Edit tour

Windows Analysis Report
http://afta.memnet.com.au/memberselfservice/DistributionTracking/TrackLinks.aspx?href=//schneider.com.staffrecords-2024mnpje-yvqlqmbrk.aluminiosbarros.pt/?staffrecords/2024/=c2xjeWVkaUBzY2huZWlkZXIuY29t

Overview

General Information

Sample URL:	http://afta.memnet.com.au/memberselfservice/DistributionTracking/TrackLinks.aspx?href=//schneider.com.staffrecords-2024mnpje-yvqlqmbrk.aluminiosbarros.pt/?staffrecords/2024/=c2xjeWVkaUBzY2huZWlkZXIuY2
Analysis ID:	1562750
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2344 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3844 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=2012,i,3182887289619156547,4077897584324511932,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6360 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://afta.memnet.com.au/memberselfservice/DistributionTracking/TrackLinks.aspx?href=//schneider.com.staffrecords-2024mnpje-yvqlqmbrk.aluminiosbarros.pt/?staffrecords/2024/=c2xjeWVkaUBzY2huZWlkZXIuY29t" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49753 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63

Source: global traffic	HTTP traffic detected: GET /SSLRedirect.html?403;http://afta.memnet.com.au:80/memberselfservice/DistributionTracking/TrackLinks.aspx?href=//schneider.com.staffrecords-2024mnpje-yvqlqmbrk.aluminiosbarros.pt/?staffrecords/2024/=c2xjeWVkaUBzY2huZWlkZXIuY29t HTTP/1.1Host: afta.memnet.com.auConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: afta.memnet.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://afta.memnet.com.au/SSLRedirect.html?403;http://afta.memnet.com.au:80/memberselfservice/DistributionTracking/TrackLinks.aspx?href=//schneider.com.staffrecords-2024mnpje-yvqlqmbrk.aluminiosbarros.pt/?staffrecords/2024/=c2xjeWVkaUBzY2huZWlkZXIuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: afta.memnet.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3TH116rFCE7rmUp&MD=Pk9sPY1s HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3TH116rFCE7rmUp&MD=Pk9sPY1s HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /memberselfservice/DistributionTracking/TrackLinks.aspx?href=//schneider.com.staffrecords-2024mnpje-yvqlqmbrk.aluminiosbarros.pt/?staffrecords/2024/=c2xjeWVkaUBzY2huZWlkZXIuY29t HTTP/1.1Host: afta.memnet.com.auConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: afta.memnet.com.au
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49753 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@17/5@8/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=2012,i,3182887289619156547,4077897584324511932,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://afta.memnet.com.au/memberselfservice/DistributionTracking/TrackLinks.aspx?href=//schneider.com.staffrecords-2024mnpje-yvqlqmbrk.aluminiosbarros.pt/?staffrecords/2024/=c2xjeWVkaUBzY2huZWlkZXIuY29t"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=2012,i,3182887289619156547,4077897584324511932,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://afta.memnet.com.au/memberselfservice/DistributionTracking/TrackLinks.aspx?href=//schneider.com.staffrecords-2024mnpje-yvqlqmbrk.aluminiosbarros.pt/?staffrecords/2024/=c2xjeWVkaUBzY2huZWlkZXIuY29t	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://afta.memnet.com.au/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
afta.memnet.com.au	35.244.99.106	true	false		unknown
www.google.com	142.250.181.100	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://afta.memnet.com.au/favicon.ico	false	Avira URL Cloud: safe	unknown
https://afta.memnet.com.au/SSLRedirect.html?403;http://afta.memnet.com.au:80/memberselfservice/DistributionTracking/TrackLinks.aspx?href=//schneider.com.staffrecords-2024mnpje-yvqlqmbrk.aluminiosbarros.pt/?staffrecords/2024/=c2xjeWVkaUBzY2huZWlkZXIuY29t	false		unknown
http://afta.memnet.com.au/memberselfservice/DistributionTracking/TrackLinks.aspx?href=//schneider.com.staffrecords-2024mnpje-yvqlqmbrk.aluminiosbarros.pt/?staffrecords/2024/=c2xjeWVkaUBzY2huZWlkZXIuY29t	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
35.244.99.106	afta.memnet.com.au	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.181.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.23
192.168.2.15
192.168.2.14
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1562750
Start date and time:	2024-11-25 23:57:10 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 58s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://afta.memnet.com.au/memberselfservice/DistributionTracking/TrackLinks.aspx?href=//schneider.com.staffrecords-2024mnpje-yvqlqmbrk.aluminiosbarros.pt/?staffrecords/2024/=c2xjeWVkaUBzY2huZWlkZXIuY29t
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@17/5@8/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.208.227, 172.217.19.238, 74.125.205.84, 34.104.35.123, 199.232.210.172, 192.229.221.95, 172.217.17.35
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, otelrules.azureedge.net, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://afta.memnet.com.au/memberselfservice/DistributionTracking/TrackLinks.aspx?href=//schneider.com.staffrecords-2024mnpje-yvqlqmbrk.aluminiosbarros.pt/?staffrecords/2024/=c2xjeWVkaUBzY2huZWlkZXIuY29t

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: http://afta.memnet.com.au Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: http://afta.memnet.com.au
URL: https://afta.memnet.com.au Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: https://afta.memnet.com.au

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Category:	dropped
Size (bytes):	1150
Entropy (8bit):	3.3045638184772725
Encrypted:	false
SSDEEP:	12:Ga7Gg/MILG3ZVBfSeda1KwYqxjnt0T78RMaYe1Ra0HxnyfjS:NzMOGZVVS3KwYon3bYylxnyb
MD5:	C7378BEE681B4922076CBC2302EE1D1B
SHA1:	1C23892B856B1A486AB349743554E9E34F969CFD
SHA-256:	B2F6B54D2671E9FE54B311876FE27A38932BD0FE2111CAAC2392870D4C52D561
SHA-512:	00AFBD94B84E0CBAE676AFC8ACF532664CBBAB57FD8921B81F2513E6AE1D66DFC970492F06CBC5E62435029F2F73E98259D336F5D949B6FA9EC1581C922C06DB
Malicious:	false
Reputation:	low
Preview:	............ .h.......(....... ..... .............................................................................................................................................................................................................................................................................................................................................................................................................................................B...........................................................G...............................................................................................................................................................................................................fff.........snj...........................................................................................................................................................................................................................................................

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	344
Entropy (8bit):	4.939255304545283
Encrypted:	false
SSDEEP:	6:HP/MkcKc5AqJmOAJcMoSa7YRAhxpgEVN8qFUYeoXjFdocMf0OM7OScKcN:HP/MkseqJmxeMoSlRfEVN8qvjxMMOMKJ
MD5:	BBC5490AE096F5736CC9F9795F6E72EC
SHA1:	FFDDA9AEBD4F6BA84D74115F0ADFD5D0C66CC52B
SHA-256:	178E8D45FD61B48BC8F196AAB5C783010D7EA3257BBC1661E73F9EF8314B5C48
SHA-512:	5979D3A40C354B0948310F27406AE977B82ACA53A30B5ACB5485EA8200C2FCEDE6903B3366F1CCE9097D98DAC6E2A5F62FEBAF20831929BA203AE5C269FC900E
Malicious:	false
Reputation:	low
URL:	https://afta.memnet.com.au/SSLRedirect.html?403;http://afta.memnet.com.au:80/memberselfservice/DistributionTracking/TrackLinks.aspx?href=//schneider.com.staffrecords-2024mnpje-yvqlqmbrk.aluminiosbarros.pt/?staffrecords/2024/=c2xjeWVkaUBzY2huZWlkZXIuY29t
Preview:	beginning of HttpRedirect.htm file -->..<script type="text/javascript">..function redirectToHttps()..{..var httpURL = window.location.hostname + window.location.pathname + window.location.search;..var httpsURL = "https://" + httpURL ;..window.location = httpsURL ;..}..redirectToHttps();..</script>.. end of HttpRedirect.htm file -->..

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Category:	downloaded
Size (bytes):	1150
Entropy (8bit):	3.3045638184772725
Encrypted:	false
SSDEEP:	12:Ga7Gg/MILG3ZVBfSeda1KwYqxjnt0T78RMaYe1Ra0HxnyfjS:NzMOGZVVS3KwYon3bYylxnyb
MD5:	C7378BEE681B4922076CBC2302EE1D1B
SHA1:	1C23892B856B1A486AB349743554E9E34F969CFD
SHA-256:	B2F6B54D2671E9FE54B311876FE27A38932BD0FE2111CAAC2392870D4C52D561
SHA-512:	00AFBD94B84E0CBAE676AFC8ACF532664CBBAB57FD8921B81F2513E6AE1D66DFC970492F06CBC5E62435029F2F73E98259D336F5D949B6FA9EC1581C922C06DB
Malicious:	false
Reputation:	low
URL:	https://afta.memnet.com.au/favicon.ico
Preview:	............ .h.......(....... ..... .............................................................................................................................................................................................................................................................................................................................................................................................................................................B...........................................................G...............................................................................................................................................................................................................fff.........snj...........................................................................................................................................................................................................................................................

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2024 23:58:12.113712072 CET	49736	80	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:12.114162922 CET	49737	80	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:12.233695030 CET	80	49736	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:12.233809948 CET	49736	80	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:12.233989954 CET	49736	80	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:12.234153986 CET	80	49737	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:12.234220028 CET	49737	80	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:12.354123116 CET	80	49736	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:13.747668982 CET	49739	443	192.168.2.4	142.250.181.100
Nov 25, 2024 23:58:13.747719049 CET	443	49739	142.250.181.100	192.168.2.4
Nov 25, 2024 23:58:13.752032995 CET	49739	443	192.168.2.4	142.250.181.100
Nov 25, 2024 23:58:13.752298117 CET	49739	443	192.168.2.4	142.250.181.100
Nov 25, 2024 23:58:13.752315998 CET	443	49739	142.250.181.100	192.168.2.4
Nov 25, 2024 23:58:13.771450043 CET	80	49736	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:13.822264910 CET	49736	80	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:13.963093996 CET	49740	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:13.963126898 CET	443	49740	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:13.963246107 CET	49740	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:13.963517904 CET	49740	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:13.963536978 CET	443	49740	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:14.411473036 CET	49741	443	192.168.2.4	23.218.208.109
Nov 25, 2024 23:58:14.411499977 CET	443	49741	23.218.208.109	192.168.2.4
Nov 25, 2024 23:58:14.411606073 CET	49741	443	192.168.2.4	23.218.208.109
Nov 25, 2024 23:58:14.413836956 CET	49741	443	192.168.2.4	23.218.208.109
Nov 25, 2024 23:58:14.413860083 CET	443	49741	23.218.208.109	192.168.2.4
Nov 25, 2024 23:58:15.461599112 CET	443	49739	142.250.181.100	192.168.2.4
Nov 25, 2024 23:58:15.462101936 CET	49739	443	192.168.2.4	142.250.181.100
Nov 25, 2024 23:58:15.462162971 CET	443	49739	142.250.181.100	192.168.2.4
Nov 25, 2024 23:58:15.463949919 CET	443	49739	142.250.181.100	192.168.2.4
Nov 25, 2024 23:58:15.464040041 CET	49739	443	192.168.2.4	142.250.181.100
Nov 25, 2024 23:58:15.465387106 CET	49739	443	192.168.2.4	142.250.181.100
Nov 25, 2024 23:58:15.465480089 CET	443	49739	142.250.181.100	192.168.2.4
Nov 25, 2024 23:58:15.508243084 CET	49739	443	192.168.2.4	142.250.181.100
Nov 25, 2024 23:58:15.508265972 CET	443	49739	142.250.181.100	192.168.2.4
Nov 25, 2024 23:58:15.555001020 CET	49739	443	192.168.2.4	142.250.181.100
Nov 25, 2024 23:58:15.844418049 CET	443	49741	23.218.208.109	192.168.2.4
Nov 25, 2024 23:58:15.844563961 CET	49741	443	192.168.2.4	23.218.208.109
Nov 25, 2024 23:58:15.847949982 CET	49741	443	192.168.2.4	23.218.208.109
Nov 25, 2024 23:58:15.847959995 CET	443	49741	23.218.208.109	192.168.2.4
Nov 25, 2024 23:58:15.848285913 CET	443	49741	23.218.208.109	192.168.2.4
Nov 25, 2024 23:58:15.895586967 CET	49741	443	192.168.2.4	23.218.208.109
Nov 25, 2024 23:58:15.907737017 CET	49741	443	192.168.2.4	23.218.208.109
Nov 25, 2024 23:58:15.951335907 CET	443	49741	23.218.208.109	192.168.2.4
Nov 25, 2024 23:58:16.229762077 CET	443	49740	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:16.230525970 CET	49740	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:16.230535984 CET	443	49740	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:16.232328892 CET	443	49740	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:16.232403994 CET	49740	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:16.238261938 CET	49740	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:16.238374949 CET	443	49740	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:16.238512993 CET	49740	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:16.283328056 CET	443	49740	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:16.291105032 CET	49740	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:16.291112900 CET	443	49740	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:16.336420059 CET	49740	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:16.364197969 CET	443	49741	23.218.208.109	192.168.2.4
Nov 25, 2024 23:58:16.364268064 CET	443	49741	23.218.208.109	192.168.2.4
Nov 25, 2024 23:58:16.364403963 CET	49741	443	192.168.2.4	23.218.208.109
Nov 25, 2024 23:58:16.364423037 CET	443	49741	23.218.208.109	192.168.2.4
Nov 25, 2024 23:58:16.403736115 CET	49742	443	192.168.2.4	23.218.208.109
Nov 25, 2024 23:58:16.403821945 CET	443	49742	23.218.208.109	192.168.2.4
Nov 25, 2024 23:58:16.403920889 CET	49742	443	192.168.2.4	23.218.208.109
Nov 25, 2024 23:58:16.404341936 CET	49742	443	192.168.2.4	23.218.208.109
Nov 25, 2024 23:58:16.404378891 CET	443	49742	23.218.208.109	192.168.2.4
Nov 25, 2024 23:58:16.774929047 CET	443	49740	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:16.775919914 CET	443	49740	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:16.776031017 CET	49740	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:16.782963991 CET	49740	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:16.782978058 CET	443	49740	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:16.851910114 CET	49743	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:16.851954937 CET	443	49743	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:16.852067947 CET	49744	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:16.852111101 CET	49743	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:16.852176905 CET	443	49744	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:16.852247953 CET	49744	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:16.852792978 CET	49744	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:16.852830887 CET	443	49744	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:16.853125095 CET	49743	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:16.853166103 CET	443	49743	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:17.830094099 CET	443	49742	23.218.208.109	192.168.2.4
Nov 25, 2024 23:58:17.830244064 CET	49742	443	192.168.2.4	23.218.208.109
Nov 25, 2024 23:58:17.831576109 CET	49742	443	192.168.2.4	23.218.208.109
Nov 25, 2024 23:58:17.831592083 CET	443	49742	23.218.208.109	192.168.2.4
Nov 25, 2024 23:58:17.831830978 CET	443	49742	23.218.208.109	192.168.2.4
Nov 25, 2024 23:58:17.832902908 CET	49742	443	192.168.2.4	23.218.208.109
Nov 25, 2024 23:58:17.875372887 CET	443	49742	23.218.208.109	192.168.2.4
Nov 25, 2024 23:58:18.358457088 CET	443	49742	23.218.208.109	192.168.2.4
Nov 25, 2024 23:58:18.358565092 CET	443	49742	23.218.208.109	192.168.2.4
Nov 25, 2024 23:58:18.358664036 CET	49742	443	192.168.2.4	23.218.208.109
Nov 25, 2024 23:58:18.468564987 CET	443	49744	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:18.501173973 CET	49744	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:18.501240969 CET	443	49744	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:18.501740932 CET	443	49744	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:18.502688885 CET	49744	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:18.502769947 CET	443	49744	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:18.512731075 CET	443	49743	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:18.517715931 CET	49743	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:18.517760992 CET	443	49743	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:18.518261909 CET	443	49743	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:18.524892092 CET	49743	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:18.525006056 CET	443	49743	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:18.545272112 CET	49744	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:18.582329035 CET	49743	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:18.845865965 CET	49742	443	192.168.2.4	23.218.208.109
Nov 25, 2024 23:58:18.845907927 CET	443	49742	23.218.208.109	192.168.2.4
Nov 25, 2024 23:58:21.807718992 CET	49745	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:58:21.807774067 CET	443	49745	52.149.20.212	192.168.2.4
Nov 25, 2024 23:58:21.807832956 CET	49745	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:58:21.821088076 CET	49745	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:58:21.821109056 CET	443	49745	52.149.20.212	192.168.2.4
Nov 25, 2024 23:58:22.054852009 CET	49744	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:22.060724020 CET	49672	443	192.168.2.4	173.222.162.32
Nov 25, 2024 23:58:22.060770988 CET	443	49672	173.222.162.32	192.168.2.4
Nov 25, 2024 23:58:22.095367908 CET	443	49744	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:22.576392889 CET	443	49744	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:22.576512098 CET	443	49744	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:22.576618910 CET	49744	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:22.580662012 CET	49744	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:22.580703020 CET	443	49744	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:22.726349115 CET	49746	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:22.726417065 CET	443	49746	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:22.726495981 CET	49746	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:22.726762056 CET	49746	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:22.726794958 CET	443	49746	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:23.639627934 CET	443	49745	52.149.20.212	192.168.2.4
Nov 25, 2024 23:58:23.639808893 CET	49745	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:58:23.642014980 CET	49745	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:58:23.642030001 CET	443	49745	52.149.20.212	192.168.2.4
Nov 25, 2024 23:58:23.642524958 CET	443	49745	52.149.20.212	192.168.2.4
Nov 25, 2024 23:58:23.690496922 CET	49745	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:58:24.343298912 CET	443	49746	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:24.343739033 CET	49746	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:24.343786001 CET	443	49746	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:24.347383976 CET	443	49746	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:24.347465992 CET	49746	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:24.347835064 CET	49746	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:24.348001957 CET	49746	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:24.348015070 CET	443	49746	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:24.391371012 CET	443	49746	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:24.396117926 CET	49746	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:24.396141052 CET	443	49746	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:24.443084002 CET	49746	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:25.060230970 CET	49745	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:58:25.103374958 CET	443	49745	52.149.20.212	192.168.2.4
Nov 25, 2024 23:58:25.109313011 CET	443	49746	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:25.109555006 CET	443	49746	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:25.109606981 CET	49746	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:25.110496998 CET	49746	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:25.110532045 CET	443	49746	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:25.155405998 CET	443	49739	142.250.181.100	192.168.2.4
Nov 25, 2024 23:58:25.155554056 CET	443	49739	142.250.181.100	192.168.2.4
Nov 25, 2024 23:58:25.155616045 CET	49739	443	192.168.2.4	142.250.181.100
Nov 25, 2024 23:58:25.664587021 CET	443	49745	52.149.20.212	192.168.2.4
Nov 25, 2024 23:58:25.664618969 CET	443	49745	52.149.20.212	192.168.2.4
Nov 25, 2024 23:58:25.664630890 CET	443	49745	52.149.20.212	192.168.2.4
Nov 25, 2024 23:58:25.664648056 CET	443	49745	52.149.20.212	192.168.2.4
Nov 25, 2024 23:58:25.664675951 CET	49745	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:58:25.664685965 CET	443	49745	52.149.20.212	192.168.2.4
Nov 25, 2024 23:58:25.664707899 CET	443	49745	52.149.20.212	192.168.2.4
Nov 25, 2024 23:58:25.664721966 CET	49745	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:58:25.664752007 CET	49745	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:58:25.681948900 CET	443	49745	52.149.20.212	192.168.2.4
Nov 25, 2024 23:58:25.682008982 CET	49745	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:58:25.682019949 CET	443	49745	52.149.20.212	192.168.2.4
Nov 25, 2024 23:58:25.689116001 CET	443	49745	52.149.20.212	192.168.2.4
Nov 25, 2024 23:58:25.689169884 CET	49745	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:58:25.890413046 CET	49739	443	192.168.2.4	142.250.181.100
Nov 25, 2024 23:58:25.890480995 CET	443	49739	142.250.181.100	192.168.2.4
Nov 25, 2024 23:58:26.988354921 CET	49745	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:58:26.988378048 CET	443	49745	52.149.20.212	192.168.2.4
Nov 25, 2024 23:58:26.988419056 CET	49745	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:58:26.988425970 CET	443	49745	52.149.20.212	192.168.2.4
Nov 25, 2024 23:58:57.240616083 CET	49737	80	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:57.360871077 CET	80	49737	35.244.99.106	192.168.2.4
Nov 25, 2024 23:58:58.771969080 CET	49736	80	192.168.2.4	35.244.99.106
Nov 25, 2024 23:58:58.893471956 CET	80	49736	35.244.99.106	192.168.2.4
Nov 25, 2024 23:59:01.977873087 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:01.977941036 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:01.981652021 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:01.982068062 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:01.982091904 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:03.333909988 CET	49753	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:59:03.333973885 CET	443	49753	52.149.20.212	192.168.2.4
Nov 25, 2024 23:59:03.334080935 CET	49753	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:59:03.334395885 CET	49753	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:59:03.334412098 CET	443	49753	52.149.20.212	192.168.2.4
Nov 25, 2024 23:59:03.537208080 CET	49743	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:59:03.537262917 CET	443	49743	35.244.99.106	192.168.2.4
Nov 25, 2024 23:59:03.774684906 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:03.774879932 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:03.779941082 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:03.779979944 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:03.780271053 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:03.788515091 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:03.831348896 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:04.514421940 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:04.514439106 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:04.514497042 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:04.514508009 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:04.514594078 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:04.514667988 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:04.514692068 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:04.514743090 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:04.700488091 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:04.700510979 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:04.700686932 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:04.700731993 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:04.700845957 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:04.751184940 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:04.751216888 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:04.751266003 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:04.751308918 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:04.751333952 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:04.751441956 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:04.873920918 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:04.873946905 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:04.874099970 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:04.874174118 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:04.875799894 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:04.920403004 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:04.920432091 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:04.920561075 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:04.920595884 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:04.923782110 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:04.941111088 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:04.941134930 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:04.941201925 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:04.941221952 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:04.943897963 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:04.961560965 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:04.961602926 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:04.961675882 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:04.961714983 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:04.961733103 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:04.964308977 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.069701910 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.069753885 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.069855928 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.069936991 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.069961071 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.071811914 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.089399099 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.089430094 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.089524984 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.089570045 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.089663029 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.107846975 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.107872009 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.107948065 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.107966900 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.107985020 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.108088970 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.118829966 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.118856907 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.118922949 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.118947983 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.118961096 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.118999004 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.130202055 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.130224943 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.130307913 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.130330086 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.130503893 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.141021967 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.141045094 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.141124010 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.141141891 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.141264915 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.145875931 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.145955086 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.145965099 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.146037102 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.146099091 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.146130085 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.146130085 CET	49752	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.146152973 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.146173000 CET	443	49752	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.147505045 CET	443	49753	52.149.20.212	192.168.2.4
Nov 25, 2024 23:59:05.147588015 CET	49753	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:59:05.149475098 CET	49753	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:59:05.149499893 CET	443	49753	52.149.20.212	192.168.2.4
Nov 25, 2024 23:59:05.149775982 CET	443	49753	52.149.20.212	192.168.2.4
Nov 25, 2024 23:59:05.160196066 CET	49753	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:59:05.186778069 CET	49755	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.186813116 CET	49754	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.186825037 CET	443	49755	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.186885118 CET	443	49754	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.187030077 CET	49754	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.187123060 CET	49755	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.187145948 CET	49755	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.187150955 CET	443	49755	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.187246084 CET	49754	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.187278032 CET	443	49754	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.188502073 CET	49756	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.188608885 CET	443	49756	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.188683033 CET	49756	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.188816071 CET	49756	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.188847065 CET	443	49756	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.189692020 CET	49757	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.189729929 CET	443	49757	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.190298080 CET	49758	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.190320969 CET	49757	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.190325022 CET	443	49758	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.190382004 CET	49758	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.190423965 CET	49757	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.190434933 CET	443	49757	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.190507889 CET	49758	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:05.190526962 CET	443	49758	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:05.203331947 CET	443	49753	52.149.20.212	192.168.2.4
Nov 25, 2024 23:59:05.868323088 CET	443	49753	52.149.20.212	192.168.2.4
Nov 25, 2024 23:59:05.868343115 CET	443	49753	52.149.20.212	192.168.2.4
Nov 25, 2024 23:59:05.868376970 CET	443	49753	52.149.20.212	192.168.2.4
Nov 25, 2024 23:59:05.868417978 CET	49753	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:59:05.868451118 CET	443	49753	52.149.20.212	192.168.2.4
Nov 25, 2024 23:59:05.868478060 CET	49753	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:59:05.868504047 CET	49753	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:59:05.908989906 CET	443	49753	52.149.20.212	192.168.2.4
Nov 25, 2024 23:59:05.909081936 CET	443	49753	52.149.20.212	192.168.2.4
Nov 25, 2024 23:59:05.909287930 CET	49753	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:59:05.909466982 CET	49753	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:59:05.909483910 CET	443	49753	52.149.20.212	192.168.2.4
Nov 25, 2024 23:59:05.909499884 CET	49753	443	192.168.2.4	52.149.20.212
Nov 25, 2024 23:59:05.909514904 CET	443	49753	52.149.20.212	192.168.2.4
Nov 25, 2024 23:59:06.827905893 CET	443	49755	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:06.828495026 CET	49755	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:06.828514099 CET	443	49755	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:06.828984022 CET	49755	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:06.828991890 CET	443	49755	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:06.927452087 CET	443	49757	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:06.928241014 CET	49757	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:06.928268909 CET	443	49757	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:06.928669930 CET	49757	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:06.928675890 CET	443	49757	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:06.976260900 CET	443	49754	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:06.976814985 CET	49754	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:06.976849079 CET	443	49754	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:06.977293015 CET	49754	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:06.977297068 CET	443	49754	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:06.977698088 CET	443	49756	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:06.977978945 CET	49756	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:06.978025913 CET	443	49756	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:06.978307009 CET	49756	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:06.978321075 CET	443	49756	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:06.979253054 CET	443	49758	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:06.979516029 CET	49758	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:06.979541063 CET	443	49758	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:06.979836941 CET	49758	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:06.979851961 CET	443	49758	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.281933069 CET	443	49755	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.282000065 CET	443	49755	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.282160997 CET	49755	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.282424927 CET	49755	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.282424927 CET	49755	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.282448053 CET	443	49755	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.282459974 CET	443	49755	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.285482883 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.285537004 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.285621881 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.285789013 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.285803080 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.364444971 CET	443	49757	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.364518881 CET	443	49757	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.364640951 CET	49757	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.364876032 CET	49757	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.364897966 CET	443	49757	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.364912033 CET	49757	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.364917994 CET	443	49757	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.368010998 CET	49760	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.368109941 CET	443	49760	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.368232965 CET	49760	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.368385077 CET	49760	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.368419886 CET	443	49760	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.425579071 CET	443	49754	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.425606012 CET	443	49754	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.425704002 CET	49754	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.425734997 CET	443	49754	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.425782919 CET	49754	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.426014900 CET	49754	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.426021099 CET	443	49754	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.426043987 CET	49754	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.426208973 CET	443	49754	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.426240921 CET	443	49754	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.426275969 CET	49754	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.426820040 CET	443	49758	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.426843882 CET	443	49758	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.426902056 CET	49758	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.426917076 CET	443	49758	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.427016973 CET	49758	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.427026033 CET	443	49758	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.427037954 CET	49758	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.427175045 CET	443	49758	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.427200079 CET	443	49758	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.427248001 CET	49758	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.428917885 CET	49761	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.428961992 CET	443	49761	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.428988934 CET	49762	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.429033041 CET	49761	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.429042101 CET	443	49762	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.429091930 CET	49762	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.429195881 CET	49761	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.429205894 CET	443	49761	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.429218054 CET	49762	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.429233074 CET	443	49762	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.430258036 CET	443	49756	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.430282116 CET	443	49756	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.430325985 CET	49756	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.430332899 CET	443	49756	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.430368900 CET	49756	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.430506945 CET	49756	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.430510998 CET	443	49756	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.430524111 CET	49756	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.430643082 CET	443	49756	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.430677891 CET	443	49756	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.430711985 CET	49756	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.432466030 CET	49763	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.432477951 CET	443	49763	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:07.432539940 CET	49763	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.432652950 CET	49763	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:07.432661057 CET	443	49763	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.034456968 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.034990072 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.035022974 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.035418987 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.035423994 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.143570900 CET	443	49761	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.144196033 CET	49761	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.144270897 CET	443	49761	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.144640923 CET	49761	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.144654989 CET	443	49761	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.148397923 CET	443	49760	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.148721933 CET	49760	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.148756027 CET	443	49760	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.149069071 CET	49760	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.149074078 CET	443	49760	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.216794014 CET	443	49763	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.217169046 CET	49763	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.217197895 CET	443	49763	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.217566013 CET	49763	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.217570066 CET	443	49763	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.275428057 CET	443	49762	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.275846004 CET	49762	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.275863886 CET	443	49762	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.276207924 CET	49762	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.276212931 CET	443	49762	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.469707012 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.469887972 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.469985008 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.470335960 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.470355034 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.470366001 CET	49759	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.470371008 CET	443	49759	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.473165989 CET	49765	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.473197937 CET	443	49765	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.473283052 CET	49765	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.473448992 CET	49765	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.473462105 CET	443	49765	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.580490112 CET	443	49761	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.580552101 CET	443	49761	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.580696106 CET	49761	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.581182003 CET	49761	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.581223011 CET	443	49761	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.581244946 CET	49761	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.581260920 CET	443	49761	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.584081888 CET	49766	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.584120035 CET	443	49766	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.584204912 CET	49766	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.584372044 CET	49766	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.584383965 CET	443	49766	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.592616081 CET	443	49760	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.592677116 CET	443	49760	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.592756033 CET	49760	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.592947006 CET	49760	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.592947006 CET	49760	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.592963934 CET	443	49760	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.592974901 CET	443	49760	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.595350981 CET	49767	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.595371008 CET	443	49767	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.595438957 CET	49767	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.595573902 CET	49767	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.595586061 CET	443	49767	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.662261963 CET	443	49763	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.662331104 CET	443	49763	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.662406921 CET	49763	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.662599087 CET	49763	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.662623882 CET	443	49763	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.662650108 CET	49763	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.662662029 CET	443	49763	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.664673090 CET	49768	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.664763927 CET	443	49768	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.664841890 CET	49768	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.664951086 CET	49768	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.664985895 CET	443	49768	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.732089043 CET	443	49762	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.732144117 CET	443	49762	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.732222080 CET	49762	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.732326984 CET	49762	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.732343912 CET	443	49762	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.732363939 CET	49762	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.732368946 CET	443	49762	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.734586000 CET	49769	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.734615088 CET	443	49769	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:09.734690905 CET	49769	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.734831095 CET	49769	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:09.734843969 CET	443	49769	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.287667036 CET	443	49765	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.290462017 CET	49765	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.290469885 CET	443	49765	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.290815115 CET	49765	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.290818930 CET	443	49765	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.316932917 CET	443	49766	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.319088936 CET	443	49767	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.337830067 CET	49766	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.337857962 CET	443	49766	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.338174105 CET	49766	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.338181019 CET	443	49766	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.365005016 CET	49767	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.388578892 CET	49767	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.388583899 CET	443	49767	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.388890982 CET	49767	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.388895035 CET	443	49767	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.450750113 CET	443	49769	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.451231003 CET	49769	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.451253891 CET	443	49769	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.451747894 CET	49769	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.451756954 CET	443	49769	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.509289026 CET	443	49768	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.509789944 CET	49768	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.509850979 CET	443	49768	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.510075092 CET	49768	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.510088921 CET	443	49768	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.733315945 CET	443	49765	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.733386040 CET	443	49765	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.733452082 CET	49765	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.733633041 CET	49765	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.733653069 CET	443	49765	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.733661890 CET	49765	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.733666897 CET	443	49765	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.736357927 CET	49770	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.736399889 CET	443	49770	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.736475945 CET	49770	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.736634970 CET	49770	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.736649990 CET	443	49770	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.752401114 CET	443	49766	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.752461910 CET	443	49766	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.752510071 CET	49766	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.752711058 CET	49766	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.752711058 CET	49766	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.752727985 CET	443	49766	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.752737999 CET	443	49766	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.754180908 CET	443	49767	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.754229069 CET	443	49767	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.754276037 CET	49767	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.754383087 CET	49767	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.754383087 CET	49767	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.754388094 CET	443	49767	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.754395008 CET	443	49767	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.754534960 CET	49771	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.754563093 CET	443	49771	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.754616976 CET	49771	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.754818916 CET	49771	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.754839897 CET	443	49771	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.755990982 CET	49772	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.756025076 CET	443	49772	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.756089926 CET	49772	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.756181955 CET	49772	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.756194115 CET	443	49772	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.886066914 CET	443	49769	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.886140108 CET	443	49769	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.886212111 CET	49769	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.886353016 CET	49769	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.886370897 CET	443	49769	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.886383057 CET	49769	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.886390924 CET	443	49769	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.888987064 CET	49773	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.889022112 CET	443	49773	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.889105082 CET	49773	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.889256954 CET	49773	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.889271021 CET	443	49773	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.962999105 CET	443	49768	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.963071108 CET	443	49768	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.963139057 CET	49768	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.963293076 CET	49768	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.963309050 CET	443	49768	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.963355064 CET	49768	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.963361979 CET	443	49768	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.965722084 CET	49774	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.965761900 CET	443	49774	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:11.965833902 CET	49774	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.965955019 CET	49774	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:11.965969086 CET	443	49774	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.452651978 CET	443	49770	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.453286886 CET	49770	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:13.453356981 CET	443	49770	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.453701019 CET	49770	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:13.453717947 CET	443	49770	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.533951998 CET	443	49772	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.534562111 CET	49772	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:13.534595966 CET	443	49772	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.534925938 CET	49772	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:13.534931898 CET	443	49772	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.606674910 CET	443	49771	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.607125998 CET	49771	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:13.607146978 CET	443	49771	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.607588053 CET	49771	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:13.607594967 CET	443	49771	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.663646936 CET	49737	80	192.168.2.4	35.244.99.106
Nov 25, 2024 23:59:13.663933039 CET	49775	443	192.168.2.4	142.250.181.100
Nov 25, 2024 23:59:13.663975000 CET	443	49775	142.250.181.100	192.168.2.4
Nov 25, 2024 23:59:13.664058924 CET	49775	443	192.168.2.4	142.250.181.100
Nov 25, 2024 23:59:13.664429903 CET	49775	443	192.168.2.4	142.250.181.100
Nov 25, 2024 23:59:13.664443016 CET	443	49775	142.250.181.100	192.168.2.4
Nov 25, 2024 23:59:13.671334028 CET	443	49773	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.671715021 CET	49773	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:13.671735048 CET	443	49773	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.672043085 CET	49773	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:13.672049046 CET	443	49773	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.745290995 CET	443	49774	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.745821953 CET	49774	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:13.745846033 CET	443	49774	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.746217012 CET	49774	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:13.746222019 CET	443	49774	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.783871889 CET	80	49737	35.244.99.106	192.168.2.4
Nov 25, 2024 23:59:13.783943892 CET	49737	80	192.168.2.4	35.244.99.106
Nov 25, 2024 23:59:13.898212910 CET	443	49770	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.898365974 CET	443	49770	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.898653984 CET	49770	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:13.898716927 CET	49770	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:13.898716927 CET	49770	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:13.898753881 CET	443	49770	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.898778915 CET	443	49770	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.901596069 CET	49776	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:13.901626110 CET	443	49776	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.901710987 CET	49776	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:13.901981115 CET	49776	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:13.901990891 CET	443	49776	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.986825943 CET	443	49772	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.986885071 CET	443	49772	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.987109900 CET	49772	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:13.987142086 CET	49772	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:13.987158060 CET	443	49772	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.987166882 CET	49772	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:13.987171888 CET	443	49772	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.989856958 CET	49777	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:13.989906073 CET	443	49777	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:13.989995003 CET	49777	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:13.990149021 CET	49777	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:13.990176916 CET	443	49777	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:14.063323021 CET	443	49771	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:14.063388109 CET	443	49771	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:14.063532114 CET	49771	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:14.063795090 CET	49771	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:14.063807964 CET	443	49771	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:14.063838005 CET	49771	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:14.063844919 CET	443	49771	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:14.067169905 CET	49778	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:14.067192078 CET	443	49778	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:14.067293882 CET	49778	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:14.067487001 CET	49778	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:14.067504883 CET	443	49778	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:14.119559050 CET	443	49773	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:14.119636059 CET	443	49773	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:14.119836092 CET	49773	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:14.119863987 CET	49773	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:14.119879007 CET	443	49773	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:14.119894028 CET	49773	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:14.119898081 CET	443	49773	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:14.122359991 CET	49779	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:14.122416973 CET	443	49779	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:14.122514009 CET	49779	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:14.122734070 CET	49779	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:14.122767925 CET	443	49779	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:14.189029932 CET	443	49774	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:14.189088106 CET	443	49774	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:14.189297915 CET	49774	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:14.189335108 CET	49774	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:14.189346075 CET	443	49774	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:14.189357042 CET	49774	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:14.189359903 CET	443	49774	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:14.191760063 CET	49780	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:14.191778898 CET	443	49780	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:14.191863060 CET	49780	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:14.192054987 CET	49780	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:14.192065954 CET	443	49780	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:15.402065992 CET	443	49775	142.250.181.100	192.168.2.4
Nov 25, 2024 23:59:15.402400970 CET	49775	443	192.168.2.4	142.250.181.100
Nov 25, 2024 23:59:15.402427912 CET	443	49775	142.250.181.100	192.168.2.4
Nov 25, 2024 23:59:15.402909994 CET	443	49775	142.250.181.100	192.168.2.4
Nov 25, 2024 23:59:15.403475046 CET	49775	443	192.168.2.4	142.250.181.100
Nov 25, 2024 23:59:15.403562069 CET	443	49775	142.250.181.100	192.168.2.4
Nov 25, 2024 23:59:15.443218946 CET	49775	443	192.168.2.4	142.250.181.100
Nov 25, 2024 23:59:15.793561935 CET	443	49776	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:15.794379950 CET	49776	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:15.794395924 CET	443	49776	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:15.794806004 CET	49776	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:15.794812918 CET	443	49776	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:15.892735958 CET	443	49778	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:15.892899990 CET	443	49777	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:15.893398046 CET	49778	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:15.893399000 CET	49777	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:15.893409967 CET	443	49778	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:15.893448114 CET	443	49777	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:15.893821001 CET	49777	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:15.893837929 CET	443	49777	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:15.893987894 CET	49778	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:15.893996000 CET	443	49778	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:15.923212051 CET	443	49779	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:15.923655987 CET	49779	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:15.923702002 CET	443	49779	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:15.924151897 CET	49779	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:15.924164057 CET	443	49779	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:15.937155008 CET	443	49780	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:15.937787056 CET	49780	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:15.937798977 CET	443	49780	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:15.937997103 CET	49780	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:15.938000917 CET	443	49780	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.310512066 CET	443	49776	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.310580969 CET	443	49776	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.310779095 CET	49776	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.310914993 CET	49776	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.310936928 CET	443	49776	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.310952902 CET	49776	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.310961008 CET	443	49776	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.314305067 CET	49781	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.314358950 CET	443	49781	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.314450979 CET	49781	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.314691067 CET	49781	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.314711094 CET	443	49781	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.336944103 CET	443	49778	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.337023973 CET	443	49778	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.337188005 CET	49778	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.337234020 CET	49778	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.337234020 CET	49778	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.337241888 CET	443	49778	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.337249994 CET	443	49778	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.339782953 CET	49782	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.339821100 CET	443	49782	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.339900970 CET	49782	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.340086937 CET	49782	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.340097904 CET	443	49782	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.346738100 CET	443	49777	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.346795082 CET	443	49777	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.346853971 CET	49777	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.346947908 CET	49777	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.346982956 CET	443	49777	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.347038031 CET	49777	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.347054005 CET	443	49777	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.348870039 CET	49783	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.348886967 CET	443	49783	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.348968029 CET	49783	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.349129915 CET	49783	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.349138975 CET	443	49783	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.368269920 CET	443	49779	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.368321896 CET	443	49779	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.368379116 CET	49779	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.368628025 CET	49779	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.368628025 CET	49779	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.368648052 CET	443	49779	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.368674994 CET	443	49779	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.370637894 CET	49784	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.370670080 CET	443	49784	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.370748043 CET	49784	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.370939016 CET	49784	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.370950937 CET	443	49784	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.375442028 CET	443	49780	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.375509977 CET	443	49780	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.375556946 CET	49780	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.375664949 CET	49780	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.375673056 CET	443	49780	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.375710011 CET	49780	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.375715017 CET	443	49780	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.377669096 CET	49785	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.377754927 CET	443	49785	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:16.377850056 CET	49785	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.378012896 CET	49785	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:16.378048897 CET	443	49785	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.101809025 CET	443	49781	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.102385044 CET	49781	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.102432013 CET	443	49781	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.103063107 CET	49781	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.103070021 CET	443	49781	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.125587940 CET	443	49785	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.125992060 CET	49785	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.126018047 CET	443	49785	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.126518011 CET	49785	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.126524925 CET	443	49785	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.139492989 CET	443	49783	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.139894962 CET	49783	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.139909029 CET	443	49783	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.140393972 CET	49783	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.140398979 CET	443	49783	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.151983976 CET	443	49784	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.152317047 CET	49784	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.152345896 CET	443	49784	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.152951956 CET	49784	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.152957916 CET	443	49784	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.187967062 CET	443	49782	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.188436985 CET	49782	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.188463926 CET	443	49782	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.188961029 CET	49782	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.188966036 CET	443	49782	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.546013117 CET	443	49781	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.546170950 CET	443	49781	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.546228886 CET	49781	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.546320915 CET	49781	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.546346903 CET	443	49781	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.546372890 CET	49781	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.546379089 CET	443	49781	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.548952103 CET	49786	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.548995018 CET	443	49786	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.549067020 CET	49786	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.549228907 CET	49786	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.549245119 CET	443	49786	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.562773943 CET	443	49785	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.562851906 CET	443	49785	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.562933922 CET	49785	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.563107014 CET	49785	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.563158989 CET	443	49785	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.563188076 CET	49785	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.563205004 CET	443	49785	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.565429926 CET	49787	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.565481901 CET	443	49787	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.565553904 CET	49787	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.565665007 CET	49787	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.565712929 CET	443	49787	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.583889008 CET	443	49783	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.584076881 CET	443	49783	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.584134102 CET	49783	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.584161997 CET	49783	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.584172010 CET	443	49783	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.584182978 CET	49783	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.584187031 CET	443	49783	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.586288929 CET	49788	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.586318016 CET	443	49788	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.586385965 CET	49788	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.586498022 CET	49788	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.586513996 CET	443	49788	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.595782995 CET	443	49784	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.595848083 CET	443	49784	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.595891953 CET	49784	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.595989943 CET	49784	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.596004963 CET	443	49784	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.596018076 CET	49784	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.596024036 CET	443	49784	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.597984076 CET	49789	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.598015070 CET	443	49789	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.598082066 CET	49789	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.598211050 CET	49789	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.598222971 CET	443	49789	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.642496109 CET	443	49782	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.642569065 CET	443	49782	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.642714024 CET	49782	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.642740965 CET	49782	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.642760038 CET	443	49782	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.642774105 CET	49782	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.642779112 CET	443	49782	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.644835949 CET	49790	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.644848108 CET	443	49790	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:18.644915104 CET	49790	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.645051003 CET	49790	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:18.645061016 CET	443	49790	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:19.883502960 CET	49743	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:59:19.883709908 CET	443	49743	35.244.99.106	192.168.2.4
Nov 25, 2024 23:59:19.883781910 CET	49743	443	192.168.2.4	35.244.99.106
Nov 25, 2024 23:59:20.335736990 CET	443	49786	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.336766958 CET	49786	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.336791039 CET	443	49786	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.337332964 CET	49786	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.337338924 CET	443	49786	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.360137939 CET	443	49790	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.360821009 CET	49790	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.360853910 CET	443	49790	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.361182928 CET	49790	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.361188889 CET	443	49790	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.392847061 CET	443	49788	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.393440962 CET	49788	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.393461943 CET	443	49788	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.394103050 CET	49788	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.394109011 CET	443	49788	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.409641981 CET	443	49789	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.410121918 CET	443	49787	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.410296917 CET	49789	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.410322905 CET	443	49789	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.410464048 CET	49787	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.410523891 CET	443	49787	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.410777092 CET	49789	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.410782099 CET	443	49789	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.410964966 CET	49787	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.410983086 CET	443	49787	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.779721975 CET	443	49786	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.779886007 CET	443	49786	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.780073881 CET	49786	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.780114889 CET	49786	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.780134916 CET	443	49786	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.780147076 CET	49786	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.780153036 CET	443	49786	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.783479929 CET	49791	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.783519983 CET	443	49791	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.783606052 CET	49791	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.783773899 CET	49791	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.783787012 CET	443	49791	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.795939922 CET	443	49790	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.796000004 CET	443	49790	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.796081066 CET	49790	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.796256065 CET	49790	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.796256065 CET	49790	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.796273947 CET	443	49790	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.796283007 CET	443	49790	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.798518896 CET	49792	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.798544884 CET	443	49792	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.798619032 CET	49792	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.798751116 CET	49792	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.798762083 CET	443	49792	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.837712049 CET	443	49788	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.837771893 CET	443	49788	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.838026047 CET	49788	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.838212967 CET	49788	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.838231087 CET	443	49788	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.838242054 CET	49788	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.838247061 CET	443	49788	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.840662003 CET	49793	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.840708017 CET	443	49793	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.840790987 CET	49793	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.840929985 CET	49793	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.840945005 CET	443	49793	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.853722095 CET	443	49789	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.853797913 CET	443	49789	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.853872061 CET	49789	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.854280949 CET	49789	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.854280949 CET	49789	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.854300976 CET	443	49789	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.854305983 CET	443	49789	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.856479883 CET	49794	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.856515884 CET	443	49794	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.856592894 CET	49794	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.856723070 CET	49794	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.856735945 CET	443	49794	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.864233017 CET	443	49787	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.864303112 CET	443	49787	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.864358902 CET	49787	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.864444971 CET	49787	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.864475012 CET	443	49787	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.864501953 CET	49787	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.864515066 CET	443	49787	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.866822004 CET	49795	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.866858006 CET	443	49795	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:20.866925955 CET	49795	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.867036104 CET	49795	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:20.867060900 CET	443	49795	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:22.569713116 CET	443	49793	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:22.570380926 CET	49793	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:22.570435047 CET	443	49793	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:22.571005106 CET	49793	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:22.571022987 CET	443	49793	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:22.587332010 CET	443	49791	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:22.587946892 CET	49791	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:22.587963104 CET	443	49791	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:22.588561058 CET	49791	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:22.588567019 CET	443	49791	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:22.620289087 CET	443	49795	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:22.621175051 CET	49795	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:22.621227980 CET	443	49795	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:22.622131109 CET	49795	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:22.622154951 CET	443	49795	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:22.654917002 CET	443	49792	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:22.655426979 CET	49792	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:22.655450106 CET	443	49792	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:22.656003952 CET	49792	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:22.656008959 CET	443	49792	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:22.706543922 CET	443	49794	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:22.707412004 CET	49794	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:22.707422972 CET	443	49794	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:22.708029985 CET	49794	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:22.708034039 CET	443	49794	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.005073071 CET	443	49793	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.005269051 CET	443	49793	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.005465984 CET	49793	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.007714033 CET	49793	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.007766962 CET	443	49793	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.007805109 CET	49793	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.007813931 CET	443	49793	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.010356903 CET	49796	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.010394096 CET	443	49796	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.010469913 CET	49796	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.010600090 CET	49796	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.010612011 CET	443	49796	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.038388968 CET	443	49791	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.038548946 CET	443	49791	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.038801908 CET	49791	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.038860083 CET	49791	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.038882017 CET	443	49791	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.038893938 CET	49791	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.038899899 CET	443	49791	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.041981936 CET	49797	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.042006016 CET	443	49797	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.042104006 CET	49797	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.042256117 CET	49797	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.042274952 CET	443	49797	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.055195093 CET	443	49795	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.055280924 CET	443	49795	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.055339098 CET	49795	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.055526972 CET	49795	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.055552959 CET	443	49795	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.055566072 CET	49795	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.055572987 CET	443	49795	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.058111906 CET	49798	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.058147907 CET	443	49798	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.058223009 CET	49798	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.058347940 CET	49798	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.058360100 CET	443	49798	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.109257936 CET	443	49792	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.109317064 CET	443	49792	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.109373093 CET	49792	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.109563112 CET	49792	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.109574080 CET	443	49792	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.109600067 CET	49792	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.109605074 CET	443	49792	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.112507105 CET	49799	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.112535954 CET	443	49799	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.112618923 CET	49799	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.112759113 CET	49799	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.112771988 CET	443	49799	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.160188913 CET	443	49794	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.160269976 CET	443	49794	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.160332918 CET	49794	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.160476923 CET	49794	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.160482883 CET	443	49794	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.160495996 CET	49794	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.160500050 CET	443	49794	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.163450956 CET	49800	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.163484097 CET	443	49800	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:23.163573027 CET	49800	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.163716078 CET	49800	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:23.163733006 CET	443	49800	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:24.652941942 CET	443	49797	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:24.653559923 CET	49797	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:24.653584957 CET	443	49797	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:24.654007912 CET	49797	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:24.654011965 CET	443	49797	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:24.657489061 CET	443	49796	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:24.657913923 CET	49796	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:24.657949924 CET	443	49796	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:24.658246040 CET	49796	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:24.658251047 CET	443	49796	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:24.840384007 CET	443	49798	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:24.841023922 CET	49798	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:24.841048002 CET	443	49798	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:24.841437101 CET	49798	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:24.841440916 CET	443	49798	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:24.930473089 CET	443	49799	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:24.931106091 CET	49799	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:24.931142092 CET	443	49799	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:24.931591034 CET	49799	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:24.931596994 CET	443	49799	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:24.949768066 CET	443	49800	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:24.950340033 CET	49800	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:24.950355053 CET	443	49800	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:24.950756073 CET	49800	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:24.950762033 CET	443	49800	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.086751938 CET	443	49775	142.250.181.100	192.168.2.4
Nov 25, 2024 23:59:25.086837053 CET	443	49775	142.250.181.100	192.168.2.4
Nov 25, 2024 23:59:25.086893082 CET	49775	443	192.168.2.4	142.250.181.100
Nov 25, 2024 23:59:25.096072912 CET	443	49797	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.096245050 CET	443	49797	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.096301079 CET	49797	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.096401930 CET	49797	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.096419096 CET	443	49797	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.096429110 CET	49797	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.096435070 CET	443	49797	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.099337101 CET	49801	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.099375010 CET	443	49801	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.099467039 CET	49801	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.099631071 CET	49801	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.099643946 CET	443	49801	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.113785982 CET	443	49796	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.113972902 CET	443	49796	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.114048958 CET	49796	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.114078999 CET	49796	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.114098072 CET	443	49796	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.114106894 CET	49796	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.114113092 CET	443	49796	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.116410017 CET	49802	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.116441011 CET	443	49802	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.116513968 CET	49802	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.116631031 CET	49802	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.116641998 CET	443	49802	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.284713030 CET	443	49798	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.284795046 CET	443	49798	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.284888983 CET	49798	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.285080910 CET	49798	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.285094976 CET	443	49798	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.285105944 CET	49798	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.285110950 CET	443	49798	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.288192034 CET	49803	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.288261890 CET	443	49803	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.288496017 CET	49803	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.288672924 CET	49803	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.288711071 CET	443	49803	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.438819885 CET	443	49799	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.438879967 CET	443	49799	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.438925982 CET	49799	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.439126968 CET	49799	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.439126968 CET	49799	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.439141035 CET	443	49799	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.439145088 CET	443	49799	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.441807032 CET	49804	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.441840887 CET	443	49804	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.441920042 CET	49804	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.442111969 CET	49804	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.442126989 CET	443	49804	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.535665035 CET	443	49800	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.535859108 CET	443	49800	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.535996914 CET	49800	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.535996914 CET	49800	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.535996914 CET	49800	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.538454056 CET	49805	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.538507938 CET	443	49805	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.538768053 CET	49805	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.538957119 CET	49805	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.538975954 CET	443	49805	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.756366968 CET	49800	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:25.756392002 CET	443	49800	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:25.883006096 CET	49775	443	192.168.2.4	142.250.181.100
Nov 25, 2024 23:59:25.883043051 CET	443	49775	142.250.181.100	192.168.2.4
Nov 25, 2024 23:59:26.823964119 CET	443	49801	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:26.824655056 CET	49801	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:26.824685097 CET	443	49801	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:26.825086117 CET	49801	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:26.825090885 CET	443	49801	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:26.905770063 CET	443	49802	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:26.906527996 CET	49802	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:26.906550884 CET	443	49802	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:26.906999111 CET	49802	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:26.907011986 CET	443	49802	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.073931932 CET	443	49803	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.074665070 CET	49803	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.074696064 CET	443	49803	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.075083971 CET	49803	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.075093985 CET	443	49803	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.222187996 CET	443	49804	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.222815990 CET	49804	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.222831964 CET	443	49804	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.223328114 CET	49804	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.223331928 CET	443	49804	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.261071920 CET	443	49801	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.261168003 CET	443	49801	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.261290073 CET	49801	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.261526108 CET	49801	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.261545897 CET	443	49801	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.261557102 CET	49801	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.261564016 CET	443	49801	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.264650106 CET	49806	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.264682055 CET	443	49806	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.264758110 CET	49806	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.264930964 CET	49806	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.264944077 CET	443	49806	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.350848913 CET	443	49802	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.350915909 CET	443	49802	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.351037025 CET	49802	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.351270914 CET	49802	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.351270914 CET	49802	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.351290941 CET	443	49802	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.351300955 CET	443	49802	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.354465008 CET	49807	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.354512930 CET	443	49807	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.354624987 CET	49807	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.354844093 CET	49807	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.354857922 CET	443	49807	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.425714016 CET	443	49805	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.426763058 CET	49805	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.426805973 CET	443	49805	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.427046061 CET	49805	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.427052975 CET	443	49805	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.518435001 CET	443	49803	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.518542051 CET	443	49803	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.518629074 CET	49803	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.518842936 CET	49803	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.518906116 CET	443	49803	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.518942118 CET	49803	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.518958092 CET	443	49803	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.522150040 CET	49808	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.522198915 CET	443	49808	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.522283077 CET	49808	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.522542953 CET	49808	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.522572994 CET	443	49808	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.717570066 CET	443	49804	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.717650890 CET	443	49804	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.717719078 CET	49804	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.717967987 CET	49804	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.717991114 CET	443	49804	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.718018055 CET	49804	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.718028069 CET	443	49804	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.720948935 CET	49809	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.720983028 CET	443	49809	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.721081018 CET	49809	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.721216917 CET	49809	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.721230984 CET	443	49809	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.880156040 CET	443	49805	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.880338907 CET	443	49805	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.880395889 CET	49805	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.880501986 CET	49805	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.880525112 CET	443	49805	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.880538940 CET	49805	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.880544901 CET	443	49805	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.883840084 CET	49810	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.883883953 CET	443	49810	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:27.883959055 CET	49810	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.884100914 CET	49810	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:27.884109974 CET	443	49810	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.046125889 CET	443	49806	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.046595097 CET	49806	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.046612024 CET	443	49806	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.047081947 CET	49806	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.047087908 CET	443	49806	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.071535110 CET	443	49807	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.072088003 CET	49807	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.072127104 CET	443	49807	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.072516918 CET	49807	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.072523117 CET	443	49807	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.256949902 CET	443	49808	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.257419109 CET	49808	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.257443905 CET	443	49808	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.257885933 CET	49808	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.257889986 CET	443	49808	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.490897894 CET	443	49806	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.490992069 CET	443	49806	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.491693020 CET	49806	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.491693020 CET	49806	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.491740942 CET	49806	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.491760015 CET	443	49806	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.494488001 CET	49811	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.494524956 CET	443	49811	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.494597912 CET	49811	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.494822025 CET	49811	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.494832993 CET	443	49811	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.508502960 CET	443	49807	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.508668900 CET	443	49807	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.508740902 CET	49807	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.508780956 CET	49807	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.508800983 CET	443	49807	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.508815050 CET	49807	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.508821011 CET	443	49807	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.511718035 CET	49812	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.511751890 CET	443	49812	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.511864901 CET	49812	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.512006998 CET	49812	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.512022972 CET	443	49812	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.595021009 CET	443	49809	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.595446110 CET	49809	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.595455885 CET	443	49809	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.596046925 CET	49809	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.596050978 CET	443	49809	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.691816092 CET	443	49808	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.691874981 CET	443	49808	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.692096949 CET	49808	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.692128897 CET	49808	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.692146063 CET	443	49808	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.692152023 CET	49808	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.692157030 CET	443	49808	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.694746971 CET	49813	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.694773912 CET	443	49813	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.694899082 CET	49813	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.694999933 CET	49813	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.695007086 CET	443	49813	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.737803936 CET	443	49810	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.738408089 CET	49810	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.738432884 CET	443	49810	13.107.246.63	192.168.2.4
Nov 25, 2024 23:59:29.738877058 CET	49810	443	192.168.2.4	13.107.246.63
Nov 25, 2024 23:59:29.738882065 CET	443	49810	13.107.246.63	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2024 23:58:09.549848080 CET	53	55459	1.1.1.1	192.168.2.4
Nov 25, 2024 23:58:09.567749023 CET	53	54014	1.1.1.1	192.168.2.4
Nov 25, 2024 23:58:11.566231966 CET	53370	53	192.168.2.4	1.1.1.1
Nov 25, 2024 23:58:11.567785978 CET	61526	53	192.168.2.4	1.1.1.1
Nov 25, 2024 23:58:12.112835884 CET	53	61526	1.1.1.1	192.168.2.4
Nov 25, 2024 23:58:12.113040924 CET	53	53370	1.1.1.1	192.168.2.4
Nov 25, 2024 23:58:12.379832983 CET	53	55165	1.1.1.1	192.168.2.4
Nov 25, 2024 23:58:13.606725931 CET	58388	53	192.168.2.4	1.1.1.1
Nov 25, 2024 23:58:13.607316971 CET	62212	53	192.168.2.4	1.1.1.1
Nov 25, 2024 23:58:13.746222019 CET	53	58388	1.1.1.1	192.168.2.4
Nov 25, 2024 23:58:13.746260881 CET	53	62212	1.1.1.1	192.168.2.4
Nov 25, 2024 23:58:13.778567076 CET	61267	53	192.168.2.4	1.1.1.1
Nov 25, 2024 23:58:13.778789997 CET	49602	53	192.168.2.4	1.1.1.1
Nov 25, 2024 23:58:13.918798923 CET	53	61267	1.1.1.1	192.168.2.4
Nov 25, 2024 23:58:13.918862104 CET	53	49602	1.1.1.1	192.168.2.4
Nov 25, 2024 23:58:22.585787058 CET	64904	53	192.168.2.4	1.1.1.1
Nov 25, 2024 23:58:22.585958004 CET	60061	53	192.168.2.4	1.1.1.1
Nov 25, 2024 23:58:22.725692034 CET	53	60061	1.1.1.1	192.168.2.4
Nov 25, 2024 23:58:22.725713968 CET	53	64904	1.1.1.1	192.168.2.4
Nov 25, 2024 23:58:23.635807991 CET	138	138	192.168.2.4	192.168.2.255
Nov 25, 2024 23:58:29.336833954 CET	53	53259	1.1.1.1	192.168.2.4
Nov 25, 2024 23:58:48.413933039 CET	53	62305	1.1.1.1	192.168.2.4
Nov 25, 2024 23:59:09.321466923 CET	53	51914	1.1.1.1	192.168.2.4
Nov 25, 2024 23:59:10.724924088 CET	53	55197	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Nov 25, 2024 23:58:09.641272068 CET	192.168.2.4	1.1.1.1	c233	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 25, 2024 23:58:11.566231966 CET	192.168.2.4	1.1.1.1	0x794c	Standard query (0)	afta.memnet.com.au	A (IP address)	IN (0x0001)	false
Nov 25, 2024 23:58:11.567785978 CET	192.168.2.4	1.1.1.1	0x44d	Standard query (0)	afta.memnet.com.au	65	IN (0x0001)	false
Nov 25, 2024 23:58:13.606725931 CET	192.168.2.4	1.1.1.1	0x5bc	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 25, 2024 23:58:13.607316971 CET	192.168.2.4	1.1.1.1	0x824f	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 25, 2024 23:58:13.778567076 CET	192.168.2.4	1.1.1.1	0xd6f0	Standard query (0)	afta.memnet.com.au	A (IP address)	IN (0x0001)	false
Nov 25, 2024 23:58:13.778789997 CET	192.168.2.4	1.1.1.1	0x7abe	Standard query (0)	afta.memnet.com.au	65	IN (0x0001)	false
Nov 25, 2024 23:58:22.585787058 CET	192.168.2.4	1.1.1.1	0xf4fc	Standard query (0)	afta.memnet.com.au	A (IP address)	IN (0x0001)	false
Nov 25, 2024 23:58:22.585958004 CET	192.168.2.4	1.1.1.1	0x72a8	Standard query (0)	afta.memnet.com.au	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Nov 25, 2024 23:58:12.113040924 CET	1.1.1.1	192.168.2.4	0x794c	No error (0)	afta.memnet.com.au	35.244.99.106	A (IP address)	IN (0x0001)	false
Nov 25, 2024 23:58:13.746222019 CET	1.1.1.1	192.168.2.4	0x5bc	No error (0)	www.google.com	142.250.181.100	A (IP address)	IN (0x0001)	false
Nov 25, 2024 23:58:13.746260881 CET	1.1.1.1	192.168.2.4	0x824f	No error (0)	www.google.com		65	IN (0x0001)	false
Nov 25, 2024 23:58:13.918798923 CET	1.1.1.1	192.168.2.4	0xd6f0	No error (0)	afta.memnet.com.au	35.244.99.106	A (IP address)	IN (0x0001)	false
Nov 25, 2024 23:58:22.725713968 CET	1.1.1.1	192.168.2.4	0xf4fc	No error (0)	afta.memnet.com.au	35.244.99.106	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

afta.memnet.com.au

fs.microsoft.com

https:

slscr.update.microsoft.com

otelrules.azureedge.net

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	35.244.99.106	80	3844	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 23:58:12.233989954 CET	609	OUT	GET /memberselfservice/DistributionTracking/TrackLinks.aspx?href=//schneider.com.staffrecords-2024mnpje-yvqlqmbrk.aluminiosbarros.pt/?staffrecords/2024/=c2xjeWVkaUBzY2huZWlkZXIuY29t HTTP/1.1 Host: afta.memnet.com.au Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Nov 25, 2024 23:58:13.771450043 CET	985	IN	HTTP/1.1 301 Moved Permanently Content-Type: text/html; charset=UTF-8 Location: https://afta.memnet.com.au/SSLRedirect.html?403;http://afta.memnet.com.au:80/memberselfservice/DistributionTracking/TrackLinks.aspx?href=//schneider.com.staffrecords-2024mnpje-yvqlqmbrk.aluminiosbarros.pt/?staffrecords/2024/=c2xjeWVkaUBzY2huZWlkZXIuY29t Server: Microsoft-IIS/10.0 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Content-Type-Options: nosniff Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Date: Mon, 25 Nov 2024 22:58:12 GMT Content-Length: 376 Data Raw: 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 4d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 4f 62 6a 65 63 74 20 4d 6f 76 65 64 3c 2f 68 31 3e 54 68 69 73 20 64 6f 63 75 6d 65 6e 74 20 6d 61 79 20 62 65 20 66 6f 75 6e 64 20 3c 61 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 61 66 74 61 2e 6d 65 6d 6e 65 74 2e 63 6f 6d 2e 61 75 2f 53 53 4c 52 65 64 69 72 65 63 74 2e 68 74 6d 6c 3f 34 30 33 3b 68 74 74 70 3a 2f 2f 61 66 74 61 2e 6d 65 6d 6e 65 74 2e 63 6f 6d 2e 61 75 3a 38 30 2f 6d 65 6d 62 65 72 73 65 6c 66 73 65 72 76 69 63 65 2f 44 69 73 74 72 69 62 75 74 69 6f 6e 54 72 61 63 6b 69 6e 67 2f 54 72 61 63 6b 4c 69 6e 6b 73 2e 61 73 70 78 3f 68 72 65 66 3d 2f 2f 73 63 68 6e 65 69 64 65 72 2e 63 6f 6d 2e 73 74 61 66 66 72 65 63 6f 72 64 73 2d 32 30 32 34 6d 6e 70 6a 65 2d 79 76 71 6c 71 6d 62 72 6b 2e 61 6c 75 6d 69 6e 69 6f 73 62 61 72 72 6f 73 2e 70 74 2f 3f 73 74 61 66 66 72 65 63 6f 72 64 73 2f 32 30 32 34 2f 3d 63 32 78 6a 65 57 56 [TRUNCATED] Data Ascii: <head><title>Document Moved</title></head><body><h1>Object Moved</h1>This document may be found <a HREF="https://afta.memnet.com.au/SSLRedirect.html?403;http://afta.memnet.com.au:80/memberselfservice/DistributionTracking/TrackLinks.aspx?href=//schneider.com.staffrecords-2024mnpje-yvqlqmbrk.aluminiosbarros.pt/?staffrecords/2024/=c2xjeWVkaUBzY2huZWlkZXIuY29t">here</a></body>
Nov 25, 2024 23:58:58.771969080 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	35.244.99.106	80	3844	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 23:58:57.240616083 CET	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49741	23.218.208.109	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:58:15 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-25 22:58:16 UTC	478	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Server: Kestrel ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-OSID: 2 X-CID: 2 X-CCC: GB Cache-Control: public, max-age=38115 Date: Mon, 25 Nov 2024 22:58:16 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49740	35.244.99.106	443	3844	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:58:16 UTC	887	OUT	GET /SSLRedirect.html?403;http://afta.memnet.com.au:80/memberselfservice/DistributionTracking/TrackLinks.aspx?href=//schneider.com.staffrecords-2024mnpje-yvqlqmbrk.aluminiosbarros.pt/?staffrecords/2024/=c2xjeWVkaUBzY2huZWlkZXIuY29t HTTP/1.1 Host: afta.memnet.com.au Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 22:58:16 UTC	399	IN	HTTP/1.1 200 OK Content-Type: text/html Last-Modified: Wed, 07 Jul 2021 02:10:00 GMT Accept-Ranges: bytes ETag: "04c9e30d572d71:0" Server: Microsoft-IIS/10.0 Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Date: Mon, 25 Nov 2024 22:58:16 GMT Connection: close Content-Length: 344
2024-11-25 22:58:16 UTC	344	IN	Data Raw: 3c 21 2d 2d 20 62 65 67 69 6e 6e 69 6e 67 20 6f 66 20 48 74 74 70 52 65 64 69 72 65 63 74 2e 68 74 6d 20 66 69 6c 65 20 2d 2d 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 66 75 6e 63 74 69 6f 6e 20 72 65 64 69 72 65 63 74 54 6f 48 74 74 70 73 28 29 0d 0a 7b 0d 0a 76 61 72 20 68 74 74 70 55 52 4c 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 0d 0a 76 61 72 20 68 74 74 70 73 55 52 4c 20 3d 20 22 68 74 74 70 73 3a 2f 2f 22 20 2b 20 68 74 74 70 55 52 4c 20 3b 0d 0a 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f Data Ascii: ... beginning of HttpRedirect.htm file --><script type="text/javascript">function redirectToHttps(){var httpURL = window.location.hostname + window.location.pathname + window.location.search;var httpsURL = "https://" + httpURL ;window.locatio

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49742	23.218.208.109	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:58:17 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-25 22:58:18 UTC	534	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=38091 Date: Mon, 25 Nov 2024 22:58:18 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-25 22:58:18 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49744	35.244.99.106	443	3844	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:58:22 UTC	818	OUT	GET /favicon.ico HTTP/1.1 Host: afta.memnet.com.au Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://afta.memnet.com.au/SSLRedirect.html?403;http://afta.memnet.com.au:80/memberselfservice/DistributionTracking/TrackLinks.aspx?href=//schneider.com.staffrecords-2024mnpje-yvqlqmbrk.aluminiosbarros.pt/?staffrecords/2024/=c2xjeWVkaUBzY2huZWlkZXIuY29t Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 22:58:22 UTC	402	IN	HTTP/1.1 200 OK Content-Type: image/x-icon Last-Modified: Fri, 27 Sep 2024 03:11:54 GMT Accept-Ranges: bytes ETag: "039f308b10db1:0" Server: Microsoft-IIS/10.0 Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Date: Mon, 25 Nov 2024 22:58:22 GMT Connection: close Content-Length: 1150
2024-11-25 22:58:22 UTC	1150	IN	Data Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fe fe fe ff fe fe fe ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fe fe fe ff fd fd fd ff ff ff ff ff ff ff ff ff fd fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: h(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49746	35.244.99.106	443	3844	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:58:24 UTC	353	OUT	GET /favicon.ico HTTP/1.1 Host: afta.memnet.com.au Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 22:58:25 UTC	402	IN	HTTP/1.1 200 OK Content-Type: image/x-icon Last-Modified: Fri, 27 Sep 2024 03:11:54 GMT Accept-Ranges: bytes ETag: "039f308b10db1:0" Server: Microsoft-IIS/10.0 Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block Date: Mon, 25 Nov 2024 22:58:24 GMT Connection: close Content-Length: 1150
2024-11-25 22:58:25 UTC	1150	IN	Data Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fe fe fe ff fe fe fe ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fe fe fe ff fd fd fd ff ff ff ff ff ff ff ff ff fd fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: h(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49745	52.149.20.212	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:58:25 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3TH116rFCE7rmUp&MD=Pk9sPY1s HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-25 22:58:25 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: d61a2da1-17dc-46f8-82fe-a44966051ab0 MS-RequestId: 24dfb028-5b2e-4da1-9183-7b2e4852e131 MS-CV: i8r1XRhMnU2BWeqR.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 25 Nov 2024 22:58:24 GMT Connection: close Content-Length: 24490
2024-11-25 22:58:25 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-25 22:58:25 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.4	49752	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:03 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:04 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:04 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Sat, 23 Nov 2024 12:15:37 GMT ETag: "0x8DD0BB889D4282C" x-ms-request-id: c3062018-b01e-003e-79df-3d8e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225904Z-178bfbc474bscnbchC1NYCe7eg000000087g00000000edee x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:04 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-25 22:59:04 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-11-25 22:59:04 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-11-25 22:59:04 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-11-25 22:59:04 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-11-25 22:59:04 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-11-25 22:59:04 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-11-25 22:59:05 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-11-25 22:59:05 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-11-25 22:59:05 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49753	52.149.20.212	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:05 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3TH116rFCE7rmUp&MD=Pk9sPY1s HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-25 22:59:05 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: f3257683-190b-4639-a582-df2a3e701a9e MS-RequestId: 82eb041b-664b-4ce4-9a3b-79a76e0e8908 MS-CV: wHBlOmprEUO9WOf1.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 25 Nov 2024 22:59:04 GMT Connection: close Content-Length: 30005
2024-11-25 22:59:05 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-11-25 22:59:05 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.4	49755	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:06 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:07 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: 97edb58e-001e-00a2-13a4-3ed4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225907Z-178bfbc474brk967hC1NYCfu6000000007w000000000f7za x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:07 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.4	49757	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:06 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:07 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 2eed8dc4-701e-0098-0dc6-3e395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225907Z-178bfbc474bgvl54hC1NYCsfuw000000083000000000ch0p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:07 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.4	49754	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:06 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:07 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:07 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 44ae66ae-301e-001f-7627-3caa3a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225907Z-15b8b599d88s6mj9hC1TEBur30000000069g00000000r9ma x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:07 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.4	49756	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:06 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:07 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:07 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: d4aa3518-701e-0098-625d-3c395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225907Z-15b8b599d88hd9g7hC1TEBp75c00000006m0000000007y0b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:07 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.4	49758	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:06 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:07 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:07 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: 070f5f04-601e-005c-0de2-3df06f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225907Z-174c587ffdfdwxdvhC1TEB1c4n00000006gg00000000ck75 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:07 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.4	49759	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:09 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:09 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 4712fcc8-d01e-002b-279a-3b25fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225909Z-174c587ffdfgcs66hC1TEB69cs00000006gg0000000056th x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:09 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.4	49761	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:09 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:09 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 8592a006-f01e-0085-6b6a-3c88ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225909Z-174c587ffdfb74xqhC1TEBhabc00000006gg00000000pvcq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:09 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	49760	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:09 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:09 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: c312cdef-801e-0083-52a3-3ef0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225909Z-178bfbc474bfw4gbhC1NYCunf4000000082g00000000k8fh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:09 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49763	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:09 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:09 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: 4860472f-101e-0028-01d0-3e8f64000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225909Z-178bfbc474bgvl54hC1NYCsfuw0000000860000000003fee x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:09 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49762	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:09 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:09 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 3257c6a6-201e-005d-32b4-3eafb3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225909Z-178bfbc474bgvl54hC1NYCsfuw0000000840000000008e93 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:09 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49765	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:11 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:11 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:11 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 561f43d7-f01e-0096-2f75-3b10ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225911Z-174c587ffdfdwxdvhC1TEB1c4n00000006f000000000k6pg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:11 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49766	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:11 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:11 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:11 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: eb1ded04-b01e-0097-298c-3a4f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225911Z-174c587ffdf59vqchC1TEByk6800000006q000000000kub5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:11 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49767	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:11 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:11 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:11 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: b101f067-f01e-0020-26b7-3e956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225911Z-178bfbc474bw8bwphC1NYC38b4000000080g000000005ce5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:11 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49769	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:11 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:11 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:11 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: d1e74057-c01e-0014-6563-3ba6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225911Z-178bfbc474bxkclvhC1NYC69g4000000085g000000000apw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:11 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49768	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:11 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:11 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:11 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: aff2abcc-f01e-0003-4547-3c4453000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225911Z-178bfbc474btrnf9hC1NYCb80g00000008b0000000004878 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:11 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49770	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:13 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:13 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:13 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: ce6e3a8c-101e-0017-74b5-3e47c7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225913Z-178bfbc474bwlrhlhC1NYCy3kg000000087g0000000003b6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:13 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49772	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:13 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:13 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:13 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 4834b854-301e-005d-3ab8-3ee448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225913Z-174c587ffdfks6tlhC1TEBeza400000006p000000000d8x2 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:13 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49771	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:13 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:14 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:13 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: ba5d631a-801e-0047-14d1-3e7265000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225913Z-178bfbc474bfw4gbhC1NYCunf4000000084g000000009c08 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:14 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49773	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:13 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:14 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:13 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 3257ccc0-201e-005d-19b5-3eafb3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225913Z-178bfbc474bh5zbqhC1NYCkdug00000008400000000036cn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:14 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49774	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:13 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:14 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:14 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 44e9982d-301e-001f-6639-3caa3a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225914Z-15b8b599d88vp97chC1TEB5pzw00000006m00000000097cz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:14 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49776	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:15 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:16 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:16 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: c77577e7-501e-0078-0da6-3e06cf000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225916Z-178bfbc474brk967hC1NYCfu6000000007u000000000rw30 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:16 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49777	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:15 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:16 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:16 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 7a05741d-701e-0021-0754-3c3d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225916Z-15b8b599d88phfhnhC1TEBr51n00000006ng00000000krfs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:16 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49778	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:15 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:16 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:16 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: f5c4af5a-301e-005d-6385-3fe448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225916Z-178bfbc474bv7whqhC1NYC1fg4000000084000000000bneg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:16 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49779	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:15 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:16 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:16 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 6ea5360a-801e-002a-4904-3e31dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225916Z-178bfbc474bh5zbqhC1NYCkdug00000007yg00000000r3rh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:16 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49780	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:15 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:16 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:16 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 62a4a1a4-401e-00ac-0c3d-3d0a97000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225916Z-174c587ffdfb5q56hC1TEB04kg00000006mg0000000020ky x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:16 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49781	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:18 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:18 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:18 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: aaf2b452-f01e-0071-621c-3e431c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225918Z-178bfbc474bfw4gbhC1NYCunf4000000085000000000851r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:18 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49785	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:18 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:18 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:18 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: ea8695b1-901e-002a-7283-3b7a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225918Z-174c587ffdfdwxdvhC1TEB1c4n00000006f000000000k724 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:18 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49783	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:18 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:18 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:18 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 12cef178-a01e-0070-7e6c-3d573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225918Z-174c587ffdfgcs66hC1TEB69cs00000006c000000000qm0q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:18 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49784	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:18 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:18 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:18 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: e1811c2a-201e-00aa-06c6-3e3928000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225918Z-178bfbc474b7cbwqhC1NYC8z4n00000007xg00000000rzur x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:18 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49782	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:18 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:18 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:18 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 9a3ed3ee-501e-00a0-41c6-3e9d9f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225918Z-178bfbc474bv7whqhC1NYC1fg4000000080g00000000rnrq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:18 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	49786	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:20 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:20 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:20 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 2160d4c7-701e-0021-5913-3d3d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225920Z-178bfbc474bq2pr7hC1NYCkfgg000000088000000000cepa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:20 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	49790	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:20 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:20 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:20 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: 79f6ed77-701e-0021-554e-3c3d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225920Z-15b8b599d88tmlzshC1TEB4xpn00000006e000000000hy3v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:20 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	49788	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:20 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:20 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:20 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: 16d74281-d01e-0066-164b-3cea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225920Z-15b8b599d88vp97chC1TEB5pzw00000006f000000000pe4p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:20 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	49789	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:20 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:20 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:20 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 444cb209-801e-00a0-5ef6-3d2196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225920Z-178bfbc474bv587zhC1NYCny5w00000007z000000000dwda x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:20 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	49787	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:20 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:20 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:20 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: 64264af0-501e-005b-1fb0-3dd7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225920Z-174c587ffdfmlsmvhC1TEBvyks00000006ng00000000san0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:20 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	49793	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:22 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:22 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: e83eb970-001e-0046-777e-3ada4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225922Z-174c587ffdf4zw2thC1TEBu34000000006rg0000000058vt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:23 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	49791	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:22 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:22 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: c2388785-401e-0048-0e03-3e0409000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225922Z-178bfbc474bv7whqhC1NYC1fg4000000085g000000006e03 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:23 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	49795	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:22 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:22 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: c24f93c3-601e-00ab-62a8-3e66f4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225922Z-178bfbc474bv587zhC1NYCny5w0000000830000000001b29 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:23 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49792	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:22 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:22 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: ae8c6dce-101e-008d-4280-3b92e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225922Z-174c587ffdfx984chC1TEB676g00000006pg0000000032sv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:23 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49794	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:22 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:22 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: bdb50d09-801e-0048-2c0e-3ef3fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225922Z-178bfbc474b9fdhphC1NYCac0n0000000850000000000qxy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:23 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49797	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:24 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:24 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 7658b735-201e-0051-2a02-3f7340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225924Z-15b8b599d8885prmhC1TEBsnkw00000006ug00000000066y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:25 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49796	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:24 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:24 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 00deeadb-901e-007b-4a91-3bac50000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225924Z-15b8b599d882l6clhC1TEBxd5c00000006c000000000ptyt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:25 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	49798	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:24 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:25 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 8a9c0054-c01e-0046-231b-3e2db9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225925Z-178bfbc474bh5zbqhC1NYCkdug000000083g0000000051fb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:25 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	49799	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:24 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:25 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: af6ae163-c01e-0082-6735-3caf72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225925Z-178bfbc474bv587zhC1NYCny5w000000080g000000008twv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:25 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	49800	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:24 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:25 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: ecf1de78-401e-0047-5d4b-3c8597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225925Z-15b8b599d882hxlwhC1TEBfa5w00000006d000000000mw6a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:25 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	49801	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:26 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:27 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 0aa534f7-c01e-0014-501a-3ea6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225927Z-178bfbc474bw8bwphC1NYC38b400000007yg00000000ar4e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:27 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	49802	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:26 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:27 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 77e83d57-401e-0016-5857-3c53e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225927Z-15b8b599d88cn5thhC1TEBqxkn00000006m00000000004dy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:27 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	49803	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:27 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:27 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 2661dead-d01e-008e-1cf5-3e387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225927Z-174c587ffdfcb7qhhC1TEB3x7000000006qg000000008byt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:27 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	49804	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:27 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:27 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 7511da03-801e-0083-3b8c-3af0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225927Z-15b8b599d88vp97chC1TEB5pzw00000006g000000000hyh6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:27 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.4	49805	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:27 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:27 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: f323d95e-101e-0065-6a6f-3d4088000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225927Z-15b8b599d88cn5thhC1TEBqxkn00000006c000000000qnw1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:27 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.4	49806	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:29 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:29 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: ba3424f4-801e-0047-3bbf-3e7265000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225929Z-178bfbc474bscnbchC1NYCe7eg00000008a0000000006qb4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:29 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	49807	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:29 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:29 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 907655e5-001e-0065-594b-3c0b73000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225929Z-15b8b599d88s6mj9hC1TEBur3000000006f0000000005zat x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:29 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	49808	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:29 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:29 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 1e280d2f-401e-0029-0d7f-3b9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225929Z-174c587ffdfdwxdvhC1TEB1c4n00000006kg0000000052g7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:29 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	49809	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:29 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:30 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:29 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: 1ea24147-701e-000d-3aeb-3e6de3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225929Z-15b8b599d88cn5thhC1TEBqxkn00000006f000000000ceux x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:30 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.4	49810	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:29 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 22:59:30 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:59:30 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: 6b17e566-f01e-003f-7a44-3cd19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T225930Z-15b8b599d882l6clhC1TEBxd5c00000006hg000000005mn3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 22:59:30 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	49811	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:31 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	49812	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:59:31 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2344, Parent PID: 3624

General

Target ID:	0
Start time:	17:58:02
Start date:	25/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3844, Parent PID: 2344

General

Target ID:	2
Start time:	17:58:08
Start date:	25/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=2012,i,3182887289619156547,4077897584324511932,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6360, Parent PID: 3624

General

Target ID:	3
Start time:	17:58:10
Start date:	25/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://afta.memnet.com.au/memberselfservice/DistributionTracking/TrackLinks.aspx?href=//schneider.com.staffrecords-2024mnpje-yvqlqmbrk.aluminiosbarros.pt/?staffrecords/2024/=c2xjeWVkaUBzY2huZWlkZXIuY29t"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://afta.memnet.com.au/memberselfservice/DistributionTracking/TrackLinks.aspx?href=//schneider.com.staffrecords-2024mnpje-yvqlqmbrk.aluminiosbarros.pt/?staffrecords/2024/=c2xjeWVkaUBzY2huZWlkZXIuY29t

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2344, Parent PID: 3624

General

Chronological Activities

Analysis Process: chrome.exePID: 3844, Parent PID: 2344

General

Chronological Activities

Analysis Process: chrome.exePID: 6360, Parent PID: 3624

General

Chronological Activities

Disassembly

Windows Analysis Report
http://afta.memnet.com.au/memberselfservice/DistributionTracking/TrackLinks.aspx?href=//schneider.com.staffrecords-2024mnpje-yvqlqmbrk.aluminiosbarros.pt/?staffrecords/2024/=c2xjeWVkaUBzY2huZWlkZXIuY29t