Edit tour

Windows Analysis Report
http://beonlineboo.com

Overview

General Information

Sample URL:	http://beonlineboo.com
Analysis ID:	1566555
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

AI detected suspicious URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2136 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3228 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2196,i,11884593460750183174,4434179635223481577,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6548 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://beonlineboo.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 02 Dec 2024 11:53:29 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Thu, 22 Feb 2024 13:07:08 GMTETag: "2aa6-611f81eeffb81-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 3138Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 bd 5a eb 73 db 36 12 ff ee bf 02 55 a7 d3 24 27 91 96 93 ba b2 22 7b 26 f1 63 d2 99 a4 f1 24 ca dd f5 93 0f 22 21 09 63 88 e0 01 a0 64 35 ed ff 7e bb 00 48 f1 25 ca c9 35 d5 c4 91 48 02 fb c2 ee 6f 1f d2 d1 e4 bb ab f7 97 d3 df 6e af c9 d2 ac 04 b9 fd f4 fa ed 2f 97 a4 37 08 c3 7f 3d bf 0c c3 ab e9 15 f9 f7 9b e9 bb b7 64 18 1c 93 a9 a2 89 e6 86 cb 84 8a 30 bc fe b5 47 7a 4b 63 d2 71 18 6e 36 9b 60 f3 3c 90 6a 11 4e 3f 84 0f 48 6b 88 9b fd c7 81 29 ed 0c 62 13 f7 2e 8e 26 96 e1 c3 4a 24 fa bc 85 cc f0 ec ec cc ed 86 b5 84 4c be 1b 0c e0 8d 90 77 32 e6 73 ce 62 32 57 72 45 cc 92 91 2b 36 e3 34 21 52 f1 05 07 f2 64 2e 15 f9 34 cb 12 93 d9 0d 6f a9 36 24 4b 63 6a 58 3c 26 27 c7 c3 d3 c1 70 38 18 9e da 87 1f 19 1b 13 64 ae 81 bb a0 59 12 2d 53 1a 07 09 33 e1 2c 5b e8 70 78 32 1a 9d 9e 1d c3 da c1 c0 8a b1 64 34 be b0 5b 27 2b 66 a8 dd 3b 60 ff cd f8 fa bc 77 29 13 c3 12 33 98 6e 53 d6 23 91 bb 3a ef 19 f6 60 42 54 e4 25 89 96 54 69 66 ce 3f 4d 6f 06 a3 1e 09 3d 25 c3 8d 60 17 af 52 1a 2d d9 89 97 1d d4 9a d3 4c 18 72 4b 17 20 e3 2f 86 6c a4 ba d7 93 d0 2d 76 1b b5 d9 0a 46 0c f0 f3 6c 22 ad 7b 64 c5 62 4e cf 7b 3a 52 8c 25 d6 7a cf c8 67 bb 61 45 15 d8 68 4c 8e d3 87 f2 df 4b fb 10 14 8f 79 b2 68 7d fa e7 11 fc 37 93 f1 b6 ef fc e4 73 75 c7 73 58 59 fa 7b 79 64 1f cf 68 74 bf 50 32 4b e2 41 24 85 54 63 f2 fd d5 e8 ea f5 f5 89 7f 3e 07 0b 0d e6 74 c5 c5 76 4c fe c9 54 4c 13 da 27 1a 3c 65 a0 99 e2 f3 97 bb 55 9a ff 0e 46 18 0e 53 e3 6e a2 b2 03 2a f8 02 94 89 c0 ca 4c 15 52 c6 7c 1d ac 28 4f ee 52 30 5c 2e a8 74 ce 37 26 8a 09 6a f8 9a 39 32 31 d7 a9 a0 c0 dd d0 99 60 5e ac 0d 8f cd 72 4c 46 c7 c7 85 26 ce 6e 83 99 34 46 ae c6 4e c5 d2 7d c1 e6 66 4c 68 66 64 e5 36 38 e4 b2 72 7f bf 85 9d bd a4 8a 99 1a 78 fe 27 39 13 7f 3b 37 e1 c9 f0 e4 e7 e7 a3 ca 23 eb 06 63 a2 a5 e0 f1 7e db df d8 97 7f 7e c0 80 68 bb 3b f4 75 a6 bc 09 97 cc 69 73 76 96 cb e5 e5 1c 1e 1f ff d0 c1 f4 a7 9b d3 9b 9f f7 d2 d6 29 44 6e d5 37 87 3f 95 8c f3 d3 ce 3a 65 3f 18 21 cb e2 e6 c6 8b 36 93 22 de cb 89 af 16 35 46 cf 4b 7c 5e d4 4f 61 dc 1a 01 48 d4 ba ca 9d 9c df f9 00 d7 9e 6c 24 18 85 6d e8 0b b9 d7 80 0f e4 87 d9 70 a6 2f 08 9a bd 07 e7 78 75 c9 76 c7 0d 5b ed 15 b0 79 82 b9 6c 2f da 1d f4 80 6c f9 cd 63 fb 6a 46 ea 63 e5 a5 b5 93 3a 2d 49 73 5a 3b 0e bf f3 4e b3 08 23 bc e5 8c ff 62 1b d7 18 de e1 e2 3a 1e a2 f9 46 e8 56 ee bd c3 3c 65 af 3e 76 5e dd cd 29 55 ac a6 e3 c8 5b 66 d4 0a e6 23 ff 64 54 11 a5 0a 35 c3 1a d4 78 3c 89 01 ee 58 dc 0a 42 b9 0a 87 c2 be a4 a3 a3 c9 0d d8 35 7a 84 9a 15 25 0b e4 3d 70 fa 6e 6f 26 fa fb 1f 0a de 75 58 c3 3a 83 7c 6f 05 0b 2b 79 ef d4 bb d7 69 97 7b 8d ae cf 2e 5f 9

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=yVSOHvVwbeS3OFh&MD=MPtn6WnN HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=yVSOHvVwbeS3OFh&MD=MPtn6WnN HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: beonlineboo.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icons/ubuntu-logo.png HTTP/1.1Host: beonlineboo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://beonlineboo.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: beonlineboo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://beonlineboo.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icons/ubuntu-logo.png HTTP/1.1Host: beonlineboo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: beonlineboo.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 02 Dec 2024 11:53:30 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 277Keep-Alive: timeout=5, max=98Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 62 65 6f 6e 6c 69 6e 65 62 6f 6f 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at beonlineboo.com Port 80</address></body></html>

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49772 version: TLS 1.2

Source: classification engine

Classification label: mal52.win@16/7@6/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2196,i,11884593460750183174,4434179635223481577,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://beonlineboo.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2196,i,11884593460750183174,4434179635223481577,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://beonlineboo.com	100%	Avira URL Cloud	malware

Name	IP	Active	Malicious	Antivirus Detection	Reputation
beonlineboo.com	179.60.150.123	true	false		high
www.google.com	142.250.181.68	true	false		high

Contacted URLs

Name	Malicious	Reputation
http://beonlineboo.com/	false	high
http://beonlineboo.com/favicon.ico	false	high
http://beonlineboo.com/icons/ubuntu-logo.png	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
179.60.150.123	beonlineboo.com	Belize	43350	NFORCENL	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1566555
Start date and time:	2024-12-02 12:52:29 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 48s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://beonlineboo.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.win@16/7@6/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.205.84, 172.217.19.238, 172.217.21.35, 34.104.35.123, 93.184.221.240, 192.229.221.95, 172.217.17.67
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, otelrules.azureedge.net, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://beonlineboo.com

Input	Output
URL: http://beonlineboo.com Model: Joe Sandbox AI	{ "typosquatting": true, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": true, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": true, "third_party_hosting": false }
URL: http://beonlineboo.com
URL: http://beonlineboo.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: http://beonlineboo.com/ Model: Joe Sandbox AI	{ "brands": [ "Ubuntu" ] }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 119 x 99, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	3338
Entropy (8bit):	7.920043786135125
Encrypted:	false
SSDEEP:	96:y8JICIpZSSG5Lrnx9hZCR95CWB3sv8AimV6G:yEPDRNEsL7
MD5:	5BF8C10887A4300160553FF99B3EE00B
SHA1:	21B29D43ACD3106347EACD8F3A36A38AD7D330EE
SHA-256:	EF6E62D62944C3B838F72816BA8E836FBDB46A8DCFB43BA62A4C387B65306FDB
SHA-512:	7F0B5BBA4AB87B728AF0AD1169BA2A6B11624E7AE08D23377442A2A6280053E4D99C6CCBFD49C87A2977305E2850D6CF356620A188161147D7FFDFEC951293D3
Malicious:	false
Reputation:	low
URL:	http://beonlineboo.com/icons/ubuntu-logo.png
Preview:	.PNG........IHDR...w...c......~......IDATx..].t.H..1.Z................<.....03...t.O.#.VG..,.{.;`..]n...+..r...VV7.r.........l..b.]6.m.69.N.....cj.E.+;.R?.....+...../.e.$Yb..S.....'..Y.8._....."....\}.P...+...........2.I...w...5"q3.._...(..C.g..Bg.....?#q.d.......6i......H..hhl_t.M.N....I$.$.W......H......5...q..:{.[......]s(.. ..uun<..u#q..8q..l.Zz..%..RX=....d..Z..Y.}4[+.7......E.oG.Mu....nCc3..Y....4u.h).).6~..y....=.i..H\7a......fk..t....].V;.#q.p.!.1.Y<H.bG.KU..K.o..mS.v.l.>...y..^...:..N..y}.)..U.]..m........v..+S.M.P..O...t.Q..W..{{(~.F.9++9f.?.^\Q.6..,[t......XOcG.M...rC..7I.<............$......../:.N..].S9.lg.l.tQ.9...8_.gk\.....+Pv......J.%...<qeb..m.%..\2...m...j..4......6.......`.......g.#.`Jo...U?~9U?z.f..F.]1..:...i-.k.I[ROm9.F.W.8.o...u...k..x...;........#...[.e...]....K..E...9.......Rf..kxn\|...J......6.....0%.....&e.5B'....2.U..C.F....#T.s7P_{.y.+..3...H....&g.Km.N........v.:y+.!/.<{.\hPSo...BW...._...F.......>.7.

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 10918
Category:	downloaded
Size (bytes):	3138
Entropy (8bit):	7.9280394923305035
Encrypted:	false
SSDEEP:	96:eXzthX7a8ZEfPlv5BbK2wfvtBL0KJCdt+/:y3W8EfdxhSNBL9n/
MD5:	03780B50B8B5D82FBFF14A38D53458FC
SHA1:	DBE345DC5117C85CDF9E09A2261FC2BE7FBA7FEF
SHA-256:	254A4FFC692C76D04B4A2B7AD9717E3D000F1899D9039A29D8DDCCEF487EFA0E
SHA-512:	F1CC0DF7A0AA8BFFB05A4A890F0A13C5E7496D1A0DAAACDBB0896D6BCC79CF3B158FBDA13D020AC6EE2458B92FFB96E47B0755B31A7625C3AC7F5BC9B64D07A3
Malicious:	false
Reputation:	low
URL:	http://beonlineboo.com/
Preview:	...........Z.s.6....U..$'....."{&.c...$....."!.c....d5..~..H.%..5..H....o........n........./..7...=.........d.........0...GzKc.q.n6.`.<.j.N?..Hk....)..b....&...J$..........L......w2.s.b2WrE..+6.4!R....d...4.....o.6$KcjX<&'....p8.......d....Y.-S...3.,[.px2..........d4..['+f..;`.....w)...3.nS.#..:...`BT.%..Tif.?Mo....=%.`..R.-.....L.rK. ./.l....-v....F...l".{d.bN.{:R.%.z..g.aE..hL....K....y.h}....7.....su.sXY.{yd..ht.P2K.A$.Tc.........>....t..vL..TL..'.<e....U...F..S.n.........L.R.\|..(O.R0\..t.7&..j..921.....`^....rLF..&.n..4F..N..}..fLhfd.68.r.........x.'9..;7.......#..c....~....~..h.;.u.....isv..................)Dn.7.?.....:e?.!....6."....5F.K\|^.Oa...H.......l$..m.......p./.....xu.v..[...y..l/...l..c.jF.c..:-IsZ;...N..#...b......:...F.V..<e.>v^..)U....[f...#.dT...5...x<...X..B..........5z...%..=p.no&.....uX.:.\|o..+y...i.{...._... ...@VK~'?<.UE.SP+}.'......M...b....n..N...\HH........._...p..u.9jX..,..:..LX...r......-Zs........1.....Y.u.

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	277
Entropy (8bit):	5.182877247171256
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIR+knrKXKFABFEcXaoD:J0+oxBeRmR9etdzRxGezH0qrgKFtma+
MD5:	D7FD10ED2F73F18FA08D77BAC2A71259
SHA1:	BF0238155F3D395B5CEA249578C51AB1332E7C79
SHA-256:	2CD2362E38D99E599DC8A5A82526641585AB121E5930D6DD76227DAD15264CB1
SHA-512:	2DCBB1D36BBC1A2699FF957E3D517CA8BD5A6C7D4F9B160CBAAF6E87A5480D3D272FC267D64C14DFDB72B0F823311B13EC0BA8FC45BD1D88F85C3445D1921228
Malicious:	false
Reputation:	low
URL:	http://beonlineboo.com/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<hr>.<address>Apache/2.4.41 (Ubuntu) Server at beonlineboo.com Port 80</address>.</body></html>.

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 119 x 99, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3338
Entropy (8bit):	7.920043786135125
Encrypted:	false
SSDEEP:	96:y8JICIpZSSG5Lrnx9hZCR95CWB3sv8AimV6G:yEPDRNEsL7
MD5:	5BF8C10887A4300160553FF99B3EE00B
SHA1:	21B29D43ACD3106347EACD8F3A36A38AD7D330EE
SHA-256:	EF6E62D62944C3B838F72816BA8E836FBDB46A8DCFB43BA62A4C387B65306FDB
SHA-512:	7F0B5BBA4AB87B728AF0AD1169BA2A6B11624E7AE08D23377442A2A6280053E4D99C6CCBFD49C87A2977305E2850D6CF356620A188161147D7FFDFEC951293D3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...w...c......~......IDATx..].t.H..1.Z................<.....03...t.O.#.VG..,.{.;`..]n...+..r...VV7.r.........l..b.]6.m.69.N.....cj.E.+;.R?.....+...../.e.$Yb..S.....'..Y.8._....."....\}.P...+...........2.I...w...5"q3.._...(..C.g..Bg.....?#q.d.......6i......H..hhl_t.M.N....I$.$.W......H......5...q..:{.[......]s(.. ..uun<..u#q..8q..l.Zz..%..RX=....d..Z..Y.}4[+.7......E.oG.Mu....nCc3..Y....4u.h).).6~..y....=.i..H\7a......fk..t....].V;.#q.p.!.1.Y<H.bG.KU..K.o..mS.v.l.>...y..^...:..N..y}.)..U.]..m........v..+S.M.P..O...t.Q..W..{{(~.F.9++9f.?.^\Q.6..,[t......XOcG.M...rC..7I.<............$......../:.N..].S9.lg.l.tQ.9...8_.gk\.....+Pv......J.%...<qeb..m.%..\2...m...j..4......6.......`.......g.#.`Jo...U?~9U?z.f..F.]1..:...i-.k.I[ROm9.F.W.8.o...u...k..x...;........#...[.e...]....K..E...9.......Rf..kxn\|...J......6.....0%.....&e.5B'....2.U..C.F....#T.s7P_{.y.+..3...H....&g.Km.N........v.:y+.!/.<{.\hPSo...BW...._...F.......>.7.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 2, 2024 12:53:13.839099884 CET	49675	443	192.168.2.4	173.222.162.32
Dec 2, 2024 12:53:23.447572947 CET	49675	443	192.168.2.4	173.222.162.32
Dec 2, 2024 12:53:25.951159954 CET	49737	443	192.168.2.4	142.250.181.68
Dec 2, 2024 12:53:25.951193094 CET	443	49737	142.250.181.68	192.168.2.4
Dec 2, 2024 12:53:25.951246977 CET	49737	443	192.168.2.4	142.250.181.68
Dec 2, 2024 12:53:25.951561928 CET	49737	443	192.168.2.4	142.250.181.68
Dec 2, 2024 12:53:25.951581001 CET	443	49737	142.250.181.68	192.168.2.4
Dec 2, 2024 12:53:26.654766083 CET	49738	443	192.168.2.4	23.218.208.109
Dec 2, 2024 12:53:26.654798985 CET	443	49738	23.218.208.109	192.168.2.4
Dec 2, 2024 12:53:26.654865026 CET	49738	443	192.168.2.4	23.218.208.109
Dec 2, 2024 12:53:26.656246901 CET	49738	443	192.168.2.4	23.218.208.109
Dec 2, 2024 12:53:26.656260014 CET	443	49738	23.218.208.109	192.168.2.4
Dec 2, 2024 12:53:27.643763065 CET	443	49737	142.250.181.68	192.168.2.4
Dec 2, 2024 12:53:27.644486904 CET	49737	443	192.168.2.4	142.250.181.68
Dec 2, 2024 12:53:27.644503117 CET	443	49737	142.250.181.68	192.168.2.4
Dec 2, 2024 12:53:27.645503998 CET	443	49737	142.250.181.68	192.168.2.4
Dec 2, 2024 12:53:27.645554066 CET	49737	443	192.168.2.4	142.250.181.68
Dec 2, 2024 12:53:27.646843910 CET	49737	443	192.168.2.4	142.250.181.68
Dec 2, 2024 12:53:27.646899939 CET	443	49737	142.250.181.68	192.168.2.4
Dec 2, 2024 12:53:27.687987089 CET	49737	443	192.168.2.4	142.250.181.68
Dec 2, 2024 12:53:27.687997103 CET	443	49737	142.250.181.68	192.168.2.4
Dec 2, 2024 12:53:27.740744114 CET	49737	443	192.168.2.4	142.250.181.68
Dec 2, 2024 12:53:28.034665108 CET	443	49738	23.218.208.109	192.168.2.4
Dec 2, 2024 12:53:28.034725904 CET	49738	443	192.168.2.4	23.218.208.109
Dec 2, 2024 12:53:28.036863089 CET	49738	443	192.168.2.4	23.218.208.109
Dec 2, 2024 12:53:28.036870956 CET	443	49738	23.218.208.109	192.168.2.4
Dec 2, 2024 12:53:28.037107944 CET	443	49738	23.218.208.109	192.168.2.4
Dec 2, 2024 12:53:28.077498913 CET	49738	443	192.168.2.4	23.218.208.109
Dec 2, 2024 12:53:28.123320103 CET	443	49738	23.218.208.109	192.168.2.4
Dec 2, 2024 12:53:28.267710924 CET	49739	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:53:28.268099070 CET	49740	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:53:28.329647064 CET	49741	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:53:28.387685061 CET	80	49739	179.60.150.123	192.168.2.4
Dec 2, 2024 12:53:28.387892008 CET	49739	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:53:28.387892008 CET	49739	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:53:28.387999058 CET	80	49740	179.60.150.123	192.168.2.4
Dec 2, 2024 12:53:28.388077974 CET	49740	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:53:28.449661016 CET	80	49741	179.60.150.123	192.168.2.4
Dec 2, 2024 12:53:28.449788094 CET	49741	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:53:28.508160114 CET	80	49739	179.60.150.123	192.168.2.4
Dec 2, 2024 12:53:28.554166079 CET	443	49738	23.218.208.109	192.168.2.4
Dec 2, 2024 12:53:28.554210901 CET	443	49738	23.218.208.109	192.168.2.4
Dec 2, 2024 12:53:28.554359913 CET	49738	443	192.168.2.4	23.218.208.109
Dec 2, 2024 12:53:28.554359913 CET	49738	443	192.168.2.4	23.218.208.109
Dec 2, 2024 12:53:28.554385900 CET	443	49738	23.218.208.109	192.168.2.4
Dec 2, 2024 12:53:28.554414988 CET	49738	443	192.168.2.4	23.218.208.109
Dec 2, 2024 12:53:28.554419994 CET	443	49738	23.218.208.109	192.168.2.4
Dec 2, 2024 12:53:28.591732025 CET	49742	443	192.168.2.4	23.218.208.109
Dec 2, 2024 12:53:28.591792107 CET	443	49742	23.218.208.109	192.168.2.4
Dec 2, 2024 12:53:28.591906071 CET	49742	443	192.168.2.4	23.218.208.109
Dec 2, 2024 12:53:28.592164993 CET	49742	443	192.168.2.4	23.218.208.109
Dec 2, 2024 12:53:28.592192888 CET	443	49742	23.218.208.109	192.168.2.4
Dec 2, 2024 12:53:29.653637886 CET	80	49739	179.60.150.123	192.168.2.4
Dec 2, 2024 12:53:29.653659105 CET	80	49739	179.60.150.123	192.168.2.4
Dec 2, 2024 12:53:29.653666973 CET	80	49739	179.60.150.123	192.168.2.4
Dec 2, 2024 12:53:29.653728008 CET	49739	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:53:29.729749918 CET	49739	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:53:29.850009918 CET	80	49739	179.60.150.123	192.168.2.4
Dec 2, 2024 12:53:30.016223907 CET	443	49742	23.218.208.109	192.168.2.4
Dec 2, 2024 12:53:30.016299009 CET	49742	443	192.168.2.4	23.218.208.109
Dec 2, 2024 12:53:30.017409086 CET	49742	443	192.168.2.4	23.218.208.109
Dec 2, 2024 12:53:30.017431974 CET	443	49742	23.218.208.109	192.168.2.4
Dec 2, 2024 12:53:30.017661095 CET	443	49742	23.218.208.109	192.168.2.4
Dec 2, 2024 12:53:30.018625021 CET	49742	443	192.168.2.4	23.218.208.109
Dec 2, 2024 12:53:30.059336901 CET	443	49742	23.218.208.109	192.168.2.4
Dec 2, 2024 12:53:30.135912895 CET	80	49739	179.60.150.123	192.168.2.4
Dec 2, 2024 12:53:30.135932922 CET	80	49739	179.60.150.123	192.168.2.4
Dec 2, 2024 12:53:30.135946035 CET	80	49739	179.60.150.123	192.168.2.4
Dec 2, 2024 12:53:30.135974884 CET	49739	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:53:30.142191887 CET	49739	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:53:30.262197018 CET	80	49739	179.60.150.123	192.168.2.4
Dec 2, 2024 12:53:30.285525084 CET	49743	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:53:30.401263952 CET	49744	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:53:30.405595064 CET	80	49743	179.60.150.123	192.168.2.4
Dec 2, 2024 12:53:30.405770063 CET	49743	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:53:30.405909061 CET	49743	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:53:30.521483898 CET	80	49744	179.60.150.123	192.168.2.4
Dec 2, 2024 12:53:30.521636963 CET	49744	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:53:30.525855064 CET	80	49743	179.60.150.123	192.168.2.4
Dec 2, 2024 12:53:30.544089079 CET	443	49742	23.218.208.109	192.168.2.4
Dec 2, 2024 12:53:30.544162989 CET	443	49742	23.218.208.109	192.168.2.4
Dec 2, 2024 12:53:30.544250011 CET	49742	443	192.168.2.4	23.218.208.109
Dec 2, 2024 12:53:30.545922041 CET	80	49739	179.60.150.123	192.168.2.4
Dec 2, 2024 12:53:30.548543930 CET	49742	443	192.168.2.4	23.218.208.109
Dec 2, 2024 12:53:30.548578024 CET	443	49742	23.218.208.109	192.168.2.4
Dec 2, 2024 12:53:30.588720083 CET	49739	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:53:31.715962887 CET	80	49743	179.60.150.123	192.168.2.4
Dec 2, 2024 12:53:31.715998888 CET	80	49743	179.60.150.123	192.168.2.4
Dec 2, 2024 12:53:31.716011047 CET	80	49743	179.60.150.123	192.168.2.4
Dec 2, 2024 12:53:31.716064930 CET	49743	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:53:35.546267033 CET	80	49739	179.60.150.123	192.168.2.4
Dec 2, 2024 12:53:35.546324015 CET	49739	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:53:36.215289116 CET	49739	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:53:36.268980980 CET	49745	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:53:36.269006968 CET	443	49745	4.175.87.197	192.168.2.4
Dec 2, 2024 12:53:36.269140959 CET	49745	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:53:36.270020008 CET	49745	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:53:36.270034075 CET	443	49745	4.175.87.197	192.168.2.4
Dec 2, 2024 12:53:36.335360050 CET	80	49739	179.60.150.123	192.168.2.4
Dec 2, 2024 12:53:36.717168093 CET	80	49743	179.60.150.123	192.168.2.4
Dec 2, 2024 12:53:36.717238903 CET	49743	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:53:37.357922077 CET	443	49737	142.250.181.68	192.168.2.4
Dec 2, 2024 12:53:37.357983112 CET	443	49737	142.250.181.68	192.168.2.4
Dec 2, 2024 12:53:37.358154058 CET	49737	443	192.168.2.4	142.250.181.68
Dec 2, 2024 12:53:38.139498949 CET	443	49745	4.175.87.197	192.168.2.4
Dec 2, 2024 12:53:38.139694929 CET	49745	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:53:38.142709017 CET	49745	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:53:38.142723083 CET	443	49745	4.175.87.197	192.168.2.4
Dec 2, 2024 12:53:38.142973900 CET	443	49745	4.175.87.197	192.168.2.4
Dec 2, 2024 12:53:38.197165966 CET	49745	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:53:38.214823008 CET	49743	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:53:38.214864016 CET	49737	443	192.168.2.4	142.250.181.68
Dec 2, 2024 12:53:38.214878082 CET	443	49737	142.250.181.68	192.168.2.4
Dec 2, 2024 12:53:38.334784031 CET	80	49743	179.60.150.123	192.168.2.4
Dec 2, 2024 12:53:39.766326904 CET	49745	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:53:39.807332993 CET	443	49745	4.175.87.197	192.168.2.4
Dec 2, 2024 12:53:40.387790918 CET	443	49745	4.175.87.197	192.168.2.4
Dec 2, 2024 12:53:40.387809038 CET	443	49745	4.175.87.197	192.168.2.4
Dec 2, 2024 12:53:40.387815952 CET	443	49745	4.175.87.197	192.168.2.4
Dec 2, 2024 12:53:40.387836933 CET	443	49745	4.175.87.197	192.168.2.4
Dec 2, 2024 12:53:40.387844086 CET	443	49745	4.175.87.197	192.168.2.4
Dec 2, 2024 12:53:40.387845993 CET	443	49745	4.175.87.197	192.168.2.4
Dec 2, 2024 12:53:40.387887001 CET	49745	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:53:40.387931108 CET	443	49745	4.175.87.197	192.168.2.4
Dec 2, 2024 12:53:40.387948036 CET	49745	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:53:40.387976885 CET	49745	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:53:40.408840895 CET	443	49745	4.175.87.197	192.168.2.4
Dec 2, 2024 12:53:40.408915043 CET	443	49745	4.175.87.197	192.168.2.4
Dec 2, 2024 12:53:40.408924103 CET	49745	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:53:40.408956051 CET	49745	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:53:41.868782997 CET	49745	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:53:41.868808985 CET	443	49745	4.175.87.197	192.168.2.4
Dec 2, 2024 12:53:41.868825912 CET	49745	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:53:41.868833065 CET	443	49745	4.175.87.197	192.168.2.4
Dec 2, 2024 12:53:43.963083029 CET	49723	80	192.168.2.4	199.232.214.172
Dec 2, 2024 12:53:44.083731890 CET	80	49723	199.232.214.172	192.168.2.4
Dec 2, 2024 12:53:44.083785057 CET	49723	80	192.168.2.4	199.232.214.172
Dec 2, 2024 12:54:13.401011944 CET	49740	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:54:13.463366985 CET	49741	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:54:13.521976948 CET	80	49740	179.60.150.123	192.168.2.4
Dec 2, 2024 12:54:13.583399057 CET	80	49741	179.60.150.123	192.168.2.4
Dec 2, 2024 12:54:15.525196075 CET	49744	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:54:15.645207882 CET	80	49744	179.60.150.123	192.168.2.4
Dec 2, 2024 12:54:18.185750008 CET	49751	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:54:18.185794115 CET	443	49751	4.175.87.197	192.168.2.4
Dec 2, 2024 12:54:18.185873985 CET	49751	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:54:18.186206102 CET	49751	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:54:18.186220884 CET	443	49751	4.175.87.197	192.168.2.4
Dec 2, 2024 12:54:19.282710075 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:19.282751083 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:19.282824039 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:19.283149004 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:19.283165932 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:20.068825960 CET	443	49751	4.175.87.197	192.168.2.4
Dec 2, 2024 12:54:20.068918943 CET	49751	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:54:20.072494030 CET	49751	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:54:20.072510004 CET	443	49751	4.175.87.197	192.168.2.4
Dec 2, 2024 12:54:20.072731972 CET	443	49751	4.175.87.197	192.168.2.4
Dec 2, 2024 12:54:20.080904961 CET	49751	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:54:20.127326012 CET	443	49751	4.175.87.197	192.168.2.4
Dec 2, 2024 12:54:20.789376974 CET	443	49751	4.175.87.197	192.168.2.4
Dec 2, 2024 12:54:20.789403915 CET	443	49751	4.175.87.197	192.168.2.4
Dec 2, 2024 12:54:20.789417028 CET	443	49751	4.175.87.197	192.168.2.4
Dec 2, 2024 12:54:20.789491892 CET	49751	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:54:20.789509058 CET	443	49751	4.175.87.197	192.168.2.4
Dec 2, 2024 12:54:20.789566040 CET	49751	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:54:20.831821918 CET	443	49751	4.175.87.197	192.168.2.4
Dec 2, 2024 12:54:20.831856012 CET	443	49751	4.175.87.197	192.168.2.4
Dec 2, 2024 12:54:20.831903934 CET	443	49751	4.175.87.197	192.168.2.4
Dec 2, 2024 12:54:20.831921101 CET	49751	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:54:20.831974030 CET	49751	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:54:20.832099915 CET	49751	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:54:20.832118034 CET	443	49751	4.175.87.197	192.168.2.4
Dec 2, 2024 12:54:20.832127094 CET	49751	443	192.168.2.4	4.175.87.197
Dec 2, 2024 12:54:20.832133055 CET	443	49751	4.175.87.197	192.168.2.4
Dec 2, 2024 12:54:20.898566008 CET	80	49740	179.60.150.123	192.168.2.4
Dec 2, 2024 12:54:20.898638964 CET	49740	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:54:21.070867062 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:21.070971012 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:21.072392941 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:21.072405100 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:21.072614908 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:21.083786011 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:21.131326914 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:21.145581007 CET	80	49741	179.60.150.123	192.168.2.4
Dec 2, 2024 12:54:21.145768881 CET	49741	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:54:21.572952986 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:21.572978020 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:21.572992086 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:21.573049068 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:21.573081017 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:21.573122978 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:21.763000965 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:21.763020039 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:21.763088942 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:21.763118029 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:21.763155937 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:21.809113979 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:21.809135914 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:21.809174061 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:21.809184074 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:21.809207916 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:21.809228897 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:21.938642979 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:21.938663006 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:21.938834906 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:21.938846111 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:21.938895941 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:21.971395969 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:21.971412897 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:21.971465111 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:21.971472979 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:21.971613884 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:21.989295959 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:21.989310980 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:21.989360094 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:21.989367962 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:21.989403963 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.009784937 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.009802103 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.009938955 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.009947062 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.009989023 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.136894941 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.136913061 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.137106895 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.137126923 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.137305021 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.152816057 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.152832985 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.153023958 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.153032064 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.153075933 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.168910980 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.168926001 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.168977976 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.168986082 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.169128895 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.182802916 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.182822943 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.182869911 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.182878017 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.183024883 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.198838949 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.198854923 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.198990107 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.198997021 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.199043036 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.214960098 CET	49740	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:54:22.214962006 CET	49741	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:54:22.316605091 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.316627026 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.316668987 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.316678047 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.316822052 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.316822052 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.320668936 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.320724010 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.320729017 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.320748091 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.320766926 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.320796967 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.320846081 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.320858002 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.320867062 CET	49752	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.320872068 CET	443	49752	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.334992886 CET	80	49740	179.60.150.123	192.168.2.4
Dec 2, 2024 12:54:22.335038900 CET	80	49741	179.60.150.123	192.168.2.4
Dec 2, 2024 12:54:22.366136074 CET	49755	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.366146088 CET	49754	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.366163015 CET	443	49755	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.366163969 CET	443	49754	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.366245031 CET	49755	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.366245985 CET	49754	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.366595984 CET	49755	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.366611004 CET	443	49755	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.366724968 CET	49754	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.366738081 CET	443	49754	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.367903948 CET	49756	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.367933035 CET	443	49756	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.368010044 CET	49756	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.368159056 CET	49756	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.368172884 CET	443	49756	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.369170904 CET	49757	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.369196892 CET	443	49757	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.369761944 CET	49757	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.369828939 CET	49758	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.369837046 CET	443	49758	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.369884014 CET	49758	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.369975090 CET	49758	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.369983912 CET	443	49758	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:22.370026112 CET	49757	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:22.370038986 CET	443	49757	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:23.196875095 CET	80	49744	179.60.150.123	192.168.2.4
Dec 2, 2024 12:54:23.196943045 CET	49744	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:54:23.589046001 CET	49744	80	192.168.2.4	179.60.150.123
Dec 2, 2024 12:54:23.799418926 CET	80	49744	179.60.150.123	192.168.2.4
Dec 2, 2024 12:54:23.903470039 CET	443	49754	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:23.903939962 CET	49754	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:23.903964996 CET	443	49754	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:23.904361010 CET	49754	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:23.904366970 CET	443	49754	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:24.188498020 CET	443	49755	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:24.188786983 CET	443	49756	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:24.188915014 CET	49755	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:24.188931942 CET	443	49755	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:24.189042091 CET	49756	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:24.189068079 CET	443	49756	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:24.189312935 CET	49755	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:24.189317942 CET	443	49755	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:24.189476967 CET	49756	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:24.189481974 CET	443	49756	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:24.210184097 CET	443	49758	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:24.210407972 CET	49758	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:24.210426092 CET	443	49758	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:24.210688114 CET	49758	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:24.210692883 CET	443	49758	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:24.224625111 CET	443	49757	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:24.224927902 CET	49757	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:24.224947929 CET	443	49757	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:24.225239038 CET	49757	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:24.225244045 CET	443	49757	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:24.343516111 CET	443	49754	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:24.343542099 CET	443	49754	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:24.343600035 CET	49754	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:24.343620062 CET	443	49754	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:24.343683004 CET	49754	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:24.343816042 CET	49754	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:24.343823910 CET	443	49754	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:24.343838930 CET	49754	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:24.343970060 CET	443	49754	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:24.344012022 CET	443	49754	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:24.344053984 CET	49754	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:24.346281052 CET	49759	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:24.346313000 CET	443	49759	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:24.346390009 CET	49759	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:24.346549988 CET	49759	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:24.346564054 CET	443	49759	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.037964106 CET	443	49755	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.039386034 CET	443	49755	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.039444923 CET	49755	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.039483070 CET	49755	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.039493084 CET	443	49755	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.039503098 CET	49755	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.039506912 CET	443	49755	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.041651011 CET	49760	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.041697025 CET	443	49760	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.041764975 CET	49760	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.041877031 CET	49760	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.041897058 CET	443	49760	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.041984081 CET	443	49756	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.042010069 CET	443	49756	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.042057991 CET	49756	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.042085886 CET	443	49756	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.042135000 CET	49756	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.042205095 CET	49756	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.042208910 CET	443	49756	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.042234898 CET	49756	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.042331934 CET	443	49756	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.042359114 CET	443	49756	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.042399883 CET	49756	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.043893099 CET	49761	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.043911934 CET	443	49761	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.043976068 CET	49761	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.044111013 CET	49761	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.044121027 CET	443	49761	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.051631927 CET	443	49758	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.051656008 CET	443	49758	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.051692963 CET	49758	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.051702023 CET	443	49758	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.051837921 CET	49758	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.051851034 CET	443	49758	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.051857948 CET	49758	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.051968098 CET	443	49758	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.052000999 CET	443	49758	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.052033901 CET	49758	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.053519964 CET	49762	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.053531885 CET	443	49762	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.053596973 CET	49762	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.053713083 CET	49762	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.053725958 CET	443	49762	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.056329966 CET	443	49757	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.057826042 CET	443	49757	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.057873011 CET	49757	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.057909966 CET	49757	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.057909966 CET	49757	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.057924032 CET	443	49757	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.057931900 CET	443	49757	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.059601068 CET	49763	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.059617043 CET	443	49763	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.059674025 CET	49763	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.059776068 CET	49763	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:25.059789896 CET	443	49763	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:25.871433020 CET	49764	443	192.168.2.4	142.250.181.68
Dec 2, 2024 12:54:25.871469975 CET	443	49764	142.250.181.68	192.168.2.4
Dec 2, 2024 12:54:25.871690035 CET	49764	443	192.168.2.4	142.250.181.68
Dec 2, 2024 12:54:25.871886015 CET	49764	443	192.168.2.4	142.250.181.68
Dec 2, 2024 12:54:25.871900082 CET	443	49764	142.250.181.68	192.168.2.4
Dec 2, 2024 12:54:26.505594015 CET	443	49759	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:26.506043911 CET	49759	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:26.506067991 CET	443	49759	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:26.506495953 CET	49759	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:26.506501913 CET	443	49759	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:26.770437956 CET	443	49762	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:26.771100044 CET	49762	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:26.771142006 CET	443	49762	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:26.771478891 CET	49762	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:26.771492004 CET	443	49762	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:26.822849989 CET	443	49760	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:26.823188066 CET	49760	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:26.823224068 CET	443	49760	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:26.823519945 CET	49760	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:26.823530912 CET	443	49760	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:26.823668957 CET	443	49761	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:26.823893070 CET	49761	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:26.823904991 CET	443	49761	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:26.824162960 CET	49761	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:26.824166059 CET	443	49761	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:26.840837955 CET	443	49763	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:26.841037035 CET	49763	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:26.841046095 CET	443	49763	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:26.841306925 CET	49763	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:26.841312885 CET	443	49763	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:26.950714111 CET	443	49759	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:26.950767994 CET	443	49759	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:26.950831890 CET	49759	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:26.950978994 CET	49759	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:26.951010942 CET	443	49759	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:26.951020002 CET	49759	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:26.951025009 CET	443	49759	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:26.953499079 CET	49765	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:26.953540087 CET	443	49765	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:26.953620911 CET	49765	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:26.953763962 CET	49765	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:26.953778982 CET	443	49765	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.205992937 CET	443	49762	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.206052065 CET	443	49762	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.206115961 CET	49762	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:27.206233025 CET	49762	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:27.206233025 CET	49762	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:27.206289053 CET	443	49762	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.206314087 CET	443	49762	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.208328962 CET	49766	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:27.208352089 CET	443	49766	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.208426952 CET	49766	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:27.208553076 CET	49766	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:27.208564997 CET	443	49766	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.266755104 CET	443	49760	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.266828060 CET	443	49760	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.266911030 CET	49760	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:27.267052889 CET	49760	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:27.267052889 CET	49760	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:27.267075062 CET	443	49760	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.267096043 CET	443	49760	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.268316984 CET	443	49761	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.268374920 CET	443	49761	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.268440008 CET	49761	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:27.268558025 CET	49761	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:27.268574953 CET	443	49761	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.268589020 CET	49761	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:27.268594027 CET	443	49761	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.269656897 CET	49767	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:27.269685984 CET	443	49767	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.269764900 CET	49767	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:27.269886017 CET	49767	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:27.269898891 CET	443	49767	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.270643950 CET	49768	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:27.270684004 CET	443	49768	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.270746946 CET	49768	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:27.270886898 CET	49768	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:27.270903111 CET	443	49768	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.285912991 CET	443	49763	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.285959005 CET	443	49763	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.286000967 CET	49763	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:27.286103010 CET	49763	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:27.286109924 CET	443	49763	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.286149025 CET	49763	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:27.286154032 CET	443	49763	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.287869930 CET	49769	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:27.287893057 CET	443	49769	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.287960052 CET	49769	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:27.288083076 CET	49769	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:27.288096905 CET	443	49769	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:27.609710932 CET	443	49764	142.250.181.68	192.168.2.4
Dec 2, 2024 12:54:27.611263990 CET	49764	443	192.168.2.4	142.250.181.68
Dec 2, 2024 12:54:27.611299992 CET	443	49764	142.250.181.68	192.168.2.4
Dec 2, 2024 12:54:27.611632109 CET	443	49764	142.250.181.68	192.168.2.4
Dec 2, 2024 12:54:27.612030029 CET	49764	443	192.168.2.4	142.250.181.68
Dec 2, 2024 12:54:27.612095118 CET	443	49764	142.250.181.68	192.168.2.4
Dec 2, 2024 12:54:27.666110992 CET	49764	443	192.168.2.4	142.250.181.68
Dec 2, 2024 12:54:28.734246969 CET	443	49765	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:28.734836102 CET	49765	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:28.734870911 CET	443	49765	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:28.735210896 CET	49765	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:28.735217094 CET	443	49765	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:28.986511946 CET	443	49768	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:28.987201929 CET	443	49766	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:28.987690926 CET	49768	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:28.987714052 CET	443	49768	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:28.987999916 CET	49768	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:28.988006115 CET	443	49768	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:28.988195896 CET	49766	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:28.988217115 CET	443	49766	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:28.988573074 CET	49766	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:28.988584042 CET	443	49766	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.051659107 CET	443	49767	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.052124977 CET	49767	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.052135944 CET	443	49767	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.052424908 CET	49767	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.052428961 CET	443	49767	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.094151974 CET	443	49769	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.094430923 CET	49769	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.094446898 CET	443	49769	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.094877005 CET	49769	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.094881058 CET	443	49769	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.180499077 CET	443	49765	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.180546045 CET	443	49765	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.180800915 CET	49765	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.180881023 CET	49765	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.180893898 CET	443	49765	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.180902958 CET	49765	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.180908918 CET	443	49765	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.183602095 CET	49770	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.183629036 CET	443	49770	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.183705091 CET	49770	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.183850050 CET	49770	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.183862925 CET	443	49770	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.425836086 CET	443	49768	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.425896883 CET	443	49768	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.425952911 CET	49768	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.426194906 CET	49768	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.426209927 CET	443	49768	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.426220894 CET	49768	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.426227093 CET	443	49768	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.428817987 CET	49771	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.428849936 CET	443	49771	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.428916931 CET	49771	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.429038048 CET	49771	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.429049969 CET	443	49771	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.435060978 CET	443	49766	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.435110092 CET	443	49766	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.435153008 CET	49766	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.435251951 CET	49766	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.435264111 CET	443	49766	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.435287952 CET	49766	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.435293913 CET	443	49766	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.437144041 CET	49772	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.437179089 CET	443	49772	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.437237024 CET	49772	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.437344074 CET	49772	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.437357903 CET	443	49772	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.503525019 CET	443	49767	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.503577948 CET	443	49767	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.503622055 CET	49767	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.503735065 CET	49767	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.503743887 CET	443	49767	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.503755093 CET	49767	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.503758907 CET	443	49767	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.505608082 CET	49773	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.505645037 CET	443	49773	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.505740881 CET	49773	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.505872011 CET	49773	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.505887032 CET	443	49773	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.539275885 CET	443	49769	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.539335012 CET	443	49769	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.539381981 CET	49769	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.539516926 CET	49769	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.539527893 CET	443	49769	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.539537907 CET	49769	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.539542913 CET	443	49769	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.541735888 CET	49774	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.541749001 CET	443	49774	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:29.541806936 CET	49774	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.541933060 CET	49774	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:29.541943073 CET	443	49774	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.032269001 CET	443	49770	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.032706976 CET	49770	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.032735109 CET	443	49770	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.033128977 CET	49770	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.033134937 CET	443	49770	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.166177034 CET	49724	80	192.168.2.4	199.232.214.172
Dec 2, 2024 12:54:31.215842962 CET	443	49771	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.216296911 CET	49771	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.216317892 CET	443	49771	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.216722965 CET	49771	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.216728926 CET	443	49771	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.217593908 CET	443	49772	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.217825890 CET	49772	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.217849016 CET	443	49772	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.218137026 CET	49772	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.218142986 CET	443	49772	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.285594940 CET	443	49773	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.286051989 CET	49773	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.286081076 CET	443	49773	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.286422014 CET	49773	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.286427021 CET	443	49773	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.286634922 CET	80	49724	199.232.214.172	192.168.2.4
Dec 2, 2024 12:54:31.286699057 CET	49724	80	192.168.2.4	199.232.214.172
Dec 2, 2024 12:54:31.321778059 CET	443	49774	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.322345972 CET	49774	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.322360039 CET	443	49774	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.322714090 CET	49774	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.322721958 CET	443	49774	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.486196995 CET	443	49770	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.486243963 CET	443	49770	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.486304045 CET	49770	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.486489058 CET	49770	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.486510038 CET	443	49770	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.486521006 CET	49770	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.486526012 CET	443	49770	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.489211082 CET	49775	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.489253998 CET	443	49775	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.489334106 CET	49775	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.489495993 CET	49775	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.489512920 CET	443	49775	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.659862995 CET	443	49771	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.659930944 CET	443	49771	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.659981966 CET	49771	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.660089970 CET	49771	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.660110950 CET	443	49771	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.660125971 CET	49771	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.660130978 CET	443	49771	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.661571026 CET	443	49772	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.661624908 CET	443	49772	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.661662102 CET	49772	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.661928892 CET	49772	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.661942959 CET	443	49772	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.661952972 CET	49772	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.661957979 CET	443	49772	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.662399054 CET	49776	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.662422895 CET	443	49776	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.662492990 CET	49776	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.662623882 CET	49776	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.662636995 CET	443	49776	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.664613008 CET	49777	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.664634943 CET	443	49777	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.664688110 CET	49777	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.664813995 CET	49777	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.664828062 CET	443	49777	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.730355024 CET	443	49773	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.730418921 CET	443	49773	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.730465889 CET	49773	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.730670929 CET	49773	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.730684996 CET	443	49773	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.730726004 CET	49773	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.730731010 CET	443	49773	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.738334894 CET	49778	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.738368988 CET	443	49778	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.738431931 CET	49778	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.738605976 CET	49778	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.738620043 CET	443	49778	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.766941071 CET	443	49774	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.766993999 CET	443	49774	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.767041922 CET	49774	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.767188072 CET	49774	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.767193079 CET	443	49774	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.767205954 CET	49774	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.767209053 CET	443	49774	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.769233942 CET	49779	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.769257069 CET	443	49779	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:31.769320011 CET	49779	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.769427061 CET	49779	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:31.769440889 CET	443	49779	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.279429913 CET	443	49775	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.279890060 CET	49775	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.279922962 CET	443	49775	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.280339003 CET	49775	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.280344009 CET	443	49775	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.464395046 CET	443	49776	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.464910984 CET	49776	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.464931011 CET	443	49776	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.465423107 CET	49776	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.465428114 CET	443	49776	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.525218964 CET	443	49778	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.525887012 CET	49778	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.525895119 CET	443	49778	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.526200056 CET	49778	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.526204109 CET	443	49778	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.527995110 CET	443	49777	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.528229952 CET	49777	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.528259039 CET	443	49777	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.528546095 CET	49777	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.528552055 CET	443	49777	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.617429018 CET	443	49779	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.619040012 CET	49779	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.619059086 CET	443	49779	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.620242119 CET	49779	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.620248079 CET	443	49779	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.724323034 CET	443	49775	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.724376917 CET	443	49775	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.724518061 CET	49775	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.724587917 CET	49775	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.724607944 CET	443	49775	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.724627972 CET	49775	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.724633932 CET	443	49775	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.727035999 CET	49780	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.727056980 CET	443	49780	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.727135897 CET	49780	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.727278948 CET	49780	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.727293968 CET	443	49780	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.909787893 CET	443	49776	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.909857035 CET	443	49776	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.909909964 CET	49776	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.910068989 CET	49776	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.910089970 CET	443	49776	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.910099983 CET	49776	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.910104990 CET	443	49776	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.912863970 CET	49781	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.912899971 CET	443	49781	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.912978888 CET	49781	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.913144112 CET	49781	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.913157940 CET	443	49781	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.971271038 CET	443	49778	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.971348047 CET	443	49778	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.971487999 CET	49778	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.971554995 CET	49778	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.971554995 CET	49778	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.971563101 CET	443	49778	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.971570015 CET	443	49778	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.973987103 CET	49782	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.974016905 CET	443	49782	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.974090099 CET	49782	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.974241018 CET	49782	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.974256039 CET	443	49782	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.984496117 CET	443	49777	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.984555960 CET	443	49777	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.984597921 CET	49777	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.984704971 CET	49777	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.984720945 CET	443	49777	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.984731913 CET	49777	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.984740973 CET	443	49777	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.986663103 CET	49783	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.986675978 CET	443	49783	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:33.986749887 CET	49783	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.986885071 CET	49783	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:33.986893892 CET	443	49783	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:34.072156906 CET	443	49779	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:34.072211027 CET	443	49779	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:34.072385073 CET	49779	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:34.072385073 CET	49779	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:34.072385073 CET	49779	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:34.074362993 CET	49784	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:34.074389935 CET	443	49784	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:34.074451923 CET	49784	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:34.074588060 CET	49784	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:34.074601889 CET	443	49784	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:34.385346889 CET	49779	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:34.385370970 CET	443	49779	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:35.516244888 CET	443	49780	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:35.520046949 CET	49780	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:35.520087004 CET	443	49780	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:35.520606041 CET	49780	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:35.520612001 CET	443	49780	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:35.682313919 CET	443	49781	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:35.682813883 CET	49781	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:35.682847023 CET	443	49781	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:35.683248043 CET	49781	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:35.683254957 CET	443	49781	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:35.772661924 CET	443	49783	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:35.773103952 CET	49783	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:35.773113966 CET	443	49783	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:35.773384094 CET	49783	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:35.773389101 CET	443	49783	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:35.820631027 CET	443	49782	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:35.821118116 CET	49782	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:35.821136951 CET	443	49782	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:35.821383953 CET	49782	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:35.821388006 CET	443	49782	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:35.856231928 CET	443	49784	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:35.860901117 CET	49784	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:35.860939026 CET	443	49784	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:35.861305952 CET	49784	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:35.861311913 CET	443	49784	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:35.962213039 CET	443	49780	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:35.962268114 CET	443	49780	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:35.962539911 CET	49780	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:35.962613106 CET	49780	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:35.962629080 CET	443	49780	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:35.962639093 CET	49780	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:35.962644100 CET	443	49780	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:35.965533018 CET	49785	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:35.965579987 CET	443	49785	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:35.965662956 CET	49785	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:35.965806007 CET	49785	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:35.965823889 CET	443	49785	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:36.121054888 CET	443	49781	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:36.121114016 CET	443	49781	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:36.121272087 CET	49781	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.121299028 CET	49781	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.121318102 CET	443	49781	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:36.121328115 CET	49781	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.121334076 CET	443	49781	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:36.123740911 CET	49786	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.123771906 CET	443	49786	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:36.123853922 CET	49786	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.123986006 CET	49786	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.123995066 CET	443	49786	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:36.217850924 CET	443	49783	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:36.217909098 CET	443	49783	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:36.218193054 CET	49783	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.218194008 CET	49783	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.218194008 CET	49783	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.220496893 CET	49787	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.220521927 CET	443	49787	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:36.220588923 CET	49787	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.220714092 CET	49787	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.220726013 CET	443	49787	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:36.275054932 CET	443	49782	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:36.275120974 CET	443	49782	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:36.275331974 CET	49782	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.275377989 CET	49782	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.275394917 CET	443	49782	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:36.275404930 CET	49782	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.275409937 CET	443	49782	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:36.277519941 CET	49788	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.277561903 CET	443	49788	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:36.277719021 CET	49788	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.277858019 CET	49788	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.277873993 CET	443	49788	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:36.300767899 CET	443	49784	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:36.300817013 CET	443	49784	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:36.300997019 CET	49784	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.301160097 CET	49784	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.301160097 CET	49784	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.301173925 CET	443	49784	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:36.301182032 CET	443	49784	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:36.302894115 CET	49789	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.302922010 CET	443	49789	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:36.302997112 CET	49789	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.303143024 CET	49789	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.303153038 CET	443	49789	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:36.525979996 CET	49783	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:36.525995970 CET	443	49783	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:37.305525064 CET	443	49764	142.250.181.68	192.168.2.4
Dec 2, 2024 12:54:37.305586100 CET	443	49764	142.250.181.68	192.168.2.4
Dec 2, 2024 12:54:37.305695057 CET	49764	443	192.168.2.4	142.250.181.68
Dec 2, 2024 12:54:37.812062979 CET	443	49785	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:37.812540054 CET	49785	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:37.812609911 CET	443	49785	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:37.813093901 CET	49785	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:37.813107967 CET	443	49785	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:37.905725002 CET	443	49786	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:37.906265020 CET	49786	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:37.906279087 CET	443	49786	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:37.907170057 CET	49786	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:37.907175064 CET	443	49786	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.001385927 CET	443	49787	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.002075911 CET	49787	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.002104998 CET	443	49787	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.002635002 CET	49787	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.002645969 CET	443	49787	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.085613966 CET	443	49789	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.086086988 CET	49789	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.086097956 CET	443	49789	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.086457968 CET	49789	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.086462975 CET	443	49789	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.124054909 CET	443	49788	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.124397993 CET	49788	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.124423981 CET	443	49788	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.124774933 CET	49788	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.124779940 CET	443	49788	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.214788914 CET	49764	443	192.168.2.4	142.250.181.68
Dec 2, 2024 12:54:38.214812040 CET	443	49764	142.250.181.68	192.168.2.4
Dec 2, 2024 12:54:38.474803925 CET	443	49785	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.474860907 CET	443	49785	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.474924088 CET	443	49786	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.474987030 CET	443	49786	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.475014925 CET	49785	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.475028992 CET	49786	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.475178957 CET	49785	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.475178957 CET	49785	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.475197077 CET	443	49785	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.475204945 CET	49786	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.475208044 CET	443	49785	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.475218058 CET	443	49786	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.475228071 CET	49786	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.475233078 CET	443	49786	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.478194952 CET	49790	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.478212118 CET	49791	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.478221893 CET	443	49790	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.478234053 CET	443	49791	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.478293896 CET	49790	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.478322029 CET	49791	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.478445053 CET	49791	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.478457928 CET	443	49791	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.478487015 CET	49790	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.478502989 CET	443	49790	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.679299116 CET	443	49787	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.679358959 CET	443	49787	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.679555893 CET	49787	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.679582119 CET	49787	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.679595947 CET	443	49787	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.679609060 CET	49787	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.679615974 CET	443	49787	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.681464911 CET	443	49789	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.681515932 CET	443	49789	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.681627035 CET	49789	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.681745052 CET	49789	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.681745052 CET	49789	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.681756973 CET	443	49789	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.681765079 CET	443	49789	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.682157040 CET	49792	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.682194948 CET	443	49792	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.682255030 CET	49792	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.682439089 CET	49792	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.682454109 CET	443	49792	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.683715105 CET	49793	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.683736086 CET	443	49793	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.683809996 CET	49793	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.683933020 CET	49793	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.683947086 CET	443	49793	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.809366941 CET	443	49788	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.809434891 CET	443	49788	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.809561014 CET	49788	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.809592009 CET	49788	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.809607983 CET	443	49788	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.809617043 CET	49788	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.809623003 CET	443	49788	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.811563015 CET	49794	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.811598063 CET	443	49794	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:38.811816931 CET	49794	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.811816931 CET	49794	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:38.811841965 CET	443	49794	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.194107056 CET	443	49790	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.194577932 CET	49790	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.194598913 CET	443	49790	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.195050001 CET	49790	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.195055008 CET	443	49790	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.258675098 CET	443	49791	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.259001970 CET	49791	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.259011984 CET	443	49791	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.259361982 CET	49791	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.259366989 CET	443	49791	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.466022968 CET	443	49793	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.466362000 CET	49793	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.466409922 CET	443	49793	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.466715097 CET	49793	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.466742992 CET	443	49793	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.529618025 CET	443	49792	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.529921055 CET	49792	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.529946089 CET	443	49792	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.530220985 CET	49792	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.530225039 CET	443	49792	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.629463911 CET	443	49790	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.629508972 CET	443	49790	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.629565954 CET	49790	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.629695892 CET	49790	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.629709959 CET	443	49790	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.629722118 CET	49790	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.629726887 CET	443	49790	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.632558107 CET	49795	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.632620096 CET	443	49795	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.632695913 CET	49795	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.632806063 CET	49795	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.632836103 CET	443	49795	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.703912973 CET	443	49794	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.704240084 CET	49794	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.704256058 CET	443	49794	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.704570055 CET	49794	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.704574108 CET	443	49794	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.733719110 CET	443	49791	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.733764887 CET	443	49791	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.733799934 CET	49791	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.733948946 CET	49791	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.733948946 CET	49791	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.733959913 CET	443	49791	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.733968019 CET	443	49791	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.736030102 CET	49796	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.736049891 CET	443	49796	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.736105919 CET	49796	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.736223936 CET	49796	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.736243963 CET	443	49796	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.910514116 CET	443	49793	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.910568953 CET	443	49793	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.910633087 CET	49793	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.910737038 CET	49793	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.910737991 CET	49793	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.910768986 CET	443	49793	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.910809040 CET	443	49793	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.912616968 CET	49797	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.912637949 CET	443	49797	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.912689924 CET	49797	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.912795067 CET	49797	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.912803888 CET	443	49797	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.983656883 CET	443	49792	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.983701944 CET	443	49792	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.983750105 CET	49792	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.983843088 CET	49792	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.983843088 CET	49792	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.983853102 CET	443	49792	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.983860970 CET	443	49792	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.985703945 CET	49798	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.985716105 CET	443	49798	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:40.985769987 CET	49798	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.985910892 CET	49798	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:40.985923052 CET	443	49798	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:41.148236990 CET	443	49794	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:41.148293018 CET	443	49794	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:41.148341894 CET	49794	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:41.148510933 CET	49794	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:41.148518085 CET	443	49794	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:41.148525953 CET	49794	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:41.148533106 CET	443	49794	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:41.150506020 CET	49799	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:41.150526047 CET	443	49799	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:41.150604010 CET	49799	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:41.150708914 CET	49799	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:41.150721073 CET	443	49799	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.397655964 CET	443	49795	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.398032904 CET	49795	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:42.398052931 CET	443	49795	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.398437977 CET	49795	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:42.398446083 CET	443	49795	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.453090906 CET	443	49796	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.453430891 CET	49796	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:42.453454971 CET	443	49796	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.453808069 CET	49796	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:42.453814030 CET	443	49796	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.700491905 CET	443	49798	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.700825930 CET	49798	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:42.700836897 CET	443	49798	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.701179028 CET	49798	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:42.701184034 CET	443	49798	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.766005039 CET	443	49797	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.766277075 CET	49797	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:42.766292095 CET	443	49797	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.766634941 CET	49797	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:42.766639948 CET	443	49797	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.888586044 CET	443	49795	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.888643980 CET	443	49795	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.888691902 CET	49795	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:42.888811111 CET	49795	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:42.888832092 CET	443	49795	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.888844967 CET	49795	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:42.888850927 CET	443	49795	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.890965939 CET	49800	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:42.891004086 CET	443	49800	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.891073942 CET	49800	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:42.891212940 CET	49800	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:42.891232014 CET	443	49800	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.891505957 CET	443	49796	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.891556978 CET	443	49796	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.891597033 CET	49796	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:42.891675949 CET	49796	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:42.891686916 CET	443	49796	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.891695023 CET	49796	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:42.891699076 CET	443	49796	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.893537045 CET	49801	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:42.893568993 CET	443	49801	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.893640041 CET	49801	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:42.893759012 CET	49801	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:42.893776894 CET	443	49801	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.931962013 CET	443	49799	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.932296991 CET	49799	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:42.932312012 CET	443	49799	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:42.932676077 CET	49799	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:42.932679892 CET	443	49799	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:43.136113882 CET	443	49798	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:43.136173010 CET	443	49798	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:43.136220932 CET	49798	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:43.136295080 CET	49798	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:43.136295080 CET	49798	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:43.136308908 CET	443	49798	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:43.136317015 CET	443	49798	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:43.138123989 CET	49802	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:43.138139963 CET	443	49802	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:43.138202906 CET	49802	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:43.138318062 CET	49802	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:43.138330936 CET	443	49802	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:43.221954107 CET	443	49797	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:43.222002029 CET	443	49797	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:43.222048998 CET	49797	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:43.222212076 CET	49797	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:43.222222090 CET	443	49797	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:43.222230911 CET	49797	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:43.222234964 CET	443	49797	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:43.223985910 CET	49803	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:43.224009037 CET	443	49803	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:43.224069118 CET	49803	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:43.224181890 CET	49803	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:43.224200964 CET	443	49803	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:43.379235983 CET	443	49799	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:43.379302979 CET	443	49799	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:43.379342079 CET	49799	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:43.379440069 CET	49799	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:43.379455090 CET	443	49799	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:43.379471064 CET	49799	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:43.379475117 CET	443	49799	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:43.382684946 CET	49804	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:43.382723093 CET	443	49804	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:43.382775068 CET	49804	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:43.383104086 CET	49804	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:43.383120060 CET	443	49804	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:44.949227095 CET	443	49801	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:44.949454069 CET	443	49800	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:44.950097084 CET	49801	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:44.950098038 CET	49801	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:44.950124979 CET	443	49801	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:44.950141907 CET	443	49801	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:44.950407028 CET	49800	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:44.950428009 CET	443	49800	13.107.246.63	192.168.2.4
Dec 2, 2024 12:54:44.950870037 CET	49800	443	192.168.2.4	13.107.246.63
Dec 2, 2024 12:54:44.950875998 CET	443	49800	13.107.246.63	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 2, 2024 12:53:21.925817013 CET	53	53241	1.1.1.1	192.168.2.4
Dec 2, 2024 12:53:22.000046968 CET	53	62309	1.1.1.1	192.168.2.4
Dec 2, 2024 12:53:24.657757044 CET	53	64922	1.1.1.1	192.168.2.4
Dec 2, 2024 12:53:25.807255030 CET	62240	53	192.168.2.4	1.1.1.1
Dec 2, 2024 12:53:25.807395935 CET	57341	53	192.168.2.4	1.1.1.1
Dec 2, 2024 12:53:25.944648981 CET	53	57341	1.1.1.1	192.168.2.4
Dec 2, 2024 12:53:25.950388908 CET	53	62240	1.1.1.1	192.168.2.4
Dec 2, 2024 12:53:27.555489063 CET	49598	53	192.168.2.4	1.1.1.1
Dec 2, 2024 12:53:27.555794001 CET	59247	53	192.168.2.4	1.1.1.1
Dec 2, 2024 12:53:28.266910076 CET	53	49598	1.1.1.1	192.168.2.4
Dec 2, 2024 12:53:28.267035007 CET	53	59247	1.1.1.1	192.168.2.4
Dec 2, 2024 12:53:30.144969940 CET	51761	53	192.168.2.4	1.1.1.1
Dec 2, 2024 12:53:30.145102024 CET	49778	53	192.168.2.4	1.1.1.1
Dec 2, 2024 12:53:30.283576965 CET	53	49778	1.1.1.1	192.168.2.4
Dec 2, 2024 12:53:30.285000086 CET	53	51761	1.1.1.1	192.168.2.4
Dec 2, 2024 12:53:41.665555954 CET	53	65398	1.1.1.1	192.168.2.4
Dec 2, 2024 12:53:42.764894962 CET	138	138	192.168.2.4	192.168.2.255
Dec 2, 2024 12:54:00.649405956 CET	53	60744	1.1.1.1	192.168.2.4
Dec 2, 2024 12:54:21.776640892 CET	53	61331	1.1.1.1	192.168.2.4
Dec 2, 2024 12:54:23.816762924 CET	53	57934	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 2, 2024 12:53:25.807255030 CET	192.168.2.4	1.1.1.1	0xe52f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 2, 2024 12:53:25.807395935 CET	192.168.2.4	1.1.1.1	0xbacf	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 2, 2024 12:53:27.555489063 CET	192.168.2.4	1.1.1.1	0x4648	Standard query (0)	beonlineboo.com	A (IP address)	IN (0x0001)	false
Dec 2, 2024 12:53:27.555794001 CET	192.168.2.4	1.1.1.1	0x13af	Standard query (0)	beonlineboo.com	65	IN (0x0001)	false
Dec 2, 2024 12:53:30.144969940 CET	192.168.2.4	1.1.1.1	0xd549	Standard query (0)	beonlineboo.com	A (IP address)	IN (0x0001)	false
Dec 2, 2024 12:53:30.145102024 CET	192.168.2.4	1.1.1.1	0xd626	Standard query (0)	beonlineboo.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 2, 2024 12:53:25.944648981 CET	1.1.1.1	192.168.2.4	0xbacf	No error (0)	www.google.com		65	IN (0x0001)	false
Dec 2, 2024 12:53:25.950388908 CET	1.1.1.1	192.168.2.4	0xe52f	No error (0)	www.google.com	142.250.181.68	A (IP address)	IN (0x0001)	false
Dec 2, 2024 12:53:28.266910076 CET	1.1.1.1	192.168.2.4	0x4648	No error (0)	beonlineboo.com	179.60.150.123	A (IP address)	IN (0x0001)	false
Dec 2, 2024 12:53:30.285000086 CET	1.1.1.1	192.168.2.4	0xd549	No error (0)	beonlineboo.com	179.60.150.123	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

slscr.update.microsoft.com

otelrules.azureedge.net

beonlineboo.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49739	179.60.150.123	80	3228	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Dec 2, 2024 12:53:28.387892008 CET	430	OUT	GET / HTTP/1.1 Host: beonlineboo.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 2, 2024 12:53:29.653637886 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:53:29 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Thu, 22 Feb 2024 13:07:08 GMT ETag: "2aa6-611f81eeffb81-gzip" Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3138 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html Data Raw: 1f 8b 08 00 00 00 00 00 00 03 bd 5a eb 73 db 36 12 ff ee bf 02 55 a7 d3 24 27 91 96 93 ba b2 22 7b 26 f1 63 d2 99 a4 f1 24 ca dd f5 93 0f 22 21 09 63 88 e0 01 a0 64 35 ed ff 7e bb 00 48 f1 25 ca c9 35 d5 c4 91 48 02 fb c2 ee 6f 1f d2 d1 e4 bb ab f7 97 d3 df 6e af c9 d2 ac 04 b9 fd f4 fa ed 2f 97 a4 37 08 c3 7f 3d bf 0c c3 ab e9 15 f9 f7 9b e9 bb b7 64 18 1c 93 a9 a2 89 e6 86 cb 84 8a 30 bc fe b5 47 7a 4b 63 d2 71 18 6e 36 9b 60 f3 3c 90 6a 11 4e 3f 84 0f 48 6b 88 9b fd c7 81 29 ed 0c 62 13 f7 2e 8e 26 96 e1 c3 4a 24 fa bc 85 cc f0 ec ec cc ed 86 b5 84 4c be 1b 0c e0 8d 90 77 32 e6 73 ce 62 32 57 72 45 cc 92 91 2b 36 e3 34 21 52 f1 05 07 f2 64 2e 15 f9 34 cb 12 93 d9 0d 6f a9 36 24 4b 63 6a 58 3c 26 27 c7 c3 d3 c1 70 38 18 9e da 87 1f 19 1b 13 64 ae 81 bb a0 59 12 2d 53 1a 07 09 33 e1 2c 5b e8 70 78 32 1a 9d 9e 1d c3 da c1 c0 8a b1 64 34 be b0 5b 27 2b 66 a8 dd 3b 60 ff cd f8 fa bc 77 29 13 c3 12 33 98 6e 53 d6 23 91 bb 3a ef 19 f6 60 42 54 e4 25 89 96 54 69 66 ce 3f 4d 6f 06 a3 1e 09 3d 25 c3 8d 60 [TRUNCATED] Data Ascii: Zs6U$'"{&c$"!cd5~H%5Hon/7=d0GzKcqn6`<jN?Hk)b.&J$Lw2sb2WrE+64!Rd.4o6$KcjX<&'p8dY-S3,[px2d4['+f;`w)3nS#:`BT%Tif?Mo=%`R-LrK /l-vFl"{dbN{:R%zgaEhLKyh}7susXY{ydhtP2KA$Tc>tvLTL'<eUFSn*LR\|(OR0\.t7&j921`^rLF&n4FN}fLhfd68rx'9;7#c~~h;uisv)Dn7?:e?!6"5FK\|^OaHl$mp/xuv[yl/lcjFc:-IsZ;N#b:FV<e>v^)U[f#dT5x<XB5z%=pno&uX:\|o+yi{._ @VK~'?
Dec 2, 2024 12:53:29.653659105 CET	1236	IN	Data Raw: 3c 2a f9 55 45 be 53 50 2b 7d de 27 d7 e5 d5 c9 f0 c5 4d d7 f6 85 62 db fd fb cf 6e ce 9e 8f 4e 8b fd c1 5c 48 48 af c9 e2 8e 09 b6 02 d1 0e e4 5f bb fc 0b 70 a1 df 75 ec 39 6a 58 f3 c4 2c 92 8a 3a 9e 89 4c 58 87 95 0f 72 1d 0b 9e dc f7 0f 2d 5a Data Ascii: <*UESP+}'MbnN\HH_pu9jX,:LXr-Zs1Yu-GRuNU=KJv-(V^^\C~r%k$#CVa#Ss)J{V}Z@Ql-XhB0=@d#T@';pshPKdmyon!Z
Dec 2, 2024 12:53:29.653666973 CET	1005	IN	Data Raw: 77 16 04 92 79 49 17 33 c0 3e c8 4d cc aa 28 20 45 31 6b 30 2b 45 2b 5a 96 5e 20 90 5c 79 f3 26 2e 33 68 87 c4 45 79 e2 b1 05 b2 af 36 d2 41 30 4d b6 80 c6 2d 79 f5 2f 32 e2 65 43 69 34 5d 01 4b e5 30 0b ad 89 fb 87 8e a4 1c 62 6e 8b 55 12 1f 55 Data Ascii: wyI3>M( E1k0+E+Z^ \y&.3hEy6A0M-y/2eCi4]K0bnUU"?9Rq`lkPzfQ&)3 *B@#]`6k6YJ]\12;y[@UzJtq]W%M<BaA?t1q5"+%X rEOXG
Dec 2, 2024 12:53:29.729749918 CET	384	OUT	GET /icons/ubuntu-logo.png HTTP/1.1 Host: beonlineboo.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://beonlineboo.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 2, 2024 12:53:30.135912895 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:53:29 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Wed, 17 Jul 2024 18:58:09 GMT ETag: "d0a-61d760b0cd240" Accept-Ranges: bytes Content-Length: 3338 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: image/png Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 77 00 00 00 63 08 06 00 00 00 a1 7e 9f 07 00 00 0c d1 49 44 41 54 78 da ec 5d 05 74 e3 48 16 cc 31 a3 5a cb cc cc cc 18 b5 b2 cc cc cc cc cc cc cc cc cc 3c cc cc 14 b5 ec 30 33 93 fe a9 74 19 4f 2e 23 d9 56 47 1e e7 2c d5 7b b5 3b 60 f7 c4 5d 6e aa ff 7f 2b 8f 88 72 8e 8b 0f 56 56 37 b8 72 9a c1 d5 9b 85 c6 9e b5 f9 99 e0 6c b2 cd 62 9b 5d 36 ab 6d ce 36 39 fb 4e e8 ca ab 86 ae dc 63 6a ca 45 82 2b 3b e6 52 3f e4 cc 07 89 e5 2b 9b d8 e2 dc d0 2f a2 65 93 24 59 62 e8 ea 53 b6 e0 fb 8d dc 27 ef b7 91 b8 59 a2 38 e0 5f ff b0 c5 b8 dd e6 22 08 93 01 d6 99 5c 7d bd 50 fb f7 e6 91 b8 2b 88 f3 8f c9 fb bd e0 ec 0a 93 ab b5 32 a2 49 b0 0f d3 77 a1 fe ef 35 22 71 33 c5 bc bc 5f 09 8d 9d 28 b8 12 43 a7 67 81 1d 42 67 0f c4 0e ff e7 3f 23 71 03 64 a1 be d2 fa 82 b3 a9 36 69 18 b0 ce e0 ec f8 48 dc 00 68 68 6c 5f 74 a8 4d 1a 4e c4 2e 1b b3 49 24 ae 24 05 57 2e 14 9c f5 d8 a4 e1 48 93 b3 cf e7 ef a3 fe 35 12 d7 07 71 0c 11 3a 7b 2e 5b a2 95 9c b7 07 95 5d [TRUNCATED] Data Ascii: PNGIHDRwc~IDATx]tH1Z<03tO.#VG,{;`]n+rVV7rlb]6m69NcjE+;R?+/e$YbS'Y8_"\}P+2Iw5"q3_(CgBg?#qd6iHhhl_tMN.I$$W.H5q:{.[]s( uun<u#q8qlZz%RX=dZY}4[+7EoGMunCc3Y4uh))6~y=iH\7afkt]V;#qp!1Y<HbGKUKomSvl>y^*:Ny})U]mv+SMPOtQW{{(~F9++9f?^\Q6,[tXOcGMrC7I<$/:N]S9lgltQ98_gk\+PvJ%<qebm%\2mj46.`g#`JoU?~9U?zfF]1:i-kI[ROm9FW8oukx;#[e]KE9Rfkxn\|J.60%&e5B'2UCF#Ts7P_{y+3H&gKmN
Dec 2, 2024 12:53:30.135932922 CET	1236	IN	Data Raw: f3 86 76 94 3a 79 2b ea a9 2a 21 2f d4 3c 7b bd 5c 68 50 53 6f 0c 8d b8 42 57 ae 93 e9 a4 d6 b1 5f 91 07 e0 46 05 13 19 ba 9c e3 8b e2 3e eb 37 d7 e3 e8 25 d3 ee e4 d0 88 6b 70 75 a2 df 0e 8a 1f bf 89 b3 a6 ba a1 65 d4 a7 81 fa cc b5 2f de e2 ed Data Ascii: v:y+!/<{\hPSoBW_F>7%kpue/1?~LV\cNup{J#Pl1Anj!9/J2>{2%0M["gySuW[>s=\Wf^1Is3Gr_sJo=@]h_27 =
Dec 2, 2024 12:53:30.135946035 CET	1151	IN	Data Raw: 99 bf 21 5d 9a cd 12 95 7b 91 b8 2e 26 c7 7b c3 ec 12 6d 21 7b 15 42 24 ae 0b 4d 9d 9d 83 7b 8d b3 2c 6c 0f ae 32 94 8f cf 46 e2 26 cf 9c d4 d8 1d 59 b9 dd 55 63 9f e1 2e 8f e8 d1 33 19 26 1c 20 83 b3 97 04 67 bd 99 16 f5 bf 57 3c a8 7b 44 0f 8d Data Ascii: !]{.&{m!{B$M{,l2F&YUc.3& gW<{D#iMVpe<v<\|:j$WZY8_l)es87b6Bc:;~O2z)/O%9amkmmmm:[uTv*4_.::tWp5.
Dec 2, 2024 12:53:30.142191887 CET	374	OUT	GET /favicon.ico HTTP/1.1 Host: beonlineboo.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://beonlineboo.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 2, 2024 12:53:30.545922041 CET	493	IN	HTTP/1.1 404 Not Found Date: Mon, 02 Dec 2024 11:53:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 277 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 62 65 6f 6e 6c 69 6e 65 62 6f 6f 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at beonlineboo.com Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49743	179.60.150.123	80	3228	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Dec 2, 2024 12:53:30.405909061 CET	289	OUT	GET /icons/ubuntu-logo.png HTTP/1.1 Host: beonlineboo.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 2, 2024 12:53:31.715962887 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:53:31 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Wed, 17 Jul 2024 18:58:09 GMT ETag: "d0a-61d760b0cd240" Accept-Ranges: bytes Content-Length: 3338 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: image/png Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 77 00 00 00 63 08 06 00 00 00 a1 7e 9f 07 00 00 0c d1 49 44 41 54 78 da ec 5d 05 74 e3 48 16 cc 31 a3 5a cb cc cc cc 18 b5 b2 cc cc cc cc cc cc cc cc cc 3c cc cc 14 b5 ec 30 33 93 fe a9 74 19 4f 2e 23 d9 56 47 1e e7 2c d5 7b b5 3b 60 f7 c4 5d 6e aa ff 7f 2b 8f 88 72 8e 8b 0f 56 56 37 b8 72 9a c1 d5 9b 85 c6 9e b5 f9 99 e0 6c b2 cd 62 9b 5d 36 ab 6d ce 36 39 fb 4e e8 ca ab 86 ae dc 63 6a ca 45 82 2b 3b e6 52 3f e4 cc 07 89 e5 2b 9b d8 e2 dc d0 2f a2 65 93 24 59 62 e8 ea 53 b6 e0 fb 8d dc 27 ef b7 91 b8 59 a2 38 e0 5f ff b0 c5 b8 dd e6 22 08 93 01 d6 99 5c 7d bd 50 fb f7 e6 91 b8 2b 88 f3 8f c9 fb bd e0 ec 0a 93 ab b5 32 a2 49 b0 0f d3 77 a1 fe ef 35 22 71 33 c5 bc bc 5f 09 8d 9d 28 b8 12 43 a7 67 81 1d 42 67 0f c4 0e ff e7 3f 23 71 03 64 a1 be d2 fa 82 b3 a9 36 69 18 b0 ce e0 ec f8 48 dc 00 68 68 6c 5f 74 a8 4d 1a 4e c4 2e 1b b3 49 24 ae 24 05 57 2e 14 9c f5 d8 a4 e1 48 93 b3 cf e7 ef a3 fe 35 12 d7 07 71 0c 11 3a 7b 2e 5b a2 95 9c b7 07 95 5d [TRUNCATED] Data Ascii: PNGIHDRwc~IDATx]tH1Z<03tO.#VG,{;`]n+rVV7rlb]6m69NcjE+;R?+/e$YbS'Y8_"\}P+2Iw5"q3_(CgBg?#qd6iHhhl_tMN.I$$W.H5q:{.[]s( uun<u#q8qlZz%RX=dZY}4[+7EoGMunCc3Y4uh))6~y=iH\7afkt]V;#qp!1Y<HbGKUKomSvl>y^*:Ny})U]mv+SMPOtQW{{(~F9++9f?^\Q6,[tXOcGMrC7I<$/:N]S9lgltQ98_gk\+PvJ%<qebm%\2mj46.`g#`JoU?~9U?zfF]1:i-kI[ROm9FW8oukx;#[e]KE9Rfkxn\|J.60%&e5B'2UCF#Ts7P_{y+3H&gKmN
Dec 2, 2024 12:53:31.715998888 CET	1236	IN	Data Raw: 81 f3 86 76 94 3a 79 2b ea a9 2a 21 2f d4 3c 7b bd 5c 68 50 53 6f 0c 8d b8 42 57 ae 93 e9 a4 d6 b1 5f 91 07 e0 46 05 13 19 ba 9c e3 8b e2 3e eb 37 d7 e3 e8 25 d3 ee e4 d0 88 6b 70 75 a2 df 0e 8a 1f bf 89 b3 a6 ba a1 65 d4 a7 81 fa cc b5 2f de e2 Data Ascii: v:y+!/<{\hPSoBW_F>7%kpue/1?~LV\cNup{J#Pl1Anj!9/J2>{2%0M["gySuW[>s=\Wf^1Is3Gr_sJo=@]h_27
Dec 2, 2024 12:53:31.716011047 CET	1152	IN	Data Raw: 32 99 bf 21 5d 9a cd 12 95 7b 91 b8 2e 26 c7 7b c3 ec 12 6d 21 7b 15 42 24 ae 0b 4d 9d 9d 83 7b 8d b3 2c 6c 0f ae 32 94 8f cf 46 e2 26 cf 9c d4 d8 1d 59 b9 dd 55 63 9f e1 2e 8f e8 d1 33 19 26 1c 20 83 b3 97 04 67 bd 99 16 f5 bf 57 3c a8 7b 44 0f Data Ascii: 2!]{.&{m!{B$M{,l2F&YUc.3& gW<{D#iMVpe<v<\|:j$WZY8_l)es87b6Bc:;~O2z)/O%9amkmmmm:[uTv*4_.::tWp5.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	179.60.150.123	80	3228	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Dec 2, 2024 12:54:13.401011944 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49741	179.60.150.123	80	3228	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Dec 2, 2024 12:54:13.463366985 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49744	179.60.150.123	80	3228	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Dec 2, 2024 12:54:15.525196075 CET	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49738	23.218.208.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:53:28 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-12-02 11:53:28 UTC	479	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Server: Kestrel ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-OSID: 2 X-CID: 2 X-CCC: GB Cache-Control: public, max-age=113592 Date: Mon, 02 Dec 2024 11:53:28 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49742	23.218.208.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:53:30 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-12-02 11:53:30 UTC	535	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=173514 Date: Mon, 02 Dec 2024 11:53:30 GMT Content-Length: 55 Connection: close X-CID: 2
2024-12-02 11:53:30 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49745	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:53:39 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=yVSOHvVwbeS3OFh&MD=MPtn6WnN HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-12-02 11:53:40 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: ef5eeb20-02bb-434d-b15b-d0f26b9af12e MS-RequestId: c5744cdd-bbb2-480c-af56-e685a6ea5024 MS-CV: 7Qw251pcak6ScgGi.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 02 Dec 2024 11:53:39 GMT Connection: close Content-Length: 24490
2024-12-02 11:53:40 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-12-02 11:53:40 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49751	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:20 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=yVSOHvVwbeS3OFh&MD=MPtn6WnN HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-12-02 11:54:20 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 0d726f1e-44bd-4c67-b868-19d60f915512 MS-RequestId: f2b59fe2-8b85-47f0-8b69-fa0d6e9227de MS-CV: 8NXOgK/ha0SmYwun.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 02 Dec 2024 11:54:20 GMT Connection: close Content-Length: 30005
2024-12-02 11:54:20 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-12-02 11:54:20 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.4	49752	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:21 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:21 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:21 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Fri, 29 Nov 2024 23:15:49 GMT ETag: "0x8DD10CBC2E3B852" x-ms-request-id: 82d9e4b2-501e-007b-3a87-435ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115421Z-174f7845968px8v7hC1EWR08ng00000014kg000000008t1r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:21 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-12-02 11:54:21 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-12-02 11:54:21 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-12-02 11:54:21 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-12-02 11:54:21 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-12-02 11:54:21 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-12-02 11:54:22 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-12-02 11:54:22 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-12-02 11:54:22 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-12-02 11:54:22 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.4	49754	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:23 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:24 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:24 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 748acc8f-d01e-0082-56a3-42e489000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115424Z-174f78459684db9fhC1EWRc7g400000004eg0000000039xq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:24 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.4	49755	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:24 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:24 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: 59158d4f-901e-00a0-5491-3f6a6d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115424Z-174f78459688l8rvhC1EWRtzr00000000h000000000052ef x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:25 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.4	49756	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:24 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:25 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:24 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 0a3cdbcf-401e-0016-597f-3f53e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115424Z-174f7845968nxc96hC1EWRspw80000001440000000005u0d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:25 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.4	49758	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:24 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:25 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:24 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: d2130280-a01e-006f-03c7-4313cd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115424Z-174f7845968psccphC1EWRuz9s00000014m0000000007sh4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:25 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.4	49757	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:24 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:24 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 2c78b3d6-001e-0017-21e0-430c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115424Z-174f7845968xr5c2hC1EWRd0hn0000000p800000000054aw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:25 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.4	49759	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:26 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:26 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 8639caee-c01e-0066-28c7-43a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115426Z-174f78459684bddphC1EWRbht4000000140000000000azat x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:26 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.4	49762	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:26 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:27 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: f20189e0-201e-005d-0f7c-43afb3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115427Z-174f7845968pf68xhC1EWRr4h800000014ng000000005293 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:27 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.4	49760	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:26 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:27 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: cdb469ae-c01e-0014-01b3-42a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115427Z-174f78459684db9fhC1EWRc7g400000004bg00000000762w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:27 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.4	49761	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:26 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:27 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 724e5c80-801e-007b-4caf-42e7ab000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115427Z-174f78459684bddphC1EWRbht40000001470000000001ku8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:27 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.4	49763	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:26 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:27 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: c220f382-901e-0029-3552-43274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115427Z-174f784596886s2bhC1EWR743w00000014f0000000003zee x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:27 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	49765	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:28 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:28 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: ed9dfa2a-401e-0015-7891-3f0e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115428Z-174f7845968kvnqxhC1EWRmf3g0000000r4g000000007hya x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:29 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49768	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:28 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:29 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: 1383167b-401e-008c-1f3c-4486c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115429Z-174f7845968j6t2phC1EWRcfe800000014k0000000004q0g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:29 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49766	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:28 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:29 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 79414491-c01e-0014-1360-43a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115429Z-174f7845968psccphC1EWRuz9s00000014ng000000005mkp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:29 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49767	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:29 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:29 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 7b1224ad-601e-0097-014f-44f33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115429Z-174f7845968psccphC1EWRuz9s00000014ng000000005mku x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:29 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49769	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:29 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:29 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: ff98645e-b01e-0001-1091-3f46e2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115429Z-174f78459688l8rvhC1EWRtzr00000000gzg000000005uan x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:29 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49770	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:31 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:31 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:31 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: a11b7610-d01e-00ad-11d5-43e942000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115431Z-174f78459685726chC1EWRsnbg00000014h0000000001up9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:31 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49771	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:31 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:31 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:31 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 9a3d38b7-801e-00ac-4db3-42fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115431Z-174f7845968vqt9xhC1EWRgten00000014eg000000004zne x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:31 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49772	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:31 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:31 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:31 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: e9babc56-001e-0049-5291-3f5bd5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115431Z-174f7845968xr5c2hC1EWRd0hn0000000p9g000000003fa4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:31 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49773	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:31 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:31 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:31 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 0e02d283-301e-000c-5b32-44323f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115431Z-174f784596886s2bhC1EWR743w00000014e0000000004zp2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:31 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49774	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:31 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:31 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:31 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: ef6c78e4-401e-0067-2ec7-4309c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115431Z-174f7845968qj8jrhC1EWRh41s000000147g000000009mfw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:31 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49775	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:33 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:33 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:33 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 0f0a23f1-f01e-0099-76b2-429171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115433Z-174f78459684bddphC1EWRbht40000001470000000001m2p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:33 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49776	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:33 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:33 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:33 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: b18988de-c01e-0079-2891-3fe51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115433Z-174f7845968kdththC1EWRzvxn0000000gv0000000000zb6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:33 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49778	13.107.246.63	443	3228	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:33 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:33 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:33 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 5181e575-b01e-001e-206f-430214000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115433Z-174f7845968psccphC1EWRuz9s00000014h0000000009zve x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:33 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49777	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:33 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:33 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:33 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 3f7caad5-701e-006f-6962-43afc4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115433Z-174f7845968nxc96hC1EWRspw8000000142g000000007bxe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:33 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49779	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:33 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:34 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:33 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: f483c550-b01e-0098-3fc5-43cead000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115433Z-174f7845968glpgnhC1EWR7uec00000014h0000000006hhh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:34 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49780	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:35 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:35 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:35 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: f843b097-901e-00ac-53c3-43b69e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115435Z-174f7845968glpgnhC1EWR7uec00000014f000000000995h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:35 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49781	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:35 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:36 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:35 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: f440c5dc-801e-0047-7891-3f7265000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115435Z-174f78459684bddphC1EWRbht400000014300000000071em x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:36 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49783	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:35 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:36 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:36 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: 2132beec-901e-00ac-46aa-42b69e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115436Z-174f7845968cpnpfhC1EWR3afc0000001400000000006ucc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:36 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49782	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:35 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:36 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:36 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 8b97b4d7-e01e-0003-5405-410fa8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115436Z-174f7845968n2hr8hC1EWR9cag00000013yg000000008u32 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:36 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49784	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:35 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:36 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:36 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: a4f00822-e01e-0033-081e-414695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115436Z-174f7845968pght8hC1EWRyvxg00000007h0000000005u1d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:36 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49785	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:37 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:38 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:38 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: d3507608-601e-003d-4b91-3f6f25000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115438Z-174f7845968ljs8phC1EWRe6en000000144000000000ake0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:38 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49786	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:37 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:38 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:38 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: feaf0f62-e01e-0071-4f14-4208e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115438Z-174f7845968zgtf6hC1EWRqd8s0000000x8g000000009dyb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:38 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49787	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:37 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:38 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:38 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: b5d3fb3c-c01e-000b-6fb4-42e255000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115438Z-174f7845968xr5c2hC1EWRd0hn0000000pb00000000012ny x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:38 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	49789	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:38 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:38 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:38 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: dc0e6055-901e-005b-2d91-3f2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115438Z-174f7845968ljs8phC1EWRe6en0000001470000000006mrg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:38 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	49788	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:38 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:38 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:38 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 716ae074-c01e-0046-576f-432db9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115438Z-174f7845968jrjrxhC1EWRmmrs00000014k0000000004ev7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:38 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	49790	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:40 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:40 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:40 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 1fa1b817-401e-0067-5691-3f09c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115440Z-174f7845968cdxdrhC1EWRg0en000000149g000000007vtq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:40 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	49791	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:40 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:40 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:40 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 13e6cbbb-001e-005a-04a3-43c3d0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115440Z-174f7845968swgbqhC1EWRmnb400000014h00000000067he x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-02 11:54:40 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	49793	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:40 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:40 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:40 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 6760f0bc-801e-002a-1f91-3f31dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115440Z-174f78459688l8rvhC1EWRtzr00000000h1g0000000034qa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:40 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	49792	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:40 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:40 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:40 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 490736a9-701e-0097-7e01-42b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115440Z-174f7845968vqt9xhC1EWRgten00000014e0000000005qa2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:40 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	49794	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:40 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:41 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:40 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: 6644a72f-f01e-001f-6d66-435dc8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115440Z-174f7845968kvnqxhC1EWRmf3g0000000r90000000001t1x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:41 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	49795	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:42 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:42 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:42 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: d2a0c1bd-101e-0017-761b-4147c7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115442Z-174f7845968pght8hC1EWRyvxg00000007kg000000003y2y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:42 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49796	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:42 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:42 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:42 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: c0a226f0-401e-0048-5ab5-420409000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115442Z-174f7845968xr5c2hC1EWRd0hn0000000p60000000007ct0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:42 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49798	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:42 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:43 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:42 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 21da0aac-a01e-0021-7d18-43814c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115442Z-174f7845968swgbqhC1EWRmnb400000014mg000000002x46 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:43 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49797	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:42 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:43 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:43 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 07e13988-c01e-0049-0444-44ac27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115443Z-174f7845968frfdmhC1EWRxxbw00000014bg000000008v1c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:43 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49799	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:42 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:43 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:43 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: 6da3e3c6-601e-0084-52b4-426b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115443Z-174f78459685726chC1EWRsnbg00000014b0000000009eg8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:43 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	49801	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:44 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:45 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:45 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 9d60b28b-101e-0017-33c7-4347c7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115445Z-174f7845968cpnpfhC1EWR3afc000000141g000000004g94 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:45 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	49800	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:44 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:45 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:45 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 0fbdb1d5-101e-0079-0270-435913000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115445Z-174f7845968qj8jrhC1EWRh41s00000014cg000000003m2q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:45 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	49802	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:45 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:45 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:45 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 4c860516-801e-00a3-3252-437cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115445Z-174f7845968cdxdrhC1EWRg0en000000147g00000000a6rp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:45 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	49803	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:45 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:45 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:45 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 9318b81d-501e-0035-5bd6-43c923000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115445Z-174f78459684bddphC1EWRbht4000000146g000000002gfu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:45 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	49804	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-02 11:54:45 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-02 11:54:45 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 02 Dec 2024 11:54:45 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: 3f63c6b9-401e-0064-499d-4354af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241202T115445Z-174f7845968qj8jrhC1EWRh41s00000014d0000000002bg5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-02 11:54:45 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Target ID:	0
Start time:	06:53:17
Start date:	02/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	06:53:20
Start date:	02/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2196,i,11884593460750183174,4434179635223481577,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	06:53:26
Start date:	02/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://beonlineboo.com"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: Email	Joe Sandbox AI: AI detected Brand spoofing attempt in URL: http://beonlineboo.com
Source: Email	Joe Sandbox AI: AI detected Typosquatting in URL: http://beonlineboo.com

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://beonlineboo.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 40

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2136, Parent PID: 3732

General

Chronological Activities

Analysis Process: chrome.exePID: 3228, Parent PID: 2136

General

Chronological Activities

Analysis Process: chrome.exePID: 6548, Parent PID: 3732

General

Chronological Activities

Windows Analysis Report
http://beonlineboo.com