scythe-c87c626a SESSION-98342a26

scythe-c87c626a | May 5, 2026 _ Texas City, TX

7 PCAPs • 81 sessions • 52 hosts • 52 🌍 geolocated

capture_20260505150001 - 20260505210001

SCYTHE_HYPERGRAPH Bundle @ https://neurosphere-2.tail52f848.ts.net/wordpress/wp-content/uploads/2026/05/session-hypergraph-SESSION-98342a26.html

Details @ https://neurosphere-2.tail52f848.ts.net/wordpress/?page_id=5893

[19:06:49] ⚠️ 2 proximity alerts active!
[19:10:31] Traceroute → 2.57.122.191
[19:11:01] 13 hops
[19:11:01] Hop 1: 📡XCI55AX.mynetworksettings.com — 3.15ms [rf_link] ⊘dist
[19:11:01] Hop 2: 🔄10.184.141.2 — 238.65ms [mimo_reassembly] ⚡ MIMO ⊘dist
[19:11:01] Hop 3: ⚙️10.184.141.2 — 38.4ms [packet_core] ⚠ priv ⊘dist
[19:11:01] Hop 4: ⚙️10.184.141.9 — 33.74ms [packet_core] ⚠ priv ⊘dist
[19:11:01] Hop 5: ⚙️172.19.2.242 — 33.74ms [packet_core] ⚠ priv ⊘dist
[19:11:01] Hop 7: 🔀187.sub-69-83-101.myvzw.com — 33.75ms [cgnat_cluster] ⚠ spike ⊘dist
[19:11:01] Hop 9: 🔌212.sub-69-83-96.myvzw.com — 73.54ms +4596.2km [access_router] ⚠ spike
[19:11:01] Hop 10: 🔌75.sub-69-83-97.myvzw.com — 28.77ms +1798.1km [access_router] ⚠ spike
[19:11:01] Hop 12: 🌐customer.alter.net — 28.06ms +1753.8km [peering_edge] ⚠ spike
[19:11:01] Hop 14: ✈️g0-1.gw2.bluedome.net — 138.19ms +8636.9km [international_transit] ⚠ spike
[19:11:01] Hop 15: 🔌ae4-7.rt.dpx.bud.hu.retn.net — 157.94ms +9871.2km [access_router] ⚠ spike
[19:11:01] Hop 16: 🔌gw-as47890.retn.net — 178.24ms +11140km [access_router] ⚠ spike
[19:11:01] Hop 17: 🎯2.57.122.191 — 167.39ms +10461.9km [destination] ⚠ spike
[19:11:01] 🔴 5G MIMO path detected — early hops excluded from distance
[19:11:01] ✈️ International transit detected
[19:11:01] 📏 Distance hops: 7 of 13 usable
[19:11:01] Total: ~8369.5 km from server
[19:11:01] 🌐 4 trace entities on globe (8 logical segments)
[19:11:28] Traceroute → 185.207.251.124
[19:11:33] 16 hops
[19:11:33] Hop 1: 📡XCI55AX.mynetworksettings.com — 3.17ms [rf_link] ⊘dist
[19:11:33] Hop 2: 🔌10.184.141.2 — 42.5ms +2656.2km [access_router] ⚠ priv
[19:11:33] Hop 3: 🔌10.184.141.2 — 37.23ms +2326.9km [access_router] ⚠ priv
[19:11:33] Hop 5: 🔀238.qarestr.sub-172-19-2.myvzw.com — 32.65ms [cgnat_cluster] ⚠ spike ⊘dist
[19:11:33] Hop 6: 🏗️185.sub-69-83-101.myvzw.com — 32.81ms [mpls_private_backbone] ⚠ spike ⊘dist
[19:11:33] Hop 7: 🏗️187.sub-69-83-101.myvzw.com — 32.97ms [mpls_private_backbone] ⚠ spike ⊘dist
[19:11:33] Hop 9: 🏗️212.sub-69-83-96.myvzw.com — 33.15ms [mpls_private_backbone] ⚠ spike ⊘dist
[19:11:33] Hop 10: 🏗️75.sub-69-83-97.myvzw.com — 32.99ms [mpls_private_backbone] ⚠ spike ⊘dist
[19:11:33] Hop 13: 🔌dls-b23-link.ip.twelve99.net — 42.17ms +2635.6km [access_router] ⚠ spike
[19:11:33] Hop 14: 🔌atl-b24-link.ip.twelve99.net — 51.89ms +3243.1km [access_router] ⚠ spike
[19:11:33] Hop 15: 🔌atl-bb2-link.ip.twelve99.net — 51.84ms +3240km [access_router] ⚠ spike
[19:11:33] Hop 16: 🔌ash-bb2-link.ip.twelve99.net — 67.19ms +4199.4km [access_router] ⚠ spike
[19:11:33] Hop 17: 🔌prs-bb2-link.ip.twelve99.net — 152.09ms +9505.6km [access_router] ⚠ spike
[19:11:33] Hop 18: 🔌laut-b2-link.ip.twelve99.net — 151.72ms +9482.5km [access_router] ⚠ spike
[19:11:33] Hop 19: 🔌212.133.82.98 — 146.07ms +9129.4km [access_router] ⚠ spike
[19:11:33] Hop 22: 🎯vmi1401757.contaboserver.net — 151.55ms +9471.9km [destination] ⚠ spike
[19:11:33] 🔴 5G MIMO path detected — early hops excluded from distance
[19:11:33] 📏 Distance hops: 10 of 16 usable
[19:11:33] Total: ~7577.5 km from server
[19:11:33] 🌐 3 trace entities on globe (6 logical segments)
[19:11:42] Traceroute → 77.247.182.248
[19:11:47] 18 hops
[19:11:47] Hop 1: 📡XCI55AX.mynetworksettings.com — 1.63ms [rf_link] ⊘dist
[19:11:47] Hop 2: ⚙️10.184.141.2 — 37.31ms [packet_core] ⚠ priv ⊘dist
[19:11:47] Hop 3: ⚙️10.184.141.2 — 37.29ms [packet_core] ⚠ priv ⊘dist
[19:11:47] Hop 4: ⚙️10.184.141.9 — 24.2ms [packet_core] ⚠ priv ⊘dist
[19:11:47] Hop 5: 🔀248.qarestr.sub-172-19-2.myvzw.com — 26.65ms [cgnat_cluster] ⚠ spike ⊘dist
[19:11:47] Hop 7: 🏗️187.sub-69-83-101.myvzw.com — 26.5ms [mpls_private_backbone] ⚠ spike ⊘dist
[19:11:47] Hop 9: 🏗️212.sub-69-83-96.myvzw.com — 21.31ms [mpls_private_backbone] ⚠ spike ⊘dist
[19:11:47] Hop 10: 🏗️75.sub-69-83-97.myvzw.com — 21.39ms [mpls_private_backbone] ⚠ spike ⊘dist
[19:11:47] Hop 13: 🔌dls-bb1-link.ip.twelve99.net — 31ms +1937.5km [access_router] ⚠ spike
[19:11:47] Hop 14: 🔌nash-bb1-link.ip.twelve99.net — 45.76ms +2860km [access_router] ⚠ spike
[19:11:47] Hop 15: 🔌atl-bb1-link.ip.twelve99.net — 46.66ms +2916.2km [access_router] ⚠ spike
[19:11:47] Hop 17: 🔌atl-bb2-link.ip.twelve99.net — 45.92ms +2870km [access_router] ⚠ spike
[19:11:47] Hop 18: 🔌ash-bb2-link.ip.twelve99.net — 55.65ms +3478.1km [access_router] ⚠ spike
[19:11:47] Hop 19: 🔌prs-bb2-link.ip.twelve99.net — 140.38ms +8773.8km [access_router] ⚠ spike
[19:11:47] Hop 20: 🔌adm-bb2-link.ip.twelve99.net — 150.9ms +9431.2km [access_router] ⚠ spike
[19:11:47] Hop 21: 🔌adm-b3-link.ip.twelve99.net — 150.1ms +9381.2km [access_router] ⚠ spike
[19:11:47] Hop 22: 🔌80.239.221.135 — 179.93ms +11245.6km [access_router] ⚠ spike
[19:11:47] Hop 24: 🎯77.247.182.248 — 153.84ms +9615km [destination] ⚠ spike
[19:11:47] 🔴 5G MIMO path detected — early hops excluded from distance
[19:11:47] 📏 Distance hops: 10 of 18 usable
[19:11:47] Total: ~7692 km from server
[19:11:47] 🌐 3 trace entities on globe (6 logical segments)

🧠 CLUSTER INTEL
Clusters: 17
Threats: 0
RF emitters: 0
UAVs: 0
C2: 0
⚫ Quiet
MEDIUM 50%
Cluster: swarm-63d1d285
Nodes: 19
Behavior: MIXED
ASN: AS6389 — Amazon.com, Inc.
Infra: Hyperscaler (78% conf) · 2 ASNs
Country: ID
Mobility: Fixed infrastructure
Location: -6.211°, 106.845° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS6389 — Amazon.com, Inc. (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS6389 (Amazon.com, Inc.) [Hyperscaler] · Jurisdiction: ID
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-eea8f7a5
Nodes: 7
Behavior: MIXED
ASN: AS31377 — Akamai Connected Cloud
Infra: Edge CDN (100% conf)
Country: US
Mobility: Fixed infrastructure
Location: 41.883°, -87.630° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS31377 — Akamai Connected Cloud (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS31377 (Akamai Connected Cloud) [Edge CDN] · Jurisdiction: US
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-61e1337e
Nodes: 15
Behavior: MIXED
ASN: AS14618 — Amazon.com, Inc.
Infra: Hyperscaler (86% conf) · 2 ASNs
Country: US
Mobility: Fixed infrastructure
Location: 39.047°, -77.490° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS14618 — Amazon.com, Inc. (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS14618 (Amazon.com, Inc.) [Hyperscaler] · Jurisdiction: US
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-756b0eb2
Nodes: 3
Behavior: MIXED
ASN: AS328436 — Flashnet-Technologies-Limited
Country: TZ
Mobility: Fixed infrastructure
Location: -6.823°, 39.291° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS328436 — Flashnet-Technologies-Limited (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS328436 (Flashnet-Technologies-Limited) · Jurisdiction: TZ
→ Awaiting sufficient data
⚫ Quiet
MEDIUM 50%
Cluster: swarm-390f6cef
Nodes: 13
Behavior: MIXED
ASN: AS16509 — Amazon.com, Inc.
Infra: Hyperscaler (100% conf)
Country: DE
Mobility: Fixed infrastructure
Location: 52.520°, 13.407° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS16509 — Amazon.com, Inc. (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS16509 (Amazon.com, Inc.) [Hyperscaler] · Jurisdiction: DE
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-b120604a
Nodes: 3
Behavior: MIXED
ASN: AS272809 — THUNDERNET, C.A.
Country: VE
Mobility: Fixed infrastructure
Location: 10.487°, -66.874° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS272809 — THUNDERNET, C.A. (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS272809 (THUNDERNET, C.A.) · Jurisdiction: VE
→ Awaiting sufficient data
⚫ Quiet
MEDIUM 50%
Cluster: swarm-cf233f95
Nodes: 7
Behavior: MIXED
ASN: AS4134 — CHINANET Guangdong province network
Country: CN
Mobility: Fixed infrastructure
Location: 34.773°, 113.722° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS4134 — CHINANET Guangdong province network (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS4134 (CHINANET Guangdong province network) · Jurisdiction: CN
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-c108ff10
Nodes: 18
Behavior: MIXED
ASN: AS132203 — Tencent Building, Kejizhongyi Avenue
Infra: Hyperscaler (50% conf) · 4 ASNs
Country: SG
Mobility: Fixed infrastructure
Location: 1.306°, 103.838° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS132203 — Tencent Building, Kejizhongyi Avenue (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS132203 (Tencent Building, Kejizhongyi Avenue) [Hyperscaler] · Jurisdiction: SG
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-63954e9e
Nodes: 3
Behavior: MIXED
ASN: AS198193 — Amarutu Technology Ltd
Country: SC
Mobility: Fixed infrastructure
Location: -4.583°, 55.667° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS198193 — Amarutu Technology Ltd (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS198193 (Amarutu Technology Ltd) · Jurisdiction: SC
→ Awaiting sufficient data
⚫ Quiet
MEDIUM 50%
Cluster: swarm-7b3479de
Nodes: 7
Behavior: MIXED
ASN: AS31863 — Centrilogic, Inc.
Country: US
Mobility: Fixed infrastructure
Location: 37.751°, -97.822° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS31863 — Centrilogic, Inc. (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS31863 (Centrilogic, Inc.) ⚠ mixed infra (3 ASNs, 33% confidence) · Jurisdiction: US
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-974e5955
Nodes: 3
Behavior: MIXED
ASN: AS4766 — Korea Telecom
Infra: ISP (100% conf)
Country: KR
Mobility: Fixed infrastructure
Location: 34.571°, 126.601° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS4766 — Korea Telecom (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS4766 (Korea Telecom) [ISP] · Jurisdiction: KR
→ Awaiting sufficient data
⚫ Quiet
MEDIUM 50%
Cluster: swarm-eba7d729
Nodes: 5
Behavior: MIXED
ASN: AS8075 — Microsoft Corporation
Infra: Hyperscaler (100% conf)
Country: US
Mobility: Fixed infrastructure
Location: 36.669°, -78.388° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS8075 — Microsoft Corporation (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS8075 (Microsoft Corporation) [Hyperscaler] · Jurisdiction: US
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-66e8dfae
Nodes: 3
Behavior: MIXED
ASN: AS16509 — Amazon.com, Inc.
Infra: Hyperscaler (100% conf)
Country: US
Mobility: Fixed infrastructure
Location: 39.962°, -83.006° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS16509 — Amazon.com, Inc. (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS16509 (Amazon.com, Inc.) [Hyperscaler] · Jurisdiction: US
→ Awaiting sufficient data
⚫ Quiet
MEDIUM 50%
Cluster: swarm-5c2e3a0a
Nodes: 6
Behavior: MIXED
ASN: AS41231 — Canonical Group Limited
Country: GB
Mobility: Fixed infrastructure
Location: 51.506°, -0.108° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS41231 — Canonical Group Limited (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS41231 (Canonical Group Limited) · Jurisdiction: GB
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-ded8abbd
Nodes: 3
Behavior: MIXED
ASN: AS48090 — Techoff Srv Limited
Country: NL
Mobility: Fixed infrastructure
Location: 52.376°, 4.897° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS48090 — Techoff Srv Limited (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS48090 (Techoff Srv Limited) · Jurisdiction: NL
→ Awaiting sufficient data
⚫ Quiet
MEDIUM 50%
Cluster: swarm-0c174242
Nodes: 5
Behavior: MIXED
ASN: AS41920 — Unmanaged Ltd
Country: RO
Mobility: Fixed infrastructure
Location: 45.997°, 24.997° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS41920 — Unmanaged Ltd (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS41920 (Unmanaged Ltd) · Jurisdiction: RO
→ [LOW] SCHEDULE_RESCAN: Large dormant cluster — may be staging infrastructure
⚫ Quiet
MEDIUM 50%
Cluster: swarm-b8afacf0
Nodes: 3
Behavior: MIXED
ASN: AS15694 — Eurofiber France SAS
Country: FR
Mobility: Fixed infrastructure
Location: 48.856°, 2.349° 🌍 Fly To 🔬 AUTOPSY📦 BUNDLE
⏱ Phase: 0%
Prop: INSUFFICIENT_DATA
⚡ Control Origin: AS15694 — Eurofiber France SAS (0% · cluster-level ASN (no per-event data))
Insufficient activity for classification · Dominant: AS15694 (Eurofiber France SAS) · Jurisdiction: FR
→ Awaiting sufficient data
[17:17:49]⚫Quiet — 3 nodes @ 48.86°,2.35° FR · AS15694 (Eurofiber France SAS) · threat 50%
[17:17:49]⚫Quiet — 5 nodes @ 46.00°,25.00° RO · AS41920 (Unmanaged Ltd) · threat 50%
[17:17:49]⚫Quiet — 3 nodes @ 52.38°,4.90° NL · AS48090 (Techoff Srv Limited) · threat 50%
[17:17:49]⚫Quiet — 6 nodes @ 51.51°,-0.11° GB · AS41231 (Canonical Group Limited) · threat 50%
[17:17:49]⚫Quiet — 3 nodes @ 39.96°,-83.01° US · AS16509 (Amazon.com, Inc.) [Hyperscaler] · threat 50%
[17:17:49]⚫Quiet — 5 nodes @ 36.67°,-78.39° US · AS8075 (Microsoft Corporation) [Hyperscaler] · threat 50%
[17:17:49]⚫Quiet — 3 nodes @ 34.57°,126.60° KR · AS4766 (Korea Telecom) [ISP] · threat 50%
[17:17:49]⚫Quiet — 7 nodes @ 37.75°,-97.82° US · AS31863 (Centrilogic, Inc.) · threat 50%
[17:17:49]⚫Quiet — 3 nodes @ -4.58°,55.67° SC · AS198193 (Amarutu Technology Ltd) · threat 50%
[17:17:49]⚫Quiet — 18 nodes @ 1.31°,103.84° SG · AS132203 (Tencent Building, Kejizhongyi Avenue) [Hyperscaler] · threat 50%
[17:17:49]⚫Quiet — 7 nodes @ 34.77°,113.72° CN · AS4134 (CHINANET Guangdong province network) · threat 50%
[17:17:49]⚫Quiet — 3 nodes @ 10.49°,-66.87° VE · AS272809 (THUNDERNET, C.A.) · threat 50%
[17:17:49]⚫Quiet — 13 nodes @ 52.52°,13.41° DE · AS16509 (Amazon.com, Inc.) [Hyperscaler] · threat 50%
[17:17:49]⚫Quiet — 3 nodes @ -6.82°,39.29° TZ · AS328436 (Flashnet-Technologies-Limited) · threat 50%
[17:17:49]⚫Quiet — 15 nodes @ 39.05°,-77.49° US · AS14618 (Amazon.com, Inc.) [Hyperscaler] · threat 50%
[17:17:49]⚫Quiet — 7 nodes @ 41.88°,-87.63° US · AS31377 (Akamai Connected Cloud) [Edge CDN] · threat 50%
[17:17:49]⚫Quiet — 19 nodes @ -6.21°,106.84° ID · AS6389 (Amazon.com, Inc.) [Hyperscaler] · threat 50%

Nodes
Kind	ID	Labels	Position
asn	asn:206264	asn=206,264, org=Amarutu Technology Ltd	
asn	asn:138421	asn=138,421, org=China Unicom	
asn	asn:200780	asn=200,780, org=Eurofiber France SAS	
asn	asn:398722	asn=398,722, org=Censys, Inc.	
asn	asn:48090	asn=48,090, org=Techoff Srv Limited	
asn	asn:8075	asn=8,075, org=Microsoft Corporation	
asn	asn:202306	asn=202,306, org=Hostglobal.plus Ltd	
asn	asn:134763	asn=134,763, org=CHINANET Guangdong province network	
asn	asn:328436	asn=328,436, org=Flashnet-Technologies-Limited	
asn	asn:47890	asn=47,890, org=Unmanaged Ltd	
asn	asn:16509	asn=16,509, org=Amazon.com, Inc.	
asn	asn:14618	asn=14,618, org=Amazon.com, Inc.	
asn	asn:4766	asn=4,766, org=Korea Telecom	
asn	asn:272809	asn=272,809, org=THUNDERNET, C.A.	
asn	asn:31863	asn=31,863, org=Centrilogic, Inc.	
asn	asn:41231	asn=41,231, org=Canonical Group Limited	
asn	asn:138915	asn=138,915, org=Kaopu Cloud HK Limited	
asn	asn:132203	asn=132,203, org=Tencent Building, Kejizhongyi Avenue	
asn	asn:63949	asn=63,949, org=Akamai Connected Cloud	
behavior_group	BSG-DATA_EXFIL-c9d90f130d90	behavior=DATA_EXFIL, confidence=0.65, detection_rationale=total_bytes=38745; high_rate (133603 B/s), dst_ip=, member_count=1, src_ip=40.77.167.4, summary=Exfil suspect: 40.77.167.4 → 1 destinations, 38,745B total, max 38,745B/session, total_bytes=38,745, total_packets=57, unique_hosts=1, unique_ports=0	
behavior_group	BSG-BEACON-f6c2b3d0e42d	behavior=BEACON, confidence=0.75, detection_rationale=byte_cv=0.07 (≤0.6); count=19, dst_ip=172.232.0.17, dst_port=53, interval_cv=1.411, mean_interval=1,200, member_count=19, src_ip=172.234.197.23, summary=Beacon: 172.234.197.23 → 172.232.0.17:53, 19 sessions, interval CV=1.41, mean 291B, total_bytes=5,535, total_packets=38, unique_hosts=0, unique_ports=0	
behavior_group	BSG-BEACON-a8a8c3c8a37f	behavior=BEACON, confidence=0.9, detection_rationale=timing_cv=0.00 (≤0.5); byte_cv=0.00 (≤0.6), dst_ip=172.234.197.23, dst_port=0, interval_cv=0, mean_interval=7,200, member_count=3, src_ip=103.155.16.117, summary=Beacon: 103.155.16.117 → 172.234.197.23:0, 3 sessions, interval CV=0.00, mean 84B, total_bytes=252, total_packets=6, unique_hosts=0, unique_ports=0	
behavior_group	BSG-DATA_EXFIL-248342848c58	behavior=DATA_EXFIL, confidence=0.5, detection_rationale=total_bytes=15470, dst_ip=, member_count=1, src_ip=91.227.37.60, summary=Exfil suspect: 91.227.37.60 → 1 destinations, 15,470B total, max 15,470B/session, total_bytes=15,470, total_packets=36, unique_hosts=1, unique_ports=0	
behavior_group	BSG-DATA_EXFIL-93085dcb8f6d	behavior=DATA_EXFIL, confidence=0.5, detection_rationale=total_bytes=36871, dst_ip=, member_count=1, src_ip=172.234.197.23, summary=Exfil suspect: 172.234.197.23 → 1 destinations, 36,871B total, max 36,871B/session, total_bytes=36,871, total_packets=50, unique_hosts=1, unique_ports=0	
behavior_group	BSG-DATA_EXFIL-cab357e760c3	behavior=DATA_EXFIL, confidence=0.65, detection_rationale=total_bytes=32958; high_rate (183100 B/s), dst_ip=, member_count=1, src_ip=172.236.119.165, summary=Exfil suspect: 172.236.119.165 → 1 destinations, 32,958B total, max 32,958B/session, total_bytes=32,958, total_packets=38, unique_hosts=1, unique_ports=0	
behavior_group	BSG-DATA_EXFIL-b6d7f24ac366	behavior=DATA_EXFIL, confidence=0.5, detection_rationale=total_bytes=24897, dst_ip=, member_count=1, src_ip=40.77.167.27, summary=Exfil suspect: 40.77.167.27 → 1 destinations, 24,897B total, max 24,897B/session, total_bytes=24,897, total_packets=47, unique_hosts=1, unique_ports=0	
dns_name	dns:api.snapcraft.io	answer_count=4, qname=api.snapcraft.io	
dns_name	dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	answer_count=0, qname=172-234-197-23.ip.linodeusercontent.com.members.linode.com	
dns_name	dns:172-234-197-23.ip.linodeusercontent.com	answer_count=0, qname=172-234-197-23.ip.linodeusercontent.com	
flow	flow:a4dceb0b502c	bytes=238, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23	
flow	flow:1914bb7cc20f	bytes=1,228, dst_ip=172.234.197.23, dst_port=80, pkts=10, proto=tcp, src_ip=14.17.85.204	
flow	flow:b4f49eacb030	bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23	
flow	flow:67de7fac861b	bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23	
flow	flow:02ba1d809494	bytes=84, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=103.155.16.117	
flow	flow:3b21f9ede7cb	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=108.137.123.21	
flow	flow:d55b3af6cdbc	bytes=228, dst_ip=172.234.197.23, dst_port=443, pkts=4, proto=tcp, src_ip=102.69.167.14	
flow	flow:e67e9c201483	bytes=148, dst_ip=172.234.197.23, dst_port=23, pkts=2, proto=tcp, src_ip=82.86.130.0	
flow	flow:ea0949f415db	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=108.136.246.109	
flow	flow:4501038c119d	bytes=1,353, dst_ip=172.234.197.23, dst_port=80, pkts=10, proto=tcp, src_ip=3.220.15.173	
flow	flow:8914df23a392	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=16.79.76.70	
flow	flow:c79e28885a99	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=51.224.53.243	
flow	flow:729bae75cfd4	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=51.224.16.78	
flow	flow:8089546c59de	bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23	
flow	flow:c4b1d3f380b6	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=16.79.76.70	
flow	flow:18ab509ee72d	bytes=4,957, dst_ip=172.234.197.23, dst_port=22, pkts=25, proto=tcp, src_ip=221.156.137.102	
flow	flow:a4f2cd6ce2f7	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=13.229.125.1	
flow	flow:fd30f5960ad1	bytes=5,239, dst_ip=172.234.197.23, dst_port=443, pkts=23, proto=tcp, src_ip=54.227.57.227	
flow	flow:cf8bff248bec	bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23	
flow	flow:40d85800a99d	bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23	
flow	flow:c704ad95df18	bytes=84, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=103.155.16.117	
flow	flow:02b1e8c8b192	bytes=84, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=103.155.16.117	
flow	flow:daf8c45d27ff	bytes=5,981, dst_ip=172.234.197.23, dst_port=22, pkts=25, proto=tcp, src_ip=45.148.10.121	
flow	flow:f7a277f9998b	bytes=697, dst_ip=172.234.197.23, dst_port=21, pkts=10, proto=tcp, src_ip=3.143.162.210	
flow	flow:c7fc0633636d	bytes=162, dst_ip=172.234.197.23, dst_port=443, pkts=3, proto=tcp, src_ip=40.77.167.4	
flow	flow:415bdf268435	bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23	
flow	flow:a54692a6979d	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=51.224.129.180	
flow	flow:7ac69d00b687	bytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23	
flow	flow:a4bc84010efc	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=108.136.195.128	
flow	flow:da8d91463c3d	bytes=148, dst_ip=172.234.197.23, dst_port=2,002, pkts=2, proto=tcp, src_ip=199.45.155.73	
flow	flow:a0f73d4e1f2a	bytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23	
flow	flow:a697fcd98900	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=54.226.218.70	
flow	flow:81d4435dcab9	bytes=24,897, dst_ip=172.234.197.23, dst_port=443, pkts=47, proto=tcp, src_ip=40.77.167.27	
flow	flow:484583ddd05a	bytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23	
flow	flow:83a5cffc6703	bytes=36,871, dst_ip=185.125.188.57, dst_port=443, pkts=50, proto=tcp, src_ip=172.234.197.23	
flow	flow:3a5125854ad8	bytes=32,958, dst_ip=172.234.197.23, dst_port=443, pkts=38, proto=tcp, src_ip=172.236.119.165	
flow	flow:c8c5a6720f95	bytes=1,522, dst_ip=172.234.197.23, dst_port=80, pkts=12, proto=tcp, src_ip=78.153.140.149	
flow	flow:696377210741	bytes=1,248, dst_ip=172.234.197.23, dst_port=80, pkts=10, proto=tcp, src_ip=43.173.132.115	
flow	flow:d660fa8ff9b1	bytes=172, dst_ip=92.118.39.236, dst_port=46,006, pkts=2, proto=tcp, src_ip=172.234.197.23	
flow	flow:f56c5e5e9322	bytes=100, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=103.220.165.12	
flow	flow:0433b793a6a9	bytes=6,689, dst_ip=172.234.197.23, dst_port=443, pkts=27, proto=tcp, src_ip=14.152.83.244	
flow	flow:70c428feea0e	bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23	
flow	flow:441658b54583	bytes=6,477, dst_ip=172.234.197.23, dst_port=443, pkts=23, proto=tcp, src_ip=43.173.132.82	
flow	flow:88adc449314f	bytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23	
flow	flow:d71d4a109401	bytes=6,416, dst_ip=172.234.197.23, dst_port=443, pkts=22, proto=tcp, src_ip=43.173.187.143	
flow	flow:fb0a88ae25c4	bytes=15,470, dst_ip=172.234.197.23, dst_port=443, pkts=36, proto=tcp, src_ip=91.227.37.60	
flow	flow:d7d8a1790678	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=51.224.123.234	
flow	flow:ef50ec85480c	bytes=166, dst_ip=172.234.197.23, dst_port=80, pkts=3, proto=tcp, src_ip=5.61.209.107	
flow	flow:cbf075d8966a	bytes=6,406, dst_ip=172.234.197.23, dst_port=22, pkts=36, proto=tcp, src_ip=92.118.39.196	
flow	flow:5f0f49123cd7	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=108.137.154.183	
flow	flow:f2155c27e443	bytes=1,308, dst_ip=172.234.197.23, dst_port=80, pkts=10, proto=tcp, src_ip=78.153.140.149	
flow	flow:143398f9d784	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=13.216.252.177	
flow	flow:dd59f847be17	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=108.137.71.172	
flow	flow:9177236cf88d	bytes=1,321, dst_ip=172.234.197.23, dst_port=80, pkts=7, proto=tcp, src_ip=5.61.209.107	
flow	flow:4ddbe4acc504	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=32.195.50.176	
flow	flow:d9cdb794d862	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=51.224.214.156	
flow	flow:347478b466ec	bytes=6,622, dst_ip=172.234.197.23, dst_port=443, pkts=25, proto=tcp, src_ip=14.17.85.204	
flow	flow:670bf8372bed	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=108.136.195.128	
flow	flow:c853014c7a67	bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23	
flow	flow:3b056e5c7d7c	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=108.136.231.22	
flow	flow:7027314e9f62	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=54.237.9.199	
flow	flow:481bc4d957af	bytes=172, dst_ip=92.118.39.236, dst_port=46,006, pkts=2, proto=tcp, src_ip=172.234.197.23	
flow	flow:a17816cafef4	bytes=5,320, dst_ip=172.234.197.23, dst_port=443, pkts=10, proto=tcp, src_ip=43.172.194.114	
flow	flow:27bcaa9bf1c4	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=13.250.21.18	
flow	flow:6bb1f29d53ff	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=3.234.246.186	
flow	flow:5c0f3e09f588	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=108.136.231.22	
flow	flow:1ef937ba29a6	bytes=148, dst_ip=172.234.197.23, dst_port=443, pkts=2, proto=tcp, src_ip=43.172.194.114	
flow	flow:9bafda49b279	bytes=108, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=172.98.199.111	
flow	flow:449957d41315	bytes=286, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23	
flow	flow:84372b4c9378	bytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23	
flow	flow:bcd27756aa40	bytes=38,745, dst_ip=172.234.197.23, dst_port=443, pkts=57, proto=tcp, src_ip=40.77.167.4	
flow	flow:1507855d0ab9	bytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23	
flow	flow:a34856d5d292	bytes=148, dst_ip=172.234.197.23, dst_port=2,002, pkts=2, proto=tcp, src_ip=199.45.155.73	
flow	flow:0f6e4fea1ebd	bytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23	
flow	flow:7823764fbd64	bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23	
flow	flow:8c9867a7b467	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=108.136.220.138	
flow	flow:d2aa3d958328	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=18.138.243.16	
flow	flow:4e35f51811d2	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=16.78.103.11	
flow	flow:e0e919fe14b3	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=51.224.145.152	
flow	flow:18c0bf5b5d25	bytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=44.203.55.60	
flow	flow:c55c01d60832	bytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23	
geo_point	geo_36.66940_-78.38770	city=Boydton, country=US	[36.6694, -78.3877, 0.0000] 🌐
geo_point	geo_52.37590_4.89750	city=Amsterdam, country=NL	[52.3759, 4.8975, 0.0000] 🌐
geo_point	geo_-6.21140_106.84460	city=Jakarta, country=ID	[-6.2114, 106.8446, 0.0000] 🌐
geo_point	geo_41.88350_-87.63050	city=Chicago, country=US	[41.8835, -87.6305, 0.0000] 🌐
geo_point	geo_10.48730_-66.87380	city=Caracas, country=VE	[10.4873, -66.8738, 0.0000] 🌐
geo_point	geo_39.96250_-83.00610	city=Columbus, country=US	[39.9625, -83.0061, 0.0000] 🌐
geo_point	geo_45.99680_24.99700	city=, country=RO	[45.9968, 24.9970, 0.0000] 🌐
geo_point	geo_39.04690_-77.49030	city=Ashburn, country=US	[39.0469, -77.4903, 0.0000] 🌐
geo_point	geo_-4.58330_55.66670	city=, country=SC	[-4.5833, 55.6667, 0.0000] 🌐
geo_point	geo_51.51640_-0.09300	city=City of London, country=GB	[51.5164, -0.0930, 0.0000] 🌐
geo_point	geo_52.51960_13.40690	city=Berlin, country=DE	[52.5196, 13.4069, 0.0000] 🌐
geo_point	geo_1.29390_103.84610	city=Singapore, country=SG	[1.2939, 103.8461, 0.0000] 🌐
geo_point	geo_34.77320_113.72200	city=, country=CN	[34.7732, 113.7220, 0.0000] 🌐
geo_point	geo_-6.82270_39.29100	city=, country=TZ	[-6.8227, 39.2910, 0.0000] 🌐
geo_point	geo_34.57110_126.60100	city=Haenam-gun, country=KR	[34.5711, 126.6010, 0.0000] 🌐
geo_point	geo_37.75100_-97.82200	city=, country=US	[37.7510, -97.8220, 0.0000] 🌐
geo_point	geo_51.49640_-0.12240	city=, country=GB	[51.4964, -0.1224, 0.0000] 🌐
geo_point	geo_48.85580_2.34940	city=Paris, country=FR	[48.8558, 2.3494, 0.0000] 🌐
geo_point	geo_1.36670_103.80000	city=, country=SG	[1.3667, 103.8000, 0.0000] 🌐
host	host:3.234.246.186	bytes=164, city=Ashburn, country=US, ip=3.234.246.186, org=Amazon.com, Inc.	[39.0469, -77.4903, 0.0000] 🌐
host	host:32.195.50.176	bytes=164, city=, country=US, ip=32.195.50.176, org=	[37.7510, -97.8220, 0.0000] 🌐
host	host:18.138.243.16	bytes=164, city=Singapore, country=SG, ip=18.138.243.16, org=Amazon.com, Inc.	[1.2939, 103.8461, 0.0000] 🌐
host	host:108.136.220.138	bytes=164, city=Jakarta, country=ID, ip=108.136.220.138, org=Amazon.com, Inc.	[-6.2114, 106.8446, 0.0000] 🌐
host	host:199.45.155.73	bytes=148, city=, country=US, ip=199.45.155.73, org=Censys, Inc.	[37.7510, -97.8220, 0.0000] 🌐
host	host:172.232.0.17	bytes=282, city=Chicago, country=US, ip=172.232.0.17, org=Akamai Connected Cloud	[41.8835, -87.6305, 0.0000] 🌐
host	host:43.173.132.82	bytes=6,477, city=Singapore, country=SG, ip=43.173.132.82, org=Tencent Building, Kejizhongyi Avenue	[1.2939, 103.8461, 0.0000] 🌐
host	host:103.220.165.12	bytes=100, city=, country=CN, ip=103.220.165.12, org=China Unicom	[34.7732, 113.7220, 0.0000] 🌐
host	host:54.226.218.70	bytes=164, city=Ashburn, country=US, ip=54.226.218.70, org=Amazon.com, Inc.	[39.0469, -77.4903, 0.0000] 🌐
host	host:13.250.21.18	bytes=164, city=Singapore, country=SG, ip=13.250.21.18, org=Amazon.com, Inc.	[1.2939, 103.8461, 0.0000] 🌐
host	host:40.77.167.4	bytes=38,745, city=Boydton, country=US, ip=40.77.167.4, org=Microsoft Corporation	[36.6694, -78.3877, 0.0000] 🌐
host	host:51.224.53.243	bytes=164, city=Berlin, country=DE, ip=51.224.53.243, org=Amazon.com, Inc.	[52.5196, 13.4069, 0.0000] 🌐
host	host:54.227.57.227	bytes=5,239, city=Ashburn, country=US, ip=54.227.57.227, org=Amazon.com, Inc.	[39.0469, -77.4903, 0.0000] 🌐
host	host:13.229.125.1	bytes=164, city=Singapore, country=SG, ip=13.229.125.1, org=Amazon.com, Inc.	[1.2939, 103.8461, 0.0000] 🌐
host	host:14.152.83.244	bytes=6,689, city=, country=CN, ip=14.152.83.244, org=CHINANET Guangdong province network	[34.7732, 113.7220, 0.0000] 🌐
host	host:51.224.16.78	bytes=164, city=Berlin, country=DE, ip=51.224.16.78, org=Amazon.com, Inc.	[52.5196, 13.4069, 0.0000] 🌐
host	host:185.125.188.57	bytes=36,871, city=, country=GB, ip=185.125.188.57, org=Canonical Group Limited	[51.4964, -0.1224, 0.0000] 🌐
host	host:44.203.55.60	bytes=164, city=Ashburn, country=US, ip=44.203.55.60, org=Amazon.com, Inc.	[39.0469, -77.4903, 0.0000] 🌐
host	host:13.216.252.177	bytes=164, city=Ashburn, country=US, ip=13.216.252.177, org=Amazon.com, Inc.	[39.0469, -77.4903, 0.0000] 🌐
host	host:51.224.214.156	bytes=164, city=Berlin, country=DE, ip=51.224.214.156, org=Amazon.com, Inc.	[52.5196, 13.4069, 0.0000] 🌐
host	host:91.227.37.60	bytes=15,470, city=Paris, country=FR, ip=91.227.37.60, org=Eurofiber France SAS	[48.8558, 2.3494, 0.0000] 🌐
host	host:54.237.9.199	bytes=164, city=Ashburn, country=US, ip=54.237.9.199, org=Amazon.com, Inc.	[39.0469, -77.4903, 0.0000] 🌐
host	host:92.118.39.196	bytes=6,406, city=, country=RO, ip=92.118.39.196, org=Unmanaged Ltd	[45.9968, 24.9970, 0.0000] 🌐
host	host:108.137.123.21	bytes=164, city=Jakarta, country=ID, ip=108.137.123.21, org=Amazon.com, Inc.	[-6.2114, 106.8446, 0.0000] 🌐
host	host:221.156.137.102	bytes=4,957, city=Haenam-gun, country=KR, ip=221.156.137.102, org=Korea Telecom	[34.5711, 126.6010, 0.0000] 🌐
host	host:51.224.145.152	bytes=164, city=Berlin, country=DE, ip=51.224.145.152, org=Amazon.com, Inc.	[52.5196, 13.4069, 0.0000] 🌐
host	host:172.234.197.23	bytes=164, city=Chicago, country=US, ip=172.234.197.23, org=Akamai Connected Cloud	[41.8835, -87.6305, 0.0000] 🌐
host	host:5.61.209.107	bytes=1,321, city=, country=SC, ip=5.61.209.107, org=Amarutu Technology Ltd	[-4.5833, 55.6667, 0.0000] 🌐
host	host:78.153.140.149	bytes=1,522, city=City of London, country=GB, ip=78.153.140.149, org=Hostglobal.plus Ltd	[51.5164, -0.0930, 0.0000] 🌐
host	host:51.224.123.234	bytes=164, city=Berlin, country=DE, ip=51.224.123.234, org=Amazon.com, Inc.	[52.5196, 13.4069, 0.0000] 🌐
host	host:16.79.76.70	bytes=164, city=Jakarta, country=ID, ip=16.79.76.70, org=Amazon.com, Inc.	[-6.2114, 106.8446, 0.0000] 🌐
host	host:3.143.162.210	bytes=697, city=Columbus, country=US, ip=3.143.162.210, org=Amazon.com, Inc.	[39.9625, -83.0061, 0.0000] 🌐
host	host:43.173.132.115	bytes=1,248, city=Singapore, country=SG, ip=43.173.132.115, org=Tencent Building, Kejizhongyi Avenue	[1.2939, 103.8461, 0.0000] 🌐
host	host:102.69.167.14	bytes=228, city=, country=TZ, ip=102.69.167.14, org=Flashnet-Technologies-Limited	[-6.8227, 39.2910, 0.0000] 🌐
host	host:82.86.130.0	bytes=148, city=Caracas, country=VE, ip=82.86.130.0, org=THUNDERNET, C.A.	[10.4873, -66.8738, 0.0000] 🌐
host	host:108.136.195.128	bytes=164, city=Jakarta, country=ID, ip=108.136.195.128, org=Amazon.com, Inc.	[-6.2114, 106.8446, 0.0000] 🌐
host	host:45.148.10.121	bytes=5,981, city=Amsterdam, country=NL, ip=45.148.10.121, org=Techoff Srv Limited	[52.3759, 4.8975, 0.0000] 🌐
host	host:172.236.119.165	bytes=32,958, city=Chicago, country=US, ip=172.236.119.165, org=Akamai Connected Cloud	[41.8835, -87.6305, 0.0000] 🌐
host	host:92.118.39.236	bytes=172, city=, country=RO, ip=92.118.39.236, org=Unmanaged Ltd	[45.9968, 24.9970, 0.0000] 🌐
host	host:3.220.15.173	bytes=1,353, city=Ashburn, country=US, ip=3.220.15.173, org=Amazon.com, Inc.	[39.0469, -77.4903, 0.0000] 🌐
host	host:51.224.129.180	bytes=164, city=Berlin, country=DE, ip=51.224.129.180, org=Amazon.com, Inc.	[52.5196, 13.4069, 0.0000] 🌐
host	host:40.77.167.27	bytes=24,897, city=Boydton, country=US, ip=40.77.167.27, org=Microsoft Corporation	[36.6694, -78.3877, 0.0000] 🌐
host	host:172.98.199.111	bytes=108, city=, country=US, ip=172.98.199.111, org=Centrilogic, Inc.	[37.7510, -97.8220, 0.0000] 🌐
host	host:103.155.16.117	bytes=84, city=Singapore, country=SG, ip=103.155.16.117, org=Kaopu Cloud HK Limited	[1.2939, 103.8461, 0.0000] 🌐
host	host:16.78.103.11	bytes=164, city=Jakarta, country=ID, ip=16.78.103.11, org=Amazon.com, Inc.	[-6.2114, 106.8446, 0.0000] 🌐
host	host:108.137.71.172	bytes=164, city=Jakarta, country=ID, ip=108.137.71.172, org=Amazon.com, Inc.	[-6.2114, 106.8446, 0.0000] 🌐
host	host:14.17.85.204	bytes=1,228, city=, country=CN, ip=14.17.85.204, org=CHINANET Guangdong province network	[34.7732, 113.7220, 0.0000] 🌐
host	host:108.136.231.22	bytes=164, city=Jakarta, country=ID, ip=108.136.231.22, org=Amazon.com, Inc.	[-6.2114, 106.8446, 0.0000] 🌐
host	host:43.173.187.143	bytes=6,416, city=Singapore, country=SG, ip=43.173.187.143, org=Tencent Building, Kejizhongyi Avenue	[1.2939, 103.8461, 0.0000] 🌐
host	host:43.172.194.114	bytes=148, city=, country=SG, ip=43.172.194.114, org=Tencent Building, Kejizhongyi Avenue	[1.3667, 103.8000, 0.0000] 🌐
host	host:108.137.154.183	bytes=164, city=Jakarta, country=ID, ip=108.137.154.183, org=Amazon.com, Inc.	[-6.2114, 106.8446, 0.0000] 🌐
host	host:108.136.246.109	bytes=164, city=Jakarta, country=ID, ip=108.136.246.109, org=Amazon.com, Inc.	[-6.2114, 106.8446, 0.0000] 🌐
http_host	http_host:172.234.197.23	host=172.234.197.23	
http_host	http_host:172.234.197.23:80	host=172.234.197.23:80	
http_host	http_host:172-234-197-23.ip.linodeusercontent.com	host=172-234-197-23.ip.linodeusercontent.com	
org	org:Centrilogic, Inc.	name=Centrilogic, Inc.	
org	org:THUNDERNET, C.A.	name=THUNDERNET, C.A.	
org	org:Amarutu Technology Ltd	name=Amarutu Technology Ltd	
org	org:CHINANET Guangdong province network	name=CHINANET Guangdong province network	
org	org:Kaopu Cloud HK Limited	name=Kaopu Cloud HK Limited	
org	org:Unmanaged Ltd	name=Unmanaged Ltd	
org	org:Microsoft Corporation	name=Microsoft Corporation	
org	org:Hostglobal.plus Ltd	name=Hostglobal.plus Ltd	
org	org:Censys, Inc.	name=Censys, Inc.	
org	org:Tencent Building, Kejizhongyi Avenue	name=Tencent Building, Kejizhongyi Avenue	
org	org:Canonical Group Limited	name=Canonical Group Limited	
org	org:Korea Telecom	name=Korea Telecom	
org	org:Akamai Connected Cloud	name=Akamai Connected Cloud	
org	org:Amazon.com, Inc.	name=Amazon.com, Inc.	
org	org:Eurofiber France SAS	name=Eurofiber France SAS	
org	org:China Unicom	name=China Unicom	
org	org:Techoff Srv Limited	name=Techoff Srv Limited	
org	org:Flashnet-Technologies-Limited	name=Flashnet-Technologies-Limited	
pcap_artifact	PCAP:capture_20260505160001:6505a8988bcf	file_size=4,477, filename=capture_20260505160001.pcap, ingested_at=2026-05-05T21:55:37.029054+00:00	
pcap_artifact	PCAP:capture_20260505150001:90690819257f	file_size=10,557, filename=capture_20260505150001.pcap, ingested_at=2026-05-05T21:55:33.475737+00:00	
pcap_artifact	PCAP:capture_20260505180001:aab19cafbf97	file_size=7,550, filename=capture_20260505180001.pcap, ingested_at=2026-05-05T21:55:43.115368+00:00	
pcap_artifact	PCAP:capture_20260505190001:a68bf0af3b16	file_size=72,787, filename=capture_20260505190001.pcap, ingested_at=2026-05-05T21:55:44.814813+00:00	
pcap_artifact	PCAP:capture_20260505170001:ca2a90108bf2	file_size=39,107, filename=capture_20260505170001.pcap, ingested_at=2026-05-05T21:55:39.443855+00:00	
pcap_artifact	PCAP:capture_20260505210001:fe9b7b09d76a	file_size=62,137, filename=capture_20260505210001.pcap, ingested_at=2026-05-05T21:55:49.230892+00:00	
pcap_artifact	PCAP:capture_20260505200001:d502e7eabbdd	file_size=42,048, filename=capture_20260505200001.pcap, ingested_at=2026-05-05T21:55:47.191258+00:00	
port_hub	port:tcp:80	port=80, proto=tcp	
port_hub	port:tcp:2002	port=2,002, proto=tcp	
port_hub	port:tcp:22	port=22, proto=tcp	
port_hub	port:udp:53	port=53, proto=udp	
port_hub	port:tcp:443	port=443, proto=tcp	
port_hub	port:tcp:21	port=21, proto=tcp	
port_hub	port:tcp:23	port=23, proto=tcp	
port_hub	port:tcp:46006	port=46,006, proto=tcp	
protocol_event	pe:syn:SESSION-432ab8a16199cf6c	count=2, event_type=TCP_SYN, session=SESSION-432ab8a16199cf6c	
protocol_event	pe:syn:SESSION-112a52c8741e1f24	count=2, event_type=TCP_SYN, session=SESSION-112a52c8741e1f24	
protocol_event	pe:dns:SESSION-402c59976f95ccac	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-402c59976f95ccac	
protocol_event	pe:syn:SESSION-5d116249fba5ef1a	count=2, event_type=TCP_SYN, session=SESSION-5d116249fba5ef1a	
protocol_event	pe:rst:SESSION-5b835c6ebb995a7d	count=1, event_type=TCP_RST, session=SESSION-5b835c6ebb995a7d	
protocol_event	pe:tls:SESSION-afdbc113425d69ae	event_type=TLS_SESSION, packet_count=36, session=SESSION-afdbc113425d69ae	
protocol_event	pe:dns:SESSION-b6b6a46eb2435b2c	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-b6b6a46eb2435b2c	
protocol_event	pe:dns:SESSION-93e42c11b9b89aaf	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-93e42c11b9b89aaf	
protocol_event	pe:rst:SESSION-432ab8a16199cf6c	count=1, event_type=TCP_RST, session=SESSION-432ab8a16199cf6c	
protocol_event	pe:syn:SESSION-901a03ef18d43905	count=2, event_type=TCP_SYN, session=SESSION-901a03ef18d43905	
protocol_event	pe:syn:SESSION-859dff0703adcd19	count=2, event_type=TCP_SYN, session=SESSION-859dff0703adcd19	
protocol_event	pe:tls:SESSION-f439a23db4014944	event_type=TLS_SESSION, packet_count=25, session=SESSION-f439a23db4014944	
protocol_event	pe:dns:SESSION-08dd2a06bab4a852	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-08dd2a06bab4a852	
protocol_event	pe:dns:SESSION-9d04f6d7b357bacd	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-9d04f6d7b357bacd	
protocol_event	pe:syn:SESSION-afdbc113425d69ae	count=2, event_type=TCP_SYN, session=SESSION-afdbc113425d69ae	
protocol_event	pe:tls:SESSION-c9df47030e6edeae	event_type=TLS_SESSION, packet_count=3, session=SESSION-c9df47030e6edeae	
protocol_event	pe:syn:SESSION-1164951de921d536	count=2, event_type=TCP_SYN, session=SESSION-1164951de921d536	
protocol_event	pe:dns:SESSION-1d2c12c54a6b8ee9	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-1d2c12c54a6b8ee9	
protocol_event	pe:tls:SESSION-5d116249fba5ef1a	event_type=TLS_SESSION, packet_count=27, session=SESSION-5d116249fba5ef1a	
protocol_event	pe:syn:SESSION-989e93673dd1c7a6	count=2, event_type=TCP_SYN, session=SESSION-989e93673dd1c7a6	
protocol_event	pe:dns:SESSION-ac2fa7388db2f6bf	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-ac2fa7388db2f6bf	
protocol_event	pe:tls:SESSION-15c7d6c96ae38709	event_type=TLS_SESSION, packet_count=10, session=SESSION-15c7d6c96ae38709	
protocol_event	pe:syn:SESSION-8ead85dcd9724179	count=2, event_type=TCP_SYN, session=SESSION-8ead85dcd9724179	
protocol_event	pe:dns:SESSION-28d60172800a0b5c	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-28d60172800a0b5c	
protocol_event	pe:syn:SESSION-90d5b2c6338c7815	count=2, event_type=TCP_SYN, session=SESSION-90d5b2c6338c7815	
protocol_event	pe:syn:SESSION-4be2484ef7d205f9	count=2, event_type=TCP_SYN, session=SESSION-4be2484ef7d205f9	
protocol_event	pe:tls:SESSION-1164951de921d536	event_type=TLS_SESSION, packet_count=57, session=SESSION-1164951de921d536	
protocol_event	pe:rst:SESSION-6161ce1063e366a2	count=1, event_type=TCP_RST, session=SESSION-6161ce1063e366a2	
protocol_event	pe:dns:SESSION-cef22d690e31564a	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-cef22d690e31564a	
protocol_event	pe:dns:SESSION-1e693ff8754b6a4b	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-1e693ff8754b6a4b	
protocol_event	pe:dns:SESSION-29997713c592805d	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-29997713c592805d	
protocol_event	pe:dns:SESSION-5ceacf6e3fad521a	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-5ceacf6e3fad521a	
protocol_event	pe:rst:SESSION-98342a2659e39b9d	count=2, event_type=TCP_RST, session=SESSION-98342a2659e39b9d	
protocol_event	pe:syn:SESSION-c70914c01a4dbe00	count=2, event_type=TCP_SYN, session=SESSION-c70914c01a4dbe00	
protocol_event	pe:dns:SESSION-ba31b8d0bcea573c	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-ba31b8d0bcea573c	
protocol_event	pe:dns:SESSION-d1d3131167e5d8a7	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-d1d3131167e5d8a7	
protocol_event	pe:syn:SESSION-061b514c6b7df469	count=2, event_type=TCP_SYN, session=SESSION-061b514c6b7df469	
protocol_event	pe:dns:SESSION-d4533a7174934c47	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-d4533a7174934c47	
protocol_event	pe:syn:SESSION-f439a23db4014944	count=2, event_type=TCP_SYN, session=SESSION-f439a23db4014944	
protocol_event	pe:tls:SESSION-52ca69764e41f269	event_type=TLS_SESSION, packet_count=47, session=SESSION-52ca69764e41f269	
protocol_event	pe:rst:SESSION-51b92cc6a561b81c	count=2, event_type=TCP_RST, session=SESSION-51b92cc6a561b81c	
protocol_event	pe:syn:SESSION-51b92cc6a561b81c	count=2, event_type=TCP_SYN, session=SESSION-51b92cc6a561b81c	
protocol_event	pe:tls:SESSION-061b514c6b7df469	event_type=TLS_SESSION, packet_count=38, session=SESSION-061b514c6b7df469	
protocol_event	pe:dns:SESSION-56879d86cd26b6ef	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-56879d86cd26b6ef	
protocol_event	pe:dns:SESSION-6809ae9f3f9de168	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-6809ae9f3f9de168	
protocol_event	pe:syn:SESSION-548e9314b3086ca9	count=2, event_type=TCP_SYN, session=SESSION-548e9314b3086ca9	
protocol_event	pe:syn:SESSION-e07d35bac2ad33a9	count=2, event_type=TCP_SYN, session=SESSION-e07d35bac2ad33a9	
protocol_event	pe:syn:SESSION-5b835c6ebb995a7d	count=2, event_type=TCP_SYN, session=SESSION-5b835c6ebb995a7d	
protocol_event	pe:rst:SESSION-48538346c6e3fa4e	count=1, event_type=TCP_RST, session=SESSION-48538346c6e3fa4e	
protocol_event	pe:tls:SESSION-8ead85dcd9724179	event_type=TLS_SESSION, packet_count=22, session=SESSION-8ead85dcd9724179	
protocol_event	pe:tls:SESSION-51b92cc6a561b81c	event_type=TLS_SESSION, packet_count=23, session=SESSION-51b92cc6a561b81c	
protocol_event	pe:syn:SESSION-ad1c4ddd91bc1148	count=2, event_type=TCP_SYN, session=SESSION-ad1c4ddd91bc1148	
protocol_event	pe:syn:SESSION-98342a2659e39b9d	count=2, event_type=TCP_SYN, session=SESSION-98342a2659e39b9d	
protocol_event	pe:tls:SESSION-6161ce1063e366a2	event_type=TLS_SESSION, packet_count=50, session=SESSION-6161ce1063e366a2	
protocol_event	pe:syn:SESSION-6161ce1063e366a2	count=2, event_type=TCP_SYN, session=SESSION-6161ce1063e366a2	
protocol_event	pe:syn:SESSION-52ca69764e41f269	count=2, event_type=TCP_SYN, session=SESSION-52ca69764e41f269	
protocol_event	pe:syn:SESSION-b43027ed299d5e94	count=2, event_type=TCP_SYN, session=SESSION-b43027ed299d5e94	
protocol_event	pe:dns:SESSION-6f371d3a9290449b	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-6f371d3a9290449b	
protocol_event	pe:dns:SESSION-134b659b9f89c977	event_type=DNS_EXCHANGE, query_count=2, session=SESSION-134b659b9f89c977	
protocol_event	pe:syn:SESSION-4561579556c17060	count=2, event_type=TCP_SYN, session=SESSION-4561579556c17060	
protocol_event	pe:tls:SESSION-4561579556c17060	event_type=TLS_SESSION, packet_count=23, session=SESSION-4561579556c17060	
protocol_event	pe:tls:SESSION-98342a2659e39b9d	event_type=TLS_SESSION, packet_count=4, session=SESSION-98342a2659e39b9d	
protocol_event	pe:tls:SESSION-8946fc29c6b46f6d	event_type=TLS_SESSION, packet_count=2, session=SESSION-8946fc29c6b46f6d	
protocol_event	pe:rst:SESSION-8f7048e06d096abe	count=1, event_type=TCP_RST, session=SESSION-8f7048e06d096abe	
protocol_event	pe:syn:SESSION-fb52ff5a15515e30	count=2, event_type=TCP_SYN, session=SESSION-fb52ff5a15515e30	
protocol_event	pe:syn:SESSION-8946fc29c6b46f6d	count=2, event_type=TCP_SYN, session=SESSION-8946fc29c6b46f6d	
service	svc:ssh	name=ssh	
service	svc:dns	name=dns	
service	svc:http	name=http	
service	svc:https	name=https	
session	SESSION-b0bace154ed8e7e1	dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,993,249.075, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=103.220.165.12, start_time=1,777,993,249.074, tcp_flags=, time_bucket=1,777,993,230, total_bytes=100, window_sec=30	
session	SESSION-90b1be10321455be	dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,996,844.224, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=172.98.199.111, start_time=1,777,996,844.223, tcp_flags=, time_bucket=1,777,996,830, total_bytes=108, window_sec=30	
session	SESSION-cef22d690e31564a	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,007,601.844, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=57,746, start_time=1,778,007,601.843, tcp_flags=, time_bucket=1,778,007,600, total_bytes=313, window_sec=30	
session	SESSION-4be2484ef7d205f9	dst_ip=172.234.197.23, dst_port=2,002, duration_sec=1.05, end_time=1,778,014,821.047, expected_protocol=unregistered:2002, packet_count=2, proto=TCP, protocol_anomaly_score=0.3, protocol_violations=tcp_syn_only, protocols=TCP, src_ip=199.45.155.73, src_port=45,178, start_time=1,778,014,819.994, tcp_flags=S, time_bucket=1,778,014,800, total_bytes=148, window_sec=30	
session	SESSION-d4533a7174934c47	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,000,401.24, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=35,286, start_time=1,778,000,401.239, tcp_flags=, time_bucket=1,778,000,400, total_bytes=282, window_sec=30	
session	SESSION-29997713c592805d	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,014,801.402, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=34,319, start_time=1,778,014,801.4, tcp_flags=, time_bucket=1,778,014,800, total_bytes=313, window_sec=30	
session	SESSION-52ca69764e41f269	dst_ip=172.234.197.23, dst_port=443, duration_sec=12.74, end_time=1,778,007,626.356, expected_protocol=https, packet_count=47, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=40.77.167.27, src_port=59,868, start_time=1,778,007,613.617, tcp_flags=A,S,F,P, time_bucket=1,778,007,600, total_bytes=24,897, window_sec=30	
session	SESSION-fb52ff5a15515e30	dst_ip=172.234.197.23, dst_port=2,002, duration_sec=1, end_time=1,778,014,819.828, expected_protocol=unregistered:2002, packet_count=2, proto=TCP, protocol_anomaly_score=0.3, protocol_violations=tcp_syn_only, protocols=TCP, src_ip=199.45.155.73, src_port=45,172, start_time=1,778,014,818.824, tcp_flags=S, time_bucket=1,778,014,800, total_bytes=148, window_sec=30	
session	SESSION-112a52c8741e1f24	dst_ip=172.234.197.23, dst_port=80, duration_sec=0.21, end_time=1,777,996,855.022, expected_protocol=http, packet_count=7, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=5.61.209.107, src_port=49,978, start_time=1,777,996,854.814, tcp_flags=A,S,P, time_bucket=1,777,996,830, total_bytes=1,321, window_sec=30	
session	SESSION-0280199fcf3ea167	dst_ip=172.234.197.23, duration_sec=0, end_time=1,778,000,435.246, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=32.195.50.176, start_time=1,778,000,435.246, tcp_flags=, time_bucket=1,778,000,430, total_bytes=164, window_sec=30	
session	SESSION-98342a2659e39b9d	dst_ip=172.234.197.23, dst_port=443, duration_sec=0.24, end_time=1,777,993,214.403, expected_protocol=https, packet_count=4, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=102.69.167.14, src_port=52,811, start_time=1,777,993,214.167, tcp_flags=A,S,R, time_bucket=1,777,993,200, total_bytes=228, window_sec=30	
session	SESSION-901a03ef18d43905	dst_ip=172.234.197.23, dst_port=80, duration_sec=0.48, end_time=1,778,014,841.738, expected_protocol=http, packet_count=10, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=78.153.140.149, src_port=59,550, start_time=1,778,014,841.261, tcp_flags=A,S,F,P, time_bucket=1,778,014,830, total_bytes=1,308, window_sec=30	
session	SESSION-432ab8a16199cf6c	dst_ip=172.234.197.23, dst_port=22, duration_sec=13.94, end_time=1,778,014,816.619, expected_protocol=ssh, packet_count=36, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=92.118.39.196, src_port=55,612, start_time=1,778,014,802.682, tcp_flags=A,S,P,R, time_bucket=1,778,014,800, total_bytes=6,406, window_sec=30	
session	SESSION-1d2c12c54a6b8ee9	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,007,631.278, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=36,811, start_time=1,778,007,631.277, tcp_flags=, time_bucket=1,778,007,630, total_bytes=286, window_sec=30	
session	SESSION-5d116249fba5ef1a	dst_ip=172.234.197.23, dst_port=443, duration_sec=0.87, end_time=1,778,000,450.827, expected_protocol=https, packet_count=27, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=14.152.83.244, src_port=4,568, start_time=1,778,000,449.952, tcp_flags=A,S,P, time_bucket=1,778,000,430, total_bytes=6,689, window_sec=30	
session	SESSION-c260bd1d3b6a172d	dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,993,231.814, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=51.224.123.234, start_time=1,777,993,231.814, tcp_flags=, time_bucket=1,777,993,230, total_bytes=164, window_sec=30	
session	SESSION-a4e2d049e521c4ea	dst_ip=172.234.197.23, duration_sec=0, end_time=1,778,004,004.98, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=13.250.21.18, start_time=1,778,004,004.98, tcp_flags=, time_bucket=1,778,004,000, total_bytes=164, window_sec=30	
session	SESSION-93e42c11b9b89aaf	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,993,201.654, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=53,466, start_time=1,777,993,201.653, tcp_flags=, time_bucket=1,777,993,200, total_bytes=282, window_sec=30	
session	SESSION-3936b227c1331c5d	dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,993,203.91, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=108.136.231.22, start_time=1,777,993,203.91, tcp_flags=, time_bucket=1,777,993,200, total_bytes=164, window_sec=30	
session	SESSION-3da8c2fb5a75575f	dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,996,814.382, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=108.136.231.22, start_time=1,777,996,814.382, tcp_flags=, time_bucket=1,777,996,800, total_bytes=164, window_sec=30	
session	SESSION-ad1c4ddd91bc1148	dst_ip=172.234.197.23, dst_port=80, duration_sec=0.03, end_time=1,777,993,202.077, expected_protocol=http, packet_count=10, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=3.220.15.173, src_port=34,012, start_time=1,777,993,202.044, tcp_flags=A,S,F,P, time_bucket=1,777,993,200, total_bytes=1,353, window_sec=30	
session	SESSION-1e693ff8754b6a4b	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,996,801.469, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=57,362, start_time=1,777,996,801.467, tcp_flags=, time_bucket=1,777,996,800, total_bytes=282, window_sec=30	
session	SESSION-c9df47030e6edeae	dst_ip=172.234.197.23, dst_port=443, duration_sec=0.02, end_time=1,778,011,232.982, expected_protocol=https, packet_count=3, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=40.77.167.4, src_port=47,819, start_time=1,778,011,232.96, tcp_flags=A,F, time_bucket=1,778,011,230, total_bytes=162, window_sec=30	
session	SESSION-22dca0f7e254df40	dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,996,803.516, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=108.136.246.109, start_time=1,777,996,803.516, tcp_flags=, time_bucket=1,777,996,800, total_bytes=164, window_sec=30	
session	SESSION-b6b6a46eb2435b2c	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,993,201.656, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=59,844, start_time=1,777,993,201.655, tcp_flags=, time_bucket=1,777,993,200, total_bytes=313, window_sec=30	
session	SESSION-402c59976f95ccac	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,007,631.279, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=54,219, start_time=1,778,007,631.279, tcp_flags=, time_bucket=1,778,007,630, total_bytes=238, window_sec=30	
session	SESSION-22e21c154242e139	dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,993,204.044, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=108.136.195.128, start_time=1,777,993,204.044, tcp_flags=, time_bucket=1,777,993,200, total_bytes=164, window_sec=30	
session	SESSION-f439a23db4014944	dst_ip=172.234.197.23, dst_port=443, duration_sec=0.91, end_time=1,778,000,453.897, expected_protocol=https, packet_count=25, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=14.17.85.204, src_port=17,920, start_time=1,778,000,452.982, tcp_flags=A,S,P, time_bucket=1,778,000,430, total_bytes=6,622, window_sec=30	
session	SESSION-ac2fa7388db2f6bf	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,007,601.842, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=47,184, start_time=1,778,007,601.84, tcp_flags=, time_bucket=1,778,007,600, total_bytes=282, window_sec=30	
session	SESSION-8f7048e06d096abe	dst_ip=92.118.39.236, dst_port=46,006, duration_sec=0.13, end_time=1,778,011,257.416, expected_protocol=unregistered:46006, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,778,011,257.288, tcp_flags=R,A,P, time_bucket=1,778,011,230, total_bytes=172, window_sec=30	
session	SESSION-ba31b8d0bcea573c	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,777,996,801.471, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=47,441, start_time=1,777,996,801.47, tcp_flags=, time_bucket=1,777,996,800, total_bytes=313, window_sec=30	
session	SESSION-6161ce1063e366a2	dst_ip=185.125.188.57, dst_port=443, duration_sec=5.89, end_time=1,778,007,637.165, expected_protocol=https, packet_count=50, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=56,486, start_time=1,778,007,631.28, tcp_flags=A,S,R,F,P, time_bucket=1,778,007,630, total_bytes=36,871, window_sec=30	
session	SESSION-b43027ed299d5e94	dst_ip=172.234.197.23, dst_port=22, duration_sec=0.92, end_time=1,778,007,635.972, expected_protocol=ssh, packet_count=25, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=45.148.10.121, src_port=47,328, start_time=1,778,007,635.049, tcp_flags=A,S,F,P, time_bucket=1,778,007,630, total_bytes=5,981, window_sec=30	
session	SESSION-6f591a82d04e2f23	dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,993,214.433, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=108.137.154.183, start_time=1,777,993,214.433, tcp_flags=, time_bucket=1,777,993,200, total_bytes=164, window_sec=30	
session	SESSION-cc46316b9ac69b28	dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,996,814.641, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=108.136.195.128, start_time=1,777,996,814.641, tcp_flags=, time_bucket=1,777,996,800, total_bytes=164, window_sec=30	
session	SESSION-548e9314b3086ca9	dst_ip=172.234.197.23, dst_port=21, duration_sec=0.04, end_time=1,778,007,605.623, expected_protocol=ftp-ctrl, packet_count=10, proto=TCP, protocol_anomaly_score=0.1, protocol_violations=risk_port, protocols=TCP, src_ip=3.143.162.210, src_port=44,962, start_time=1,778,007,605.58, tcp_flags=A,S,F,P, time_bucket=1,778,007,600, total_bytes=697, window_sec=30	
session	SESSION-5ad6262f0c135833	dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,993,203.565, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=16.78.103.11, start_time=1,777,993,203.565, tcp_flags=, time_bucket=1,777,993,200, total_bytes=164, window_sec=30	
session	SESSION-08dd2a06bab4a852	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,011,201.607, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=55,699, start_time=1,778,011,201.605, tcp_flags=, time_bucket=1,778,011,200, total_bytes=282, window_sec=30	
session	SESSION-34afdab6201869ee	dst_ip=172.234.197.23, duration_sec=0, end_time=1,778,000,418.629, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=51.224.53.243, start_time=1,778,000,418.629, tcp_flags=, time_bucket=1,778,000,400, total_bytes=164, window_sec=30	
session	SESSION-d1099e585fa36f54	dst_ip=172.234.197.23, duration_sec=0, end_time=1,778,000,435.153, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=3.234.246.186, start_time=1,778,000,435.153, tcp_flags=, time_bucket=1,778,000,430, total_bytes=164, window_sec=30	
session	SESSION-48258acdb44fa51f	dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,993,231.98, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=51.224.145.152, start_time=1,777,993,231.98, tcp_flags=, time_bucket=1,777,993,230, total_bytes=164, window_sec=30	
session	SESSION-90d5b2c6338c7815	dst_ip=172.234.197.23, dst_port=23, duration_sec=1, end_time=1,777,993,259.128, expected_protocol=telnet, packet_count=2, proto=TCP, protocol_anomaly_score=0.75, protocol_violations=tcp_syn_only,risk_port, protocols=TCP, src_ip=82.86.130.0, src_port=17,598, start_time=1,777,993,258.13, tcp_flags=S, time_bucket=1,777,993,230, total_bytes=148, window_sec=30	
session	SESSION-d1d3131167e5d8a7	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,004,002.048, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=53,918, start_time=1,778,004,002.047, tcp_flags=, time_bucket=1,778,004,000, total_bytes=313, window_sec=30	
session	SESSION-8946fc29c6b46f6d	dst_ip=172.234.197.23, dst_port=443, duration_sec=0, end_time=1,778,000,459.927, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=43.172.194.114, src_port=53,474, start_time=1,778,000,459.927, tcp_flags=A,S, time_bucket=1,778,000,430, total_bytes=148, window_sec=30	
session	SESSION-4561579556c17060	dst_ip=172.234.197.23, dst_port=443, duration_sec=0.96, end_time=1,778,000,452.291, expected_protocol=https, packet_count=23, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=43.173.132.82, src_port=15,864, start_time=1,778,000,451.333, tcp_flags=A,S,P, time_bucket=1,778,000,430, total_bytes=6,477, window_sec=30	
session	SESSION-bf0cece70f740446	dst_ip=172.234.197.23, duration_sec=0, end_time=1,778,000,404.693, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=44.203.55.60, start_time=1,778,000,404.693, tcp_flags=, time_bucket=1,778,000,400, total_bytes=164, window_sec=30	
session	SESSION-e07d35bac2ad33a9	dst_ip=172.234.197.23, dst_port=80, duration_sec=0.4, end_time=1,778,000,451.249, expected_protocol=http, packet_count=10, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=43.173.132.115, src_port=36,068, start_time=1,778,000,450.847, tcp_flags=A,S,F,P, time_bucket=1,778,000,430, total_bytes=1,248, window_sec=30	
session	SESSION-d8e778a85b00d06e	dst_ip=172.234.197.23, duration_sec=0, end_time=1,778,004,025.473, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=13.229.125.1, start_time=1,778,004,025.473, tcp_flags=, time_bucket=1,778,004,000, total_bytes=164, window_sec=30	
session	SESSION-28d60172800a0b5c	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,014,801.4, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=44,400, start_time=1,778,014,801.398, tcp_flags=, time_bucket=1,778,014,800, total_bytes=282, window_sec=30	
session	SESSION-1164951de921d536	dst_ip=172.234.197.23, dst_port=443, duration_sec=0.29, end_time=1,778,011,221.951, expected_protocol=https, packet_count=57, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=40.77.167.4, src_port=47,819, start_time=1,778,011,221.662, tcp_flags=A,S,P, time_bucket=1,778,011,200, total_bytes=38,745, window_sec=30	
session	SESSION-ec5c8fa8037e3562	dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,996,808.445, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=103.155.16.117, start_time=1,777,996,808.445, tcp_flags=, time_bucket=1,777,996,800, total_bytes=84, window_sec=30	
session	SESSION-51b92cc6a561b81c	dst_ip=172.234.197.23, dst_port=443, duration_sec=0.17, end_time=1,777,993,202.246, expected_protocol=https, packet_count=23, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=54.227.57.227, src_port=37,869, start_time=1,777,993,202.079, tcp_flags=A,S,R,F,P, time_bucket=1,777,993,200, total_bytes=5,239, window_sec=30	
session	SESSION-7b3c407fbcf7cdbc	dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,993,203.852, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=108.136.220.138, start_time=1,777,993,203.852, tcp_flags=, time_bucket=1,777,993,200, total_bytes=164, window_sec=30	
session	SESSION-5ceacf6e3fad521a	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,014,812.499, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=48,809, start_time=1,778,014,812.499, tcp_flags=, time_bucket=1,778,014,800, total_bytes=282, window_sec=30	
session	SESSION-6809ae9f3f9de168	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,004,002.046, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=50,991, start_time=1,778,004,002.045, tcp_flags=, time_bucket=1,778,004,000, total_bytes=282, window_sec=30	
session	SESSION-afdbc113425d69ae	dst_ip=172.234.197.23, dst_port=443, duration_sec=1.97, end_time=1,778,014,813.62, expected_protocol=https, packet_count=36, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=91.227.37.60, src_port=58,250, start_time=1,778,014,811.645, tcp_flags=A,S,F,P, time_bucket=1,778,014,800, total_bytes=15,470, window_sec=30	
session	SESSION-4d8ee5a4e3d2c6cb	dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,996,803.214, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=108.137.71.172, start_time=1,777,996,803.214, tcp_flags=, time_bucket=1,777,996,800, total_bytes=164, window_sec=30	
session	SESSION-9ac8120baa6b4cb5	dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,996,814.49, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=16.79.76.70, start_time=1,777,996,814.49, tcp_flags=, time_bucket=1,777,996,800, total_bytes=164, window_sec=30	
session	SESSION-6f371d3a9290449b	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,007,613.866, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=54,737, start_time=1,778,007,613.865, tcp_flags=, time_bucket=1,778,007,600, total_bytes=282, window_sec=30	
session	SESSION-bb030de157a28a92	dst_ip=172.234.197.23, duration_sec=0, end_time=1,778,000,418.556, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=51.224.129.180, start_time=1,778,000,418.556, tcp_flags=, time_bucket=1,778,000,400, total_bytes=164, window_sec=30	
session	SESSION-c70914c01a4dbe00	dst_ip=172.234.197.23, dst_port=22, duration_sec=4.19, end_time=1,778,004,053.087, expected_protocol=ssh, packet_count=25, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=221.156.137.102, src_port=34,634, start_time=1,778,004,048.892, tcp_flags=A,S,F,P, time_bucket=1,778,004,030, total_bytes=4,957, window_sec=30	
session	SESSION-e437667b37d516f6	dst_ip=172.234.197.23, duration_sec=0, end_time=1,778,000,404.911, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=54.226.218.70, start_time=1,778,000,404.911, tcp_flags=, time_bucket=1,778,000,400, total_bytes=164, window_sec=30	
session	SESSION-c28f30a8568677bd	dst_ip=172.234.197.23, duration_sec=0, end_time=1,778,000,421.896, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=54.237.9.199, start_time=1,778,000,421.896, tcp_flags=, time_bucket=1,778,000,400, total_bytes=164, window_sec=30	
session	SESSION-d96f4e3d10a0a4f0	dst_ip=172.234.197.23, duration_sec=0, end_time=1,778,004,008.169, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=103.155.16.117, start_time=1,778,004,008.169, tcp_flags=, time_bucket=1,778,004,000, total_bytes=84, window_sec=30	
session	SESSION-859dff0703adcd19	dst_ip=172.234.197.23, dst_port=80, duration_sec=0.47, end_time=1,778,014,842.052, expected_protocol=http, packet_count=12, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=78.153.140.149, src_port=59,552, start_time=1,778,014,841.582, tcp_flags=A,S,F,P, time_bucket=1,778,014,830, total_bytes=1,522, window_sec=30	
session	SESSION-989e93673dd1c7a6	dst_ip=172.234.197.23, dst_port=80, duration_sec=1.67, end_time=1,778,000,454.061, expected_protocol=http, packet_count=10, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=14.17.85.204, src_port=47,556, start_time=1,778,000,452.395, tcp_flags=A,S,F,P, time_bucket=1,778,000,430, total_bytes=1,228, window_sec=30	
session	SESSION-5b835c6ebb995a7d	dst_ip=172.234.197.23, dst_port=80, duration_sec=0.09, end_time=1,777,996,854.544, expected_protocol=http, packet_count=3, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=5.61.209.107, src_port=53,644, start_time=1,777,996,854.449, tcp_flags=A,S,R, time_bucket=1,777,996,830, total_bytes=166, window_sec=30	
session	SESSION-56879d86cd26b6ef	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,000,401.243, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=54,551, start_time=1,778,000,401.241, tcp_flags=, time_bucket=1,778,000,400, total_bytes=313, window_sec=30	
session	SESSION-48538346c6e3fa4e	dst_ip=92.118.39.236, dst_port=46,006, duration_sec=0.13, end_time=1,778,011,213.896, expected_protocol=unregistered:46006, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,778,011,213.768, tcp_flags=R,A,P, time_bucket=1,778,011,200, total_bytes=172, window_sec=30	
session	SESSION-9d04f6d7b357bacd	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,011,201.609, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=37,889, start_time=1,778,011,201.607, tcp_flags=, time_bucket=1,778,011,200, total_bytes=313, window_sec=30	
session	SESSION-83e825ce567e05ed	dst_ip=172.234.197.23, duration_sec=0, end_time=1,778,000,418.694, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=51.224.214.156, start_time=1,778,000,418.694, tcp_flags=, time_bucket=1,778,000,400, total_bytes=164, window_sec=30	
session	SESSION-061c5d7701fcd16d	dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,996,824.71, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=108.137.123.21, start_time=1,777,996,824.71, tcp_flags=, time_bucket=1,777,996,800, total_bytes=164, window_sec=30	
session	SESSION-2defdff48f63b22c	dst_ip=172.234.197.23, duration_sec=0, end_time=1,778,000,415.036, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=13.216.252.177, start_time=1,778,000,415.036, tcp_flags=, time_bucket=1,778,000,400, total_bytes=164, window_sec=30	
session	SESSION-061b514c6b7df469	dst_ip=172.234.197.23, dst_port=443, duration_sec=0.18, end_time=1,778,014,824.398, expected_protocol=https, packet_count=38, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=172.236.119.165, src_port=45,936, start_time=1,778,014,824.222, tcp_flags=A,S,F,P, time_bucket=1,778,014,800, total_bytes=32,958, window_sec=30	
session	SESSION-449dd50fe1669698	dst_ip=172.234.197.23, duration_sec=0, end_time=1,778,004,019.14, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=18.138.243.16, start_time=1,778,004,019.14, tcp_flags=, time_bucket=1,778,004,000, total_bytes=164, window_sec=30	
session	SESSION-53f109edd419cdc2	dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,993,214.057, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=16.79.76.70, start_time=1,777,993,214.057, tcp_flags=, time_bucket=1,777,993,200, total_bytes=164, window_sec=30	
session	SESSION-134b659b9f89c977	dst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,011,221.887, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=60,303, start_time=1,778,011,221.887, tcp_flags=, time_bucket=1,778,011,200, total_bytes=282, window_sec=30	
session	SESSION-15c7d6c96ae38709	dst_ip=172.234.197.23, dst_port=443, duration_sec=0.45, end_time=1,778,000,460.583, expected_protocol=https, packet_count=10, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=43.172.194.114, src_port=53,474, start_time=1,778,000,460.128, tcp_flags=A,P, time_bucket=1,778,000,460, total_bytes=5,320, window_sec=30	
session	SESSION-a74e44c20494fb3b	dst_ip=172.234.197.23, duration_sec=0, end_time=1,777,993,231.805, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=51.224.16.78, start_time=1,777,993,231.805, tcp_flags=, time_bucket=1,777,993,230, total_bytes=164, window_sec=30	
session	SESSION-1f42c1a2508937e6	dst_ip=172.234.197.23, duration_sec=0, end_time=1,778,011,208.352, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=103.155.16.117, start_time=1,778,011,208.352, tcp_flags=, time_bucket=1,778,011,200, total_bytes=84, window_sec=30	
session	SESSION-8ead85dcd9724179	dst_ip=172.234.197.23, dst_port=443, duration_sec=0.99, end_time=1,778,000,449.709, expected_protocol=https, packet_count=22, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=43.173.187.143, src_port=3,855, start_time=1,778,000,448.717, tcp_flags=A,S,P, time_bucket=1,778,000,430, total_bytes=6,416, window_sec=30	
tls_sni	tls_sni:172-234-197-23.ip.linodeusercontent.com	sni=172-234-197-23.ip.linodeusercontent.com	
tls_sni	tls_sni:api.snapcraft.io	sni=api.snapcraft.io

Edges
Kind	ID	Nodes
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6809ae9f3f9de168:host:172.232.0.17	SESSION-6809ae9f3f9de168 → host:172.232.0.17
flow_observed5-aryOBS	e:fo:flow:1914bb7cc20f	flow:1914bb7cc20f → host:14.17.85.204 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-53f109edd419cdc2:flow:c4b1d3f380b6	SESSION-53f109edd419cdc2 → flow:c4b1d3f380b6
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bb030de157a28a92:host:172.234.197.23	SESSION-bb030de157a28a92 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-901a03ef18d43905:host:172.234.197.23	SESSION-901a03ef18d43905 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-83e825ce567e05ed:host:172.234.197.23	SESSION-83e825ce567e05ed → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d96f4e3d10a0a4f0:host:172.234.197.23	SESSION-d96f4e3d10a0a4f0 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4be2484ef7d205f9:host:172.234.197.23	SESSION-4be2484ef7d205f9 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8946fc29c6b46f6d:SESSION-8946fc29c6b46f6d	SESSION-8946fc29c6b46f6d → pe:tls:SESSION-8946fc29c6b46f6d
ASN_IN_ORGOBS 80%	e:ao:asn:8075:org:Microsoft Corporation	asn:8075 → org:Microsoft Corporation
FLOW_DST_PORTOBS	e:fp:flow:9177236cf88d:port:tcp:80	flow:9177236cf88d → port:tcp:80
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ad1c4ddd91bc1148:flow:4501038c119d	SESSION-ad1c4ddd91bc1148 → flow:4501038c119d
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-1f42c1a2508937e6:BSG-BEACON-a8a8c3c8a37f	SESSION-1f42c1a2508937e6 → BSG-BEACON-a8a8c3c8a37f
FLOW_TLS_SNIOBS	e:fs:flow:a17816cafef4:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:a17816cafef4 → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_FROM_HOSTOBS	e:from:SESSION-6809ae9f3f9de168:host:172.234.197.23	SESSION-6809ae9f3f9de168 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1164951de921d536:PCAP:capture_20260505200001:d502e7eabbdd	SESSION-1164951de921d536 → PCAP:capture_20260505200001:d502e7eabbdd
FLOW_DST_PORTOBS	e:fp:flow:0f6e4fea1ebd:port:udp:53	flow:0f6e4fea1ebd → port:udp:53
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:103.155.16.117:geo_1.29390_103.84610	host:103.155.16.117 → geo_1.29390_103.84610
FLOW_DST_PORTOBS	e:fp:flow:1ef937ba29a6:port:tcp:443	flow:1ef937ba29a6 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-afdbc113425d69ae:host:172.234.197.23	SESSION-afdbc113425d69ae → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:347478b466ec	flow:347478b466ec → host:14.17.85.204 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TO_HOSTOBS	e:to:SESSION-061b514c6b7df469:host:172.234.197.23	SESSION-061b514c6b7df469 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-afdbc113425d69ae:SESSION-afdbc113425d69ae	SESSION-afdbc113425d69ae → pe:tls:SESSION-afdbc113425d69ae
FLOW_TO_HOSTOBS	e:to:SESSION-5d116249fba5ef1a:host:172.234.197.23	SESSION-5d116249fba5ef1a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c9df47030e6edeae:host:40.77.167.4	SESSION-c9df47030e6edeae → host:40.77.167.4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac2fa7388db2f6bf:host:172.232.0.17	SESSION-ac2fa7388db2f6bf → host:172.232.0.17
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-34afdab6201869ee:host:51.224.53.243:host:172.234.197.23	SESSION-34afdab6201869ee → host:51.224.53.243 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6f371d3a9290449b:host:172.234.197.23	SESSION-6f371d3a9290449b → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-bf0cece70f740446:host:44.203.55.60	SESSION-bf0cece70f740446 → host:44.203.55.60
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-432ab8a16199cf6c:host:92.118.39.196:host:172.234.197.23	SESSION-432ab8a16199cf6c → host:92.118.39.196 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9ac8120baa6b4cb5:host:172.234.197.23	SESSION-9ac8120baa6b4cb5 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b835c6ebb995a7d:host:172.234.197.23	SESSION-5b835c6ebb995a7d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-ba31b8d0bcea573c:host:172.232.0.17	SESSION-ba31b8d0bcea573c → host:172.232.0.17
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ba31b8d0bcea573c:PCAP:capture_20260505160001:6505a8988bcf	SESSION-ba31b8d0bcea573c → PCAP:capture_20260505160001:6505a8988bcf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-48258acdb44fa51f:flow:e0e919fe14b3	SESSION-48258acdb44fa51f → flow:e0e919fe14b3
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d1099e585fa36f54:PCAP:capture_20260505170001:ca2a90108bf2	SESSION-d1099e585fa36f54 → PCAP:capture_20260505170001:ca2a90108bf2
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-d1d3131167e5d8a7:BSG-BEACON-f6c2b3d0e42d	SESSION-d1d3131167e5d8a7 → BSG-BEACON-f6c2b3d0e42d
FLOW_TO_HOSTOBS	e:to:SESSION-5b835c6ebb995a7d:host:172.234.197.23	SESSION-5b835c6ebb995a7d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b0bace154ed8e7e1:host:103.220.165.12	SESSION-b0bace154ed8e7e1 → host:103.220.165.12
flow_observed5-aryOBS	e:fo:flow:1507855d0ab9	flow:1507855d0ab9 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-402c59976f95ccac:SESSION-402c59976f95ccac	SESSION-402c59976f95ccac → pe:dns:SESSION-402c59976f95ccac
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1d2c12c54a6b8ee9:flow:449957d41315	SESSION-1d2c12c54a6b8ee9 → flow:449957d41315
flow_observed3-aryOBS	e:fo:flow:5c0f3e09f588	flow:5c0f3e09f588 → host:108.136.231.22 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-2defdff48f63b22c:host:13.216.252.177	SESSION-2defdff48f63b22c → host:13.216.252.177
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6161ce1063e366a2:PCAP:capture_20260505190001:a68bf0af3b16	SESSION-6161ce1063e366a2 → PCAP:capture_20260505190001:a68bf0af3b16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1164951de921d536:host:40.77.167.4	SESSION-1164951de921d536 → host:40.77.167.4
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-ac2fa7388db2f6bf:SESSION-ac2fa7388db2f6bf	SESSION-ac2fa7388db2f6bf → pe:dns:SESSION-ac2fa7388db2f6bf
FLOW_QUERIED_DNSOBS	e:fd:flow:7ac69d00b687:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:7ac69d00b687 → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5d116249fba5ef1a:host:14.152.83.244:host:172.234.197.23	SESSION-5d116249fba5ef1a → host:14.152.83.244 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cef22d690e31564a:host:172.234.197.23	SESSION-cef22d690e31564a → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:5f0f49123cd7	flow:5f0f49123cd7 → host:108.137.154.183 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-548e9314b3086ca9:host:172.234.197.23	SESSION-548e9314b3086ca9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6f591a82d04e2f23:host:108.137.154.183:host:172.234.197.23	SESSION-6f591a82d04e2f23 → host:108.137.154.183 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c9df47030e6edeae:host:40.77.167.4	SESSION-c9df47030e6edeae → host:40.77.167.4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-061b514c6b7df469:PCAP:capture_20260505210001:fe9b7b09d76a	SESSION-061b514c6b7df469 → PCAP:capture_20260505210001:fe9b7b09d76a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-901a03ef18d43905:PCAP:capture_20260505210001:fe9b7b09d76a	SESSION-901a03ef18d43905 → PCAP:capture_20260505210001:fe9b7b09d76a
FLOW_FROM_HOSTOBS	e:from:SESSION-1f42c1a2508937e6:host:103.155.16.117	SESSION-1f42c1a2508937e6 → host:103.155.16.117
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-fb52ff5a15515e30:host:199.45.155.73:host:172.234.197.23	SESSION-fb52ff5a15515e30 → host:199.45.155.73 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-56879d86cd26b6ef:PCAP:capture_20260505170001:ca2a90108bf2	SESSION-56879d86cd26b6ef → PCAP:capture_20260505170001:ca2a90108bf2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ac2fa7388db2f6bf:flow:7823764fbd64	SESSION-ac2fa7388db2f6bf → flow:7823764fbd64
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1164951de921d536:host:40.77.167.4:host:172.234.197.23	SESSION-1164951de921d536 → host:40.77.167.4 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1d2c12c54a6b8ee9:host:172.234.197.23:host:172.232.0.17	SESSION-1d2c12c54a6b8ee9 → host:172.234.197.23 → host:172.232.0.17
flow_observed3-aryOBS	e:fo:flow:670bf8372bed	flow:670bf8372bed → host:108.136.195.128 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-48258acdb44fa51f:host:51.224.145.152	SESSION-48258acdb44fa51f → host:51.224.145.152
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f42c1a2508937e6:host:172.234.197.23	SESSION-1f42c1a2508937e6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1164951de921d536:host:172.234.197.23	SESSION-1164951de921d536 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:199.45.155.73:geo_37.75100_-97.82200	host:199.45.155.73 → geo_37.75100_-97.82200
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-449dd50fe1669698:host:18.138.243.16:host:172.234.197.23	SESSION-449dd50fe1669698 → host:18.138.243.16 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-402c59976f95ccac:host:172.234.197.23	SESSION-402c59976f95ccac → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ad6262f0c135833:host:172.234.197.23	SESSION-5ad6262f0c135833 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0280199fcf3ea167:host:172.234.197.23	SESSION-0280199fcf3ea167 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b6b6a46eb2435b2c:host:172.232.0.17	SESSION-b6b6a46eb2435b2c → host:172.232.0.17
FLOW_TO_HOSTOBS	e:to:SESSION-a74e44c20494fb3b:host:172.234.197.23	SESSION-a74e44c20494fb3b → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-432ab8a16199cf6c:host:92.118.39.196	SESSION-432ab8a16199cf6c → host:92.118.39.196
FLOW_TO_HOSTOBS	e:to:SESSION-1164951de921d536:host:172.234.197.23	SESSION-1164951de921d536 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-29997713c592805d:host:172.234.197.23	SESSION-29997713c592805d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6809ae9f3f9de168:host:172.234.197.23:host:172.232.0.17	SESSION-6809ae9f3f9de168 → host:172.234.197.23 → host:172.232.0.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-989e93673dd1c7a6:host:172.234.197.23	SESSION-989e93673dd1c7a6 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:81d4435dcab9:port:tcp:443	flow:81d4435dcab9 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-93e42c11b9b89aaf:host:172.232.0.17	SESSION-93e42c11b9b89aaf → host:172.232.0.17
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-548e9314b3086ca9:SESSION-548e9314b3086ca9	SESSION-548e9314b3086ca9 → pe:syn:SESSION-548e9314b3086ca9
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:51.224.123.234:geo_52.51960_13.40690	host:51.224.123.234 → geo_52.51960_13.40690
HOST_IN_ASNOBS 85%	e:ha:host:199.45.155.73:asn:398722	host:199.45.155.73 → asn:398722
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf0cece70f740446:host:44.203.55.60	SESSION-bf0cece70f740446 → host:44.203.55.60
FLOW_FROM_HOSTOBS	e:from:SESSION-d1099e585fa36f54:host:3.234.246.186	SESSION-d1099e585fa36f54 → host:3.234.246.186
flow_observed3-aryOBS	e:fo:flow:d2aa3d958328	flow:d2aa3d958328 → host:18.138.243.16 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-28d60172800a0b5c:BSG-BEACON-f6c2b3d0e42d	SESSION-28d60172800a0b5c → BSG-BEACON-f6c2b3d0e42d
FLOW_FROM_HOSTOBS	e:from:SESSION-ba31b8d0bcea573c:host:172.234.197.23	SESSION-ba31b8d0bcea573c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-29997713c592805d:host:172.232.0.17	SESSION-29997713c592805d → host:172.232.0.17
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-d96f4e3d10a0a4f0:BSG-BEACON-a8a8c3c8a37f	SESSION-d96f4e3d10a0a4f0 → BSG-BEACON-a8a8c3c8a37f
HOST_IN_ASNOBS 85%	e:ha:host:185.125.188.57:asn:41231	host:185.125.188.57 → asn:41231
FLOW_TO_HOSTOBS	e:to:SESSION-93e42c11b9b89aaf:host:172.232.0.17	SESSION-93e42c11b9b89aaf → host:172.232.0.17
flow_observed5-aryOBS	e:fo:flow:83a5cffc6703	flow:83a5cffc6703 → host:172.234.197.23 → host:185.125.188.57 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-08dd2a06bab4a852:host:172.234.197.23	SESSION-08dd2a06bab4a852 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:40.77.167.4:asn:8075	host:40.77.167.4 → asn:8075
FLOW_TO_HOSTOBS	e:to:SESSION-a4e2d049e521c4ea:host:172.234.197.23	SESSION-a4e2d049e521c4ea → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d55b3af6cdbc	flow:d55b3af6cdbc → host:102.69.167.14 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-1164951de921d536:BSG-DATA_EXFIL-c9d90f130d90	SESSION-1164951de921d536 → BSG-DATA_EXFIL-c9d90f130d90
HOST_IN_ASNOBS 85%	e:ha:host:3.143.162.210:asn:16509	host:3.143.162.210 → asn:16509
flow_observed5-aryOBS	e:fo:flow:b4f49eacb030	flow:b4f49eacb030 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
FLOW_TO_HOSTOBS	e:to:SESSION-1e693ff8754b6a4b:host:172.232.0.17	SESSION-1e693ff8754b6a4b → host:172.232.0.17
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-cef22d690e31564a:SESSION-cef22d690e31564a	SESSION-cef22d690e31564a → pe:dns:SESSION-cef22d690e31564a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4be2484ef7d205f9:host:199.45.155.73:host:172.234.197.23	SESSION-4be2484ef7d205f9 → host:199.45.155.73 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:51.224.53.243:geo_52.51960_13.40690	host:51.224.53.243 → geo_52.51960_13.40690
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-548e9314b3086ca9:host:172.234.197.23	SESSION-548e9314b3086ca9 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:3.143.162.210:geo_39.96250_-83.00610	host:3.143.162.210 → geo_39.96250_-83.00610
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:108.137.154.183:geo_-6.21140_106.84460	host:108.137.154.183 → geo_-6.21140_106.84460
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-1e693ff8754b6a4b:BSG-BEACON-f6c2b3d0e42d	SESSION-1e693ff8754b6a4b → BSG-BEACON-f6c2b3d0e42d
flow_observed5-aryOBS	e:fo:flow:a0f73d4e1f2a	flow:a0f73d4e1f2a → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
flow_observed5-aryOBS	e:fo:flow:ef50ec85480c	flow:ef50ec85480c → host:5.61.209.107 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-53f109edd419cdc2:host:16.79.76.70	SESSION-53f109edd419cdc2 → host:16.79.76.70
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c9df47030e6edeae:host:172.234.197.23	SESSION-c9df47030e6edeae → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-52ca69764e41f269:SESSION-52ca69764e41f269	SESSION-52ca69764e41f269 → pe:tls:SESSION-52ca69764e41f269
HOST_IN_ASNOBS 85%	e:ha:host:51.224.53.243:asn:16509	host:51.224.53.243 → asn:16509
FLOW_DST_PORTOBS	e:fp:flow:347478b466ec:port:tcp:443	flow:347478b466ec → port:tcp:443
flow_observed4-aryOBS	e:fo:flow:f7a277f9998b	flow:f7a277f9998b → host:3.143.162.210 → host:172.234.197.23 → port:tcp:21
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6161ce1063e366a2:host:185.125.188.57	SESSION-6161ce1063e366a2 → host:185.125.188.57
HOST_IN_ASNOBS 85%	e:ha:host:43.173.187.143:asn:132203	host:43.173.187.143 → asn:132203
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-56879d86cd26b6ef:host:172.232.0.17	SESSION-56879d86cd26b6ef → host:172.232.0.17
flow_observed3-aryOBS	e:fo:flow:e0e919fe14b3	flow:e0e919fe14b3 → host:51.224.145.152 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d1099e585fa36f54:flow:6bb1f29d53ff	SESSION-d1099e585fa36f54 → flow:6bb1f29d53ff
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4d8ee5a4e3d2c6cb:PCAP:capture_20260505160001:6505a8988bcf	SESSION-4d8ee5a4e3d2c6cb → PCAP:capture_20260505160001:6505a8988bcf
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-5d116249fba5ef1a:SESSION-5d116249fba5ef1a	SESSION-5d116249fba5ef1a → pe:tls:SESSION-5d116249fba5ef1a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-112a52c8741e1f24:host:172.234.197.23	SESSION-112a52c8741e1f24 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-402c59976f95ccac:flow:a4dceb0b502c	SESSION-402c59976f95ccac → flow:a4dceb0b502c
FLOW_DST_PORTOBS	e:fp:flow:c55c01d60832:port:udp:53	flow:c55c01d60832 → port:udp:53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-22e21c154242e139:host:172.234.197.23	SESSION-22e21c154242e139 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-8946fc29c6b46f6d:host:172.234.197.23	SESSION-8946fc29c6b46f6d → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-1e693ff8754b6a4b:host:172.234.197.23	SESSION-1e693ff8754b6a4b → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bf0cece70f740446:PCAP:capture_20260505170001:ca2a90108bf2	SESSION-bf0cece70f740446 → PCAP:capture_20260505170001:ca2a90108bf2
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:54.237.9.199:geo_39.04690_-77.49030	host:54.237.9.199 → geo_39.04690_-77.49030
flow_observed5-aryOBS	e:fo:flow:c8c5a6720f95	flow:c8c5a6720f95 → host:78.153.140.149 → host:172.234.197.23 → port:tcp:80 → svc:http
FLOW_FROM_HOSTOBS	e:from:SESSION-cef22d690e31564a:host:172.234.197.23	SESSION-cef22d690e31564a → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:c8c5a6720f95:port:tcp:80	flow:c8c5a6720f95 → port:tcp:80
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:172.234.197.23:geo_41.88350_-87.63050	host:172.234.197.23 → geo_41.88350_-87.63050
flow_observed5-aryOBS	e:fo:flow:40d85800a99d	flow:40d85800a99d → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8f7048e06d096abe:host:172.234.197.23:host:92.118.39.236	SESSION-8f7048e06d096abe → host:172.234.197.23 → host:92.118.39.236
FLOW_FROM_HOSTOBS	e:from:SESSION-0280199fcf3ea167:host:32.195.50.176	SESSION-0280199fcf3ea167 → host:32.195.50.176
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f439a23db4014944:host:14.17.85.204	SESSION-f439a23db4014944 → host:14.17.85.204
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-b43027ed299d5e94:SESSION-b43027ed299d5e94	SESSION-b43027ed299d5e94 → pe:syn:SESSION-b43027ed299d5e94
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4d8ee5a4e3d2c6cb:flow:dd59f847be17	SESSION-4d8ee5a4e3d2c6cb → flow:dd59f847be17
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-6f371d3a9290449b:BSG-BEACON-f6c2b3d0e42d	SESSION-6f371d3a9290449b → BSG-BEACON-f6c2b3d0e42d
flow_observed3-aryOBS	e:fo:flow:a697fcd98900	flow:a697fcd98900 → host:54.226.218.70 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b0bace154ed8e7e1:flow:f56c5e5e9322	SESSION-b0bace154ed8e7e1 → flow:f56c5e5e9322
FLOW_DST_PORTOBS	e:fp:flow:daf8c45d27ff:port:tcp:22	flow:daf8c45d27ff → port:tcp:22
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-061b514c6b7df469:host:172.236.119.165	SESSION-061b514c6b7df469 → host:172.236.119.165
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d2c12c54a6b8ee9:host:172.234.197.23	SESSION-1d2c12c54a6b8ee9 → host:172.234.197.23
ASN_IN_ORGOBS 80%	e:ao:asn:328436:org:Flashnet-Technologies-Limited	asn:328436 → org:Flashnet-Technologies-Limited
FLOW_TO_HOSTOBS	e:to:SESSION-6809ae9f3f9de168:host:172.232.0.17	SESSION-6809ae9f3f9de168 → host:172.232.0.17
flow_observed4-aryOBS	e:fo:flow:d660fa8ff9b1	flow:d660fa8ff9b1 → host:172.234.197.23 → host:92.118.39.236 → port:tcp:46006
FLOW_FROM_HOSTOBS	e:from:SESSION-6f371d3a9290449b:host:172.234.197.23	SESSION-6f371d3a9290449b → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-ec5c8fa8037e3562:BSG-BEACON-a8a8c3c8a37f	SESSION-ec5c8fa8037e3562 → BSG-BEACON-a8a8c3c8a37f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-15c7d6c96ae38709:host:172.234.197.23	SESSION-15c7d6c96ae38709 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-d4533a7174934c47:BSG-BEACON-f6c2b3d0e42d	SESSION-d4533a7174934c47 → BSG-BEACON-f6c2b3d0e42d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-989e93673dd1c7a6:SESSION-989e93673dd1c7a6	SESSION-989e93673dd1c7a6 → pe:syn:SESSION-989e93673dd1c7a6
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:40.77.167.27:geo_36.66940_-78.38770	host:40.77.167.27 → geo_36.66940_-78.38770
FLOW_FROM_HOSTOBS	e:from:SESSION-b0bace154ed8e7e1:host:103.220.165.12	SESSION-b0bace154ed8e7e1 → host:103.220.165.12
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4be2484ef7d205f9:host:199.45.155.73	SESSION-4be2484ef7d205f9 → host:199.45.155.73
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ba31b8d0bcea573c:flow:484583ddd05a	SESSION-ba31b8d0bcea573c → flow:484583ddd05a
flow_observed5-aryOBS	e:fo:flow:441658b54583	flow:441658b54583 → host:43.173.132.82 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_TLS_SNIOBS	e:fs:flow:83a5cffc6703:tls_sni:api.snapcraft.io	flow:83a5cffc6703 → tls_sni:api.snapcraft.io
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-548e9314b3086ca9:PCAP:capture_20260505190001:a68bf0af3b16	SESSION-548e9314b3086ca9 → PCAP:capture_20260505190001:a68bf0af3b16
flow_observed3-aryOBS	e:fo:flow:ea0949f415db	flow:ea0949f415db → host:108.136.246.109 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-52ca69764e41f269:SESSION-52ca69764e41f269	SESSION-52ca69764e41f269 → pe:syn:SESSION-52ca69764e41f269
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-83e825ce567e05ed:PCAP:capture_20260505170001:ca2a90108bf2	SESSION-83e825ce567e05ed → PCAP:capture_20260505170001:ca2a90108bf2
HOST_IN_ASNOBS 85%	e:ha:host:13.250.21.18:asn:16509	host:13.250.21.18 → asn:16509
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-134b659b9f89c977:host:172.232.0.17	SESSION-134b659b9f89c977 → host:172.232.0.17
ASN_IN_ORGOBS 80%	e:ao:asn:398722:org:Censys, Inc.	asn:398722 → org:Censys, Inc.
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-53f109edd419cdc2:PCAP:capture_20260505150001:90690819257f	SESSION-53f109edd419cdc2 → PCAP:capture_20260505150001:90690819257f
FLOW_FROM_HOSTOBS	e:from:SESSION-f439a23db4014944:host:14.17.85.204	SESSION-f439a23db4014944 → host:14.17.85.204
FLOW_FROM_HOSTOBS	e:from:SESSION-4d8ee5a4e3d2c6cb:host:108.137.71.172	SESSION-4d8ee5a4e3d2c6cb → host:108.137.71.172
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-51b92cc6a561b81c:SESSION-51b92cc6a561b81c	SESSION-51b92cc6a561b81c → pe:rst:SESSION-51b92cc6a561b81c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-98342a2659e39b9d:SESSION-98342a2659e39b9d	SESSION-98342a2659e39b9d → pe:syn:SESSION-98342a2659e39b9d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-48258acdb44fa51f:PCAP:capture_20260505150001:90690819257f	SESSION-48258acdb44fa51f → PCAP:capture_20260505150001:90690819257f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-29997713c592805d:host:172.234.197.23:host:172.232.0.17	SESSION-29997713c592805d → host:172.234.197.23 → host:172.232.0.17
flow_observed3-aryOBS	e:fo:flow:7027314e9f62	flow:7027314e9f62 → host:54.237.9.199 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-22dca0f7e254df40:host:172.234.197.23	SESSION-22dca0f7e254df40 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5b835c6ebb995a7d:SESSION-5b835c6ebb995a7d	SESSION-5b835c6ebb995a7d → pe:syn:SESSION-5b835c6ebb995a7d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-fb52ff5a15515e30:SESSION-fb52ff5a15515e30	SESSION-fb52ff5a15515e30 → pe:syn:SESSION-fb52ff5a15515e30
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:102.69.167.14:geo_-6.82270_39.29100	host:102.69.167.14 → geo_-6.82270_39.29100
FLOW_FROM_HOSTOBS	e:from:SESSION-56879d86cd26b6ef:host:172.234.197.23	SESSION-56879d86cd26b6ef → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e437667b37d516f6:host:54.226.218.70	SESSION-e437667b37d516f6 → host:54.226.218.70
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a4e2d049e521c4ea:PCAP:capture_20260505180001:aab19cafbf97	SESSION-a4e2d049e521c4ea → PCAP:capture_20260505180001:aab19cafbf97
FLOW_TO_HOSTOBS	e:to:SESSION-d96f4e3d10a0a4f0:host:172.234.197.23	SESSION-d96f4e3d10a0a4f0 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-22e21c154242e139:host:108.136.195.128	SESSION-22e21c154242e139 → host:108.136.195.128
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-48538346c6e3fa4e:SESSION-48538346c6e3fa4e	SESSION-48538346c6e3fa4e → pe:rst:SESSION-48538346c6e3fa4e
FLOW_TO_HOSTOBS	e:to:SESSION-d1d3131167e5d8a7:host:172.232.0.17	SESSION-d1d3131167e5d8a7 → host:172.232.0.17
FLOW_DST_PORTOBS	e:fp:flow:1914bb7cc20f:port:tcp:80	flow:1914bb7cc20f → port:tcp:80
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c28f30a8568677bd:host:54.237.9.199:host:172.234.197.23	SESSION-c28f30a8568677bd → host:54.237.9.199 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:d71d4a109401	flow:d71d4a109401 → host:43.173.187.143 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3936b227c1331c5d:host:172.234.197.23	SESSION-3936b227c1331c5d → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28d60172800a0b5c:host:172.232.0.17	SESSION-28d60172800a0b5c → host:172.232.0.17
ASN_IN_ORGOBS 80%	e:ao:asn:200780:org:Eurofiber France SAS	asn:200780 → org:Eurofiber France SAS
flow_observed5-aryOBS	e:fo:flow:f2155c27e443	flow:f2155c27e443 → host:78.153.140.149 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ad1c4ddd91bc1148:host:3.220.15.173:host:172.234.197.23	SESSION-ad1c4ddd91bc1148 → host:3.220.15.173 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-bb030de157a28a92:host:51.224.129.180	SESSION-bb030de157a28a92 → host:51.224.129.180
FLOW_TO_HOSTOBS	e:to:SESSION-ad1c4ddd91bc1148:host:172.234.197.23	SESSION-ad1c4ddd91bc1148 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a4e2d049e521c4ea:flow:27bcaa9bf1c4	SESSION-a4e2d049e521c4ea → flow:27bcaa9bf1c4
FLOW_TO_HOSTOBS	e:to:SESSION-6161ce1063e366a2:host:185.125.188.57	SESSION-6161ce1063e366a2 → host:185.125.188.57
flow_observed3-aryOBS	e:fo:flow:143398f9d784	flow:143398f9d784 → host:13.216.252.177 → host:172.234.197.23
FLOW_TLS_SNIOBS	e:fs:flow:d71d4a109401:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:d71d4a109401 → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_HTTP_HOSTOBS	e:fh:flow:9177236cf88d:http_host:172.234.197.23:80	flow:9177236cf88d → http_host:172.234.197.23:80
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-061c5d7701fcd16d:host:108.137.123.21:host:172.234.197.23	SESSION-061c5d7701fcd16d → host:108.137.123.21 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:108.136.220.138:asn:16509	host:108.136.220.138 → asn:16509
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-90d5b2c6338c7815:host:172.234.197.23	SESSION-90d5b2c6338c7815 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d4533a7174934c47:flow:b4f49eacb030	SESSION-d4533a7174934c47 → flow:b4f49eacb030
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-51b92cc6a561b81c:SESSION-51b92cc6a561b81c	SESSION-51b92cc6a561b81c → pe:tls:SESSION-51b92cc6a561b81c
FLOW_FROM_HOSTOBS	e:from:SESSION-901a03ef18d43905:host:78.153.140.149	SESSION-901a03ef18d43905 → host:78.153.140.149
flow_observed5-aryOBS	e:fo:flow:bcd27756aa40	flow:bcd27756aa40 → host:40.77.167.4 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:67de7fac861b	flow:67de7fac861b → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
FLOW_FROM_HOSTOBS	e:from:SESSION-28d60172800a0b5c:host:172.234.197.23	SESSION-28d60172800a0b5c → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:696377210741:port:tcp:80	flow:696377210741 → port:tcp:80
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b6b6a46eb2435b2c:host:172.234.197.23	SESSION-b6b6a46eb2435b2c → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d4533a7174934c47:host:172.234.197.23	SESSION-d4533a7174934c47 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-52ca69764e41f269:flow:81d4435dcab9	SESSION-52ca69764e41f269 → flow:81d4435dcab9
FLOW_TO_HOSTOBS	e:to:SESSION-48258acdb44fa51f:host:172.234.197.23	SESSION-48258acdb44fa51f → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-ad1c4ddd91bc1148:SESSION-ad1c4ddd91bc1148	SESSION-ad1c4ddd91bc1148 → pe:syn:SESSION-ad1c4ddd91bc1148
FLOW_DST_PORTOBS	e:fp:flow:c853014c7a67:port:udp:53	flow:c853014c7a67 → port:udp:53
FLOW_FROM_HOSTOBS	e:from:SESSION-9d04f6d7b357bacd:host:172.234.197.23	SESSION-9d04f6d7b357bacd → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d1099e585fa36f54:host:3.234.246.186:host:172.234.197.23	SESSION-d1099e585fa36f54 → host:3.234.246.186 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-8ead85dcd9724179:SESSION-8ead85dcd9724179	SESSION-8ead85dcd9724179 → pe:tls:SESSION-8ead85dcd9724179
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f7048e06d096abe:host:172.234.197.23	SESSION-8f7048e06d096abe → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8f7048e06d096abe:flow:481bc4d957af	SESSION-8f7048e06d096abe → flow:481bc4d957af
FLOW_TO_HOSTOBS	e:to:SESSION-cc46316b9ac69b28:host:172.234.197.23	SESSION-cc46316b9ac69b28 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-53f109edd419cdc2:host:172.234.197.23	SESSION-53f109edd419cdc2 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-f439a23db4014944:PCAP:capture_20260505170001:ca2a90108bf2	SESSION-f439a23db4014944 → PCAP:capture_20260505170001:ca2a90108bf2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d96f4e3d10a0a4f0:PCAP:capture_20260505180001:aab19cafbf97	SESSION-d96f4e3d10a0a4f0 → PCAP:capture_20260505180001:aab19cafbf97
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c70914c01a4dbe00:host:172.234.197.23	SESSION-c70914c01a4dbe00 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1f42c1a2508937e6:host:103.155.16.117:host:172.234.197.23	SESSION-1f42c1a2508937e6 → host:103.155.16.117 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-112a52c8741e1f24:host:5.61.209.107	SESSION-112a52c8741e1f24 → host:5.61.209.107
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-90b1be10321455be:host:172.234.197.23	SESSION-90b1be10321455be → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-a4e2d049e521c4ea:host:13.250.21.18	SESSION-a4e2d049e521c4ea → host:13.250.21.18
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3da8c2fb5a75575f:host:172.234.197.23	SESSION-3da8c2fb5a75575f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-112a52c8741e1f24:host:172.234.197.23	SESSION-112a52c8741e1f24 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-48258acdb44fa51f:host:172.234.197.23	SESSION-48258acdb44fa51f → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d1d3131167e5d8a7:host:172.234.197.23:host:172.232.0.17	SESSION-d1d3131167e5d8a7 → host:172.234.197.23 → host:172.232.0.17
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c9df47030e6edeae:host:40.77.167.4:host:172.234.197.23	SESSION-c9df47030e6edeae → host:40.77.167.4 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-449dd50fe1669698:host:18.138.243.16	SESSION-449dd50fe1669698 → host:18.138.243.16
FLOW_FROM_HOSTOBS	e:from:SESSION-fb52ff5a15515e30:host:199.45.155.73	SESSION-fb52ff5a15515e30 → host:199.45.155.73
FLOW_DST_PORTOBS	e:fp:flow:484583ddd05a:port:udp:53	flow:484583ddd05a → port:udp:53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-061c5d7701fcd16d:host:108.137.123.21	SESSION-061c5d7701fcd16d → host:108.137.123.21
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ba31b8d0bcea573c:host:172.232.0.17	SESSION-ba31b8d0bcea573c → host:172.232.0.17
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:51.224.16.78:geo_52.51960_13.40690	host:51.224.16.78 → geo_52.51960_13.40690
HOST_IN_ASNOBS 85%	e:ha:host:92.118.39.236:asn:47890	host:92.118.39.236 → asn:47890
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-90d5b2c6338c7815:SESSION-90d5b2c6338c7815	SESSION-90d5b2c6338c7815 → pe:syn:SESSION-90d5b2c6338c7815
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8946fc29c6b46f6d:PCAP:capture_20260505170001:ca2a90108bf2	SESSION-8946fc29c6b46f6d → PCAP:capture_20260505170001:ca2a90108bf2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5d116249fba5ef1a:PCAP:capture_20260505170001:ca2a90108bf2	SESSION-5d116249fba5ef1a → PCAP:capture_20260505170001:ca2a90108bf2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ead85dcd9724179:host:172.234.197.23	SESSION-8ead85dcd9724179 → host:172.234.197.23
flow_observed4-aryOBS	e:fo:flow:a34856d5d292	flow:a34856d5d292 → host:199.45.155.73 → host:172.234.197.23 → port:tcp:2002
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-a74e44c20494fb3b:PCAP:capture_20260505150001:90690819257f	SESSION-a74e44c20494fb3b → PCAP:capture_20260505150001:90690819257f
ASN_IN_ORGOBS 80%	e:ao:asn:31863:org:Centrilogic, Inc.	asn:31863 → org:Centrilogic, Inc.
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ac2fa7388db2f6bf:PCAP:capture_20260505190001:a68bf0af3b16	SESSION-ac2fa7388db2f6bf → PCAP:capture_20260505190001:a68bf0af3b16
ASN_IN_ORGOBS 80%	e:ao:asn:4766:org:Korea Telecom	asn:4766 → org:Korea Telecom
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-859dff0703adcd19:flow:c8c5a6720f95	SESSION-859dff0703adcd19 → flow:c8c5a6720f95
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-9d04f6d7b357bacd:SESSION-9d04f6d7b357bacd	SESSION-9d04f6d7b357bacd → pe:dns:SESSION-9d04f6d7b357bacd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cc46316b9ac69b28:PCAP:capture_20260505160001:6505a8988bcf	SESSION-cc46316b9ac69b28 → PCAP:capture_20260505160001:6505a8988bcf
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-134b659b9f89c977:flow:40d85800a99d	SESSION-134b659b9f89c977 → flow:40d85800a99d
FLOW_QUERIED_DNSOBS	e:fd:flow:7823764fbd64:dns:172-234-197-23.ip.linodeusercontent.com	flow:7823764fbd64 → dns:172-234-197-23.ip.linodeusercontent.com
HOST_IN_ASNOBS 85%	e:ha:host:108.137.154.183:asn:16509	host:108.137.154.183 → asn:16509
ASN_IN_ORGOBS 80%	e:ao:asn:202306:org:Hostglobal.plus Ltd	asn:202306 → org:Hostglobal.plus Ltd
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d4533a7174934c47:host:172.234.197.23:host:172.232.0.17	SESSION-d4533a7174934c47 → host:172.234.197.23 → host:172.232.0.17
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3da8c2fb5a75575f:flow:5c0f3e09f588	SESSION-3da8c2fb5a75575f → flow:5c0f3e09f588
FLOW_DST_PORTOBS	e:fp:flow:4501038c119d:port:tcp:80	flow:4501038c119d → port:tcp:80
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:108.136.195.128:geo_-6.21140_106.84460	host:108.136.195.128 → geo_-6.21140_106.84460
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-989e93673dd1c7a6:host:14.17.85.204	SESSION-989e93673dd1c7a6 → host:14.17.85.204
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:13.216.252.177:geo_39.04690_-77.49030	host:13.216.252.177 → geo_39.04690_-77.49030
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-15c7d6c96ae38709:PCAP:capture_20260505170001:ca2a90108bf2	SESSION-15c7d6c96ae38709 → PCAP:capture_20260505170001:ca2a90108bf2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-90d5b2c6338c7815:flow:e67e9c201483	SESSION-90d5b2c6338c7815 → flow:e67e9c201483
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-f439a23db4014944:SESSION-f439a23db4014944	SESSION-f439a23db4014944 → pe:tls:SESSION-f439a23db4014944
FLOW_HTTP_HOSTOBS	e:fh:flow:c8c5a6720f95:http_host:172.234.197.23	flow:c8c5a6720f95 → http_host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-b43027ed299d5e94:host:172.234.197.23	SESSION-b43027ed299d5e94 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:88adc449314f:port:udp:53	flow:88adc449314f → port:udp:53
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:13.229.125.1:geo_1.29390_103.84610	host:13.229.125.1 → geo_1.29390_103.84610
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:221.156.137.102:geo_34.57110_126.60100	host:221.156.137.102 → geo_34.57110_126.60100
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-83e825ce567e05ed:host:172.234.197.23	SESSION-83e825ce567e05ed → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:108.136.246.109:geo_-6.21140_106.84460	host:108.136.246.109 → geo_-6.21140_106.84460
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e07d35bac2ad33a9:host:43.173.132.115	SESSION-e07d35bac2ad33a9 → host:43.173.132.115
HOST_IN_ASNOBS 85%	e:ha:host:51.224.16.78:asn:16509	host:51.224.16.78 → asn:16509
flow_observed5-aryOBS	e:fo:flow:70c428feea0e	flow:70c428feea0e → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
FLOW_DST_PORTOBS	e:fp:flow:bcd27756aa40:port:tcp:443	flow:bcd27756aa40 → port:tcp:443
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cc46316b9ac69b28:flow:670bf8372bed	SESSION-cc46316b9ac69b28 → flow:670bf8372bed
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-061b514c6b7df469:BSG-DATA_EXFIL-cab357e760c3	SESSION-061b514c6b7df469 → BSG-DATA_EXFIL-cab357e760c3
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ad1c4ddd91bc1148:host:3.220.15.173	SESSION-ad1c4ddd91bc1148 → host:3.220.15.173
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-90b1be10321455be:PCAP:capture_20260505160001:6505a8988bcf	SESSION-90b1be10321455be → PCAP:capture_20260505160001:6505a8988bcf
FLOW_TO_HOSTOBS	e:to:SESSION-1f42c1a2508937e6:host:172.234.197.23	SESSION-1f42c1a2508937e6 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:3.234.246.186:geo_39.04690_-77.49030	host:3.234.246.186 → geo_39.04690_-77.49030
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:18.138.243.16:geo_1.29390_103.84610	host:18.138.243.16 → geo_1.29390_103.84610
FLOW_DST_PORTOBS	e:fp:flow:fb0a88ae25c4:port:tcp:443	flow:fb0a88ae25c4 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-901a03ef18d43905:host:172.234.197.23	SESSION-901a03ef18d43905 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-e437667b37d516f6:host:54.226.218.70	SESSION-e437667b37d516f6 → host:54.226.218.70
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2defdff48f63b22c:host:172.234.197.23	SESSION-2defdff48f63b22c → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:cf8bff248bec	flow:cf8bff248bec → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
FLOW_QUERIED_DNSOBS	e:fd:flow:84372b4c9378:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:84372b4c9378 → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3da8c2fb5a75575f:PCAP:capture_20260505160001:6505a8988bcf	SESSION-3da8c2fb5a75575f → PCAP:capture_20260505160001:6505a8988bcf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-93e42c11b9b89aaf:host:172.234.197.23	SESSION-93e42c11b9b89aaf → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a4e2d049e521c4ea:host:13.250.21.18:host:172.234.197.23	SESSION-a4e2d049e521c4ea → host:13.250.21.18 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-98342a2659e39b9d:host:102.69.167.14:host:172.234.197.23	SESSION-98342a2659e39b9d → host:102.69.167.14 → host:172.234.197.23
ASN_IN_ORGOBS 80%	e:ao:asn:16509:org:Amazon.com, Inc.	asn:16509 → org:Amazon.com, Inc.
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-859dff0703adcd19:SESSION-859dff0703adcd19	SESSION-859dff0703adcd19 → pe:syn:SESSION-859dff0703adcd19
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-90d5b2c6338c7815:PCAP:capture_20260505150001:90690819257f	SESSION-90d5b2c6338c7815 → PCAP:capture_20260505150001:90690819257f
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-83e825ce567e05ed:host:51.224.214.156:host:172.234.197.23	SESSION-83e825ce567e05ed → host:51.224.214.156 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:43.172.194.114:geo_1.36670_103.80000	host:43.172.194.114 → geo_1.36670_103.80000
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bb030de157a28a92:flow:a54692a6979d	SESSION-bb030de157a28a92 → flow:a54692a6979d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-989e93673dd1c7a6:flow:1914bb7cc20f	SESSION-989e93673dd1c7a6 → flow:1914bb7cc20f
ASN_IN_ORGOBS 80%	e:ao:asn:134763:org:CHINANET Guangdong province network	asn:134763 → org:CHINANET Guangdong province network
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c70914c01a4dbe00:flow:18ab509ee72d	SESSION-c70914c01a4dbe00 → flow:18ab509ee72d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-22dca0f7e254df40:PCAP:capture_20260505160001:6505a8988bcf	SESSION-22dca0f7e254df40 → PCAP:capture_20260505160001:6505a8988bcf
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5ceacf6e3fad521a:host:172.234.197.23:host:172.232.0.17	SESSION-5ceacf6e3fad521a → host:172.234.197.23 → host:172.232.0.17
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1e693ff8754b6a4b:flow:8089546c59de	SESSION-1e693ff8754b6a4b → flow:8089546c59de
FLOW_TO_HOSTOBS	e:to:SESSION-4be2484ef7d205f9:host:172.234.197.23	SESSION-4be2484ef7d205f9 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:16.78.103.11:geo_-6.21140_106.84460	host:16.78.103.11 → geo_-6.21140_106.84460
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6f591a82d04e2f23:host:108.137.154.183	SESSION-6f591a82d04e2f23 → host:108.137.154.183
FLOW_QUERIED_DNSOBS	e:fd:flow:a0f73d4e1f2a:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:a0f73d4e1f2a → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-5d116249fba5ef1a:SESSION-5d116249fba5ef1a	SESSION-5d116249fba5ef1a → pe:syn:SESSION-5d116249fba5ef1a
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-28d60172800a0b5c:host:172.234.197.23:host:172.232.0.17	SESSION-28d60172800a0b5c → host:172.234.197.23 → host:172.232.0.17
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b0bace154ed8e7e1:PCAP:capture_20260505150001:90690819257f	SESSION-b0bace154ed8e7e1 → PCAP:capture_20260505150001:90690819257f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-15c7d6c96ae38709:flow:a17816cafef4	SESSION-15c7d6c96ae38709 → flow:a17816cafef4
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:91.227.37.60:geo_48.85580_2.34940	host:91.227.37.60 → geo_48.85580_2.34940
flow_observed4-aryOBS	e:fo:flow:481bc4d957af	flow:481bc4d957af → host:172.234.197.23 → host:92.118.39.236 → port:tcp:46006
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-83e825ce567e05ed:host:51.224.214.156	SESSION-83e825ce567e05ed → host:51.224.214.156
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d1d3131167e5d8a7:flow:0f6e4fea1ebd	SESSION-d1d3131167e5d8a7 → flow:0f6e4fea1ebd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-afdbc113425d69ae:host:172.234.197.23	SESSION-afdbc113425d69ae → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d96f4e3d10a0a4f0:host:103.155.16.117	SESSION-d96f4e3d10a0a4f0 → host:103.155.16.117
HOST_IN_ASNOBS 85%	e:ha:host:103.155.16.117:asn:138915	host:103.155.16.117 → asn:138915
ASN_IN_ORGOBS 80%	e:ao:asn:132203:org:Tencent Building, Kejizhongyi Avenue	asn:132203 → org:Tencent Building, Kejizhongyi Avenue
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-548e9314b3086ca9:host:3.143.162.210	SESSION-548e9314b3086ca9 → host:3.143.162.210
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-28d60172800a0b5c:PCAP:capture_20260505210001:fe9b7b09d76a	SESSION-28d60172800a0b5c → PCAP:capture_20260505210001:fe9b7b09d76a
FLOW_DST_PORTOBS	e:fp:flow:b4f49eacb030:port:udp:53	flow:b4f49eacb030 → port:udp:53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cef22d690e31564a:host:172.232.0.17	SESSION-cef22d690e31564a → host:172.232.0.17
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4be2484ef7d205f9:PCAP:capture_20260505210001:fe9b7b09d76a	SESSION-4be2484ef7d205f9 → PCAP:capture_20260505210001:fe9b7b09d76a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1e693ff8754b6a4b:host:172.234.197.23	SESSION-1e693ff8754b6a4b → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-0280199fcf3ea167:host:32.195.50.176:host:172.234.197.23	SESSION-0280199fcf3ea167 → host:32.195.50.176 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fb52ff5a15515e30:host:172.234.197.23	SESSION-fb52ff5a15515e30 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4be2484ef7d205f9:SESSION-4be2484ef7d205f9	SESSION-4be2484ef7d205f9 → pe:syn:SESSION-4be2484ef7d205f9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-2defdff48f63b22c:PCAP:capture_20260505170001:ca2a90108bf2	SESSION-2defdff48f63b22c → PCAP:capture_20260505170001:ca2a90108bf2
FLOW_TO_HOSTOBS	e:to:SESSION-f439a23db4014944:host:172.234.197.23	SESSION-f439a23db4014944 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-cef22d690e31564a:host:172.232.0.17	SESSION-cef22d690e31564a → host:172.232.0.17
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-0280199fcf3ea167:flow:4ddbe4acc504	SESSION-0280199fcf3ea167 → flow:4ddbe4acc504
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5b835c6ebb995a7d:flow:ef50ec85480c	SESSION-5b835c6ebb995a7d → flow:ef50ec85480c
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-34afdab6201869ee:PCAP:capture_20260505170001:ca2a90108bf2	SESSION-34afdab6201869ee → PCAP:capture_20260505170001:ca2a90108bf2
HOST_IN_ASNOBS 85%	e:ha:host:54.237.9.199:asn:14618	host:54.237.9.199 → asn:14618
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-a74e44c20494fb3b:flow:729bae75cfd4	SESSION-a74e44c20494fb3b → flow:729bae75cfd4
flow_observed3-aryOBS	e:fo:flow:6bb1f29d53ff	flow:6bb1f29d53ff → host:3.234.246.186 → host:172.234.197.23
PORT_IMPLIED_SERVICEIMP 70%	e:ps:port:tcp:443:svc:https	port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-56879d86cd26b6ef:SESSION-56879d86cd26b6ef	SESSION-56879d86cd26b6ef → pe:dns:SESSION-56879d86cd26b6ef
flow_observed3-aryOBS	e:fo:flow:18c0bf5b5d25	flow:18c0bf5b5d25 → host:44.203.55.60 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c70914c01a4dbe00:host:221.156.137.102:host:172.234.197.23	SESSION-c70914c01a4dbe00 → host:221.156.137.102 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:81d4435dcab9	flow:81d4435dcab9 → host:40.77.167.27 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_DST_PORTOBS	e:fp:flow:481bc4d957af:port:tcp:46006	flow:481bc4d957af → port:tcp:46006
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51b92cc6a561b81c:host:54.227.57.227	SESSION-51b92cc6a561b81c → host:54.227.57.227
FLOW_DST_PORTOBS	e:fp:flow:e67e9c201483:port:tcp:23	flow:e67e9c201483 → port:tcp:23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-29997713c592805d:SESSION-29997713c592805d	SESSION-29997713c592805d → pe:dns:SESSION-29997713c592805d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-56879d86cd26b6ef:flow:7ac69d00b687	SESSION-56879d86cd26b6ef → flow:7ac69d00b687
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:43.173.187.143:geo_1.29390_103.84610	host:43.173.187.143 → geo_1.29390_103.84610
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a4e2d049e521c4ea:host:13.250.21.18	SESSION-a4e2d049e521c4ea → host:13.250.21.18
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a74e44c20494fb3b:host:172.234.197.23	SESSION-a74e44c20494fb3b → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-93e42c11b9b89aaf:SESSION-93e42c11b9b89aaf	SESSION-93e42c11b9b89aaf → pe:dns:SESSION-93e42c11b9b89aaf
FLOW_TO_HOSTOBS	e:to:SESSION-5ad6262f0c135833:host:172.234.197.23	SESSION-5ad6262f0c135833 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ad6262f0c135833:host:16.78.103.11	SESSION-5ad6262f0c135833 → host:16.78.103.11
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-afdbc113425d69ae:BSG-DATA_EXFIL-248342848c58	SESSION-afdbc113425d69ae → BSG-DATA_EXFIL-248342848c58
FLOW_FROM_HOSTOBS	e:from:SESSION-061c5d7701fcd16d:host:108.137.123.21	SESSION-061c5d7701fcd16d → host:108.137.123.21
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9d04f6d7b357bacd:host:172.234.197.23:host:172.232.0.17	SESSION-9d04f6d7b357bacd → host:172.234.197.23 → host:172.232.0.17
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e07d35bac2ad33a9:PCAP:capture_20260505170001:ca2a90108bf2	SESSION-e07d35bac2ad33a9 → PCAP:capture_20260505170001:ca2a90108bf2
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-7b3c407fbcf7cdbc:PCAP:capture_20260505150001:90690819257f	SESSION-7b3c407fbcf7cdbc → PCAP:capture_20260505150001:90690819257f
FLOW_FROM_HOSTOBS	e:from:SESSION-52ca69764e41f269:host:40.77.167.27	SESSION-52ca69764e41f269 → host:40.77.167.27
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8ead85dcd9724179:host:43.173.187.143	SESSION-8ead85dcd9724179 → host:43.173.187.143
HOST_IN_ASNOBS 85%	e:ha:host:16.79.76.70:asn:16509	host:16.79.76.70 → asn:16509
FLOW_TO_HOSTOBS	e:to:SESSION-b0bace154ed8e7e1:host:172.234.197.23	SESSION-b0bace154ed8e7e1 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:54.227.57.227:geo_39.04690_-77.49030	host:54.227.57.227 → geo_39.04690_-77.49030
FLOW_TO_HOSTOBS	e:to:SESSION-51b92cc6a561b81c:host:172.234.197.23	SESSION-51b92cc6a561b81c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-28d60172800a0b5c:host:172.232.0.17	SESSION-28d60172800a0b5c → host:172.232.0.17
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-2defdff48f63b22c:flow:143398f9d784	SESSION-2defdff48f63b22c → flow:143398f9d784
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d116249fba5ef1a:host:14.152.83.244	SESSION-5d116249fba5ef1a → host:14.152.83.244
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-548e9314b3086ca9:flow:f7a277f9998b	SESSION-548e9314b3086ca9 → flow:f7a277f9998b
HOST_IN_ASNOBS 85%	e:ha:host:40.77.167.27:asn:8075	host:40.77.167.27 → asn:8075
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c9df47030e6edeae:flow:c7fc0633636d	SESSION-c9df47030e6edeae → flow:c7fc0633636d
ASN_IN_ORGOBS 80%	e:ao:asn:138421:org:China Unicom	asn:138421 → org:China Unicom
FLOW_FROM_HOSTOBS	e:from:SESSION-51b92cc6a561b81c:host:54.227.57.227	SESSION-51b92cc6a561b81c → host:54.227.57.227
flow_observed5-aryOBS	e:fo:flow:0f6e4fea1ebd	flow:0f6e4fea1ebd → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
FLOW_TO_HOSTOBS	e:to:SESSION-989e93673dd1c7a6:host:172.234.197.23	SESSION-989e93673dd1c7a6 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:16.79.76.70:geo_-6.21140_106.84460	host:16.79.76.70 → geo_-6.21140_106.84460
flow_observed5-aryOBS	e:fo:flow:daf8c45d27ff	flow:daf8c45d27ff → host:45.148.10.121 → host:172.234.197.23 → port:tcp:22 → svc:ssh
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-29997713c592805d:BSG-BEACON-f6c2b3d0e42d	SESSION-29997713c592805d → BSG-BEACON-f6c2b3d0e42d
FLOW_TO_HOSTOBS	e:to:SESSION-34afdab6201869ee:host:172.234.197.23	SESSION-34afdab6201869ee → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-bf0cece70f740446:host:172.234.197.23	SESSION-bf0cece70f740446 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:484583ddd05a	flow:484583ddd05a → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-3936b227c1331c5d:flow:3b056e5c7d7c	SESSION-3936b227c1331c5d → flow:3b056e5c7d7c
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-4561579556c17060:SESSION-4561579556c17060	SESSION-4561579556c17060 → pe:syn:SESSION-4561579556c17060
FLOW_FROM_HOSTOBS	e:from:SESSION-83e825ce567e05ed:host:51.224.214.156	SESSION-83e825ce567e05ed → host:51.224.214.156
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-bf0cece70f740446:flow:18c0bf5b5d25	SESSION-bf0cece70f740446 → flow:18c0bf5b5d25
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-1164951de921d536:SESSION-1164951de921d536	SESSION-1164951de921d536 → pe:syn:SESSION-1164951de921d536
FLOW_FROM_HOSTOBS	e:from:SESSION-061b514c6b7df469:host:172.236.119.165	SESSION-061b514c6b7df469 → host:172.236.119.165
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-402c59976f95ccac:host:172.234.197.23:host:172.232.0.17	SESSION-402c59976f95ccac → host:172.234.197.23 → host:172.232.0.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc46316b9ac69b28:host:172.234.197.23	SESSION-cc46316b9ac69b28 → host:172.234.197.23
FLOW_TLS_SNIOBS	e:fs:flow:81d4435dcab9:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:81d4435dcab9 → tls_sni:172-234-197-23.ip.linodeusercontent.com
flow_observed3-aryOBS	e:fo:flow:c4b1d3f380b6	flow:c4b1d3f380b6 → host:16.79.76.70 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:51.224.214.156:asn:16509	host:51.224.214.156 → asn:16509
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8946fc29c6b46f6d:host:43.172.194.114:host:172.234.197.23	SESSION-8946fc29c6b46f6d → host:43.172.194.114 → host:172.234.197.23
ASN_IN_ORGOBS 80%	e:ao:asn:47890:org:Unmanaged Ltd	asn:47890 → org:Unmanaged Ltd
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-52ca69764e41f269:host:40.77.167.27:host:172.234.197.23	SESSION-52ca69764e41f269 → host:40.77.167.27 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-08dd2a06bab4a852:host:172.232.0.17	SESSION-08dd2a06bab4a852 → host:172.232.0.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-34afdab6201869ee:host:51.224.53.243	SESSION-34afdab6201869ee → host:51.224.53.243
HOST_IN_ASNOBS 85%	e:ha:host:92.118.39.196:asn:47890	host:92.118.39.196 → asn:47890
FLOW_FROM_HOSTOBS	e:from:SESSION-3936b227c1331c5d:host:108.136.231.22	SESSION-3936b227c1331c5d → host:108.136.231.22
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-9ac8120baa6b4cb5:host:16.79.76.70:host:172.234.197.23	SESSION-9ac8120baa6b4cb5 → host:16.79.76.70 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4561579556c17060:flow:441658b54583	SESSION-4561579556c17060 → flow:441658b54583
flow_observed3-aryOBS	e:fo:flow:729bae75cfd4	flow:729bae75cfd4 → host:51.224.16.78 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3936b227c1331c5d:host:108.136.231.22:host:172.234.197.23	SESSION-3936b227c1331c5d → host:108.136.231.22 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-449dd50fe1669698:host:172.234.197.23	SESSION-449dd50fe1669698 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-9ac8120baa6b4cb5:host:16.79.76.70	SESSION-9ac8120baa6b4cb5 → host:16.79.76.70
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-6f371d3a9290449b:SESSION-6f371d3a9290449b	SESSION-6f371d3a9290449b → pe:dns:SESSION-6f371d3a9290449b
FLOW_QUERIED_DNSOBS	e:fd:flow:70c428feea0e:dns:172-234-197-23.ip.linodeusercontent.com	flow:70c428feea0e → dns:172-234-197-23.ip.linodeusercontent.com
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-061b514c6b7df469:flow:3a5125854ad8	SESSION-061b514c6b7df469 → flow:3a5125854ad8
HOST_IN_ASNOBS 85%	e:ha:host:51.224.145.152:asn:16509	host:51.224.145.152 → asn:16509
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.118.39.236:geo_45.99680_24.99700	host:92.118.39.236 → geo_45.99680_24.99700
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1099e585fa36f54:host:3.234.246.186	SESSION-d1099e585fa36f54 → host:3.234.246.186
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-22e21c154242e139:flow:a4bc84010efc	SESSION-22e21c154242e139 → flow:a4bc84010efc
HOST_IN_ASNOBS 85%	e:ha:host:3.234.246.186:asn:14618	host:3.234.246.186 → asn:14618
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:14.152.83.244:geo_34.77320_113.72200	host:14.152.83.244 → geo_34.77320_113.72200
FLOW_DST_PORTOBS	e:fp:flow:441658b54583:port:tcp:443	flow:441658b54583 → port:tcp:443
flow_observed5-aryOBS	e:fo:flow:c853014c7a67	flow:c853014c7a67 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6f371d3a9290449b:PCAP:capture_20260505190001:a68bf0af3b16	SESSION-6f371d3a9290449b → PCAP:capture_20260505190001:a68bf0af3b16
FLOW_TO_HOSTOBS	e:to:SESSION-52ca69764e41f269:host:172.234.197.23	SESSION-52ca69764e41f269 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-e07d35bac2ad33a9:host:172.234.197.23	SESSION-e07d35bac2ad33a9 → host:172.234.197.23
PORT_IMPLIED_SERVICEIMP 70%	e:ps:port:tcp:22:svc:ssh	port:tcp:22 → svc:ssh
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-51b92cc6a561b81c:SESSION-51b92cc6a561b81c	SESSION-51b92cc6a561b81c → pe:syn:SESSION-51b92cc6a561b81c
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-061c5d7701fcd16d:flow:3b21f9ede7cb	SESSION-061c5d7701fcd16d → flow:3b21f9ede7cb
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ec5c8fa8037e3562:host:172.234.197.23	SESSION-ec5c8fa8037e3562 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-2defdff48f63b22c:host:172.234.197.23	SESSION-2defdff48f63b22c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9ac8120baa6b4cb5:host:16.79.76.70	SESSION-9ac8120baa6b4cb5 → host:16.79.76.70
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c260bd1d3b6a172d:host:51.224.123.234	SESSION-c260bd1d3b6a172d → host:51.224.123.234
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ba31b8d0bcea573c:host:172.234.197.23:host:172.232.0.17	SESSION-ba31b8d0bcea573c → host:172.234.197.23 → host:172.232.0.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-449dd50fe1669698:host:172.234.197.23	SESSION-449dd50fe1669698 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ac2fa7388db2f6bf:host:172.234.197.23:host:172.232.0.17	SESSION-ac2fa7388db2f6bf → host:172.234.197.23 → host:172.232.0.17
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-08dd2a06bab4a852:flow:67de7fac861b	SESSION-08dd2a06bab4a852 → flow:67de7fac861b
HOST_IN_ASNOBS 85%	e:ha:host:172.98.199.111:asn:31863	host:172.98.199.111 → asn:31863
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b0bace154ed8e7e1:host:103.220.165.12:host:172.234.197.23	SESSION-b0bace154ed8e7e1 → host:103.220.165.12 → host:172.234.197.23
FLOW_QUERIED_DNSOBS	e:fd:flow:449957d41315:dns:api.snapcraft.io	flow:449957d41315 → dns:api.snapcraft.io
FLOW_FROM_HOSTOBS	e:from:SESSION-3da8c2fb5a75575f:host:108.136.231.22	SESSION-3da8c2fb5a75575f → host:108.136.231.22
flow_observed5-aryOBS	e:fo:flow:696377210741	flow:696377210741 → host:43.173.132.115 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-3da8c2fb5a75575f:host:108.136.231.22:host:172.234.197.23	SESSION-3da8c2fb5a75575f → host:108.136.231.22 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-7b3c407fbcf7cdbc:host:108.136.220.138	SESSION-7b3c407fbcf7cdbc → host:108.136.220.138
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-22e21c154242e139:host:108.136.195.128	SESSION-22e21c154242e139 → host:108.136.195.128
FLOW_DST_PORTOBS	e:fp:flow:a4dceb0b502c:port:udp:53	flow:a4dceb0b502c → port:udp:53
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8946fc29c6b46f6d:SESSION-8946fc29c6b46f6d	SESSION-8946fc29c6b46f6d → pe:syn:SESSION-8946fc29c6b46f6d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-93e42c11b9b89aaf:PCAP:capture_20260505150001:90690819257f	SESSION-93e42c11b9b89aaf → PCAP:capture_20260505150001:90690819257f
FLOW_TO_HOSTOBS	e:to:SESSION-4d8ee5a4e3d2c6cb:host:172.234.197.23	SESSION-4d8ee5a4e3d2c6cb → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d8e778a85b00d06e:flow:a4f2cd6ce2f7	SESSION-d8e778a85b00d06e → flow:a4f2cd6ce2f7
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9ac8120baa6b4cb5:flow:8914df23a392	SESSION-9ac8120baa6b4cb5 → flow:8914df23a392
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d96f4e3d10a0a4f0:host:103.155.16.117	SESSION-d96f4e3d10a0a4f0 → host:103.155.16.117
FLOW_FROM_HOSTOBS	e:from:SESSION-1d2c12c54a6b8ee9:host:172.234.197.23	SESSION-1d2c12c54a6b8ee9 → host:172.234.197.23
FLOW_QUERIED_DNSOBS	e:fd:flow:88adc449314f:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:88adc449314f → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
FLOW_TO_HOSTOBS	e:to:SESSION-fb52ff5a15515e30:host:172.234.197.23	SESSION-fb52ff5a15515e30 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:3.220.15.173:asn:14618	host:3.220.15.173 → asn:14618
FLOW_DST_PORTOBS	e:fp:flow:3a5125854ad8:port:tcp:443	flow:3a5125854ad8 → port:tcp:443
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1d2c12c54a6b8ee9:PCAP:capture_20260505190001:a68bf0af3b16	SESSION-1d2c12c54a6b8ee9 → PCAP:capture_20260505190001:a68bf0af3b16
FLOW_QUERIED_DNSOBS	e:fd:flow:c853014c7a67:dns:172-234-197-23.ip.linodeusercontent.com	flow:c853014c7a67 → dns:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-e07d35bac2ad33a9:SESSION-e07d35bac2ad33a9	SESSION-e07d35bac2ad33a9 → pe:syn:SESSION-e07d35bac2ad33a9
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-98342a2659e39b9d:PCAP:capture_20260505150001:90690819257f	SESSION-98342a2659e39b9d → PCAP:capture_20260505150001:90690819257f
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:32.195.50.176:geo_37.75100_-97.82200	host:32.195.50.176 → geo_37.75100_-97.82200
ASN_IN_ORGOBS 80%	e:ao:asn:63949:org:Akamai Connected Cloud	asn:63949 → org:Akamai Connected Cloud
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b3c407fbcf7cdbc:host:108.136.220.138	SESSION-7b3c407fbcf7cdbc → host:108.136.220.138
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1f42c1a2508937e6:host:103.155.16.117	SESSION-1f42c1a2508937e6 → host:103.155.16.117
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c28f30a8568677bd:host:54.237.9.199	SESSION-c28f30a8568677bd → host:54.237.9.199
FLOW_FROM_HOSTOBS	e:from:SESSION-134b659b9f89c977:host:172.234.197.23	SESSION-134b659b9f89c977 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-f439a23db4014944:flow:347478b466ec	SESSION-f439a23db4014944 → flow:347478b466ec
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-1164951de921d536:SESSION-1164951de921d536	SESSION-1164951de921d536 → pe:tls:SESSION-1164951de921d536
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-134b659b9f89c977:host:172.234.197.23	SESSION-134b659b9f89c977 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-c260bd1d3b6a172d:host:51.224.123.234:host:172.234.197.23	SESSION-c260bd1d3b6a172d → host:51.224.123.234 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c9df47030e6edeae:host:172.234.197.23	SESSION-c9df47030e6edeae → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-ec5c8fa8037e3562:flow:02ba1d809494	SESSION-ec5c8fa8037e3562 → flow:02ba1d809494
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-859dff0703adcd19:host:78.153.140.149	SESSION-859dff0703adcd19 → host:78.153.140.149
flow_observed3-aryOBS	e:fo:flow:8914df23a392	flow:8914df23a392 → host:16.79.76.70 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d1099e585fa36f54:host:172.234.197.23	SESSION-d1099e585fa36f54 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-98342a2659e39b9d:SESSION-98342a2659e39b9d	SESSION-98342a2659e39b9d → pe:tls:SESSION-98342a2659e39b9d
flow_observed5-aryOBS	e:fo:flow:1ef937ba29a6	flow:1ef937ba29a6 → host:43.172.194.114 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-6f591a82d04e2f23:host:108.137.154.183	SESSION-6f591a82d04e2f23 → host:108.137.154.183
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-859dff0703adcd19:host:172.234.197.23	SESSION-859dff0703adcd19 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e437667b37d516f6:host:54.226.218.70:host:172.234.197.23	SESSION-e437667b37d516f6 → host:54.226.218.70 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-cef22d690e31564a:flow:a0f73d4e1f2a	SESSION-cef22d690e31564a → flow:a0f73d4e1f2a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-5b835c6ebb995a7d:SESSION-5b835c6ebb995a7d	SESSION-5b835c6ebb995a7d → pe:rst:SESSION-5b835c6ebb995a7d
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-93e42c11b9b89aaf:BSG-BEACON-f6c2b3d0e42d	SESSION-93e42c11b9b89aaf → BSG-BEACON-f6c2b3d0e42d
FLOW_TO_HOSTOBS	e:to:SESSION-bb030de157a28a92:host:172.234.197.23	SESSION-bb030de157a28a92 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-52ca69764e41f269:host:40.77.167.27	SESSION-52ca69764e41f269 → host:40.77.167.27
FLOW_TO_HOSTOBS	e:to:SESSION-ac2fa7388db2f6bf:host:172.232.0.17	SESSION-ac2fa7388db2f6bf → host:172.232.0.17
FLOW_QUERIED_DNSOBS	e:fd:flow:b4f49eacb030:dns:172-234-197-23.ip.linodeusercontent.com	flow:b4f49eacb030 → dns:172-234-197-23.ip.linodeusercontent.com
FLOW_FROM_HOSTOBS	e:from:SESSION-e07d35bac2ad33a9:host:43.173.132.115	SESSION-e07d35bac2ad33a9 → host:43.173.132.115
FLOW_TO_HOSTOBS	e:to:SESSION-90d5b2c6338c7815:host:172.234.197.23	SESSION-90d5b2c6338c7815 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-d1d3131167e5d8a7:SESSION-d1d3131167e5d8a7	SESSION-d1d3131167e5d8a7 → pe:dns:SESSION-d1d3131167e5d8a7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-08dd2a06bab4a852:host:172.232.0.17	SESSION-08dd2a06bab4a852 → host:172.232.0.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b0bace154ed8e7e1:host:172.234.197.23	SESSION-b0bace154ed8e7e1 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bf0cece70f740446:host:44.203.55.60:host:172.234.197.23	SESSION-bf0cece70f740446 → host:44.203.55.60 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-34afdab6201869ee:flow:c79e28885a99	SESSION-34afdab6201869ee → flow:c79e28885a99
HOST_IN_ASNOBS 85%	e:ha:host:172.232.0.17:asn:63949	host:172.232.0.17 → asn:63949
HOST_IN_ASNOBS 85%	e:ha:host:82.86.130.0:asn:272809	host:82.86.130.0 → asn:272809
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5ad6262f0c135833:flow:4e35f51811d2	SESSION-5ad6262f0c135833 → flow:4e35f51811d2
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:51.224.214.156:geo_52.51960_13.40690	host:51.224.214.156 → geo_52.51960_13.40690
HOST_IN_ASNOBS 85%	e:ha:host:51.224.129.180:asn:16509	host:51.224.129.180 → asn:16509
ASN_IN_ORGOBS 80%	e:ao:asn:138915:org:Kaopu Cloud HK Limited	asn:138915 → org:Kaopu Cloud HK Limited
FLOW_FROM_HOSTOBS	e:from:SESSION-5ceacf6e3fad521a:host:172.234.197.23	SESSION-5ceacf6e3fad521a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-51b92cc6a561b81c:host:172.234.197.23	SESSION-51b92cc6a561b81c → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-c9df47030e6edeae:SESSION-c9df47030e6edeae	SESSION-c9df47030e6edeae → pe:tls:SESSION-c9df47030e6edeae
FLOW_FROM_HOSTOBS	e:from:SESSION-8946fc29c6b46f6d:host:43.172.194.114	SESSION-8946fc29c6b46f6d → host:43.172.194.114
FLOW_TO_HOSTOBS	e:to:SESSION-ec5c8fa8037e3562:host:172.234.197.23	SESSION-ec5c8fa8037e3562 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-98342a2659e39b9d:flow:d55b3af6cdbc	SESSION-98342a2659e39b9d → flow:d55b3af6cdbc
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-0280199fcf3ea167:host:32.195.50.176	SESSION-0280199fcf3ea167 → host:32.195.50.176
FLOW_TO_HOSTOBS	e:to:SESSION-7b3c407fbcf7cdbc:host:172.234.197.23	SESSION-7b3c407fbcf7cdbc → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:43.173.132.115:asn:132203	host:43.173.132.115 → asn:132203
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ceacf6e3fad521a:host:172.232.0.17	SESSION-5ceacf6e3fad521a → host:172.232.0.17
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-afdbc113425d69ae:host:91.227.37.60:host:172.234.197.23	SESSION-afdbc113425d69ae → host:91.227.37.60 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-48538346c6e3fa4e:flow:d660fa8ff9b1	SESSION-48538346c6e3fa4e → flow:d660fa8ff9b1
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-7b3c407fbcf7cdbc:flow:8c9867a7b467	SESSION-7b3c407fbcf7cdbc → flow:8c9867a7b467
FLOW_TO_HOSTOBS	e:to:SESSION-6f371d3a9290449b:host:172.232.0.17	SESSION-6f371d3a9290449b → host:172.232.0.17
FLOW_DST_PORTOBS	e:fp:flow:c7fc0633636d:port:tcp:443	flow:c7fc0633636d → port:tcp:443
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cef22d690e31564a:host:172.234.197.23:host:172.232.0.17	SESSION-cef22d690e31564a → host:172.234.197.23 → host:172.232.0.17
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-112a52c8741e1f24:PCAP:capture_20260505160001:6505a8988bcf	SESSION-112a52c8741e1f24 → PCAP:capture_20260505160001:6505a8988bcf
FLOW_DST_PORTOBS	e:fp:flow:70c428feea0e:port:udp:53	flow:70c428feea0e → port:udp:53
FLOW_DST_PORTOBS	e:fp:flow:a34856d5d292:port:tcp:2002	flow:a34856d5d292 → port:tcp:2002
FLOW_HTTP_HOSTOBS	e:fh:flow:696377210741:http_host:172-234-197-23.ip.linodeusercontent.com	flow:696377210741 → http_host:172-234-197-23.ip.linodeusercontent.com
FLOW_FROM_HOSTOBS	e:from:SESSION-4be2484ef7d205f9:host:199.45.155.73	SESSION-4be2484ef7d205f9 → host:199.45.155.73
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5b835c6ebb995a7d:host:5.61.209.107	SESSION-5b835c6ebb995a7d → host:5.61.209.107
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d8e778a85b00d06e:host:13.229.125.1:host:172.234.197.23	SESSION-d8e778a85b00d06e → host:13.229.125.1 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:108.136.220.138:geo_-6.21140_106.84460	host:108.136.220.138 → geo_-6.21140_106.84460
flow_observed4-aryOBS	e:fo:flow:e67e9c201483	flow:e67e9c201483 → host:82.86.130.0 → host:172.234.197.23 → port:tcp:23
FLOW_FROM_HOSTOBS	e:from:SESSION-1164951de921d536:host:40.77.167.4	SESSION-1164951de921d536 → host:40.77.167.4
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8f7048e06d096abe:PCAP:capture_20260505200001:d502e7eabbdd	SESSION-8f7048e06d096abe → PCAP:capture_20260505200001:d502e7eabbdd
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:108.137.123.21:geo_-6.21140_106.84460	host:108.137.123.21 → geo_-6.21140_106.84460
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:51.224.129.180:geo_52.51960_13.40690	host:51.224.129.180 → geo_52.51960_13.40690
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-f439a23db4014944:host:14.17.85.204:host:172.234.197.23	SESSION-f439a23db4014944 → host:14.17.85.204 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-e437667b37d516f6:PCAP:capture_20260505170001:ca2a90108bf2	SESSION-e437667b37d516f6 → PCAP:capture_20260505170001:ca2a90108bf2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-15c7d6c96ae38709:SESSION-15c7d6c96ae38709	SESSION-15c7d6c96ae38709 → pe:tls:SESSION-15c7d6c96ae38709
HOST_IN_ASNOBS 85%	e:ha:host:43.173.132.82:asn:132203	host:43.173.132.82 → asn:132203
FLOW_DST_PORTOBS	e:fp:flow:83a5cffc6703:port:tcp:443	flow:83a5cffc6703 → port:tcp:443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:103.220.165.12:geo_34.77320_113.72200	host:103.220.165.12 → geo_34.77320_113.72200
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-432ab8a16199cf6c:SESSION-432ab8a16199cf6c	SESSION-432ab8a16199cf6c → pe:rst:SESSION-432ab8a16199cf6c
FLOW_DST_PORTOBS	e:fp:flow:da8d91463c3d:port:tcp:2002	flow:da8d91463c3d → port:tcp:2002
HOST_IN_ASNOBS 85%	e:ha:host:221.156.137.102:asn:4766	host:221.156.137.102 → asn:4766
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:108.137.71.172:geo_-6.21140_106.84460	host:108.137.71.172 → geo_-6.21140_106.84460
FLOW_DST_PORTOBS	e:fp:flow:18ab509ee72d:port:tcp:22	flow:18ab509ee72d → port:tcp:22
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d4533a7174934c47:PCAP:capture_20260505170001:ca2a90108bf2	SESSION-d4533a7174934c47 → PCAP:capture_20260505170001:ca2a90108bf2
FLOW_DST_PORTOBS	e:fp:flow:f7a277f9998b:port:tcp:21	flow:f7a277f9998b → port:tcp:21
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-29997713c592805d:flow:1507855d0ab9	SESSION-29997713c592805d → flow:1507855d0ab9
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-432ab8a16199cf6c:SESSION-432ab8a16199cf6c	SESSION-432ab8a16199cf6c → pe:syn:SESSION-432ab8a16199cf6c
FLOW_FROM_HOSTOBS	e:from:SESSION-93e42c11b9b89aaf:host:172.234.197.23	SESSION-93e42c11b9b89aaf → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-5ceacf6e3fad521a:SESSION-5ceacf6e3fad521a	SESSION-5ceacf6e3fad521a → pe:dns:SESSION-5ceacf6e3fad521a
FLOW_TO_HOSTOBS	e:to:SESSION-98342a2659e39b9d:host:172.234.197.23	SESSION-98342a2659e39b9d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b43027ed299d5e94:host:45.148.10.121:host:172.234.197.23	SESSION-b43027ed299d5e94 → host:45.148.10.121 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-afdbc113425d69ae:SESSION-afdbc113425d69ae	SESSION-afdbc113425d69ae → pe:syn:SESSION-afdbc113425d69ae
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-93e42c11b9b89aaf:flow:415bdf268435	SESSION-93e42c11b9b89aaf → flow:415bdf268435
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8946fc29c6b46f6d:host:43.172.194.114	SESSION-8946fc29c6b46f6d → host:43.172.194.114
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-112a52c8741e1f24:host:5.61.209.107:host:172.234.197.23	SESSION-112a52c8741e1f24 → host:5.61.209.107 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1d2c12c54a6b8ee9:host:172.232.0.17	SESSION-1d2c12c54a6b8ee9 → host:172.232.0.17
FLOW_FROM_HOSTOBS	e:from:SESSION-c260bd1d3b6a172d:host:51.224.123.234	SESSION-c260bd1d3b6a172d → host:51.224.123.234
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4561579556c17060:host:172.234.197.23	SESSION-4561579556c17060 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3da8c2fb5a75575f:host:108.136.231.22	SESSION-3da8c2fb5a75575f → host:108.136.231.22
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-28d60172800a0b5c:flow:c55c01d60832	SESSION-28d60172800a0b5c → flow:c55c01d60832
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4561579556c17060:host:43.173.132.82:host:172.234.197.23	SESSION-4561579556c17060 → host:43.173.132.82 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-9d04f6d7b357bacd:flow:88adc449314f	SESSION-9d04f6d7b357bacd → flow:88adc449314f
HOST_IN_ASNOBS 85%	e:ha:host:91.227.37.60:asn:200780	host:91.227.37.60 → asn:200780
FLOW_DST_PORTOBS	e:fp:flow:7823764fbd64:port:udp:53	flow:7823764fbd64 → port:udp:53
flow_observed5-aryOBS	e:fo:flow:c55c01d60832	flow:c55c01d60832 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
HOST_IN_ASNOBS 85%	e:ha:host:5.61.209.107:asn:206264	host:5.61.209.107 → asn:206264
FLOW_TO_HOSTOBS	e:to:SESSION-432ab8a16199cf6c:host:172.234.197.23	SESSION-432ab8a16199cf6c → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c260bd1d3b6a172d:host:172.234.197.23	SESSION-c260bd1d3b6a172d → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-90b1be10321455be:host:172.234.197.23	SESSION-90b1be10321455be → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-22e21c154242e139:PCAP:capture_20260505150001:90690819257f	SESSION-22e21c154242e139 → PCAP:capture_20260505150001:90690819257f
flow_observed3-aryOBS	e:fo:flow:a54692a6979d	flow:a54692a6979d → host:51.224.129.180 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-432ab8a16199cf6c:host:92.118.39.196	SESSION-432ab8a16199cf6c → host:92.118.39.196
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-1d2c12c54a6b8ee9:BSG-BEACON-f6c2b3d0e42d	SESSION-1d2c12c54a6b8ee9 → BSG-BEACON-f6c2b3d0e42d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:92.118.39.196:geo_45.99680_24.99700	host:92.118.39.196 → geo_45.99680_24.99700
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9ac8120baa6b4cb5:PCAP:capture_20260505160001:6505a8988bcf	SESSION-9ac8120baa6b4cb5 → PCAP:capture_20260505160001:6505a8988bcf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-0280199fcf3ea167:PCAP:capture_20260505170001:ca2a90108bf2	SESSION-0280199fcf3ea167 → PCAP:capture_20260505170001:ca2a90108bf2
HOST_IN_ASNOBS 85%	e:ha:host:54.226.218.70:asn:14618	host:54.226.218.70 → asn:14618
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8ead85dcd9724179:flow:d71d4a109401	SESSION-8ead85dcd9724179 → flow:d71d4a109401
FLOW_TO_HOSTOBS	e:to:SESSION-b6b6a46eb2435b2c:host:172.232.0.17	SESSION-b6b6a46eb2435b2c → host:172.232.0.17
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5ceacf6e3fad521a:PCAP:capture_20260505210001:fe9b7b09d76a	SESSION-5ceacf6e3fad521a → PCAP:capture_20260505210001:fe9b7b09d76a
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-4561579556c17060:SESSION-4561579556c17060	SESSION-4561579556c17060 → pe:tls:SESSION-4561579556c17060
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5d116249fba5ef1a:flow:0433b793a6a9	SESSION-5d116249fba5ef1a → flow:0433b793a6a9
FLOW_TO_HOSTOBS	e:to:SESSION-3936b227c1331c5d:host:172.234.197.23	SESSION-3936b227c1331c5d → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d8e778a85b00d06e:PCAP:capture_20260505180001:aab19cafbf97	SESSION-d8e778a85b00d06e → PCAP:capture_20260505180001:aab19cafbf97
flow_observed3-aryOBS	e:fo:flow:8c9867a7b467	flow:8c9867a7b467 → host:108.136.220.138 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-fb52ff5a15515e30:PCAP:capture_20260505210001:fe9b7b09d76a	SESSION-fb52ff5a15515e30 → PCAP:capture_20260505210001:fe9b7b09d76a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e07d35bac2ad33a9:host:172.234.197.23	SESSION-e07d35bac2ad33a9 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-15c7d6c96ae38709:host:43.172.194.114:host:172.234.197.23	SESSION-15c7d6c96ae38709 → host:43.172.194.114 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:54.227.57.227:asn:14618	host:54.227.57.227 → asn:14618
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-061b514c6b7df469:SESSION-061b514c6b7df469	SESSION-061b514c6b7df469 → pe:tls:SESSION-061b514c6b7df469
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-134b659b9f89c977:SESSION-134b659b9f89c977	SESSION-134b659b9f89c977 → pe:dns:SESSION-134b659b9f89c977
ASN_IN_ORGOBS 80%	e:ao:asn:272809:org:THUNDERNET, C.A.	asn:272809 → org:THUNDERNET, C.A.
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-28d60172800a0b5c:host:172.234.197.23	SESSION-28d60172800a0b5c → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-6809ae9f3f9de168:BSG-BEACON-f6c2b3d0e42d	SESSION-6809ae9f3f9de168 → BSG-BEACON-f6c2b3d0e42d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-f439a23db4014944:SESSION-f439a23db4014944	SESSION-f439a23db4014944 → pe:syn:SESSION-f439a23db4014944
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-ba31b8d0bcea573c:BSG-BEACON-f6c2b3d0e42d	SESSION-ba31b8d0bcea573c → BSG-BEACON-f6c2b3d0e42d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b43027ed299d5e94:PCAP:capture_20260505190001:a68bf0af3b16	SESSION-b43027ed299d5e94 → PCAP:capture_20260505190001:a68bf0af3b16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bf0cece70f740446:host:172.234.197.23	SESSION-bf0cece70f740446 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-061b514c6b7df469:SESSION-061b514c6b7df469	SESSION-061b514c6b7df469 → pe:syn:SESSION-061b514c6b7df469
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-08dd2a06bab4a852:host:172.234.197.23:host:172.232.0.17	SESSION-08dd2a06bab4a852 → host:172.234.197.23 → host:172.232.0.17
FLOW_TO_HOSTOBS	e:to:SESSION-9ac8120baa6b4cb5:host:172.234.197.23	SESSION-9ac8120baa6b4cb5 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:d9cdb794d862	flow:d9cdb794d862 → host:51.224.214.156 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8f7048e06d096abe:host:92.118.39.236	SESSION-8f7048e06d096abe → host:92.118.39.236
FLOW_FROM_HOSTOBS	e:from:SESSION-48258acdb44fa51f:host:51.224.145.152	SESSION-48258acdb44fa51f → host:51.224.145.152
FLOW_QUERIED_DNSOBS	e:fd:flow:67de7fac861b:dns:172-234-197-23.ip.linodeusercontent.com	flow:67de7fac861b → dns:172-234-197-23.ip.linodeusercontent.com
FLOW_QUERIED_DNSOBS	e:fd:flow:0f6e4fea1ebd:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:0f6e4fea1ebd → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
FLOW_DST_PORTOBS	e:fp:flow:fd30f5960ad1:port:tcp:443	flow:fd30f5960ad1 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6f371d3a9290449b:host:172.232.0.17	SESSION-6f371d3a9290449b → host:172.232.0.17
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6f591a82d04e2f23:PCAP:capture_20260505150001:90690819257f	SESSION-6f591a82d04e2f23 → PCAP:capture_20260505150001:90690819257f
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6161ce1063e366a2:host:172.234.197.23	SESSION-6161ce1063e366a2 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-901a03ef18d43905:host:78.153.140.149:host:172.234.197.23	SESSION-901a03ef18d43905 → host:78.153.140.149 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:a0f73d4e1f2a:port:udp:53	flow:a0f73d4e1f2a → port:udp:53
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:82.86.130.0:geo_10.48730_-66.87380	host:82.86.130.0 → geo_10.48730_-66.87380
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-fb52ff5a15515e30:host:199.45.155.73	SESSION-fb52ff5a15515e30 → host:199.45.155.73
flow_observed3-aryOBS	e:fo:flow:f56c5e5e9322	flow:f56c5e5e9322 → host:103.220.165.12 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-90b1be10321455be:flow:9bafda49b279	SESSION-90b1be10321455be → flow:9bafda49b279
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c9df47030e6edeae:PCAP:capture_20260505200001:d502e7eabbdd	SESSION-c9df47030e6edeae → PCAP:capture_20260505200001:d502e7eabbdd
FLOW_TO_HOSTOBS	e:to:SESSION-859dff0703adcd19:host:172.234.197.23	SESSION-859dff0703adcd19 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:78.153.140.149:geo_51.51640_-0.09300	host:78.153.140.149 → geo_51.51640_-0.09300
FLOW_DST_PORTOBS	e:fp:flow:67de7fac861b:port:udp:53	flow:67de7fac861b → port:udp:53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-bb030de157a28a92:host:51.224.129.180	SESSION-bb030de157a28a92 → host:51.224.129.180
FLOW_FROM_HOSTOBS	e:from:SESSION-22dca0f7e254df40:host:108.136.246.109	SESSION-22dca0f7e254df40 → host:108.136.246.109
FLOW_FROM_HOSTOBS	e:from:SESSION-d1d3131167e5d8a7:host:172.234.197.23	SESSION-d1d3131167e5d8a7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-15c7d6c96ae38709:host:43.172.194.114	SESSION-15c7d6c96ae38709 → host:43.172.194.114
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-22e21c154242e139:host:108.136.195.128:host:172.234.197.23	SESSION-22e21c154242e139 → host:108.136.195.128 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-449dd50fe1669698:flow:d2aa3d958328	SESSION-449dd50fe1669698 → flow:d2aa3d958328
PORT_IMPLIED_SERVICEIMP 70%	e:ps:port:udp:53:svc:dns	port:udp:53 → svc:dns
FLOW_DST_PORTOBS	e:fp:flow:1507855d0ab9:port:udp:53	flow:1507855d0ab9 → port:udp:53
flow_observed5-aryOBS	e:fo:flow:a4dceb0b502c	flow:a4dceb0b502c → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-061b514c6b7df469:host:172.236.119.165:host:172.234.197.23	SESSION-061b514c6b7df469 → host:172.236.119.165 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6f591a82d04e2f23:host:172.234.197.23	SESSION-6f591a82d04e2f23 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ac2fa7388db2f6bf:host:172.234.197.23	SESSION-ac2fa7388db2f6bf → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-51b92cc6a561b81c:host:54.227.57.227:host:172.234.197.23	SESSION-51b92cc6a561b81c → host:54.227.57.227 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-6161ce1063e366a2:SESSION-6161ce1063e366a2	SESSION-6161ce1063e366a2 → pe:rst:SESSION-6161ce1063e366a2
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-48538346c6e3fa4e:host:172.234.197.23:host:92.118.39.236	SESSION-48538346c6e3fa4e → host:172.234.197.23 → host:92.118.39.236
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-b6b6a46eb2435b2c:BSG-BEACON-f6c2b3d0e42d	SESSION-b6b6a46eb2435b2c → BSG-BEACON-f6c2b3d0e42d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-29997713c592805d:PCAP:capture_20260505210001:fe9b7b09d76a	SESSION-29997713c592805d → PCAP:capture_20260505210001:fe9b7b09d76a
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b43027ed299d5e94:host:172.234.197.23	SESSION-b43027ed299d5e94 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-402c59976f95ccac:host:172.232.0.17	SESSION-402c59976f95ccac → host:172.232.0.17
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-989e93673dd1c7a6:PCAP:capture_20260505170001:ca2a90108bf2	SESSION-989e93673dd1c7a6 → PCAP:capture_20260505170001:ca2a90108bf2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-6809ae9f3f9de168:host:172.234.197.23	SESSION-6809ae9f3f9de168 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-1e693ff8754b6a4b:SESSION-1e693ff8754b6a4b	SESSION-1e693ff8754b6a4b → pe:dns:SESSION-1e693ff8754b6a4b
FLOW_TO_HOSTOBS	e:to:SESSION-4561579556c17060:host:172.234.197.23	SESSION-4561579556c17060 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-b6b6a46eb2435b2c:host:172.234.197.23:host:172.232.0.17	SESSION-b6b6a46eb2435b2c → host:172.234.197.23 → host:172.232.0.17
HOST_IN_ASNOBS 85%	e:ha:host:108.136.246.109:asn:16509	host:108.136.246.109 → asn:16509
HOST_IN_ASNOBS 85%	e:ha:host:14.152.83.244:asn:134763	host:14.152.83.244 → asn:134763
HOST_IN_ASNOBS 85%	e:ha:host:108.136.195.128:asn:16509	host:108.136.195.128 → asn:16509
FLOW_FROM_HOSTOBS	e:from:SESSION-5d116249fba5ef1a:host:14.152.83.244	SESSION-5d116249fba5ef1a → host:14.152.83.244
flow_observed3-aryOBS	e:fo:flow:27bcaa9bf1c4	flow:27bcaa9bf1c4 → host:13.250.21.18 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-90b1be10321455be:host:172.98.199.111:host:172.234.197.23	SESSION-90b1be10321455be → host:172.98.199.111 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:f2155c27e443:port:tcp:80	flow:f2155c27e443 → port:tcp:80
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e437667b37d516f6:flow:a697fcd98900	SESSION-e437667b37d516f6 → flow:a697fcd98900
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-48258acdb44fa51f:host:51.224.145.152:host:172.234.197.23	SESSION-48258acdb44fa51f → host:51.224.145.152 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-ac2fa7388db2f6bf:host:172.234.197.23	SESSION-ac2fa7388db2f6bf → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:78.153.140.149:asn:202306	host:78.153.140.149 → asn:202306
FLOW_FROM_HOSTOBS	e:from:SESSION-a74e44c20494fb3b:host:51.224.16.78	SESSION-a74e44c20494fb3b → host:51.224.16.78
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5b835c6ebb995a7d:PCAP:capture_20260505160001:6505a8988bcf	SESSION-5b835c6ebb995a7d → PCAP:capture_20260505160001:6505a8988bcf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4d8ee5a4e3d2c6cb:host:108.137.71.172	SESSION-4d8ee5a4e3d2c6cb → host:108.137.71.172
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-56879d86cd26b6ef:host:172.234.197.23:host:172.232.0.17	SESSION-56879d86cd26b6ef → host:172.234.197.23 → host:172.232.0.17
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-52ca69764e41f269:PCAP:capture_20260505190001:a68bf0af3b16	SESSION-52ca69764e41f269 → PCAP:capture_20260505190001:a68bf0af3b16
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-402c59976f95ccac:PCAP:capture_20260505190001:a68bf0af3b16	SESSION-402c59976f95ccac → PCAP:capture_20260505190001:a68bf0af3b16
FLOW_DST_PORTOBS	e:fp:flow:40d85800a99d:port:udp:53	flow:40d85800a99d → port:udp:53
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-402c59976f95ccac:host:172.232.0.17	SESSION-402c59976f95ccac → host:172.232.0.17
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5ad6262f0c135833:host:16.78.103.11:host:172.234.197.23	SESSION-5ad6262f0c135833 → host:16.78.103.11 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:c7fc0633636d	flow:c7fc0633636d → host:40.77.167.4 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_FROM_HOSTOBS	e:from:SESSION-b43027ed299d5e94:host:45.148.10.121	SESSION-b43027ed299d5e94 → host:45.148.10.121
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-22dca0f7e254df40:host:108.136.246.109	SESSION-22dca0f7e254df40 → host:108.136.246.109
FLOW_FROM_HOSTOBS	e:from:SESSION-8f7048e06d096abe:host:172.234.197.23	SESSION-8f7048e06d096abe → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:172.234.197.23:asn:63949	host:172.234.197.23 → asn:63949
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-90d5b2c6338c7815:host:82.86.130.0	SESSION-90d5b2c6338c7815 → host:82.86.130.0
FLOW_FROM_HOSTOBS	e:from:SESSION-402c59976f95ccac:host:172.234.197.23	SESSION-402c59976f95ccac → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-48538346c6e3fa4e:host:172.234.197.23	SESSION-48538346c6e3fa4e → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1099e585fa36f54:host:172.234.197.23	SESSION-d1099e585fa36f54 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-432ab8a16199cf6c:flow:cbf075d8966a	SESSION-432ab8a16199cf6c → flow:cbf075d8966a
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:172.232.0.17:geo_41.88350_-87.63050	host:172.232.0.17 → geo_41.88350_-87.63050
HOST_IN_ASNOBS 85%	e:ha:host:14.17.85.204:asn:134763	host:14.17.85.204 → asn:134763
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-b6b6a46eb2435b2c:PCAP:capture_20260505150001:90690819257f	SESSION-b6b6a46eb2435b2c → PCAP:capture_20260505150001:90690819257f
flow_observed3-aryOBS	e:fo:flow:02ba1d809494	flow:02ba1d809494 → host:103.155.16.117 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c260bd1d3b6a172d:PCAP:capture_20260505150001:90690819257f	SESSION-c260bd1d3b6a172d → PCAP:capture_20260505150001:90690819257f
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-08dd2a06bab4a852:BSG-BEACON-f6c2b3d0e42d	SESSION-08dd2a06bab4a852 → BSG-BEACON-f6c2b3d0e42d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-afdbc113425d69ae:flow:fb0a88ae25c4	SESSION-afdbc113425d69ae → flow:fb0a88ae25c4
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-061b514c6b7df469:host:172.234.197.23	SESSION-061b514c6b7df469 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-432ab8a16199cf6c:host:172.234.197.23	SESSION-432ab8a16199cf6c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-53f109edd419cdc2:host:172.234.197.23	SESSION-53f109edd419cdc2 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-08dd2a06bab4a852:PCAP:capture_20260505200001:d502e7eabbdd	SESSION-08dd2a06bab4a852 → PCAP:capture_20260505200001:d502e7eabbdd
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-f439a23db4014944:host:172.234.197.23	SESSION-f439a23db4014944 → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:14.17.85.204:geo_34.77320_113.72200	host:14.17.85.204 → geo_34.77320_113.72200
HOST_IN_ASNOBS 85%	e:ha:host:13.216.252.177:asn:14618	host:13.216.252.177 → asn:14618
FLOW_TO_HOSTOBS	e:to:SESSION-1d2c12c54a6b8ee9:host:172.232.0.17	SESSION-1d2c12c54a6b8ee9 → host:172.232.0.17
FLOW_FROM_HOSTOBS	e:from:SESSION-90b1be10321455be:host:172.98.199.111	SESSION-90b1be10321455be → host:172.98.199.111
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b6b6a46eb2435b2c:flow:84372b4c9378	SESSION-b6b6a46eb2435b2c → flow:84372b4c9378
flow_observed5-aryOBS	e:fo:flow:88adc449314f	flow:88adc449314f → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
FLOW_TO_HOSTOBS	e:to:SESSION-48538346c6e3fa4e:host:92.118.39.236	SESSION-48538346c6e3fa4e → host:92.118.39.236
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-061c5d7701fcd16d:PCAP:capture_20260505160001:6505a8988bcf	SESSION-061c5d7701fcd16d → PCAP:capture_20260505160001:6505a8988bcf
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-52ca69764e41f269:host:172.234.197.23	SESSION-52ca69764e41f269 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:9bafda49b279	flow:9bafda49b279 → host:172.98.199.111 → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:dd59f847be17	flow:dd59f847be17 → host:108.137.71.172 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-1e693ff8754b6a4b:host:172.234.197.23:host:172.232.0.17	SESSION-1e693ff8754b6a4b → host:172.234.197.23 → host:172.232.0.17
FLOW_DST_PORTOBS	e:fp:flow:d71d4a109401:port:tcp:443	flow:d71d4a109401 → port:tcp:443
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c28f30a8568677bd:host:172.234.197.23	SESSION-c28f30a8568677bd → host:172.234.197.23
flow_observed3-aryOBS	e:fo:flow:c704ad95df18	flow:c704ad95df18 → host:103.155.16.117 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:18.138.243.16:asn:16509	host:18.138.243.16 → asn:16509
FLOW_FROM_HOSTOBS	e:from:SESSION-b6b6a46eb2435b2c:host:172.234.197.23	SESSION-b6b6a46eb2435b2c → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4533a7174934c47:host:172.232.0.17	SESSION-d4533a7174934c47 → host:172.232.0.17
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:43.173.132.115:geo_1.29390_103.84610	host:43.173.132.115 → geo_1.29390_103.84610
FLOW_FROM_HOSTOBS	e:from:SESSION-15c7d6c96ae38709:host:43.172.194.114	SESSION-15c7d6c96ae38709 → host:43.172.194.114
flow_observed5-aryOBS	e:fo:flow:9177236cf88d	flow:9177236cf88d → host:5.61.209.107 → host:172.234.197.23 → port:tcp:80 → svc:http
FLOW_TLS_SNIOBS	e:fs:flow:fd30f5960ad1:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:fd30f5960ad1 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-548e9314b3086ca9:host:3.143.162.210:host:172.234.197.23	SESSION-548e9314b3086ca9 → host:3.143.162.210 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-08dd2a06bab4a852:host:172.234.197.23	SESSION-08dd2a06bab4a852 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-134b659b9f89c977:BSG-BEACON-f6c2b3d0e42d	SESSION-134b659b9f89c977 → BSG-BEACON-f6c2b3d0e42d
FLOW_DST_PORTOBS	e:fp:flow:a17816cafef4:port:tcp:443	flow:a17816cafef4 → port:tcp:443
FLOW_QUERIED_DNSOBS	e:fd:flow:cf8bff248bec:dns:172-234-197-23.ip.linodeusercontent.com	flow:cf8bff248bec → dns:172-234-197-23.ip.linodeusercontent.com
FLOW_DST_PORTOBS	e:fp:flow:d660fa8ff9b1:port:tcp:46006	flow:d660fa8ff9b1 → port:tcp:46006
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-ac2fa7388db2f6bf:BSG-BEACON-f6c2b3d0e42d	SESSION-ac2fa7388db2f6bf → BSG-BEACON-f6c2b3d0e42d
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-b6b6a46eb2435b2c:SESSION-b6b6a46eb2435b2c	SESSION-b6b6a46eb2435b2c → pe:dns:SESSION-b6b6a46eb2435b2c
FLOW_TO_HOSTOBS	e:to:SESSION-5ceacf6e3fad521a:host:172.232.0.17	SESSION-5ceacf6e3fad521a → host:172.232.0.17
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-d4533a7174934c47:SESSION-d4533a7174934c47	SESSION-d4533a7174934c47 → pe:dns:SESSION-d4533a7174934c47
FLOW_HTTP_HOSTOBS	e:fh:flow:4501038c119d:http_host:172-234-197-23.ip.linodeusercontent.com	flow:4501038c119d → http_host:172-234-197-23.ip.linodeusercontent.com
FLOW_FROM_HOSTOBS	e:from:SESSION-34afdab6201869ee:host:51.224.53.243	SESSION-34afdab6201869ee → host:51.224.53.243
ASN_IN_ORGOBS 80%	e:ao:asn:48090:org:Techoff Srv Limited	asn:48090 → org:Techoff Srv Limited
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9d04f6d7b357bacd:host:172.234.197.23	SESSION-9d04f6d7b357bacd → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-6809ae9f3f9de168:PCAP:capture_20260505180001:aab19cafbf97	SESSION-6809ae9f3f9de168 → PCAP:capture_20260505180001:aab19cafbf97
FLOW_TO_HOSTOBS	e:to:SESSION-9d04f6d7b357bacd:host:172.232.0.17	SESSION-9d04f6d7b357bacd → host:172.232.0.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-98342a2659e39b9d:host:172.234.197.23	SESSION-98342a2659e39b9d → host:172.234.197.23
FLOW_HTTP_HOSTOBS	e:fh:flow:f2155c27e443:http_host:172.234.197.23	flow:f2155c27e443 → http_host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-48538346c6e3fa4e:PCAP:capture_20260505200001:d502e7eabbdd	SESSION-48538346c6e3fa4e → PCAP:capture_20260505200001:d502e7eabbdd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-4561579556c17060:PCAP:capture_20260505170001:ca2a90108bf2	SESSION-4561579556c17060 → PCAP:capture_20260505170001:ca2a90108bf2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d4533a7174934c47:host:172.234.197.23	SESSION-d4533a7174934c47 → host:172.234.197.23
FLOW_DST_PORTOBS	e:fp:flow:7ac69d00b687:port:udp:53	flow:7ac69d00b687 → port:udp:53
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-a74e44c20494fb3b:host:51.224.16.78:host:172.234.197.23	SESSION-a74e44c20494fb3b → host:51.224.16.78 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ec5c8fa8037e3562:host:103.155.16.117	SESSION-ec5c8fa8037e3562 → host:103.155.16.117
flow_observed3-aryOBS	e:fo:flow:a4bc84010efc	flow:a4bc84010efc → host:108.136.195.128 → host:172.234.197.23
ASN_IN_ORGOBS 80%	e:ao:asn:41231:org:Canonical Group Limited	asn:41231 → org:Canonical Group Limited
FLOW_TO_HOSTOBS	e:to:SESSION-d4533a7174934c47:host:172.232.0.17	SESSION-d4533a7174934c47 → host:172.232.0.17
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1d3131167e5d8a7:host:172.234.197.23	SESSION-d1d3131167e5d8a7 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-29997713c592805d:host:172.232.0.17	SESSION-29997713c592805d → host:172.232.0.17
flow_observed5-aryOBS	e:fo:flow:cbf075d8966a	flow:cbf075d8966a → host:92.118.39.196 → host:172.234.197.23 → port:tcp:22 → svc:ssh
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:54.226.218.70:geo_39.04690_-77.49030	host:54.226.218.70 → geo_39.04690_-77.49030
FLOW_TLS_SNIOBS	e:fs:flow:bcd27756aa40:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:bcd27756aa40 → tls_sni:172-234-197-23.ip.linodeusercontent.com
flow_observed5-aryOBS	e:fo:flow:18ab509ee72d	flow:18ab509ee72d → host:221.156.137.102 → host:172.234.197.23 → port:tcp:22 → svc:ssh
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:51.224.145.152:geo_52.51960_13.40690	host:51.224.145.152 → geo_52.51960_13.40690
FLOW_TO_HOSTOBS	e:to:SESSION-56879d86cd26b6ef:host:172.232.0.17	SESSION-56879d86cd26b6ef → host:172.232.0.17
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-3936b227c1331c5d:PCAP:capture_20260505150001:90690819257f	SESSION-3936b227c1331c5d → PCAP:capture_20260505150001:90690819257f
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-134b659b9f89c977:PCAP:capture_20260505200001:d502e7eabbdd	SESSION-134b659b9f89c977 → PCAP:capture_20260505200001:d502e7eabbdd
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-cef22d690e31564a:PCAP:capture_20260505190001:a68bf0af3b16	SESSION-cef22d690e31564a → PCAP:capture_20260505190001:a68bf0af3b16
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:5.61.209.107:geo_-4.58330_55.66670	host:5.61.209.107 → geo_-4.58330_55.66670
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6f371d3a9290449b:flow:cf8bff248bec	SESSION-6f371d3a9290449b → flow:cf8bff248bec
flow_observed3-aryOBS	e:fo:flow:3b056e5c7d7c	flow:3b056e5c7d7c → host:108.136.231.22 → host:172.234.197.23
FLOW_QUERIED_DNSOBS	e:fd:flow:a4dceb0b502c:dns:api.snapcraft.io	flow:a4dceb0b502c → dns:api.snapcraft.io
FLOW_DST_PORTOBS	e:fp:flow:cbf075d8966a:port:tcp:22	flow:cbf075d8966a → port:tcp:22
FLOW_DST_PORTOBS	e:fp:flow:0433b793a6a9:port:tcp:443	flow:0433b793a6a9 → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-8f7048e06d096abe:host:92.118.39.236	SESSION-8f7048e06d096abe → host:92.118.39.236
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1f42c1a2508937e6:PCAP:capture_20260505200001:d502e7eabbdd	SESSION-1f42c1a2508937e6 → PCAP:capture_20260505200001:d502e7eabbdd
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-6161ce1063e366a2:BSG-DATA_EXFIL-93085dcb8f6d	SESSION-6161ce1063e366a2 → BSG-DATA_EXFIL-93085dcb8f6d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6161ce1063e366a2:flow:83a5cffc6703	SESSION-6161ce1063e366a2 → flow:83a5cffc6703
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-5b835c6ebb995a7d:host:5.61.209.107:host:172.234.197.23	SESSION-5b835c6ebb995a7d → host:5.61.209.107 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-859dff0703adcd19:host:78.153.140.149:host:172.234.197.23	SESSION-859dff0703adcd19 → host:78.153.140.149 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-5ceacf6e3fad521a:BSG-BEACON-f6c2b3d0e42d	SESSION-5ceacf6e3fad521a → BSG-BEACON-f6c2b3d0e42d
FLOW_FROM_HOSTOBS	e:from:SESSION-90d5b2c6338c7815:host:82.86.130.0	SESSION-90d5b2c6338c7815 → host:82.86.130.0
HOST_IN_ASNOBS 85%	e:ha:host:108.136.231.22:asn:16509	host:108.136.231.22 → asn:16509
FLOW_TLS_SNIOBS	e:fs:flow:fb0a88ae25c4:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:fb0a88ae25c4 → tls_sni:172-234-197-23.ip.linodeusercontent.com
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-5ad6262f0c135833:PCAP:capture_20260505150001:90690819257f	SESSION-5ad6262f0c135833 → PCAP:capture_20260505150001:90690819257f
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-28d60172800a0b5c:SESSION-28d60172800a0b5c	SESSION-28d60172800a0b5c → pe:dns:SESSION-28d60172800a0b5c
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a74e44c20494fb3b:host:51.224.16.78	SESSION-a74e44c20494fb3b → host:51.224.16.78
flow_observed3-aryOBS	e:fo:flow:a4f2cd6ce2f7	flow:a4f2cd6ce2f7 → host:13.229.125.1 → host:172.234.197.23
PORT_IMPLIED_SERVICEIMP 70%	e:ps:port:tcp:80:svc:http	port:tcp:80 → svc:http
flow_observed4-aryOBS	e:fo:flow:da8d91463c3d	flow:da8d91463c3d → host:199.45.155.73 → host:172.234.197.23 → port:tcp:2002
FLOW_TO_HOSTOBS	e:to:SESSION-134b659b9f89c977:host:172.232.0.17	SESSION-134b659b9f89c977 → host:172.232.0.17
FLOW_FROM_HOSTOBS	e:from:SESSION-5ad6262f0c135833:host:16.78.103.11	SESSION-5ad6262f0c135833 → host:16.78.103.11
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-34afdab6201869ee:host:172.234.197.23	SESSION-34afdab6201869ee → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1164951de921d536:flow:bcd27756aa40	SESSION-1164951de921d536 → flow:bcd27756aa40
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-8ead85dcd9724179:PCAP:capture_20260505170001:ca2a90108bf2	SESSION-8ead85dcd9724179 → PCAP:capture_20260505170001:ca2a90108bf2
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-98342a2659e39b9d:host:102.69.167.14	SESSION-98342a2659e39b9d → host:102.69.167.14
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-8f7048e06d096abe:SESSION-8f7048e06d096abe	SESSION-8f7048e06d096abe → pe:rst:SESSION-8f7048e06d096abe
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-112a52c8741e1f24:SESSION-112a52c8741e1f24	SESSION-112a52c8741e1f24 → pe:syn:SESSION-112a52c8741e1f24
HOST_IN_ASNOBS 85%	e:ha:host:43.172.194.114:asn:132203	host:43.172.194.114 → asn:132203
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-48538346c6e3fa4e:host:172.234.197.23	SESSION-48538346c6e3fa4e → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-432ab8a16199cf6c:PCAP:capture_20260505210001:fe9b7b09d76a	SESSION-432ab8a16199cf6c → PCAP:capture_20260505210001:fe9b7b09d76a
FLOW_FROM_HOSTOBS	e:from:SESSION-859dff0703adcd19:host:78.153.140.149	SESSION-859dff0703adcd19 → host:78.153.140.149
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-22dca0f7e254df40:flow:ea0949f415db	SESSION-22dca0f7e254df40 → flow:ea0949f415db
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-1e693ff8754b6a4b:host:172.232.0.17	SESSION-1e693ff8754b6a4b → host:172.232.0.17
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-134b659b9f89c977:host:172.234.197.23:host:172.232.0.17	SESSION-134b659b9f89c977 → host:172.234.197.23 → host:172.232.0.17
HOST_IN_ASNOBS 85%	e:ha:host:103.220.165.12:asn:138421	host:103.220.165.12 → asn:138421
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:44.203.55.60:geo_39.04690_-77.49030	host:44.203.55.60 → geo_39.04690_-77.49030
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-9d04f6d7b357bacd:host:172.232.0.17	SESSION-9d04f6d7b357bacd → host:172.232.0.17
HOST_IN_ASNOBS 85%	e:ha:host:108.137.71.172:asn:16509	host:108.137.71.172 → asn:16509
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:108.136.231.22:geo_-6.21140_106.84460	host:108.136.231.22 → geo_-6.21140_106.84460
HOST_IN_ASNOBS 85%	e:ha:host:45.148.10.121:asn:48090	host:45.148.10.121 → asn:48090
FLOW_DST_PORTOBS	e:fp:flow:ef50ec85480c:port:tcp:80	flow:ef50ec85480c → port:tcp:80
HOST_IN_ASNOBS 85%	e:ha:host:108.137.123.21:asn:16509	host:108.137.123.21 → asn:16509
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-061c5d7701fcd16d:host:172.234.197.23	SESSION-061c5d7701fcd16d → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-6809ae9f3f9de168:SESSION-6809ae9f3f9de168	SESSION-6809ae9f3f9de168 → pe:dns:SESSION-6809ae9f3f9de168
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5ceacf6e3fad521a:host:172.234.197.23	SESSION-5ceacf6e3fad521a → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:51.224.123.234:asn:16509	host:51.224.123.234 → asn:16509
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ba31b8d0bcea573c:host:172.234.197.23	SESSION-ba31b8d0bcea573c → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-c28f30a8568677bd:host:54.237.9.199	SESSION-c28f30a8568677bd → host:54.237.9.199
flow_observed5-aryOBS	e:fo:flow:415bdf268435	flow:415bdf268435 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
flow_observed5-aryOBS	e:fo:flow:3a5125854ad8	flow:3a5125854ad8 → host:172.236.119.165 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-3936b227c1331c5d:host:108.136.231.22	SESSION-3936b227c1331c5d → host:108.136.231.22
FLOW_FROM_HOSTOBS	e:from:SESSION-98342a2659e39b9d:host:102.69.167.14	SESSION-98342a2659e39b9d → host:102.69.167.14
FLOW_QUERIED_DNSOBS	e:fd:flow:40d85800a99d:dns:172-234-197-23.ip.linodeusercontent.com	flow:40d85800a99d → dns:172-234-197-23.ip.linodeusercontent.com
FLOW_FROM_HOSTOBS	e:from:SESSION-c70914c01a4dbe00:host:221.156.137.102	SESSION-c70914c01a4dbe00 → host:221.156.137.102
FLOW_DST_PORTOBS	e:fp:flow:cf8bff248bec:port:udp:53	flow:cf8bff248bec → port:udp:53
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-989e93673dd1c7a6:host:14.17.85.204:host:172.234.197.23	SESSION-989e93673dd1c7a6 → host:14.17.85.204 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%	e:bsg:SESSION-52ca69764e41f269:BSG-DATA_EXFIL-b6d7f24ac366	SESSION-52ca69764e41f269 → BSG-DATA_EXFIL-b6d7f24ac366
flow_observed5-aryOBS	e:fo:flow:0433b793a6a9	flow:0433b793a6a9 → host:14.152.83.244 → host:172.234.197.23 → port:tcp:443 → svc:https
flow_observed5-aryOBS	e:fo:flow:449957d41315	flow:449957d41315 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
FLOW_FROM_HOSTOBS	e:from:SESSION-ec5c8fa8037e3562:host:103.155.16.117	SESSION-ec5c8fa8037e3562 → host:103.155.16.117
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-4d8ee5a4e3d2c6cb:host:108.137.71.172:host:172.234.197.23	SESSION-4d8ee5a4e3d2c6cb → host:108.137.71.172 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-afdbc113425d69ae:host:91.227.37.60	SESSION-afdbc113425d69ae → host:91.227.37.60
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-2defdff48f63b22c:host:13.216.252.177	SESSION-2defdff48f63b22c → host:13.216.252.177
flow_observed5-aryOBS	e:fo:flow:7823764fbd64	flow:7823764fbd64 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_CONTAINS_EVENTOBS	e:pe:pe:tls:SESSION-6161ce1063e366a2:SESSION-6161ce1063e366a2	SESSION-6161ce1063e366a2 → pe:tls:SESSION-6161ce1063e366a2
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:45.148.10.121:geo_52.37590_4.89750	host:45.148.10.121 → geo_52.37590_4.89750
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-ad1c4ddd91bc1148:host:172.234.197.23	SESSION-ad1c4ddd91bc1148 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-22dca0f7e254df40:host:108.136.246.109:host:172.234.197.23	SESSION-22dca0f7e254df40 → host:108.136.246.109 → host:172.234.197.23
SESSION_CONTAINS_EVENTOBS	e:pe:pe:rst:SESSION-98342a2659e39b9d:SESSION-98342a2659e39b9d	SESSION-98342a2659e39b9d → pe:rst:SESSION-98342a2659e39b9d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d8e778a85b00d06e:host:13.229.125.1	SESSION-d8e778a85b00d06e → host:13.229.125.1
FLOW_HTTP_HOSTOBS	e:fh:flow:1914bb7cc20f:http_host:172-234-197-23.ip.linodeusercontent.com	flow:1914bb7cc20f → http_host:172-234-197-23.ip.linodeusercontent.com
FLOW_TO_HOSTOBS	e:to:SESSION-22dca0f7e254df40:host:172.234.197.23	SESSION-22dca0f7e254df40 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-3da8c2fb5a75575f:host:172.234.197.23	SESSION-3da8c2fb5a75575f → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c70914c01a4dbe00:host:172.234.197.23	SESSION-c70914c01a4dbe00 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6161ce1063e366a2:host:172.234.197.23:host:185.125.188.57	SESSION-6161ce1063e366a2 → host:172.234.197.23 → host:185.125.188.57
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-901a03ef18d43905:SESSION-901a03ef18d43905	SESSION-901a03ef18d43905 → pe:syn:SESSION-901a03ef18d43905
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-d1d3131167e5d8a7:PCAP:capture_20260505180001:aab19cafbf97	SESSION-d1d3131167e5d8a7 → PCAP:capture_20260505180001:aab19cafbf97
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-5ceacf6e3fad521a:flow:70c428feea0e	SESSION-5ceacf6e3fad521a → flow:70c428feea0e
flow_observed5-aryOBS	e:fo:flow:7ac69d00b687	flow:7ac69d00b687 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-402c59976f95ccac:BSG-BEACON-f6c2b3d0e42d	SESSION-402c59976f95ccac → BSG-BEACON-f6c2b3d0e42d
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-901a03ef18d43905:flow:f2155c27e443	SESSION-901a03ef18d43905 → flow:f2155c27e443
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:172.236.119.165:geo_41.88350_-87.63050	host:172.236.119.165 → geo_41.88350_-87.63050
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-83e825ce567e05ed:flow:d9cdb794d862	SESSION-83e825ce567e05ed → flow:d9cdb794d862
FLOW_QUERIED_DNSOBS	e:fd:flow:8089546c59de:dns:172-234-197-23.ip.linodeusercontent.com	flow:8089546c59de → dns:172-234-197-23.ip.linodeusercontent.com
flow_observed3-aryOBS	e:fo:flow:d7d8a1790678	flow:d7d8a1790678 → host:51.224.123.234 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-a4e2d049e521c4ea:host:172.234.197.23	SESSION-a4e2d049e521c4ea → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-989e93673dd1c7a6:host:14.17.85.204	SESSION-989e93673dd1c7a6 → host:14.17.85.204
FLOW_DST_PORTOBS	e:fp:flow:415bdf268435:port:udp:53	flow:415bdf268435 → port:udp:53
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-fb52ff5a15515e30:flow:a34856d5d292	SESSION-fb52ff5a15515e30 → flow:a34856d5d292
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-7b3c407fbcf7cdbc:host:172.234.197.23	SESSION-7b3c407fbcf7cdbc → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-e437667b37d516f6:host:172.234.197.23	SESSION-e437667b37d516f6 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c260bd1d3b6a172d:host:172.234.197.23	SESSION-c260bd1d3b6a172d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-d96f4e3d10a0a4f0:host:103.155.16.117:host:172.234.197.23	SESSION-d96f4e3d10a0a4f0 → host:103.155.16.117 → host:172.234.197.23
ASN_IN_ORGOBS 80%	e:ao:asn:206264:org:Amarutu Technology Ltd	asn:206264 → org:Amarutu Technology Ltd
flow_observed3-aryOBS	e:fo:flow:02b1e8c8b192	flow:02b1e8c8b192 → host:103.155.16.117 → host:172.234.197.23
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%	e:bsg:SESSION-56879d86cd26b6ef:BSG-BEACON-f6c2b3d0e42d	SESSION-56879d86cd26b6ef → BSG-BEACON-f6c2b3d0e42d
FLOW_QUERIED_DNSOBS	e:fd:flow:415bdf268435:dns:172-234-197-23.ip.linodeusercontent.com	flow:415bdf268435 → dns:172-234-197-23.ip.linodeusercontent.com
FLOW_FROM_HOSTOBS	e:from:SESSION-6161ce1063e366a2:host:172.234.197.23	SESSION-6161ce1063e366a2 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-1f42c1a2508937e6:flow:c704ad95df18	SESSION-1f42c1a2508937e6 → flow:c704ad95df18
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:3.220.15.173:geo_39.04690_-77.49030	host:3.220.15.173 → geo_39.04690_-77.49030
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-ba31b8d0bcea573c:SESSION-ba31b8d0bcea573c	SESSION-ba31b8d0bcea573c → pe:dns:SESSION-ba31b8d0bcea573c
FLOW_TO_HOSTOBS	e:to:SESSION-8ead85dcd9724179:host:172.234.197.23	SESSION-8ead85dcd9724179 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-51b92cc6a561b81c:PCAP:capture_20260505150001:90690819257f	SESSION-51b92cc6a561b81c → PCAP:capture_20260505150001:90690819257f
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-112a52c8741e1f24:flow:9177236cf88d	SESSION-112a52c8741e1f24 → flow:9177236cf88d
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-7b3c407fbcf7cdbc:host:108.136.220.138:host:172.234.197.23	SESSION-7b3c407fbcf7cdbc → host:108.136.220.138 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-93e42c11b9b89aaf:host:172.234.197.23:host:172.232.0.17	SESSION-93e42c11b9b89aaf → host:172.234.197.23 → host:172.232.0.17
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-cc46316b9ac69b28:host:108.136.195.128:host:172.234.197.23	SESSION-cc46316b9ac69b28 → host:108.136.195.128 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-112a52c8741e1f24:host:5.61.209.107	SESSION-112a52c8741e1f24 → host:5.61.209.107
flow_observed3-aryOBS	e:fo:flow:3b21f9ede7cb	flow:3b21f9ede7cb → host:108.137.123.21 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4561579556c17060:host:43.173.132.82	SESSION-4561579556c17060 → host:43.173.132.82
HOST_IN_ASNOBS 85%	e:ha:host:16.78.103.11:asn:16509	host:16.78.103.11 → asn:16509
FLOW_FROM_HOSTOBS	e:from:SESSION-8ead85dcd9724179:host:43.173.187.143	SESSION-8ead85dcd9724179 → host:43.173.187.143
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-8ead85dcd9724179:host:43.173.187.143:host:172.234.197.23	SESSION-8ead85dcd9724179 → host:43.173.187.143 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:172.236.119.165:asn:63949	host:172.236.119.165 → asn:63949
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-53f109edd419cdc2:host:16.79.76.70:host:172.234.197.23	SESSION-53f109edd419cdc2 → host:16.79.76.70 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d8e778a85b00d06e:host:172.234.197.23	SESSION-d8e778a85b00d06e → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-061c5d7701fcd16d:host:172.234.197.23	SESSION-061c5d7701fcd16d → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-2defdff48f63b22c:host:13.216.252.177:host:172.234.197.23	SESSION-2defdff48f63b22c → host:13.216.252.177 → host:172.234.197.23
HOST_IN_ASNOBS 85%	e:ha:host:102.69.167.14:asn:328436	host:102.69.167.14 → asn:328436
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c28f30a8568677bd:flow:7027314e9f62	SESSION-c28f30a8568677bd → flow:7027314e9f62
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-ec5c8fa8037e3562:host:103.155.16.117:host:172.234.197.23	SESSION-ec5c8fa8037e3562 → host:103.155.16.117 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-51b92cc6a561b81c:flow:fd30f5960ad1	SESSION-51b92cc6a561b81c → flow:fd30f5960ad1
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-afdbc113425d69ae:PCAP:capture_20260505210001:fe9b7b09d76a	SESSION-afdbc113425d69ae → PCAP:capture_20260505210001:fe9b7b09d76a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-1e693ff8754b6a4b:PCAP:capture_20260505160001:6505a8988bcf	SESSION-1e693ff8754b6a4b → PCAP:capture_20260505160001:6505a8988bcf
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ec5c8fa8037e3562:PCAP:capture_20260505160001:6505a8988bcf	SESSION-ec5c8fa8037e3562 → PCAP:capture_20260505160001:6505a8988bcf
FLOW_TO_HOSTOBS	e:to:SESSION-e437667b37d516f6:host:172.234.197.23	SESSION-e437667b37d516f6 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-15c7d6c96ae38709:host:172.234.197.23	SESSION-15c7d6c96ae38709 → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-c28f30a8568677bd:host:172.234.197.23	SESSION-c28f30a8568677bd → host:172.234.197.23
FLOW_TO_HOSTOBS	e:to:SESSION-d8e778a85b00d06e:host:172.234.197.23	SESSION-d8e778a85b00d06e → host:172.234.197.23
ASN_IN_ORGOBS 80%	e:ao:asn:14618:org:Amazon.com, Inc.	asn:14618 → org:Amazon.com, Inc.
FLOW_TO_HOSTOBS	e:to:SESSION-22e21c154242e139:host:172.234.197.23	SESSION-22e21c154242e139 → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-d1d3131167e5d8a7:host:172.232.0.17	SESSION-d1d3131167e5d8a7 → host:172.232.0.17
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:185.125.188.57:geo_51.49640_-0.12240	host:185.125.188.57 → geo_51.49640_-0.12240
HOST_IN_ASNOBS 85%	e:ha:host:13.229.125.1:asn:16509	host:13.229.125.1 → asn:16509
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-e07d35bac2ad33a9:host:43.173.132.115:host:172.234.197.23	SESSION-e07d35bac2ad33a9 → host:43.173.132.115 → host:172.234.197.23
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c28f30a8568677bd:PCAP:capture_20260505170001:ca2a90108bf2	SESSION-c28f30a8568677bd → PCAP:capture_20260505170001:ca2a90108bf2
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-8ead85dcd9724179:SESSION-8ead85dcd9724179	SESSION-8ead85dcd9724179 → pe:syn:SESSION-8ead85dcd9724179
FLOW_TLS_SNIOBS	e:fs:flow:441658b54583:tls_sni:172-234-197-23.ip.linodeusercontent.com	flow:441658b54583 → tls_sni:172-234-197-23.ip.linodeusercontent.com
FLOW_DST_PORTOBS	e:fp:flow:8089546c59de:port:udp:53	flow:8089546c59de → port:udp:53
flow_observed5-aryOBS	e:fo:flow:4501038c119d	flow:4501038c119d → host:3.220.15.173 → host:172.234.197.23 → port:tcp:80 → svc:http
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-cc46316b9ac69b28:host:108.136.195.128	SESSION-cc46316b9ac69b28 → host:108.136.195.128
flow_observed5-aryOBS	e:fo:flow:8089546c59de	flow:8089546c59de → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-29997713c592805d:host:172.234.197.23	SESSION-29997713c592805d → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:fd30f5960ad1	flow:fd30f5960ad1 → host:54.227.57.227 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-90b1be10321455be:host:172.98.199.111	SESSION-90b1be10321455be → host:172.98.199.111
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:172.98.199.111:geo_37.75100_-97.82200	host:172.98.199.111 → geo_37.75100_-97.82200
FLOW_FROM_HOSTOBS	e:from:SESSION-cc46316b9ac69b28:host:108.136.195.128	SESSION-cc46316b9ac69b28 → host:108.136.195.128
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-c70914c01a4dbe00:SESSION-c70914c01a4dbe00	SESSION-c70914c01a4dbe00 → pe:syn:SESSION-c70914c01a4dbe00
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-d96f4e3d10a0a4f0:flow:02b1e8c8b192	SESSION-d96f4e3d10a0a4f0 → flow:02b1e8c8b192
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-ad1c4ddd91bc1148:PCAP:capture_20260505150001:90690819257f	SESSION-ad1c4ddd91bc1148 → PCAP:capture_20260505150001:90690819257f
FLOW_FROM_HOSTOBS	e:from:SESSION-4561579556c17060:host:43.173.132.82	SESSION-4561579556c17060 → host:43.173.132.82
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-c70914c01a4dbe00:host:221.156.137.102	SESSION-c70914c01a4dbe00 → host:221.156.137.102
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:13.250.21.18:geo_1.29390_103.84610	host:13.250.21.18 → geo_1.29390_103.84610
FLOW_DST_PORTOBS	e:fp:flow:449957d41315:port:udp:53	flow:449957d41315 → port:udp:53
FLOW_TO_HOSTOBS	e:to:SESSION-6f591a82d04e2f23:host:172.234.197.23	SESSION-6f591a82d04e2f23 → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-90d5b2c6338c7815:host:82.86.130.0:host:172.234.197.23	SESSION-90d5b2c6338c7815 → host:82.86.130.0 → host:172.234.197.23
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-c260bd1d3b6a172d:flow:d7d8a1790678	SESSION-c260bd1d3b6a172d → flow:d7d8a1790678
flow_observed5-aryOBS	e:fo:flow:84372b4c9378	flow:84372b4c9378 → host:172.234.197.23 → host:172.232.0.17 → port:udp:53 → svc:dns
FLOW_FROM_HOSTOBS	e:from:SESSION-548e9314b3086ca9:host:3.143.162.210	SESSION-548e9314b3086ca9 → host:3.143.162.210
FLOW_DST_PORTOBS	e:fp:flow:d55b3af6cdbc:port:tcp:443	flow:d55b3af6cdbc → port:tcp:443
FLOW_TO_HOSTOBS	e:to:SESSION-0280199fcf3ea167:host:172.234.197.23	SESSION-0280199fcf3ea167 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-5b835c6ebb995a7d:host:5.61.209.107	SESSION-5b835c6ebb995a7d → host:5.61.209.107
HOST_IN_ASNOBS 85%	e:ha:host:44.203.55.60:asn:14618	host:44.203.55.60 → asn:14618
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-859dff0703adcd19:PCAP:capture_20260505210001:fe9b7b09d76a	SESSION-859dff0703adcd19 → PCAP:capture_20260505210001:fe9b7b09d76a
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-bb030de157a28a92:PCAP:capture_20260505170001:ca2a90108bf2	SESSION-bb030de157a28a92 → PCAP:capture_20260505170001:ca2a90108bf2
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%	e:bsg:SESSION-cef22d690e31564a:BSG-BEACON-f6c2b3d0e42d	SESSION-cef22d690e31564a → BSG-BEACON-f6c2b3d0e42d
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-4d8ee5a4e3d2c6cb:host:172.234.197.23	SESSION-4d8ee5a4e3d2c6cb → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-8946fc29c6b46f6d:host:172.234.197.23	SESSION-8946fc29c6b46f6d → host:172.234.197.23
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:40.77.167.4:geo_36.66940_-78.38770	host:40.77.167.4 → geo_36.66940_-78.38770
flow_observed3-aryOBS	e:fo:flow:4ddbe4acc504	flow:4ddbe4acc504 → host:32.195.50.176 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-53f109edd419cdc2:host:16.79.76.70	SESSION-53f109edd419cdc2 → host:16.79.76.70
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6f591a82d04e2f23:flow:5f0f49123cd7	SESSION-6f591a82d04e2f23 → flow:5f0f49123cd7
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-56879d86cd26b6ef:host:172.234.197.23	SESSION-56879d86cd26b6ef → host:172.234.197.23
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-6f371d3a9290449b:host:172.234.197.23:host:172.232.0.17	SESSION-6f371d3a9290449b → host:172.234.197.23 → host:172.232.0.17
flow_observed5-aryOBS	e:fo:flow:a17816cafef4	flow:a17816cafef4 → host:43.172.194.114 → host:172.234.197.23 → port:tcp:443 → svc:https
FLOW_QUERIED_DNSOBS	e:fd:flow:1507855d0ab9:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:1507855d0ab9 → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-8946fc29c6b46f6d:flow:1ef937ba29a6	SESSION-8946fc29c6b46f6d → flow:1ef937ba29a6
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-4be2484ef7d205f9:flow:da8d91463c3d	SESSION-4be2484ef7d205f9 → flow:da8d91463c3d
HOST_GEO_ESTIMATEOBS 60%	e:hg:host:43.173.132.82:geo_1.29390_103.84610	host:43.173.132.82 → geo_1.29390_103.84610
FLOW_QUERIED_DNSOBS	e:fd:flow:484583ddd05a:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com	flow:484583ddd05a → dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com
FLOW_DST_PORTOBS	e:fp:flow:84372b4c9378:port:udp:53	flow:84372b4c9378 → port:udp:53
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-449dd50fe1669698:PCAP:capture_20260505180001:aab19cafbf97	SESSION-449dd50fe1669698 → PCAP:capture_20260505180001:aab19cafbf97
SESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%	e:bsg:SESSION-9d04f6d7b357bacd:BSG-BEACON-f6c2b3d0e42d	SESSION-9d04f6d7b357bacd → BSG-BEACON-f6c2b3d0e42d
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-c70914c01a4dbe00:PCAP:capture_20260505180001:aab19cafbf97	SESSION-c70914c01a4dbe00 → PCAP:capture_20260505180001:aab19cafbf97
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-48538346c6e3fa4e:host:92.118.39.236	SESSION-48538346c6e3fa4e → host:92.118.39.236
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-5d116249fba5ef1a:host:172.234.197.23	SESSION-5d116249fba5ef1a → host:172.234.197.23
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-901a03ef18d43905:host:78.153.140.149	SESSION-901a03ef18d43905 → host:78.153.140.149
SESSION_CONTAINS_EVENTOBS	e:pe:pe:syn:SESSION-6161ce1063e366a2:SESSION-6161ce1063e366a2	SESSION-6161ce1063e366a2 → pe:syn:SESSION-6161ce1063e366a2
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-6809ae9f3f9de168:flow:c853014c7a67	SESSION-6809ae9f3f9de168 → flow:c853014c7a67
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-afdbc113425d69ae:host:91.227.37.60	SESSION-afdbc113425d69ae → host:91.227.37.60
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-e07d35bac2ad33a9:flow:696377210741	SESSION-e07d35bac2ad33a9 → flow:696377210741
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-449dd50fe1669698:host:18.138.243.16	SESSION-449dd50fe1669698 → host:18.138.243.16
SESSION_OBSERVED_HOSTOBS	e:soh:SESSION-b43027ed299d5e94:host:45.148.10.121	SESSION-b43027ed299d5e94 → host:45.148.10.121
SESSION_DERIVED_FROM_PCAPOBS	e:derived:SESSION-9d04f6d7b357bacd:PCAP:capture_20260505200001:d502e7eabbdd	SESSION-9d04f6d7b357bacd → PCAP:capture_20260505200001:d502e7eabbdd
flow_observed3-aryOBS	e:fo:flow:c79e28885a99	flow:c79e28885a99 → host:51.224.53.243 → host:172.234.197.23
flow_observed5-aryOBS	e:fo:flow:fb0a88ae25c4	flow:fb0a88ae25c4 → host:91.227.37.60 → host:172.234.197.23 → port:tcp:443 → svc:https
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-08dd2a06bab4a852:SESSION-08dd2a06bab4a852	SESSION-08dd2a06bab4a852 → pe:dns:SESSION-08dd2a06bab4a852
SESSION_OBSERVED_FLOWOBS	e:sof:SESSION-b43027ed299d5e94:flow:daf8c45d27ff	SESSION-b43027ed299d5e94 → flow:daf8c45d27ff
flow_observed3-aryOBS	e:fo:flow:4e35f51811d2	flow:4e35f51811d2 → host:16.78.103.11 → host:172.234.197.23
FLOW_QUERIED_DNSOBS	e:fd:flow:c55c01d60832:dns:172-234-197-23.ip.linodeusercontent.com	flow:c55c01d60832 → dns:172-234-197-23.ip.linodeusercontent.com
SESSION_CONTAINS_EVENTOBS	e:pe:pe:dns:SESSION-1d2c12c54a6b8ee9:SESSION-1d2c12c54a6b8ee9	SESSION-1d2c12c54a6b8ee9 → pe:dns:SESSION-1d2c12c54a6b8ee9
FLOW_FROM_HOSTOBS	e:from:SESSION-ad1c4ddd91bc1148:host:3.220.15.173	SESSION-ad1c4ddd91bc1148 → host:3.220.15.173
SESSION_BETWEEN_HOSTS3-aryOBS	e:sbh:SESSION-bb030de157a28a92:host:51.224.129.180:host:172.234.197.23	SESSION-bb030de157a28a92 → host:51.224.129.180 → host:172.234.197.23
FLOW_FROM_HOSTOBS	e:from:SESSION-d8e778a85b00d06e:host:13.229.125.1	SESSION-d8e778a85b00d06e → host:13.229.125.1