Edit tour

Windows Analysis Report
http://offer.relieffoot.com

Overview

General Information

Sample URL:	http://offer.relieffoot.com
Analysis ID:	1562636
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5572 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2008 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1964,i,1011053822055246351,4298913378853297238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6348 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://offer.relieffoot.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://offer.relieffoot.com/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 2.18.109.164:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.18.109.164:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49759 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: offer.relieffoot.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /libs/bootstrap/bootstrap.min.css HTTP/1.1Host: offer.relieffoot.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://offer.relieffoot.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /libs/theme/pblog/css/web-common.css HTTP/1.1Host: offer.relieffoot.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://offer.relieffoot.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /libs/jquery/jquery.min.js HTTP/1.1Host: offer.relieffoot.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://offer.relieffoot.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/500.png HTTP/1.1Host: offer.relieffoot.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://offer.relieffoot.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/500.png HTTP/1.1Host: offer.relieffoot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /libs/jquery/jquery.min.js HTTP/1.1Host: offer.relieffoot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: offer.relieffoot.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://offer.relieffoot.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: offer.relieffoot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=zfU+c+Hzr8XzmrD&MD=hpu9F1A1 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=zfU+c+Hzr8XzmrD&MD=hpu9F1A1 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: offer.relieffoot.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: offer.relieffoot.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_49.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: chromecache_49.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 2.18.109.164:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.18.109.164:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49759 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@17/15@8/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1964,i,1011053822055246351,4298913378853297238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://offer.relieffoot.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1964,i,1011053822055246351,4298913378853297238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://offer.relieffoot.com	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://offer.relieffoot.com/	0%	Avira URL Cloud	safe
https://offer.relieffoot.com/favicon.ico	0%	Avira URL Cloud	safe
https://offer.relieffoot.com/img/500.png	0%	Avira URL Cloud	safe
https://offer.relieffoot.com/libs/theme/pblog/css/web-common.css	0%	Avira URL Cloud	safe
https://offer.relieffoot.com/libs/jquery/jquery.min.js	0%	Avira URL Cloud	safe
https://offer.relieffoot.com/libs/bootstrap/bootstrap.min.css	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
offer.relieffoot.com	47.254.37.3	true	false		unknown
www.google.com	142.250.181.68	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://offer.relieffoot.com/	false	Avira URL Cloud: safe	unknown
https://offer.relieffoot.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://offer.relieffoot.com/img/500.png	false	Avira URL Cloud: safe	unknown
https://offer.relieffoot.com/libs/jquery/jquery.min.js	false	Avira URL Cloud: safe	unknown
https://offer.relieffoot.com/libs/bootstrap/bootstrap.min.css	false	Avira URL Cloud: safe	unknown
https://offer.relieffoot.com/	false		unknown
https://offer.relieffoot.com/libs/theme/pblog/css/web-common.css	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_49.2.dr	false		high
http://getbootstrap.com)	chromecache_49.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
47.254.37.3	offer.relieffoot.com	United States	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	false
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1562636
Start date and time:	2024-11-25 20:22:53 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 40s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://offer.relieffoot.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@17/15@8/4

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.205.84, 172.217.19.238, 216.58.208.227, 34.104.35.123, 199.232.210.172, 192.229.221.95, 172.217.17.35
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, otelrules.azureedge.net, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://offer.relieffoot.com

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: http://offer.relieffoot.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: http://offer.relieffoot.com
URL: https://offer.relieffoot.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://offer.relieffoot.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://offer.relieffoot.com
URL: https://offer.relieffoot.com/ Model: Joe Sandbox AI	{ "brands": [] }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 535 x 220, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	12949
Entropy (8bit):	7.9401440913208265
Encrypted:	false
SSDEEP:	192:fRWOsB4/9rEZYlseoG2nE1ND8w8U3mGl5Xf1fqJL3V5+06tskn3RzkU042IC2JW5:f9ZEZYSGXowd3mQVqJLF6+kW7z/anc
MD5:	B1987EF6FDB1D511CDE643013340C0C8
SHA1:	453951706F934D669A1215B6AAA8654A0A0F59E0
SHA-256:	BB2AB38BB2C85AD8829F5D2EE8CC9348DD794FAA9292619EEC4198C7E264EA8E
SHA-512:	D646005DB863C951EE6DC4EBA0E70A44CD79711766BF5C9332B85B8EA6A06EBD3505643A40437E194DA0223DEB2440A755B9DD6A723A851434092093D112C9E7
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............i......tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4fb3aca8-3a84-be4c-bb01-0641a1d3920a" xmpMM:DocumentID="xmp.did:20C2BAA62B3F11E889009310A20BA7DC" xmpMM:InstanceID="xmp.iid:20C2BAA52B3F11E889009310A20BA7DC" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:09f71cfe-26d3-984d-8cd5-4a0738c1c97c" stRef:documentID="adobe:docid:photoshop:90b625be-e73b-6945-a444-06f7e7a55ed0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?> .......IDATx...xTU...I2.

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	7717
Entropy (8bit):	4.841010868698641
Encrypted:	false
SSDEEP:	192:I1RYMV2pFifOiWvtWR4xSxZxkKwqjG8dxfU0g16CSI+ibalwfTcuuv:SRYzn2Ksnwn16CLuv
MD5:	344685D69803A873E9F0427B36850DDF
SHA1:	23C2EE9C7AAD47DB60DE9110F6B264A1F59362D1
SHA-256:	D90C50B396CB8CDEBECB35FCF1C6301FB9A54196074A2E6D445E7239A8464C4A
SHA-512:	45EEA1EED51BA3303C27D7DEEBE73E04EF9096637E47933E80B63845D8FEAE5B5224D01B3F71434D4FB08BDF72579A6A482AFF30DE560E3F459BA0B25B60E338
Malicious:	false
Reputation:	low
URL:	https://offer.relieffoot.com/libs/theme/pblog/css/web-common.css
Preview:	a{. color: #0077dd;.}.a:hover,a:focus{. color: #286aa5;. text-decoration: none;. outline:none;.}..ol, ul {. list-style: none;. margin: 0;. padding: 0;.}.li{. list-style-type:none.}.dl{. margin: 0;.}..button {. outline: none;.}.img{. max-width: 100%;.}..btn:active, .btn:focus {. outline: 0 !important;.}...pointer{. cursor: pointer;.}...center{. text-align: center;.}...p0{. padding: 0;.}..mt-15{. margin-top: 15px!important;.}..mt-10{. margin-top: 10px;.}..mr-5{. margin-right: 5px;.}..mb-20{. margin-bottom: 20px;.}..btn-pri{. color: #fff;. background-color: #2287de;. border-color: #2287de;.}..btn-pri:hover{. color: #fff;. background: #0077dd;. border-color: #0077dd;.}..btn-pri:active, .btn-pri:focus{. color: #fff;.}../-------top-start------/..pb-container{. margin-right: auto;. margin-left: auto;. //padding-left: 15px;. //padding-right: 15px;.}./*@media (min-width: 992px){. .pb-container {.

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 535 x 220, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	12949
Entropy (8bit):	7.9401440913208265
Encrypted:	false
SSDEEP:	192:fRWOsB4/9rEZYlseoG2nE1ND8w8U3mGl5Xf1fqJL3V5+06tskn3RzkU042IC2JW5:f9ZEZYSGXowd3mQVqJLF6+kW7z/anc
MD5:	B1987EF6FDB1D511CDE643013340C0C8
SHA1:	453951706F934D669A1215B6AAA8654A0A0F59E0
SHA-256:	BB2AB38BB2C85AD8829F5D2EE8CC9348DD794FAA9292619EEC4198C7E264EA8E
SHA-512:	D646005DB863C951EE6DC4EBA0E70A44CD79711766BF5C9332B85B8EA6A06EBD3505643A40437E194DA0223DEB2440A755B9DD6A723A851434092093D112C9E7
Malicious:	false
Reputation:	low
URL:	https://offer.relieffoot.com/img/500.png
Preview:	.PNG........IHDR..............i......tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4fb3aca8-3a84-be4c-bb01-0641a1d3920a" xmpMM:DocumentID="xmp.did:20C2BAA62B3F11E889009310A20BA7DC" xmpMM:InstanceID="xmp.iid:20C2BAA52B3F11E889009310A20BA7DC" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:09f71cfe-26d3-984d-8cd5-4a0738c1c97c" stRef:documentID="adobe:docid:photoshop:90b625be-e73b-6945-a444-06f7e7a55ed0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?> .......IDATx...xTU...I2.

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65371)
Category:	downloaded
Size (bytes):	121200
Entropy (8bit):	5.0982146191887106
Encrypted:	false
SSDEEP:	768:Vy3Gxw/Vc/QWlJxtQOIuiHlq5mzI4X8OAduFKbv2ctg2Bd8JP7ecQVvH1FS:nw/a1fIuiHlq5mN8lDbNmPbh
MD5:	EC3BB52A00E176A7181D454DFFAEA219
SHA1:	6527D8BF3E1E9368BAB8C7B60F56BC01FA3AFD68
SHA-256:	F75E846CC83BD11432F4B1E21A45F31BC85283D11D372F7B19ACCD1BF6A2635C
SHA-512:	E8C5DAF01EAE68ED7C1E277A6E544C7AD108A0FA877FB531D6D9F2210769B7DA88E4E002C7B0BE3B72154EBF7CBF01A795C8342CE2DAD368BD6351E956195F8B
Malicious:	false
Reputation:	low
URL:	https://offer.relieffoot.com/libs/bootstrap/bootstrap.min.css
Preview:	/!. Bootstrap v3.3.7 (http://getbootstrap.com). * Copyright 2011-2016 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). //! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css */html{font-family:sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{margin:.67em 0;font-size:2em}mark{color:#000;background:#ff0}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
URL:	https://offer.relieffoot.com/libs/jquery/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 670 x 820
Category:	downloaded
Size (bytes):	31339
Entropy (8bit):	7.942309322694616
Encrypted:	false
SSDEEP:	768:bgT093APCXBs6xRlwSGReJsk68+6Xminl4nDTnYYw/TZ8jkx:8o3uaRCSGQ68zqDzBw/TZ8jkx
MD5:	6C7865208BB0D49DE9CFEE60875592BE
SHA1:	AC2DCBCDDA1764C5B3BEEEA76659E84768ABDD94
SHA-256:	EB154F38AB007FC4DF0B9D6C91550CF46406247D1D09B8237E825D682CCE8307
SHA-512:	8B820EBC3690D96C1A8B6DA3F1D6BCCE8FB06A581B1347A593D65A7C9B6187BC34B4462E7CAB77CEE888A5FDBA2DAB8724C53A3028643A1E6A1448519C89BFCA
Malicious:	false
Reputation:	low
URL:	https://offer.relieffoot.com/favicon.ico
Preview:	GIF89a..4.............!!!111RRRwww...........................,......4......I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..xL.......n...xL.H.....P( .jkr.....Y...\|......................-...........................x......................Q...................9......................rp....=...B..R.}. ../\....j..1......=.s.U+b...@....[..(..r....:...S..T...)...$.y.Q.XA..m....I...D S"H...>g..4H...MH..\].m.....<Eq.%?.\80Pw........A.M..r``./.w^..T#...H.....y..:x.....M.;A...C...L.l0..L....s.F.yfWX....y..^. ..m...e...0u........_.B.$@C..;<.....i@kXBm....s........W.<...'.mG.m..S.WR!.....S....g._`S.+.\..m.P.U0...I.(p....5....(#..\|v.6{.....`.PWf.h.j,.....(S..36.d...v..I....X.._.0)AY...Id.ye...5..6..r.p.I....gId..D.).E.....R7.\.m..G9.I..D....rVj.z^2&T....)&.b...@Z@\..R..p....R.@..<x.^..=...L9m.Afs.J..#.........d...:+{."#.a.(.T.1`Y..9....Q..q...8...I...e.z.@M..@..^.....cT1.16S...3M...Po...5.%..J.0.e...UM.......Z.$...[b,.U....K..$.,...H.x..L0e.0\L.6.}.........

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 670 x 820
Category:	dropped
Size (bytes):	31339
Entropy (8bit):	7.942309322694616
Encrypted:	false
SSDEEP:	768:bgT093APCXBs6xRlwSGReJsk68+6Xminl4nDTnYYw/TZ8jkx:8o3uaRCSGQ68zqDzBw/TZ8jkx
MD5:	6C7865208BB0D49DE9CFEE60875592BE
SHA1:	AC2DCBCDDA1764C5B3BEEEA76659E84768ABDD94
SHA-256:	EB154F38AB007FC4DF0B9D6C91550CF46406247D1D09B8237E825D682CCE8307
SHA-512:	8B820EBC3690D96C1A8B6DA3F1D6BCCE8FB06A581B1347A593D65A7C9B6187BC34B4462E7CAB77CEE888A5FDBA2DAB8724C53A3028643A1E6A1448519C89BFCA
Malicious:	false
Reputation:	low
Preview:	GIF89a..4.............!!!111RRRwww...........................,......4......I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..xL.......n...xL.H.....P( .jkr.....Y...\|......................-...........................x......................Q...................9......................rp....=...B..R.}. ../\....j..1......=.s.U+b...@....[..(..r....:...S..T...)...$.y.Q.XA..m....I...D S"H...>g..4H...MH..\].m.....<Eq.%?.\80Pw........A.M..r``./.w^..T#...H.....y..:x.....M.;A...C...L.l0..L....s.F.yfWX....y..^. ..m...e...0u........_.B.$@C..;<.....i@kXBm....s........W.<...'.mG.m..S.WR!.....S....g._`S.+.\..m.P.U0...I.(p....5....(#..\|v.6{.....`.PWf.h.j,.....(S..36.d...v..I....X.._.0)AY...Id.ye...5..6..r.p.I....gId..D.).E.....R7.\.m..G9.I..D....rVj.z^2&T....)&.b...@Z@\..R..p....R.@..<x.^..=...L9m.Afs.J..#.........d...:+{."#.a.(.T.1`Y..9....Q..q...8...I...e.z.@M..@..^.....cT1.16S...3M...Po...5.%..J.0.e...UM.......Z.$...[b,.U....K..$.,...H.x..L0e.0\L.6.}.........

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	1111
Entropy (8bit):	4.8910304964985825
Encrypted:	false
SSDEEP:	24:hYFUFCBeblKwNV4N6ZNzVQ1jwZAMRppE9IdcWfz/zVd1i:gEK9NitVQ1w+MRppE9ccWffVS
MD5:	EEC62374BFB6EE4659A4BE320BBF6E6A
SHA1:	730F45DC33E701D9FE382BB40921E4E10CD7DF2D
SHA-256:	90D9E3DB17BF09D2ED9BE6AF56C0D7F8F737E9AD36C064F3196C7BAFD7605CFE
SHA-512:	8761600D450D170A6A0286A273617ECD53FD6A870FFF6F8CDB5915BFA911962F36621DADC5410EB0237AE7AF0DF82044B88A49A8518A4E6E8E32A628EB47D2E2
Malicious:	false
Reputation:	low
URL:	https://offer.relieffoot.com/
Preview:	<!DOCTYPE html>.<html>.<head>. <meta charset="utf-8">. <meta http-equiv="X-UA-Compatible" content="IE=edge">. <title>500</title>. Tell the browser to be responsive to screen width -->. <meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">. <link rel="stylesheet" href="/libs/bootstrap/bootstrap.min.css"/>. <link rel="stylesheet" href="/libs/theme/pblog/css/web-common.css" />. <script src="/libs/jquery/jquery.min.js"></script>.</head>.<body>. <header id="header">-->. <div th:replace="home/fragments/navbar :: navbar"></div>-->. </header>-->.<div class="main-content error-content">. <div class="error-img-content mt-160 mb-70 text-center"><img src="/img/500.png"></div>. <p class="error-text">Sorry, the website administrator is working hard~</p>. <div class="error-btn-content">. <button class="btn btn-danger" type="button">. <a href="/login">Go Home</a>. </button>

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	dropped
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2024 20:23:37.011060953 CET	49675	443	192.168.2.4	173.222.162.32
Nov 25, 2024 20:23:46.619168997 CET	49675	443	192.168.2.4	173.222.162.32
Nov 25, 2024 20:23:47.759241104 CET	49737	80	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:47.759944916 CET	49738	80	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:47.790967941 CET	49739	80	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:47.879249096 CET	80	49737	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:47.879378080 CET	49737	80	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:47.879575968 CET	49737	80	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:47.879828930 CET	80	49738	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:47.879894972 CET	49738	80	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:47.910967112 CET	80	49739	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:47.911068916 CET	49739	80	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:47.999922037 CET	80	49737	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:49.151494026 CET	80	49737	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:49.196439981 CET	49737	80	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:49.295093060 CET	49740	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:49.295145988 CET	443	49740	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:49.295279980 CET	49740	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:49.295593023 CET	49740	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:49.295630932 CET	443	49740	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:49.654949903 CET	49741	443	192.168.2.4	142.250.181.68
Nov 25, 2024 20:23:49.654990911 CET	443	49741	142.250.181.68	192.168.2.4
Nov 25, 2024 20:23:49.655086994 CET	49741	443	192.168.2.4	142.250.181.68
Nov 25, 2024 20:23:49.655364037 CET	49741	443	192.168.2.4	142.250.181.68
Nov 25, 2024 20:23:49.655378103 CET	443	49741	142.250.181.68	192.168.2.4
Nov 25, 2024 20:23:49.798094988 CET	49742	443	192.168.2.4	2.18.109.164
Nov 25, 2024 20:23:49.798135996 CET	443	49742	2.18.109.164	192.168.2.4
Nov 25, 2024 20:23:49.798203945 CET	49742	443	192.168.2.4	2.18.109.164
Nov 25, 2024 20:23:49.802217960 CET	49742	443	192.168.2.4	2.18.109.164
Nov 25, 2024 20:23:49.802237034 CET	443	49742	2.18.109.164	192.168.2.4
Nov 25, 2024 20:23:50.739988089 CET	443	49740	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:50.740452051 CET	49740	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:50.740495920 CET	443	49740	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:50.741472960 CET	443	49740	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:50.741540909 CET	49740	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:50.742949009 CET	49740	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:50.743014097 CET	443	49740	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:50.743297100 CET	49740	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:50.743305922 CET	443	49740	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:50.792442083 CET	49740	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:51.204977989 CET	443	49742	2.18.109.164	192.168.2.4
Nov 25, 2024 20:23:51.205051899 CET	49742	443	192.168.2.4	2.18.109.164
Nov 25, 2024 20:23:51.207803011 CET	49742	443	192.168.2.4	2.18.109.164
Nov 25, 2024 20:23:51.207813978 CET	443	49742	2.18.109.164	192.168.2.4
Nov 25, 2024 20:23:51.208129883 CET	443	49742	2.18.109.164	192.168.2.4
Nov 25, 2024 20:23:51.250133991 CET	49742	443	192.168.2.4	2.18.109.164
Nov 25, 2024 20:23:51.295326948 CET	443	49742	2.18.109.164	192.168.2.4
Nov 25, 2024 20:23:51.409101963 CET	443	49741	142.250.181.68	192.168.2.4
Nov 25, 2024 20:23:51.409375906 CET	49741	443	192.168.2.4	142.250.181.68
Nov 25, 2024 20:23:51.409421921 CET	443	49741	142.250.181.68	192.168.2.4
Nov 25, 2024 20:23:51.410823107 CET	443	49741	142.250.181.68	192.168.2.4
Nov 25, 2024 20:23:51.410883904 CET	49741	443	192.168.2.4	142.250.181.68
Nov 25, 2024 20:23:51.414788008 CET	49741	443	192.168.2.4	142.250.181.68
Nov 25, 2024 20:23:51.414856911 CET	443	49741	142.250.181.68	192.168.2.4
Nov 25, 2024 20:23:51.469788074 CET	49741	443	192.168.2.4	142.250.181.68
Nov 25, 2024 20:23:51.469805956 CET	443	49741	142.250.181.68	192.168.2.4
Nov 25, 2024 20:23:51.515697956 CET	49741	443	192.168.2.4	142.250.181.68
Nov 25, 2024 20:23:51.709295988 CET	443	49742	2.18.109.164	192.168.2.4
Nov 25, 2024 20:23:51.709364891 CET	443	49742	2.18.109.164	192.168.2.4
Nov 25, 2024 20:23:51.709498882 CET	49742	443	192.168.2.4	2.18.109.164
Nov 25, 2024 20:23:51.709530115 CET	443	49742	2.18.109.164	192.168.2.4
Nov 25, 2024 20:23:51.709541082 CET	49742	443	192.168.2.4	2.18.109.164
Nov 25, 2024 20:23:51.709541082 CET	49742	443	192.168.2.4	2.18.109.164
Nov 25, 2024 20:23:51.709548950 CET	443	49742	2.18.109.164	192.168.2.4
Nov 25, 2024 20:23:51.709558964 CET	443	49742	2.18.109.164	192.168.2.4
Nov 25, 2024 20:23:51.740818024 CET	49743	443	192.168.2.4	2.18.109.164
Nov 25, 2024 20:23:51.740859985 CET	443	49743	2.18.109.164	192.168.2.4
Nov 25, 2024 20:23:51.740925074 CET	49743	443	192.168.2.4	2.18.109.164
Nov 25, 2024 20:23:51.741213083 CET	49743	443	192.168.2.4	2.18.109.164
Nov 25, 2024 20:23:51.741221905 CET	443	49743	2.18.109.164	192.168.2.4
Nov 25, 2024 20:23:52.624347925 CET	443	49740	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:52.624447107 CET	443	49740	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:52.625602007 CET	49740	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:52.625602007 CET	49740	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:52.653558016 CET	49745	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:52.653562069 CET	49744	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:52.653604984 CET	443	49745	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:52.653615952 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:52.653706074 CET	49744	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:52.653709888 CET	49745	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:52.654735088 CET	49745	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:52.654736996 CET	49744	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:52.654750109 CET	443	49745	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:52.654755116 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:52.655575037 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:52.655582905 CET	49746	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:52.655585051 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:52.655592918 CET	443	49746	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:52.656816959 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:52.656819105 CET	49746	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:52.657135963 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:52.657139063 CET	49746	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:52.657145023 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:52.657151937 CET	443	49746	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:52.931757927 CET	49740	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:52.931802034 CET	443	49740	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:53.191056013 CET	443	49743	2.18.109.164	192.168.2.4
Nov 25, 2024 20:23:53.191154003 CET	49743	443	192.168.2.4	2.18.109.164
Nov 25, 2024 20:23:53.192528963 CET	49743	443	192.168.2.4	2.18.109.164
Nov 25, 2024 20:23:53.192538023 CET	443	49743	2.18.109.164	192.168.2.4
Nov 25, 2024 20:23:53.192852974 CET	443	49743	2.18.109.164	192.168.2.4
Nov 25, 2024 20:23:53.193890095 CET	49743	443	192.168.2.4	2.18.109.164
Nov 25, 2024 20:23:53.239331961 CET	443	49743	2.18.109.164	192.168.2.4
Nov 25, 2024 20:23:53.713104010 CET	443	49743	2.18.109.164	192.168.2.4
Nov 25, 2024 20:23:53.713185072 CET	443	49743	2.18.109.164	192.168.2.4
Nov 25, 2024 20:23:53.713248968 CET	49743	443	192.168.2.4	2.18.109.164
Nov 25, 2024 20:23:53.714375019 CET	49743	443	192.168.2.4	2.18.109.164
Nov 25, 2024 20:23:53.714392900 CET	443	49743	2.18.109.164	192.168.2.4
Nov 25, 2024 20:23:53.714406013 CET	49743	443	192.168.2.4	2.18.109.164
Nov 25, 2024 20:23:53.714413881 CET	443	49743	2.18.109.164	192.168.2.4
Nov 25, 2024 20:23:54.003578901 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.003905058 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.003935099 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.004862070 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.004935026 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.005253077 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.005321026 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.005356073 CET	443	49746	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.005403996 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.005412102 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.005527973 CET	49746	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.005577087 CET	443	49746	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.006481886 CET	443	49746	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.006546974 CET	49746	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.006781101 CET	49746	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.006845951 CET	443	49746	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.006860018 CET	49746	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.045789957 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.046025991 CET	49744	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.046046972 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.046375990 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.046643019 CET	49744	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.046710014 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.046735048 CET	49744	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.047379017 CET	443	49746	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.048969030 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.048974991 CET	49746	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.048990965 CET	443	49746	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.051615953 CET	443	49745	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.051789999 CET	49745	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.051798105 CET	443	49745	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.052277088 CET	443	49745	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.052539110 CET	49745	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.052617073 CET	49745	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.052617073 CET	443	49745	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.091337919 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.096513033 CET	49745	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.096518993 CET	443	49745	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.096519947 CET	49744	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.096519947 CET	49746	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.519629002 CET	443	49746	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.519654989 CET	443	49746	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.519660950 CET	443	49746	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.519695997 CET	443	49746	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.519714117 CET	443	49746	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.519746065 CET	49746	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.522576094 CET	49746	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.522576094 CET	49746	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.629461050 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.629517078 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.629539013 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.629579067 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.629611015 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.629627943 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.629653931 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.629667997 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.629693031 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.630836010 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.667102098 CET	443	49745	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.667134047 CET	443	49745	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.667144060 CET	443	49745	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.667175055 CET	443	49745	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.667247057 CET	49745	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.667251110 CET	443	49745	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.667272091 CET	49745	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.667316914 CET	49745	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.669244051 CET	49745	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.669261932 CET	443	49745	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.723570108 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.723597050 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.723604918 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.723613977 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.723634958 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.723710060 CET	49744	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.723783016 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.723819971 CET	49744	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.723862886 CET	49744	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.747708082 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.747756004 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.747821093 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.747833014 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.747844934 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.747875929 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.789886951 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.789906979 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.790018082 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.790029049 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.790083885 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.809277058 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.809294939 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.809406996 CET	49744	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.809454918 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.809521914 CET	49744	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.825159073 CET	49746	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.825192928 CET	443	49746	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.848237991 CET	49748	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.848272085 CET	443	49748	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.848337889 CET	49748	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.848566055 CET	49748	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.848578930 CET	443	49748	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.873303890 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.873322964 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.873452902 CET	49744	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.873492002 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.873553991 CET	49744	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.915805101 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.915834904 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.915951967 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.915982008 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.916050911 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.947988033 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.948004007 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.948110104 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.948118925 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.948169947 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.977619886 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.977636099 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.977730036 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.977741957 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.977787018 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.996001005 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.996022940 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.996115923 CET	49744	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:54.996160984 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:54.996218920 CET	49744	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:55.030617952 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:55.030632973 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:55.030725956 CET	49744	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:55.030752897 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:55.030838966 CET	49744	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:55.033783913 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:55.033862114 CET	49744	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:55.033869982 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:55.033936977 CET	49744	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:55.034122944 CET	49744	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:55.034151077 CET	443	49744	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:55.034181118 CET	49744	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:55.034224033 CET	49744	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:55.037472963 CET	49749	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:55.037544012 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:55.037630081 CET	49749	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:55.037852049 CET	49749	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:55.037885904 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:55.093756914 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:55.093776941 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:55.093854904 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:55.093866110 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:55.093916893 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:55.104327917 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:55.104402065 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:55.104417086 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:55.104453087 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:55.104752064 CET	49747	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:55.104764938 CET	443	49747	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:55.133943081 CET	49750	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:55.133981943 CET	443	49750	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:55.134104967 CET	49750	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:55.134258986 CET	49750	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:55.134272099 CET	443	49750	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:56.281716108 CET	443	49748	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:56.282084942 CET	49748	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:56.282121897 CET	443	49748	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:56.284466982 CET	443	49748	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:56.284543037 CET	49748	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:56.284929037 CET	49748	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:56.285012960 CET	443	49748	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:56.285152912 CET	49748	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:56.285161018 CET	443	49748	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:56.337732077 CET	49748	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:56.433645964 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:56.434111118 CET	49749	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:56.434145927 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:56.435154915 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:56.435255051 CET	49749	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:56.435611010 CET	49749	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:56.435672045 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:56.435746908 CET	49749	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:56.435755014 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:56.478302956 CET	49749	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:56.539839983 CET	443	49750	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:56.540119886 CET	49750	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:56.540147066 CET	443	49750	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:56.541383982 CET	443	49750	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:56.541716099 CET	49750	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:56.541831017 CET	49750	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:56.541838884 CET	443	49750	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:56.541891098 CET	443	49750	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:56.587749004 CET	49750	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:56.834394932 CET	443	49748	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:56.834477901 CET	443	49748	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:56.834496975 CET	443	49748	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:56.834553003 CET	443	49748	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:56.834564924 CET	49748	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:56.834594011 CET	443	49748	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:56.834609032 CET	49748	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:56.834625006 CET	443	49748	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:56.834629059 CET	49748	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:56.834697008 CET	49748	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:56.834703922 CET	443	49748	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:56.834809065 CET	443	49748	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:56.834876060 CET	49748	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:56.835557938 CET	49748	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:56.835578918 CET	443	49748	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.071522951 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.071543932 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.071549892 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.071574926 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.071592093 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.071743011 CET	49749	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.071810961 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.071891069 CET	49749	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.191035986 CET	443	49750	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.191098928 CET	443	49750	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.191121101 CET	443	49750	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.191176891 CET	443	49750	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.191195011 CET	49750	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.191219091 CET	443	49750	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.191230059 CET	443	49750	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.191241026 CET	49750	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.191260099 CET	49750	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.191281080 CET	49750	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.198178053 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.198199034 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.198297024 CET	49749	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.198328018 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.198399067 CET	49749	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.245081902 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.245098114 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.245187998 CET	49749	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.245206118 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.245280027 CET	49749	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.295912027 CET	443	49750	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.295995951 CET	443	49750	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.296025038 CET	49750	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.296046019 CET	443	49750	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.296097040 CET	49750	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.296154976 CET	443	49750	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.296214104 CET	49750	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.296515942 CET	49750	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.296530962 CET	443	49750	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.300865889 CET	49751	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.300914049 CET	443	49751	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.300992966 CET	49751	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.301230907 CET	49751	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.301249027 CET	443	49751	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.375210047 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.375230074 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.375339985 CET	49749	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.375349045 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.375413895 CET	49749	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.409708977 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.409735918 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.409820080 CET	49749	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.409831047 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.409897089 CET	49749	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.413023949 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.413084030 CET	49749	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.413095951 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.413120985 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.413151026 CET	49749	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.413173914 CET	49749	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.413304090 CET	49749	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.413332939 CET	443	49749	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:57.413357973 CET	49749	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.413405895 CET	49749	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:57.509104967 CET	49672	443	192.168.2.4	173.222.162.32
Nov 25, 2024 20:23:57.509157896 CET	443	49672	173.222.162.32	192.168.2.4
Nov 25, 2024 20:23:58.671485901 CET	443	49751	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:58.671797037 CET	49751	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:58.671833992 CET	443	49751	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:58.673331976 CET	443	49751	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:58.673805952 CET	49751	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:58.673942089 CET	443	49751	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:58.673974037 CET	49751	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:58.719324112 CET	443	49751	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:58.728178978 CET	49751	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:59.302325010 CET	443	49751	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:59.302400112 CET	443	49751	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:59.302411079 CET	443	49751	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:59.302459955 CET	443	49751	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:59.302508116 CET	443	49751	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:59.302527905 CET	443	49751	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:59.302547932 CET	49751	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:59.302547932 CET	49751	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:59.302576065 CET	443	49751	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:59.302608967 CET	49751	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:59.302608967 CET	49751	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:59.302634001 CET	49751	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:59.409219027 CET	443	49751	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:59.409285069 CET	443	49751	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:59.409317017 CET	49751	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:59.409326077 CET	443	49751	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:59.409368992 CET	49751	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:59.409434080 CET	443	49751	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:59.409568071 CET	49751	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:59.409969091 CET	49751	443	192.168.2.4	47.254.37.3
Nov 25, 2024 20:23:59.409991026 CET	443	49751	47.254.37.3	192.168.2.4
Nov 25, 2024 20:23:59.671933889 CET	49752	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:23:59.671973944 CET	443	49752	20.109.210.53	192.168.2.4
Nov 25, 2024 20:23:59.672097921 CET	49752	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:23:59.673401117 CET	49752	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:23:59.673415899 CET	443	49752	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:01.083658934 CET	443	49741	142.250.181.68	192.168.2.4
Nov 25, 2024 20:24:01.083801031 CET	443	49741	142.250.181.68	192.168.2.4
Nov 25, 2024 20:24:01.083890915 CET	49741	443	192.168.2.4	142.250.181.68
Nov 25, 2024 20:24:01.340950012 CET	49741	443	192.168.2.4	142.250.181.68
Nov 25, 2024 20:24:01.340976000 CET	443	49741	142.250.181.68	192.168.2.4
Nov 25, 2024 20:24:01.397759914 CET	443	49752	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:01.397840977 CET	49752	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:24:01.401098013 CET	49752	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:24:01.401106119 CET	443	49752	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:01.401390076 CET	443	49752	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:01.447866917 CET	49752	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:24:02.872862101 CET	49752	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:24:02.919332027 CET	443	49752	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:03.438894987 CET	443	49752	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:03.438921928 CET	443	49752	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:03.438929081 CET	443	49752	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:03.438986063 CET	49752	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:24:03.438992977 CET	443	49752	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:03.439059019 CET	443	49752	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:03.439068079 CET	443	49752	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:03.439079046 CET	49752	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:24:03.439100027 CET	49752	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:24:03.439117908 CET	49752	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:24:03.458900928 CET	443	49752	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:03.459002972 CET	49752	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:24:03.459008932 CET	443	49752	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:03.466226101 CET	443	49752	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:03.468736887 CET	49752	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:24:04.723505974 CET	49752	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:24:04.723540068 CET	443	49752	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:04.723555088 CET	49752	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:24:04.723562002 CET	443	49752	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:06.977087021 CET	49723	80	192.168.2.4	93.184.221.240
Nov 25, 2024 20:24:07.097544909 CET	80	49723	93.184.221.240	192.168.2.4
Nov 25, 2024 20:24:07.097755909 CET	49723	80	192.168.2.4	93.184.221.240
Nov 25, 2024 20:24:32.885157108 CET	49738	80	192.168.2.4	47.254.37.3
Nov 25, 2024 20:24:32.916409016 CET	49739	80	192.168.2.4	47.254.37.3
Nov 25, 2024 20:24:33.009426117 CET	80	49738	47.254.37.3	192.168.2.4
Nov 25, 2024 20:24:33.042058945 CET	80	49739	47.254.37.3	192.168.2.4
Nov 25, 2024 20:24:34.166424036 CET	49737	80	192.168.2.4	47.254.37.3
Nov 25, 2024 20:24:34.286628008 CET	80	49737	47.254.37.3	192.168.2.4
Nov 25, 2024 20:24:41.045608044 CET	49758	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:24:41.045656919 CET	443	49758	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:41.045748949 CET	49758	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:24:41.046175957 CET	49758	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:24:41.046191931 CET	443	49758	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:41.916588068 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:41.916637897 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:41.916709900 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:41.917021990 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:41.917037964 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:42.697741032 CET	443	49758	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:42.697860003 CET	49758	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:24:42.701646090 CET	49758	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:24:42.701658964 CET	443	49758	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:42.701879025 CET	443	49758	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:42.710115910 CET	49758	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:24:42.755332947 CET	443	49758	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:43.360534906 CET	443	49758	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:43.360563040 CET	443	49758	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:43.360577106 CET	443	49758	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:43.360755920 CET	49758	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:24:43.360780954 CET	443	49758	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:43.360833883 CET	49758	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:24:43.400118113 CET	443	49758	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:43.400155067 CET	443	49758	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:43.400194883 CET	443	49758	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:43.400357008 CET	49758	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:24:43.400357008 CET	49758	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:24:43.400890112 CET	49758	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:24:43.400906086 CET	443	49758	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:43.400916100 CET	49758	443	192.168.2.4	20.109.210.53
Nov 25, 2024 20:24:43.400919914 CET	443	49758	20.109.210.53	192.168.2.4
Nov 25, 2024 20:24:43.760246038 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:43.760346889 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:43.762461901 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:43.762473106 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:43.762803078 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:43.770442009 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:43.811377048 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.247657061 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.247719049 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.247761965 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.247805119 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.247819901 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.247972965 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.438363075 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.438416004 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.438472033 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.438483000 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.438641071 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.479959965 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.480003119 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.480038881 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.480046988 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.480086088 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.480109930 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.611834049 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.611880064 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.612062931 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.612062931 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.612072945 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.612132072 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.646660089 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.646724939 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.646898031 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.646898031 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.646905899 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.646962881 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.673655987 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.673732042 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.673748016 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.673757076 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.673804045 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.691556931 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.691603899 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.691673040 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.691682100 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.691849947 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.691849947 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.811144114 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.811201096 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.811249971 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.811258078 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.811337948 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.830579996 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.830627918 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.830756903 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.830765009 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.830929995 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.850058079 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.850122929 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.850151062 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.850157976 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.850208998 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.860681057 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.860729933 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.860774040 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.860780001 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.860821009 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.860846996 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.871855974 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.871931076 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.871942043 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.871962070 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.872107029 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.872107029 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.882328987 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.882378101 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.882415056 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.882421017 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.882589102 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.882589102 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.887067080 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.887168884 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.887175083 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.887226105 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.887327909 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.887336969 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.887346983 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.887391090 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.887403965 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.887415886 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.937649012 CET	49760	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.937760115 CET	443	49760	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.937860966 CET	49760	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.939179897 CET	49761	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.939207077 CET	443	49761	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.939279079 CET	49761	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.939861059 CET	49760	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.939896107 CET	443	49760	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.940337896 CET	49761	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.940351963 CET	443	49761	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.941306114 CET	49762	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.941330910 CET	443	49762	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.941406965 CET	49762	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.941581964 CET	49762	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.941605091 CET	443	49762	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.942743063 CET	49763	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.942750931 CET	443	49763	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.942819118 CET	49763	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.943523884 CET	49764	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.943562031 CET	443	49764	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.943631887 CET	49764	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.943732023 CET	49763	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.943742990 CET	443	49763	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:44.943857908 CET	49764	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:44.943871021 CET	443	49764	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:46.686384916 CET	443	49761	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:46.687108994 CET	49761	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:46.687125921 CET	443	49761	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:46.687613010 CET	49761	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:46.687618971 CET	443	49761	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:46.738962889 CET	443	49764	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:46.739342928 CET	49764	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:46.739361048 CET	443	49764	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:46.739886999 CET	49764	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:46.739892960 CET	443	49764	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:46.742963076 CET	443	49762	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:46.743423939 CET	49762	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:46.743498087 CET	443	49762	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:46.743789911 CET	49762	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:46.743803024 CET	443	49762	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:46.744029999 CET	443	49760	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:46.744307041 CET	49760	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:46.744323969 CET	443	49760	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:46.744661093 CET	49760	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:46.744672060 CET	443	49760	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:46.864547014 CET	443	49763	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:46.865169048 CET	49763	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:46.865180016 CET	443	49763	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:46.865609884 CET	49763	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:46.865613937 CET	443	49763	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.129395008 CET	443	49761	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.129571915 CET	443	49761	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.129654884 CET	49761	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.129841089 CET	49761	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.129857063 CET	443	49761	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.129870892 CET	49761	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.129875898 CET	443	49761	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.133228064 CET	49766	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.133279085 CET	443	49766	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.133368969 CET	49766	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.133578062 CET	49766	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.133593082 CET	443	49766	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.184072971 CET	443	49764	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.184138060 CET	443	49764	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.184199095 CET	49764	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.184385061 CET	49764	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.184401035 CET	443	49764	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.184417963 CET	49764	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.184425116 CET	443	49764	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.187103987 CET	49767	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.187139034 CET	443	49767	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.187186003 CET	443	49762	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.187231064 CET	443	49762	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.187241077 CET	49767	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.187298059 CET	49762	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.187369108 CET	443	49762	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.187453985 CET	49767	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.187473059 CET	443	49767	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.187508106 CET	49762	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.187542915 CET	443	49762	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.187571049 CET	49762	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.187931061 CET	443	49762	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.188013077 CET	443	49762	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.188076019 CET	49762	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.189970016 CET	49768	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.190001965 CET	443	49768	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.190083027 CET	49768	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.190254927 CET	49768	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.190269947 CET	443	49768	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.194689989 CET	443	49760	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.194709063 CET	443	49760	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.194772005 CET	49760	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.194792032 CET	443	49760	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.194859028 CET	49760	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.195000887 CET	49760	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.195017099 CET	443	49760	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.195045948 CET	49760	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.195180893 CET	443	49760	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.195213079 CET	443	49760	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.195302010 CET	49760	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.197159052 CET	49769	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.197191954 CET	443	49769	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.197269917 CET	49769	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.197417021 CET	49769	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.197433949 CET	443	49769	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.332093954 CET	443	49763	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.332124949 CET	443	49763	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.332196951 CET	49763	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.332209110 CET	443	49763	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.332257986 CET	49763	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.332484007 CET	49763	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.332488060 CET	443	49763	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.332500935 CET	49763	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.332689047 CET	443	49763	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.332731962 CET	443	49763	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.332819939 CET	49763	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.335376024 CET	49770	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.335398912 CET	443	49770	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:47.335525036 CET	49770	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.335663080 CET	49770	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:47.335674047 CET	443	49770	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:48.914458990 CET	80	49738	47.254.37.3	192.168.2.4
Nov 25, 2024 20:24:48.914661884 CET	49738	80	192.168.2.4	47.254.37.3
Nov 25, 2024 20:24:48.979985952 CET	80	49739	47.254.37.3	192.168.2.4
Nov 25, 2024 20:24:48.980178118 CET	49739	80	192.168.2.4	47.254.37.3
Nov 25, 2024 20:24:49.083411932 CET	443	49766	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.083961964 CET	49766	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.083980083 CET	443	49766	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.084476948 CET	49766	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.084485054 CET	443	49766	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.136789083 CET	443	49769	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.136948109 CET	443	49767	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.137245893 CET	49769	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.137269974 CET	443	49769	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.137636900 CET	49769	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.137643099 CET	443	49769	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.137857914 CET	49767	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.137893915 CET	443	49767	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.138195992 CET	49767	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.138204098 CET	443	49767	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.151607990 CET	80	49737	47.254.37.3	192.168.2.4
Nov 25, 2024 20:24:49.151691914 CET	49737	80	192.168.2.4	47.254.37.3
Nov 25, 2024 20:24:49.152400970 CET	443	49768	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.152731895 CET	49768	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.152749062 CET	443	49768	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.153120041 CET	49768	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.153125048 CET	443	49768	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.229418993 CET	443	49770	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.229830027 CET	49770	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.229842901 CET	443	49770	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.230230093 CET	49770	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.230233908 CET	443	49770	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.340085030 CET	49738	80	192.168.2.4	47.254.37.3
Nov 25, 2024 20:24:49.340270996 CET	49737	80	192.168.2.4	47.254.37.3
Nov 25, 2024 20:24:49.340270996 CET	49739	80	192.168.2.4	47.254.37.3
Nov 25, 2024 20:24:49.461736917 CET	80	49738	47.254.37.3	192.168.2.4
Nov 25, 2024 20:24:49.462045908 CET	80	49737	47.254.37.3	192.168.2.4
Nov 25, 2024 20:24:49.462076902 CET	80	49739	47.254.37.3	192.168.2.4
Nov 25, 2024 20:24:49.526902914 CET	443	49766	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.527085066 CET	443	49766	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.527297020 CET	49766	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.527405024 CET	49766	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.527427912 CET	443	49766	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.527446032 CET	49766	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.527453899 CET	443	49766	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.534871101 CET	49771	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.534926891 CET	443	49771	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.535002947 CET	49771	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.535140991 CET	49771	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.535161972 CET	443	49771	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.573899984 CET	49772	443	192.168.2.4	142.250.181.68
Nov 25, 2024 20:24:49.573959112 CET	443	49772	142.250.181.68	192.168.2.4
Nov 25, 2024 20:24:49.574162006 CET	49772	443	192.168.2.4	142.250.181.68
Nov 25, 2024 20:24:49.574321985 CET	49772	443	192.168.2.4	142.250.181.68
Nov 25, 2024 20:24:49.574340105 CET	443	49772	142.250.181.68	192.168.2.4
Nov 25, 2024 20:24:49.603672981 CET	443	49769	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.603728056 CET	443	49769	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.603981018 CET	49769	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.604053020 CET	49769	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.604068995 CET	443	49769	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.604080915 CET	49769	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.604088068 CET	443	49769	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.606849909 CET	49773	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.606884956 CET	443	49773	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.606964111 CET	49773	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.607116938 CET	49773	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.607131004 CET	443	49773	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.609292984 CET	443	49768	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.609438896 CET	443	49768	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.609497070 CET	49768	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.609522104 CET	49768	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.609534025 CET	443	49768	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.609543085 CET	49768	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.609549046 CET	443	49768	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.611284018 CET	49774	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.611362934 CET	443	49774	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.611442089 CET	49774	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.611562014 CET	49774	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.611583948 CET	443	49774	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.676976919 CET	443	49767	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.677033901 CET	443	49767	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.677197933 CET	49767	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.677237034 CET	49767	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.677253008 CET	443	49767	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.677268028 CET	49767	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.677274942 CET	443	49767	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.679333925 CET	49775	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.679346085 CET	443	49775	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.679419994 CET	49775	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.679539919 CET	49775	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.679549932 CET	443	49775	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.686201096 CET	443	49770	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.686347961 CET	443	49770	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.686400890 CET	49770	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.686424017 CET	49770	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.686429977 CET	443	49770	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.686440945 CET	49770	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.686444998 CET	443	49770	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.688159943 CET	49776	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.688180923 CET	443	49776	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:49.688250065 CET	49776	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.688365936 CET	49776	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:49.688381910 CET	443	49776	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.265506029 CET	443	49771	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.266124964 CET	49771	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.266155005 CET	443	49771	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.266629934 CET	49771	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.266638994 CET	443	49771	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.363187075 CET	443	49772	142.250.181.68	192.168.2.4
Nov 25, 2024 20:24:51.363435030 CET	49772	443	192.168.2.4	142.250.181.68
Nov 25, 2024 20:24:51.363455057 CET	443	49772	142.250.181.68	192.168.2.4
Nov 25, 2024 20:24:51.363765955 CET	443	49772	142.250.181.68	192.168.2.4
Nov 25, 2024 20:24:51.364116907 CET	49772	443	192.168.2.4	142.250.181.68
Nov 25, 2024 20:24:51.364171982 CET	443	49772	142.250.181.68	192.168.2.4
Nov 25, 2024 20:24:51.371001959 CET	443	49774	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.371453047 CET	49774	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.371470928 CET	443	49774	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.371937990 CET	49774	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.371944904 CET	443	49774	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.392648935 CET	443	49773	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.394479036 CET	49773	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.394500017 CET	443	49773	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.395445108 CET	49773	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.395457983 CET	443	49773	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.415740967 CET	49772	443	192.168.2.4	142.250.181.68
Nov 25, 2024 20:24:51.480220079 CET	443	49776	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.480710030 CET	49776	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.480742931 CET	443	49776	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.481362104 CET	49776	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.481369972 CET	443	49776	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.534427881 CET	443	49775	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.534828901 CET	49775	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.534846067 CET	443	49775	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.535403967 CET	49775	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.535408974 CET	443	49775	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.708770990 CET	443	49771	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.708940029 CET	443	49771	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.709033966 CET	49771	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.709275961 CET	49771	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.709300041 CET	443	49771	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.709311962 CET	49771	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.709319115 CET	443	49771	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.713005066 CET	49777	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.713037968 CET	443	49777	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.713114023 CET	49777	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.713308096 CET	49777	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.713321924 CET	443	49777	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.812655926 CET	443	49774	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.812819004 CET	443	49774	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.812927008 CET	49774	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.813070059 CET	49774	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.813114882 CET	443	49774	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.813144922 CET	49774	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.813159943 CET	443	49774	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.815927029 CET	49778	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.815954924 CET	443	49778	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.816040993 CET	49778	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.816189051 CET	49778	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.816205978 CET	443	49778	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.841295958 CET	443	49773	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.841345072 CET	443	49773	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.841483116 CET	49773	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.841705084 CET	49773	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.841717958 CET	443	49773	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.841727018 CET	49773	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.841732979 CET	443	49773	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.844556093 CET	49779	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.844569921 CET	443	49779	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.844661951 CET	49779	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.844860077 CET	49779	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.844867945 CET	443	49779	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.924829960 CET	443	49776	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.924932003 CET	443	49776	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.925048113 CET	49776	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.925144911 CET	49776	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.925153017 CET	443	49776	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.925167084 CET	49776	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.925172091 CET	443	49776	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.927784920 CET	49780	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.927798033 CET	443	49780	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.927884102 CET	49780	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.928036928 CET	49780	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.928049088 CET	443	49780	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.988413095 CET	443	49775	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.988482952 CET	443	49775	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.988543987 CET	49775	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.988739014 CET	49775	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.988744974 CET	443	49775	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.988784075 CET	49775	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.988787889 CET	443	49775	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.991492033 CET	49781	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.991583109 CET	443	49781	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:51.991674900 CET	49781	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.991822004 CET	49781	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:51.991849899 CET	443	49781	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:53.440052986 CET	443	49777	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:53.440661907 CET	49777	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:53.440684080 CET	443	49777	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:53.441113949 CET	49777	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:53.441118956 CET	443	49777	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:53.567457914 CET	443	49779	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:53.567956924 CET	49779	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:53.567966938 CET	443	49779	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:53.568523884 CET	49779	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:53.568531990 CET	443	49779	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:53.604703903 CET	443	49778	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:53.605146885 CET	49778	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:53.605170965 CET	443	49778	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:53.605665922 CET	49778	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:53.605673075 CET	443	49778	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:53.772068024 CET	443	49781	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:53.772731066 CET	49781	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:53.772808075 CET	443	49781	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:53.773334026 CET	49781	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:53.773348093 CET	443	49781	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:53.802347898 CET	443	49780	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:53.802771091 CET	49780	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:53.802789927 CET	443	49780	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:53.803306103 CET	49780	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:53.803316116 CET	443	49780	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:53.891995907 CET	443	49777	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:53.892159939 CET	443	49777	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:53.892240047 CET	49777	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:53.892347097 CET	49777	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:53.892360926 CET	443	49777	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:53.892374039 CET	49777	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:53.892378092 CET	443	49777	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:53.895797014 CET	49782	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:53.895814896 CET	443	49782	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:53.895914078 CET	49782	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:53.896107912 CET	49782	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:53.896121979 CET	443	49782	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:54.014113903 CET	443	49779	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:54.014159918 CET	443	49779	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:54.014214993 CET	49779	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:54.014442921 CET	49779	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:54.014448881 CET	443	49779	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:54.014466047 CET	49779	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:54.014468908 CET	443	49779	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:54.017894983 CET	49783	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:54.017986059 CET	443	49783	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:54.018112898 CET	49783	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:54.018294096 CET	49783	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:54.018330097 CET	443	49783	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:54.056576967 CET	49724	80	192.168.2.4	93.184.221.240
Nov 25, 2024 20:24:54.061009884 CET	443	49778	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:54.061160088 CET	443	49778	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:54.061244011 CET	49778	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:54.061295986 CET	49778	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:54.061306953 CET	443	49778	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:54.061320066 CET	49778	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:54.061326981 CET	443	49778	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:54.064804077 CET	49784	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:54.064836025 CET	443	49784	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:54.064930916 CET	49784	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:54.065150023 CET	49784	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:54.065164089 CET	443	49784	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:54.177192926 CET	80	49724	93.184.221.240	192.168.2.4
Nov 25, 2024 20:24:54.177256107 CET	49724	80	192.168.2.4	93.184.221.240
Nov 25, 2024 20:24:54.218934059 CET	443	49781	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:54.218991995 CET	443	49781	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:54.219063997 CET	49781	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:54.219305992 CET	49781	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:54.219357967 CET	443	49781	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:54.219396114 CET	49781	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:54.219410896 CET	443	49781	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:54.222716093 CET	49785	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:54.222776890 CET	443	49785	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:54.222860098 CET	49785	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:54.223129988 CET	49785	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:54.223145962 CET	443	49785	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:54.259826899 CET	443	49780	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:54.259903908 CET	443	49780	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:54.259960890 CET	49780	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:54.260210037 CET	49780	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:54.260220051 CET	443	49780	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:54.260229111 CET	49780	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:54.260232925 CET	443	49780	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:54.263138056 CET	49786	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:54.263154030 CET	443	49786	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:54.263231993 CET	49786	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:54.263406038 CET	49786	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:54.263417959 CET	443	49786	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:55.691870928 CET	443	49782	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:55.692543983 CET	49782	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:55.692563057 CET	443	49782	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:55.693061113 CET	49782	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:55.693064928 CET	443	49782	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:55.804223061 CET	443	49783	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:55.804892063 CET	49783	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:55.804964066 CET	443	49783	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:55.805253983 CET	49783	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:55.805268049 CET	443	49783	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:55.853126049 CET	443	49784	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:55.853599072 CET	49784	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:55.853619099 CET	443	49784	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:55.853884935 CET	49784	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:55.853890896 CET	443	49784	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:55.991245985 CET	443	49786	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:55.991656065 CET	49786	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:55.991668940 CET	443	49786	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:55.992074966 CET	49786	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:55.992089033 CET	443	49786	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.002039909 CET	443	49785	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.002418041 CET	49785	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.002469063 CET	443	49785	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.002655029 CET	49785	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.002671003 CET	443	49785	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.136409998 CET	443	49782	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.136567116 CET	443	49782	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.136626005 CET	49782	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.136730909 CET	49782	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.136749029 CET	443	49782	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.136758089 CET	49782	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.136765003 CET	443	49782	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.139905930 CET	49787	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.139972925 CET	443	49787	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.140052080 CET	49787	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.140225887 CET	49787	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.140255928 CET	443	49787	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.287359953 CET	443	49783	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.287436008 CET	443	49783	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.287600040 CET	49783	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.287698984 CET	49783	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.287698984 CET	49783	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.287739992 CET	443	49783	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.287763119 CET	443	49783	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.289942980 CET	49788	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.289980888 CET	443	49788	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.290061951 CET	49788	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.290194988 CET	49788	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.290209055 CET	443	49788	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.300363064 CET	443	49784	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.300542116 CET	443	49784	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.300622940 CET	49784	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.300820112 CET	49784	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.300820112 CET	49784	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.300833941 CET	443	49784	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.300847054 CET	443	49784	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.302501917 CET	49789	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.302536964 CET	443	49789	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.302603006 CET	49789	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.302712917 CET	49789	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.302728891 CET	443	49789	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.438606024 CET	443	49786	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.438744068 CET	443	49786	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.438827038 CET	49786	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.438930035 CET	49786	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.438941002 CET	443	49786	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.438950062 CET	49786	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.438955069 CET	443	49786	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.441481113 CET	49790	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.441518068 CET	443	49790	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.441595078 CET	49790	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.441767931 CET	49790	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.441782951 CET	443	49790	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.459878922 CET	443	49785	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.459925890 CET	443	49785	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.460072041 CET	49785	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.460211992 CET	49785	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.460237026 CET	443	49785	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.460285902 CET	49785	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.460302114 CET	443	49785	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.462182045 CET	49791	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.462198973 CET	443	49791	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:56.462277889 CET	49791	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.462392092 CET	49791	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:56.462404013 CET	443	49791	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:57.941638947 CET	443	49787	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:57.942274094 CET	49787	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:57.942325115 CET	443	49787	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:57.942780972 CET	49787	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:57.942797899 CET	443	49787	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.077256918 CET	443	49788	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.077748060 CET	49788	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.077769995 CET	443	49788	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.078178883 CET	49788	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.078182936 CET	443	49788	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.098272085 CET	443	49789	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.098671913 CET	49789	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.098686934 CET	443	49789	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.099085093 CET	49789	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.099090099 CET	443	49789	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.230884075 CET	443	49790	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.231405020 CET	49790	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.231435061 CET	443	49790	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.231831074 CET	49790	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.231837034 CET	443	49790	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.249845028 CET	443	49791	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.250237942 CET	49791	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.250251055 CET	443	49791	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.250637054 CET	49791	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.250643969 CET	443	49791	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.391379118 CET	443	49787	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.391568899 CET	443	49787	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.391654015 CET	49787	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.391767979 CET	49787	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.391767979 CET	49787	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.391810894 CET	443	49787	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.391838074 CET	443	49787	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.395729065 CET	49792	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.395765066 CET	443	49792	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.395833015 CET	49792	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.395975113 CET	49792	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.395991087 CET	443	49792	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.527656078 CET	443	49788	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.527718067 CET	443	49788	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.527767897 CET	49788	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.527944088 CET	49788	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.527965069 CET	443	49788	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.527975082 CET	49788	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.527980089 CET	443	49788	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.530857086 CET	49793	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.530936956 CET	443	49793	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.531018972 CET	49793	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.531196117 CET	49793	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.531228065 CET	443	49793	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.549093008 CET	443	49789	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.549264908 CET	443	49789	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.549323082 CET	49789	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.549365997 CET	49789	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.549376965 CET	443	49789	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.549387932 CET	49789	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.549392939 CET	443	49789	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.551533937 CET	49794	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.551558018 CET	443	49794	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.551628113 CET	49794	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.551774025 CET	49794	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.551785946 CET	443	49794	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.676772118 CET	443	49790	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.676930904 CET	443	49790	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.677020073 CET	49790	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.677048922 CET	49790	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.677061081 CET	443	49790	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.677073956 CET	49790	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.677078009 CET	443	49790	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.679085016 CET	49795	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.679120064 CET	443	49795	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.679198980 CET	49795	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.679302931 CET	49795	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.679338932 CET	443	49795	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.734114885 CET	443	49791	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.734158993 CET	443	49791	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.734245062 CET	49791	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.734375954 CET	49791	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.734385967 CET	443	49791	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.734394073 CET	49791	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.734397888 CET	443	49791	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.736334085 CET	49796	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.736361980 CET	443	49796	13.107.246.63	192.168.2.4
Nov 25, 2024 20:24:58.736448050 CET	49796	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.736582994 CET	49796	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:24:58.736598015 CET	443	49796	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.186512947 CET	443	49792	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.187393904 CET	49792	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.187410116 CET	443	49792	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.187695980 CET	49792	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.187701941 CET	443	49792	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.282963991 CET	443	49794	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.283349037 CET	49794	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.283356905 CET	443	49794	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.283900023 CET	49794	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.283905029 CET	443	49794	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.378703117 CET	443	49793	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.379098892 CET	49793	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.379148960 CET	443	49793	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.379632950 CET	49793	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.379652023 CET	443	49793	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.404464960 CET	443	49795	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.404808998 CET	49795	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.404833078 CET	443	49795	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.405299902 CET	49795	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.405312061 CET	443	49795	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.582381010 CET	443	49796	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.582791090 CET	49796	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.582818031 CET	443	49796	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.583385944 CET	49796	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.583391905 CET	443	49796	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.632232904 CET	443	49792	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.632407904 CET	443	49792	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.632477045 CET	49792	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.632564068 CET	49792	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.632577896 CET	443	49792	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.632586002 CET	49792	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.632596016 CET	443	49792	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.635493994 CET	49797	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.635523081 CET	443	49797	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.635591030 CET	49797	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.635704994 CET	49797	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.635715961 CET	443	49797	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.723460913 CET	443	49794	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.723633051 CET	443	49794	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.723687887 CET	49794	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.723854065 CET	49794	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.723859072 CET	443	49794	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.723875046 CET	49794	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.723877907 CET	443	49794	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.726109982 CET	49798	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.726140976 CET	443	49798	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.726207972 CET	49798	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.726351023 CET	49798	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.726363897 CET	443	49798	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.842592955 CET	443	49793	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.842647076 CET	443	49793	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.842703104 CET	49793	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.842809916 CET	49793	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.842809916 CET	49793	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.842847109 CET	443	49793	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.842869997 CET	443	49793	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.845695972 CET	49799	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.845719099 CET	443	49799	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.845773935 CET	49799	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.846024036 CET	49799	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.846035957 CET	443	49799	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.848901033 CET	443	49795	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.848973036 CET	443	49795	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.849030018 CET	49795	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.849217892 CET	49795	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.849235058 CET	443	49795	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.849257946 CET	49795	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.849271059 CET	443	49795	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.851761103 CET	49800	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.851788044 CET	443	49800	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:00.851843119 CET	49800	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.852024078 CET	49800	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:00.852039099 CET	443	49800	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:01.046681881 CET	443	49796	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:01.046736002 CET	443	49796	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:01.046773911 CET	49796	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:01.047049046 CET	49796	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:01.047061920 CET	443	49796	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:01.047096014 CET	49796	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:01.047101021 CET	443	49796	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:01.047586918 CET	443	49772	142.250.181.68	192.168.2.4
Nov 25, 2024 20:25:01.047636032 CET	443	49772	142.250.181.68	192.168.2.4
Nov 25, 2024 20:25:01.047681093 CET	49772	443	192.168.2.4	142.250.181.68
Nov 25, 2024 20:25:01.064413071 CET	49801	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:01.064434052 CET	443	49801	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:01.064491034 CET	49801	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:01.066088915 CET	49801	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:01.066102028 CET	443	49801	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:01.339859962 CET	49772	443	192.168.2.4	142.250.181.68
Nov 25, 2024 20:25:01.339874029 CET	443	49772	142.250.181.68	192.168.2.4
Nov 25, 2024 20:25:02.494616985 CET	443	49797	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:02.495417118 CET	49797	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:02.495436907 CET	443	49797	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:02.496020079 CET	49797	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:02.496025085 CET	443	49797	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:02.582622051 CET	443	49798	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:02.583162069 CET	49798	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:02.583179951 CET	443	49798	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:02.583477020 CET	49798	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:02.583482027 CET	443	49798	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:02.627193928 CET	443	49799	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:02.627566099 CET	49799	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:02.627578974 CET	443	49799	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:02.628139019 CET	49799	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:02.628144979 CET	443	49799	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:02.640723944 CET	443	49800	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:02.641041994 CET	49800	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:02.641072035 CET	443	49800	13.107.246.63	192.168.2.4
Nov 25, 2024 20:25:02.641410112 CET	49800	443	192.168.2.4	13.107.246.63
Nov 25, 2024 20:25:02.641415119 CET	443	49800	13.107.246.63	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2024 20:23:45.121186018 CET	53	63489	1.1.1.1	192.168.2.4
Nov 25, 2024 20:23:45.121201992 CET	53	52145	1.1.1.1	192.168.2.4
Nov 25, 2024 20:23:47.007839918 CET	55623	53	192.168.2.4	1.1.1.1
Nov 25, 2024 20:23:47.007999897 CET	56831	53	192.168.2.4	1.1.1.1
Nov 25, 2024 20:23:47.757961988 CET	53	55623	1.1.1.1	192.168.2.4
Nov 25, 2024 20:23:47.758409023 CET	53	56831	1.1.1.1	192.168.2.4
Nov 25, 2024 20:23:48.003365040 CET	53	58566	1.1.1.1	192.168.2.4
Nov 25, 2024 20:23:49.155951023 CET	64194	53	192.168.2.4	1.1.1.1
Nov 25, 2024 20:23:49.156122923 CET	51081	53	192.168.2.4	1.1.1.1
Nov 25, 2024 20:23:49.293590069 CET	53	51081	1.1.1.1	192.168.2.4
Nov 25, 2024 20:23:49.294532061 CET	53	64194	1.1.1.1	192.168.2.4
Nov 25, 2024 20:23:49.511831999 CET	64239	53	192.168.2.4	1.1.1.1
Nov 25, 2024 20:23:49.512140989 CET	61680	53	192.168.2.4	1.1.1.1
Nov 25, 2024 20:23:49.652762890 CET	53	64239	1.1.1.1	192.168.2.4
Nov 25, 2024 20:23:49.652843952 CET	53	61680	1.1.1.1	192.168.2.4
Nov 25, 2024 20:23:54.672899961 CET	50966	53	192.168.2.4	1.1.1.1
Nov 25, 2024 20:23:54.673023939 CET	49620	53	192.168.2.4	1.1.1.1
Nov 25, 2024 20:23:54.846386909 CET	53	50966	1.1.1.1	192.168.2.4
Nov 25, 2024 20:23:54.847835064 CET	53	49620	1.1.1.1	192.168.2.4
Nov 25, 2024 20:24:05.043469906 CET	53	56414	1.1.1.1	192.168.2.4
Nov 25, 2024 20:24:05.657471895 CET	138	138	192.168.2.4	192.168.2.255
Nov 25, 2024 20:24:23.956311941 CET	53	60710	1.1.1.1	192.168.2.4
Nov 25, 2024 20:24:44.990921974 CET	53	50840	1.1.1.1	192.168.2.4
Nov 25, 2024 20:24:46.311677933 CET	53	49907	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 25, 2024 20:23:47.007839918 CET	192.168.2.4	1.1.1.1	0x3209	Standard query (0)	offer.relieffoot.com	A (IP address)	IN (0x0001)	false
Nov 25, 2024 20:23:47.007999897 CET	192.168.2.4	1.1.1.1	0xeb49	Standard query (0)	offer.relieffoot.com	65	IN (0x0001)	false
Nov 25, 2024 20:23:49.155951023 CET	192.168.2.4	1.1.1.1	0x1eba	Standard query (0)	offer.relieffoot.com	A (IP address)	IN (0x0001)	false
Nov 25, 2024 20:23:49.156122923 CET	192.168.2.4	1.1.1.1	0x958f	Standard query (0)	offer.relieffoot.com	65	IN (0x0001)	false
Nov 25, 2024 20:23:49.511831999 CET	192.168.2.4	1.1.1.1	0xd22f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 25, 2024 20:23:49.512140989 CET	192.168.2.4	1.1.1.1	0xcfdb	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 25, 2024 20:23:54.672899961 CET	192.168.2.4	1.1.1.1	0xe5ae	Standard query (0)	offer.relieffoot.com	A (IP address)	IN (0x0001)	false
Nov 25, 2024 20:23:54.673023939 CET	192.168.2.4	1.1.1.1	0xdc46	Standard query (0)	offer.relieffoot.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Nov 25, 2024 20:23:47.757961988 CET	1.1.1.1	192.168.2.4	0x3209	No error (0)	offer.relieffoot.com	47.254.37.3	A (IP address)	IN (0x0001)	false
Nov 25, 2024 20:23:49.294532061 CET	1.1.1.1	192.168.2.4	0x1eba	No error (0)	offer.relieffoot.com	47.254.37.3	A (IP address)	IN (0x0001)	false
Nov 25, 2024 20:23:49.652762890 CET	1.1.1.1	192.168.2.4	0xd22f	No error (0)	www.google.com	142.250.181.68	A (IP address)	IN (0x0001)	false
Nov 25, 2024 20:23:49.652843952 CET	1.1.1.1	192.168.2.4	0xcfdb	No error (0)	www.google.com		65	IN (0x0001)	false
Nov 25, 2024 20:23:54.846386909 CET	1.1.1.1	192.168.2.4	0xe5ae	No error (0)	offer.relieffoot.com	47.254.37.3	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

offer.relieffoot.com

fs.microsoft.com

https:

slscr.update.microsoft.com

otelrules.azureedge.net

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49737	47.254.37.3	80	2008	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 20:23:47.879575968 CET	435	OUT	GET / HTTP/1.1 Host: offer.relieffoot.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Nov 25, 2024 20:23:49.151494026 CET	359	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Mon, 25 Nov 2024 19:23:48 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://offer.relieffoot.com/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
Nov 25, 2024 20:24:34.166424036 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49738	47.254.37.3	80	2008	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 20:24:32.885157108 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49739	47.254.37.3	80	2008	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 20:24:32.916409016 CET	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49740	47.254.37.3	443	2008	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:23:50 UTC	663	OUT	GET / HTTP/1.1 Host: offer.relieffoot.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 19:23:52 UTC	180	IN	HTTP/1.1 500 Server: nginx Date: Mon, 25 Nov 2024 19:23:52 GMT Content-Type: text/html;charset=UTF-8 Transfer-Encoding: chunked Connection: close Content-Language: en-US
2024-11-25 19:23:52 UTC	1123	IN	Data Raw: 34 35 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 21 2d 2d 20 54 65 6c 6c 20 74 68 65 20 62 72 6f 77 73 65 72 20 74 6f 20 62 65 20 72 65 73 70 6f 6e 73 69 76 65 20 74 6f 20 73 63 72 65 65 6e 20 77 69 64 74 68 20 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 Data Ascii: 457<!DOCTYPE html><html><head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title>500</title> ... Tell the browser to be responsive to screen width --> <meta content="width=device-width, initial-sc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49742	2.18.109.164	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:23:51 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-25 19:23:51 UTC	478	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Server: Kestrel ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-OSID: 2 X-CID: 2 X-CCC: GB Cache-Control: public, max-age=50944 Date: Mon, 25 Nov 2024 19:23:51 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49743	2.18.109.164	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:23:53 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-25 19:23:53 UTC	534	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=50968 Date: Mon, 25 Nov 2024 19:23:53 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-25 19:23:53 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49747	47.254.37.3	443	2008	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:23:53 UTC	571	OUT	GET /libs/bootstrap/bootstrap.min.css HTTP/1.1 Host: offer.relieffoot.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://offer.relieffoot.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 19:23:54 UTC	316	IN	HTTP/1.1 200 Server: nginx Date: Mon, 25 Nov 2024 19:23:54 GMT Content-Type: text/css Content-Length: 121200 Connection: close Vary: Accept-Encoding Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Last-Modified: Wed, 20 Nov 2024 09:33:02 GMT Accept-Ranges: bytes
2024-11-25 19:23:54 UTC	16068	IN	Data Raw: 2f 2a 21 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 33 2e 33 2e 37 20 28 68 74 74 70 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 29 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 36 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0a 20 2a 2f 2f 2a 21 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 76 33 2e 30 2e 33 20 7c 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 7c 20 67 69 74 68 75 62 2e 63 6f 6d 2f 6e 65 63 6f 6c 61 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 2a 2f 68 74 6d 6c 7b 66 6f 6e 74 2d 66 Data Ascii: /! Bootstrap v3.3.7 (http://getbootstrap.com) * Copyright 2011-2016 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) //! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css */html{font-f
2024-11-25 19:23:54 UTC	16384	IN	Data Raw: 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 61 75 74 6f 7d 2e 69 6d 67 2d 72 6f 75 6e 64 65 64 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 36 70 78 7d 2e 69 6d 67 2d 74 68 75 6d 62 6e 61 69 6c 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 34 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 35 37 31 34 33 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 64 64 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 34 70 78 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 32 73 20 65 61 73 65 2d 69 6e 2d 6f 75 74 3b 2d 6f 2d 74 Data Ascii: dth:100%;height:auto}.img-rounded{border-radius:6px}.img-thumbnail{display:inline-block;max-width:100%;height:auto;padding:4px;line-height:1.42857143;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;-o-t
2024-11-25 19:23:54 UTC	16384	IN	Data Raw: 2c 2e 74 61 62 6c 65 3e 74 66 6f 6f 74 3e 74 72 3e 74 64 2e 69 6e 66 6f 2c 2e 74 61 62 6c 65 3e 74 66 6f 6f 74 3e 74 72 3e 74 68 2e 69 6e 66 6f 2c 2e 74 61 62 6c 65 3e 74 68 65 61 64 3e 74 72 2e 69 6e 66 6f 3e 74 64 2c 2e 74 61 62 6c 65 3e 74 68 65 61 64 3e 74 72 2e 69 6e 66 6f 3e 74 68 2c 2e 74 61 62 6c 65 3e 74 68 65 61 64 3e 74 72 3e 74 64 2e 69 6e 66 6f 2c 2e 74 61 62 6c 65 3e 74 68 65 61 64 3e 74 72 3e 74 68 2e 69 6e 66 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 39 65 64 66 37 7d 2e 74 61 62 6c 65 2d 68 6f 76 65 72 3e 74 62 6f 64 79 3e 74 72 2e 69 6e 66 6f 3a 68 6f 76 65 72 3e 74 64 2c 2e 74 61 62 6c 65 2d 68 6f 76 65 72 3e 74 62 6f 64 79 3e 74 72 2e 69 6e 66 6f 3a 68 6f 76 65 72 3e 74 68 2c 2e 74 61 62 6c 65 2d 68 6f 76 65 72 3e Data Ascii: ,.table>tfoot>tr>td.info,.table>tfoot>tr>th.info,.table>thead>tr.info>td,.table>thead>tr.info>th,.table>thead>tr>td.info,.table>thead>tr>th.info{background-color:#d9edf7}.table-hover>tbody>tr.info:hover>td,.table-hover>tbody>tr.info:hover>th,.table-hover>
2024-11-25 19:23:54 UTC	16384	IN	Data Raw: 63 63 65 73 73 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 34 39 64 34 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 33 39 38 34 33 39 7d 2e 62 74 6e 2d 73 75 63 63 65 73 73 2e 61 63 74 69 76 65 2c 2e 62 74 6e 2d 73 75 63 63 65 73 73 3a 61 63 74 69 76 65 2c 2e 6f 70 65 6e 3e 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 2e 62 74 6e 2d 73 75 63 63 65 73 73 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 34 39 64 34 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 33 39 38 34 33 39 7d 2e 62 74 6e 2d 73 75 63 63 65 73 73 2e 61 63 74 69 76 65 2e 66 6f 63 75 73 2c 2e 62 74 6e 2d 73 75 63 63 65 73 73 2e 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 2e 62 Data Ascii: ccess:hover{color:#fff;background-color:#449d44;border-color:#398439}.btn-success.active,.btn-success:active,.open>.dropdown-toggle.btn-success{color:#fff;background-color:#449d44;border-color:#398439}.btn-success.active.focus,.btn-success.active:focus,.b
2024-11-25 19:23:54 UTC	16384	IN	Data Raw: 67 7b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 7d 2e 6e 61 76 2d 74 61 62 73 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 64 64 7d 2e 6e 61 76 2d 74 61 62 73 3e 6c 69 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 2d 31 70 78 7d 2e 6e 61 76 2d 74 61 62 73 3e 6c 69 3e 61 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 35 37 31 34 33 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 34 70 78 20 34 70 78 20 30 20 30 7d 2e 6e 61 76 2d 74 61 62 73 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 65 65 65 20 23 65 65 65 20 23 64 Data Ascii: g{max-width:none}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{float:left;margin-bottom:-1px}.nav-tabs>li>a{margin-right:2px;line-height:1.42857143;border:1px solid transparent;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover{border-color:#eee #eee #d
2024-11-25 19:23:54 UTC	16384	IN	Data Raw: 72 5b 68 72 65 66 5d 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 63 39 33 30 32 63 7d 2e 62 61 64 67 65 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 70 78 20 37 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 37 37 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 30 70 78 7d 2e Data Ascii: r[href]:hover{background-color:#c9302c}.badge{display:inline-block;min-width:10px;padding:3px 7px;font-size:12px;font-weight:700;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:middle;background-color:#777;border-radius:10px}.
2024-11-25 19:23:55 UTC	16384	IN	Data Raw: 68 69 6c 64 3e 2e 74 61 62 6c 65 3a 6c 61 73 74 2d 63 68 69 6c 64 3e 74 62 6f 64 79 3a 6c 61 73 74 2d 63 68 69 6c 64 3e 74 72 3a 6c 61 73 74 2d 63 68 69 6c 64 2c 2e 70 61 6e 65 6c 3e 2e 74 61 62 6c 65 2d 72 65 73 70 6f 6e 73 69 76 65 3a 6c 61 73 74 2d 63 68 69 6c 64 3e 2e 74 61 62 6c 65 3a 6c 61 73 74 2d 63 68 69 6c 64 3e 74 66 6f 6f 74 3a 6c 61 73 74 2d 63 68 69 6c 64 3e 74 72 3a 6c 61 73 74 2d 63 68 69 6c 64 2c 2e 70 61 6e 65 6c 3e 2e 74 61 62 6c 65 3a 6c 61 73 74 2d 63 68 69 6c 64 3e 74 62 6f 64 79 3a 6c 61 73 74 2d 63 68 69 6c 64 3e 74 72 3a 6c 61 73 74 2d 63 68 69 6c 64 2c 2e 70 61 6e 65 6c 3e 2e 74 61 62 6c 65 3a 6c 61 73 74 2d 63 68 69 6c 64 3e 74 66 6f 6f 74 3a 6c 61 73 74 2d 63 68 69 6c 64 3e 74 72 3a 6c 61 73 74 2d 63 68 69 6c 64 7b 62 6f 72 64 Data Ascii: hild>.table:last-child>tbody:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child{bord
2024-11-25 19:23:55 UTC	6828	IN	Data Raw: 77 65 62 6b 69 74 2d 67 72 61 64 69 65 6e 74 28 6c 69 6e 65 61 72 2c 6c 65 66 74 20 74 6f 70 2c 72 69 67 68 74 20 74 6f 70 2c 66 72 6f 6d 28 72 67 62 61 28 30 2c 30 2c 30 2c 2e 30 30 30 31 29 29 2c 74 6f 28 72 67 62 61 28 30 2c 30 2c 30 2c 2e 35 29 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 72 69 67 68 74 2c 72 67 62 61 28 30 2c 30 2c 30 2c 2e 30 30 30 31 29 20 30 2c 72 67 62 61 28 30 2c 30 2c 30 2c 2e 35 29 20 31 30 30 25 29 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 67 72 61 64 69 65 6e 74 28 73 74 61 72 74 43 6f 6c 6f 72 73 74 72 3d 27 23 30 30 30 30 30 30 30 30 27 2c 20 65 6e 64 43 6f 6c 6f 72 73 Data Ascii: webkit-gradient(linear,left top,right top,from(rgba(0,0,0,.0001)),to(rgba(0,0,0,.5)));background-image:linear-gradient(to right,rgba(0,0,0,.0001) 0,rgba(0,0,0,.5) 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#00000000', endColors

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49746	47.254.37.3	443	2008	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:23:53 UTC	574	OUT	GET /libs/theme/pblog/css/web-common.css HTTP/1.1 Host: offer.relieffoot.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://offer.relieffoot.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 19:23:54 UTC	314	IN	HTTP/1.1 200 Server: nginx Date: Mon, 25 Nov 2024 19:23:54 GMT Content-Type: text/css Content-Length: 7717 Connection: close Vary: Accept-Encoding Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Last-Modified: Wed, 20 Nov 2024 09:33:02 GMT Accept-Ranges: bytes
2024-11-25 19:23:54 UTC	7717	IN	Data Raw: 61 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 37 37 64 64 3b 0a 7d 0a 61 3a 68 6f 76 65 72 2c 61 3a 66 6f 63 75 73 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 38 36 61 61 35 3b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 3b 0a 7d 0a 0a 6f 6c 2c 20 75 6c 20 7b 0a 20 20 20 20 6c 69 73 74 2d 73 74 79 6c 65 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 6c 69 7b 0a 20 20 20 20 6c 69 73 74 2d 73 74 79 6c 65 2d 74 79 70 65 3a 6e 6f 6e 65 0a 7d 0a 64 6c 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 7d 0a 0a 62 75 74 74 6f 6e 20 7b 0a 20 20 20 20 6f 75 74 6c 69 6e 65 3a 20 6e 6f 6e 65 3b 0a Data Ascii: a{ color: #0077dd;}a:hover,a:focus{ color: #286aa5; text-decoration: none; outline:none;}ol, ul { list-style: none; margin: 0; padding: 0;}li{ list-style-type:none}dl{ margin: 0;}button { outline: none;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49744	47.254.37.3	443	2008	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:23:54 UTC	550	OUT	GET /libs/jquery/jquery.min.js HTTP/1.1 Host: offer.relieffoot.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://offer.relieffoot.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 19:23:54 UTC	329	IN	HTTP/1.1 200 Server: nginx Date: Mon, 25 Nov 2024 19:23:54 GMT Content-Type: application/javascript Content-Length: 85578 Connection: close Vary: Accept-Encoding Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Last-Modified: Wed, 20 Nov 2024 09:33:02 GMT Accept-Ranges: bytes
2024-11-25 19:23:54 UTC	16055	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 32 2e 32 2e 34 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 69 74 68 20 61 20 64 6f 63 75 6d 65 6e Data Ascii: /! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a documen
2024-11-25 19:23:54 UTC	16384	IN	Data Raw: 61 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 68 2d 2d 29 28 66 3d 67 5b 68 5d 29 26 26 28 61 5b 68 5d 3d 21 28 62 5b 68 5d 3d 66 29 29 7d 29 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 65 2c 66 29 7b 72 65 74 75 72 6e 20 62 5b 30 5d 3d 61 2c 64 28 62 2c 6e 75 6c 6c 2c 66 2c 63 29 2c 62 5b 30 5d 3d 6e 75 6c 6c 2c 21 63 2e 70 6f 70 28 29 7d 7d 29 2c 68 61 73 3a 68 61 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 66 61 28 61 2c 62 29 2e 6c 65 6e 67 74 68 3e 30 7d 7d 29 2c 63 6f 6e 74 61 69 6e 73 3a 68 61 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3d 61 2e 72 65 70 6c 61 63 65 28 62 61 2c 63 61 29 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 28 62 2e 74 65 78 74 43 Data Ascii: a.length;while(h--)(f=g[h])&&(a[h]=!(b[h]=f))}):function(a,e,f){return b[0]=a,d(b,null,f,c),b[0]=null,!c.pop()}}),has:ha(function(a){return function(b){return fa(a,b).length>0}}),contains:ha(function(a){return a=a.replace(ba,ca),function(b){return(b.textC
2024-11-25 19:23:54 UTC	16384	IN	Data Raw: 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 2c 65 2c 66 3d 74 68 69 73 5b 30 5d 2c 67 3d 66 26 26 66 2e 61 74 74 72 69 62 75 74 65 73 3b 69 66 28 76 6f 69 64 20 30 3d 3d 3d 61 29 7b 69 66 28 74 68 69 73 2e 6c 65 6e 67 74 68 26 26 28 65 3d 4f 2e 67 65 74 28 66 29 2c 31 3d 3d 3d 66 2e 6e 6f 64 65 54 79 70 65 26 26 21 4e 2e 67 65 74 28 66 2c 22 68 61 73 44 61 74 61 41 74 74 72 73 22 29 29 29 7b 63 3d 67 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 63 2d 2d 29 67 5b 63 5d 26 26 28 64 3d 67 5b 63 5d 2e 6e 61 6d 65 2c 30 3d 3d 3d 64 2e 69 6e 64 65 78 4f 66 28 22 64 61 74 61 2d 22 29 26 26 28 64 3d 6e 2e 63 61 6d 65 6c 43 61 73 65 28 64 2e 73 6c 69 63 65 28 35 29 29 2c 52 28 66 2c 64 2c 65 5b 64 5d 29 29 29 3b 4e 2e 73 65 74 28 66 2c 22 68 61 73 44 61 74 Data Ascii: ction(a,b){var c,d,e,f=this[0],g=f&&f.attributes;if(void 0===a){if(this.length&&(e=O.get(f),1===f.nodeType&&!N.get(f,"hasDataAttrs"))){c=g.length;while(c--)g[c]&&(d=g[c].name,0===d.indexOf("data-")&&(d=n.camelCase(d.slice(5)),R(f,d,e[d])));N.set(f,"hasDat
2024-11-25 19:23:54 UTC	16384	IN	Data Raw: 72 20 65 2c 66 2c 67 3d 7b 7d 3b 66 6f 72 28 66 20 69 6e 20 62 29 67 5b 66 5d 3d 61 2e 73 74 79 6c 65 5b 66 5d 2c 61 2e 73 74 79 6c 65 5b 66 5d 3d 62 5b 66 5d 3b 65 3d 63 2e 61 70 70 6c 79 28 61 2c 64 7c 7c 5b 5d 29 3b 66 6f 72 28 66 20 69 6e 20 62 29 61 2e 73 74 79 6c 65 5b 66 5d 3d 67 5b 66 5d 3b 72 65 74 75 72 6e 20 65 7d 2c 45 61 3d 64 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 62 2c 63 2c 65 2c 66 2c 67 3d 64 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 2c 68 3d 64 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 3b 69 66 28 68 2e 73 74 79 6c 65 29 7b 68 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6c 69 70 3d 22 63 6f 6e 74 65 6e 74 2d 62 6f 78 22 2c 68 Data Ascii: r e,f,g={};for(f in b)g[f]=a.style[f],a.style[f]=b[f];e=c.apply(a,d\|\|[]);for(f in b)a.style[f]=g[f];return e},Ea=d.documentElement;!function(){var b,c,e,f,g=d.createElement("div"),h=d.createElement("div");if(h.style){h.style.backgroundClip="content-box",h
2024-11-25 19:23:55 UTC	16384	IN	Data Raw: 29 7b 67 3d 30 3b 77 68 69 6c 65 28 66 3d 62 5b 67 2b 2b 5d 29 64 2e 69 6e 64 65 78 4f 66 28 22 20 22 2b 66 2b 22 20 22 29 3c 30 26 26 28 64 2b 3d 66 2b 22 20 22 29 3b 68 3d 6e 2e 74 72 69 6d 28 64 29 2c 65 21 3d 3d 68 26 26 63 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 63 6c 61 73 73 22 2c 68 29 7d 7d 72 65 74 75 72 6e 20 74 68 69 73 7d 2c 72 65 6d 6f 76 65 43 6c 61 73 73 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 2c 64 2c 65 2c 66 2c 67 2c 68 2c 69 3d 30 3b 69 66 28 6e 2e 69 73 46 75 6e 63 74 69 6f 6e 28 61 29 29 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 6e 28 74 68 69 73 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 61 2e 63 61 6c 6c 28 74 68 69 73 2c 62 2c 66 62 28 74 68 69 73 29 29 29 7d 29 Data Ascii: ){g=0;while(f=b[g++])d.indexOf(" "+f+" ")<0&&(d+=f+" ");h=n.trim(d),e!==h&&c.setAttribute("class",h)}}return this},removeClass:function(a){var b,c,d,e,f,g,h,i=0;if(n.isFunction(a))return this.each(function(b){n(this).removeClass(a.call(this,b,fb(this)))})
2024-11-25 19:23:55 UTC	3987	IN	Data Raw: 2c 62 5b 65 5d 26 26 28 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 3d 63 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 2c 4a 62 2e 70 75 73 68 28 65 29 29 2c 67 26 26 6e 2e 69 73 46 75 6e 63 74 69 6f 6e 28 66 29 26 26 66 28 67 5b 30 5d 29 2c 67 3d 66 3d 76 6f 69 64 20 30 7d 29 2c 22 73 63 72 69 70 74 22 29 3a 76 6f 69 64 20 30 7d 29 2c 6e 2e 70 61 72 73 65 48 54 4d 4c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 7c 7c 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 61 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 22 62 6f 6f 6c 65 61 6e 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 28 63 3d 62 2c 62 3d 21 31 29 2c 62 3d 62 7c 7c 64 3b 76 61 72 20 65 3d 78 2e 65 78 65 63 28 61 29 2c 66 3d 21 63 26 26 5b 5d 3b 72 65 74 75 72 6e 20 65 3f 5b 62 2e 63 Data Ascii: ,b[e]&&(b.jsonpCallback=c.jsonpCallback,Jb.push(e)),g&&n.isFunction(f)&&f(g[0]),g=f=void 0}),"script"):void 0}),n.parseHTML=function(a,b,c){if(!a\|\|"string"!=typeof a)return null;"boolean"==typeof b&&(c=b,b=!1),b=b\|\|d;var e=x.exec(a),f=!c&&[];return e?[b.c

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49745	47.254.37.3	443	2008	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:23:54 UTC	596	OUT	GET /img/500.png HTTP/1.1 Host: offer.relieffoot.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://offer.relieffoot.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 19:23:54 UTC	293	IN	HTTP/1.1 200 Server: nginx Date: Mon, 25 Nov 2024 19:23:54 GMT Content-Type: image/png Content-Length: 12949 Connection: close Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Last-Modified: Wed, 20 Nov 2024 09:33:02 GMT Accept-Ranges: bytes
2024-11-25 19:23:54 UTC	12949	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 17 00 00 00 dc 08 06 00 00 00 c3 69 83 16 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 7f 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 35 2d 63 30 31 34 20 37 39 2e 31 35 31 34 38 31 2c 20 32 30 31 33 2f 30 33 2f 31 33 2d 31 32 3a 30 39 3a 31 35 20 20 Data Ascii: PNGIHDRitEXtSoftwareAdobe ImageReadyqe<iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49748	47.254.37.3	443	2008	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:23:56 UTC	355	OUT	GET /img/500.png HTTP/1.1 Host: offer.relieffoot.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 19:23:56 UTC	293	IN	HTTP/1.1 200 Server: nginx Date: Mon, 25 Nov 2024 19:23:56 GMT Content-Type: image/png Content-Length: 12949 Connection: close Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Last-Modified: Wed, 20 Nov 2024 09:33:02 GMT Accept-Ranges: bytes
2024-11-25 19:23:56 UTC	12949	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 17 00 00 00 dc 08 06 00 00 00 c3 69 83 16 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 7f 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 35 2d 63 30 31 34 20 37 39 2e 31 35 31 34 38 31 2c 20 32 30 31 33 2f 30 33 2f 31 33 2d 31 32 3a 30 39 3a 31 35 20 20 Data Ascii: PNGIHDRitEXtSoftwareAdobe ImageReadyqe<iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49749	47.254.37.3	443	2008	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:23:56 UTC	369	OUT	GET /libs/jquery/jquery.min.js HTTP/1.1 Host: offer.relieffoot.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 19:23:57 UTC	329	IN	HTTP/1.1 200 Server: nginx Date: Mon, 25 Nov 2024 19:23:56 GMT Content-Type: application/javascript Content-Length: 85578 Connection: close Vary: Accept-Encoding Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Last-Modified: Wed, 20 Nov 2024 09:33:02 GMT Accept-Ranges: bytes
2024-11-25 19:23:57 UTC	16055	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 32 2e 32 2e 34 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 69 74 68 20 61 20 64 6f 63 75 6d 65 6e Data Ascii: /! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a documen
2024-11-25 19:23:57 UTC	16384	IN	Data Raw: 61 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 68 2d 2d 29 28 66 3d 67 5b 68 5d 29 26 26 28 61 5b 68 5d 3d 21 28 62 5b 68 5d 3d 66 29 29 7d 29 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 65 2c 66 29 7b 72 65 74 75 72 6e 20 62 5b 30 5d 3d 61 2c 64 28 62 2c 6e 75 6c 6c 2c 66 2c 63 29 2c 62 5b 30 5d 3d 6e 75 6c 6c 2c 21 63 2e 70 6f 70 28 29 7d 7d 29 2c 68 61 73 3a 68 61 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 66 61 28 61 2c 62 29 2e 6c 65 6e 67 74 68 3e 30 7d 7d 29 2c 63 6f 6e 74 61 69 6e 73 3a 68 61 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3d 61 2e 72 65 70 6c 61 63 65 28 62 61 2c 63 61 29 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 28 62 2e 74 65 78 74 43 Data Ascii: a.length;while(h--)(f=g[h])&&(a[h]=!(b[h]=f))}):function(a,e,f){return b[0]=a,d(b,null,f,c),b[0]=null,!c.pop()}}),has:ha(function(a){return function(b){return fa(a,b).length>0}}),contains:ha(function(a){return a=a.replace(ba,ca),function(b){return(b.textC
2024-11-25 19:23:57 UTC	16384	IN	Data Raw: 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 2c 65 2c 66 3d 74 68 69 73 5b 30 5d 2c 67 3d 66 26 26 66 2e 61 74 74 72 69 62 75 74 65 73 3b 69 66 28 76 6f 69 64 20 30 3d 3d 3d 61 29 7b 69 66 28 74 68 69 73 2e 6c 65 6e 67 74 68 26 26 28 65 3d 4f 2e 67 65 74 28 66 29 2c 31 3d 3d 3d 66 2e 6e 6f 64 65 54 79 70 65 26 26 21 4e 2e 67 65 74 28 66 2c 22 68 61 73 44 61 74 61 41 74 74 72 73 22 29 29 29 7b 63 3d 67 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 63 2d 2d 29 67 5b 63 5d 26 26 28 64 3d 67 5b 63 5d 2e 6e 61 6d 65 2c 30 3d 3d 3d 64 2e 69 6e 64 65 78 4f 66 28 22 64 61 74 61 2d 22 29 26 26 28 64 3d 6e 2e 63 61 6d 65 6c 43 61 73 65 28 64 2e 73 6c 69 63 65 28 35 29 29 2c 52 28 66 2c 64 2c 65 5b 64 5d 29 29 29 3b 4e 2e 73 65 74 28 66 2c 22 68 61 73 44 61 74 Data Ascii: ction(a,b){var c,d,e,f=this[0],g=f&&f.attributes;if(void 0===a){if(this.length&&(e=O.get(f),1===f.nodeType&&!N.get(f,"hasDataAttrs"))){c=g.length;while(c--)g[c]&&(d=g[c].name,0===d.indexOf("data-")&&(d=n.camelCase(d.slice(5)),R(f,d,e[d])));N.set(f,"hasDat
2024-11-25 19:23:57 UTC	16384	IN	Data Raw: 72 20 65 2c 66 2c 67 3d 7b 7d 3b 66 6f 72 28 66 20 69 6e 20 62 29 67 5b 66 5d 3d 61 2e 73 74 79 6c 65 5b 66 5d 2c 61 2e 73 74 79 6c 65 5b 66 5d 3d 62 5b 66 5d 3b 65 3d 63 2e 61 70 70 6c 79 28 61 2c 64 7c 7c 5b 5d 29 3b 66 6f 72 28 66 20 69 6e 20 62 29 61 2e 73 74 79 6c 65 5b 66 5d 3d 67 5b 66 5d 3b 72 65 74 75 72 6e 20 65 7d 2c 45 61 3d 64 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 62 2c 63 2c 65 2c 66 2c 67 3d 64 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 2c 68 3d 64 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 3b 69 66 28 68 2e 73 74 79 6c 65 29 7b 68 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6c 69 70 3d 22 63 6f 6e 74 65 6e 74 2d 62 6f 78 22 2c 68 Data Ascii: r e,f,g={};for(f in b)g[f]=a.style[f],a.style[f]=b[f];e=c.apply(a,d\|\|[]);for(f in b)a.style[f]=g[f];return e},Ea=d.documentElement;!function(){var b,c,e,f,g=d.createElement("div"),h=d.createElement("div");if(h.style){h.style.backgroundClip="content-box",h
2024-11-25 19:23:57 UTC	16384	IN	Data Raw: 29 7b 67 3d 30 3b 77 68 69 6c 65 28 66 3d 62 5b 67 2b 2b 5d 29 64 2e 69 6e 64 65 78 4f 66 28 22 20 22 2b 66 2b 22 20 22 29 3c 30 26 26 28 64 2b 3d 66 2b 22 20 22 29 3b 68 3d 6e 2e 74 72 69 6d 28 64 29 2c 65 21 3d 3d 68 26 26 63 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 63 6c 61 73 73 22 2c 68 29 7d 7d 72 65 74 75 72 6e 20 74 68 69 73 7d 2c 72 65 6d 6f 76 65 43 6c 61 73 73 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 2c 64 2c 65 2c 66 2c 67 2c 68 2c 69 3d 30 3b 69 66 28 6e 2e 69 73 46 75 6e 63 74 69 6f 6e 28 61 29 29 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 6e 28 74 68 69 73 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 61 2e 63 61 6c 6c 28 74 68 69 73 2c 62 2c 66 62 28 74 68 69 73 29 29 29 7d 29 Data Ascii: ){g=0;while(f=b[g++])d.indexOf(" "+f+" ")<0&&(d+=f+" ");h=n.trim(d),e!==h&&c.setAttribute("class",h)}}return this},removeClass:function(a){var b,c,d,e,f,g,h,i=0;if(n.isFunction(a))return this.each(function(b){n(this).removeClass(a.call(this,b,fb(this)))})
2024-11-25 19:23:57 UTC	3987	IN	Data Raw: 2c 62 5b 65 5d 26 26 28 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 3d 63 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 2c 4a 62 2e 70 75 73 68 28 65 29 29 2c 67 26 26 6e 2e 69 73 46 75 6e 63 74 69 6f 6e 28 66 29 26 26 66 28 67 5b 30 5d 29 2c 67 3d 66 3d 76 6f 69 64 20 30 7d 29 2c 22 73 63 72 69 70 74 22 29 3a 76 6f 69 64 20 30 7d 29 2c 6e 2e 70 61 72 73 65 48 54 4d 4c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 7c 7c 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 61 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 22 62 6f 6f 6c 65 61 6e 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 28 63 3d 62 2c 62 3d 21 31 29 2c 62 3d 62 7c 7c 64 3b 76 61 72 20 65 3d 78 2e 65 78 65 63 28 61 29 2c 66 3d 21 63 26 26 5b 5d 3b 72 65 74 75 72 6e 20 65 3f 5b 62 2e 63 Data Ascii: ,b[e]&&(b.jsonpCallback=c.jsonpCallback,Jb.push(e)),g&&n.isFunction(f)&&f(g[0]),g=f=void 0}),"script"):void 0}),n.parseHTML=function(a,b,c){if(!a\|\|"string"!=typeof a)return null;"boolean"==typeof b&&(c=b,b=!1),b=b\|\|d;var e=x.exec(a),f=!c&&[];return e?[b.c

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49750	47.254.37.3	443	2008	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:23:56 UTC	596	OUT	GET /favicon.ico HTTP/1.1 Host: offer.relieffoot.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://offer.relieffoot.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 19:23:57 UTC	296	IN	HTTP/1.1 200 Server: nginx Date: Mon, 25 Nov 2024 19:23:56 GMT Content-Type: image/x-icon Content-Length: 31339 Connection: close Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Last-Modified: Wed, 20 Nov 2024 09:33:02 GMT Accept-Ranges: bytes
2024-11-25 19:23:57 UTC	16088	IN	Data Raw: 47 49 46 38 39 61 9e 02 34 03 b3 00 00 00 00 00 08 08 08 14 14 14 21 21 21 31 31 31 52 52 52 77 77 77 9c 9c 9c bd bd bd ce ce ce d6 d6 d6 de de de e7 e7 e7 ef ef ef f7 f7 f7 ff ff ff 2c 00 00 00 00 9e 02 34 03 00 04 fe f0 c9 49 ab bd 38 eb cd bb ff 60 28 8e 64 69 9e 68 aa ae 6c eb be 70 2c cf 74 6d df 78 ae ef 7c ef ff c0 a0 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf e0 b0 78 4c 2e a3 1c 12 07 da cc 6e bb df f0 78 4c cd 48 1c 0e 06 bc c1 50 28 20 14 6a 6b 72 83 84 85 86 87 59 0c 0b 09 7c 04 04 01 01 00 92 93 90 01 02 8e 05 07 0a 0c 82 88 9e 9f a0 a1 a2 2d 0b 08 06 04 03 95 93 ab 92 01 03 00 95 04 b0 ae 06 09 0d 9d a3 b9 ba bb bc 85 0b 78 a9 92 02 91 93 02 af ac 00 8f 92 b2 94 01 04 b5 b8 bd d2 d3 d4 d5 51 0d c0 01 05 cf Data Ascii: GIF89a4!!!111RRRwww,4I8`(dihlp,tmx\|pH,rl:tJZvzxL.nxLHP( jkrY\|-xQ
2024-11-25 19:23:57 UTC	15251	IN	Data Raw: 5c c0 d1 e0 ce 0e af 4e a8 27 68 c8 25 36 cb 90 0e c3 12 a5 5b 9a fa 8b ed c1 e5 5f 8e c5 7d 1a 72 f3 2e f4 68 60 76 66 f3 47 d8 62 90 5e 64 8b 6c fe 0b c1 3d 42 49 01 95 27 3d 34 8b bc e0 2e d7 59 35 5b ba 04 df 00 36 bb fe b3 32 51 36 82 bc c4 36 e0 67 6e 87 07 03 ac 89 3c e9 42 73 bc 56 b8 d4 76 8c d8 64 ac 3c cf 81 b9 16 39 5d 5f 43 54 50 5e f3 94 33 b0 0e f2 b2 0c 21 70 c5 4f d2 d1 09 aa f1 1d 1c 43 81 b4 f7 41 70 a8 0b 0f 4b cc 6d d2 df dc 5a c2 e9 10 7c 97 e6 64 7a b5 59 87 87 02 58 c5 ba 90 d2 74 d3 9f 2e ec 87 95 34 75 8c 30 4d ea 48 89 26 8d d7 18 af 01 7e aa 91 6b 5f 10 45 28 71 79 c3 c8 56 58 18 33 1b 8e 90 84 00 73 c7 01 58 f4 43 c7 25 ad 6c e9 8d 38 b2 8e 7e 65 65 7f 55 78 b1 ec 35 cc 4c 18 45 34 4e 40 46 77 83 8e 42 17 48 0c 11 15 b8 82 9f Data Ascii: \N'h%6[_}r.h`vfGb^dl=BI'=4.Y5[62Q66gn<BsVvd<9]_CTP^3!pOCApKmZ\|dzYXt.4u0MH&~k_E(qyVX3sXC%l8~eeUx5LE4N@FwBH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49751	47.254.37.3	443	2008	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:23:58 UTC	355	OUT	GET /favicon.ico HTTP/1.1 Host: offer.relieffoot.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 19:23:59 UTC	296	IN	HTTP/1.1 200 Server: nginx Date: Mon, 25 Nov 2024 19:23:58 GMT Content-Type: image/x-icon Content-Length: 31339 Connection: close Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Last-Modified: Wed, 20 Nov 2024 09:33:02 GMT Accept-Ranges: bytes
2024-11-25 19:23:59 UTC	16088	IN	Data Raw: 47 49 46 38 39 61 9e 02 34 03 b3 00 00 00 00 00 08 08 08 14 14 14 21 21 21 31 31 31 52 52 52 77 77 77 9c 9c 9c bd bd bd ce ce ce d6 d6 d6 de de de e7 e7 e7 ef ef ef f7 f7 f7 ff ff ff 2c 00 00 00 00 9e 02 34 03 00 04 fe f0 c9 49 ab bd 38 eb cd bb ff 60 28 8e 64 69 9e 68 aa ae 6c eb be 70 2c cf 74 6d df 78 ae ef 7c ef ff c0 a0 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf e0 b0 78 4c 2e a3 1c 12 07 da cc 6e bb df f0 78 4c cd 48 1c 0e 06 bc c1 50 28 20 14 6a 6b 72 83 84 85 86 87 59 0c 0b 09 7c 04 04 01 01 00 92 93 90 01 02 8e 05 07 0a 0c 82 88 9e 9f a0 a1 a2 2d 0b 08 06 04 03 95 93 ab 92 01 03 00 95 04 b0 ae 06 09 0d 9d a3 b9 ba bb bc 85 0b 78 a9 92 02 91 93 02 af ac 00 8f 92 b2 94 01 04 b5 b8 bd d2 d3 d4 d5 51 0d c0 01 05 cf Data Ascii: GIF89a4!!!111RRRwww,4I8`(dihlp,tmx\|pH,rl:tJZvzxL.nxLHP( jkrY\|-xQ
2024-11-25 19:23:59 UTC	15251	IN	Data Raw: 5c c0 d1 e0 ce 0e af 4e a8 27 68 c8 25 36 cb 90 0e c3 12 a5 5b 9a fa 8b ed c1 e5 5f 8e c5 7d 1a 72 f3 2e f4 68 60 76 66 f3 47 d8 62 90 5e 64 8b 6c fe 0b c1 3d 42 49 01 95 27 3d 34 8b bc e0 2e d7 59 35 5b ba 04 df 00 36 bb fe b3 32 51 36 82 bc c4 36 e0 67 6e 87 07 03 ac 89 3c e9 42 73 bc 56 b8 d4 76 8c d8 64 ac 3c cf 81 b9 16 39 5d 5f 43 54 50 5e f3 94 33 b0 0e f2 b2 0c 21 70 c5 4f d2 d1 09 aa f1 1d 1c 43 81 b4 f7 41 70 a8 0b 0f 4b cc 6d d2 df dc 5a c2 e9 10 7c 97 e6 64 7a b5 59 87 87 02 58 c5 ba 90 d2 74 d3 9f 2e ec 87 95 34 75 8c 30 4d ea 48 89 26 8d d7 18 af 01 7e aa 91 6b 5f 10 45 28 71 79 c3 c8 56 58 18 33 1b 8e 90 84 00 73 c7 01 58 f4 43 c7 25 ad 6c e9 8d 38 b2 8e 7e 65 65 7f 55 78 b1 ec 35 cc 4c 18 45 34 4e 40 46 77 83 8e 42 17 48 0c 11 15 b8 82 9f Data Ascii: \N'h%6[_}r.h`vfGb^dl=BI'=4.Y5[62Q66gn<BsVvd<9]_CTP^3!pOCApKmZ\|dzYXt.4u0MH&~k_E(qyVX3sXC%l8~eeUx5LE4N@FwBH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49752	20.109.210.53	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:02 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=zfU+c+Hzr8XzmrD&MD=hpu9F1A1 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-25 19:24:03 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: ed068e60-3374-419b-a0f9-7ffcfaaf3d3d MS-RequestId: 7d506569-764e-4648-8650-7d3cd1b04f5f MS-CV: kzqgeqTN/0WSzjRY.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 25 Nov 2024 19:24:02 GMT Connection: close Content-Length: 24490
2024-11-25 19:24:03 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-25 19:24:03 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49758	20.109.210.53	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:42 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=zfU+c+Hzr8XzmrD&MD=hpu9F1A1 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-25 19:24:43 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 96055b6a-b039-44a0-86b2-d34e426c92f9 MS-RequestId: 609ff772-fa73-4ef1-9d8f-486de7b2e4ba MS-CV: rUIG5aw2Y0KQNBtz.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 25 Nov 2024 19:24:42 GMT Connection: close Content-Length: 30005
2024-11-25 19:24:43 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-11-25 19:24:43 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.4	49759	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:43 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:44 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:44 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Sat, 23 Nov 2024 12:15:37 GMT ETag: "0x8DD0BB889D4282C" x-ms-request-id: 19b35b80-c01e-0049-150a-3eac27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192444Z-174c587ffdf89smkhC1TEB697s00000006fg000000008wcp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:44 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-25 19:24:44 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-11-25 19:24:44 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-11-25 19:24:44 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-11-25 19:24:44 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-11-25 19:24:44 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-11-25 19:24:44 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-11-25 19:24:44 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-11-25 19:24:44 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-11-25 19:24:44 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.4	49761	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:46 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:47 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:46 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: ac6669be-e01e-003c-668c-3ac70b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192446Z-174c587ffdf6b487hC1TEBydsn000000068000000000n00r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:47 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	49764	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:46 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:47 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:47 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 4a9b7938-301e-000c-7880-3d323f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192447Z-174c587ffdfx984chC1TEB676g00000006c000000000cpz0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:47 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49762	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:46 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:47 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:47 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: c9502ca5-e01e-0033-0fb4-3e4695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192447Z-178bfbc474bv7whqhC1NYC1fg400000007u000000000pm9y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:47 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49760	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:46 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:47 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:47 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 44ae66ae-301e-001f-7627-3caa3a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192447Z-178bfbc474brk967hC1NYCfu6000000007pg00000000ffzv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:47 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49763	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:46 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:47 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:47 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 8db92378-201e-003f-2cbf-3e6d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192447Z-178bfbc474bh5zbqhC1NYCkdug00000007qg00000000vpym x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:47 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49766	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:49 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:49 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:49 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 6093596d-b01e-0053-0311-3dcdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192449Z-15b8b599d885v8r9hC1TEB104g000000069g00000000uaa1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:49 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49769	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:49 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:49 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:49 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 975c85cf-001e-0017-4d20-3d0c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192449Z-178bfbc474btrnf9hC1NYCb80g00000008400000000043a2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:49 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49767	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:49 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:49 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:49 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 5308f18d-c01e-0034-0a5c-3f2af6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192449Z-178bfbc474b9fdhphC1NYCac0n00000007ug00000000c02w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:49 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49768	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:49 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:49 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:49 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 1e988f1d-b01e-0070-1b8c-3a1cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192449Z-174c587ffdf8lw6dhC1TEBkgs800000006bg00000000eutx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:49 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49770	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:49 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:49 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:49 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: ba9b913e-601e-0001-2f1a-3dfaeb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192449Z-178bfbc474b9xljthC1NYCtw9400000007u000000000cvz4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:49 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49771	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:51 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:51 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:51 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 561f43d7-f01e-0096-2f75-3b10ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192451Z-174c587ffdfl22mzhC1TEBk40c00000006hg000000009gsh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:51 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49774	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:51 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:51 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:51 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 08b7745d-b01e-00ab-54e9-3edafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192451Z-15b8b599d889fz52hC1TEB59as000000067000000000t2nb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:51 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49773	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:51 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:51 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:51 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: d58f6c79-601e-00ab-760a-3e66f4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192451Z-178bfbc474btrnf9hC1NYCb80g00000007y000000000ux69 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:51 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49776	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:51 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:51 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:51 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: a69f297f-901e-002a-244c-3c7a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192451Z-15b8b599d88f9wfchC1TEBm2kc00000006h0000000008fyy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:51 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49775	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:51 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:51 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:51 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: aff2abcc-f01e-0003-4547-3c4453000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192451Z-178bfbc474brk967hC1NYCfu6000000007kg00000000u7n1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:51 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49777	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:53 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:53 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:53 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 63e0f5a8-701e-0032-207a-3ba540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192453Z-174c587ffdf6b487hC1TEBydsn00000006b00000000083n0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:53 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49779	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:53 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:54 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:53 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 7e74133f-e01e-003c-0667-3dc70b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192453Z-15b8b599d88s6mj9hC1TEBur30000000067g000000008asp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:54 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49778	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:53 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:54 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:53 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: ba5d631a-801e-0047-14d1-3e7265000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192453Z-178bfbc474bvjk8shC1NYC83ns00000007n000000000uprc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:54 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49781	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:53 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:54 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:54 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: e328efd5-c01e-00a2-56bf-3e2327000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192454Z-178bfbc474btrnf9hC1NYCb80g00000007y000000000uxb5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:54 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49780	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:53 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:54 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:54 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 918e3103-701e-0097-4a7c-3bb8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192454Z-174c587ffdfl22mzhC1TEBk40c00000006f000000000kwxb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:54 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49782	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:55 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:55 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: c77577e7-501e-0078-0da6-3e06cf000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192455Z-178bfbc474bv587zhC1NYCny5w00000007u0000000008pfg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:56 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49783	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:55 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:56 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 7a05741d-701e-0021-0754-3c3d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192456Z-15b8b599d88s6mj9hC1TEBur30000000063g00000000nezc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:56 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49784	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:55 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:56 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 90548f26-b01e-0021-643a-3ccab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192456Z-178bfbc474bbcwv4hC1NYCypys00000007qg00000000m7t1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:56 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49786	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:55 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:56 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 876ff6fa-901e-00a0-47eb-3d6a6d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192456Z-178bfbc474btvfdfhC1NYCa2en0000000820000000002rra x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:56 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	49785	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:55 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:56 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 6ea5360a-801e-002a-4904-3e31dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192456Z-178bfbc474bv587zhC1NYCny5w00000007pg00000000ske6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:56 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	49787	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:57 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:58 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: aaf2b452-f01e-0071-621c-3e431c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192458Z-15b8b599d889fz52hC1TEB59as00000006ag00000000e3u4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:58 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	49788	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:58 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:58 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 47ff93a4-401e-0083-0f5d-3e075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192458Z-174c587ffdfx984chC1TEB676g00000006b000000000fgua x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:58 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	49789	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:58 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:58 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 12cef178-a01e-0070-7e6c-3d573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192458Z-174c587ffdfb74xqhC1TEBhabc000000068g00000000va2t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:58 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	49790	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:58 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:58 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: a8d62205-901e-0083-0c0e-3bbb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192458Z-174c587ffdf9xbcchC1TEBxkz40000000690000000006ddw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:58 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	49791	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:24:58 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:24:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:24:58 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 81bf26fc-f01e-0099-6bb6-3e9171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192458Z-178bfbc474bwlrhlhC1NYCy3kg00000007w000000000f89p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:24:58 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	49792	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:25:00 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:25:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:25:00 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 279fb768-d01e-00ad-04d6-3ee942000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192500Z-174c587ffdfcj798hC1TEB9bq400000006gg00000000f1d3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:25:00 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	49794	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:25:00 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:25:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:25:00 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: bf14eb60-501e-007b-507b-3b5ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192500Z-174c587ffdfb485jhC1TEBmc1s000000067g0000000094v7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:25:00 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49793	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:25:00 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:25:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:25:00 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: 3ac3f4da-f01e-001f-4c47-3c5dc8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192500Z-15b8b599d88wn9hhhC1TEBry0g00000006gg000000002b32 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:25:00 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49795	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:25:00 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:25:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:25:00 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 09788b64-001e-0046-6eb7-3eda4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192500Z-178bfbc474brk967hC1NYCfu6000000007qg00000000cb8n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:25:00 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49796	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:25:00 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:25:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:25:00 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: d83ea369-501e-000a-040c-3d0180000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192500Z-178bfbc474bgvl54hC1NYCsfuw00000007t000000000rm9h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:25:01 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49797	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:25:02 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:25:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:25:02 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 35c17bb4-f01e-0052-536c-3d9224000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192502Z-15b8b599d885v8r9hC1TEB104g000000069g00000000ub5g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:25:02 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	49798	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:25:02 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:25:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:25:02 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: e4221271-301e-0051-4239-3d38bb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192502Z-174c587ffdf8lw6dhC1TEBkgs800000006e0000000004ge0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:25:03 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	49799	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:25:02 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:25:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:25:02 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 0a6aa823-c01e-0014-3efe-3da6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192502Z-178bfbc474bw8bwphC1NYC38b400000007pg00000000n6ys x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:25:03 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	49800	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:25:02 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:25:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:25:02 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 069344af-301e-0020-09c0-3e6299000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192502Z-178bfbc474bxkclvhC1NYC69g400000007wg0000000076ch x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:25:03 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	49801	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 19:25:02 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 19:25:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 19:25:03 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: c24f93c3-601e-00ab-62a8-3e66f4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T192503Z-178bfbc474btvfdfhC1NYCa2en000000080g0000000085e8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 19:25:03 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5572, Parent PID: 4484

General

Target ID:	0
Start time:	14:23:40
Start date:	25/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2008, Parent PID: 5572

General

Target ID:	2
Start time:	14:23:43
Start date:	25/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1964,i,1011053822055246351,4298913378853297238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6348, Parent PID: 4484

General

Target ID:	3
Start time:	14:23:45
Start date:	25/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://offer.relieffoot.com"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://offer.relieffoot.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5572, Parent PID: 4484

General

Chronological Activities

Analysis Process: chrome.exePID: 2008, Parent PID: 5572

Windows Analysis Report
http://offer.relieffoot.com