1	0xffa	Standard query (0)	cpeciadogfoods.com	A (IP address)	IN (0x0001)	false
Nov 28, 2024 02:13:02.425950050 CET	192.168.2.4	1.1.1.1	0xfbe0	Standard query (0)	cpeciadogfoods.com	65	IN (0x0001)	false
Nov 28, 2024 02:13:04.246679068 CET	192.168.2.4	1.1.1.1	0x599f	Standard query (0)	cpeciadogfoods.com	A (IP address)	IN (0x0001)	false
Nov 28, 2024 02:13:04.246877909 CET	192.168.2.4	1.1.1.1	0x32d4	Standard query (0)	cpeciadogfoods.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Nov 28, 2024 02:13:00.969537973 CET	1.1.1.1	192.168.2.4	0x2f38	No error (0)	www.google.com	142.250.181.100	A (IP address)	IN (0x0001)	false
Nov 28, 2024 02:13:00.969553947 CET	1.1.1.1	192.168.2.4	0x11b3	No error (0)	www.google.com		65	IN (0x0001)	false
Nov 28, 2024 02:13:02.569839954 CET	1.1.1.1	192.168.2.4	0xffa	No error (0)	cpeciadogfoods.com	72.14.155.139	A (IP address)	IN (0x0001)	false
Nov 28, 2024 02:13:04.388696909 CET	1.1.1.1	192.168.2.4	0x599f	No error (0)	cpeciadogfoods.com	72.14.155.139	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

slscr.update.microsoft.com

otelrules.azureedge.net

cpeciadogfoods.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49739	72.14.155.139	80	5012	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 28, 2024 02:13:02.694551945 CET	433	OUT	GET / HTTP/1.1 Host: cpeciadogfoods.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Nov 28, 2024 02:13:03.853435040 CET	664	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:13:03 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 413 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html;charset=UTF-8 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 95 92 51 6f d3 30 10 c7 df f7 29 6e 7e 40 db 43 73 4d 57 34 60 8e d1 48 86 56 a9 6b 2b da 09 21 c4 83 13 3b 89 b5 c4 8e 6c 77 1a 7c 7a dc 24 62 45 da 84 78 f2 d9 f7 bb bf ef 7f 3a 7a 9a ad d3 dd b7 cd 0d dc ee ee 96 b0 b9 ff b4 5c a4 40 26 88 5f 2f 52 c4 6c 97 0d 89 8b 68 06 9f 95 e6 0d e2 cd 8a b0 13 5a fb b6 61 27 40 6b c9 45 38 81 7a e5 1b c9 16 5a c8 27 30 25 20 c5 e1 25 30 38 42 34 37 e2 e7 a1 36 fe 8b 0b d7 5e 80 e7 3d 7e 08 2d a3 be 86 47 de a8 4a 27 c4 9b 8e 30 aa da 0a 9c 2d 12 82 aa 30 da 61 de 70 fd 10 55 aa 24 c0 1b 9f 90 ef 8b 74 fd 23 70 e8 eb 43 35 a3 1c 6a 2b cb 84 7c 4c 93 d5 d5 3a c9 08 5b f1 56 52 e4 2f 33 77 81 b9 26 6c c9 9d 87 d6 08 55 2a 29 5e 85 b7 03 bc 55 bf 5e 17 cc 06 26 93 ae b0 aa f3 ca e8 67 14 83 c5 63 ab 85 69 5c c7 83 d7 b7 c1 41 6d 8f a9 01 11 ff 98 46 69 1a 21 ed f1 38 b2 c5 97 61 1c e2 50 fe dc 59 61 da d6 68 24 6c 0c c6 a6 7a 0a c6 3f ac aa 6a 4f d8 6c 3a 9b 4f a6 97 93 f8 12 e2 f7 1f e2 69 e8 f7 65 10 60 f2 27 c5 de e8 dc 75 57 c3 [TRUNCATED] Data Ascii: Qo0)n~@CsMW4`HVk+!;lw\|z$bEx:z\@&_/RlhZa'@kE8zZ'0% %08B476^=~-GJ'0-0apU$t#pC5j+\|L:[VR/3w&lU*)^U^&gci\AmFi!8aPYah$lz?jOl:Oie`'uW\|asE-qyg^9l}T1ElnL"A_g13
Nov 28, 2024 02:13:03.892720938 CET	384	OUT	GET /icons/blank.gif HTTP/1.1 Host: cpeciadogfoods.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://cpeciadogfoods.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Nov 28, 2024 02:13:04.232038021 CET	431	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:13:04 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Sat, 20 Nov 2004 20:16:24 GMT ETag: "94-3e9564c23b600" Accept-Ranges: bytes Content-Length: 148 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: image/gif Data Raw: 47 49 46 38 39 61 14 00 16 00 a1 00 00 ff ff ff cc ff ff 00 00 00 00 00 00 21 fe 4e 54 68 69 73 20 61 72 74 20 69 73 20 69 6e 20 74 68 65 20 70 75 62 6c 69 63 20 64 6f 6d 61 69 6e 2e 20 4b 65 76 69 6e 20 48 75 67 68 65 73 2c 20 6b 65 76 69 6e 68 40 65 69 74 2e 63 6f 6d 2c 20 53 65 70 74 65 6d 62 65 72 20 31 39 39 35 00 21 f9 04 01 00 00 01 00 2c 00 00 00 00 14 00 16 00 00 02 13 8c 8f a9 cb ed 0f a3 9c b4 da 8b b3 de bc fb 0f 86 49 01 00 3b Data Ascii: GIF89a!NThis art is in the public domain. Kevin Hughes, kevinh@eit.com, September 1995!,I;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49740	72.14.155.139	80	5012	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 28, 2024 02:13:03.895437956 CET	385	OUT	GET /icons/folder.gif HTTP/1.1 Host: cpeciadogfoods.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://cpeciadogfoods.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Nov 28, 2024 02:13:04.234736919 CET	509	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:13:04 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Sat, 20 Nov 2004 20:16:24 GMT ETag: "e1-3e9564c23b600" Accept-Ranges: bytes Content-Length: 225 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: image/gif Data Raw: 47 49 46 38 39 61 14 00 16 00 c2 00 00 ff ff ff ff cc 99 cc ff ff 99 66 33 33 33 33 00 00 00 00 00 00 00 00 00 21 fe 4e 54 68 69 73 20 61 72 74 20 69 73 20 69 6e 20 74 68 65 20 70 75 62 6c 69 63 20 64 6f 6d 61 69 6e 2e 20 4b 65 76 69 6e 20 48 75 67 68 65 73 2c 20 6b 65 76 69 6e 68 40 65 69 74 2e 63 6f 6d 2c 20 53 65 70 74 65 6d 62 65 72 20 31 39 39 35 00 21 f9 04 01 00 00 02 00 2c 00 00 00 00 14 00 16 00 00 03 54 28 ba dc fe 30 ca 49 59 b9 f8 ce 12 ba ef 45 c4 7d 64 a6 29 c5 40 7a 6a 89 06 43 2c c7 2b 1c 8e f5 1a 13 57 9e 0f 3c 9c 8f 05 ec 0d 49 45 e1 71 67 3c b2 82 4e 22 34 da 49 52 61 56 98 56 c5 dd c2 78 82 d4 6c 3c 26 80 c3 e6 b4 7a cd 23 2c 4c f0 8c 3b 01 00 3b Data Ascii: GIF89af3333!NThis art is in the public domain. Kevin Hughes, kevinh@eit.com, September 1995!,T(0IYE}d)@zjC,+W<IEqg<N"4IRaVVxl<&z#,L;;
Nov 28, 2024 02:13:04.244158030 CET	380	OUT	GET /favicon.ico HTTP/1.1 Host: cpeciadogfoods.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://cpeciadogfoods.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Nov 28, 2024 02:13:04.585879087 CET	496	IN	HTTP/1.1 404 Not Found Date: Thu, 28 Nov 2024 01:13:04 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 280 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 63 70 65 63 69 61 64 6f 67 66 6f 6f 64 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at cpeciadogfoods.com Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49744	72.14.155.139	80	5012	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 28, 2024 02:13:04.513936043 CET	286	OUT	GET /icons/blank.gif HTTP/1.1 Host: cpeciadogfoods.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Nov 28, 2024 02:13:05.726758003 CET	432	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:13:05 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Sat, 20 Nov 2004 20:16:24 GMT ETag: "94-3e9564c23b600" Accept-Ranges: bytes Content-Length: 148 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: image/gif Data Raw: 47 49 46 38 39 61 14 00 16 00 a1 00 00 ff ff ff cc ff ff 00 00 00 00 00 00 21 fe 4e 54 68 69 73 20 61 72 74 20 69 73 20 69 6e 20 74 68 65 20 70 75 62 6c 69 63 20 64 6f 6d 61 69 6e 2e 20 4b 65 76 69 6e 20 48 75 67 68 65 73 2c 20 6b 65 76 69 6e 68 40 65 69 74 2e 63 6f 6d 2c 20 53 65 70 74 65 6d 62 65 72 20 31 39 39 35 00 21 f9 04 01 00 00 01 00 2c 00 00 00 00 14 00 16 00 00 02 13 8c 8f a9 cb ed 0f a3 9c b4 da 8b b3 de bc fb 0f 86 49 01 00 3b Data Ascii: GIF89a!NThis art is in the public domain. Kevin Hughes, kevinh@eit.com, September 1995!,I;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49743	72.14.155.139	80	5012	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 28, 2024 02:13:04.514012098 CET	287	OUT	GET /icons/folder.gif HTTP/1.1 Host: cpeciadogfoods.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Nov 28, 2024 02:13:05.671521902 CET	509	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:13:05 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Sat, 20 Nov 2004 20:16:24 GMT ETag: "e1-3e9564c23b600" Accept-Ranges: bytes Content-Length: 225 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: image/gif Data Raw: 47 49 46 38 39 61 14 00 16 00 c2 00 00 ff ff ff ff cc 99 cc ff ff 99 66 33 33 33 33 00 00 00 00 00 00 00 00 00 21 fe 4e 54 68 69 73 20 61 72 74 20 69 73 20 69 6e 20 74 68 65 20 70 75 62 6c 69 63 20 64 6f 6d 61 69 6e 2e 20 4b 65 76 69 6e 20 48 75 67 68 65 73 2c 20 6b 65 76 69 6e 68 40 65 69 74 2e 63 6f 6d 2c 20 53 65 70 74 65 6d 62 65 72 20 31 39 39 35 00 21 f9 04 01 00 00 02 00 2c 00 00 00 00 14 00 16 00 00 03 54 28 ba dc fe 30 ca 49 59 b9 f8 ce 12 ba ef 45 c4 7d 64 a6 29 c5 40 7a 6a 89 06 43 2c c7 2b 1c 8e f5 1a 13 57 9e 0f 3c 9c 8f 05 ec 0d 49 45 e1 71 67 3c b2 82 4e 22 34 da 49 52 61 56 98 56 c5 dd c2 78 82 d4 6c 3c 26 80 c3 e6 b4 7a cd 23 2c 4c f0 8c 3b 01 00 3b Data Ascii: GIF89af3333!NThis art is in the public domain. Kevin Hughes, kevinh@eit.com, September 1995!,T(0IYE}d)@zjC,+W<IEqg<N"4IRaVVxl<&z#,L;;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49741	72.14.155.139	80	5012	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 28, 2024 02:13:47.812309980 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49745	72.14.155.139	80	5012	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 28, 2024 02:13:49.624927998 CET	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Connections

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Nov 28, 2024 02:14:13.318126917 CET	13.107.246.63	443	192.168.2.4	49775	CN=*.azureedge.net, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure RSA TLS Issuing CA 04, O=Microsoft Corporation, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=Microsoft Azure RSA TLS Issuing CA 04, O=Microsoft Corporation, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Sep 19 17:30:52 CEST 2024 Thu Jun 08 02:00:00 CEST 2023 Thu Aug 01 14:00:00 CEST 2013	Sun Sep 14 17:30:52 CEST 2025 Wed Aug 26 01:59:59 CEST 2026 Fri Jan 15 13:00:00 CET 2038	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-16-23-65281,29-23-24,0	28a2c9bd18a11de089ef85a160da29e4
					CN=Microsoft Azure RSA TLS Issuing CA 04, O=Microsoft Corporation, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jun 08 02:00:00 CEST 2023	Wed Aug 26 01:59:59 CEST 2026
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Fri Jan 15 13:00:00 CET 2038

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49738	184.30.17.174	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:13:03 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-28 01:13:03 UTC	478	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Server: Kestrel ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-OSID: 2 X-CID: 2 X-CCC: GB Cache-Control: public, max-age=24645 Date: Thu, 28 Nov 2024 01:13:03 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49742	184.30.17.174	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:13:05 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-28 01:13:05 UTC	534	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0SyaoYgAAAACHM3u5nQtYS605XTu+5FyaTE9OMjFFREdFMDIxMgBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=90489 Date: Thu, 28 Nov 2024 01:13:05 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-28 01:13:05 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49746	52.149.20.212	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:13:13 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=NoPb2ngz6GThbOs&MD=lvsP7N3e HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-28 01:13:14 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 34da16e0-2209-42c1-825c-05a4a6ad93d4 MS-RequestId: 0f09b73e-456e-4eb6-9cac-ed7c5abd76c3 MS-CV: ttvGuUbJ+EmczHES.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 28 Nov 2024 01:13:13 GMT Connection: close Content-Length: 24490
2024-11-28 01:13:14 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-28 01:13:14 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49752	52.149.20.212	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:13:53 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=NoPb2ngz6GThbOs&MD=lvsP7N3e HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-28 01:13:54 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 6f22a4e9-62f1-45e3-9e30-768b11ab9515 MS-RequestId: f7d21872-4235-420d-a373-b2940ecc831e MS-CV: RpfGqDGaC0KvEgyi.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 28 Nov 2024 01:13:53 GMT Connection: close Content-Length: 30005
2024-11-28 01:13:54 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-11-28 01:13:54 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.4	49753	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:13:56 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:13:56 UTC	471	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:13:56 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Wed, 27 Nov 2024 15:11:14 GMT ETag: "0x8DD0EF5BC53602D" x-ms-request-id: a5a19dc6-401e-008c-1dff-4086c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011356Z-174f7845968pght8hC1EWRyvxg00000000w0000000009bu8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:13:56 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-28 01:13:57 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-11-28 01:13:57 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-11-28 01:13:57 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-11-28 01:13:57 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-11-28 01:13:57 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-11-28 01:13:57 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-11-28 01:13:57 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-11-28 01:13:57 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-11-28 01:13:57 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.4	49758	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:13:59 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:13:59 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:13:59 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: dc0e4179-901e-005b-2991-3f2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011359Z-174f7845968pf68xhC1EWRr4h80000000y0g0000000068w1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:13:59 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.4	49759	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:13:59 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:13:59 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:13:59 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: 6eac4bdd-a01e-006f-1c91-3f13cd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011359Z-174f7845968swgbqhC1EWRmnb40000000xz00000000028pb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:13:59 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.4	49757	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:13:59 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:13:59 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:13:59 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: 59158d4f-901e-00a0-5491-3f6a6d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011359Z-174f7845968cdxdrhC1EWRg0en0000000xr0000000006ta8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:13:59 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.4	49755	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:13:59 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:13:59 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:13:59 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 0b3277ea-501e-00a0-5e91-3f9d9f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011359Z-174f78459684bddphC1EWRbht40000000xgg000000005kv8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:13:59 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.4	49756	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:00 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:00 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:00 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 2ca1f14f-f01e-001f-3f2a-405dc8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011400Z-174f7845968ljs8phC1EWRe6en0000000xgg00000000ewpy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:00 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.4	49760	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:01 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:02 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:01 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 8ccd6c39-f01e-0085-6e81-3f88ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011401Z-174f78459685m244hC1EWRgp2c0000000xp0000000001ue9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:02 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.4	49763	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:01 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:02 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:01 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 6f96f590-e01e-0099-0e7f-3fda8a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011401Z-174f78459688l8rvhC1EWRtzr00000000aa000000000b3xc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:02 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.4	49762	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:01 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:02 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:01 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 30944020-a01e-0053-5e8b-3f8603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011401Z-174f7845968glpgnhC1EWR7uec0000000xug00000000eth0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:02 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.4	49761	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:01 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:02 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:01 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: f5d49257-301e-005d-758c-3fe448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011401Z-174f7845968cdxdrhC1EWRg0en0000000xkg00000000mpfh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:02 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.4	49764	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:02 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:02 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:02 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: 3360fb1d-601e-0097-3291-3ff33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011402Z-174f78459688l8rvhC1EWRtzr00000000abg000000006vha x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:02 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	49766	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:03 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:04 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:04 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: ed9dfa2a-401e-0015-7891-3f0e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011404Z-174f7845968cpnpfhC1EWR3afc0000000xf0000000000g3y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:04 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49767	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:03 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:04 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:04 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 6eac52fb-a01e-006f-2191-3f13cd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011404Z-174f7845968glpgnhC1EWR7uec0000000xxg000000006p0v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:04 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49768	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:03 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:04 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:04 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: c665a67d-901e-002a-1b91-3f7a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011404Z-174f7845968n2hr8hC1EWR9cag0000000xag00000000efhd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:04 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49769	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:04 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:04 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:04 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: dc0e488f-901e-005b-3891-3f2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011404Z-174f7845968cpnpfhC1EWR3afc0000000x7g00000000mn53 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:04 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49770	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:04 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:05 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:05 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: ff98645e-b01e-0001-1091-3f46e2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011405Z-174f7845968kvnqxhC1EWRmf3g0000000gdg00000000kw4q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:05 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49771	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:06 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:06 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:06 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 417b6c53-401e-0029-0d91-3f9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011406Z-174f7845968j6t2phC1EWRcfe80000000xxg000000005z8u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:06 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49772	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:06 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:06 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:06 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 106d127d-401e-008c-1a91-3f86c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011406Z-174f78459685726chC1EWRsnbg0000000xsg00000000brfx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:06 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49774	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:06 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:06 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:06 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: a99e6065-701e-006f-4d91-3fafc4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011406Z-174f7845968swgbqhC1EWRmnb40000000xug00000000e16n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:06 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49773	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:06 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:06 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:06 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: e9babc56-001e-0049-5291-3f5bd5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011406Z-174f7845968l4kp6hC1EWRe8840000000xzg000000009t6x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:06 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49777	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:08 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:08 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:08 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: b18988de-c01e-0079-2891-3fe51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011408Z-174f78459688l8rvhC1EWRtzr00000000ac0000000005b9q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:08 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49778	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:08 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:15 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:15 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: f5c4af5a-301e-005d-6385-3fe448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011415Z-174f7845968ljs8phC1EWRe6en0000000xq0000000000bzv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:15 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49779	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:08 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:08 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:08 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: f5817373-b01e-003e-3591-3f8e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011408Z-174f7845968psccphC1EWRuz9s0000000y3000000000018d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:08 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49776	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:10 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:11 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:10 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 02716611-001e-00ad-7089-3f554b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011410Z-174f78459685726chC1EWRsnbg0000000xu0000000006yry x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:11 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49780	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:10 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:11 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:10 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: b254496e-901e-0016-2991-3fefe9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011410Z-174f7845968xlwnmhC1EWR0sv80000000xeg00000000k03m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:11 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49781	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:10 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:11 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:10 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 89e88ad2-001e-0065-4491-3f0b73000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011410Z-174f7845968swgbqhC1EWRmnb40000000xv000000000crx6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:11 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49782	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:12 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:13 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:12 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: f440c5dc-801e-0047-7891-3f7265000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011412Z-174f7845968zgtf6hC1EWRqd8s0000000qqg0000000082pf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:13 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49783	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:12 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:13 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:13 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: d8ce9b73-b01e-0097-7b78-404f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011413Z-174f7845968glpgnhC1EWR7uec0000000xwg000000009sq0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:13 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49784	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:12 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:13 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:13 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: c3d74fa2-201e-0003-1d91-3ff85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011413Z-174f7845968vqt9xhC1EWRgten0000000xrg00000000d8cz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:13 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49785	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:15 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:15 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:15 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: baa0830a-001e-0082-4291-3f5880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011415Z-174f78459685726chC1EWRsnbg0000000xvg000000004638 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:15 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49787	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:15 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:15 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:15 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: dc0e5a4e-901e-005b-0191-3f2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011415Z-174f7845968cpnpfhC1EWR3afc0000000xd0000000004swe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:15 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49786	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-28 01:14:15 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-28 01:14:15 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 28 Nov 2024 01:14:15 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: d3507608-601e-003d-4b91-3f6f25000000 x-ms-version: 2018-03-28 x-azure-ref: 20241128T011415Z-174f7845968px8v7hC1EWR08ng0000000xzg00000000abtv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-28 01:14:15 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Target ID:	0
Start time:	20:12:52
Start date:	27/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	20:12:55
Start date:	27/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2232,i,4201566412960782727,16927088746897606580,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	20:13:01
Start date:	27/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cpeciadogfoods.com"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: http://cpeciadogfoods.com/icons/folder.gif	Avira URL Cloud: Label: malware
Source: http://cpeciadogfoods.com/favicon.ico	Avira URL Cloud: Label: malware
Source: http://cpeciadogfoods.com/icons/blank.gif	Avira URL Cloud: Label: malware

Source: Email	Joe Sandbox AI: AI detected Brand spoofing attempt in URL: http://cpeciadogfoods.com
Source: Email	Joe Sandbox AI: AI detected Typosquatting in URL: http://cpeciadogfoods.com

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://cpeciadogfoods.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 40

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Connections

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4624, Parent PID: 2104

General

Chronological Activities

Analysis Process: chrome.exePID: 5012, Parent PID: 4624

General

Chronological Activities

Windows Analysis Report
http://cpeciadogfoods.com