{"id":5905,"date":"2026-05-06T15:13:06","date_gmt":"2026-05-06T15:13:06","guid":{"rendered":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/?page_id=5905"},"modified":"2026-05-06T15:14:46","modified_gmt":"2026-05-06T15:14:46","slug":"scythe-b3ba2375-session-3657adb5f65190d3","status":"publish","type":"page","link":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/?page_id=5905","title":{"rendered":"scythe-b3ba2375 SESSION-3657adb5f65190d3"},"content":{"rendered":"\n
session-hypergraph-SESSION-3657adb5<\/a>Download<\/a><\/div>\n\n\n\n
13 PCAPs \u2022 148 sessions \u2022 66 hosts \u2022 65 \ud83c\udf0d geolocated\n\u25b6 \ud83d\udcc4 capture_20260506020001.pcap 2.6 KB \u2022 7 sessions \u2022 TCP:1 ICMP:4 UDP:2\n\u25b6 \ud83d\udcc4 capture_20260506030001.pcap 35.2 KB \u2022 7 sessions \u2022 UDP:3 TCP:4\n\u25b6 \ud83d\udcc4 capture_20260506040001.pcap 41.9 KB \u2022 17 sessions \u2022 TCP:11 UDP:3 ICMP:3\n\u25b6 \ud83d\udcc4 capture_20260506050001.pcap 26.3 KB \u2022 9 sessions \u2022 TCP:7 UDP:2\n\u25b6 \ud83d\udcc4 capture_20260506060001.pcap 51.8 KB \u2022 13 sessions \u2022 ICMP:2 TCP:6 UDP:5\n\u25b6 \ud83d\udcc4 capture_20260506070001.pcap 14.7 KB \u2022 9 sessions \u2022 ICMP:3 UDP:2 TCP:4\n\u25b6 \ud83d\udcc4 capture_20260506080002.pcap 45.7 KB \u2022 6 sessions \u2022 UDP:3 TCP:2 ICMP:1\n\u25b6 \ud83d\udcc4 capture_20260506090001.pcap 91.7 KB \u2022 15 sessions \u2022 UDP:6 TCP:9\n\u25b6 \ud83d\udcc4 capture_20260506100001.pcap 45.1 KB \u2022 6 sessions \u2022 UDP:3 ICMP:1 TCP:2\n\u25b6 \ud83d\udcc4 capture_20260506110001.pcap 20.0 KB \u2022 13 sessions \u2022 UDP:2 TCP:8 ICMP:3\n\u25b6 \ud83d\udcc4 capture_20260506120001.pcap 3.8 KB \u2022 8 sessions \u2022 ICMP:2 UDP:2 TCP:4\n\u25b6 \ud83d\udcc4 capture_20260506130001.pcap 26.5 KB \u2022 28 sessions \u2022 TCP:23 UDP:3 ICMP:2\n\u25b6 \ud83d\udcc4 capture_20260506140001.pcap 12.0 KB \u2022 10 sessions \u2022 ICMP:6 TCP:2 UDP:2<\/code><\/pre>\n\n\n\n
Nodes (694)\nKind\tID\tLabels\tPosition\nasn\tasn:269051\tasn=269,051, org=UNIVERSO FIBER COMUNICACAO MULTIMIDIA\t\nasn\tasn:4780\tasn=4,780, org=Digital United Inc.\t\nasn\tasn:16509\tasn=16,509, org=Amazon.com, Inc.\t\nasn\tasn:56042\tasn=56,042, org=China Mobile communications corporation\t\nasn\tasn:41231\tasn=41,231, org=Canonical Group Limited\t\nasn\tasn:267784\tasn=267,784, org=Flyservers S.A.\t\nasn\tasn:47890\tasn=47,890, org=Unmanaged Ltd\t\nasn\tasn:14956\tasn=14,956, org=RouterHosting LLC\t\nasn\tasn:138915\tasn=138,915, org=Kaopu Cloud HK Limited\t\nasn\tasn:150958\tasn=150,958, org=PT Fiber Data Nusantara\t\nasn\tasn:26496\tasn=26,496, org=GoDaddy.com, LLC\t\nasn\tasn:6939\tasn=6,939, org=Hurricane Electric LLC\t\nasn\tasn:211443\tasn=211,443, org=Sino Worldwide Trading Limited\t\nasn\tasn:211298\tasn=211,298, org=Driftnet Ltd\t\nasn\tasn:132203\tasn=132,203, org=Tencent Building, Kejizhongyi Avenue\t\nasn\tasn:54290\tasn=54,290, org=Hostwinds LLC.\t\nasn\tasn:8254\tasn=8,254, org=Green Floid LLC\t\nasn\tasn:14618\tasn=14,618, org=Amazon.com, Inc.\t\nasn\tasn:51396\tasn=51,396, org=Pfcloud UG (haftungsbeschrankt)\t\nasn\tasn:208137\tasn=208,137, org=Feo Prest SRL\t\nasn\tasn:209847\tasn=209,847, org=WorkTitans B.V.\t\nasn\tasn:4766\tasn=4,766, org=Korea Telecom\t\nasn\tasn:8075\tasn=8,075, org=Microsoft Corporation\t\nasn\tasn:204957\tasn=204,957, org=Green Floid LLC\t\nasn\tasn:4812\tasn=4,812, org=China Telecom Group\t\nasn\tasn:577\tasn=577, org=Bell Canada\t\nasn\tasn:198983\tasn=198,983, org='Tornado Datacenter GmbH & Co. KG'\t\nasn\tasn:136557\tasn=136,557, org=Host Universal Pty Ltd\t\nasn\tasn:52148\tasn=52,148, org=Enix Ltd\t\nasn\tasn:46606\tasn=46,606, org=Unified Layer\t\nasn\tasn:63949\tasn=63,949, org=Akamai Connected Cloud\t\nasn\tasn:48090\tasn=48,090, org=Techoff Srv Limited\t\nasn\tasn:49870\tasn=49,870, org=Alsycon B.V.\t\nasn\tasn:4837\tasn=4,837, org=CHINA UNICOM China169 Backbone\t\nasn\tasn:210259\tasn=210,259, org=LLC Applied Computational Technologies\t\nbehavior_group\tBSG-DATA_EXFIL-11b63b9d53b9\tbehavior=DATA_EXFIL, confidence=0.5, detection_rationale=total_bytes=11765, dst_ip=, member_count=1, src_ip=3.223.134.5, summary=Exfil suspect: 3.223.134.5 \u2192 1 destinations, 11,765B total, max 11,765B\/session, total_bytes=11,765, total_packets=33, unique_hosts=1, unique_ports=0\t\nbehavior_group\tBSG-DATA_EXFIL-732524e71ecb\tbehavior=DATA_EXFIL, confidence=0.65, detection_rationale=total_bytes=43611; high_rate (82285 B\/s), dst_ip=, member_count=1, src_ip=66.228.53.78, summary=Exfil suspect: 66.228.53.78 \u2192 1 destinations, 43,611B total, max 43,611B\/session, total_bytes=43,611, total_packets=46, unique_hosts=1, unique_ports=0\t\nbehavior_group\tBSG-BEACON-a8a8c3c8a37f\tbehavior=BEACON, confidence=0.9, detection_rationale=timing_cv=0.00 (\u22640.5); byte_cv=0.00 (\u22640.6), dst_ip=172.234.197.23, dst_port=0, interval_cv=0, mean_interval=7,200, member_count=7, src_ip=103.155.16.117, summary=Beacon: 103.155.16.117 \u2192 172.234.197.23:0, 7 sessions, interval CV=0.00, mean 84B, total_bytes=588, total_packets=14, unique_hosts=0, unique_ports=0\t\nbehavior_group\tBSG-DATA_EXFIL-94dc914f8283\tbehavior=DATA_EXFIL, confidence=0.5, detection_rationale=total_bytes=24439, dst_ip=, member_count=1, src_ip=40.77.167.70, summary=Exfil suspect: 40.77.167.70 \u2192 1 destinations, 24,439B total, max 24,439B\/session, total_bytes=24,439, total_packets=41, unique_hosts=1, unique_ports=0\t\nbehavior_group\tBSG-DATA_EXFIL-edb560b3ef99\tbehavior=DATA_EXFIL, confidence=0.65, detection_rationale=total_bytes=43875; high_rate (78348 B\/s), dst_ip=, member_count=1, src_ip=172.236.228.38, summary=Exfil suspect: 172.236.228.38 \u2192 1 destinations, 43,875B total, max 43,875B\/session, total_bytes=43,875, total_packets=50, unique_hosts=1, unique_ports=0\t\nbehavior_group\tBSG-BEACON-3e264b836441\tbehavior=BEACON, confidence=0.65, detection_rationale=byte_cv=0.15 (\u22640.6), dst_ip=172.234.197.23, dst_port=443, interval_cv=1.732, mean_interval=7.5, member_count=5, src_ip=45.33.109.10, summary=Beacon: 45.33.109.10 \u2192 172.234.197.23:443, 5 sessions, interval CV=1.73, mean 522B, total_bytes=2,610, total_packets=39, unique_hosts=0, unique_ports=0\t\nbehavior_group\tBSG-DATA_EXFIL-4bc5c409bc39\tbehavior=DATA_EXFIL, confidence=0.75, detection_rationale=total_bytes=53626; high_rate (156500 B\/s), dst_ip=, member_count=2, src_ip=74.7.243.62, summary=Exfil suspect: 74.7.243.62 \u2192 1 destinations, 53,626B total, max 30,151B\/session, total_bytes=53,626, total_packets=76, unique_hosts=1, unique_ports=0\t\nbehavior_group\tBSG-BEACON-f6c2b3d0e42d\tbehavior=BEACON, confidence=0.75, detection_rationale=byte_cv=0.08 (\u22640.6); count=37, dst_ip=172.232.0.17, dst_port=53, interval_cv=1.413, mean_interval=1,200, member_count=37, src_ip=172.234.197.23, summary=Beacon: 172.234.197.23 \u2192 172.232.0.17:53, 37 sessions, interval CV=1.41, mean 290B, total_bytes=10,736, total_packets=74, unique_hosts=0, unique_ports=0\t\nbehavior_group\tBSG-DATA_EXFIL-f741823cb51a\tbehavior=DATA_EXFIL, confidence=0.5, detection_rationale=total_bytes=27182, dst_ip=, member_count=1, src_ip=43.157.180.116, summary=Exfil suspect: 43.157.180.116 \u2192 1 destinations, 27,182B total, max 27,182B\/session, total_bytes=27,182, total_packets=42, unique_hosts=1, unique_ports=0\t\ndns_name\tdns:wpcodeusage.com\tanswer_count=2, qname=wpcodeusage.com\t\ndns_name\tdns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\tanswer_count=0, qname=172-234-197-23.ip.linodeusercontent.com.members.linode.com\t\ndns_name\tdns:172-234-197-23.ip.linodeusercontent.com\tanswer_count=0, qname=172-234-197-23.ip.linodeusercontent.com\t\nflow\tflow:6cdc7ef329cb\tbytes=1,340, dst_ip=172.234.197.23, dst_port=443, pkts=11, proto=tcp, src_ip=185.247.137.206\t\nflow\tflow:e7ea76711a78\tbytes=5,714, dst_ip=172.234.197.23, dst_port=443, pkts=15, proto=tcp, src_ip=89.190.156.78\t\nflow\tflow:38ed5ae17f18\tbytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:4c12feb7d691\tbytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:649ec01154f8\tbytes=172, dst_ip=2.57.122.193, dst_port=50,248, pkts=2, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:a4aa40b777fd\tbytes=462, dst_ip=5.34.178.101, dst_port=52,976, pkts=7, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:d9cb873bff5c\tbytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:1119d003b239\tbytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:9856a9006d65\tbytes=164, dst_ip=2.57.122.194, dst_port=0, pkts=2, proto=icmp, src_ip=172.234.197.23\t\nflow\tflow:5817e49bd4d7\tbytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=18.153.49.6\t\nflow\tflow:469687814548\tbytes=166, dst_ip=172.234.197.23, dst_port=443, pkts=3, proto=tcp, src_ip=46.151.178.13\t\nflow\tflow:0b62fdf0d034\tbytes=148, dst_ip=172.234.197.23, dst_port=23, pkts=2, proto=tcp, src_ip=103.81.111.187\t\nflow\tflow:23359d44f167\tbytes=172, dst_ip=2.57.122.193, dst_port=50,248, pkts=2, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:29f0f80dc5aa\tbytes=120, dst_ip=92.118.39.195, dst_port=9,360, pkts=2, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:a527250caa23\tbytes=5,296, dst_ip=172.234.197.23, dst_port=22, pkts=24, proto=tcp, src_ip=162.214.75.117\t\nflow\tflow:0b2ff889b5a5\tbytes=8,622, dst_ip=172.234.197.23, dst_port=443, pkts=25, proto=tcp, src_ip=34.197.28.78\t\nflow\tflow:e2978a833c12\tbytes=5,716, dst_ip=172.234.197.23, dst_port=443, pkts=15, proto=tcp, src_ip=89.190.156.78\t\nflow\tflow:fe381d2d7005\tbytes=6,230, dst_ip=172.234.197.23, dst_port=22, pkts=34, proto=tcp, src_ip=92.118.39.235\t\nflow\tflow:99cd9173a6aa\tbytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:b9a22427e56f\tbytes=27,182, dst_ip=172.234.197.23, dst_port=443, pkts=42, proto=tcp, src_ip=43.157.180.116\t\nflow\tflow:fd171cb16a1a\tbytes=462, dst_ip=104.194.149.41, dst_port=58,020, pkts=7, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:3e4cd8770b96\tbytes=132, dst_ip=5.34.178.101, dst_port=52,976, pkts=2, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:c5802a729475\tbytes=552, dst_ip=172.234.197.23, dst_port=443, pkts=10, proto=tcp, src_ip=45.33.109.10\t\nflow\tflow:9661bdae631b\tbytes=344, dst_ip=172.234.197.23, dst_port=21, pkts=6, proto=tcp, src_ip=81.29.142.50\t\nflow\tflow:8d353e4da0fd\tbytes=11,765, dst_ip=172.234.197.23, dst_port=443, pkts=33, proto=tcp, src_ip=3.223.134.5\t\nflow\tflow:94ead5a3cc24\tbytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=51.224.145.102\t\nflow\tflow:aaf2c7b4d443\tbytes=84, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=103.155.16.117\t\nflow\tflow:b680ecde69ca\tbytes=84, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=103.155.16.117\t\nflow\tflow:04e808770244\tbytes=5,100, dst_ip=172.234.197.23, dst_port=22, pkts=23, proto=tcp, src_ip=213.209.159.56\t\nflow\tflow:34fc5fb47634\tbytes=816, dst_ip=45.153.34.112, dst_port=0, pkts=8, proto=icmp, src_ip=172.234.197.23\t\nflow\tflow:526ed535a114\tbytes=132, dst_ip=104.194.145.47, dst_port=58,327, pkts=2, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:c81b3731a7ee\tbytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:73ae520c0fe3\tbytes=612, dst_ip=45.156.87.254, dst_port=0, pkts=6, proto=icmp, src_ip=172.234.197.23\t\nflow\tflow:6e2a85228dbb\tbytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:c31e76db5dae\tbytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:3a3e7a160682\tbytes=504, dst_ip=2.57.122.193, dst_port=0, pkts=6, proto=icmp, src_ip=172.234.197.23\t\nflow\tflow:d4333a8895f0\tbytes=43,875, dst_ip=172.234.197.23, dst_port=443, pkts=50, proto=tcp, src_ip=172.236.228.38\t\nflow\tflow:6f3d67cdcf5e\tbytes=528, dst_ip=195.211.96.85, dst_port=54,624, pkts=8, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:eea34932bdf6\tbytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:65293682ec9b\tbytes=3,871, dst_ip=172.234.197.23, dst_port=22, pkts=14, proto=tcp, src_ip=106.107.248.155\t\nflow\tflow:7d422775f052\tbytes=3,188, dst_ip=213.209.159.56, dst_port=18,739, pkts=28, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:df64d227b047\tbytes=5,849, dst_ip=172.234.197.23, dst_port=443, pkts=15, proto=tcp, src_ip=89.190.156.78\t\nflow\tflow:7a63b783bb1f\tbytes=228, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:080ac7a1b45b\tbytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:eb8627c18ed1\tbytes=330, dst_ip=107.189.27.59, dst_port=57,742, pkts=5, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:e1aadcf35da1\tbytes=132, dst_ip=70.54.182.130, dst_port=48,929, pkts=2, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:39fd59b217e1\tbytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:63ff435747ca\tbytes=8,773, dst_ip=172.234.197.23, dst_port=443, pkts=26, proto=tcp, src_ip=74.7.242.149\t\nflow\tflow:86b2060928ad\tbytes=7,406, dst_ip=172.234.197.23, dst_port=22, pkts=48, proto=tcp, src_ip=2.57.122.193\t\nflow\tflow:0f567f8a82dd\tbytes=132, dst_ip=104.194.149.41, dst_port=59,950, pkts=2, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:bb6249832db5\tbytes=264, dst_ip=172.234.197.23, dst_port=443, pkts=4, proto=tcp, src_ip=89.190.156.78\t\nflow\tflow:88cca16d0446\tbytes=148, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=183.202.141.98\t\nflow\tflow:eab42a9b6bf8\tbytes=5,172, dst_ip=172.234.197.23, dst_port=443, pkts=22, proto=tcp, src_ip=34.198.2.0\t\nflow\tflow:ad158fcc812d\tbytes=132, dst_ip=45.61.133.121, dst_port=63,631, pkts=2, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:c1c688f8cf4a\tbytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:937c5e286676\tbytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:d8584035cf2a\tbytes=132, dst_ip=172.234.197.23, dst_port=443, pkts=2, proto=tcp, src_ip=74.7.242.172\t\nflow\tflow:a7ad13b94d62\tbytes=84, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=103.155.16.117\t\nflow\tflow:e49bf2972d42\tbytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:7673e13f4289\tbytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:0f87fd9755d2\tbytes=198, dst_ip=172.234.197.23, dst_port=22, pkts=3, proto=tcp, src_ip=106.107.248.155\t\nflow\tflow:deb2950ce21a\tbytes=264, dst_ip=172.234.197.23, dst_port=443, pkts=4, proto=tcp, src_ip=89.190.156.78\t\nflow\tflow:2b1929813806\tbytes=1,388, dst_ip=92.118.39.235, dst_port=42,116, pkts=16, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:82f6ffde6d35\tbytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:4d30fbc2be96\tbytes=1,714, dst_ip=45.227.254.170, dst_port=40,232, pkts=19, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:7cc2d28880a5\tbytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:7bb80f6e2570\tbytes=120, dst_ip=211.251.245.88, dst_port=41,574, pkts=2, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:c2c154dd91a3\tbytes=6,406, dst_ip=172.234.197.23, dst_port=22, pkts=36, proto=tcp, src_ip=45.148.10.157\t\nflow\tflow:04542ba83818\tbytes=658, dst_ip=172.234.197.23, dst_port=443, pkts=8, proto=tcp, src_ip=45.33.109.10\t\nflow\tflow:6845e8b68c70\tbytes=648, dst_ip=172.234.197.23, dst_port=23, pkts=12, proto=tcp, src_ip=91.204.208.35\t\nflow\tflow:fa86c0038549\tbytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:18d38100af2b\tbytes=668, dst_ip=92.118.39.235, dst_port=0, pkts=8, proto=icmp, src_ip=172.234.197.23\t\nflow\tflow:07feb12ee68f\tbytes=84, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=103.155.16.117\t\nflow\tflow:4f3d29822dfd\tbytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:880e4b1bdb27\tbytes=30,151, dst_ip=172.234.197.23, dst_port=443, pkts=46, proto=tcp, src_ip=74.7.243.62\t\nflow\tflow:98684bb183ca\tbytes=668, dst_ip=45.227.254.170, dst_port=0, pkts=8, proto=icmp, src_ip=172.234.197.23\t\nflow\tflow:288b4666fe88\tbytes=6,094, dst_ip=172.234.197.23, dst_port=22, pkts=34, proto=tcp, src_ip=45.227.254.170\t\nflow\tflow:1b8efe77f1d2\tbytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:6c52770a5a7c\tbytes=5,753, dst_ip=172.234.197.23, dst_port=443, pkts=15, proto=tcp, src_ip=89.190.156.78\t\nflow\tflow:1fc954fe1e5f\tbytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:69ea25c11391\tbytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:cb23a9fa002c\tbytes=6,394, dst_ip=172.234.197.23, dst_port=443, pkts=21, proto=tcp, src_ip=74.7.243.19\t\nflow\tflow:751ba8c1a7c7\tbytes=120, dst_ip=45.148.10.152, dst_port=43,722, pkts=2, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:9ceaff17bc29\tbytes=84, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=103.155.16.117\t\nflow\tflow:98c0b157084d\tbytes=24,439, dst_ip=172.234.197.23, dst_port=443, pkts=41, proto=tcp, src_ip=40.77.167.70\t\nflow\tflow:20083810e797\tbytes=1,486, dst_ip=213.209.159.56, dst_port=0, pkts=11, proto=icmp, src_ip=172.234.197.23\t\nflow\tflow:b043921b4335\tbytes=1,394, dst_ip=172.234.197.23, dst_port=443, pkts=15, proto=tcp, src_ip=185.247.137.6\t\nflow\tflow:c3dc2fae803e\tbytes=5,733, dst_ip=172.234.197.23, dst_port=443, pkts=28, proto=tcp, src_ip=74.7.175.174\t\nflow\tflow:75f5a0d5f164\tbytes=228, dst_ip=172.234.197.23, dst_port=22, pkts=4, proto=tcp, src_ip=180.167.128.203\t\nflow\tflow:f082ca34669c\tbytes=462, dst_ip=2.57.122.196, dst_port=3,392, pkts=5, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:796619995967\tbytes=918, dst_ip=172.234.197.23, dst_port=443, pkts=10, proto=tcp, src_ip=87.236.176.214\t\nflow\tflow:225be6166274\tbytes=816, dst_ip=45.153.34.112, dst_port=0, pkts=8, proto=icmp, src_ip=172.234.197.23\t\nflow\tflow:4991c4ddcaed\tbytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:2728835a14a6\tbytes=857, dst_ip=172.234.197.23, dst_port=22, pkts=11, proto=tcp, src_ip=74.82.47.3\t\nflow\tflow:d6f713bf2ef5\tbytes=100, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=5.181.20.206\t\nflow\tflow:08fd29599773\tbytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=51.224.22.45\t\nflow\tflow:a9aa2ea13503\tbytes=148, dst_ip=172.234.197.23, dst_port=8,088, pkts=2, proto=tcp, src_ip=148.72.247.49\t\nflow\tflow:e903432acbba\tbytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:780372653948\tbytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=3.126.146.176\t\nflow\tflow:8d08ea6ea9f9\tbytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:f969770eb36a\tbytes=148, dst_ip=172.234.197.23, dst_port=23, pkts=2, proto=tcp, src_ip=45.178.249.135\t\nflow\tflow:dd2a74d69ecd\tbytes=5,584, dst_ip=172.234.197.23, dst_port=443, pkts=17, proto=tcp, src_ip=52.232.35.131\t\nflow\tflow:258abd61bf99\tbytes=422, dst_ip=2.57.122.196, dst_port=0, pkts=5, proto=icmp, src_ip=172.234.197.23\t\nflow\tflow:19793244e1ec\tbytes=164, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=63.179.136.145\t\nflow\tflow:a49d3770e270\tbytes=172, dst_ip=45.148.10.152, dst_port=43,722, pkts=2, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:19202654408c\tbytes=462, dst_ip=192.119.111.204, dst_port=60,604, pkts=7, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:6568cd0686fe\tbytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:823309092ce5\tbytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:e73d03d30fbd\tbytes=462, dst_ip=104.194.145.47, dst_port=58,327, pkts=7, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:114a8ab669ec\tbytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:1da98017ced9\tbytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:92d90165a95f\tbytes=714, dst_ip=45.156.87.254, dst_port=0, pkts=7, proto=icmp, src_ip=172.234.197.23\t\nflow\tflow:79c7fa393fc0\tbytes=4,775, dst_ip=172.234.197.23, dst_port=22, pkts=22, proto=tcp, src_ip=106.107.248.155\t\nflow\tflow:dbaf0481482c\tbytes=264, dst_ip=172.234.197.23, dst_port=443, pkts=4, proto=tcp, src_ip=89.190.156.78\t\nflow\tflow:745e7e633b46\tbytes=132, dst_ip=192.119.111.204, dst_port=60,604, pkts=2, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:b8e6066fd4c7\tbytes=456, dst_ip=172.234.197.23, dst_port=443, pkts=7, proto=tcp, src_ip=45.33.109.10\t\nflow\tflow:de5fce5ad04d\tbytes=198, dst_ip=107.189.27.59, dst_port=57,742, pkts=3, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:a6ea0602e5c3\tbytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:51c075e75f1f\tbytes=1,520, dst_ip=2.57.122.194, dst_port=18,694, pkts=14, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:9c788f76936f\tbytes=164, dst_ip=2.57.122.196, dst_port=0, pkts=2, proto=icmp, src_ip=172.234.197.23\t\nflow\tflow:e6a35db00740\tbytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:ae85aeeb1dac\tbytes=756, dst_ip=172.234.197.23, dst_port=23, pkts=14, proto=tcp, src_ip=91.204.208.35\t\nflow\tflow:d9cbf99a4686\tbytes=172, dst_ip=92.118.39.23, dst_port=26,966, pkts=2, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:274ee5f63645\tbytes=180, dst_ip=185.125.190.56, dst_port=123, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:1b4a85eb6bc1\tbytes=204, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:7d994515472c\tbytes=7,102, dst_ip=172.234.197.23, dst_port=22, pkts=44, proto=tcp, src_ip=2.57.122.196\t\nflow\tflow:39a4be8c95c8\tbytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:79c6b8311121\tbytes=1,282, dst_ip=172.234.197.23, dst_port=443, pkts=14, proto=tcp, src_ip=45.61.133.121\t\nflow\tflow:1e45f245d9e1\tbytes=528, dst_ip=195.123.246.80, dst_port=50,746, pkts=8, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:932b37022a67\tbytes=84, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=103.155.16.117\t\nflow\tflow:edcdfd648e8c\tbytes=468, dst_ip=172.234.197.23, dst_port=443, pkts=7, proto=tcp, src_ip=45.33.109.10\t\nflow\tflow:fb8bd5371f47\tbytes=84, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=103.155.16.117\t\nflow\tflow:ed98d1d2d802\tbytes=148, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=124.129.100.19\t\nflow\tflow:551e75da8fde\tbytes=3,516, dst_ip=172.234.197.23, dst_port=443, pkts=10, proto=tcp, src_ip=185.247.137.22\t\nflow\tflow:02a69204bf87\tbytes=43,611, dst_ip=172.234.197.23, dst_port=443, pkts=46, proto=tcp, src_ip=66.228.53.78\t\nflow\tflow:a05587dca278\tbytes=476, dst_ip=172.234.197.23, dst_port=443, pkts=7, proto=tcp, src_ip=45.33.109.10\t\nflow\tflow:d9af8e073824\tbytes=172, dst_ip=92.118.39.23, dst_port=26,966, pkts=2, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:77a0f3565630\tbytes=112, dst_ip=172.234.197.23, dst_port=10,004, pkts=2, proto=tcp, src_ip=170.187.163.133\t\nflow\tflow:7a3efc7c62c3\tbytes=4,810, dst_ip=172.234.197.23, dst_port=443, pkts=21, proto=tcp, src_ip=46.151.178.13\t\nflow\tflow:dd796c5d886d\tbytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:7a42c8b90c61\tbytes=23,475, dst_ip=172.234.197.23, dst_port=443, pkts=30, proto=tcp, src_ip=74.7.243.62\t\nflow\tflow:18f0172914c9\tbytes=282, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:51e69965ce12\tbytes=7,606, dst_ip=104.21.7.232, dst_port=443, pkts=18, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:a6790ddc9702\tbytes=132, dst_ip=172.234.197.23, dst_port=443, pkts=2, proto=tcp, src_ip=74.7.242.149\t\nflow\tflow:2dba1bb6c758\tbytes=292, dst_ip=2.57.122.194, dst_port=37,168, pkts=4, proto=tcp, src_ip=172.234.197.23\t\nflow\tflow:f51593dc9d13\tbytes=100, dst_ip=172.234.197.23, dst_port=0, pkts=2, proto=icmp, src_ip=103.25.56.113\t\nflow\tflow:61ec9c17e8a7\tbytes=313, dst_ip=172.232.0.17, dst_port=53, pkts=2, proto=udp, src_ip=172.234.197.23\t\nflow\tflow:1e7439e55ec0\tbytes=8,452, dst_ip=172.234.197.23, dst_port=443, pkts=24, proto=tcp, src_ip=74.7.242.172\t\ngeo_point\tgeo_37.56250_-122.00040\tcity=Fremont, country=US\t[37.5625, -122.0004, 0.0000] \ud83c\udf10\ngeo_point\tgeo_41.88350_-87.63050\tcity=Chicago, country=US\t[41.8835, -87.6305, 0.0000] \ud83c\udf10\ngeo_point\tgeo_25.77010_-80.19280\tcity=Miami, country=US\t[25.7701, -80.1928, 0.0000] \ud83c\udf10\ngeo_point\tgeo_40.82290_-74.45920\tcity=Cedar Knolls, country=US\t[40.8229, -74.4592, 0.0000] \ud83c\udf10\ngeo_point\tgeo_36.10200_-115.14470\tcity=Las Vegas, country=US\t[36.1020, -115.1447, 0.0000] \ud83c\udf10\ngeo_point\tgeo_39.15930_-111.81900\tcity=Gunnison, country=US\t[39.1593, -111.8190, 0.0000] \ud83c\udf10\ngeo_point\tgeo_55.73860_37.60680\tcity=, country=RU\t[55.7386, 37.6068, 0.0000] \ud83c\udf10\ngeo_point\tgeo_36.66940_-78.38770\tcity=Boydton, country=US\t[36.6694, -78.3877, 0.0000] \ud83c\udf10\ngeo_point\tgeo_9.00000_-80.00000\tcity=, country=PA\t[9.0000, -80.0000, 0.0000] \ud83c\udf10\ngeo_point\tgeo_43.71540_-79.38960\tcity=Toronto, country=CA\t[43.7154, -79.3896, 0.0000] \ud83c\udf10\ngeo_point\tgeo_37.75100_-97.82200\tcity=, country=US\t[37.7510, -97.8220, 0.0000] \ud83c\udf10\ngeo_point\tgeo_52.37590_4.89750\tcity=Amsterdam, country=NL\t[52.3759, 4.8975, 0.0000] \ud83c\udf10\ngeo_point\tgeo_51.50810_-0.12780\tcity=Manchester, country=GB\t[51.5081, -0.1278, 0.0000] \ud83c\udf10\ngeo_point\tgeo_32.77970_-96.80220\tcity=Dallas, country=US\t[32.7797, -96.8022, 0.0000] \ud83c\udf10\ngeo_point\tgeo_-20.01650_-44.43390\tcity=Mateus Leme, country=BR\t[-20.0165, -44.4339, 0.0000] \ud83c\udf10\ngeo_point\tgeo_1.29390_103.84610\tcity=Singapore, country=SG\t[1.2939, 103.8461, 0.0000] \ud83c\udf10\ngeo_point\tgeo_39.04690_-77.49030\tcity=Ashburn, country=US\t[39.0469, -77.4903, 0.0000] \ud83c\udf10\ngeo_point\tgeo_45.99680_24.99700\tcity=, country=RO\t[45.9968, 24.9970, 0.0000] \ud83c\udf10\ngeo_point\tgeo_52.38240_4.89950\tcity=, country=NL\t[52.3824, 4.8995, 0.0000] \ud83c\udf10\ngeo_point\tgeo_34.77320_113.72200\tcity=, country=CN\t[34.7732, 113.7220, 0.0000] \ud83c\udf10\ngeo_point\tgeo_-34.92820_138.59990\tcity=Adelaide, country=AU\t[-34.9282, 138.5999, 0.0000] \ud83c\udf10\ngeo_point\tgeo_-23.54750_-46.63610\tcity=S\u00e3o Paulo, country=BR\t[-23.5475, -46.6361, 0.0000] \ud83c\udf10\ngeo_point\tgeo_52.43630_4.82770\tcity=Zaandam, country=NL\t[52.4363, 4.8277, 0.0000] \ud83c\udf10\ngeo_point\tgeo_37.51120_126.97410\tcity=, country=KR\t[37.5112, 126.9741, 0.0000] \ud83c\udf10\ngeo_point\tgeo_-6.03420_106.08420\tcity=Serang, country=ID\t[-6.0342, 106.0842, 0.0000] \ud83c\udf10\ngeo_point\tgeo_50.11690_8.68370\tcity=Frankfurt am Main, country=DE\t[50.1169, 8.6837, 0.0000] \ud83c\udf10\ngeo_point\tgeo_36.06100_120.38140\tcity=Qingdao, country=CN\t[36.0610, 120.3814, 0.0000] \ud83c\udf10\ngeo_point\tgeo_31.22220_121.45810\tcity=Shanghai, country=CN\t[31.2222, 121.4581, 0.0000] \ud83c\udf10\ngeo_point\tgeo_33.74850_-84.38710\tcity=Atlanta, country=US\t[33.7485, -84.3871, 0.0000] \ud83c\udf10\ngeo_point\tgeo_24.00000_121.00000\tcity=, country=TW\t[24.0000, 121.0000, 0.0000] \ud83c\udf10\ngeo_point\tgeo_50.88970_6.05630\tcity=Eygelshoven, country=NL\t[50.8897, 6.0563, 0.0000] \ud83c\udf10\ngeo_point\tgeo_52.51960_13.40690\tcity=Berlin, country=DE\t[52.5196, 13.4069, 0.0000] \ud83c\udf10\ngeo_point\tgeo_50.08830_14.41240\tcity=Prague, country=CZ\t[50.0883, 14.4124, 0.0000] \ud83c\udf10\ngeo_point\tgeo_47.61090_-122.33030\tcity=Seattle, country=US\t[47.6109, -122.3303, 0.0000] \ud83c\udf10\ngeo_point\tgeo_34.05440_-118.24400\tcity=Los Angeles, country=US\t[34.0544, -118.2440, 0.0000] \ud83c\udf10\ngeo_point\tgeo_51.49640_-0.12240\tcity=, country=GB\t[51.4964, -0.1224, 0.0000] \ud83c\udf10\ngeo_point\tgeo_24.14400_120.68440\tcity=Taichung, country=TW\t[24.1440, 120.6844, 0.0000] \ud83c\udf10\ngeo_point\tgeo_32.94730_-96.70280\tcity=Richardson, country=US\t[32.9473, -96.7028, 0.0000] \ud83c\udf10\nhost\thost:195.123.246.80\tbytes=528, city=Prague, country=CZ, ip=195.123.246.80, org=Green Floid LLC\t[50.0883, 14.4124, 0.0000] \ud83c\udf10\nhost\thost:18.153.49.6\tbytes=164, city=Frankfurt am Main, country=DE, ip=18.153.49.6, org=Amazon.com, Inc.\t[50.1169, 8.6837, 0.0000] \ud83c\udf10\nhost\thost:148.72.247.49\tbytes=148, city=Singapore, country=SG, ip=148.72.247.49, org=GoDaddy.com, LLC\t[1.2939, 103.8461, 0.0000] \ud83c\udf10\nhost\thost:211.251.245.88\tbytes=120, city=, country=KR, ip=211.251.245.88, org=Korea Telecom\t[37.5112, 126.9741, 0.0000] \ud83c\udf10\nhost\thost:87.236.176.214\tbytes=918, city=, country=GB, ip=87.236.176.214, org=Driftnet Ltd\t[51.4964, -0.1224, 0.0000] \ud83c\udf10\nhost\thost:74.7.175.174\tbytes=5,733, city=Atlanta, country=US, ip=74.7.175.174, org=Microsoft Corporation\t[33.7485, -84.3871, 0.0000] \ud83c\udf10\nhost\thost:70.54.182.130\tbytes=132, city=Toronto, country=CA, ip=70.54.182.130, org=Bell Canada\t[43.7154, -79.3896, 0.0000] \ud83c\udf10\nhost\thost:103.25.56.113\tbytes=100, city=Adelaide, country=AU, ip=103.25.56.113, org=Host Universal Pty Ltd\t[-34.9282, 138.5999, 0.0000] \ud83c\udf10\nhost\thost:107.189.27.59\tbytes=198, city=Zaandam, country=NL, ip=107.189.27.59, org=RouterHosting LLC\t[52.4363, 4.8277, 0.0000] \ud83c\udf10\nhost\thost:46.151.178.13\tbytes=166, city=, country=NL, ip=46.151.178.13, org=Sino Worldwide Trading Limited\t[52.3824, 4.8995, 0.0000] \ud83c\udf10\nhost\thost:89.190.156.78\tbytes=5,849, city=Amsterdam, country=NL, ip=89.190.156.78, org=Alsycon B.V.\t[52.3759, 4.8975, 0.0000] \ud83c\udf10\nhost\thost:3.126.146.176\tbytes=164, city=Frankfurt am Main, country=DE, ip=3.126.146.176, org=Amazon.com, Inc.\t[50.1169, 8.6837, 0.0000] \ud83c\udf10\nhost\thost:104.21.7.232\tbytes=7,606, ip=104.21.7.232\t\nhost\thost:5.181.20.206\tbytes=100, city=, country=GB, ip=5.181.20.206, org=WorkTitans B.V.\t[51.4964, -0.1224, 0.0000] \ud83c\udf10\nhost\thost:92.118.39.195\tbytes=120, city=, country=RO, ip=92.118.39.195, org=Unmanaged Ltd\t[45.9968, 24.9970, 0.0000] \ud83c\udf10\nhost\thost:2.57.122.193\tbytes=7,406, city=, country=RO, ip=2.57.122.193, org=Unmanaged Ltd\t[45.9968, 24.9970, 0.0000] \ud83c\udf10\nhost\thost:45.148.10.152\tbytes=172, city=Amsterdam, country=NL, ip=45.148.10.152, org=Techoff Srv Limited\t[52.3759, 4.8975, 0.0000] \ud83c\udf10\nhost\thost:66.228.53.78\tbytes=43,611, city=Richardson, country=US, ip=66.228.53.78, org=Akamai Connected Cloud\t[32.9473, -96.7028, 0.0000] \ud83c\udf10\nhost\thost:183.202.141.98\tbytes=148, city=, country=CN, ip=183.202.141.98, org=China Mobile communications corporation\t[34.7732, 113.7220, 0.0000] \ud83c\udf10\nhost\thost:81.29.142.50\tbytes=344, city=, country=RU, ip=81.29.142.50, org=LLC Applied Computational Technologies\t[55.7386, 37.6068, 0.0000] \ud83c\udf10\nhost\thost:104.194.149.41\tbytes=132, city=, country=GB, ip=104.194.149.41, org='Tornado Datacenter GmbH & Co. KG'\t[51.4964, -0.1224, 0.0000] \ud83c\udf10\nhost\thost:170.187.163.133\tbytes=112, city=Cedar Knolls, country=US, ip=170.187.163.133, org=Akamai Connected Cloud\t[40.8229, -74.4592, 0.0000] \ud83c\udf10\nhost\thost:45.227.254.170\tbytes=6,094, city=, country=PA, ip=45.227.254.170, org=Flyservers S.A.\t[9.0000, -80.0000, 0.0000] \ud83c\udf10\nhost\thost:172.234.197.23\tbytes=164, city=Chicago, country=US, ip=172.234.197.23, org=Akamai Connected Cloud\t[41.8835, -87.6305, 0.0000] \ud83c\udf10\nhost\thost:192.119.111.204\tbytes=462, city=, country=US, ip=192.119.111.204, org=Hostwinds LLC.\t[37.7510, -97.8220, 0.0000] \ud83c\udf10\nhost\thost:195.211.96.85\tbytes=528, city=Seattle, country=US, ip=195.211.96.85, org=Green Floid LLC\t[47.6109, -122.3303, 0.0000] \ud83c\udf10\nhost\thost:74.82.47.3\tbytes=857, city=Gunnison, country=US, ip=74.82.47.3, org=Hurricane Electric LLC\t[39.1593, -111.8190, 0.0000] \ud83c\udf10\nhost\thost:124.129.100.19\tbytes=148, city=Qingdao, country=CN, ip=124.129.100.19, org=CHINA UNICOM China169 Backbone\t[36.0610, 120.3814, 0.0000] \ud83c\udf10\nhost\thost:3.223.134.5\tbytes=11,765, city=Ashburn, country=US, ip=3.223.134.5, org=Amazon.com, Inc.\t[39.0469, -77.4903, 0.0000] \ud83c\udf10\nhost\thost:45.178.249.135\tbytes=148, city=Mateus Leme, country=BR, ip=45.178.249.135, org=UNIVERSO FIBER COMUNICACAO MULTIMIDIA\t[-20.0165, -44.4339, 0.0000] \ud83c\udf10\nhost\thost:34.197.28.78\tbytes=8,622, city=Ashburn, country=US, ip=34.197.28.78, org=Amazon.com, Inc.\t[39.0469, -77.4903, 0.0000] \ud83c\udf10\nhost\thost:172.236.228.38\tbytes=43,875, city=Los Angeles, country=US, ip=172.236.228.38, org=Akamai Connected Cloud\t[34.0544, -118.2440, 0.0000] \ud83c\udf10\nhost\thost:2.57.122.196\tbytes=7,102, city=, country=RO, ip=2.57.122.196, org=Unmanaged Ltd\t[45.9968, 24.9970, 0.0000] \ud83c\udf10\nhost\thost:5.34.178.101\tbytes=462, city=Miami, country=US, ip=5.34.178.101, org=Green Floid LLC\t[25.7701, -80.1928, 0.0000] \ud83c\udf10\nhost\thost:92.118.39.23\tbytes=172, city=Dallas, country=US, ip=92.118.39.23, org=Unmanaged Ltd\t[32.7797, -96.8022, 0.0000] \ud83c\udf10\nhost\thost:92.118.39.235\tbytes=6,230, city=, country=RO, ip=92.118.39.235, org=Unmanaged Ltd\t[45.9968, 24.9970, 0.0000] \ud83c\udf10\nhost\thost:63.179.136.145\tbytes=164, city=Frankfurt am Main, country=DE, ip=63.179.136.145, org=Amazon.com, Inc.\t[50.1169, 8.6837, 0.0000] \ud83c\udf10\nhost\thost:172.232.0.17\tbytes=282, city=Chicago, country=US, ip=172.232.0.17, org=Akamai Connected Cloud\t[41.8835, -87.6305, 0.0000] \ud83c\udf10\nhost\thost:74.7.243.62\tbytes=30,151, city=Atlanta, country=US, ip=74.7.243.62, org=Microsoft Corporation\t[33.7485, -84.3871, 0.0000] \ud83c\udf10\nhost\thost:185.125.190.56\tbytes=180, city=, country=GB, ip=185.125.190.56, org=Canonical Group Limited\t[51.4964, -0.1224, 0.0000] \ud83c\udf10\nhost\thost:45.61.133.121\tbytes=1,282, city=Las Vegas, country=US, ip=45.61.133.121, org=RouterHosting LLC\t[36.1020, -115.1447, 0.0000] \ud83c\udf10\nhost\thost:74.7.243.19\tbytes=6,394, city=Atlanta, country=US, ip=74.7.243.19, org=Microsoft Corporation\t[33.7485, -84.3871, 0.0000] \ud83c\udf10\nhost\thost:213.209.159.56\tbytes=5,100, city=, country=TW, ip=213.209.159.56, org=Feo Prest SRL\t[24.0000, 121.0000, 0.0000] \ud83c\udf10\nhost\thost:185.247.137.6\tbytes=1,394, city=Manchester, country=GB, ip=185.247.137.6, org=Driftnet Ltd\t[51.5081, -0.1278, 0.0000] \ud83c\udf10\nhost\thost:51.224.22.45\tbytes=164, city=Berlin, country=DE, ip=51.224.22.45, org=Amazon.com, Inc.\t[52.5196, 13.4069, 0.0000] \ud83c\udf10\nhost\thost:103.81.111.187\tbytes=148, city=Serang, country=ID, ip=103.81.111.187, org=PT Fiber Data Nusantara\t[-6.0342, 106.0842, 0.0000] \ud83c\udf10\nhost\thost:106.107.248.155\tbytes=4,775, city=Taichung, country=TW, ip=106.107.248.155, org=Digital United Inc.\t[24.1440, 120.6844, 0.0000] \ud83c\udf10\nhost\thost:103.155.16.117\tbytes=84, city=Singapore, country=SG, ip=103.155.16.117, org=Kaopu Cloud HK Limited\t[1.2939, 103.8461, 0.0000] \ud83c\udf10\nhost\thost:52.232.35.131\tbytes=5,584, city=Amsterdam, country=NL, ip=52.232.35.131, org=Microsoft Corporation\t[52.3759, 4.8975, 0.0000] \ud83c\udf10\nhost\thost:74.7.242.172\tbytes=8,452, city=Atlanta, country=US, ip=74.7.242.172, org=Microsoft Corporation\t[33.7485, -84.3871, 0.0000] \ud83c\udf10\nhost\thost:185.247.137.22\tbytes=3,516, city=Manchester, country=GB, ip=185.247.137.22, org=Driftnet Ltd\t[51.5081, -0.1278, 0.0000] \ud83c\udf10\nhost\thost:45.156.87.254\tbytes=612, city=Eygelshoven, country=NL, ip=45.156.87.254, org=Pfcloud UG (haftungsbeschrankt)\t[50.8897, 6.0563, 0.0000] \ud83c\udf10\nhost\thost:45.153.34.112\tbytes=816, city=Eygelshoven, country=NL, ip=45.153.34.112, org=Pfcloud UG (haftungsbeschrankt)\t[50.8897, 6.0563, 0.0000] \ud83c\udf10\nhost\thost:45.148.10.157\tbytes=6,406, city=Amsterdam, country=NL, ip=45.148.10.157, org=Techoff Srv Limited\t[52.3759, 4.8975, 0.0000] \ud83c\udf10\nhost\thost:2.57.122.194\tbytes=292, city=, country=RO, ip=2.57.122.194, org=Unmanaged Ltd\t[45.9968, 24.9970, 0.0000] \ud83c\udf10\nhost\thost:74.7.242.149\tbytes=8,773, city=Atlanta, country=US, ip=74.7.242.149, org=Microsoft Corporation\t[33.7485, -84.3871, 0.0000] \ud83c\udf10\nhost\thost:91.204.208.35\tbytes=648, city=, country=GB, ip=91.204.208.35, org=Enix Ltd\t[51.4964, -0.1224, 0.0000] \ud83c\udf10\nhost\thost:162.214.75.117\tbytes=5,296, city=, country=US, ip=162.214.75.117, org=Unified Layer\t[37.7510, -97.8220, 0.0000] \ud83c\udf10\nhost\thost:43.157.180.116\tbytes=27,182, city=S\u00e3o Paulo, country=BR, ip=43.157.180.116, org=Tencent Building, Kejizhongyi Avenue\t[-23.5475, -46.6361, 0.0000] \ud83c\udf10\nhost\thost:51.224.145.102\tbytes=164, city=Berlin, country=DE, ip=51.224.145.102, org=Amazon.com, Inc.\t[52.5196, 13.4069, 0.0000] \ud83c\udf10\nhost\thost:104.194.145.47\tbytes=462, city=, country=GB, ip=104.194.145.47, org='Tornado Datacenter GmbH & Co. KG'\t[51.4964, -0.1224, 0.0000] \ud83c\udf10\nhost\thost:180.167.128.203\tbytes=228, city=Shanghai, country=CN, ip=180.167.128.203, org=China Telecom Group\t[31.2222, 121.4581, 0.0000] \ud83c\udf10\nhost\thost:185.247.137.206\tbytes=1,340, city=Manchester, country=GB, ip=185.247.137.206, org=Driftnet Ltd\t[51.5081, -0.1278, 0.0000] \ud83c\udf10\nhost\thost:34.198.2.0\tbytes=5,172, city=Ashburn, country=US, ip=34.198.2.0, org=Amazon.com, Inc.\t[39.0469, -77.4903, 0.0000] \ud83c\udf10\nhost\thost:45.33.109.10\tbytes=658, city=Fremont, country=US, ip=45.33.109.10, org=Akamai Connected Cloud\t[37.5625, -122.0004, 0.0000] \ud83c\udf10\nhost\thost:40.77.167.70\tbytes=24,439, city=Boydton, country=US, ip=40.77.167.70, org=Microsoft Corporation\t[36.6694, -78.3877, 0.0000] \ud83c\udf10\norg\torg:Alsycon B.V.\tname=Alsycon B.V.\t\norg\torg:China Mobile communications corporation\tname=China Mobile communications corporation\t\norg\torg:Green Floid LLC\tname=Green Floid LLC\t\norg\torg:Host Universal Pty Ltd\tname=Host Universal Pty Ltd\t\norg\torg:Sino Worldwide Trading Limited\tname=Sino Worldwide Trading Limited\t\norg\torg:Amazon.com, Inc.\tname=Amazon.com, Inc.\t\norg\torg:UNIVERSO FIBER COMUNICACAO MULTIMIDIA\tname=UNIVERSO FIBER COMUNICACAO MULTIMIDIA\t\norg\torg:China Telecom Group\tname=China Telecom Group\t\norg\torg:Pfcloud UG (haftungsbeschrankt)\tname=Pfcloud UG (haftungsbeschrankt)\t\norg\torg:Bell Canada\tname=Bell Canada\t\norg\torg:CHINA UNICOM China169 Backbone\tname=CHINA UNICOM China169 Backbone\t\norg\torg:Hurricane Electric LLC\tname=Hurricane Electric LLC\t\norg\torg:Digital United Inc.\tname=Digital United Inc.\t\norg\torg:RouterHosting LLC\tname=RouterHosting LLC\t\norg\torg:Flyservers S.A.\tname=Flyservers S.A.\t\norg\torg:Driftnet Ltd\tname=Driftnet Ltd\t\norg\torg:LLC Applied Computational Technologies\tname=LLC Applied Computational Technologies\t\norg\torg:Unified Layer\tname=Unified Layer\t\norg\torg:Akamai Connected Cloud\tname=Akamai Connected Cloud\t\norg\torg:Feo Prest SRL\tname=Feo Prest SRL\t\norg\torg:Korea Telecom\tname=Korea Telecom\t\norg\torg:Enix Ltd\tname=Enix Ltd\t\norg\torg:Techoff Srv Limited\tname=Techoff Srv Limited\t\norg\torg:Hostwinds LLC.\tname=Hostwinds LLC.\t\norg\torg:Tencent Building, Kejizhongyi Avenue\tname=Tencent Building, Kejizhongyi Avenue\t\norg\torg:PT Fiber Data Nusantara\tname=PT Fiber Data Nusantara\t\norg\torg:Canonical Group Limited\tname=Canonical Group Limited\t\norg\torg:'Tornado Datacenter GmbH & Co. KG'\tname='Tornado Datacenter GmbH & Co. KG'\t\norg\torg:WorkTitans B.V.\tname=WorkTitans B.V.\t\norg\torg:GoDaddy.com, LLC\tname=GoDaddy.com, LLC\t\norg\torg:Unmanaged Ltd\tname=Unmanaged Ltd\t\norg\torg:Microsoft Corporation\tname=Microsoft Corporation\t\norg\torg:Kaopu Cloud HK Limited\tname=Kaopu Cloud HK Limited\t\npcap_artifact\tPCAP:capture_20260506140001:5d47d72c8963\tfile_size=12,327, filename=capture_20260506140001.pcap, ingested_at=2026-05-06T14:41:21.856035+00:00\t\npcap_artifact\tPCAP:capture_20260506130001:193918cc1ff8\tfile_size=27,099, filename=capture_20260506130001.pcap, ingested_at=2026-05-06T14:41:15.733842+00:00\t\npcap_artifact\tPCAP:capture_20260506040001:e9f965e38ce8\tfile_size=42,890, filename=capture_20260506040001.pcap, ingested_at=2026-05-06T14:40:52.402252+00:00\t\npcap_artifact\tPCAP:capture_20260506060001:f9f9110b5bb4\tfile_size=53,007, filename=capture_20260506060001.pcap, ingested_at=2026-05-06T14:40:58.749611+00:00\t\npcap_artifact\tPCAP:capture_20260506020001:cb849d7e9012\tfile_size=2,675, filename=capture_20260506020001.pcap, ingested_at=2026-05-06T14:40:47.995976+00:00\t\npcap_artifact\tPCAP:capture_20260506120001:ed45599fcb5b\tfile_size=3,909, filename=capture_20260506120001.pcap, ingested_at=2026-05-06T14:41:13.901032+00:00\t\npcap_artifact\tPCAP:capture_20260506070001:142364cf903b\tfile_size=15,076, filename=capture_20260506070001.pcap, ingested_at=2026-05-06T14:41:01.782650+00:00\t\npcap_artifact\tPCAP:capture_20260506110001:db30e8f19576\tfile_size=20,515, filename=capture_20260506110001.pcap, ingested_at=2026-05-06T14:41:10.971622+00:00\t\npcap_artifact\tPCAP:capture_20260506030001:5cc356b1b859\tfile_size=36,030, filename=capture_20260506030001.pcap, ingested_at=2026-05-06T14:40:50.018439+00:00\t\npcap_artifact\tPCAP:capture_20260506050001:4dfc529b4866\tfile_size=26,939, filename=capture_20260506050001.pcap, ingested_at=2026-05-06T14:40:56.603101+00:00\t\npcap_artifact\tPCAP:capture_20260506090001:f14948ae9de4\tfile_size=93,904, filename=capture_20260506090001.pcap, ingested_at=2026-05-06T14:41:05.809118+00:00\t\npcap_artifact\tPCAP:capture_20260506100001:1dcaef79479b\tfile_size=46,170, filename=capture_20260506100001.pcap, ingested_at=2026-05-06T14:41:09.220298+00:00\t\npcap_artifact\tPCAP:capture_20260506080002:53e6ba03f554\tfile_size=46,822, filename=capture_20260506080002.pcap, ingested_at=2026-05-06T14:41:03.997750+00:00\t\nport_hub\tport:tcp:22\tport=22, proto=tcp\t\nport_hub\tport:tcp:9360\tport=9,360, proto=tcp\t\nport_hub\tport:tcp:41574\tport=41,574, proto=tcp\t\nport_hub\tport:tcp:18739\tport=18,739, proto=tcp\t\nport_hub\tport:tcp:43722\tport=43,722, proto=tcp\t\nport_hub\tport:tcp:26966\tport=26,966, proto=tcp\t\nport_hub\tport:tcp:57742\tport=57,742, proto=tcp\t\nport_hub\tport:tcp:3392\tport=3,392, proto=tcp\t\nport_hub\tport:tcp:59950\tport=59,950, proto=tcp\t\nport_hub\tport:tcp:52976\tport=52,976, proto=tcp\t\nport_hub\tport:tcp:10004\tport=10,004, proto=tcp\t\nport_hub\tport:tcp:23\tport=23, proto=tcp\t\nport_hub\tport:tcp:21\tport=21, proto=tcp\t\nport_hub\tport:tcp:48929\tport=48,929, proto=tcp\t\nport_hub\tport:tcp:50248\tport=50,248, proto=tcp\t\nport_hub\tport:tcp:54624\tport=54,624, proto=tcp\t\nport_hub\tport:tcp:58020\tport=58,020, proto=tcp\t\nport_hub\tport:tcp:40232\tport=40,232, proto=tcp\t\nport_hub\tport:tcp:63631\tport=63,631, proto=tcp\t\nport_hub\tport:tcp:443\tport=443, proto=tcp\t\nport_hub\tport:tcp:50746\tport=50,746, proto=tcp\t\nport_hub\tport:tcp:8088\tport=8,088, proto=tcp\t\nport_hub\tport:tcp:60604\tport=60,604, proto=tcp\t\nport_hub\tport:udp:53\tport=53, proto=udp\t\nport_hub\tport:tcp:18694\tport=18,694, proto=tcp\t\nport_hub\tport:tcp:37168\tport=37,168, proto=tcp\t\nport_hub\tport:udp:123\tport=123, proto=udp\t\nport_hub\tport:tcp:58327\tport=58,327, proto=tcp\t\nport_hub\tport:tcp:42116\tport=42,116, proto=tcp\t\nprotocol_event\tpe:tls:SESSION-48b1abbe41658d68\tevent_type=TLS_SESSION, packet_count=8, session=SESSION-48b1abbe41658d68\t\nprotocol_event\tpe:syn:SESSION-51d7b5d9b2653285\tcount=2, event_type=TCP_SYN, session=SESSION-51d7b5d9b2653285\t\nprotocol_event\tpe:syn:SESSION-bb28c78a797947d2\tcount=2, event_type=TCP_SYN, session=SESSION-bb28c78a797947d2\t\nprotocol_event\tpe:dns:SESSION-79b2777978dd27ca\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-79b2777978dd27ca\t\nprotocol_event\tpe:syn:SESSION-9273bd2df9f7c64b\tcount=2, event_type=TCP_SYN, session=SESSION-9273bd2df9f7c64b\t\nprotocol_event\tpe:syn:SESSION-cb177f6b8a87aae0\tcount=2, event_type=TCP_SYN, session=SESSION-cb177f6b8a87aae0\t\nprotocol_event\tpe:syn:SESSION-c0f54da92702e4ac\tcount=2, event_type=TCP_SYN, session=SESSION-c0f54da92702e4ac\t\nprotocol_event\tpe:syn:SESSION-ec3a8cbc58b1e5f2\tcount=2, event_type=TCP_SYN, session=SESSION-ec3a8cbc58b1e5f2\t\nprotocol_event\tpe:rst:SESSION-c0f54da92702e4ac\tcount=3, event_type=TCP_RST, session=SESSION-c0f54da92702e4ac\t\nprotocol_event\tpe:dns:SESSION-7a22528435ec40e3\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-7a22528435ec40e3\t\nprotocol_event\tpe:syn:SESSION-02436cab82ff2be9\tcount=2, event_type=TCP_SYN, session=SESSION-02436cab82ff2be9\t\nprotocol_event\tpe:tls:SESSION-ee97936cb69b9d13\tevent_type=TLS_SESSION, packet_count=21, session=SESSION-ee97936cb69b9d13\t\nprotocol_event\tpe:tls:SESSION-b9b9c8c14f596810\tevent_type=TLS_SESSION, packet_count=15, session=SESSION-b9b9c8c14f596810\t\nprotocol_event\tpe:tls:SESSION-dd0bfa1ac17855c2\tevent_type=TLS_SESSION, packet_count=42, session=SESSION-dd0bfa1ac17855c2\t\nprotocol_event\tpe:tls:SESSION-9bfef0c13717a796\tevent_type=TLS_SESSION, packet_count=2, session=SESSION-9bfef0c13717a796\t\nprotocol_event\tpe:rst:SESSION-34a7e03bf798caf5\tcount=2, event_type=TCP_RST, session=SESSION-34a7e03bf798caf5\t\nprotocol_event\tpe:rst:SESSION-f0b8de3575b1c3f3\tcount=8, event_type=TCP_RST, session=SESSION-f0b8de3575b1c3f3\t\nprotocol_event\tpe:tls:SESSION-34b2326f558473f5\tevent_type=TLS_SESSION, packet_count=4, session=SESSION-34b2326f558473f5\t\nprotocol_event\tpe:rst:SESSION-d05fb923cf4a0ee4\tcount=4, event_type=TCP_RST, session=SESSION-d05fb923cf4a0ee4\t\nprotocol_event\tpe:tls:SESSION-12e4996e91ea82c2\tevent_type=TLS_SESSION, packet_count=7, session=SESSION-12e4996e91ea82c2\t\nprotocol_event\tpe:dns:SESSION-4390daf7eeef0d52\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-4390daf7eeef0d52\t\nprotocol_event\tpe:syn:SESSION-45458b9765283300\tcount=2, event_type=TCP_SYN, session=SESSION-45458b9765283300\t\nprotocol_event\tpe:rst:SESSION-5b5e9844e8d91210\tcount=8, event_type=TCP_RST, session=SESSION-5b5e9844e8d91210\t\nprotocol_event\tpe:syn:SESSION-00e01dcc7487e071\tcount=2, event_type=TCP_SYN, session=SESSION-00e01dcc7487e071\t\nprotocol_event\tpe:dns:SESSION-ddee689ce64bb7f1\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-ddee689ce64bb7f1\t\nprotocol_event\tpe:tls:SESSION-868e23b316c7b0f8\tevent_type=TLS_SESSION, packet_count=5, session=SESSION-868e23b316c7b0f8\t\nprotocol_event\tpe:rst:SESSION-93717221407cc62b\tcount=2, event_type=TCP_RST, session=SESSION-93717221407cc62b\t\nprotocol_event\tpe:dns:SESSION-7155cec198655999\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-7155cec198655999\t\nprotocol_event\tpe:rst:SESSION-06c2cef68b8aaa66\tcount=6, event_type=TCP_RST, session=SESSION-06c2cef68b8aaa66\t\nprotocol_event\tpe:tls:SESSION-9273bd2df9f7c64b\tevent_type=TLS_SESSION, packet_count=33, session=SESSION-9273bd2df9f7c64b\t\nprotocol_event\tpe:syn:SESSION-88b7a3fbe4aa9c73\tcount=2, event_type=TCP_SYN, session=SESSION-88b7a3fbe4aa9c73\t\nprotocol_event\tpe:tls:SESSION-5012aad9b09bf0eb\tevent_type=TLS_SESSION, packet_count=2, session=SESSION-5012aad9b09bf0eb\t\nprotocol_event\tpe:dns:SESSION-395abcc328361cc1\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-395abcc328361cc1\t\nprotocol_event\tpe:tls:SESSION-0086120f9ffcd7cf\tevent_type=TLS_SESSION, packet_count=2, session=SESSION-0086120f9ffcd7cf\t\nprotocol_event\tpe:dns:SESSION-acef8d31e86c7acd\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-acef8d31e86c7acd\t\nprotocol_event\tpe:dns:SESSION-63905cf2a7bf050e\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-63905cf2a7bf050e\t\nprotocol_event\tpe:syn:SESSION-3edcaa2f576ed9ad\tcount=2, event_type=TCP_SYN, session=SESSION-3edcaa2f576ed9ad\t\nprotocol_event\tpe:rst:SESSION-64cf3cf6299680da\tcount=1, event_type=TCP_RST, session=SESSION-64cf3cf6299680da\t\nprotocol_event\tpe:syn:SESSION-51e53ba41d3daf57\tcount=2, event_type=TCP_SYN, session=SESSION-51e53ba41d3daf57\t\nprotocol_event\tpe:syn:SESSION-8e6dba6c98daea8c\tcount=2, event_type=TCP_SYN, session=SESSION-8e6dba6c98daea8c\t\nprotocol_event\tpe:dns:SESSION-2afb3b9c44db3352\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-2afb3b9c44db3352\t\nprotocol_event\tpe:tls:SESSION-f52f57c02498535b\tevent_type=TLS_SESSION, packet_count=7, session=SESSION-f52f57c02498535b\t\nprotocol_event\tpe:syn:SESSION-51919fc68b872311\tcount=2, event_type=TCP_SYN, session=SESSION-51919fc68b872311\t\nprotocol_event\tpe:syn:SESSION-8f6eea3c975ecf64\tcount=2, event_type=TCP_SYN, session=SESSION-8f6eea3c975ecf64\t\nprotocol_event\tpe:tls:SESSION-fa3c66e6c8c7cc27\tevent_type=TLS_SESSION, packet_count=10, session=SESSION-fa3c66e6c8c7cc27\t\nprotocol_event\tpe:syn:SESSION-a6c427a7783be300\tcount=2, event_type=TCP_SYN, session=SESSION-a6c427a7783be300\t\nprotocol_event\tpe:tls:SESSION-ec3a8cbc58b1e5f2\tevent_type=TLS_SESSION, packet_count=28, session=SESSION-ec3a8cbc58b1e5f2\t\nprotocol_event\tpe:tls:SESSION-e96b201766459115\tevent_type=TLS_SESSION, packet_count=7, session=SESSION-e96b201766459115\t\nprotocol_event\tpe:tls:SESSION-9931d5e5bc996b57\tevent_type=TLS_SESSION, packet_count=8, session=SESSION-9931d5e5bc996b57\t\nprotocol_event\tpe:syn:SESSION-d68993c6291186b3\tcount=4, event_type=TCP_SYN, session=SESSION-d68993c6291186b3\t\nprotocol_event\tpe:tls:SESSION-54190c4a9018c8b2\tevent_type=TLS_SESSION, packet_count=26, session=SESSION-54190c4a9018c8b2\t\nprotocol_event\tpe:rst:SESSION-1b2f39e4e24dfa1e\tcount=3, event_type=TCP_RST, session=SESSION-1b2f39e4e24dfa1e\t\nprotocol_event\tpe:dns:SESSION-f29056eb8e4d0543\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-f29056eb8e4d0543\t\nprotocol_event\tpe:syn:SESSION-1b2f39e4e24dfa1e\tcount=2, event_type=TCP_SYN, session=SESSION-1b2f39e4e24dfa1e\t\nprotocol_event\tpe:tls:SESSION-8f6eea3c975ecf64\tevent_type=TLS_SESSION, packet_count=24, session=SESSION-8f6eea3c975ecf64\t\nprotocol_event\tpe:dns:SESSION-de4dfe84e12d6d3a\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-de4dfe84e12d6d3a\t\nprotocol_event\tpe:tls:SESSION-608e54dcb808ad4f\tevent_type=TLS_SESSION, packet_count=2, session=SESSION-608e54dcb808ad4f\t\nprotocol_event\tpe:syn:SESSION-b9b9c8c14f596810\tcount=2, event_type=TCP_SYN, session=SESSION-b9b9c8c14f596810\t\nprotocol_event\tpe:dns:SESSION-b58bf26b90688bb4\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-b58bf26b90688bb4\t\nprotocol_event\tpe:rst:SESSION-b45740c93fb46f4f\tcount=1, event_type=TCP_RST, session=SESSION-b45740c93fb46f4f\t\nprotocol_event\tpe:dns:SESSION-54b06c4ee1c885b8\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-54b06c4ee1c885b8\t\nprotocol_event\tpe:syn:SESSION-441a69db47f1f67e\tcount=2, event_type=TCP_SYN, session=SESSION-441a69db47f1f67e\t\nprotocol_event\tpe:tls:SESSION-60d15048f5022601\tevent_type=TLS_SESSION, packet_count=22, session=SESSION-60d15048f5022601\t\nprotocol_event\tpe:rst:SESSION-ce73b8d8d0c5eb5d\tcount=1, event_type=TCP_RST, session=SESSION-ce73b8d8d0c5eb5d\t\nprotocol_event\tpe:dns:SESSION-90d6ffa3c7df5be4\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-90d6ffa3c7df5be4\t\nprotocol_event\tpe:tls:SESSION-51e53ba41d3daf57\tevent_type=TLS_SESSION, packet_count=15, session=SESSION-51e53ba41d3daf57\t\nprotocol_event\tpe:rst:SESSION-06f3798479e59b72\tcount=1, event_type=TCP_RST, session=SESSION-06f3798479e59b72\t\nprotocol_event\tpe:dns:SESSION-49ed4f4a29cfb6b3\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-49ed4f4a29cfb6b3\t\nprotocol_event\tpe:syn:SESSION-d05fb923cf4a0ee4\tcount=2, event_type=TCP_SYN, session=SESSION-d05fb923cf4a0ee4\t\nprotocol_event\tpe:syn:SESSION-c5aeac75f92d444f\tcount=2, event_type=TCP_SYN, session=SESSION-c5aeac75f92d444f\t\nprotocol_event\tpe:dns:SESSION-f57befbbc9509b01\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-f57befbbc9509b01\t\nprotocol_event\tpe:syn:SESSION-eda5f2c165ee908a\tcount=2, event_type=TCP_SYN, session=SESSION-eda5f2c165ee908a\t\nprotocol_event\tpe:tls:SESSION-51919fc68b872311\tevent_type=TLS_SESSION, packet_count=46, session=SESSION-51919fc68b872311\t\nprotocol_event\tpe:dns:SESSION-c041b784113284dc\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-c041b784113284dc\t\nprotocol_event\tpe:rst:SESSION-60c9f814ed617fcc\tcount=1, event_type=TCP_RST, session=SESSION-60c9f814ed617fcc\t\nprotocol_event\tpe:tls:SESSION-45458b9765283300\tevent_type=TLS_SESSION, packet_count=21, session=SESSION-45458b9765283300\t\nprotocol_event\tpe:tls:SESSION-7549dce926e94eea\tevent_type=TLS_SESSION, packet_count=15, session=SESSION-7549dce926e94eea\t\nprotocol_event\tpe:dns:SESSION-9921af6a5702b3bf\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-9921af6a5702b3bf\t\nprotocol_event\tpe:syn:SESSION-0f1fcc9050279648\tcount=2, event_type=TCP_SYN, session=SESSION-0f1fcc9050279648\t\nprotocol_event\tpe:tls:SESSION-a13a17be1b938278\tevent_type=TLS_SESSION, packet_count=2, session=SESSION-a13a17be1b938278\t\nprotocol_event\tpe:syn:SESSION-60c9f814ed617fcc\tcount=2, event_type=TCP_SYN, session=SESSION-60c9f814ed617fcc\t\nprotocol_event\tpe:syn:SESSION-386b135d546c92f7\tcount=2, event_type=TCP_SYN, session=SESSION-386b135d546c92f7\t\nprotocol_event\tpe:tls:SESSION-e123b6403f799b1d\tevent_type=TLS_SESSION, packet_count=41, session=SESSION-e123b6403f799b1d\t\nprotocol_event\tpe:syn:SESSION-d4b585270ad704cf\tcount=2, event_type=TCP_SYN, session=SESSION-d4b585270ad704cf\t\nprotocol_event\tpe:rst:SESSION-547dd5952328fc79\tcount=1, event_type=TCP_RST, session=SESSION-547dd5952328fc79\t\nprotocol_event\tpe:dns:SESSION-e25260d84d1899f3\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-e25260d84d1899f3\t\nprotocol_event\tpe:dns:SESSION-65f53457d50be6fd\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-65f53457d50be6fd\t\nprotocol_event\tpe:rst:SESSION-8db7c39e7c6a0413\tcount=1, event_type=TCP_RST, session=SESSION-8db7c39e7c6a0413\t\nprotocol_event\tpe:dns:SESSION-e3fc51c5a9708a6d\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-e3fc51c5a9708a6d\t\nprotocol_event\tpe:tls:SESSION-17520ab71e811bf1\tevent_type=TLS_SESSION, packet_count=17, session=SESSION-17520ab71e811bf1\t\nprotocol_event\tpe:dns:SESSION-b9cb91009e614d5f\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-b9cb91009e614d5f\t\nprotocol_event\tpe:tls:SESSION-ea4986b0ffcf3593\tevent_type=TLS_SESSION, packet_count=30, session=SESSION-ea4986b0ffcf3593\t\nprotocol_event\tpe:rst:SESSION-9273bd2df9f7c64b\tcount=3, event_type=TCP_RST, session=SESSION-9273bd2df9f7c64b\t\nprotocol_event\tpe:syn:SESSION-54190c4a9018c8b2\tcount=2, event_type=TCP_SYN, session=SESSION-54190c4a9018c8b2\t\nprotocol_event\tpe:dns:SESSION-77c2b91a994d6b29\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-77c2b91a994d6b29\t\nprotocol_event\tpe:syn:SESSION-a6bd6f290a9108c0\tcount=12, event_type=TCP_SYN, session=SESSION-a6bd6f290a9108c0\t\nprotocol_event\tpe:rst:SESSION-79a0413209e2baca\tcount=1, event_type=TCP_RST, session=SESSION-79a0413209e2baca\t\nprotocol_event\tpe:rst:SESSION-60d15048f5022601\tcount=2, event_type=TCP_RST, session=SESSION-60d15048f5022601\t\nprotocol_event\tpe:dns:SESSION-1f294c1fb71330bd\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-1f294c1fb71330bd\t\nprotocol_event\tpe:rst:SESSION-dd0bfa1ac17855c2\tcount=2, event_type=TCP_RST, session=SESSION-dd0bfa1ac17855c2\t\nprotocol_event\tpe:syn:SESSION-e96b201766459115\tcount=2, event_type=TCP_SYN, session=SESSION-e96b201766459115\t\nprotocol_event\tpe:rst:SESSION-cc57470cff674b4d\tcount=1, event_type=TCP_RST, session=SESSION-cc57470cff674b4d\t\nprotocol_event\tpe:tls:SESSION-0f63d360cf143853\tevent_type=TLS_SESSION, packet_count=4, session=SESSION-0f63d360cf143853\t\nprotocol_event\tpe:tls:SESSION-110d1ee95c8ccd23\tevent_type=TLS_SESSION, packet_count=7, session=SESSION-110d1ee95c8ccd23\t\nprotocol_event\tpe:tls:SESSION-88032ac2aa7f41ae\tevent_type=TLS_SESSION, packet_count=4, session=SESSION-88032ac2aa7f41ae\t\nprotocol_event\tpe:dns:SESSION-2aaccea6dccbc46a\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-2aaccea6dccbc46a\t\nprotocol_event\tpe:tls:SESSION-eda5f2c165ee908a\tevent_type=TLS_SESSION, packet_count=18, session=SESSION-eda5f2c165ee908a\t\nprotocol_event\tpe:tls:SESSION-afea5cf8af463adc\tevent_type=TLS_SESSION, packet_count=25, session=SESSION-afea5cf8af463adc\t\nprotocol_event\tpe:syn:SESSION-ee97936cb69b9d13\tcount=2, event_type=TCP_SYN, session=SESSION-ee97936cb69b9d13\t\nprotocol_event\tpe:syn:SESSION-06c2cef68b8aaa66\tcount=2, event_type=TCP_SYN, session=SESSION-06c2cef68b8aaa66\t\nprotocol_event\tpe:dns:SESSION-4473489472864a95\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-4473489472864a95\t\nprotocol_event\tpe:tls:SESSION-6fdf8b8840f3f546\tevent_type=TLS_SESSION, packet_count=2, session=SESSION-6fdf8b8840f3f546\t\nprotocol_event\tpe:rst:SESSION-afea5cf8af463adc\tcount=3, event_type=TCP_RST, session=SESSION-afea5cf8af463adc\t\nprotocol_event\tpe:rst:SESSION-4f726ca0d8d8e058\tcount=1, event_type=TCP_RST, session=SESSION-4f726ca0d8d8e058\t\nprotocol_event\tpe:syn:SESSION-dd0bfa1ac17855c2\tcount=2, event_type=TCP_SYN, session=SESSION-dd0bfa1ac17855c2\t\nprotocol_event\tpe:dns:SESSION-9b63d3522aab6528\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-9b63d3522aab6528\t\nprotocol_event\tpe:rst:SESSION-02436cab82ff2be9\tcount=5, event_type=TCP_RST, session=SESSION-02436cab82ff2be9\t\nprotocol_event\tpe:dns:SESSION-742f34cda3a4e617\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-742f34cda3a4e617\t\nprotocol_event\tpe:dns:SESSION-ed5316eada695a91\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-ed5316eada695a91\t\nprotocol_event\tpe:rst:SESSION-0f1fcc9050279648\tcount=1, event_type=TCP_RST, session=SESSION-0f1fcc9050279648\t\nprotocol_event\tpe:rst:SESSION-bf2258c4de57eec3\tcount=1, event_type=TCP_RST, session=SESSION-bf2258c4de57eec3\t\nprotocol_event\tpe:syn:SESSION-afea5cf8af463adc\tcount=2, event_type=TCP_SYN, session=SESSION-afea5cf8af463adc\t\nprotocol_event\tpe:tls:SESSION-88b7a3fbe4aa9c73\tevent_type=TLS_SESSION, packet_count=11, session=SESSION-88b7a3fbe4aa9c73\t\nprotocol_event\tpe:syn:SESSION-062c72215e61d30f\tcount=14, event_type=TCP_SYN, session=SESSION-062c72215e61d30f\t\nprotocol_event\tpe:syn:SESSION-e0cca33290218eee\tcount=2, event_type=TCP_SYN, session=SESSION-e0cca33290218eee\t\nprotocol_event\tpe:rst:SESSION-d68993c6291186b3\tcount=4, event_type=TCP_RST, session=SESSION-d68993c6291186b3\t\nprotocol_event\tpe:tls:SESSION-3edcaa2f576ed9ad\tevent_type=TLS_SESSION, packet_count=15, session=SESSION-3edcaa2f576ed9ad\t\nprotocol_event\tpe:rst:SESSION-1ae5761b52438ad8\tcount=2, event_type=TCP_RST, session=SESSION-1ae5761b52438ad8\t\nprotocol_event\tpe:rst:SESSION-f4f04d9d25e66b28\tcount=1, event_type=TCP_RST, session=SESSION-f4f04d9d25e66b28\t\nprotocol_event\tpe:tls:SESSION-d4b585270ad704cf\tevent_type=TLS_SESSION, packet_count=7, session=SESSION-d4b585270ad704cf\t\nprotocol_event\tpe:syn:SESSION-7549dce926e94eea\tcount=2, event_type=TCP_SYN, session=SESSION-7549dce926e94eea\t\nprotocol_event\tpe:syn:SESSION-3657adb5f65190d3\tcount=2, event_type=TCP_SYN, session=SESSION-3657adb5f65190d3\t\nprotocol_event\tpe:syn:SESSION-308a7d658a499624\tcount=6, event_type=TCP_SYN, session=SESSION-308a7d658a499624\t\nprotocol_event\tpe:rst:SESSION-51e53ba41d3daf57\tcount=4, event_type=TCP_RST, session=SESSION-51e53ba41d3daf57\t\nprotocol_event\tpe:tls:SESSION-d05fb923cf4a0ee4\tevent_type=TLS_SESSION, packet_count=8, session=SESSION-d05fb923cf4a0ee4\t\nprotocol_event\tpe:syn:SESSION-60d15048f5022601\tcount=2, event_type=TCP_SYN, session=SESSION-60d15048f5022601\t\nprotocol_event\tpe:dns:SESSION-c495d9e5ab9acfbc\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-c495d9e5ab9acfbc\t\nprotocol_event\tpe:tls:SESSION-51d7b5d9b2653285\tevent_type=TLS_SESSION, packet_count=14, session=SESSION-51d7b5d9b2653285\t\nprotocol_event\tpe:syn:SESSION-19756d4907ce3f22\tcount=2, event_type=TCP_SYN, session=SESSION-19756d4907ce3f22\t\nprotocol_event\tpe:rst:SESSION-d4b585270ad704cf\tcount=3, event_type=TCP_RST, session=SESSION-d4b585270ad704cf\t\nprotocol_event\tpe:syn:SESSION-a0b2525ee823a3ef\tcount=2, event_type=TCP_SYN, session=SESSION-a0b2525ee823a3ef\t\nprotocol_event\tpe:syn:SESSION-b45740c93fb46f4f\tcount=1, event_type=TCP_SYN, session=SESSION-b45740c93fb46f4f\t\nprotocol_event\tpe:tls:SESSION-8e6dba6c98daea8c\tevent_type=TLS_SESSION, packet_count=15, session=SESSION-8e6dba6c98daea8c\t\nprotocol_event\tpe:rst:SESSION-e96b201766459115\tcount=3, event_type=TCP_RST, session=SESSION-e96b201766459115\t\nprotocol_event\tpe:dns:SESSION-e7ce4665dfa45d3c\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-e7ce4665dfa45d3c\t\nprotocol_event\tpe:dns:SESSION-abc73843613ec20b\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-abc73843613ec20b\t\nprotocol_event\tpe:tls:SESSION-0f1fcc9050279648\tevent_type=TLS_SESSION, packet_count=10, session=SESSION-0f1fcc9050279648\t\nprotocol_event\tpe:syn:SESSION-e123b6403f799b1d\tcount=2, event_type=TCP_SYN, session=SESSION-e123b6403f799b1d\t\nprotocol_event\tpe:tls:SESSION-7f858f15c17e12f2\tevent_type=TLS_SESSION, packet_count=3, session=SESSION-7f858f15c17e12f2\t\nprotocol_event\tpe:tls:SESSION-c0f54da92702e4ac\tevent_type=TLS_SESSION, packet_count=7, session=SESSION-c0f54da92702e4ac\t\nprotocol_event\tpe:tls:SESSION-e0cca33290218eee\tevent_type=TLS_SESSION, packet_count=46, session=SESSION-e0cca33290218eee\t\nprotocol_event\tpe:tls:SESSION-d68993c6291186b3\tevent_type=TLS_SESSION, packet_count=10, session=SESSION-d68993c6291186b3\t\nprotocol_event\tpe:dns:SESSION-8321b4fe85ec7c76\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-8321b4fe85ec7c76\t\nprotocol_event\tpe:syn:SESSION-8db7c39e7c6a0413\tcount=2, event_type=TCP_SYN, session=SESSION-8db7c39e7c6a0413\t\nprotocol_event\tpe:dns:SESSION-537b4787a5d32b32\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-537b4787a5d32b32\t\nprotocol_event\tpe:tls:SESSION-8db7c39e7c6a0413\tevent_type=TLS_SESSION, packet_count=3, session=SESSION-8db7c39e7c6a0413\t\nprotocol_event\tpe:rst:SESSION-ee97936cb69b9d13\tcount=2, event_type=TCP_RST, session=SESSION-ee97936cb69b9d13\t\nprotocol_event\tpe:syn:SESSION-34a7e03bf798caf5\tcount=2, event_type=TCP_SYN, session=SESSION-34a7e03bf798caf5\t\nprotocol_event\tpe:syn:SESSION-fa3c66e6c8c7cc27\tcount=2, event_type=TCP_SYN, session=SESSION-fa3c66e6c8c7cc27\t\nprotocol_event\tpe:tls:SESSION-19756d4907ce3f22\tevent_type=TLS_SESSION, packet_count=50, session=SESSION-19756d4907ce3f22\t\nprotocol_event\tpe:dns:SESSION-eeb1578b9cc87ce2\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-eeb1578b9cc87ce2\t\nprotocol_event\tpe:tls:SESSION-b868bf37bed38f15\tevent_type=TLS_SESSION, packet_count=7, session=SESSION-b868bf37bed38f15\t\nprotocol_event\tpe:rst:SESSION-4305e5b024f7a223\tcount=1, event_type=TCP_RST, session=SESSION-4305e5b024f7a223\t\nprotocol_event\tpe:dns:SESSION-4f93282fb27f899d\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-4f93282fb27f899d\t\nprotocol_event\tpe:tls:SESSION-28215304c7f8ba86\tevent_type=TLS_SESSION, packet_count=2, session=SESSION-28215304c7f8ba86\t\nprotocol_event\tpe:dns:SESSION-49abda6ad4a45bbb\tevent_type=DNS_EXCHANGE, query_count=2, session=SESSION-49abda6ad4a45bbb\t\nservice\tsvc:dns\tname=dns\t\nservice\tsvc:ssh\tname=ssh\t\nservice\tsvc:https\tname=https\t\nsession\tSESSION-f57befbbc9509b01\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,050,801.249, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=35,995, start_time=1,778,050,801.248, tcp_flags=, time_bucket=1,778,050,800, total_bytes=282, window_sec=30\t\nsession\tSESSION-1b2f39e4e24dfa1e\tdst_ip=172.234.197.23, dst_port=22, duration_sec=0.11, end_time=1,778,050,852.491, expected_protocol=ssh, packet_count=11, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=74.82.47.3, src_port=9,608, start_time=1,778,050,852.379, tcp_flags=R,S,F,A,P, time_bucket=1,778,050,830, total_bytes=857, window_sec=30\t\nsession\tSESSION-ddee689ce64bb7f1\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,058,020.467, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=57,911, start_time=1,778,058,020.466, tcp_flags=, time_bucket=1,778,058,000, total_bytes=282, window_sec=30\t\nsession\tSESSION-79b2777978dd27ca\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,058,001.806, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=39,201, start_time=1,778,058,001.804, tcp_flags=, time_bucket=1,778,058,000, total_bytes=282, window_sec=30\t\nsession\tSESSION-613308d4fce0daf0\tdst_ip=172.234.197.23, duration_sec=0, end_time=1,778,065,216.942, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=5.181.20.206, start_time=1,778,065,216.942, tcp_flags=, time_bucket=1,778,065,200, total_bytes=100, window_sec=30\t\nsession\tSESSION-afea5cf8af463adc\tdst_ip=172.234.197.23, dst_port=443, duration_sec=0.2, end_time=1,778,036,406.53, expected_protocol=https, packet_count=25, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=34.197.28.78, src_port=23,687, start_time=1,778,036,406.325, tcp_flags=R,S,F,A,P, time_bucket=1,778,036,400, total_bytes=8,622, window_sec=30\t\nsession\tSESSION-9921af6a5702b3bf\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,040,001.616, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=38,469, start_time=1,778,040,001.612, tcp_flags=, time_bucket=1,778,040,000, total_bytes=282, window_sec=30\t\nsession\tSESSION-45458b9765283300\tdst_ip=172.234.197.23, dst_port=443, duration_sec=0.19, end_time=1,778,058,033.359, expected_protocol=https, packet_count=21, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=74.7.243.19, src_port=38,888, start_time=1,778,058,033.173, tcp_flags=A,S,P, time_bucket=1,778,058,030, total_bytes=6,394, window_sec=30\t\nsession\tSESSION-f4f04d9d25e66b28\tdst_ip=92.118.39.195, dst_port=9,360, duration_sec=0.13, end_time=1,778,065,206.345, expected_protocol=unregistered:9360, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,778,065,206.22, tcp_flags=A,F,R, time_bucket=1,778,065,200, total_bytes=120, window_sec=30\t\nsession\tSESSION-4b726f82be41475c\tdst_ip=172.234.197.23, duration_sec=0, end_time=1,778,054,408.098, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=103.155.16.117, start_time=1,778,054,408.098, tcp_flags=, time_bucket=1,778,054,400, total_bytes=84, window_sec=30\t\nsession\tSESSION-ea4986b0ffcf3593\tdst_ip=172.234.197.23, dst_port=443, duration_sec=0.15, end_time=1,778,058,031.05, expected_protocol=https, packet_count=30, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=74.7.243.62, src_port=38,704, start_time=1,778,058,030.901, tcp_flags=A,P, time_bucket=1,778,058,030, total_bytes=23,475, window_sec=30\t\nsession\tSESSION-f29056eb8e4d0543\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,058,001.807, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=57,077, start_time=1,778,058,001.806, tcp_flags=, time_bucket=1,778,058,000, total_bytes=313, window_sec=30\t\nsession\tSESSION-ed10882d03a99e9f\tdst_ip=45.227.254.170, duration_sec=20.81, end_time=1,778,047,257.145, expected_protocol=unregistered:0, packet_count=8, proto=ICMP, protocol_anomaly_score=0.4, protocol_violations=constant_size_c2, protocols=ICMP, src_ip=172.234.197.23, start_time=1,778,047,236.332, tcp_flags=, time_bucket=1,778,047,230, total_bytes=668, window_sec=30\t\nsession\tSESSION-003788b015d527cd\tdst_ip=45.156.87.254, duration_sec=23.65, end_time=1,778,076,025.912, expected_protocol=unregistered:0, packet_count=6, proto=ICMP, protocol_anomaly_score=0.4, protocol_violations=constant_size_c2, protocols=ICMP, src_ip=172.234.197.23, start_time=1,778,076,002.259, tcp_flags=, time_bucket=1,778,076,000, total_bytes=612, window_sec=30\t\nsession\tSESSION-28215304c7f8ba86\tdst_ip=172.234.197.23, dst_port=443, duration_sec=0, end_time=1,778,058,056.145, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=74.7.242.172, src_port=45,794, start_time=1,778,058,056.145, tcp_flags=A, time_bucket=1,778,058,030, total_bytes=132, window_sec=30\t\nsession\tSESSION-0086120f9ffcd7cf\tdst_ip=192.119.111.204, dst_port=60,604, duration_sec=19.97, end_time=1,778,072,452.552, expected_protocol=unregistered:60604, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=443, start_time=1,778,072,432.584, tcp_flags=A,F, time_bucket=1,778,072,430, total_bytes=132, window_sec=30\t\nsession\tSESSION-868e23b316c7b0f8\tdst_ip=107.189.27.59, dst_port=57,742, duration_sec=21.44, end_time=1,778,072,451.528, expected_protocol=unregistered:57742, packet_count=5, proto=TCP, protocol_anomaly_score=0.4, protocol_violations=constant_size_c2, protocols=TCP, src_ip=172.234.197.23, src_port=443, start_time=1,778,072,430.088, tcp_flags=A,F, time_bucket=1,778,072,430, total_bytes=330, window_sec=30\t\nsession\tSESSION-64839ebd252cff52\tdst_ip=45.156.87.254, duration_sec=28.42, end_time=1,778,076,058.851, expected_protocol=unregistered:0, packet_count=7, proto=ICMP, protocol_anomaly_score=0.4, protocol_violations=constant_size_c2, protocols=ICMP, src_ip=172.234.197.23, start_time=1,778,076,030.435, tcp_flags=, time_bucket=1,778,076,030, total_bytes=714, window_sec=30\t\nsession\tSESSION-de4dfe84e12d6d3a\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,043,601.461, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=45,647, start_time=1,778,043,601.459, tcp_flags=, time_bucket=1,778,043,600, total_bytes=313, window_sec=30\t\nsession\tSESSION-9931d5e5bc996b57\tdst_ip=195.123.246.80, dst_port=50,746, duration_sec=22.29, end_time=1,778,072,452.552, expected_protocol=unregistered:50746, packet_count=8, proto=TCP, protocol_anomaly_score=0.4, protocol_violations=constant_size_c2, protocols=TCP, src_ip=172.234.197.23, src_port=443, start_time=1,778,072,430.265, tcp_flags=A,F, time_bucket=1,778,072,430, total_bytes=528, window_sec=30\t\nsession\tSESSION-395abcc328361cc1\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,047,201.195, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=36,192, start_time=1,778,047,201.194, tcp_flags=, time_bucket=1,778,047,200, total_bytes=313, window_sec=30\t\nsession\tSESSION-b9b9c8c14f596810\tdst_ip=172.234.197.23, dst_port=443, duration_sec=10.61, end_time=1,778,043,623.153, expected_protocol=https, packet_count=15, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=89.190.156.78, src_port=50,714, start_time=1,778,043,612.546, tcp_flags=A,S,P, time_bucket=1,778,043,600, total_bytes=5,714, window_sec=30\t\nsession\tSESSION-d92c82faf3e575a2\tdst_ip=172.234.197.23, duration_sec=0, end_time=1,778,032,808.007, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=103.155.16.117, start_time=1,778,032,808.007, tcp_flags=, time_bucket=1,778,032,800, total_bytes=84, window_sec=30\t\nsession\tSESSION-acef8d31e86c7acd\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,072,401.934, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=50,825, start_time=1,778,072,401.934, tcp_flags=, time_bucket=1,778,072,400, total_bytes=282, window_sec=30\t\nsession\tSESSION-110d1ee95c8ccd23\tdst_ip=104.194.149.41, dst_port=58,020, duration_sec=9.99, end_time=1,778,072,456.648, expected_protocol=unregistered:58020, packet_count=7, proto=TCP, protocol_anomaly_score=0.4, protocol_violations=constant_size_c2, protocols=TCP, src_ip=172.234.197.23, src_port=443, start_time=1,778,072,446.656, tcp_flags=A,F, time_bucket=1,778,072,430, total_bytes=462, window_sec=30\t\nsession\tSESSION-d68993c6291186b3\tdst_ip=172.234.197.23, dst_port=443, duration_sec=6.62, end_time=1,778,040,018.039, expected_protocol=https, packet_count=10, proto=TCP, protocol_anomaly_score=0.75, protocol_violations=missing_tls,constant_size_c2, protocols=TCP, src_ip=45.33.109.10, src_port=46,494, start_time=1,778,040,011.422, tcp_flags=A,S,P,R, time_bucket=1,778,040,000, total_bytes=552, window_sec=30\t\nsession\tSESSION-97e750ad2d476b32\tdst_ip=172.234.197.23, duration_sec=0, end_time=1,778,040,008.404, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=103.155.16.117, start_time=1,778,040,008.404, tcp_flags=, time_bucket=1,778,040,000, total_bytes=84, window_sec=30\t\nsession\tSESSION-6fdf8b8840f3f546\tdst_ip=5.34.178.101, dst_port=52,976, duration_sec=15.36, end_time=1,778,072,451.528, expected_protocol=unregistered:52976, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=443, start_time=1,778,072,436.168, tcp_flags=A,F, time_bucket=1,778,072,430, total_bytes=132, window_sec=30\t\nsession\tSESSION-3bdf02dba5935e9e\tdst_ip=172.234.197.23, duration_sec=0, end_time=1,778,040,018.141, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=183.202.141.98, start_time=1,778,040,018.141, tcp_flags=, time_bucket=1,778,040,000, total_bytes=148, window_sec=30\t\nsession\tSESSION-a13a17be1b938278\tdst_ip=104.194.145.47, dst_port=58,327, duration_sec=19.46, end_time=1,778,072,456.136, expected_protocol=unregistered:58327, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=443, start_time=1,778,072,436.68, tcp_flags=A,F, time_bucket=1,778,072,430, total_bytes=132, window_sec=30\t\nsession\tSESSION-c79e5eebc4868479\tdst_ip=172.234.197.23, duration_sec=0, end_time=1,778,068,809.592, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=103.155.16.117, start_time=1,778,068,809.592, tcp_flags=, time_bucket=1,778,068,800, total_bytes=84, window_sec=30\t\nsession\tSESSION-9bfef0c13717a796\tdst_ip=45.61.133.121, dst_port=63,631, duration_sec=16.38, end_time=1,778,072,453.064, expected_protocol=unregistered:63631, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=443, start_time=1,778,072,436.68, tcp_flags=A,F, time_bucket=1,778,072,430, total_bytes=132, window_sec=30\t\nsession\tSESSION-51d7f2698b47beca\tdst_ip=172.234.197.23, duration_sec=0, end_time=1,778,032,820.285, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=18.153.49.6, start_time=1,778,032,820.285, tcp_flags=, time_bucket=1,778,032,800, total_bytes=164, window_sec=30\t\nsession\tSESSION-a6bd6f290a9108c0\tdst_ip=172.234.197.23, dst_port=23, duration_sec=20.65, end_time=1,778,068,828.825, expected_protocol=telnet, packet_count=12, proto=TCP, protocol_anomaly_score=1, protocol_violations=constant_size_c2,tcp_syn_only,risk_port, protocols=TCP, src_ip=91.204.208.35, src_port=23,166, start_time=1,778,068,808.173, tcp_flags=S, time_bucket=1,778,068,800, total_bytes=648, window_sec=30\t\nsession\tSESSION-e0cca33290218eee\tdst_ip=172.234.197.23, dst_port=443, duration_sec=0.3, end_time=1,778,058,020.058, expected_protocol=https, packet_count=46, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=74.7.243.62, src_port=38,704, start_time=1,778,058,019.762, tcp_flags=A,S,P, time_bucket=1,778,058,000, total_bytes=30,151, window_sec=30\t\nsession\tSESSION-e9d6c100dac5ff40\tdst_ip=213.209.159.56, duration_sec=7.24, end_time=1,778,040,043.598, expected_protocol=unregistered:0, packet_count=11, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=172.234.197.23, start_time=1,778,040,036.359, tcp_flags=, time_bucket=1,778,040,030, total_bytes=1,486, window_sec=30\t\nsession\tSESSION-537b4787a5d32b32\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,058,019.992, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=37,724, start_time=1,778,058,019.992, tcp_flags=, time_bucket=1,778,058,000, total_bytes=282, window_sec=30\t\nsession\tSESSION-ec3a8cbc58b1e5f2\tdst_ip=172.234.197.23, dst_port=443, duration_sec=4.47, end_time=1,778,058,019.477, expected_protocol=https, packet_count=28, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=74.7.175.174, src_port=36,836, start_time=1,778,058,015.012, tcp_flags=A,S,P,F, time_bucket=1,778,058,000, total_bytes=5,733, window_sec=30\t\nsession\tSESSION-c041b784113284dc\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0.01, end_time=1,778,054,402.092, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=37,745, start_time=1,778,054,402.086, tcp_flags=, time_bucket=1,778,054,400, total_bytes=282, window_sec=30\t\nsession\tSESSION-4f93282fb27f899d\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,032,802.03, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=45,984, start_time=1,778,032,802.03, tcp_flags=, time_bucket=1,778,032,800, total_bytes=282, window_sec=30\t\nsession\tSESSION-77c2b91a994d6b29\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,058,020.468, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=55,416, start_time=1,778,058,020.468, tcp_flags=, time_bucket=1,778,058,000, total_bytes=282, window_sec=30\t\nsession\tSESSION-65f53457d50be6fd\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0.01, end_time=1,778,040,001.622, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=33,889, start_time=1,778,040,001.617, tcp_flags=, time_bucket=1,778,040,000, total_bytes=313, window_sec=30\t\nsession\tSESSION-8e6dba6c98daea8c\tdst_ip=172.234.197.23, dst_port=443, duration_sec=10.51, end_time=1,778,043,623.152, expected_protocol=https, packet_count=15, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=89.190.156.78, src_port=50,722, start_time=1,778,043,612.643, tcp_flags=A,S,P, time_bucket=1,778,043,600, total_bytes=5,753, window_sec=30\t\nsession\tSESSION-a0b2525ee823a3ef\tdst_ip=172.234.197.23, dst_port=22, duration_sec=6.77, end_time=1,778,040,026.177, expected_protocol=ssh, packet_count=23, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=213.209.159.56, src_port=18,739, start_time=1,778,040,019.402, tcp_flags=E,C,S,A,P, time_bucket=1,778,040,000, total_bytes=5,100, window_sec=30\t\nsession\tSESSION-ee97936cb69b9d13\tdst_ip=172.234.197.23, dst_port=443, duration_sec=0.43, end_time=1,778,047,202.195, expected_protocol=https, packet_count=21, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=46.151.178.13, src_port=51,756, start_time=1,778,047,201.761, tcp_flags=R,S,F,A,P, time_bucket=1,778,047,200, total_bytes=4,810, window_sec=30\t\nsession\tSESSION-5012aad9b09bf0eb\tdst_ip=172.234.197.23, dst_port=443, duration_sec=0, end_time=1,778,058,059.004, expected_protocol=https, packet_count=2, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=74.7.242.149, src_port=42,160, start_time=1,778,058,059.004, tcp_flags=A, time_bucket=1,778,058,030, total_bytes=132, window_sec=30\t\nsession\tSESSION-34a7e03bf798caf5\tdst_ip=172.234.197.23, dst_port=22, duration_sec=0.2, end_time=1,778,054,447.257, expected_protocol=ssh, packet_count=4, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=180.167.128.203, src_port=44,001, start_time=1,778,054,447.054, tcp_flags=A,S,R, time_bucket=1,778,054,430, total_bytes=228, window_sec=30\t\nsession\tSESSION-3657adb5f65190d3\tdst_ip=172.234.197.23, dst_port=23, duration_sec=1, end_time=1,778,032,805.595, expected_protocol=telnet, packet_count=2, proto=TCP, protocol_anomaly_score=0.75, protocol_violations=tcp_syn_only,risk_port, protocols=TCP, src_ip=45.178.249.135, src_port=17,832, start_time=1,778,032,804.599, tcp_flags=S, time_bucket=1,778,032,800, total_bytes=148, window_sec=30\t\nsession\tSESSION-abc73843613ec20b\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,054,402.094, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=42,387, start_time=1,778,054,402.093, tcp_flags=, time_bucket=1,778,054,400, total_bytes=313, window_sec=30\t\nsession\tSESSION-88032ac2aa7f41ae\tdst_ip=172.234.197.23, dst_port=443, duration_sec=15.36, end_time=1,778,043,653.873, expected_protocol=https, packet_count=4, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=89.190.156.78, src_port=50,730, start_time=1,778,043,638.514, tcp_flags=A, time_bucket=1,778,043,630, total_bytes=264, window_sec=30\t\nsession\tSESSION-cb177f6b8a87aae0\tdst_ip=172.234.197.23, dst_port=8,088, duration_sec=1.02, end_time=1,778,061,647.871, expected_protocol=unregistered:8088, packet_count=2, proto=TCP, protocol_anomaly_score=0.3, protocol_violations=tcp_syn_only, protocols=TCP, src_ip=148.72.247.49, src_port=53,994, start_time=1,778,061,646.849, tcp_flags=S, time_bucket=1,778,061,630, total_bytes=148, window_sec=30\t\nsession\tSESSION-48b1abbe41658d68\tdst_ip=195.211.96.85, dst_port=54,624, duration_sec=16.47, end_time=1,778,072,423.368, expected_protocol=unregistered:54624, packet_count=8, proto=TCP, protocol_anomaly_score=0.4, protocol_violations=constant_size_c2, protocols=TCP, src_ip=172.234.197.23, src_port=443, start_time=1,778,072,406.898, tcp_flags=A,F, time_bucket=1,778,072,400, total_bytes=528, window_sec=30\t\nsession\tSESSION-e123b6403f799b1d\tdst_ip=172.234.197.23, dst_port=443, duration_sec=11.01, end_time=1,778,040,023.985, expected_protocol=https, packet_count=41, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=40.77.167.70, src_port=27,734, start_time=1,778,040,012.973, tcp_flags=A,S,P,F, time_bucket=1,778,040,000, total_bytes=24,439, window_sec=30\t\nsession\tSESSION-b45740c93fb46f4f\tdst_ip=172.234.197.23, dst_port=10,004, duration_sec=0, end_time=1,778,072,432.699, expected_protocol=unregistered:10004, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=170.187.163.133, src_port=47,886, start_time=1,778,072,432.698, tcp_flags=A,S,R, time_bucket=1,778,072,430, total_bytes=112, window_sec=30\t\nsession\tSESSION-48df9718fdcf0dd4\tdst_ip=70.54.182.130, dst_port=48,929, duration_sec=0.02, end_time=1,778,040,018.64, expected_protocol=unregistered:48929, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,778,040,018.621, tcp_flags=A,F, time_bucket=1,778,040,000, total_bytes=132, window_sec=30\t\nsession\tSESSION-19756d4907ce3f22\tdst_ip=172.234.197.23, dst_port=443, duration_sec=0.56, end_time=1,778,054,429.964, expected_protocol=https, packet_count=50, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=172.236.228.38, src_port=29,774, start_time=1,778,054,429.404, tcp_flags=A,S,P,F, time_bucket=1,778,054,400, total_bytes=43,875, window_sec=30\t\nsession\tSESSION-1f294c1fb71330bd\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0.01, end_time=1,778,065,201.389, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=49,846, start_time=1,778,065,201.38, tcp_flags=, time_bucket=1,778,065,200, total_bytes=282, window_sec=30\t\nsession\tSESSION-9273bd2df9f7c64b\tdst_ip=172.234.197.23, dst_port=443, duration_sec=0.64, end_time=1,778,036,458.749, expected_protocol=https, packet_count=33, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=3.223.134.5, src_port=20,435, start_time=1,778,036,458.105, tcp_flags=R,S,F,A,P, time_bucket=1,778,036,430, total_bytes=11,765, window_sec=30\t\nsession\tSESSION-f0b8de3575b1c3f3\tdst_ip=45.227.254.170, dst_port=40,232, duration_sec=25.14, end_time=1,778,047,257.145, expected_protocol=unregistered:40232, packet_count=19, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,778,047,232.005, tcp_flags=A,P,R, time_bucket=1,778,047,230, total_bytes=1,714, window_sec=30\t\nsession\tSESSION-4390daf7eeef0d52\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,047,257.36, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=52,695, start_time=1,778,047,257.36, tcp_flags=, time_bucket=1,778,047,230, total_bytes=282, window_sec=30\t\nsession\tSESSION-90d6ffa3c7df5be4\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,047,201.194, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=36,777, start_time=1,778,047,201.193, tcp_flags=, time_bucket=1,778,047,200, total_bytes=282, window_sec=30\t\nsession\tSESSION-54190c4a9018c8b2\tdst_ip=172.234.197.23, dst_port=443, duration_sec=0.17, end_time=1,778,058,028.659, expected_protocol=https, packet_count=26, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=74.7.242.149, src_port=42,160, start_time=1,778,058,028.488, tcp_flags=A,S,P, time_bucket=1,778,058,000, total_bytes=8,773, window_sec=30\t\nsession\tSESSION-7a22528435ec40e3\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,065,201.393, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=45,434, start_time=1,778,065,201.39, tcp_flags=, time_bucket=1,778,065,200, total_bytes=313, window_sec=30\t\nsession\tSESSION-8f6eea3c975ecf64\tdst_ip=172.234.197.23, dst_port=443, duration_sec=0.19, end_time=1,778,058,025.934, expected_protocol=https, packet_count=24, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=74.7.242.172, src_port=45,794, start_time=1,778,058,025.748, tcp_flags=A,S,P, time_bucket=1,778,058,000, total_bytes=8,452, window_sec=30\t\nsession\tSESSION-b9cb91009e614d5f\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,068,801.109, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=48,937, start_time=1,778,068,801.108, tcp_flags=, time_bucket=1,778,068,800, total_bytes=313, window_sec=30\t\nsession\tSESSION-7549dce926e94eea\tdst_ip=172.234.197.23, dst_port=443, duration_sec=10.41, end_time=1,778,043,623.352, expected_protocol=https, packet_count=15, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=89.190.156.78, src_port=50,730, start_time=1,778,043,612.947, tcp_flags=A,S,P, time_bucket=1,778,043,600, total_bytes=5,849, window_sec=30\t\nsession\tSESSION-49abda6ad4a45bbb\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,072,401.937, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=38,675, start_time=1,778,072,401.935, tcp_flags=, time_bucket=1,778,072,400, total_bytes=313, window_sec=30\t\nsession\tSESSION-51d7b5d9b2653285\tdst_ip=172.234.197.23, dst_port=443, duration_sec=8.19, end_time=1,778,072,428.232, expected_protocol=https, packet_count=14, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=45.61.133.121, src_port=63,631, start_time=1,778,072,420.038, tcp_flags=A,S,P,F, time_bucket=1,778,072,400, total_bytes=1,282, window_sec=30\t\nsession\tSESSION-386b135d546c92f7\tdst_ip=172.234.197.23, dst_port=23, duration_sec=1.05, end_time=1,778,065,211.349, expected_protocol=telnet, packet_count=2, proto=TCP, protocol_anomaly_score=0.75, protocol_violations=tcp_syn_only,risk_port, protocols=TCP, src_ip=103.81.111.187, src_port=42,442, start_time=1,778,065,210.297, tcp_flags=S, time_bucket=1,778,065,200, total_bytes=148, window_sec=30\t\nsession\tSESSION-0ee78febbe613cbe\tdst_ip=172.234.197.23, duration_sec=0, end_time=1,778,047,207.997, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=103.155.16.117, start_time=1,778,047,207.997, tcp_flags=, time_bucket=1,778,047,200, total_bytes=84, window_sec=30\t\nsession\tSESSION-d65a73ebc3ea4bbf\tdst_ip=2.57.122.193, duration_sec=5.54, end_time=1,778,050,855.819, expected_protocol=unregistered:0, packet_count=6, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=172.234.197.23, start_time=1,778,050,850.277, tcp_flags=, time_bucket=1,778,050,830, total_bytes=504, window_sec=30\t\nsession\tSESSION-60c9f814ed617fcc\tdst_ip=172.234.197.23, dst_port=22, duration_sec=19.8, end_time=1,778,036,424.608, expected_protocol=ssh, packet_count=36, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=45.148.10.157, src_port=10,274, start_time=1,778,036,404.809, tcp_flags=A,S,P,R, time_bucket=1,778,036,400, total_bytes=6,406, window_sec=30\t\nsession\tSESSION-e06fb47105f2ac43\tdst_ip=172.234.197.23, duration_sec=0, end_time=1,778,076,008.203, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=103.155.16.117, start_time=1,778,076,008.202, tcp_flags=, time_bucket=1,778,076,000, total_bytes=84, window_sec=30\t\nsession\tSESSION-03da2e7ddf212c4e\tdst_ip=172.234.197.23, duration_sec=0, end_time=1,778,076,004.906, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=103.25.56.113, start_time=1,778,076,004.906, tcp_flags=, time_bucket=1,778,076,000, total_bytes=100, window_sec=30\t\nsession\tSESSION-64cf3cf6299680da\tdst_ip=92.118.39.23, dst_port=26,966, duration_sec=0.13, end_time=1,778,040,056.392, expected_protocol=unregistered:26966, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,778,040,056.264, tcp_flags=A,P,R, time_bucket=1,778,040,030, total_bytes=172, window_sec=30\t\nsession\tSESSION-56800f0e4776fb43\tdst_ip=172.234.197.23, duration_sec=0, end_time=1,778,076,028.676, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=51.224.22.45, start_time=1,778,076,028.676, tcp_flags=, time_bucket=1,778,076,000, total_bytes=164, window_sec=30\t\nsession\tSESSION-183409131ad9123b\tdst_ip=172.234.197.23, duration_sec=0, end_time=1,778,068,835.922, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=124.129.100.19, start_time=1,778,068,835.921, tcp_flags=, time_bucket=1,778,068,830, total_bytes=148, window_sec=30\t\nsession\tSESSION-464991c3566dab39\tdst_ip=172.234.197.23, duration_sec=0, end_time=1,778,032,809.665, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=63.179.136.145, start_time=1,778,032,809.665, tcp_flags=, time_bucket=1,778,032,800, total_bytes=164, window_sec=30\t\nsession\tSESSION-742f34cda3a4e617\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,054,429.875, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=40,198, start_time=1,778,054,429.875, tcp_flags=, time_bucket=1,778,054,400, total_bytes=282, window_sec=30\t\nsession\tSESSION-547dd5952328fc79\tdst_ip=211.251.245.88, dst_port=41,574, duration_sec=0.18, end_time=1,778,072,458.417, expected_protocol=unregistered:41574, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,778,072,458.235, tcp_flags=A,F,R, time_bucket=1,778,072,430, total_bytes=120, window_sec=30\t\nsession\tSESSION-bae5bc563a407479\tdst_ip=2.57.122.196, duration_sec=2.8, end_time=1,778,065,228.616, expected_protocol=unregistered:0, packet_count=5, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=172.234.197.23, start_time=1,778,065,225.817, tcp_flags=, time_bucket=1,778,065,200, total_bytes=422, window_sec=30\t\nsession\tSESSION-2caeb7e5334aa4ca\tdst_ip=172.234.197.23, dst_port=22, duration_sec=0.19, end_time=1,778,065,260.276, expected_protocol=ssh, packet_count=3, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=106.107.248.155, src_port=45,002, start_time=1,778,065,260.091, tcp_flags=A,F, time_bucket=1,778,065,260, total_bytes=198, window_sec=30\t\nsession\tSESSION-e96b201766459115\tdst_ip=172.234.197.23, dst_port=443, duration_sec=6.06, end_time=1,778,040,028.3, expected_protocol=https, packet_count=7, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=45.33.109.10, src_port=46,495, start_time=1,778,040,022.239, tcp_flags=A,S,P,R, time_bucket=1,778,040,000, total_bytes=456, window_sec=30\t\nsession\tSESSION-f52f57c02498535b\tdst_ip=104.194.145.47, dst_port=58,327, duration_sec=10.05, end_time=1,778,072,426.952, expected_protocol=unregistered:58327, packet_count=7, proto=TCP, protocol_anomaly_score=0.4, protocol_violations=constant_size_c2, protocols=TCP, src_ip=172.234.197.23, src_port=443, start_time=1,778,072,416.906, tcp_flags=A,F, time_bucket=1,778,072,400, total_bytes=462, window_sec=30\t\nsession\tSESSION-8db7c39e7c6a0413\tdst_ip=172.234.197.23, dst_port=443, duration_sec=0.1, end_time=1,778,047,201.651, expected_protocol=https, packet_count=3, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=46.151.178.13, src_port=60,544, start_time=1,778,047,201.554, tcp_flags=A,S,R, time_bucket=1,778,047,200, total_bytes=166, window_sec=30\t\nsession\tSESSION-441a69db47f1f67e\tdst_ip=172.234.197.23, dst_port=22, duration_sec=3.2, end_time=1,778,065,259.904, expected_protocol=ssh, packet_count=22, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=106.107.248.155, src_port=45,002, start_time=1,778,065,256.704, tcp_flags=A,S,P, time_bucket=1,778,065,230, total_bytes=4,775, window_sec=30\t\nsession\tSESSION-4473489472864a95\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,058,020.469, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=53,641, start_time=1,778,058,020.468, tcp_flags=, time_bucket=1,778,058,000, total_bytes=313, window_sec=30\t\nsession\tSESSION-06c2cef68b8aaa66\tdst_ip=172.234.197.23, dst_port=22, duration_sec=23.63, end_time=1,778,050,855.819, expected_protocol=ssh, packet_count=48, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=2.57.122.193, src_port=42,644, start_time=1,778,050,832.191, tcp_flags=A,S,P,R, time_bucket=1,778,050,830, total_bytes=7,406, window_sec=30\t\nsession\tSESSION-7f858f15c17e12f2\tdst_ip=107.189.27.59, dst_port=57,742, duration_sec=0.7, end_time=1,778,072,429.344, expected_protocol=unregistered:57742, packet_count=3, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=443, start_time=1,778,072,428.64, tcp_flags=A,F, time_bucket=1,778,072,400, total_bytes=198, window_sec=30\t\nsession\tSESSION-54b06c4ee1c885b8\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0.04, end_time=1,778,047,257.513, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=33,256, start_time=1,778,047,257.468, tcp_flags=, time_bucket=1,778,047,230, total_bytes=204, window_sec=30\t\nsession\tSESSION-93717221407cc62b\tdst_ip=2.57.122.196, dst_port=3,392, duration_sec=17.09, end_time=1,778,065,248.328, expected_protocol=unregistered:3392, packet_count=5, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,778,065,231.24, tcp_flags=A,P,R, time_bucket=1,778,065,230, total_bytes=462, window_sec=30\t\nsession\tSESSION-8f55e302ff5e6c0d\tdst_ip=172.234.197.23, duration_sec=0, end_time=1,778,076,032.072, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=51.224.145.102, start_time=1,778,076,032.072, tcp_flags=, time_bucket=1,778,076,030, total_bytes=164, window_sec=30\t\nsession\tSESSION-51e53ba41d3daf57\tdst_ip=172.234.197.23, dst_port=443, duration_sec=0.28, end_time=1,778,072,457.044, expected_protocol=https, packet_count=15, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=185.247.137.6, src_port=56,131, start_time=1,778,072,456.768, tcp_flags=R,S,F,A,P, time_bucket=1,778,072,430, total_bytes=1,394, window_sec=30\t\nsession\tSESSION-c0f54da92702e4ac\tdst_ip=172.234.197.23, dst_port=443, duration_sec=5.35, end_time=1,778,040,038.99, expected_protocol=https, packet_count=7, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=45.33.109.10, src_port=46,496, start_time=1,778,040,033.642, tcp_flags=A,S,P,R, time_bucket=1,778,040,030, total_bytes=476, window_sec=30\t\nsession\tSESSION-00e01dcc7487e071\tdst_ip=172.234.197.23, dst_port=22, duration_sec=11.77, end_time=1,778,072,428.76, expected_protocol=ssh, packet_count=34, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=92.118.39.235, src_port=42,116, start_time=1,778,072,416.99, tcp_flags=A,S,P, time_bucket=1,778,072,400, total_bytes=6,230, window_sec=30\t\nsession\tSESSION-88b7a3fbe4aa9c73\tdst_ip=172.234.197.23, dst_port=443, duration_sec=0.18, end_time=1,778,072,423.759, expected_protocol=https, packet_count=11, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=185.247.137.206, src_port=35,103, start_time=1,778,072,423.574, tcp_flags=A,S,P,F, time_bucket=1,778,072,400, total_bytes=1,340, window_sec=30\t\nsession\tSESSION-608e54dcb808ad4f\tdst_ip=104.194.149.41, dst_port=59,950, duration_sec=19.46, end_time=1,778,072,423.88, expected_protocol=unregistered:59950, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=443, start_time=1,778,072,404.424, tcp_flags=A,F, time_bucket=1,778,072,400, total_bytes=132, window_sec=30\t\nsession\tSESSION-63905cf2a7bf050e\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,036,406.501, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=35,068, start_time=1,778,036,406.5, tcp_flags=, time_bucket=1,778,036,400, total_bytes=282, window_sec=30\t\nsession\tSESSION-12e4996e91ea82c2\tdst_ip=5.34.178.101, dst_port=52,976, duration_sec=7.68, end_time=1,778,072,428.36, expected_protocol=unregistered:52976, packet_count=7, proto=TCP, protocol_anomaly_score=0.4, protocol_violations=constant_size_c2, protocols=TCP, src_ip=172.234.197.23, src_port=443, start_time=1,778,072,420.681, tcp_flags=A,F, time_bucket=1,778,072,400, total_bytes=462, window_sec=30\t\nsession\tSESSION-2afb3b9c44db3352\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,076,001.726, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=50,051, start_time=1,778,076,001.726, tcp_flags=, time_bucket=1,778,076,000, total_bytes=282, window_sec=30\t\nsession\tSESSION-cc57470cff674b4d\tdst_ip=2.57.122.194, dst_port=18,694, duration_sec=8.84, end_time=1,778,076,012.124, expected_protocol=unregistered:18694, packet_count=14, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,778,076,003.284, tcp_flags=A,P,R, time_bucket=1,778,076,000, total_bytes=1,520, window_sec=30\t\nsession\tSESSION-0f63d360cf143853\tdst_ip=172.234.197.23, dst_port=443, duration_sec=15.36, end_time=1,778,043,653.872, expected_protocol=https, packet_count=4, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=89.190.156.78, src_port=50,714, start_time=1,778,043,638.513, tcp_flags=A, time_bucket=1,778,043,630, total_bytes=264, window_sec=30\t\nsession\tSESSION-93087fea180212af\tdst_ip=2.57.122.196, duration_sec=11.26, end_time=1,778,065,248.328, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=172.234.197.23, start_time=1,778,065,237.066, tcp_flags=, time_bucket=1,778,065,230, total_bytes=164, window_sec=30\t\nsession\tSESSION-e25260d84d1899f3\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,032,802.033, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=40,901, start_time=1,778,032,802.031, tcp_flags=, time_bucket=1,778,032,800, total_bytes=313, window_sec=30\t\nsession\tSESSION-ce73b8d8d0c5eb5d\tdst_ip=2.57.122.193, dst_port=50,248, duration_sec=0.13, end_time=1,778,068,859.461, expected_protocol=unregistered:50248, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,778,068,859.336, tcp_flags=A,P,R, time_bucket=1,778,068,830, total_bytes=172, window_sec=30\t\nsession\tSESSION-fcda3062255c0ddf\tdst_ip=92.118.39.235, duration_sec=22.25, end_time=1,778,072,455.241, expected_protocol=unregistered:0, packet_count=8, proto=ICMP, protocol_anomaly_score=0.4, protocol_violations=constant_size_c2, protocols=ICMP, src_ip=172.234.197.23, start_time=1,778,072,432.99, tcp_flags=, time_bucket=1,778,072,430, total_bytes=668, window_sec=30\t\nsession\tSESSION-e07ada5095ddfcf9\tdst_ip=45.153.34.112, duration_sec=25.22, end_time=1,778,050,857.16, expected_protocol=unregistered:0, packet_count=8, proto=ICMP, protocol_anomaly_score=0.4, protocol_violations=constant_size_c2, protocols=ICMP, src_ip=172.234.197.23, start_time=1,778,050,831.945, tcp_flags=, time_bucket=1,778,050,830, total_bytes=816, window_sec=30\t\nsession\tSESSION-47a5cb6f1c89acd9\tdst_ip=172.234.197.23, duration_sec=0, end_time=1,778,061,608.02, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=103.155.16.117, start_time=1,778,061,608.02, tcp_flags=, time_bucket=1,778,061,600, total_bytes=84, window_sec=30\t\nsession\tSESSION-1ae5761b52438ad8\tdst_ip=2.57.122.194, dst_port=37,168, duration_sec=12.5, end_time=1,778,072,414.875, expected_protocol=unregistered:37168, packet_count=4, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,778,072,402.376, tcp_flags=A,P,F,R, time_bucket=1,778,072,400, total_bytes=292, window_sec=30\t\nsession\tSESSION-79a0413209e2baca\tdst_ip=213.209.159.56, dst_port=18,739, duration_sec=25.62, end_time=1,778,040,055.752, expected_protocol=unregistered:18739, packet_count=28, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,778,040,030.131, tcp_flags=A,P,F,R, time_bucket=1,778,040,030, total_bytes=3,188, window_sec=30\t\nsession\tSESSION-b58bf26b90688bb4\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,036,401.826, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=50,039, start_time=1,778,036,401.825, tcp_flags=, time_bucket=1,778,036,400, total_bytes=282, window_sec=30\t\nsession\tSESSION-fa3c66e6c8c7cc27\tdst_ip=172.234.197.23, dst_port=443, duration_sec=0.19, end_time=1,778,072,456.946, expected_protocol=https, packet_count=10, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=87.236.176.214, src_port=40,671, start_time=1,778,072,456.76, tcp_flags=A,S,P,F, time_bucket=1,778,072,430, total_bytes=918, window_sec=30\t\nsession\tSESSION-2801fe3d7a774cf5\tdst_ip=45.153.34.112, duration_sec=24.88, end_time=1,778,050,828.274, expected_protocol=unregistered:0, packet_count=8, proto=ICMP, protocol_anomaly_score=0.4, protocol_violations=constant_size_c2, protocols=ICMP, src_ip=172.234.197.23, start_time=1,778,050,803.393, tcp_flags=, time_bucket=1,778,050,800, total_bytes=816, window_sec=30\t\nsession\tSESSION-4f726ca0d8d8e058\tdst_ip=2.57.122.193, dst_port=50,248, duration_sec=0.13, end_time=1,778,068,812.869, expected_protocol=unregistered:50248, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,778,068,812.744, tcp_flags=A,P,R, time_bucket=1,778,068,800, total_bytes=172, window_sec=30\t\nsession\tSESSION-49ed4f4a29cfb6b3\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,068,801.108, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=49,024, start_time=1,778,068,801.107, tcp_flags=, time_bucket=1,778,068,800, total_bytes=282, window_sec=30\t\nsession\tSESSION-51919fc68b872311\tdst_ip=172.234.197.23, dst_port=443, duration_sec=0.53, end_time=1,778,061,629.113, expected_protocol=https, packet_count=46, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=66.228.53.78, src_port=38,058, start_time=1,778,061,628.579, tcp_flags=A,S,P,F, time_bucket=1,778,061,600, total_bytes=43,611, window_sec=30\t\nsession\tSESSION-a6c427a7783be300\tdst_ip=172.234.197.23, dst_port=22, duration_sec=9.43, end_time=1,778,047,229.954, expected_protocol=ssh, packet_count=34, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=45.227.254.170, src_port=40,232, start_time=1,778,047,220.52, tcp_flags=A,S,P, time_bucket=1,778,047,200, total_bytes=6,094, window_sec=30\t\nsession\tSESSION-3edcaa2f576ed9ad\tdst_ip=172.234.197.23, dst_port=443, duration_sec=0.44, end_time=1,778,043,652.355, expected_protocol=https, packet_count=15, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=89.190.156.78, src_port=51,892, start_time=1,778,043,651.918, tcp_flags=A,S,P, time_bucket=1,778,043,630, total_bytes=5,716, window_sec=30\t\nsession\tSESSION-8321b4fe85ec7c76\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,036,401.828, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=37,839, start_time=1,778,036,401.827, tcp_flags=, time_bucket=1,778,036,400, total_bytes=313, window_sec=30\t\nsession\tSESSION-c5aeac75f92d444f\tdst_ip=172.234.197.23, dst_port=22, duration_sec=3.26, end_time=1,778,058,022.924, expected_protocol=ssh, packet_count=24, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=162.214.75.117, src_port=37,278, start_time=1,778,058,019.662, tcp_flags=A,S,P,F, time_bucket=1,778,058,000, total_bytes=5,296, window_sec=30\t\nsession\tSESSION-e7ce4665dfa45d3c\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,061,601.517, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=39,972, start_time=1,778,061,601.517, tcp_flags=, time_bucket=1,778,061,600, total_bytes=282, window_sec=30\t\nsession\tSESSION-9b63d3522aab6528\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,061,601.518, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=37,218, start_time=1,778,061,601.518, tcp_flags=, time_bucket=1,778,061,600, total_bytes=313, window_sec=30\t\nsession\tSESSION-0f1fcc9050279648\tdst_ip=172.234.197.23, dst_port=443, duration_sec=0.18, end_time=1,778,072,423.767, expected_protocol=https, packet_count=10, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=185.247.137.22, src_port=56,681, start_time=1,778,072,423.582, tcp_flags=A,S,P,R, time_bucket=1,778,072,400, total_bytes=3,516, window_sec=30\t\nsession\tSESSION-062c72215e61d30f\tdst_ip=172.234.197.23, dst_port=23, duration_sec=28.35, end_time=1,778,068,859.85, expected_protocol=telnet, packet_count=14, proto=TCP, protocol_anomaly_score=1, protocol_violations=constant_size_c2,tcp_syn_only,risk_port, protocols=TCP, src_ip=91.204.208.35, src_port=23,166, start_time=1,778,068,831.495, tcp_flags=S, time_bucket=1,778,068,830, total_bytes=756, window_sec=30\t\nsession\tSESSION-ff5fd6c4007b2145\tdst_ip=185.125.190.56, dst_port=123, duration_sec=0.09, end_time=1,778,072,456.553, expected_protocol=ntp, packet_count=2, proto=UDP, protocol_anomaly_score=0.5, protocol_violations=oversized_ntp, protocols=UDP, src_ip=172.234.197.23, src_port=45,406, start_time=1,778,072,456.463, tcp_flags=, time_bucket=1,778,072,430, total_bytes=180, window_sec=30\t\nsession\tSESSION-7155cec198655999\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,043,601.458, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=37,518, start_time=1,778,043,601.457, tcp_flags=, time_bucket=1,778,043,600, total_bytes=282, window_sec=30\t\nsession\tSESSION-60d15048f5022601\tdst_ip=172.234.197.23, dst_port=443, duration_sec=0.23, end_time=1,778,036,457.548, expected_protocol=https, packet_count=22, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=34.198.2.0, src_port=44,737, start_time=1,778,036,457.323, tcp_flags=R,S,F,A,P, time_bucket=1,778,036,430, total_bytes=5,172, window_sec=30\t\nsession\tSESSION-c495d9e5ab9acfbc\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0.05, end_time=1,778,047,257.52, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=55,287, start_time=1,778,047,257.468, tcp_flags=, time_bucket=1,778,047,230, total_bytes=228, window_sec=30\t\nsession\tSESSION-eeb1578b9cc87ce2\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,061,628.996, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=41,397, start_time=1,778,061,628.996, tcp_flags=, time_bucket=1,778,061,600, total_bytes=282, window_sec=30\t\nsession\tSESSION-f05eefe35c8f9a76\tdst_ip=2.57.122.194, duration_sec=12.37, end_time=1,778,072,414.875, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=172.234.197.23, start_time=1,778,072,402.504, tcp_flags=, time_bucket=1,778,072,400, total_bytes=164, window_sec=30\t\nsession\tSESSION-dd0bfa1ac17855c2\tdst_ip=172.234.197.23, dst_port=443, duration_sec=1.54, end_time=1,778,047,257.904, expected_protocol=https, packet_count=42, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=43.157.180.116, src_port=35,018, start_time=1,778,047,256.369, tcp_flags=R,S,F,A,P, time_bucket=1,778,047,230, total_bytes=27,182, window_sec=30\t\nsession\tSESSION-02436cab82ff2be9\tdst_ip=172.234.197.23, dst_port=22, duration_sec=20.85, end_time=1,778,065,228.616, expected_protocol=ssh, packet_count=44, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=2.57.122.196, src_port=3,392, start_time=1,778,065,207.771, tcp_flags=A,S,P,R, time_bucket=1,778,065,200, total_bytes=7,102, window_sec=30\t\nsession\tSESSION-4305e5b024f7a223\tdst_ip=45.148.10.152, dst_port=43,722, duration_sec=0.1, end_time=1,778,050,832.693, expected_protocol=unregistered:43722, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,778,050,832.588, tcp_flags=A,F,R, time_bucket=1,778,050,830, total_bytes=120, window_sec=30\t\nsession\tSESSION-bb28c78a797947d2\tdst_ip=172.234.197.23, dst_port=22, duration_sec=0.58, end_time=1,778,065,260.676, expected_protocol=ssh, packet_count=14, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=106.107.248.155, src_port=45,010, start_time=1,778,065,260.093, tcp_flags=A,S,P, time_bucket=1,778,065,260, total_bytes=3,871, window_sec=30\t\nsession\tSESSION-eda5f2c165ee908a\tdst_ip=104.21.7.232, dst_port=443, duration_sec=0.32, end_time=1,778,047,257.841, expected_protocol=https, packet_count=18, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=50,988, start_time=1,778,047,257.52, tcp_flags=A,S,P,F, time_bucket=1,778,047,230, total_bytes=7,606, window_sec=30\t\nsession\tSESSION-e3fc51c5a9708a6d\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,040,013.205, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=36,133, start_time=1,778,040,013.205, tcp_flags=, time_bucket=1,778,040,000, total_bytes=282, window_sec=30\t\nsession\tSESSION-17520ab71e811bf1\tdst_ip=172.234.197.23, dst_port=443, duration_sec=1.58, end_time=1,778,076,004.872, expected_protocol=https, packet_count=17, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=52.232.35.131, src_port=54,172, start_time=1,778,076,003.289, tcp_flags=A,P,F, time_bucket=1,778,076,000, total_bytes=5,584, window_sec=30\t\nsession\tSESSION-34b2326f558473f5\tdst_ip=172.234.197.23, dst_port=443, duration_sec=15.36, end_time=1,778,043,653.873, expected_protocol=https, packet_count=4, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=89.190.156.78, src_port=50,722, start_time=1,778,043,638.513, tcp_flags=A, time_bucket=1,778,043,630, total_bytes=264, window_sec=30\t\nsession\tSESSION-0508ecf5fca31f9f\tdst_ip=172.234.197.23, duration_sec=0, end_time=1,778,032,824.093, expected_protocol=unregistered:0, packet_count=2, proto=ICMP, protocol_anomaly_score=0, protocol_violations=, protocols=ICMP, src_ip=3.126.146.176, start_time=1,778,032,824.093, tcp_flags=, time_bucket=1,778,032,800, total_bytes=164, window_sec=30\t\nsession\tSESSION-d4b585270ad704cf\tdst_ip=172.234.197.23, dst_port=443, duration_sec=5.22, end_time=1,778,040,049.813, expected_protocol=https, packet_count=7, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=45.33.109.10, src_port=46,497, start_time=1,778,040,044.595, tcp_flags=A,S,P,R, time_bucket=1,778,040,030, total_bytes=468, window_sec=30\t\nsession\tSESSION-2aaccea6dccbc46a\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,076,001.728, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=57,514, start_time=1,778,076,001.727, tcp_flags=, time_bucket=1,778,076,000, total_bytes=313, window_sec=30\t\nsession\tSESSION-5b5e9844e8d91210\tdst_ip=92.118.39.235, dst_port=42,116, duration_sec=22.38, end_time=1,778,072,455.241, expected_protocol=unregistered:42116, packet_count=16, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,778,072,432.861, tcp_flags=A,P,R, time_bucket=1,778,072,430, total_bytes=1,388, window_sec=30\t\nsession\tSESSION-06f3798479e59b72\tdst_ip=45.148.10.152, dst_port=43,722, duration_sec=0.1, end_time=1,778,050,808.368, expected_protocol=unregistered:43722, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,778,050,808.264, tcp_flags=A,P,R, time_bucket=1,778,050,800, total_bytes=172, window_sec=30\t\nsession\tSESSION-b868bf37bed38f15\tdst_ip=192.119.111.204, dst_port=60,604, duration_sec=10.23, end_time=1,778,072,422.344, expected_protocol=unregistered:60604, packet_count=7, proto=TCP, protocol_anomaly_score=0.4, protocol_violations=constant_size_c2, protocols=TCP, src_ip=172.234.197.23, src_port=443, start_time=1,778,072,412.116, tcp_flags=A,F, time_bucket=1,778,072,400, total_bytes=462, window_sec=30\t\nsession\tSESSION-ed5316eada695a91\tdst_ip=172.232.0.17, dst_port=53, duration_sec=0, end_time=1,778,050,801.252, expected_protocol=dns, packet_count=2, proto=UDP, protocol_anomaly_score=0, protocol_violations=, protocols=UDP, src_ip=172.234.197.23, src_port=40,619, start_time=1,778,050,801.251, tcp_flags=, time_bucket=1,778,050,800, total_bytes=313, window_sec=30\t\nsession\tSESSION-bf2258c4de57eec3\tdst_ip=92.118.39.23, dst_port=26,966, duration_sec=0.13, end_time=1,778,040,009.288, expected_protocol=unregistered:26966, packet_count=2, proto=TCP, protocol_anomaly_score=0, protocol_violations=, protocols=TCP, src_ip=172.234.197.23, src_port=22, start_time=1,778,040,009.16, tcp_flags=A,P,R, time_bucket=1,778,040,000, total_bytes=172, window_sec=30\t\nsession\tSESSION-d05fb923cf4a0ee4\tdst_ip=172.234.197.23, dst_port=443, duration_sec=8.62, end_time=1,778,040,015.024, expected_protocol=https, packet_count=8, proto=TCP, protocol_anomaly_score=0.35, protocol_violations=missing_tls, protocols=TCP, src_ip=45.33.109.10, src_port=46,493, start_time=1,778,040,006.405, tcp_flags=A,S,P,R, time_bucket=1,778,040,000, total_bytes=658, window_sec=30\t\nsession\tSESSION-308a7d658a499624\tdst_ip=172.234.197.23, dst_port=21, duration_sec=15.5, end_time=1,778,065,224.136, expected_protocol=ftp-ctrl, packet_count=6, proto=TCP, protocol_anomaly_score=0.5, protocol_violations=constant_size_c2,risk_port, protocols=TCP, src_ip=81.29.142.50, src_port=55,885, start_time=1,778,065,208.639, tcp_flags=A,S, time_bucket=1,778,065,200, total_bytes=344, window_sec=30\t\ntls_sni\ttls_sni:172-234-197-23.ip.linodeusercontent.com\tsni=172-234-197-23.ip.linodeusercontent.com\t\ntls_sni\ttls_sni:wpcodeusage.com\tsni=wpcodeusage.com\t\ntls_sni\ttls_sni:172.234.197.23\tsni=172.234.197.23<\/code><\/pre>\n\n\n\n
Edges (1746)\nKind\tID\tNodes\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-395abcc328361cc1:host:172.234.197.23:host:172.232.0.17\tSESSION-395abcc328361cc1 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nFLOW_FROM_HOSTOBS\te:from:SESSION-49ed4f4a29cfb6b3:host:172.234.197.23\tSESSION-49ed4f4a29cfb6b3 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-51e53ba41d3daf57:host:172.234.197.23\tSESSION-51e53ba41d3daf57 \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-d68993c6291186b3:SESSION-d68993c6291186b3\tSESSION-d68993c6291186b3 \u2192 pe:syn:SESSION-d68993c6291186b3\nflow_observed5-aryOBS\te:fo:flow:b043921b4335\tflow:b043921b4335 \u2192 host:185.247.137.6 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nFLOW_DST_PORTOBS\te:fp:flow:8d08ea6ea9f9:port:udp:53\tflow:8d08ea6ea9f9 \u2192 port:udp:53\nFLOW_DST_PORTOBS\te:fp:flow:7a3efc7c62c3:port:tcp:443\tflow:7a3efc7c62c3 \u2192 port:tcp:443\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-c0f54da92702e4ac:host:45.33.109.10:host:172.234.197.23\tSESSION-c0f54da92702e4ac \u2192 host:45.33.109.10 \u2192 host:172.234.197.23\nHOST_IN_ASNOBS 85%\te:ha:host:34.197.28.78:asn:14618\thost:34.197.28.78 \u2192 asn:14618\nflow_observed4-aryOBS\te:fo:flow:a9aa2ea13503\tflow:a9aa2ea13503 \u2192 host:148.72.247.49 \u2192 host:172.234.197.23 \u2192 port:tcp:8088\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-eda5f2c165ee908a:host:104.21.7.232\tSESSION-eda5f2c165ee908a \u2192 host:104.21.7.232\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-acef8d31e86c7acd:host:172.234.197.23:host:172.232.0.17\tSESSION-acef8d31e86c7acd \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:172.234.197.23:geo_41.88350_-87.63050\thost:172.234.197.23 \u2192 geo_41.88350_-87.63050\nflow_observed5-aryOBS\te:fo:flow:0f87fd9755d2\tflow:0f87fd9755d2 \u2192 host:106.107.248.155 \u2192 host:172.234.197.23 \u2192 port:tcp:22 \u2192 svc:ssh\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-d68993c6291186b3:flow:c5802a729475\tSESSION-d68993c6291186b3 \u2192 flow:c5802a729475\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-742f34cda3a4e617:host:172.234.197.23\tSESSION-742f34cda3a4e617 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-63905cf2a7bf050e:PCAP:capture_20260506030001:5cc356b1b859\tSESSION-63905cf2a7bf050e \u2192 PCAP:capture_20260506030001:5cc356b1b859\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-a13a17be1b938278:host:104.194.145.47\tSESSION-a13a17be1b938278 \u2192 host:104.194.145.47\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%\te:bsg:SESSION-537b4787a5d32b32:BSG-BEACON-f6c2b3d0e42d\tSESSION-537b4787a5d32b32 \u2192 BSG-BEACON-f6c2b3d0e42d\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-4f93282fb27f899d:SESSION-4f93282fb27f899d\tSESSION-4f93282fb27f899d \u2192 pe:dns:SESSION-4f93282fb27f899d\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-8321b4fe85ec7c76:host:172.232.0.17\tSESSION-8321b4fe85ec7c76 \u2192 host:172.232.0.17\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-a6c427a7783be300:host:45.227.254.170\tSESSION-a6c427a7783be300 \u2192 host:45.227.254.170\nFLOW_TO_HOSTOBS\te:to:SESSION-4f93282fb27f899d:host:172.232.0.17\tSESSION-4f93282fb27f899d \u2192 host:172.232.0.17\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-4305e5b024f7a223:host:172.234.197.23:host:45.148.10.152\tSESSION-4305e5b024f7a223 \u2192 host:172.234.197.23 \u2192 host:45.148.10.152\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-e25260d84d1899f3:host:172.232.0.17\tSESSION-e25260d84d1899f3 \u2192 host:172.232.0.17\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-bb28c78a797947d2:host:106.107.248.155:host:172.234.197.23\tSESSION-bb28c78a797947d2 \u2192 host:106.107.248.155 \u2192 host:172.234.197.23\nflow_observed5-aryOBS\te:fo:flow:6c52770a5a7c\tflow:6c52770a5a7c \u2192 host:89.190.156.78 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-4390daf7eeef0d52:SESSION-4390daf7eeef0d52\tSESSION-4390daf7eeef0d52 \u2192 pe:dns:SESSION-4390daf7eeef0d52\nHOST_IN_ASNOBS 85%\te:ha:host:45.148.10.157:asn:48090\thost:45.148.10.157 \u2192 asn:48090\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-cb177f6b8a87aae0:PCAP:capture_20260506100001:1dcaef79479b\tSESSION-cb177f6b8a87aae0 \u2192 PCAP:capture_20260506100001:1dcaef79479b\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-5b5e9844e8d91210:flow:2b1929813806\tSESSION-5b5e9844e8d91210 \u2192 flow:2b1929813806\nFLOW_TO_HOSTOBS\te:to:SESSION-54190c4a9018c8b2:host:172.234.197.23\tSESSION-54190c4a9018c8b2 \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-386b135d546c92f7:SESSION-386b135d546c92f7\tSESSION-386b135d546c92f7 \u2192 pe:syn:SESSION-386b135d546c92f7\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-1ae5761b52438ad8:SESSION-1ae5761b52438ad8\tSESSION-1ae5761b52438ad8 \u2192 pe:rst:SESSION-1ae5761b52438ad8\nFLOW_DST_PORTOBS\te:fp:flow:69ea25c11391:port:udp:53\tflow:69ea25c11391 \u2192 port:udp:53\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:87.236.176.214:geo_51.49640_-0.12240\thost:87.236.176.214 \u2192 geo_51.49640_-0.12240\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-4f726ca0d8d8e058:SESSION-4f726ca0d8d8e058\tSESSION-4f726ca0d8d8e058 \u2192 pe:rst:SESSION-4f726ca0d8d8e058\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-88b7a3fbe4aa9c73:host:185.247.137.206\tSESSION-88b7a3fbe4aa9c73 \u2192 host:185.247.137.206\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-3bdf02dba5935e9e:PCAP:capture_20260506040001:e9f965e38ce8\tSESSION-3bdf02dba5935e9e \u2192 PCAP:capture_20260506040001:e9f965e38ce8\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-d65a73ebc3ea4bbf:host:2.57.122.193\tSESSION-d65a73ebc3ea4bbf \u2192 host:2.57.122.193\nFLOW_TO_HOSTOBS\te:to:SESSION-ddee689ce64bb7f1:host:172.232.0.17\tSESSION-ddee689ce64bb7f1 \u2192 host:172.232.0.17\nFLOW_DST_PORTOBS\te:fp:flow:ad158fcc812d:port:tcp:63631\tflow:ad158fcc812d \u2192 port:tcp:63631\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-60c9f814ed617fcc:SESSION-60c9f814ed617fcc\tSESSION-60c9f814ed617fcc \u2192 pe:syn:SESSION-60c9f814ed617fcc\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-7f858f15c17e12f2:host:172.234.197.23\tSESSION-7f858f15c17e12f2 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-65f53457d50be6fd:PCAP:capture_20260506040001:e9f965e38ce8\tSESSION-65f53457d50be6fd \u2192 PCAP:capture_20260506040001:e9f965e38ce8\nFLOW_DST_PORTOBS\te:fp:flow:551e75da8fde:port:tcp:443\tflow:551e75da8fde \u2192 port:tcp:443\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-abc73843613ec20b:host:172.234.197.23\tSESSION-abc73843613ec20b \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-b9cb91009e614d5f:host:172.234.197.23:host:172.232.0.17\tSESSION-b9cb91009e614d5f \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%\te:bsg:SESSION-63905cf2a7bf050e:BSG-BEACON-f6c2b3d0e42d\tSESSION-63905cf2a7bf050e \u2192 BSG-BEACON-f6c2b3d0e42d\nFLOW_FROM_HOSTOBS\te:from:SESSION-e123b6403f799b1d:host:40.77.167.70\tSESSION-e123b6403f799b1d \u2192 host:40.77.167.70\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-9bfef0c13717a796:host:45.61.133.121\tSESSION-9bfef0c13717a796 \u2192 host:45.61.133.121\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:92.118.39.23:geo_32.77970_-96.80220\thost:92.118.39.23 \u2192 geo_32.77970_-96.80220\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%\te:bsg:SESSION-77c2b91a994d6b29:BSG-BEACON-f6c2b3d0e42d\tSESSION-77c2b91a994d6b29 \u2192 BSG-BEACON-f6c2b3d0e42d\nFLOW_FROM_HOSTOBS\te:from:SESSION-de4dfe84e12d6d3a:host:172.234.197.23\tSESSION-de4dfe84e12d6d3a \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-003788b015d527cd:host:45.156.87.254\tSESSION-003788b015d527cd \u2192 host:45.156.87.254\nASN_IN_ORGOBS 80%\te:ao:asn:211298:org:Driftnet Ltd\tasn:211298 \u2192 org:Driftnet Ltd\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-f29056eb8e4d0543:PCAP:capture_20260506090001:f14948ae9de4\tSESSION-f29056eb8e4d0543 \u2192 PCAP:capture_20260506090001:f14948ae9de4\nFLOW_FROM_HOSTOBS\te:from:SESSION-c495d9e5ab9acfbc:host:172.234.197.23\tSESSION-c495d9e5ab9acfbc \u2192 host:172.234.197.23\nHOST_IN_ASNOBS 85%\te:ha:host:124.129.100.19:asn:4837\thost:124.129.100.19 \u2192 asn:4837\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-afea5cf8af463adc:host:172.234.197.23\tSESSION-afea5cf8af463adc \u2192 host:172.234.197.23\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%\te:bsg:SESSION-e25260d84d1899f3:BSG-BEACON-f6c2b3d0e42d\tSESSION-e25260d84d1899f3 \u2192 BSG-BEACON-f6c2b3d0e42d\nFLOW_TO_HOSTOBS\te:to:SESSION-93717221407cc62b:host:2.57.122.196\tSESSION-93717221407cc62b \u2192 host:2.57.122.196\nFLOW_TO_HOSTOBS\te:to:SESSION-395abcc328361cc1:host:172.232.0.17\tSESSION-395abcc328361cc1 \u2192 host:172.232.0.17\nFLOW_TO_HOSTOBS\te:to:SESSION-45458b9765283300:host:172.234.197.23\tSESSION-45458b9765283300 \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-eda5f2c165ee908a:host:172.234.197.23:host:104.21.7.232\tSESSION-eda5f2c165ee908a \u2192 host:172.234.197.23 \u2192 host:104.21.7.232\nFLOW_TO_HOSTOBS\te:to:SESSION-34a7e03bf798caf5:host:172.234.197.23\tSESSION-34a7e03bf798caf5 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-9931d5e5bc996b57:host:172.234.197.23\tSESSION-9931d5e5bc996b57 \u2192 host:172.234.197.23\nHOST_IN_ASNOBS 85%\te:ha:host:195.211.96.85:asn:204957\thost:195.211.96.85 \u2192 asn:204957\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-ee97936cb69b9d13:SESSION-ee97936cb69b9d13\tSESSION-ee97936cb69b9d13 \u2192 pe:tls:SESSION-ee97936cb69b9d13\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-4f726ca0d8d8e058:host:172.234.197.23\tSESSION-4f726ca0d8d8e058 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-48b1abbe41658d68:host:172.234.197.23\tSESSION-48b1abbe41658d68 \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-e25260d84d1899f3:host:172.234.197.23:host:172.232.0.17\tSESSION-e25260d84d1899f3 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nFLOW_TLS_SNIOBS\te:fs:flow:eab42a9b6bf8:tls_sni:172-234-197-23.ip.linodeusercontent.com\tflow:eab42a9b6bf8 \u2192 tls_sni:172-234-197-23.ip.linodeusercontent.com\nFLOW_FROM_HOSTOBS\te:from:SESSION-64839ebd252cff52:host:172.234.197.23\tSESSION-64839ebd252cff52 \u2192 host:172.234.197.23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-386b135d546c92f7:flow:0b62fdf0d034\tSESSION-386b135d546c92f7 \u2192 flow:0b62fdf0d034\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-de4dfe84e12d6d3a:flow:c81b3731a7ee\tSESSION-de4dfe84e12d6d3a \u2192 flow:c81b3731a7ee\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-64cf3cf6299680da:host:92.118.39.23\tSESSION-64cf3cf6299680da \u2192 host:92.118.39.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-fcda3062255c0ddf:host:172.234.197.23\tSESSION-fcda3062255c0ddf \u2192 host:172.234.197.23\nFLOW_DST_PORTOBS\te:fp:flow:a6790ddc9702:port:tcp:443\tflow:a6790ddc9702 \u2192 port:tcp:443\nFLOW_TLS_SNIOBS\te:fs:flow:b043921b4335:tls_sni:172.234.197.23\tflow:b043921b4335 \u2192 tls_sni:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-00e01dcc7487e071:host:92.118.39.235:host:172.234.197.23\tSESSION-00e01dcc7487e071 \u2192 host:92.118.39.235 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-608e54dcb808ad4f:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-608e54dcb808ad4f \u2192 PCAP:capture_20260506130001:193918cc1ff8\nFLOW_FROM_HOSTOBS\te:from:SESSION-742f34cda3a4e617:host:172.234.197.23\tSESSION-742f34cda3a4e617 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-395abcc328361cc1:PCAP:capture_20260506060001:f9f9110b5bb4\tSESSION-395abcc328361cc1 \u2192 PCAP:capture_20260506060001:f9f9110b5bb4\nHOST_IN_ASNOBS 85%\te:ha:host:107.189.27.59:asn:14956\thost:107.189.27.59 \u2192 asn:14956\nflow_observed4-aryOBS\te:fo:flow:23359d44f167\tflow:23359d44f167 \u2192 host:172.234.197.23 \u2192 host:2.57.122.193 \u2192 port:tcp:50248\nFLOW_FROM_HOSTOBS\te:from:SESSION-d05fb923cf4a0ee4:host:45.33.109.10\tSESSION-d05fb923cf4a0ee4 \u2192 host:45.33.109.10\nFLOW_TO_HOSTOBS\te:to:SESSION-9921af6a5702b3bf:host:172.232.0.17\tSESSION-9921af6a5702b3bf \u2192 host:172.232.0.17\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-12e4996e91ea82c2:flow:a4aa40b777fd\tSESSION-12e4996e91ea82c2 \u2192 flow:a4aa40b777fd\nFLOW_TO_HOSTOBS\te:to:SESSION-003788b015d527cd:host:45.156.87.254\tSESSION-003788b015d527cd \u2192 host:45.156.87.254\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-de4dfe84e12d6d3a:PCAP:capture_20260506050001:4dfc529b4866\tSESSION-de4dfe84e12d6d3a \u2192 PCAP:capture_20260506050001:4dfc529b4866\nHOST_IN_ASNOBS 85%\te:ha:host:170.187.163.133:asn:63949\thost:170.187.163.133 \u2192 asn:63949\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-48df9718fdcf0dd4:PCAP:capture_20260506040001:e9f965e38ce8\tSESSION-48df9718fdcf0dd4 \u2192 PCAP:capture_20260506040001:e9f965e38ce8\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-54b06c4ee1c885b8:host:172.232.0.17\tSESSION-54b06c4ee1c885b8 \u2192 host:172.232.0.17\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-54b06c4ee1c885b8:host:172.234.197.23\tSESSION-54b06c4ee1c885b8 \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-28215304c7f8ba86:host:74.7.242.172:host:172.234.197.23\tSESSION-28215304c7f8ba86 \u2192 host:74.7.242.172 \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-8e6dba6c98daea8c:host:172.234.197.23\tSESSION-8e6dba6c98daea8c \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-1f294c1fb71330bd:host:172.234.197.23\tSESSION-1f294c1fb71330bd \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-4305e5b024f7a223:PCAP:capture_20260506070001:142364cf903b\tSESSION-4305e5b024f7a223 \u2192 PCAP:capture_20260506070001:142364cf903b\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-c0f54da92702e4ac:SESSION-c0f54da92702e4ac\tSESSION-c0f54da92702e4ac \u2192 pe:tls:SESSION-c0f54da92702e4ac\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-b58bf26b90688bb4:PCAP:capture_20260506030001:5cc356b1b859\tSESSION-b58bf26b90688bb4 \u2192 PCAP:capture_20260506030001:5cc356b1b859\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-3657adb5f65190d3:host:45.178.249.135\tSESSION-3657adb5f65190d3 \u2192 host:45.178.249.135\nflow_observed4-aryOBS\te:fo:flow:51c075e75f1f\tflow:51c075e75f1f \u2192 host:172.234.197.23 \u2192 host:2.57.122.194 \u2192 port:tcp:18694\nFLOW_DST_PORTOBS\te:fp:flow:1da98017ced9:port:udp:53\tflow:1da98017ced9 \u2192 port:udp:53\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-afea5cf8af463adc:SESSION-afea5cf8af463adc\tSESSION-afea5cf8af463adc \u2192 pe:syn:SESSION-afea5cf8af463adc\nFLOW_DST_PORTOBS\te:fp:flow:04e808770244:port:tcp:22\tflow:04e808770244 \u2192 port:tcp:22\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-0f63d360cf143853:flow:dbaf0481482c\tSESSION-0f63d360cf143853 \u2192 flow:dbaf0481482c\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%\te:bsg:SESSION-49abda6ad4a45bbb:BSG-BEACON-f6c2b3d0e42d\tSESSION-49abda6ad4a45bbb \u2192 BSG-BEACON-f6c2b3d0e42d\nflow_observed5-aryOBS\te:fo:flow:6568cd0686fe\tflow:6568cd0686fe \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nflow_observed3-aryOBS\te:fo:flow:9ceaff17bc29\tflow:9ceaff17bc29 \u2192 host:103.155.16.117 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-51d7f2698b47beca:host:172.234.197.23\tSESSION-51d7f2698b47beca \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-51919fc68b872311:host:172.234.197.23\tSESSION-51919fc68b872311 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-110d1ee95c8ccd23:host:172.234.197.23\tSESSION-110d1ee95c8ccd23 \u2192 host:172.234.197.23\nFLOW_DST_PORTOBS\te:fp:flow:6845e8b68c70:port:tcp:23\tflow:6845e8b68c70 \u2192 port:tcp:23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-4473489472864a95:flow:e49bf2972d42\tSESSION-4473489472864a95 \u2192 flow:e49bf2972d42\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-9b63d3522aab6528:SESSION-9b63d3522aab6528\tSESSION-9b63d3522aab6528 \u2192 pe:dns:SESSION-9b63d3522aab6528\nFLOW_FROM_HOSTOBS\te:from:SESSION-1b2f39e4e24dfa1e:host:74.82.47.3\tSESSION-1b2f39e4e24dfa1e \u2192 host:74.82.47.3\nFLOW_QUERIED_DNSOBS\te:fd:flow:fa86c0038549:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\tflow:fa86c0038549 \u2192 dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-0508ecf5fca31f9f:PCAP:capture_20260506020001:cb849d7e9012\tSESSION-0508ecf5fca31f9f \u2192 PCAP:capture_20260506020001:cb849d7e9012\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-f52f57c02498535b:host:172.234.197.23\tSESSION-f52f57c02498535b \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-ec3a8cbc58b1e5f2:host:172.234.197.23\tSESSION-ec3a8cbc58b1e5f2 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-cc57470cff674b4d:host:2.57.122.194\tSESSION-cc57470cff674b4d \u2192 host:2.57.122.194\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-51919fc68b872311:SESSION-51919fc68b872311\tSESSION-51919fc68b872311 \u2192 pe:syn:SESSION-51919fc68b872311\nFLOW_TO_HOSTOBS\te:to:SESSION-868e23b316c7b0f8:host:107.189.27.59\tSESSION-868e23b316c7b0f8 \u2192 host:107.189.27.59\nFLOW_TO_HOSTOBS\te:to:SESSION-1f294c1fb71330bd:host:172.232.0.17\tSESSION-1f294c1fb71330bd \u2192 host:172.232.0.17\nFLOW_QUERIED_DNSOBS\te:fd:flow:1119d003b239:dns:172-234-197-23.ip.linodeusercontent.com\tflow:1119d003b239 \u2192 dns:172-234-197-23.ip.linodeusercontent.com\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-f52f57c02498535b:host:104.194.145.47\tSESSION-f52f57c02498535b \u2192 host:104.194.145.47\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-eeb1578b9cc87ce2:SESSION-eeb1578b9cc87ce2\tSESSION-eeb1578b9cc87ce2 \u2192 pe:dns:SESSION-eeb1578b9cc87ce2\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-acef8d31e86c7acd:host:172.232.0.17\tSESSION-acef8d31e86c7acd \u2192 host:172.232.0.17\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-03da2e7ddf212c4e:host:103.25.56.113:host:172.234.197.23\tSESSION-03da2e7ddf212c4e \u2192 host:103.25.56.113 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-ec3a8cbc58b1e5f2:host:74.7.175.174\tSESSION-ec3a8cbc58b1e5f2 \u2192 host:74.7.175.174\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-1b2f39e4e24dfa1e:host:74.82.47.3:host:172.234.197.23\tSESSION-1b2f39e4e24dfa1e \u2192 host:74.82.47.3 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-395abcc328361cc1:host:172.234.197.23\tSESSION-395abcc328361cc1 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-49abda6ad4a45bbb:host:172.232.0.17\tSESSION-49abda6ad4a45bbb \u2192 host:172.232.0.17\nHOST_IN_ASNOBS 85%\te:ha:host:89.190.156.78:asn:49870\thost:89.190.156.78 \u2192 asn:49870\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-9bfef0c13717a796:SESSION-9bfef0c13717a796\tSESSION-9bfef0c13717a796 \u2192 pe:tls:SESSION-9bfef0c13717a796\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-51d7b5d9b2653285:host:45.61.133.121\tSESSION-51d7b5d9b2653285 \u2192 host:45.61.133.121\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-8f6eea3c975ecf64:host:74.7.242.172:host:172.234.197.23\tSESSION-8f6eea3c975ecf64 \u2192 host:74.7.242.172 \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-79b2777978dd27ca:host:172.232.0.17\tSESSION-79b2777978dd27ca \u2192 host:172.232.0.17\nASN_IN_ORGOBS 80%\te:ao:asn:54290:org:Hostwinds LLC.\tasn:54290 \u2192 org:Hostwinds LLC.\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-54b06c4ee1c885b8:PCAP:capture_20260506060001:f9f9110b5bb4\tSESSION-54b06c4ee1c885b8 \u2192 PCAP:capture_20260506060001:f9f9110b5bb4\nASN_IN_ORGOBS 80%\te:ao:asn:4766:org:Korea Telecom\tasn:4766 \u2192 org:Korea Telecom\nASN_IN_ORGOBS 80%\te:ao:asn:4780:org:Digital United Inc.\tasn:4780 \u2192 org:Digital United Inc.\nFLOW_TO_HOSTOBS\te:to:SESSION-4b726f82be41475c:host:172.234.197.23\tSESSION-4b726f82be41475c \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-4473489472864a95:host:172.232.0.17\tSESSION-4473489472864a95 \u2192 host:172.232.0.17\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%\te:bsg:SESSION-395abcc328361cc1:BSG-BEACON-f6c2b3d0e42d\tSESSION-395abcc328361cc1 \u2192 BSG-BEACON-f6c2b3d0e42d\nflow_observed5-aryOBS\te:fo:flow:dd2a74d69ecd\tflow:dd2a74d69ecd \u2192 host:52.232.35.131 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nflow_observed4-aryOBS\te:fo:flow:1e45f245d9e1\tflow:1e45f245d9e1 \u2192 host:172.234.197.23 \u2192 host:195.123.246.80 \u2192 port:tcp:50746\nFLOW_QUERIED_DNSOBS\te:fd:flow:38ed5ae17f18:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\tflow:38ed5ae17f18 \u2192 dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\nFLOW_FROM_HOSTOBS\te:from:SESSION-acef8d31e86c7acd:host:172.234.197.23\tSESSION-acef8d31e86c7acd \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-3657adb5f65190d3:SESSION-3657adb5f65190d3\tSESSION-3657adb5f65190d3 \u2192 pe:syn:SESSION-3657adb5f65190d3\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-9273bd2df9f7c64b:SESSION-9273bd2df9f7c64b\tSESSION-9273bd2df9f7c64b \u2192 pe:tls:SESSION-9273bd2df9f7c64b\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-a6c427a7783be300:SESSION-a6c427a7783be300\tSESSION-a6c427a7783be300 \u2192 pe:syn:SESSION-a6c427a7783be300\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-9273bd2df9f7c64b:flow:8d353e4da0fd\tSESSION-9273bd2df9f7c64b \u2192 flow:8d353e4da0fd\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-c5aeac75f92d444f:host:162.214.75.117\tSESSION-c5aeac75f92d444f \u2192 host:162.214.75.117\nflow_observed5-aryOBS\te:fo:flow:7673e13f4289\tflow:7673e13f4289 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-cc57470cff674b4d:flow:51c075e75f1f\tSESSION-cc57470cff674b4d \u2192 flow:51c075e75f1f\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-77c2b91a994d6b29:host:172.232.0.17\tSESSION-77c2b91a994d6b29 \u2192 host:172.232.0.17\nFLOW_TO_HOSTOBS\te:to:SESSION-742f34cda3a4e617:host:172.232.0.17\tSESSION-742f34cda3a4e617 \u2192 host:172.232.0.17\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-e25260d84d1899f3:host:172.234.197.23\tSESSION-e25260d84d1899f3 \u2192 host:172.234.197.23\nASN_IN_ORGOBS 80%\te:ao:asn:269051:org:UNIVERSO FIBER COMUNICACAO MULTIMIDIA\tasn:269051 \u2192 org:UNIVERSO FIBER COMUNICACAO MULTIMIDIA\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-51d7b5d9b2653285:host:172.234.197.23\tSESSION-51d7b5d9b2653285 \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-c5aeac75f92d444f:SESSION-c5aeac75f92d444f\tSESSION-c5aeac75f92d444f \u2192 pe:syn:SESSION-c5aeac75f92d444f\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-65f53457d50be6fd:host:172.234.197.23\tSESSION-65f53457d50be6fd \u2192 host:172.234.197.23\nflow_observed5-aryOBS\te:fo:flow:4991c4ddcaed\tflow:4991c4ddcaed \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-cb177f6b8a87aae0:host:148.72.247.49:host:172.234.197.23\tSESSION-cb177f6b8a87aae0 \u2192 host:148.72.247.49 \u2192 host:172.234.197.23\nHOST_IN_ASNOBS 85%\te:ha:host:172.234.197.23:asn:63949\thost:172.234.197.23 \u2192 asn:63949\nHOST_IN_ASNOBS 85%\te:ha:host:92.118.39.23:asn:47890\thost:92.118.39.23 \u2192 asn:47890\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-ec3a8cbc58b1e5f2:host:172.234.197.23\tSESSION-ec3a8cbc58b1e5f2 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-e06fb47105f2ac43:host:172.234.197.23\tSESSION-e06fb47105f2ac43 \u2192 host:172.234.197.23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-93717221407cc62b:flow:f082ca34669c\tSESSION-93717221407cc62b \u2192 flow:f082ca34669c\nflow_observed4-aryOBS\te:fo:flow:7d422775f052\tflow:7d422775f052 \u2192 host:172.234.197.23 \u2192 host:213.209.159.56 \u2192 port:tcp:18739\nFLOW_DST_PORTOBS\te:fp:flow:1e7439e55ec0:port:tcp:443\tflow:1e7439e55ec0 \u2192 port:tcp:443\nFLOW_DST_PORTOBS\te:fp:flow:fa86c0038549:port:udp:53\tflow:fa86c0038549 \u2192 port:udp:53\nFLOW_FROM_HOSTOBS\te:from:SESSION-2aaccea6dccbc46a:host:172.234.197.23\tSESSION-2aaccea6dccbc46a \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-06c2cef68b8aaa66:host:172.234.197.23\tSESSION-06c2cef68b8aaa66 \u2192 host:172.234.197.23\nflow_observed5-aryOBS\te:fo:flow:a6ea0602e5c3\tflow:a6ea0602e5c3 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nFLOW_DST_PORTOBS\te:fp:flow:f969770eb36a:port:tcp:23\tflow:f969770eb36a \u2192 port:tcp:23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-bb28c78a797947d2:host:106.107.248.155\tSESSION-bb28c78a797947d2 \u2192 host:106.107.248.155\nFLOW_FROM_HOSTOBS\te:from:SESSION-8321b4fe85ec7c76:host:172.234.197.23\tSESSION-8321b4fe85ec7c76 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-cc57470cff674b4d:PCAP:capture_20260506140001:5d47d72c8963\tSESSION-cc57470cff674b4d \u2192 PCAP:capture_20260506140001:5d47d72c8963\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-a6bd6f290a9108c0:host:172.234.197.23\tSESSION-a6bd6f290a9108c0 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-88b7a3fbe4aa9c73:host:185.247.137.206\tSESSION-88b7a3fbe4aa9c73 \u2192 host:185.247.137.206\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-8db7c39e7c6a0413:PCAP:capture_20260506060001:f9f9110b5bb4\tSESSION-8db7c39e7c6a0413 \u2192 PCAP:capture_20260506060001:f9f9110b5bb4\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%\te:bsg:SESSION-dd0bfa1ac17855c2:BSG-DATA_EXFIL-f741823cb51a\tSESSION-dd0bfa1ac17855c2 \u2192 BSG-DATA_EXFIL-f741823cb51a\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:162.214.75.117:geo_37.75100_-97.82200\thost:162.214.75.117 \u2192 geo_37.75100_-97.82200\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:74.7.243.19:geo_33.74850_-84.38710\thost:74.7.243.19 \u2192 geo_33.74850_-84.38710\nHOST_IN_ASNOBS 85%\te:ha:host:34.198.2.0:asn:14618\thost:34.198.2.0 \u2192 asn:14618\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-2aaccea6dccbc46a:host:172.234.197.23\tSESSION-2aaccea6dccbc46a \u2192 host:172.234.197.23\nHOST_IN_ASNOBS 85%\te:ha:host:46.151.178.13:asn:211443\thost:46.151.178.13 \u2192 asn:211443\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-dd0bfa1ac17855c2:host:43.157.180.116\tSESSION-dd0bfa1ac17855c2 \u2192 host:43.157.180.116\nFLOW_FROM_HOSTOBS\te:from:SESSION-b58bf26b90688bb4:host:172.234.197.23\tSESSION-b58bf26b90688bb4 \u2192 host:172.234.197.23\nHOST_IN_ASNOBS 85%\te:ha:host:180.167.128.203:asn:4812\thost:180.167.128.203 \u2192 asn:4812\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-308a7d658a499624:SESSION-308a7d658a499624\tSESSION-308a7d658a499624 \u2192 pe:syn:SESSION-308a7d658a499624\nFLOW_TO_HOSTOBS\te:to:SESSION-abc73843613ec20b:host:172.232.0.17\tSESSION-abc73843613ec20b \u2192 host:172.232.0.17\nFLOW_TO_HOSTOBS\te:to:SESSION-9931d5e5bc996b57:host:195.123.246.80\tSESSION-9931d5e5bc996b57 \u2192 host:195.123.246.80\nFLOW_FROM_HOSTOBS\te:from:SESSION-2caeb7e5334aa4ca:host:106.107.248.155\tSESSION-2caeb7e5334aa4ca \u2192 host:106.107.248.155\nFLOW_DST_PORTOBS\te:fp:flow:2b1929813806:port:tcp:42116\tflow:2b1929813806 \u2192 port:tcp:42116\nFLOW_DST_PORTOBS\te:fp:flow:51e69965ce12:port:tcp:443\tflow:51e69965ce12 \u2192 port:tcp:443\nFLOW_TO_HOSTOBS\te:to:SESSION-183409131ad9123b:host:172.234.197.23\tSESSION-183409131ad9123b \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-fa3c66e6c8c7cc27:host:172.234.197.23\tSESSION-fa3c66e6c8c7cc27 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-ec3a8cbc58b1e5f2:host:74.7.175.174\tSESSION-ec3a8cbc58b1e5f2 \u2192 host:74.7.175.174\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-c0f54da92702e4ac:SESSION-c0f54da92702e4ac\tSESSION-c0f54da92702e4ac \u2192 pe:rst:SESSION-c0f54da92702e4ac\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-90d6ffa3c7df5be4:flow:1b8efe77f1d2\tSESSION-90d6ffa3c7df5be4 \u2192 flow:1b8efe77f1d2\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-613308d4fce0daf0:host:5.181.20.206\tSESSION-613308d4fce0daf0 \u2192 host:5.181.20.206\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-f57befbbc9509b01:host:172.234.197.23:host:172.232.0.17\tSESSION-f57befbbc9509b01 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-c79e5eebc4868479:PCAP:capture_20260506120001:ed45599fcb5b\tSESSION-c79e5eebc4868479 \u2192 PCAP:capture_20260506120001:ed45599fcb5b\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:70.54.182.130:geo_43.71540_-79.38960\thost:70.54.182.130 \u2192 geo_43.71540_-79.38960\nFLOW_FROM_HOSTOBS\te:from:SESSION-93717221407cc62b:host:172.234.197.23\tSESSION-93717221407cc62b \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-97e750ad2d476b32:host:103.155.16.117\tSESSION-97e750ad2d476b32 \u2192 host:103.155.16.117\nFLOW_TO_HOSTOBS\te:to:SESSION-3edcaa2f576ed9ad:host:172.234.197.23\tSESSION-3edcaa2f576ed9ad \u2192 host:172.234.197.23\nHOST_IN_ASNOBS 85%\te:ha:host:66.228.53.78:asn:63949\thost:66.228.53.78 \u2192 asn:63949\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-b58bf26b90688bb4:flow:99cd9173a6aa\tSESSION-b58bf26b90688bb4 \u2192 flow:99cd9173a6aa\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-ea4986b0ffcf3593:host:74.7.243.62:host:172.234.197.23\tSESSION-ea4986b0ffcf3593 \u2192 host:74.7.243.62 \u2192 host:172.234.197.23\nflow_observed5-aryOBS\te:fo:flow:b9a22427e56f\tflow:b9a22427e56f \u2192 host:43.157.180.116 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nFLOW_TO_HOSTOBS\te:to:SESSION-8db7c39e7c6a0413:host:172.234.197.23\tSESSION-8db7c39e7c6a0413 \u2192 host:172.234.197.23\nHOST_IN_ASNOBS 85%\te:ha:host:63.179.136.145:asn:16509\thost:63.179.136.145 \u2192 asn:16509\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-02436cab82ff2be9:SESSION-02436cab82ff2be9\tSESSION-02436cab82ff2be9 \u2192 pe:syn:SESSION-02436cab82ff2be9\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-fcda3062255c0ddf:host:92.118.39.235\tSESSION-fcda3062255c0ddf \u2192 host:92.118.39.235\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-547dd5952328fc79:host:172.234.197.23\tSESSION-547dd5952328fc79 \u2192 host:172.234.197.23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-c495d9e5ab9acfbc:flow:7a63b783bb1f\tSESSION-c495d9e5ab9acfbc \u2192 flow:7a63b783bb1f\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-395abcc328361cc1:flow:6568cd0686fe\tSESSION-395abcc328361cc1 \u2192 flow:6568cd0686fe\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:180.167.128.203:geo_31.22220_121.45810\thost:180.167.128.203 \u2192 geo_31.22220_121.45810\nFLOW_DST_PORTOBS\te:fp:flow:77a0f3565630:port:tcp:10004\tflow:77a0f3565630 \u2192 port:tcp:10004\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-0f1fcc9050279648:host:172.234.197.23\tSESSION-0f1fcc9050279648 \u2192 host:172.234.197.23\nFLOW_DST_PORTOBS\te:fp:flow:63ff435747ca:port:tcp:443\tflow:63ff435747ca \u2192 port:tcp:443\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:172.236.228.38:geo_34.05440_-118.24400\thost:172.236.228.38 \u2192 geo_34.05440_-118.24400\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-b9b9c8c14f596810:flow:e7ea76711a78\tSESSION-b9b9c8c14f596810 \u2192 flow:e7ea76711a78\nFLOW_DST_PORTOBS\te:fp:flow:745e7e633b46:port:tcp:60604\tflow:745e7e633b46 \u2192 port:tcp:60604\nHOST_IN_ASNOBS 85%\te:ha:host:52.232.35.131:asn:8075\thost:52.232.35.131 \u2192 asn:8075\nHOST_IN_ASNOBS 85%\te:ha:host:103.25.56.113:asn:136557\thost:103.25.56.113 \u2192 asn:136557\nFLOW_FROM_HOSTOBS\te:from:SESSION-19756d4907ce3f22:host:172.236.228.38\tSESSION-19756d4907ce3f22 \u2192 host:172.236.228.38\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-79b2777978dd27ca:PCAP:capture_20260506090001:f14948ae9de4\tSESSION-79b2777978dd27ca \u2192 PCAP:capture_20260506090001:f14948ae9de4\nFLOW_FROM_HOSTOBS\te:from:SESSION-b45740c93fb46f4f:host:170.187.163.133\tSESSION-b45740c93fb46f4f \u2192 host:170.187.163.133\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-17520ab71e811bf1:host:52.232.35.131:host:172.234.197.23\tSESSION-17520ab71e811bf1 \u2192 host:52.232.35.131 \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-d68993c6291186b3:host:45.33.109.10:host:172.234.197.23\tSESSION-d68993c6291186b3 \u2192 host:45.33.109.10 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-28215304c7f8ba86:host:74.7.242.172\tSESSION-28215304c7f8ba86 \u2192 host:74.7.242.172\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-02436cab82ff2be9:host:2.57.122.196\tSESSION-02436cab82ff2be9 \u2192 host:2.57.122.196\nFLOW_DST_PORTOBS\te:fp:flow:a9aa2ea13503:port:tcp:8088\tflow:a9aa2ea13503 \u2192 port:tcp:8088\nHOST_IN_ASNOBS 85%\te:ha:host:45.33.109.10:asn:63949\thost:45.33.109.10 \u2192 asn:63949\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-60d15048f5022601:SESSION-60d15048f5022601\tSESSION-60d15048f5022601 \u2192 pe:syn:SESSION-60d15048f5022601\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-f05eefe35c8f9a76:host:172.234.197.23\tSESSION-f05eefe35c8f9a76 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-8f55e302ff5e6c0d:host:51.224.145.102\tSESSION-8f55e302ff5e6c0d \u2192 host:51.224.145.102\nHOST_IN_ASNOBS 85%\te:ha:host:81.29.142.50:asn:210259\thost:81.29.142.50 \u2192 asn:210259\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-03da2e7ddf212c4e:flow:f51593dc9d13\tSESSION-03da2e7ddf212c4e \u2192 flow:f51593dc9d13\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%\te:bsg:SESSION-ea4986b0ffcf3593:BSG-DATA_EXFIL-4bc5c409bc39\tSESSION-ea4986b0ffcf3593 \u2192 BSG-DATA_EXFIL-4bc5c409bc39\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-8db7c39e7c6a0413:host:46.151.178.13:host:172.234.197.23\tSESSION-8db7c39e7c6a0413 \u2192 host:46.151.178.13 \u2192 host:172.234.197.23\nFLOW_TLS_SNIOBS\te:fs:flow:551e75da8fde:tls_sni:172.234.197.23\tflow:551e75da8fde \u2192 tls_sni:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-34a7e03bf798caf5:SESSION-34a7e03bf798caf5\tSESSION-34a7e03bf798caf5 \u2192 pe:syn:SESSION-34a7e03bf798caf5\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-b868bf37bed38f15:host:192.119.111.204\tSESSION-b868bf37bed38f15 \u2192 host:192.119.111.204\nFLOW_TO_HOSTOBS\te:to:SESSION-0508ecf5fca31f9f:host:172.234.197.23\tSESSION-0508ecf5fca31f9f \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-93087fea180212af:host:2.57.122.196\tSESSION-93087fea180212af \u2192 host:2.57.122.196\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-f4f04d9d25e66b28:host:172.234.197.23:host:92.118.39.195\tSESSION-f4f04d9d25e66b28 \u2192 host:172.234.197.23 \u2192 host:92.118.39.195\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-c0f54da92702e4ac:flow:a05587dca278\tSESSION-c0f54da92702e4ac \u2192 flow:a05587dca278\nASN_IN_ORGOBS 80%\te:ao:asn:8254:org:Green Floid LLC\tasn:8254 \u2192 org:Green Floid LLC\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-93087fea180212af:flow:9c788f76936f\tSESSION-93087fea180212af \u2192 flow:9c788f76936f\nflow_observed3-aryOBS\te:fo:flow:225be6166274\tflow:225be6166274 \u2192 host:172.234.197.23 \u2192 host:45.153.34.112\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-abc73843613ec20b:PCAP:capture_20260506080002:53e6ba03f554\tSESSION-abc73843613ec20b \u2192 PCAP:capture_20260506080002:53e6ba03f554\nFLOW_TO_HOSTOBS\te:to:SESSION-7a22528435ec40e3:host:172.232.0.17\tSESSION-7a22528435ec40e3 \u2192 host:172.232.0.17\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-386b135d546c92f7:host:103.81.111.187:host:172.234.197.23\tSESSION-386b135d546c92f7 \u2192 host:103.81.111.187 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-bb28c78a797947d2:PCAP:capture_20260506110001:db30e8f19576\tSESSION-bb28c78a797947d2 \u2192 PCAP:capture_20260506110001:db30e8f19576\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:18.153.49.6:geo_50.11690_8.68370\thost:18.153.49.6 \u2192 geo_50.11690_8.68370\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:92.118.39.195:geo_45.99680_24.99700\thost:92.118.39.195 \u2192 geo_45.99680_24.99700\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-7f858f15c17e12f2:host:172.234.197.23:host:107.189.27.59\tSESSION-7f858f15c17e12f2 \u2192 host:172.234.197.23 \u2192 host:107.189.27.59\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:34.197.28.78:geo_39.04690_-77.49030\thost:34.197.28.78 \u2192 geo_39.04690_-77.49030\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-48b1abbe41658d68:flow:6f3d67cdcf5e\tSESSION-48b1abbe41658d68 \u2192 flow:6f3d67cdcf5e\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-1f294c1fb71330bd:SESSION-1f294c1fb71330bd\tSESSION-1f294c1fb71330bd \u2192 pe:dns:SESSION-1f294c1fb71330bd\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-ddee689ce64bb7f1:host:172.234.197.23:host:172.232.0.17\tSESSION-ddee689ce64bb7f1 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nASN_IN_ORGOBS 80%\te:ao:asn:41231:org:Canonical Group Limited\tasn:41231 \u2192 org:Canonical Group Limited\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-47a5cb6f1c89acd9:flow:9ceaff17bc29\tSESSION-47a5cb6f1c89acd9 \u2192 flow:9ceaff17bc29\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:2.57.122.194:geo_45.99680_24.99700\thost:2.57.122.194 \u2192 geo_45.99680_24.99700\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-537b4787a5d32b32:PCAP:capture_20260506090001:f14948ae9de4\tSESSION-537b4787a5d32b32 \u2192 PCAP:capture_20260506090001:f14948ae9de4\nASN_IN_ORGOBS 80%\te:ao:asn:209847:org:WorkTitans B.V.\tasn:209847 \u2192 org:WorkTitans B.V.\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-48df9718fdcf0dd4:host:172.234.197.23\tSESSION-48df9718fdcf0dd4 \u2192 host:172.234.197.23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-f0b8de3575b1c3f3:flow:4d30fbc2be96\tSESSION-f0b8de3575b1c3f3 \u2192 flow:4d30fbc2be96\nflow_observed3-aryOBS\te:fo:flow:08fd29599773\tflow:08fd29599773 \u2192 host:51.224.22.45 \u2192 host:172.234.197.23\nflow_observed5-aryOBS\te:fo:flow:c31e76db5dae\tflow:c31e76db5dae \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nflow_observed5-aryOBS\te:fo:flow:7cc2d28880a5\tflow:7cc2d28880a5 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nFLOW_DST_PORTOBS\te:fp:flow:6f3d67cdcf5e:port:tcp:54624\tflow:6f3d67cdcf5e \u2192 port:tcp:54624\nHOST_IN_ASNOBS 85%\te:ha:host:51.224.22.45:asn:16509\thost:51.224.22.45 \u2192 asn:16509\nflow_observed4-aryOBS\te:fo:flow:6f3d67cdcf5e\tflow:6f3d67cdcf5e \u2192 host:172.234.197.23 \u2192 host:195.211.96.85 \u2192 port:tcp:54624\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-308a7d658a499624:PCAP:capture_20260506110001:db30e8f19576\tSESSION-308a7d658a499624 \u2192 PCAP:capture_20260506110001:db30e8f19576\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-441a69db47f1f67e:host:172.234.197.23\tSESSION-441a69db47f1f67e \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-c495d9e5ab9acfbc:PCAP:capture_20260506060001:f9f9110b5bb4\tSESSION-c495d9e5ab9acfbc \u2192 PCAP:capture_20260506060001:f9f9110b5bb4\nHOST_IN_ASNOBS 85%\te:ha:host:192.119.111.204:asn:54290\thost:192.119.111.204 \u2192 asn:54290\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-f29056eb8e4d0543:host:172.234.197.23:host:172.232.0.17\tSESSION-f29056eb8e4d0543 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-19756d4907ce3f22:PCAP:capture_20260506080002:53e6ba03f554\tSESSION-19756d4907ce3f22 \u2192 PCAP:capture_20260506080002:53e6ba03f554\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-c5aeac75f92d444f:flow:a527250caa23\tSESSION-c5aeac75f92d444f \u2192 flow:a527250caa23\nFLOW_TO_HOSTOBS\te:to:SESSION-9bfef0c13717a796:host:45.61.133.121\tSESSION-9bfef0c13717a796 \u2192 host:45.61.133.121\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-93717221407cc62b:host:2.57.122.196\tSESSION-93717221407cc62b \u2192 host:2.57.122.196\nFLOW_DST_PORTOBS\te:fp:flow:0b62fdf0d034:port:tcp:23\tflow:0b62fdf0d034 \u2192 port:tcp:23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-d92c82faf3e575a2:host:172.234.197.23\tSESSION-d92c82faf3e575a2 \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-eeb1578b9cc87ce2:host:172.234.197.23:host:172.232.0.17\tSESSION-eeb1578b9cc87ce2 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-5b5e9844e8d91210:host:172.234.197.23:host:92.118.39.235\tSESSION-5b5e9844e8d91210 \u2192 host:172.234.197.23 \u2192 host:92.118.39.235\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-9273bd2df9f7c64b:host:3.223.134.5\tSESSION-9273bd2df9f7c64b \u2192 host:3.223.134.5\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%\te:bsg:SESSION-49ed4f4a29cfb6b3:BSG-BEACON-f6c2b3d0e42d\tSESSION-49ed4f4a29cfb6b3 \u2192 BSG-BEACON-f6c2b3d0e42d\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-0f1fcc9050279648:host:185.247.137.22:host:172.234.197.23\tSESSION-0f1fcc9050279648 \u2192 host:185.247.137.22 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-77c2b91a994d6b29:host:172.234.197.23\tSESSION-77c2b91a994d6b29 \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-ce73b8d8d0c5eb5d:host:172.234.197.23:host:2.57.122.193\tSESSION-ce73b8d8d0c5eb5d \u2192 host:172.234.197.23 \u2192 host:2.57.122.193\nFLOW_TO_HOSTOBS\te:to:SESSION-bb28c78a797947d2:host:172.234.197.23\tSESSION-bb28c78a797947d2 \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-e7ce4665dfa45d3c:host:172.232.0.17\tSESSION-e7ce4665dfa45d3c \u2192 host:172.232.0.17\nFLOW_FROM_HOSTOBS\te:from:SESSION-0086120f9ffcd7cf:host:172.234.197.23\tSESSION-0086120f9ffcd7cf \u2192 host:172.234.197.23\nflow_observed4-aryOBS\te:fo:flow:0b62fdf0d034\tflow:0b62fdf0d034 \u2192 host:103.81.111.187 \u2192 host:172.234.197.23 \u2192 port:tcp:23\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%\te:bsg:SESSION-90d6ffa3c7df5be4:BSG-BEACON-f6c2b3d0e42d\tSESSION-90d6ffa3c7df5be4 \u2192 BSG-BEACON-f6c2b3d0e42d\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-45458b9765283300:PCAP:capture_20260506090001:f14948ae9de4\tSESSION-45458b9765283300 \u2192 PCAP:capture_20260506090001:f14948ae9de4\nflow_observed5-aryOBS\te:fo:flow:e903432acbba\tflow:e903432acbba \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nflow_observed5-aryOBS\te:fo:flow:d8584035cf2a\tflow:d8584035cf2a \u2192 host:74.7.242.172 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nHOST_IN_ASNOBS 85%\te:ha:host:172.236.228.38:asn:63949\thost:172.236.228.38 \u2192 asn:63949\nFLOW_QUERIED_DNSOBS\te:fd:flow:eea34932bdf6:dns:172-234-197-23.ip.linodeusercontent.com\tflow:eea34932bdf6 \u2192 dns:172-234-197-23.ip.linodeusercontent.com\nFLOW_TO_HOSTOBS\te:to:SESSION-97e750ad2d476b32:host:172.234.197.23\tSESSION-97e750ad2d476b32 \u2192 host:172.234.197.23\nFLOW_DST_PORTOBS\te:fp:flow:e73d03d30fbd:port:tcp:58327\tflow:e73d03d30fbd \u2192 port:tcp:58327\nFLOW_TO_HOSTOBS\te:to:SESSION-b58bf26b90688bb4:host:172.232.0.17\tSESSION-b58bf26b90688bb4 \u2192 host:172.232.0.17\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-d4b585270ad704cf:host:172.234.197.23\tSESSION-d4b585270ad704cf \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-3bdf02dba5935e9e:host:183.202.141.98:host:172.234.197.23\tSESSION-3bdf02dba5935e9e \u2192 host:183.202.141.98 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-5b5e9844e8d91210:host:172.234.197.23\tSESSION-5b5e9844e8d91210 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-1b2f39e4e24dfa1e:PCAP:capture_20260506070001:142364cf903b\tSESSION-1b2f39e4e24dfa1e \u2192 PCAP:capture_20260506070001:142364cf903b\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:103.25.56.113:geo_-34.92820_138.59990\thost:103.25.56.113 \u2192 geo_-34.92820_138.59990\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-5b5e9844e8d91210:host:92.118.39.235\tSESSION-5b5e9844e8d91210 \u2192 host:92.118.39.235\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-9921af6a5702b3bf:PCAP:capture_20260506040001:e9f965e38ce8\tSESSION-9921af6a5702b3bf \u2192 PCAP:capture_20260506040001:e9f965e38ce8\nFLOW_FROM_HOSTOBS\te:from:SESSION-7155cec198655999:host:172.234.197.23\tSESSION-7155cec198655999 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-395abcc328361cc1:host:172.234.197.23\tSESSION-395abcc328361cc1 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-dd0bfa1ac17855c2:PCAP:capture_20260506060001:f9f9110b5bb4\tSESSION-dd0bfa1ac17855c2 \u2192 PCAP:capture_20260506060001:f9f9110b5bb4\nFLOW_TO_HOSTOBS\te:to:SESSION-2caeb7e5334aa4ca:host:172.234.197.23\tSESSION-2caeb7e5334aa4ca \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-613308d4fce0daf0:PCAP:capture_20260506110001:db30e8f19576\tSESSION-613308d4fce0daf0 \u2192 PCAP:capture_20260506110001:db30e8f19576\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-110d1ee95c8ccd23:flow:fd171cb16a1a\tSESSION-110d1ee95c8ccd23 \u2192 flow:fd171cb16a1a\nFLOW_QUERIED_DNSOBS\te:fd:flow:c81b3731a7ee:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\tflow:c81b3731a7ee \u2192 dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%\te:bsg:SESSION-19756d4907ce3f22:BSG-DATA_EXFIL-edb560b3ef99\tSESSION-19756d4907ce3f22 \u2192 BSG-DATA_EXFIL-edb560b3ef99\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-c041b784113284dc:PCAP:capture_20260506080002:53e6ba03f554\tSESSION-c041b784113284dc \u2192 PCAP:capture_20260506080002:53e6ba03f554\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-d4b585270ad704cf:host:45.33.109.10\tSESSION-d4b585270ad704cf \u2192 host:45.33.109.10\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-bf2258c4de57eec3:PCAP:capture_20260506040001:e9f965e38ce8\tSESSION-bf2258c4de57eec3 \u2192 PCAP:capture_20260506040001:e9f965e38ce8\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-b58bf26b90688bb4:SESSION-b58bf26b90688bb4\tSESSION-b58bf26b90688bb4 \u2192 pe:dns:SESSION-b58bf26b90688bb4\nHOST_IN_ASNOBS 85%\te:ha:host:185.247.137.206:asn:211298\thost:185.247.137.206 \u2192 asn:211298\nFLOW_FROM_HOSTOBS\te:from:SESSION-110d1ee95c8ccd23:host:172.234.197.23\tSESSION-110d1ee95c8ccd23 \u2192 host:172.234.197.23\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%\te:bsg:SESSION-c79e5eebc4868479:BSG-BEACON-a8a8c3c8a37f\tSESSION-c79e5eebc4868479 \u2192 BSG-BEACON-a8a8c3c8a37f\nFLOW_TO_HOSTOBS\te:to:SESSION-ed5316eada695a91:host:172.232.0.17\tSESSION-ed5316eada695a91 \u2192 host:172.232.0.17\nASN_IN_ORGOBS 80%\te:ao:asn:267784:org:Flyservers S.A.\tasn:267784 \u2192 org:Flyservers S.A.\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-34a7e03bf798caf5:SESSION-34a7e03bf798caf5\tSESSION-34a7e03bf798caf5 \u2192 pe:rst:SESSION-34a7e03bf798caf5\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-34b2326f558473f5:flow:bb6249832db5\tSESSION-34b2326f558473f5 \u2192 flow:bb6249832db5\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-de4dfe84e12d6d3a:host:172.234.197.23:host:172.232.0.17\tSESSION-de4dfe84e12d6d3a \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-5b5e9844e8d91210:SESSION-5b5e9844e8d91210\tSESSION-5b5e9844e8d91210 \u2192 pe:rst:SESSION-5b5e9844e8d91210\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-79b2777978dd27ca:host:172.234.197.23\tSESSION-79b2777978dd27ca \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-e9d6c100dac5ff40:host:213.209.159.56\tSESSION-e9d6c100dac5ff40 \u2192 host:213.209.159.56\nFLOW_DST_PORTOBS\te:fp:flow:deb2950ce21a:port:tcp:443\tflow:deb2950ce21a \u2192 port:tcp:443\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-ff5fd6c4007b2145:host:172.234.197.23\tSESSION-ff5fd6c4007b2145 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-e96b201766459115:host:172.234.197.23\tSESSION-e96b201766459115 \u2192 host:172.234.197.23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-45458b9765283300:flow:cb23a9fa002c\tSESSION-45458b9765283300 \u2192 flow:cb23a9fa002c\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-8db7c39e7c6a0413:flow:469687814548\tSESSION-8db7c39e7c6a0413 \u2192 flow:469687814548\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-e07ada5095ddfcf9:PCAP:capture_20260506070001:142364cf903b\tSESSION-e07ada5095ddfcf9 \u2192 PCAP:capture_20260506070001:142364cf903b\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-7549dce926e94eea:PCAP:capture_20260506050001:4dfc529b4866\tSESSION-7549dce926e94eea \u2192 PCAP:capture_20260506050001:4dfc529b4866\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-a6bd6f290a9108c0:host:91.204.208.35:host:172.234.197.23\tSESSION-a6bd6f290a9108c0 \u2192 host:91.204.208.35 \u2192 host:172.234.197.23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-8f55e302ff5e6c0d:flow:94ead5a3cc24\tSESSION-8f55e302ff5e6c0d \u2192 flow:94ead5a3cc24\nFLOW_DST_PORTOBS\te:fp:flow:f082ca34669c:port:tcp:3392\tflow:f082ca34669c \u2192 port:tcp:3392\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-ea4986b0ffcf3593:PCAP:capture_20260506090001:f14948ae9de4\tSESSION-ea4986b0ffcf3593 \u2192 PCAP:capture_20260506090001:f14948ae9de4\nPORT_IMPLIED_SERVICEIMP 70%\te:ps:port:udp:53:svc:dns\tport:udp:53 \u2192 svc:dns\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-03da2e7ddf212c4e:PCAP:capture_20260506140001:5d47d72c8963\tSESSION-03da2e7ddf212c4e \u2192 PCAP:capture_20260506140001:5d47d72c8963\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-cc57470cff674b4d:host:172.234.197.23\tSESSION-cc57470cff674b4d \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-b868bf37bed38f15:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-b868bf37bed38f15 \u2192 PCAP:capture_20260506130001:193918cc1ff8\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-51d7b5d9b2653285:flow:79c6b8311121\tSESSION-51d7b5d9b2653285 \u2192 flow:79c6b8311121\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-8f55e302ff5e6c0d:host:51.224.145.102\tSESSION-8f55e302ff5e6c0d \u2192 host:51.224.145.102\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-c79e5eebc4868479:host:172.234.197.23\tSESSION-c79e5eebc4868479 \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-0f1fcc9050279648:SESSION-0f1fcc9050279648\tSESSION-0f1fcc9050279648 \u2192 pe:rst:SESSION-0f1fcc9050279648\nASN_IN_ORGOBS 80%\te:ao:asn:4837:org:CHINA UNICOM China169 Backbone\tasn:4837 \u2192 org:CHINA UNICOM China169 Backbone\nHOST_IN_ASNOBS 85%\te:ha:host:3.126.146.176:asn:16509\thost:3.126.146.176 \u2192 asn:16509\nFLOW_FROM_HOSTOBS\te:from:SESSION-cc57470cff674b4d:host:172.234.197.23\tSESSION-cc57470cff674b4d \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-7a22528435ec40e3:host:172.232.0.17\tSESSION-7a22528435ec40e3 \u2192 host:172.232.0.17\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-47a5cb6f1c89acd9:host:103.155.16.117\tSESSION-47a5cb6f1c89acd9 \u2192 host:103.155.16.117\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-1b2f39e4e24dfa1e:flow:2728835a14a6\tSESSION-1b2f39e4e24dfa1e \u2192 flow:2728835a14a6\nPORT_IMPLIED_SERVICEIMP 70%\te:ps:port:tcp:22:svc:ssh\tport:tcp:22 \u2192 svc:ssh\nHOST_IN_ASNOBS 85%\te:ha:host:87.236.176.214:asn:211298\thost:87.236.176.214 \u2192 asn:211298\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-abc73843613ec20b:host:172.232.0.17\tSESSION-abc73843613ec20b \u2192 host:172.232.0.17\nflow_observed5-aryOBS\te:fo:flow:75f5a0d5f164\tflow:75f5a0d5f164 \u2192 host:180.167.128.203 \u2192 host:172.234.197.23 \u2192 port:tcp:22 \u2192 svc:ssh\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-51d7b5d9b2653285:host:45.61.133.121:host:172.234.197.23\tSESSION-51d7b5d9b2653285 \u2192 host:45.61.133.121 \u2192 host:172.234.197.23\nASN_IN_ORGOBS 80%\te:ao:asn:63949:org:Akamai Connected Cloud\tasn:63949 \u2192 org:Akamai Connected Cloud\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-ed10882d03a99e9f:PCAP:capture_20260506060001:f9f9110b5bb4\tSESSION-ed10882d03a99e9f \u2192 PCAP:capture_20260506060001:f9f9110b5bb4\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-8db7c39e7c6a0413:host:172.234.197.23\tSESSION-8db7c39e7c6a0413 \u2192 host:172.234.197.23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-e7ce4665dfa45d3c:flow:4f3d29822dfd\tSESSION-e7ce4665dfa45d3c \u2192 flow:4f3d29822dfd\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-97e750ad2d476b32:host:172.234.197.23\tSESSION-97e750ad2d476b32 \u2192 host:172.234.197.23\nflow_observed5-aryOBS\te:fo:flow:8d353e4da0fd\tflow:8d353e4da0fd \u2192 host:3.223.134.5 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nFLOW_DST_PORTOBS\te:fp:flow:1b4a85eb6bc1:port:udp:53\tflow:1b4a85eb6bc1 \u2192 port:udp:53\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-eda5f2c165ee908a:SESSION-eda5f2c165ee908a\tSESSION-eda5f2c165ee908a \u2192 pe:tls:SESSION-eda5f2c165ee908a\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%\te:bsg:SESSION-c495d9e5ab9acfbc:BSG-BEACON-f6c2b3d0e42d\tSESSION-c495d9e5ab9acfbc \u2192 BSG-BEACON-f6c2b3d0e42d\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-0086120f9ffcd7cf:SESSION-0086120f9ffcd7cf\tSESSION-0086120f9ffcd7cf \u2192 pe:tls:SESSION-0086120f9ffcd7cf\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-ee97936cb69b9d13:host:46.151.178.13\tSESSION-ee97936cb69b9d13 \u2192 host:46.151.178.13\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-9921af6a5702b3bf:flow:4c12feb7d691\tSESSION-9921af6a5702b3bf \u2192 flow:4c12feb7d691\nASN_IN_ORGOBS 80%\te:ao:asn:49870:org:Alsycon B.V.\tasn:49870 \u2192 org:Alsycon B.V.\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-868e23b316c7b0f8:flow:eb8627c18ed1\tSESSION-868e23b316c7b0f8 \u2192 flow:eb8627c18ed1\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-4f93282fb27f899d:flow:6e2a85228dbb\tSESSION-4f93282fb27f899d \u2192 flow:6e2a85228dbb\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-4305e5b024f7a223:flow:751ba8c1a7c7\tSESSION-4305e5b024f7a223 \u2192 flow:751ba8c1a7c7\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-97e750ad2d476b32:PCAP:capture_20260506040001:e9f965e38ce8\tSESSION-97e750ad2d476b32 \u2192 PCAP:capture_20260506040001:e9f965e38ce8\nflow_observed5-aryOBS\te:fo:flow:38ed5ae17f18\tflow:38ed5ae17f18 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:183.202.141.98:geo_34.77320_113.72200\thost:183.202.141.98 \u2192 geo_34.77320_113.72200\nHOST_IN_ASNOBS 85%\te:ha:host:45.61.133.121:asn:14956\thost:45.61.133.121 \u2192 asn:14956\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:74.7.242.149:geo_33.74850_-84.38710\thost:74.7.242.149 \u2192 geo_33.74850_-84.38710\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-4b726f82be41475c:flow:07feb12ee68f\tSESSION-4b726f82be41475c \u2192 flow:07feb12ee68f\nFLOW_DST_PORTOBS\te:fp:flow:29f0f80dc5aa:port:tcp:9360\tflow:29f0f80dc5aa \u2192 port:tcp:9360\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-06c2cef68b8aaa66:SESSION-06c2cef68b8aaa66\tSESSION-06c2cef68b8aaa66 \u2192 pe:rst:SESSION-06c2cef68b8aaa66\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%\te:bsg:SESSION-eeb1578b9cc87ce2:BSG-BEACON-f6c2b3d0e42d\tSESSION-eeb1578b9cc87ce2 \u2192 BSG-BEACON-f6c2b3d0e42d\nASN_IN_ORGOBS 80%\te:ao:asn:14618:org:Amazon.com, Inc.\tasn:14618 \u2192 org:Amazon.com, Inc.\nFLOW_DST_PORTOBS\te:fp:flow:e2978a833c12:port:tcp:443\tflow:e2978a833c12 \u2192 port:tcp:443\nFLOW_QUERIED_DNSOBS\te:fd:flow:c31e76db5dae:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\tflow:c31e76db5dae \u2192 dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-2afb3b9c44db3352:host:172.234.197.23\tSESSION-2afb3b9c44db3352 \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-c79e5eebc4868479:host:172.234.197.23\tSESSION-c79e5eebc4868479 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-65f53457d50be6fd:host:172.232.0.17\tSESSION-65f53457d50be6fd \u2192 host:172.232.0.17\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-3657adb5f65190d3:host:172.234.197.23\tSESSION-3657adb5f65190d3 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-88032ac2aa7f41ae:host:172.234.197.23\tSESSION-88032ac2aa7f41ae \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-9273bd2df9f7c64b:host:3.223.134.5\tSESSION-9273bd2df9f7c64b \u2192 host:3.223.134.5\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-4f726ca0d8d8e058:host:2.57.122.193\tSESSION-4f726ca0d8d8e058 \u2192 host:2.57.122.193\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-9921af6a5702b3bf:host:172.234.197.23:host:172.232.0.17\tSESSION-9921af6a5702b3bf \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-c79e5eebc4868479:flow:b680ecde69ca\tSESSION-c79e5eebc4868479 \u2192 flow:b680ecde69ca\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-ec3a8cbc58b1e5f2:SESSION-ec3a8cbc58b1e5f2\tSESSION-ec3a8cbc58b1e5f2 \u2192 pe:tls:SESSION-ec3a8cbc58b1e5f2\nFLOW_DST_PORTOBS\te:fp:flow:ae85aeeb1dac:port:tcp:23\tflow:ae85aeeb1dac \u2192 port:tcp:23\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:34.198.2.0:geo_39.04690_-77.49030\thost:34.198.2.0 \u2192 geo_39.04690_-77.49030\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-eda5f2c165ee908a:SESSION-eda5f2c165ee908a\tSESSION-eda5f2c165ee908a \u2192 pe:syn:SESSION-eda5f2c165ee908a\nflow_observed3-aryOBS\te:fo:flow:18d38100af2b\tflow:18d38100af2b \u2192 host:172.234.197.23 \u2192 host:92.118.39.235\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-88b7a3fbe4aa9c73:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-88b7a3fbe4aa9c73 \u2192 PCAP:capture_20260506130001:193918cc1ff8\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-56800f0e4776fb43:host:51.224.22.45\tSESSION-56800f0e4776fb43 \u2192 host:51.224.22.45\nFLOW_DST_PORTOBS\te:fp:flow:649ec01154f8:port:tcp:50248\tflow:649ec01154f8 \u2192 port:tcp:50248\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-c5aeac75f92d444f:host:172.234.197.23\tSESSION-c5aeac75f92d444f \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-ed10882d03a99e9f:host:45.227.254.170\tSESSION-ed10882d03a99e9f \u2192 host:45.227.254.170\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-9931d5e5bc996b57:host:195.123.246.80\tSESSION-9931d5e5bc996b57 \u2192 host:195.123.246.80\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-e7ce4665dfa45d3c:PCAP:capture_20260506100001:1dcaef79479b\tSESSION-e7ce4665dfa45d3c \u2192 PCAP:capture_20260506100001:1dcaef79479b\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%\te:bsg:SESSION-7155cec198655999:BSG-BEACON-f6c2b3d0e42d\tSESSION-7155cec198655999 \u2192 BSG-BEACON-f6c2b3d0e42d\nFLOW_TLS_SNIOBS\te:fs:flow:79c6b8311121:tls_sni:172.234.197.23\tflow:79c6b8311121 \u2192 tls_sni:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-0086120f9ffcd7cf:host:172.234.197.23:host:192.119.111.204\tSESSION-0086120f9ffcd7cf \u2192 host:172.234.197.23 \u2192 host:192.119.111.204\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:103.81.111.187:geo_-6.03420_106.08420\thost:103.81.111.187 \u2192 geo_-6.03420_106.08420\nASN_IN_ORGOBS 80%\te:ao:asn:48090:org:Techoff Srv Limited\tasn:48090 \u2192 org:Techoff Srv Limited\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-441a69db47f1f67e:flow:79c7fa393fc0\tSESSION-441a69db47f1f67e \u2192 flow:79c7fa393fc0\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-537b4787a5d32b32:SESSION-537b4787a5d32b32\tSESSION-537b4787a5d32b32 \u2192 pe:dns:SESSION-537b4787a5d32b32\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-2801fe3d7a774cf5:host:172.234.197.23\tSESSION-2801fe3d7a774cf5 \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-64cf3cf6299680da:host:92.118.39.23\tSESSION-64cf3cf6299680da \u2192 host:92.118.39.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-1ae5761b52438ad8:host:172.234.197.23\tSESSION-1ae5761b52438ad8 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-d92c82faf3e575a2:PCAP:capture_20260506020001:cb849d7e9012\tSESSION-d92c82faf3e575a2 \u2192 PCAP:capture_20260506020001:cb849d7e9012\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-0086120f9ffcd7cf:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-0086120f9ffcd7cf \u2192 PCAP:capture_20260506130001:193918cc1ff8\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-b9b9c8c14f596810:SESSION-b9b9c8c14f596810\tSESSION-b9b9c8c14f596810 \u2192 pe:tls:SESSION-b9b9c8c14f596810\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%\te:bsg:SESSION-e96b201766459115:BSG-BEACON-3e264b836441\tSESSION-e96b201766459115 \u2192 BSG-BEACON-3e264b836441\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-a13a17be1b938278:SESSION-a13a17be1b938278\tSESSION-a13a17be1b938278 \u2192 pe:tls:SESSION-a13a17be1b938278\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-9bfef0c13717a796:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-9bfef0c13717a796 \u2192 PCAP:capture_20260506130001:193918cc1ff8\nFLOW_DST_PORTOBS\te:fp:flow:eab42a9b6bf8:port:tcp:443\tflow:eab42a9b6bf8 \u2192 port:tcp:443\nflow_observed5-aryOBS\te:fo:flow:0b2ff889b5a5\tflow:0b2ff889b5a5 \u2192 host:34.197.28.78 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-34b2326f558473f5:host:89.190.156.78:host:172.234.197.23\tSESSION-34b2326f558473f5 \u2192 host:89.190.156.78 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-f29056eb8e4d0543:host:172.234.197.23\tSESSION-f29056eb8e4d0543 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-acef8d31e86c7acd:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-acef8d31e86c7acd \u2192 PCAP:capture_20260506130001:193918cc1ff8\nFLOW_FROM_HOSTOBS\te:from:SESSION-93087fea180212af:host:172.234.197.23\tSESSION-93087fea180212af \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-e7ce4665dfa45d3c:SESSION-e7ce4665dfa45d3c\tSESSION-e7ce4665dfa45d3c \u2192 pe:dns:SESSION-e7ce4665dfa45d3c\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-7155cec198655999:host:172.232.0.17\tSESSION-7155cec198655999 \u2192 host:172.232.0.17\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-e7ce4665dfa45d3c:host:172.234.197.23\tSESSION-e7ce4665dfa45d3c \u2192 host:172.234.197.23\nflow_observed5-aryOBS\te:fo:flow:4f3d29822dfd\tflow:4f3d29822dfd \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nFLOW_DST_PORTOBS\te:fp:flow:0b2ff889b5a5:port:tcp:443\tflow:0b2ff889b5a5 \u2192 port:tcp:443\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-d05fb923cf4a0ee4:SESSION-d05fb923cf4a0ee4\tSESSION-d05fb923cf4a0ee4 \u2192 pe:tls:SESSION-d05fb923cf4a0ee4\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-d4b585270ad704cf:SESSION-d4b585270ad704cf\tSESSION-d4b585270ad704cf \u2192 pe:rst:SESSION-d4b585270ad704cf\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-110d1ee95c8ccd23:host:104.194.149.41\tSESSION-110d1ee95c8ccd23 \u2192 host:104.194.149.41\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-b9b9c8c14f596810:SESSION-b9b9c8c14f596810\tSESSION-b9b9c8c14f596810 \u2192 pe:syn:SESSION-b9b9c8c14f596810\nHOST_IN_ASNOBS 85%\te:ha:host:91.204.208.35:asn:52148\thost:91.204.208.35 \u2192 asn:52148\nASN_IN_ORGOBS 80%\te:ao:asn:52148:org:Enix Ltd\tasn:52148 \u2192 org:Enix Ltd\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-9273bd2df9f7c64b:SESSION-9273bd2df9f7c64b\tSESSION-9273bd2df9f7c64b \u2192 pe:rst:SESSION-9273bd2df9f7c64b\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-b58bf26b90688bb4:host:172.234.197.23:host:172.232.0.17\tSESSION-b58bf26b90688bb4 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nASN_IN_ORGOBS 80%\te:ao:asn:150958:org:PT Fiber Data Nusantara\tasn:150958 \u2192 org:PT Fiber Data Nusantara\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-51e53ba41d3daf57:SESSION-51e53ba41d3daf57\tSESSION-51e53ba41d3daf57 \u2192 pe:rst:SESSION-51e53ba41d3daf57\nFLOW_TO_HOSTOBS\te:to:SESSION-c0f54da92702e4ac:host:172.234.197.23\tSESSION-c0f54da92702e4ac \u2192 host:172.234.197.23\nFLOW_DST_PORTOBS\te:fp:flow:274ee5f63645:port:udp:123\tflow:274ee5f63645 \u2192 port:udp:123\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-c041b784113284dc:host:172.234.197.23\tSESSION-c041b784113284dc \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-b45740c93fb46f4f:SESSION-b45740c93fb46f4f\tSESSION-b45740c93fb46f4f \u2192 pe:rst:SESSION-b45740c93fb46f4f\nFLOW_DST_PORTOBS\te:fp:flow:c3dc2fae803e:port:tcp:443\tflow:c3dc2fae803e \u2192 port:tcp:443\nflow_observed3-aryOBS\te:fo:flow:20083810e797\tflow:20083810e797 \u2192 host:172.234.197.23 \u2192 host:213.209.159.56\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-9273bd2df9f7c64b:SESSION-9273bd2df9f7c64b\tSESSION-9273bd2df9f7c64b \u2192 pe:syn:SESSION-9273bd2df9f7c64b\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-54190c4a9018c8b2:host:74.7.242.149:host:172.234.197.23\tSESSION-54190c4a9018c8b2 \u2192 host:74.7.242.149 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-ddee689ce64bb7f1:host:172.234.197.23\tSESSION-ddee689ce64bb7f1 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-f29056eb8e4d0543:host:172.232.0.17\tSESSION-f29056eb8e4d0543 \u2192 host:172.232.0.17\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-7f858f15c17e12f2:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-7f858f15c17e12f2 \u2192 PCAP:capture_20260506130001:193918cc1ff8\nflow_observed4-aryOBS\te:fo:flow:751ba8c1a7c7\tflow:751ba8c1a7c7 \u2192 host:172.234.197.23 \u2192 host:45.148.10.152 \u2192 port:tcp:43722\nFLOW_FROM_HOSTOBS\te:from:SESSION-e3fc51c5a9708a6d:host:172.234.197.23\tSESSION-e3fc51c5a9708a6d \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-0508ecf5fca31f9f:host:3.126.146.176\tSESSION-0508ecf5fca31f9f \u2192 host:3.126.146.176\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%\te:bsg:SESSION-97e750ad2d476b32:BSG-BEACON-a8a8c3c8a37f\tSESSION-97e750ad2d476b32 \u2192 BSG-BEACON-a8a8c3c8a37f\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-308a7d658a499624:host:172.234.197.23\tSESSION-308a7d658a499624 \u2192 host:172.234.197.23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-183409131ad9123b:flow:ed98d1d2d802\tSESSION-183409131ad9123b \u2192 flow:ed98d1d2d802\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-f4f04d9d25e66b28:PCAP:capture_20260506110001:db30e8f19576\tSESSION-f4f04d9d25e66b28 \u2192 PCAP:capture_20260506110001:db30e8f19576\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-9bfef0c13717a796:flow:ad158fcc812d\tSESSION-9bfef0c13717a796 \u2192 flow:ad158fcc812d\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-f05eefe35c8f9a76:host:172.234.197.23:host:2.57.122.194\tSESSION-f05eefe35c8f9a76 \u2192 host:172.234.197.23 \u2192 host:2.57.122.194\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-ea4986b0ffcf3593:SESSION-ea4986b0ffcf3593\tSESSION-ea4986b0ffcf3593 \u2192 pe:tls:SESSION-ea4986b0ffcf3593\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-d68993c6291186b3:host:45.33.109.10\tSESSION-d68993c6291186b3 \u2192 host:45.33.109.10\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-9931d5e5bc996b57:host:172.234.197.23\tSESSION-9931d5e5bc996b57 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-19756d4907ce3f22:host:172.234.197.23\tSESSION-19756d4907ce3f22 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-51d7b5d9b2653285:host:45.61.133.121\tSESSION-51d7b5d9b2653285 \u2192 host:45.61.133.121\nFLOW_TO_HOSTOBS\te:to:SESSION-79a0413209e2baca:host:213.209.159.56\tSESSION-79a0413209e2baca \u2192 host:213.209.159.56\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-ddee689ce64bb7f1:host:172.232.0.17\tSESSION-ddee689ce64bb7f1 \u2192 host:172.232.0.17\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-79a0413209e2baca:host:172.234.197.23\tSESSION-79a0413209e2baca \u2192 host:172.234.197.23\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%\te:bsg:SESSION-65f53457d50be6fd:BSG-BEACON-f6c2b3d0e42d\tSESSION-65f53457d50be6fd \u2192 BSG-BEACON-f6c2b3d0e42d\nFLOW_DST_PORTOBS\te:fp:flow:39a4be8c95c8:port:udp:53\tflow:39a4be8c95c8 \u2192 port:udp:53\nFLOW_QUERIED_DNSOBS\te:fd:flow:d9cb873bff5c:dns:172-234-197-23.ip.linodeusercontent.com\tflow:d9cb873bff5c \u2192 dns:172-234-197-23.ip.linodeusercontent.com\nflow_observed5-aryOBS\te:fo:flow:8d08ea6ea9f9\tflow:8d08ea6ea9f9 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-2caeb7e5334aa4ca:flow:0f87fd9755d2\tSESSION-2caeb7e5334aa4ca \u2192 flow:0f87fd9755d2\nFLOW_TO_HOSTOBS\te:to:SESSION-65f53457d50be6fd:host:172.232.0.17\tSESSION-65f53457d50be6fd \u2192 host:172.232.0.17\nFLOW_FROM_HOSTOBS\te:from:SESSION-abc73843613ec20b:host:172.234.197.23\tSESSION-abc73843613ec20b \u2192 host:172.234.197.23\nASN_IN_ORGOBS 80%\te:ao:asn:4812:org:China Telecom Group\tasn:4812 \u2192 org:China Telecom Group\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-51919fc68b872311:host:66.228.53.78\tSESSION-51919fc68b872311 \u2192 host:66.228.53.78\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-63905cf2a7bf050e:flow:dd796c5d886d\tSESSION-63905cf2a7bf050e \u2192 flow:dd796c5d886d\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:81.29.142.50:geo_55.73860_37.60680\thost:81.29.142.50 \u2192 geo_55.73860_37.60680\nflow_observed5-aryOBS\te:fo:flow:796619995967\tflow:796619995967 \u2192 host:87.236.176.214 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nFLOW_FROM_HOSTOBS\te:from:SESSION-fa3c66e6c8c7cc27:host:87.236.176.214\tSESSION-fa3c66e6c8c7cc27 \u2192 host:87.236.176.214\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-eeb1578b9cc87ce2:PCAP:capture_20260506100001:1dcaef79479b\tSESSION-eeb1578b9cc87ce2 \u2192 PCAP:capture_20260506100001:1dcaef79479b\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:148.72.247.49:geo_1.29390_103.84610\thost:148.72.247.49 \u2192 geo_1.29390_103.84610\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:185.247.137.206:geo_51.50810_-0.12780\thost:185.247.137.206 \u2192 geo_51.50810_-0.12780\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:172.232.0.17:geo_41.88350_-87.63050\thost:172.232.0.17 \u2192 geo_41.88350_-87.63050\nFLOW_FROM_HOSTOBS\te:from:SESSION-34b2326f558473f5:host:89.190.156.78\tSESSION-34b2326f558473f5 \u2192 host:89.190.156.78\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-4b726f82be41475c:host:103.155.16.117\tSESSION-4b726f82be41475c \u2192 host:103.155.16.117\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-cb177f6b8a87aae0:flow:a9aa2ea13503\tSESSION-cb177f6b8a87aae0 \u2192 flow:a9aa2ea13503\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-5012aad9b09bf0eb:host:74.7.242.149\tSESSION-5012aad9b09bf0eb \u2192 host:74.7.242.149\nFLOW_TO_HOSTOBS\te:to:SESSION-441a69db47f1f67e:host:172.234.197.23\tSESSION-441a69db47f1f67e \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-63905cf2a7bf050e:host:172.234.197.23:host:172.232.0.17\tSESSION-63905cf2a7bf050e \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nFLOW_FROM_HOSTOBS\te:from:SESSION-f52f57c02498535b:host:172.234.197.23\tSESSION-f52f57c02498535b \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-4305e5b024f7a223:host:45.148.10.152\tSESSION-4305e5b024f7a223 \u2192 host:45.148.10.152\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-49abda6ad4a45bbb:flow:a6ea0602e5c3\tSESSION-49abda6ad4a45bbb \u2192 flow:a6ea0602e5c3\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-34b2326f558473f5:host:89.190.156.78\tSESSION-34b2326f558473f5 \u2192 host:89.190.156.78\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:74.7.242.172:geo_33.74850_-84.38710\thost:74.7.242.172 \u2192 geo_33.74850_-84.38710\nFLOW_FROM_HOSTOBS\te:from:SESSION-fcda3062255c0ddf:host:172.234.197.23\tSESSION-fcda3062255c0ddf \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-2aaccea6dccbc46a:SESSION-2aaccea6dccbc46a\tSESSION-2aaccea6dccbc46a \u2192 pe:dns:SESSION-2aaccea6dccbc46a\nFLOW_QUERIED_DNSOBS\te:fd:flow:69ea25c11391:dns:172-234-197-23.ip.linodeusercontent.com\tflow:69ea25c11391 \u2192 dns:172-234-197-23.ip.linodeusercontent.com\nFLOW_TO_HOSTOBS\te:to:SESSION-f0b8de3575b1c3f3:host:45.227.254.170\tSESSION-f0b8de3575b1c3f3 \u2192 host:45.227.254.170\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-7155cec198655999:host:172.234.197.23:host:172.232.0.17\tSESSION-7155cec198655999 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-4473489472864a95:host:172.232.0.17\tSESSION-4473489472864a95 \u2192 host:172.232.0.17\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-9921af6a5702b3bf:SESSION-9921af6a5702b3bf\tSESSION-9921af6a5702b3bf \u2192 pe:dns:SESSION-9921af6a5702b3bf\nFLOW_FROM_HOSTOBS\te:from:SESSION-45458b9765283300:host:74.7.243.19\tSESSION-45458b9765283300 \u2192 host:74.7.243.19\nFLOW_FROM_HOSTOBS\te:from:SESSION-51e53ba41d3daf57:host:185.247.137.6\tSESSION-51e53ba41d3daf57 \u2192 host:185.247.137.6\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-b9b9c8c14f596810:host:89.190.156.78:host:172.234.197.23\tSESSION-b9b9c8c14f596810 \u2192 host:89.190.156.78 \u2192 host:172.234.197.23\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:3.126.146.176:geo_50.11690_8.68370\thost:3.126.146.176 \u2192 geo_50.11690_8.68370\nFLOW_QUERIED_DNSOBS\te:fd:flow:1fc954fe1e5f:dns:172-234-197-23.ip.linodeusercontent.com\tflow:1fc954fe1e5f \u2192 dns:172-234-197-23.ip.linodeusercontent.com\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-34a7e03bf798caf5:host:180.167.128.203:host:172.234.197.23\tSESSION-34a7e03bf798caf5 \u2192 host:180.167.128.203 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-537b4787a5d32b32:host:172.232.0.17\tSESSION-537b4787a5d32b32 \u2192 host:172.232.0.17\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-00e01dcc7487e071:flow:fe381d2d7005\tSESSION-00e01dcc7487e071 \u2192 flow:fe381d2d7005\nFLOW_QUERIED_DNSOBS\te:fd:flow:7cc2d28880a5:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\tflow:7cc2d28880a5 \u2192 dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\nflow_observed4-aryOBS\te:fo:flow:f969770eb36a\tflow:f969770eb36a \u2192 host:45.178.249.135 \u2192 host:172.234.197.23 \u2192 port:tcp:23\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:45.227.254.170:geo_9.00000_-80.00000\thost:45.227.254.170 \u2192 geo_9.00000_-80.00000\nFLOW_DST_PORTOBS\te:fp:flow:4991c4ddcaed:port:udp:53\tflow:4991c4ddcaed \u2192 port:udp:53\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-b9b9c8c14f596810:host:89.190.156.78\tSESSION-b9b9c8c14f596810 \u2192 host:89.190.156.78\nFLOW_DST_PORTOBS\te:fp:flow:61ec9c17e8a7:port:udp:53\tflow:61ec9c17e8a7 \u2192 port:udp:53\nFLOW_TO_HOSTOBS\te:to:SESSION-fcda3062255c0ddf:host:92.118.39.235\tSESSION-fcda3062255c0ddf \u2192 host:92.118.39.235\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-ed10882d03a99e9f:host:172.234.197.23:host:45.227.254.170\tSESSION-ed10882d03a99e9f \u2192 host:172.234.197.23 \u2192 host:45.227.254.170\nFLOW_DST_PORTOBS\te:fp:flow:114a8ab669ec:port:udp:53\tflow:114a8ab669ec \u2192 port:udp:53\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-110d1ee95c8ccd23:host:172.234.197.23:host:104.194.149.41\tSESSION-110d1ee95c8ccd23 \u2192 host:172.234.197.23 \u2192 host:104.194.149.41\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-ea4986b0ffcf3593:host:74.7.243.62\tSESSION-ea4986b0ffcf3593 \u2192 host:74.7.243.62\nFLOW_TO_HOSTOBS\te:to:SESSION-5b5e9844e8d91210:host:92.118.39.235\tSESSION-5b5e9844e8d91210 \u2192 host:92.118.39.235\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-90d6ffa3c7df5be4:host:172.234.197.23\tSESSION-90d6ffa3c7df5be4 \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-2caeb7e5334aa4ca:host:106.107.248.155:host:172.234.197.23\tSESSION-2caeb7e5334aa4ca \u2192 host:106.107.248.155 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-fa3c66e6c8c7cc27:host:87.236.176.214\tSESSION-fa3c66e6c8c7cc27 \u2192 host:87.236.176.214\nflow_observed5-aryOBS\te:fo:flow:c5802a729475\tflow:c5802a729475 \u2192 host:45.33.109.10 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nflow_observed3-aryOBS\te:fo:flow:88cca16d0446\tflow:88cca16d0446 \u2192 host:183.202.141.98 \u2192 host:172.234.197.23\nflow_observed3-aryOBS\te:fo:flow:f51593dc9d13\tflow:f51593dc9d13 \u2192 host:103.25.56.113 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-4f93282fb27f899d:host:172.234.197.23\tSESSION-4f93282fb27f899d \u2192 host:172.234.197.23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-ee97936cb69b9d13:flow:7a3efc7c62c3\tSESSION-ee97936cb69b9d13 \u2192 flow:7a3efc7c62c3\nFLOW_TO_HOSTOBS\te:to:SESSION-c495d9e5ab9acfbc:host:172.232.0.17\tSESSION-c495d9e5ab9acfbc \u2192 host:172.232.0.17\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-03da2e7ddf212c4e:host:103.25.56.113\tSESSION-03da2e7ddf212c4e \u2192 host:103.25.56.113\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-28215304c7f8ba86:SESSION-28215304c7f8ba86\tSESSION-28215304c7f8ba86 \u2192 pe:tls:SESSION-28215304c7f8ba86\nflow_observed5-aryOBS\te:fo:flow:b8e6066fd4c7\tflow:b8e6066fd4c7 \u2192 host:45.33.109.10 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:104.194.149.41:geo_51.49640_-0.12240\thost:104.194.149.41 \u2192 geo_51.49640_-0.12240\nflow_observed3-aryOBS\te:fo:flow:b680ecde69ca\tflow:b680ecde69ca \u2192 host:103.155.16.117 \u2192 host:172.234.197.23\nFLOW_DST_PORTOBS\te:fp:flow:080ac7a1b45b:port:udp:53\tflow:080ac7a1b45b \u2192 port:udp:53\nFLOW_DST_PORTOBS\te:fp:flow:4f3d29822dfd:port:udp:53\tflow:4f3d29822dfd \u2192 port:udp:53\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-b45740c93fb46f4f:SESSION-b45740c93fb46f4f\tSESSION-b45740c93fb46f4f \u2192 pe:syn:SESSION-b45740c93fb46f4f\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-4390daf7eeef0d52:flow:39fd59b217e1\tSESSION-4390daf7eeef0d52 \u2192 flow:39fd59b217e1\nflow_observed5-aryOBS\te:fo:flow:61ec9c17e8a7\tflow:61ec9c17e8a7 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nFLOW_FROM_HOSTOBS\te:from:SESSION-c5aeac75f92d444f:host:162.214.75.117\tSESSION-c5aeac75f92d444f \u2192 host:162.214.75.117\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-0ee78febbe613cbe:PCAP:capture_20260506060001:f9f9110b5bb4\tSESSION-0ee78febbe613cbe \u2192 PCAP:capture_20260506060001:f9f9110b5bb4\nFLOW_DST_PORTOBS\te:fp:flow:23359d44f167:port:tcp:50248\tflow:23359d44f167 \u2192 port:tcp:50248\nflow_observed5-aryOBS\te:fo:flow:1da98017ced9\tflow:1da98017ced9 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-b45740c93fb46f4f:host:170.187.163.133\tSESSION-b45740c93fb46f4f \u2192 host:170.187.163.133\nFLOW_DST_PORTOBS\te:fp:flow:e7ea76711a78:port:tcp:443\tflow:e7ea76711a78 \u2192 port:tcp:443\nFLOW_DST_PORTOBS\te:fp:flow:79c7fa393fc0:port:tcp:22\tflow:79c7fa393fc0 \u2192 port:tcp:22\nFLOW_TO_HOSTOBS\te:to:SESSION-0f1fcc9050279648:host:172.234.197.23\tSESSION-0f1fcc9050279648 \u2192 host:172.234.197.23\nflow_observed4-aryOBS\te:fo:flow:de5fce5ad04d\tflow:de5fce5ad04d \u2192 host:172.234.197.23 \u2192 host:107.189.27.59 \u2192 port:tcp:57742\nflow_observed4-aryOBS\te:fo:flow:d9af8e073824\tflow:d9af8e073824 \u2192 host:172.234.197.23 \u2192 host:92.118.39.23 \u2192 port:tcp:26966\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-8f6eea3c975ecf64:host:172.234.197.23\tSESSION-8f6eea3c975ecf64 \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-8db7c39e7c6a0413:SESSION-8db7c39e7c6a0413\tSESSION-8db7c39e7c6a0413 \u2192 pe:tls:SESSION-8db7c39e7c6a0413\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-c041b784113284dc:SESSION-c041b784113284dc\tSESSION-c041b784113284dc \u2192 pe:dns:SESSION-c041b784113284dc\nflow_observed3-aryOBS\te:fo:flow:5817e49bd4d7\tflow:5817e49bd4d7 \u2192 host:18.153.49.6 \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-88032ac2aa7f41ae:host:172.234.197.23\tSESSION-88032ac2aa7f41ae \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-77c2b91a994d6b29:host:172.234.197.23\tSESSION-77c2b91a994d6b29 \u2192 host:172.234.197.23\nflow_observed5-aryOBS\te:fo:flow:c1c688f8cf4a\tflow:c1c688f8cf4a \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-2caeb7e5334aa4ca:PCAP:capture_20260506110001:db30e8f19576\tSESSION-2caeb7e5334aa4ca \u2192 PCAP:capture_20260506110001:db30e8f19576\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:45.148.10.157:geo_52.37590_4.89750\thost:45.148.10.157 \u2192 geo_52.37590_4.89750\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-f4f04d9d25e66b28:host:92.118.39.195\tSESSION-f4f04d9d25e66b28 \u2192 host:92.118.39.195\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-e0cca33290218eee:host:74.7.243.62\tSESSION-e0cca33290218eee \u2192 host:74.7.243.62\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-79b2777978dd27ca:SESSION-79b2777978dd27ca\tSESSION-79b2777978dd27ca \u2192 pe:dns:SESSION-79b2777978dd27ca\nFLOW_TO_HOSTOBS\te:to:SESSION-acef8d31e86c7acd:host:172.232.0.17\tSESSION-acef8d31e86c7acd \u2192 host:172.232.0.17\nFLOW_FROM_HOSTOBS\te:from:SESSION-003788b015d527cd:host:172.234.197.23\tSESSION-003788b015d527cd \u2192 host:172.234.197.23\nflow_observed4-aryOBS\te:fo:flow:a49d3770e270\tflow:a49d3770e270 \u2192 host:172.234.197.23 \u2192 host:45.148.10.152 \u2192 port:tcp:43722\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-c495d9e5ab9acfbc:SESSION-c495d9e5ab9acfbc\tSESSION-c495d9e5ab9acfbc \u2192 pe:dns:SESSION-c495d9e5ab9acfbc\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-464991c3566dab39:host:63.179.136.145:host:172.234.197.23\tSESSION-464991c3566dab39 \u2192 host:63.179.136.145 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-47a5cb6f1c89acd9:PCAP:capture_20260506100001:1dcaef79479b\tSESSION-47a5cb6f1c89acd9 \u2192 PCAP:capture_20260506100001:1dcaef79479b\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-06f3798479e59b72:flow:a49d3770e270\tSESSION-06f3798479e59b72 \u2192 flow:a49d3770e270\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-93717221407cc62b:host:172.234.197.23\tSESSION-93717221407cc62b \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-9931d5e5bc996b57:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-9931d5e5bc996b57 \u2192 PCAP:capture_20260506130001:193918cc1ff8\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-d92c82faf3e575a2:flow:a7ad13b94d62\tSESSION-d92c82faf3e575a2 \u2192 flow:a7ad13b94d62\nflow_observed4-aryOBS\te:fo:flow:a4aa40b777fd\tflow:a4aa40b777fd \u2192 host:172.234.197.23 \u2192 host:5.34.178.101 \u2192 port:tcp:52976\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-608e54dcb808ad4f:flow:0f567f8a82dd\tSESSION-608e54dcb808ad4f \u2192 flow:0f567f8a82dd\nFLOW_DST_PORTOBS\te:fp:flow:e49bf2972d42:port:udp:53\tflow:e49bf2972d42 \u2192 port:udp:53\nASN_IN_ORGOBS 80%\te:ao:asn:46606:org:Unified Layer\tasn:46606 \u2192 org:Unified Layer\nFLOW_TO_HOSTOBS\te:to:SESSION-bf2258c4de57eec3:host:92.118.39.23\tSESSION-bf2258c4de57eec3 \u2192 host:92.118.39.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-537b4787a5d32b32:host:172.234.197.23:host:172.232.0.17\tSESSION-537b4787a5d32b32 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nflow_observed5-aryOBS\te:fo:flow:c81b3731a7ee\tflow:c81b3731a7ee \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-183409131ad9123b:host:172.234.197.23\tSESSION-183409131ad9123b \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-afea5cf8af463adc:SESSION-afea5cf8af463adc\tSESSION-afea5cf8af463adc \u2192 pe:tls:SESSION-afea5cf8af463adc\nFLOW_FROM_HOSTOBS\te:from:SESSION-ee97936cb69b9d13:host:46.151.178.13\tSESSION-ee97936cb69b9d13 \u2192 host:46.151.178.13\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-b9cb91009e614d5f:PCAP:capture_20260506120001:ed45599fcb5b\tSESSION-b9cb91009e614d5f \u2192 PCAP:capture_20260506120001:ed45599fcb5b\nflow_observed5-aryOBS\te:fo:flow:469687814548\tflow:469687814548 \u2192 host:46.151.178.13 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-fa3c66e6c8c7cc27:host:87.236.176.214:host:172.234.197.23\tSESSION-fa3c66e6c8c7cc27 \u2192 host:87.236.176.214 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-bae5bc563a407479:PCAP:capture_20260506110001:db30e8f19576\tSESSION-bae5bc563a407479 \u2192 PCAP:capture_20260506110001:db30e8f19576\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-cc57470cff674b4d:SESSION-cc57470cff674b4d\tSESSION-cc57470cff674b4d \u2192 pe:rst:SESSION-cc57470cff674b4d\nflow_observed3-aryOBS\te:fo:flow:932b37022a67\tflow:932b37022a67 \u2192 host:103.155.16.117 \u2192 host:172.234.197.23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-7549dce926e94eea:flow:df64d227b047\tSESSION-7549dce926e94eea \u2192 flow:df64d227b047\nFLOW_TO_HOSTOBS\te:to:SESSION-7549dce926e94eea:host:172.234.197.23\tSESSION-7549dce926e94eea \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-4473489472864a95:host:172.234.197.23\tSESSION-4473489472864a95 \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-47a5cb6f1c89acd9:host:103.155.16.117:host:172.234.197.23\tSESSION-47a5cb6f1c89acd9 \u2192 host:103.155.16.117 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-a13a17be1b938278:host:172.234.197.23\tSESSION-a13a17be1b938278 \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-49ed4f4a29cfb6b3:host:172.234.197.23:host:172.232.0.17\tSESSION-49ed4f4a29cfb6b3 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-ddee689ce64bb7f1:PCAP:capture_20260506090001:f14948ae9de4\tSESSION-ddee689ce64bb7f1 \u2192 PCAP:capture_20260506090001:f14948ae9de4\nFLOW_DST_PORTOBS\te:fp:flow:a527250caa23:port:tcp:22\tflow:a527250caa23 \u2192 port:tcp:22\nFLOW_FROM_HOSTOBS\te:from:SESSION-5012aad9b09bf0eb:host:74.7.242.149\tSESSION-5012aad9b09bf0eb \u2192 host:74.7.242.149\nFLOW_FROM_HOSTOBS\te:from:SESSION-d65a73ebc3ea4bbf:host:172.234.197.23\tSESSION-d65a73ebc3ea4bbf \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-547dd5952328fc79:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-547dd5952328fc79 \u2192 PCAP:capture_20260506130001:193918cc1ff8\nflow_observed5-aryOBS\te:fo:flow:04542ba83818\tflow:04542ba83818 \u2192 host:45.33.109.10 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-4390daf7eeef0d52:host:172.234.197.23:host:172.232.0.17\tSESSION-4390daf7eeef0d52 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-ea4986b0ffcf3593:flow:7a42c8b90c61\tSESSION-ea4986b0ffcf3593 \u2192 flow:7a42c8b90c61\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%\te:bsg:SESSION-9921af6a5702b3bf:BSG-BEACON-f6c2b3d0e42d\tSESSION-9921af6a5702b3bf \u2192 BSG-BEACON-f6c2b3d0e42d\nflow_observed3-aryOBS\te:fo:flow:aaf2c7b4d443\tflow:aaf2c7b4d443 \u2192 host:103.155.16.117 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-49abda6ad4a45bbb:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-49abda6ad4a45bbb \u2192 PCAP:capture_20260506130001:193918cc1ff8\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-f4f04d9d25e66b28:SESSION-f4f04d9d25e66b28\tSESSION-f4f04d9d25e66b28 \u2192 pe:rst:SESSION-f4f04d9d25e66b28\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-e25260d84d1899f3:SESSION-e25260d84d1899f3\tSESSION-e25260d84d1899f3 \u2192 pe:dns:SESSION-e25260d84d1899f3\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-d05fb923cf4a0ee4:host:45.33.109.10:host:172.234.197.23\tSESSION-d05fb923cf4a0ee4 \u2192 host:45.33.109.10 \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-0508ecf5fca31f9f:host:3.126.146.176:host:172.234.197.23\tSESSION-0508ecf5fca31f9f \u2192 host:3.126.146.176 \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-7f858f15c17e12f2:SESSION-7f858f15c17e12f2\tSESSION-7f858f15c17e12f2 \u2192 pe:tls:SESSION-7f858f15c17e12f2\nFLOW_DST_PORTOBS\te:fp:flow:c2c154dd91a3:port:tcp:22\tflow:c2c154dd91a3 \u2192 port:tcp:22\nFLOW_TO_HOSTOBS\te:to:SESSION-e96b201766459115:host:172.234.197.23\tSESSION-e96b201766459115 \u2192 host:172.234.197.23\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%\te:bsg:SESSION-e7ce4665dfa45d3c:BSG-BEACON-f6c2b3d0e42d\tSESSION-e7ce4665dfa45d3c \u2192 BSG-BEACON-f6c2b3d0e42d\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-eda5f2c165ee908a:PCAP:capture_20260506060001:f9f9110b5bb4\tSESSION-eda5f2c165ee908a \u2192 PCAP:capture_20260506060001:f9f9110b5bb4\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-64cf3cf6299680da:flow:d9cbf99a4686\tSESSION-64cf3cf6299680da \u2192 flow:d9cbf99a4686\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-7155cec198655999:flow:d9cb873bff5c\tSESSION-7155cec198655999 \u2192 flow:d9cb873bff5c\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-0086120f9ffcd7cf:host:172.234.197.23\tSESSION-0086120f9ffcd7cf \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-7a22528435ec40e3:host:172.234.197.23\tSESSION-7a22528435ec40e3 \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-613308d4fce0daf0:host:5.181.20.206:host:172.234.197.23\tSESSION-613308d4fce0daf0 \u2192 host:5.181.20.206 \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-7a22528435ec40e3:host:172.234.197.23:host:172.232.0.17\tSESSION-7a22528435ec40e3 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-c0f54da92702e4ac:host:172.234.197.23\tSESSION-c0f54da92702e4ac \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-7a22528435ec40e3:PCAP:capture_20260506110001:db30e8f19576\tSESSION-7a22528435ec40e3 \u2192 PCAP:capture_20260506110001:db30e8f19576\nflow_observed5-aryOBS\te:fo:flow:d9cb873bff5c\tflow:d9cb873bff5c \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nFLOW_TO_HOSTOBS\te:to:SESSION-34b2326f558473f5:host:172.234.197.23\tSESSION-34b2326f558473f5 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-d68993c6291186b3:host:172.234.197.23\tSESSION-d68993c6291186b3 \u2192 host:172.234.197.23\nFLOW_DST_PORTOBS\te:fp:flow:e903432acbba:port:udp:53\tflow:e903432acbba \u2192 port:udp:53\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-63905cf2a7bf050e:host:172.234.197.23\tSESSION-63905cf2a7bf050e \u2192 host:172.234.197.23\nFLOW_DST_PORTOBS\te:fp:flow:d9cbf99a4686:port:tcp:26966\tflow:d9cbf99a4686 \u2192 port:tcp:26966\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-1b2f39e4e24dfa1e:host:172.234.197.23\tSESSION-1b2f39e4e24dfa1e \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-65f53457d50be6fd:SESSION-65f53457d50be6fd\tSESSION-65f53457d50be6fd \u2192 pe:dns:SESSION-65f53457d50be6fd\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-64cf3cf6299680da:host:172.234.197.23:host:92.118.39.23\tSESSION-64cf3cf6299680da \u2192 host:172.234.197.23 \u2192 host:92.118.39.23\nflow_observed5-aryOBS\te:fo:flow:69ea25c11391\tflow:69ea25c11391 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-003788b015d527cd:flow:73ae520c0fe3\tSESSION-003788b015d527cd \u2192 flow:73ae520c0fe3\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-d68993c6291186b3:SESSION-d68993c6291186b3\tSESSION-d68993c6291186b3 \u2192 pe:rst:SESSION-d68993c6291186b3\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-00e01dcc7487e071:host:172.234.197.23\tSESSION-00e01dcc7487e071 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-547dd5952328fc79:host:172.234.197.23\tSESSION-547dd5952328fc79 \u2192 host:172.234.197.23\nflow_observed5-aryOBS\te:fo:flow:1b8efe77f1d2\tflow:1b8efe77f1d2 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-a0b2525ee823a3ef:SESSION-a0b2525ee823a3ef\tSESSION-a0b2525ee823a3ef \u2192 pe:syn:SESSION-a0b2525ee823a3ef\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-8f6eea3c975ecf64:PCAP:capture_20260506090001:f14948ae9de4\tSESSION-8f6eea3c975ecf64 \u2192 PCAP:capture_20260506090001:f14948ae9de4\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-e0cca33290218eee:host:74.7.243.62:host:172.234.197.23\tSESSION-e0cca33290218eee \u2192 host:74.7.243.62 \u2192 host:172.234.197.23\nFLOW_DST_PORTOBS\te:fp:flow:6e2a85228dbb:port:udp:53\tflow:6e2a85228dbb \u2192 port:udp:53\nFLOW_FROM_HOSTOBS\te:from:SESSION-60d15048f5022601:host:34.198.2.0\tSESSION-60d15048f5022601 \u2192 host:34.198.2.0\nFLOW_FROM_HOSTOBS\te:from:SESSION-7f858f15c17e12f2:host:172.234.197.23\tSESSION-7f858f15c17e12f2 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-5b5e9844e8d91210:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-5b5e9844e8d91210 \u2192 PCAP:capture_20260506130001:193918cc1ff8\nFLOW_FROM_HOSTOBS\te:from:SESSION-4f726ca0d8d8e058:host:172.234.197.23\tSESSION-4f726ca0d8d8e058 \u2192 host:172.234.197.23\nFLOW_DST_PORTOBS\te:fp:flow:fd171cb16a1a:port:tcp:58020\tflow:fd171cb16a1a \u2192 port:tcp:58020\nHOST_IN_ASNOBS 85%\te:ha:host:74.7.243.62:asn:8075\thost:74.7.243.62 \u2192 asn:8075\nHOST_IN_ASNOBS 85%\te:ha:host:5.34.178.101:asn:8254\thost:5.34.178.101 \u2192 asn:8254\nFLOW_TO_HOSTOBS\te:to:SESSION-0086120f9ffcd7cf:host:192.119.111.204\tSESSION-0086120f9ffcd7cf \u2192 host:192.119.111.204\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-e96b201766459115:SESSION-e96b201766459115\tSESSION-e96b201766459115 \u2192 pe:syn:SESSION-e96b201766459115\nFLOW_QUERIED_DNSOBS\te:fd:flow:1b4a85eb6bc1:dns:wpcodeusage.com\tflow:1b4a85eb6bc1 \u2192 dns:wpcodeusage.com\nFLOW_DST_PORTOBS\te:fp:flow:4c12feb7d691:port:udp:53\tflow:4c12feb7d691 \u2192 port:udp:53\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-60d15048f5022601:PCAP:capture_20260506030001:5cc356b1b859\tSESSION-60d15048f5022601 \u2192 PCAP:capture_20260506030001:5cc356b1b859\nflow_observed5-aryOBS\te:fo:flow:288b4666fe88\tflow:288b4666fe88 \u2192 host:45.227.254.170 \u2192 host:172.234.197.23 \u2192 port:tcp:22 \u2192 svc:ssh\nflow_observed5-aryOBS\te:fo:flow:1119d003b239\tflow:1119d003b239 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-7a22528435ec40e3:flow:7cc2d28880a5\tSESSION-7a22528435ec40e3 \u2192 flow:7cc2d28880a5\nFLOW_DST_PORTOBS\te:fp:flow:bb6249832db5:port:tcp:443\tflow:bb6249832db5 \u2192 port:tcp:443\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-d65a73ebc3ea4bbf:PCAP:capture_20260506070001:142364cf903b\tSESSION-d65a73ebc3ea4bbf \u2192 PCAP:capture_20260506070001:142364cf903b\nFLOW_TO_HOSTOBS\te:to:SESSION-7f858f15c17e12f2:host:107.189.27.59\tSESSION-7f858f15c17e12f2 \u2192 host:107.189.27.59\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-8f55e302ff5e6c0d:host:51.224.145.102:host:172.234.197.23\tSESSION-8f55e302ff5e6c0d \u2192 host:51.224.145.102 \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-93717221407cc62b:host:172.234.197.23:host:2.57.122.196\tSESSION-93717221407cc62b \u2192 host:172.234.197.23 \u2192 host:2.57.122.196\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-06f3798479e59b72:host:172.234.197.23:host:45.148.10.152\tSESSION-06f3798479e59b72 \u2192 host:172.234.197.23 \u2192 host:45.148.10.152\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-e123b6403f799b1d:PCAP:capture_20260506040001:e9f965e38ce8\tSESSION-e123b6403f799b1d \u2192 PCAP:capture_20260506040001:e9f965e38ce8\nflow_observed5-aryOBS\te:fo:flow:080ac7a1b45b\tflow:080ac7a1b45b \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nFLOW_TO_HOSTOBS\te:to:SESSION-d92c82faf3e575a2:host:172.234.197.23\tSESSION-d92c82faf3e575a2 \u2192 host:172.234.197.23\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:74.7.243.62:geo_33.74850_-84.38710\thost:74.7.243.62 \u2192 geo_33.74850_-84.38710\nFLOW_FROM_HOSTOBS\te:from:SESSION-51d7f2698b47beca:host:18.153.49.6\tSESSION-51d7f2698b47beca \u2192 host:18.153.49.6\nFLOW_TO_HOSTOBS\te:to:SESSION-d65a73ebc3ea4bbf:host:2.57.122.193\tSESSION-d65a73ebc3ea4bbf \u2192 host:2.57.122.193\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-e9d6c100dac5ff40:host:213.209.159.56\tSESSION-e9d6c100dac5ff40 \u2192 host:213.209.159.56\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-48df9718fdcf0dd4:host:172.234.197.23:host:70.54.182.130\tSESSION-48df9718fdcf0dd4 \u2192 host:172.234.197.23 \u2192 host:70.54.182.130\nFLOW_FROM_HOSTOBS\te:from:SESSION-e07ada5095ddfcf9:host:172.234.197.23\tSESSION-e07ada5095ddfcf9 \u2192 host:172.234.197.23\nFLOW_DST_PORTOBS\te:fp:flow:38ed5ae17f18:port:udp:53\tflow:38ed5ae17f18 \u2192 port:udp:53\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-64cf3cf6299680da:PCAP:capture_20260506040001:e9f965e38ce8\tSESSION-64cf3cf6299680da \u2192 PCAP:capture_20260506040001:e9f965e38ce8\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-60c9f814ed617fcc:host:45.148.10.157:host:172.234.197.23\tSESSION-60c9f814ed617fcc \u2192 host:45.148.10.157 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-e96b201766459115:host:45.33.109.10\tSESSION-e96b201766459115 \u2192 host:45.33.109.10\nHOST_IN_ASNOBS 85%\te:ha:host:45.156.87.254:asn:51396\thost:45.156.87.254 \u2192 asn:51396\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-062c72215e61d30f:host:91.204.208.35\tSESSION-062c72215e61d30f \u2192 host:91.204.208.35\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-386b135d546c92f7:host:103.81.111.187\tSESSION-386b135d546c92f7 \u2192 host:103.81.111.187\nFLOW_QUERIED_DNSOBS\te:fd:flow:823309092ce5:dns:172-234-197-23.ip.linodeusercontent.com\tflow:823309092ce5 \u2192 dns:172-234-197-23.ip.linodeusercontent.com\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-60d15048f5022601:host:34.198.2.0\tSESSION-60d15048f5022601 \u2192 host:34.198.2.0\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-d65a73ebc3ea4bbf:host:172.234.197.23:host:2.57.122.193\tSESSION-d65a73ebc3ea4bbf \u2192 host:172.234.197.23 \u2192 host:2.57.122.193\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-2caeb7e5334aa4ca:host:106.107.248.155\tSESSION-2caeb7e5334aa4ca \u2192 host:106.107.248.155\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-f05eefe35c8f9a76:host:2.57.122.194\tSESSION-f05eefe35c8f9a76 \u2192 host:2.57.122.194\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-cb177f6b8a87aae0:SESSION-cb177f6b8a87aae0\tSESSION-cb177f6b8a87aae0 \u2192 pe:syn:SESSION-cb177f6b8a87aae0\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-f0b8de3575b1c3f3:PCAP:capture_20260506060001:f9f9110b5bb4\tSESSION-f0b8de3575b1c3f3 \u2192 PCAP:capture_20260506060001:f9f9110b5bb4\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%\te:bsg:SESSION-0ee78febbe613cbe:BSG-BEACON-a8a8c3c8a37f\tSESSION-0ee78febbe613cbe \u2192 BSG-BEACON-a8a8c3c8a37f\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-f57befbbc9509b01:SESSION-f57befbbc9509b01\tSESSION-f57befbbc9509b01 \u2192 pe:dns:SESSION-f57befbbc9509b01\nFLOW_FROM_HOSTOBS\te:from:SESSION-4b726f82be41475c:host:103.155.16.117\tSESSION-4b726f82be41475c \u2192 host:103.155.16.117\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-51d7f2698b47beca:host:18.153.49.6:host:172.234.197.23\tSESSION-51d7f2698b47beca \u2192 host:18.153.49.6 \u2192 host:172.234.197.23\nFLOW_DST_PORTOBS\te:fp:flow:4d30fbc2be96:port:tcp:40232\tflow:4d30fbc2be96 \u2192 port:tcp:40232\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-b45740c93fb46f4f:flow:77a0f3565630\tSESSION-b45740c93fb46f4f \u2192 flow:77a0f3565630\nflow_observed4-aryOBS\te:fo:flow:2dba1bb6c758\tflow:2dba1bb6c758 \u2192 host:172.234.197.23 \u2192 host:2.57.122.194 \u2192 port:tcp:37168\nflow_observed4-aryOBS\te:fo:flow:eb8627c18ed1\tflow:eb8627c18ed1 \u2192 host:172.234.197.23 \u2192 host:107.189.27.59 \u2192 port:tcp:57742\nFLOW_TO_HOSTOBS\te:to:SESSION-e123b6403f799b1d:host:172.234.197.23\tSESSION-e123b6403f799b1d \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-51919fc68b872311:host:66.228.53.78:host:172.234.197.23\tSESSION-51919fc68b872311 \u2192 host:66.228.53.78 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-e25260d84d1899f3:host:172.234.197.23\tSESSION-e25260d84d1899f3 \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-386b135d546c92f7:host:172.234.197.23\tSESSION-386b135d546c92f7 \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-93087fea180212af:host:172.234.197.23:host:2.57.122.196\tSESSION-93087fea180212af \u2192 host:172.234.197.23 \u2192 host:2.57.122.196\nFLOW_DST_PORTOBS\te:fp:flow:7a63b783bb1f:port:udp:53\tflow:7a63b783bb1f \u2192 port:udp:53\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-fa3c66e6c8c7cc27:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-fa3c66e6c8c7cc27 \u2192 PCAP:capture_20260506130001:193918cc1ff8\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%\te:bsg:SESSION-9b63d3522aab6528:BSG-BEACON-f6c2b3d0e42d\tSESSION-9b63d3522aab6528 \u2192 BSG-BEACON-f6c2b3d0e42d\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-ee97936cb69b9d13:SESSION-ee97936cb69b9d13\tSESSION-ee97936cb69b9d13 \u2192 pe:rst:SESSION-ee97936cb69b9d13\nFLOW_FROM_HOSTOBS\te:from:SESSION-ea4986b0ffcf3593:host:74.7.243.62\tSESSION-ea4986b0ffcf3593 \u2192 host:74.7.243.62\nFLOW_FROM_HOSTOBS\te:from:SESSION-f4f04d9d25e66b28:host:172.234.197.23\tSESSION-f4f04d9d25e66b28 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-2801fe3d7a774cf5:host:172.234.197.23\tSESSION-2801fe3d7a774cf5 \u2192 host:172.234.197.23\nFLOW_DST_PORTOBS\te:fp:flow:cb23a9fa002c:port:tcp:443\tflow:cb23a9fa002c \u2192 port:tcp:443\nFLOW_FROM_HOSTOBS\te:from:SESSION-9b63d3522aab6528:host:172.234.197.23\tSESSION-9b63d3522aab6528 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-308a7d658a499624:host:81.29.142.50\tSESSION-308a7d658a499624 \u2192 host:81.29.142.50\nFLOW_TO_HOSTOBS\te:to:SESSION-1b2f39e4e24dfa1e:host:172.234.197.23\tSESSION-1b2f39e4e24dfa1e \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-60c9f814ed617fcc:host:172.234.197.23\tSESSION-60c9f814ed617fcc \u2192 host:172.234.197.23\nflow_observed4-aryOBS\te:fo:flow:745e7e633b46\tflow:745e7e633b46 \u2192 host:172.234.197.23 \u2192 host:192.119.111.204 \u2192 port:tcp:60604\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-062c72215e61d30f:PCAP:capture_20260506120001:ed45599fcb5b\tSESSION-062c72215e61d30f \u2192 PCAP:capture_20260506120001:ed45599fcb5b\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-1f294c1fb71330bd:host:172.232.0.17\tSESSION-1f294c1fb71330bd \u2192 host:172.232.0.17\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-ee97936cb69b9d13:PCAP:capture_20260506060001:f9f9110b5bb4\tSESSION-ee97936cb69b9d13 \u2192 PCAP:capture_20260506060001:f9f9110b5bb4\nHOST_IN_ASNOBS 85%\te:ha:host:148.72.247.49:asn:26496\thost:148.72.247.49 \u2192 asn:26496\nFLOW_FROM_HOSTOBS\te:from:SESSION-a6bd6f290a9108c0:host:91.204.208.35\tSESSION-a6bd6f290a9108c0 \u2192 host:91.204.208.35\nHOST_IN_ASNOBS 85%\te:ha:host:195.123.246.80:asn:204957\thost:195.123.246.80 \u2192 asn:204957\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-03da2e7ddf212c4e:host:172.234.197.23\tSESSION-03da2e7ddf212c4e \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-4f726ca0d8d8e058:PCAP:capture_20260506120001:ed45599fcb5b\tSESSION-4f726ca0d8d8e058 \u2192 PCAP:capture_20260506120001:ed45599fcb5b\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:74.7.175.174:geo_33.74850_-84.38710\thost:74.7.175.174 \u2192 geo_33.74850_-84.38710\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-51e53ba41d3daf57:SESSION-51e53ba41d3daf57\tSESSION-51e53ba41d3daf57 \u2192 pe:syn:SESSION-51e53ba41d3daf57\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-ec3a8cbc58b1e5f2:flow:c3dc2fae803e\tSESSION-ec3a8cbc58b1e5f2 \u2192 flow:c3dc2fae803e\nFLOW_DST_PORTOBS\te:fp:flow:04542ba83818:port:tcp:443\tflow:04542ba83818 \u2192 port:tcp:443\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-2801fe3d7a774cf5:host:172.234.197.23:host:45.153.34.112\tSESSION-2801fe3d7a774cf5 \u2192 host:172.234.197.23 \u2192 host:45.153.34.112\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-c5aeac75f92d444f:PCAP:capture_20260506090001:f14948ae9de4\tSESSION-c5aeac75f92d444f \u2192 PCAP:capture_20260506090001:f14948ae9de4\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-a0b2525ee823a3ef:host:172.234.197.23\tSESSION-a0b2525ee823a3ef \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-bf2258c4de57eec3:host:172.234.197.23\tSESSION-bf2258c4de57eec3 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-93087fea180212af:PCAP:capture_20260506110001:db30e8f19576\tSESSION-93087fea180212af \u2192 PCAP:capture_20260506110001:db30e8f19576\nflow_observed5-aryOBS\te:fo:flow:dbaf0481482c\tflow:dbaf0481482c \u2192 host:89.190.156.78 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nFLOW_TO_HOSTOBS\te:to:SESSION-2afb3b9c44db3352:host:172.232.0.17\tSESSION-2afb3b9c44db3352 \u2192 host:172.232.0.17\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-0ee78febbe613cbe:host:103.155.16.117:host:172.234.197.23\tSESSION-0ee78febbe613cbe \u2192 host:103.155.16.117 \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-e07ada5095ddfcf9:host:172.234.197.23:host:45.153.34.112\tSESSION-e07ada5095ddfcf9 \u2192 host:172.234.197.23 \u2192 host:45.153.34.112\nHOST_IN_ASNOBS 85%\te:ha:host:74.7.242.172:asn:8075\thost:74.7.242.172 \u2192 asn:8075\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-4390daf7eeef0d52:host:172.234.197.23\tSESSION-4390daf7eeef0d52 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-e3fc51c5a9708a6d:host:172.232.0.17\tSESSION-e3fc51c5a9708a6d \u2192 host:172.232.0.17\nFLOW_TLS_SNIOBS\te:fs:flow:8d353e4da0fd:tls_sni:172-234-197-23.ip.linodeusercontent.com\tflow:8d353e4da0fd \u2192 tls_sni:172-234-197-23.ip.linodeusercontent.com\nASN_IN_ORGOBS 80%\te:ao:asn:16509:org:Amazon.com, Inc.\tasn:16509 \u2192 org:Amazon.com, Inc.\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-c495d9e5ab9acfbc:host:172.234.197.23:host:172.232.0.17\tSESSION-c495d9e5ab9acfbc \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nFLOW_FROM_HOSTOBS\te:from:SESSION-48df9718fdcf0dd4:host:172.234.197.23\tSESSION-48df9718fdcf0dd4 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-d05fb923cf4a0ee4:host:172.234.197.23\tSESSION-d05fb923cf4a0ee4 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-8f55e302ff5e6c0d:PCAP:capture_20260506140001:5d47d72c8963\tSESSION-8f55e302ff5e6c0d \u2192 PCAP:capture_20260506140001:5d47d72c8963\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-e9d6c100dac5ff40:flow:20083810e797\tSESSION-e9d6c100dac5ff40 \u2192 flow:20083810e797\nFLOW_TO_HOSTOBS\te:to:SESSION-60d15048f5022601:host:172.234.197.23\tSESSION-60d15048f5022601 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-9273bd2df9f7c64b:host:172.234.197.23\tSESSION-9273bd2df9f7c64b \u2192 host:172.234.197.23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-0086120f9ffcd7cf:flow:745e7e633b46\tSESSION-0086120f9ffcd7cf \u2192 flow:745e7e633b46\nFLOW_FROM_HOSTOBS\te:from:SESSION-34a7e03bf798caf5:host:180.167.128.203\tSESSION-34a7e03bf798caf5 \u2192 host:180.167.128.203\nFLOW_TO_HOSTOBS\te:to:SESSION-48b1abbe41658d68:host:195.211.96.85\tSESSION-48b1abbe41658d68 \u2192 host:195.211.96.85\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-e123b6403f799b1d:SESSION-e123b6403f799b1d\tSESSION-e123b6403f799b1d \u2192 pe:tls:SESSION-e123b6403f799b1d\nFLOW_DST_PORTOBS\te:fp:flow:6c52770a5a7c:port:tcp:443\tflow:6c52770a5a7c \u2192 port:tcp:443\nFLOW_TLS_SNIOBS\te:fs:flow:cb23a9fa002c:tls_sni:172-234-197-23.ip.linodeusercontent.com\tflow:cb23a9fa002c \u2192 tls_sni:172-234-197-23.ip.linodeusercontent.com\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-90d6ffa3c7df5be4:PCAP:capture_20260506060001:f9f9110b5bb4\tSESSION-90d6ffa3c7df5be4 \u2192 PCAP:capture_20260506060001:f9f9110b5bb4\nFLOW_TO_HOSTOBS\te:to:SESSION-d68993c6291186b3:host:172.234.197.23\tSESSION-d68993c6291186b3 \u2192 host:172.234.197.23\nASN_IN_ORGOBS 80%\te:ao:asn:8075:org:Microsoft Corporation\tasn:8075 \u2192 org:Microsoft Corporation\nFLOW_TLS_SNIOBS\te:fs:flow:63ff435747ca:tls_sni:172-234-197-23.ip.linodeusercontent.com\tflow:63ff435747ca \u2192 tls_sni:172-234-197-23.ip.linodeusercontent.com\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-5012aad9b09bf0eb:PCAP:capture_20260506090001:f14948ae9de4\tSESSION-5012aad9b09bf0eb \u2192 PCAP:capture_20260506090001:f14948ae9de4\nFLOW_FROM_HOSTOBS\te:from:SESSION-eeb1578b9cc87ce2:host:172.234.197.23\tSESSION-eeb1578b9cc87ce2 \u2192 host:172.234.197.23\nflow_observed5-aryOBS\te:fo:flow:1fc954fe1e5f\tflow:1fc954fe1e5f \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-ff5fd6c4007b2145:host:172.234.197.23:host:185.125.190.56\tSESSION-ff5fd6c4007b2145 \u2192 host:172.234.197.23 \u2192 host:185.125.190.56\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-28215304c7f8ba86:host:172.234.197.23\tSESSION-28215304c7f8ba86 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-02436cab82ff2be9:PCAP:capture_20260506110001:db30e8f19576\tSESSION-02436cab82ff2be9 \u2192 PCAP:capture_20260506110001:db30e8f19576\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-b45740c93fb46f4f:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-b45740c93fb46f4f \u2192 PCAP:capture_20260506130001:193918cc1ff8\nHOST_IN_ASNOBS 85%\te:ha:host:103.155.16.117:asn:138915\thost:103.155.16.117 \u2192 asn:138915\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-c79e5eebc4868479:host:103.155.16.117\tSESSION-c79e5eebc4868479 \u2192 host:103.155.16.117\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:106.107.248.155:geo_24.14400_120.68440\thost:106.107.248.155 \u2192 geo_24.14400_120.68440\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-3edcaa2f576ed9ad:host:172.234.197.23\tSESSION-3edcaa2f576ed9ad \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-e0cca33290218eee:host:172.234.197.23\tSESSION-e0cca33290218eee \u2192 host:172.234.197.23\nHOST_IN_ASNOBS 85%\te:ha:host:70.54.182.130:asn:577\thost:70.54.182.130 \u2192 asn:577\nflow_observed4-aryOBS\te:fo:flow:0f567f8a82dd\tflow:0f567f8a82dd \u2192 host:172.234.197.23 \u2192 host:104.194.149.41 \u2192 port:tcp:59950\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-f0b8de3575b1c3f3:SESSION-f0b8de3575b1c3f3\tSESSION-f0b8de3575b1c3f3 \u2192 pe:rst:SESSION-f0b8de3575b1c3f3\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-4305e5b024f7a223:SESSION-4305e5b024f7a223\tSESSION-4305e5b024f7a223 \u2192 pe:rst:SESSION-4305e5b024f7a223\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-ddee689ce64bb7f1:host:172.234.197.23\tSESSION-ddee689ce64bb7f1 \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-ddee689ce64bb7f1:SESSION-ddee689ce64bb7f1\tSESSION-ddee689ce64bb7f1 \u2192 pe:dns:SESSION-ddee689ce64bb7f1\nFLOW_TO_HOSTOBS\te:to:SESSION-b868bf37bed38f15:host:192.119.111.204\tSESSION-b868bf37bed38f15 \u2192 host:192.119.111.204\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-3edcaa2f576ed9ad:SESSION-3edcaa2f576ed9ad\tSESSION-3edcaa2f576ed9ad \u2192 pe:syn:SESSION-3edcaa2f576ed9ad\nFLOW_TO_HOSTOBS\te:to:SESSION-3657adb5f65190d3:host:172.234.197.23\tSESSION-3657adb5f65190d3 \u2192 host:172.234.197.23\nFLOW_DST_PORTOBS\te:fp:flow:2728835a14a6:port:tcp:22\tflow:2728835a14a6 \u2192 port:tcp:22\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-e96b201766459115:flow:b8e6066fd4c7\tSESSION-e96b201766459115 \u2192 flow:b8e6066fd4c7\nHOST_IN_ASNOBS 85%\te:ha:host:185.247.137.6:asn:211298\thost:185.247.137.6 \u2192 asn:211298\nFLOW_QUERIED_DNSOBS\te:fd:flow:6568cd0686fe:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\tflow:6568cd0686fe \u2192 dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\nFLOW_TO_HOSTOBS\te:to:SESSION-51d7b5d9b2653285:host:172.234.197.23\tSESSION-51d7b5d9b2653285 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-dd0bfa1ac17855c2:host:172.234.197.23\tSESSION-dd0bfa1ac17855c2 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-2caeb7e5334aa4ca:host:172.234.197.23\tSESSION-2caeb7e5334aa4ca \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-88b7a3fbe4aa9c73:SESSION-88b7a3fbe4aa9c73\tSESSION-88b7a3fbe4aa9c73 \u2192 pe:tls:SESSION-88b7a3fbe4aa9c73\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-f29056eb8e4d0543:flow:c31e76db5dae\tSESSION-f29056eb8e4d0543 \u2192 flow:c31e76db5dae\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-110d1ee95c8ccd23:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-110d1ee95c8ccd23 \u2192 PCAP:capture_20260506130001:193918cc1ff8\nflow_observed5-aryOBS\te:fo:flow:fe381d2d7005\tflow:fe381d2d7005 \u2192 host:92.118.39.235 \u2192 host:172.234.197.23 \u2192 port:tcp:22 \u2192 svc:ssh\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%\te:bsg:SESSION-b9cb91009e614d5f:BSG-BEACON-f6c2b3d0e42d\tSESSION-b9cb91009e614d5f \u2192 BSG-BEACON-f6c2b3d0e42d\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-51d7b5d9b2653285:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-51d7b5d9b2653285 \u2192 PCAP:capture_20260506130001:193918cc1ff8\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-ed5316eada695a91:SESSION-ed5316eada695a91\tSESSION-ed5316eada695a91 \u2192 pe:dns:SESSION-ed5316eada695a91\nFLOW_FROM_HOSTOBS\te:from:SESSION-79b2777978dd27ca:host:172.234.197.23\tSESSION-79b2777978dd27ca \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-f0b8de3575b1c3f3:host:45.227.254.170\tSESSION-f0b8de3575b1c3f3 \u2192 host:45.227.254.170\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-12e4996e91ea82c2:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-12e4996e91ea82c2 \u2192 PCAP:capture_20260506130001:193918cc1ff8\nFLOW_FROM_HOSTOBS\te:from:SESSION-06c2cef68b8aaa66:host:2.57.122.193\tSESSION-06c2cef68b8aaa66 \u2192 host:2.57.122.193\nFLOW_TO_HOSTOBS\te:to:SESSION-63905cf2a7bf050e:host:172.232.0.17\tSESSION-63905cf2a7bf050e \u2192 host:172.232.0.17\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-a6bd6f290a9108c0:SESSION-a6bd6f290a9108c0\tSESSION-a6bd6f290a9108c0 \u2192 pe:syn:SESSION-a6bd6f290a9108c0\nHOST_IN_ASNOBS 85%\te:ha:host:45.148.10.152:asn:48090\thost:45.148.10.152 \u2192 asn:48090\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-1ae5761b52438ad8:host:172.234.197.23:host:2.57.122.194\tSESSION-1ae5761b52438ad8 \u2192 host:172.234.197.23 \u2192 host:2.57.122.194\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-63905cf2a7bf050e:SESSION-63905cf2a7bf050e\tSESSION-63905cf2a7bf050e \u2192 pe:dns:SESSION-63905cf2a7bf050e\nFLOW_FROM_HOSTOBS\te:from:SESSION-e06fb47105f2ac43:host:103.155.16.117\tSESSION-e06fb47105f2ac43 \u2192 host:103.155.16.117\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-9b63d3522aab6528:host:172.234.197.23:host:172.232.0.17\tSESSION-9b63d3522aab6528 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-64839ebd252cff52:flow:92d90165a95f\tSESSION-64839ebd252cff52 \u2192 flow:92d90165a95f\nFLOW_DST_PORTOBS\te:fp:flow:d4333a8895f0:port:tcp:443\tflow:d4333a8895f0 \u2192 port:tcp:443\nFLOW_QUERIED_DNSOBS\te:fd:flow:39a4be8c95c8:dns:172-234-197-23.ip.linodeusercontent.com\tflow:39a4be8c95c8 \u2192 dns:172-234-197-23.ip.linodeusercontent.com\nFLOW_TO_HOSTOBS\te:to:SESSION-bae5bc563a407479:host:2.57.122.196\tSESSION-bae5bc563a407479 \u2192 host:2.57.122.196\nFLOW_FROM_HOSTOBS\te:from:SESSION-537b4787a5d32b32:host:172.234.197.23\tSESSION-537b4787a5d32b32 \u2192 host:172.234.197.23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-abc73843613ec20b:flow:38ed5ae17f18\tSESSION-abc73843613ec20b \u2192 flow:38ed5ae17f18\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-12e4996e91ea82c2:host:5.34.178.101\tSESSION-12e4996e91ea82c2 \u2192 host:5.34.178.101\nFLOW_TLS_SNIOBS\te:fs:flow:0b2ff889b5a5:tls_sni:172-234-197-23.ip.linodeusercontent.com\tflow:0b2ff889b5a5 \u2192 tls_sni:172-234-197-23.ip.linodeusercontent.com\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%\te:bsg:SESSION-de4dfe84e12d6d3a:BSG-BEACON-f6c2b3d0e42d\tSESSION-de4dfe84e12d6d3a \u2192 BSG-BEACON-f6c2b3d0e42d\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%\te:bsg:SESSION-e0cca33290218eee:BSG-DATA_EXFIL-4bc5c409bc39\tSESSION-e0cca33290218eee \u2192 BSG-DATA_EXFIL-4bc5c409bc39\nFLOW_DST_PORTOBS\te:fp:flow:c5802a729475:port:tcp:443\tflow:c5802a729475 \u2192 port:tcp:443\nflow_observed5-aryOBS\te:fo:flow:79c7fa393fc0\tflow:79c7fa393fc0 \u2192 host:106.107.248.155 \u2192 host:172.234.197.23 \u2192 port:tcp:22 \u2192 svc:ssh\nflow_observed5-aryOBS\te:fo:flow:937c5e286676\tflow:937c5e286676 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-54190c4a9018c8b2:SESSION-54190c4a9018c8b2\tSESSION-54190c4a9018c8b2 \u2192 pe:syn:SESSION-54190c4a9018c8b2\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-2aaccea6dccbc46a:host:172.234.197.23:host:172.232.0.17\tSESSION-2aaccea6dccbc46a \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-9b63d3522aab6528:host:172.234.197.23\tSESSION-9b63d3522aab6528 \u2192 host:172.234.197.23\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%\te:bsg:SESSION-742f34cda3a4e617:BSG-BEACON-f6c2b3d0e42d\tSESSION-742f34cda3a4e617 \u2192 BSG-BEACON-f6c2b3d0e42d\nHOST_IN_ASNOBS 85%\te:ha:host:74.7.243.19:asn:8075\thost:74.7.243.19 \u2192 asn:8075\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-c0f54da92702e4ac:host:45.33.109.10\tSESSION-c0f54da92702e4ac \u2192 host:45.33.109.10\nFLOW_TLS_SNIOBS\te:fs:flow:1e7439e55ec0:tls_sni:172-234-197-23.ip.linodeusercontent.com\tflow:1e7439e55ec0 \u2192 tls_sni:172-234-197-23.ip.linodeusercontent.com\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-e0cca33290218eee:PCAP:capture_20260506090001:f14948ae9de4\tSESSION-e0cca33290218eee \u2192 PCAP:capture_20260506090001:f14948ae9de4\nFLOW_TO_HOSTOBS\te:to:SESSION-51d7f2698b47beca:host:172.234.197.23\tSESSION-51d7f2698b47beca \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-8e6dba6c98daea8c:host:89.190.156.78\tSESSION-8e6dba6c98daea8c \u2192 host:89.190.156.78\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-4b726f82be41475c:PCAP:capture_20260506080002:53e6ba03f554\tSESSION-4b726f82be41475c \u2192 PCAP:capture_20260506080002:53e6ba03f554\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-8e6dba6c98daea8c:SESSION-8e6dba6c98daea8c\tSESSION-8e6dba6c98daea8c \u2192 pe:syn:SESSION-8e6dba6c98daea8c\nflow_observed5-aryOBS\te:fo:flow:1e7439e55ec0\tflow:1e7439e55ec0 \u2192 host:74.7.242.172 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nFLOW_TO_HOSTOBS\te:to:SESSION-12e4996e91ea82c2:host:5.34.178.101\tSESSION-12e4996e91ea82c2 \u2192 host:5.34.178.101\nFLOW_DST_PORTOBS\te:fp:flow:d9cb873bff5c:port:udp:53\tflow:d9cb873bff5c \u2192 port:udp:53\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-a0b2525ee823a3ef:flow:04e808770244\tSESSION-a0b2525ee823a3ef \u2192 flow:04e808770244\nFLOW_QUERIED_DNSOBS\te:fd:flow:1b8efe77f1d2:dns:172-234-197-23.ip.linodeusercontent.com\tflow:1b8efe77f1d2 \u2192 dns:172-234-197-23.ip.linodeusercontent.com\nHOST_IN_ASNOBS 85%\te:ha:host:3.223.134.5:asn:14618\thost:3.223.134.5 \u2192 asn:14618\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-3edcaa2f576ed9ad:SESSION-3edcaa2f576ed9ad\tSESSION-3edcaa2f576ed9ad \u2192 pe:tls:SESSION-3edcaa2f576ed9ad\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-ec3a8cbc58b1e5f2:SESSION-ec3a8cbc58b1e5f2\tSESSION-ec3a8cbc58b1e5f2 \u2192 pe:syn:SESSION-ec3a8cbc58b1e5f2\nFLOW_FROM_HOSTOBS\te:from:SESSION-a0b2525ee823a3ef:host:213.209.159.56\tSESSION-a0b2525ee823a3ef \u2192 host:213.209.159.56\nFLOW_FROM_HOSTOBS\te:from:SESSION-0ee78febbe613cbe:host:103.155.16.117\tSESSION-0ee78febbe613cbe \u2192 host:103.155.16.117\nFLOW_TO_HOSTOBS\te:to:SESSION-93087fea180212af:host:2.57.122.196\tSESSION-93087fea180212af \u2192 host:2.57.122.196\nFLOW_DST_PORTOBS\te:fp:flow:82f6ffde6d35:port:udp:53\tflow:82f6ffde6d35 \u2192 port:udp:53\nFLOW_TO_HOSTOBS\te:to:SESSION-8f6eea3c975ecf64:host:172.234.197.23\tSESSION-8f6eea3c975ecf64 \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-8db7c39e7c6a0413:SESSION-8db7c39e7c6a0413\tSESSION-8db7c39e7c6a0413 \u2192 pe:rst:SESSION-8db7c39e7c6a0413\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-9b63d3522aab6528:host:172.232.0.17\tSESSION-9b63d3522aab6528 \u2192 host:172.232.0.17\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-0f1fcc9050279648:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-0f1fcc9050279648 \u2192 PCAP:capture_20260506130001:193918cc1ff8\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-a6bd6f290a9108c0:PCAP:capture_20260506120001:ed45599fcb5b\tSESSION-a6bd6f290a9108c0 \u2192 PCAP:capture_20260506120001:ed45599fcb5b\nFLOW_FROM_HOSTOBS\te:from:SESSION-49abda6ad4a45bbb:host:172.234.197.23\tSESSION-49abda6ad4a45bbb \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-dd0bfa1ac17855c2:SESSION-dd0bfa1ac17855c2\tSESSION-dd0bfa1ac17855c2 \u2192 pe:tls:SESSION-dd0bfa1ac17855c2\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-06c2cef68b8aaa66:host:2.57.122.193\tSESSION-06c2cef68b8aaa66 \u2192 host:2.57.122.193\nHOST_IN_ASNOBS 85%\te:ha:host:18.153.49.6:asn:16509\thost:18.153.49.6 \u2192 asn:16509\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-97e750ad2d476b32:host:103.155.16.117:host:172.234.197.23\tSESSION-97e750ad2d476b32 \u2192 host:103.155.16.117 \u2192 host:172.234.197.23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-537b4787a5d32b32:flow:1119d003b239\tSESSION-537b4787a5d32b32 \u2192 flow:1119d003b239\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-48b1abbe41658d68:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-48b1abbe41658d68 \u2192 PCAP:capture_20260506130001:193918cc1ff8\nFLOW_TO_HOSTOBS\te:to:SESSION-8321b4fe85ec7c76:host:172.232.0.17\tSESSION-8321b4fe85ec7c76 \u2192 host:172.232.0.17\nFLOW_DST_PORTOBS\te:fp:flow:dbaf0481482c:port:tcp:443\tflow:dbaf0481482c \u2192 port:tcp:443\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-a0b2525ee823a3ef:host:213.209.159.56:host:172.234.197.23\tSESSION-a0b2525ee823a3ef \u2192 host:213.209.159.56 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-d92c82faf3e575a2:host:103.155.16.117\tSESSION-d92c82faf3e575a2 \u2192 host:103.155.16.117\nflow_observed5-aryOBS\te:fo:flow:cb23a9fa002c\tflow:cb23a9fa002c \u2192 host:74.7.243.19 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-ed10882d03a99e9f:host:45.227.254.170\tSESSION-ed10882d03a99e9f \u2192 host:45.227.254.170\nFLOW_FROM_HOSTOBS\te:from:SESSION-a6c427a7783be300:host:45.227.254.170\tSESSION-a6c427a7783be300 \u2192 host:45.227.254.170\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-77c2b91a994d6b29:PCAP:capture_20260506090001:f14948ae9de4\tSESSION-77c2b91a994d6b29 \u2192 PCAP:capture_20260506090001:f14948ae9de4\nflow_observed5-aryOBS\te:fo:flow:d4333a8895f0\tflow:d4333a8895f0 \u2192 host:172.236.228.38 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nflow_observed5-aryOBS\te:fo:flow:63ff435747ca\tflow:63ff435747ca \u2192 host:74.7.242.149 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-51d7b5d9b2653285:SESSION-51d7b5d9b2653285\tSESSION-51d7b5d9b2653285 \u2192 pe:syn:SESSION-51d7b5d9b2653285\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%\te:bsg:SESSION-54b06c4ee1c885b8:BSG-BEACON-f6c2b3d0e42d\tSESSION-54b06c4ee1c885b8 \u2192 BSG-BEACON-f6c2b3d0e42d\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-3bdf02dba5935e9e:host:183.202.141.98\tSESSION-3bdf02dba5935e9e \u2192 host:183.202.141.98\nFLOW_TO_HOSTOBS\te:to:SESSION-3bdf02dba5935e9e:host:172.234.197.23\tSESSION-3bdf02dba5935e9e \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-19756d4907ce3f22:host:172.236.228.38\tSESSION-19756d4907ce3f22 \u2192 host:172.236.228.38\nFLOW_DST_PORTOBS\te:fp:flow:99cd9173a6aa:port:udp:53\tflow:99cd9173a6aa \u2192 port:udp:53\nFLOW_FROM_HOSTOBS\te:from:SESSION-e96b201766459115:host:45.33.109.10\tSESSION-e96b201766459115 \u2192 host:45.33.109.10\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-60c9f814ed617fcc:flow:c2c154dd91a3\tSESSION-60c9f814ed617fcc \u2192 flow:c2c154dd91a3\nFLOW_DST_PORTOBS\te:fp:flow:a05587dca278:port:tcp:443\tflow:a05587dca278 \u2192 port:tcp:443\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-34b2326f558473f5:PCAP:capture_20260506050001:4dfc529b4866\tSESSION-34b2326f558473f5 \u2192 PCAP:capture_20260506050001:4dfc529b4866\nFLOW_DST_PORTOBS\te:fp:flow:a49d3770e270:port:tcp:43722\tflow:a49d3770e270 \u2192 port:tcp:43722\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-bb28c78a797947d2:flow:65293682ec9b\tSESSION-bb28c78a797947d2 \u2192 flow:65293682ec9b\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%\te:bsg:SESSION-abc73843613ec20b:BSG-BEACON-f6c2b3d0e42d\tSESSION-abc73843613ec20b \u2192 BSG-BEACON-f6c2b3d0e42d\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-54b06c4ee1c885b8:flow:1b4a85eb6bc1\tSESSION-54b06c4ee1c885b8 \u2192 flow:1b4a85eb6bc1\nflow_observed5-aryOBS\te:fo:flow:880e4b1bdb27\tflow:880e4b1bdb27 \u2192 host:74.7.243.62 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nflow_observed4-aryOBS\te:fo:flow:2b1929813806\tflow:2b1929813806 \u2192 host:172.234.197.23 \u2192 host:92.118.39.235 \u2192 port:tcp:42116\nFLOW_FROM_HOSTOBS\te:from:SESSION-b9cb91009e614d5f:host:172.234.197.23\tSESSION-b9cb91009e614d5f \u2192 host:172.234.197.23\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:66.228.53.78:geo_32.94730_-96.70280\thost:66.228.53.78 \u2192 geo_32.94730_-96.70280\nflow_observed5-aryOBS\te:fo:flow:02a69204bf87\tflow:02a69204bf87 \u2192 host:66.228.53.78 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-79a0413209e2baca:host:172.234.197.23:host:213.209.159.56\tSESSION-79a0413209e2baca \u2192 host:172.234.197.23 \u2192 host:213.209.159.56\nflow_observed3-aryOBS\te:fo:flow:3a3e7a160682\tflow:3a3e7a160682 \u2192 host:172.234.197.23 \u2192 host:2.57.122.193\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-56800f0e4776fb43:host:51.224.22.45:host:172.234.197.23\tSESSION-56800f0e4776fb43 \u2192 host:51.224.22.45 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-1b2f39e4e24dfa1e:host:74.82.47.3\tSESSION-1b2f39e4e24dfa1e \u2192 host:74.82.47.3\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-bf2258c4de57eec3:flow:d9af8e073824\tSESSION-bf2258c4de57eec3 \u2192 flow:d9af8e073824\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-bb28c78a797947d2:SESSION-bb28c78a797947d2\tSESSION-bb28c78a797947d2 \u2192 pe:syn:SESSION-bb28c78a797947d2\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-395abcc328361cc1:SESSION-395abcc328361cc1\tSESSION-395abcc328361cc1 \u2192 pe:dns:SESSION-395abcc328361cc1\nFLOW_TO_HOSTOBS\te:to:SESSION-b45740c93fb46f4f:host:172.234.197.23\tSESSION-b45740c93fb46f4f \u2192 host:172.234.197.23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-8321b4fe85ec7c76:flow:82f6ffde6d35\tSESSION-8321b4fe85ec7c76 \u2192 flow:82f6ffde6d35\nFLOW_TO_HOSTOBS\te:to:SESSION-613308d4fce0daf0:host:172.234.197.23\tSESSION-613308d4fce0daf0 \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-abc73843613ec20b:SESSION-abc73843613ec20b\tSESSION-abc73843613ec20b \u2192 pe:dns:SESSION-abc73843613ec20b\nFLOW_TO_HOSTOBS\te:to:SESSION-17520ab71e811bf1:host:172.234.197.23\tSESSION-17520ab71e811bf1 \u2192 host:172.234.197.23\nflow_observed5-aryOBS\te:fo:flow:04e808770244\tflow:04e808770244 \u2192 host:213.209.159.56 \u2192 host:172.234.197.23 \u2192 port:tcp:22 \u2192 svc:ssh\nFLOW_FROM_HOSTOBS\te:from:SESSION-79a0413209e2baca:host:172.234.197.23\tSESSION-79a0413209e2baca \u2192 host:172.234.197.23\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:40.77.167.70:geo_36.66940_-78.38770\thost:40.77.167.70 \u2192 geo_36.66940_-78.38770\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-b868bf37bed38f15:host:172.234.197.23\tSESSION-b868bf37bed38f15 \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-00e01dcc7487e071:host:172.234.197.23\tSESSION-00e01dcc7487e071 \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-afea5cf8af463adc:SESSION-afea5cf8af463adc\tSESSION-afea5cf8af463adc \u2192 pe:rst:SESSION-afea5cf8af463adc\nASN_IN_ORGOBS 80%\te:ao:asn:198983:org:'Tornado Datacenter GmbH & Co. KG'\tasn:198983 \u2192 org:'Tornado Datacenter GmbH & Co. KG'\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-65f53457d50be6fd:host:172.234.197.23:host:172.232.0.17\tSESSION-65f53457d50be6fd \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nFLOW_FROM_HOSTOBS\te:from:SESSION-2afb3b9c44db3352:host:172.234.197.23\tSESSION-2afb3b9c44db3352 \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-441a69db47f1f67e:SESSION-441a69db47f1f67e\tSESSION-441a69db47f1f67e \u2192 pe:syn:SESSION-441a69db47f1f67e\nFLOW_FROM_HOSTOBS\te:from:SESSION-3657adb5f65190d3:host:45.178.249.135\tSESSION-3657adb5f65190d3 \u2192 host:45.178.249.135\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-bf2258c4de57eec3:SESSION-bf2258c4de57eec3\tSESSION-bf2258c4de57eec3 \u2192 pe:rst:SESSION-bf2258c4de57eec3\nASN_IN_ORGOBS 80%\te:ao:asn:51396:org:Pfcloud UG (haftungsbeschrankt)\tasn:51396 \u2192 org:Pfcloud UG (haftungsbeschrankt)\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-1b2f39e4e24dfa1e:SESSION-1b2f39e4e24dfa1e\tSESSION-1b2f39e4e24dfa1e \u2192 pe:rst:SESSION-1b2f39e4e24dfa1e\nflow_observed5-aryOBS\te:fo:flow:65293682ec9b\tflow:65293682ec9b \u2192 host:106.107.248.155 \u2192 host:172.234.197.23 \u2192 port:tcp:22 \u2192 svc:ssh\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-a0b2525ee823a3ef:PCAP:capture_20260506040001:e9f965e38ce8\tSESSION-a0b2525ee823a3ef \u2192 PCAP:capture_20260506040001:e9f965e38ce8\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-abc73843613ec20b:host:172.234.197.23:host:172.232.0.17\tSESSION-abc73843613ec20b \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-de4dfe84e12d6d3a:host:172.232.0.17\tSESSION-de4dfe84e12d6d3a \u2192 host:172.232.0.17\nFLOW_DST_PORTOBS\te:fp:flow:7673e13f4289:port:udp:53\tflow:7673e13f4289 \u2192 port:udp:53\nFLOW_FROM_HOSTOBS\te:from:SESSION-56800f0e4776fb43:host:51.224.22.45\tSESSION-56800f0e4776fb43 \u2192 host:51.224.22.45\nHOST_IN_ASNOBS 85%\te:ha:host:45.227.254.170:asn:267784\thost:45.227.254.170 \u2192 asn:267784\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-ed5316eada695a91:PCAP:capture_20260506070001:142364cf903b\tSESSION-ed5316eada695a91 \u2192 PCAP:capture_20260506070001:142364cf903b\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-90d6ffa3c7df5be4:host:172.232.0.17\tSESSION-90d6ffa3c7df5be4 \u2192 host:172.232.0.17\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-54190c4a9018c8b2:SESSION-54190c4a9018c8b2\tSESSION-54190c4a9018c8b2 \u2192 pe:tls:SESSION-54190c4a9018c8b2\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:5.181.20.206:geo_51.49640_-0.12240\thost:5.181.20.206 \u2192 geo_51.49640_-0.12240\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-60d15048f5022601:SESSION-60d15048f5022601\tSESSION-60d15048f5022601 \u2192 pe:rst:SESSION-60d15048f5022601\nFLOW_TO_HOSTOBS\te:to:SESSION-f57befbbc9509b01:host:172.232.0.17\tSESSION-f57befbbc9509b01 \u2192 host:172.232.0.17\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:195.211.96.85:geo_47.61090_-122.33030\thost:195.211.96.85 \u2192 geo_47.61090_-122.33030\nFLOW_DST_PORTOBS\te:fp:flow:7a42c8b90c61:port:tcp:443\tflow:7a42c8b90c61 \u2192 port:tcp:443\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-afea5cf8af463adc:host:34.197.28.78\tSESSION-afea5cf8af463adc \u2192 host:34.197.28.78\nFLOW_FROM_HOSTOBS\te:from:SESSION-9921af6a5702b3bf:host:172.234.197.23\tSESSION-9921af6a5702b3bf \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-0f63d360cf143853:host:89.190.156.78:host:172.234.197.23\tSESSION-0f63d360cf143853 \u2192 host:89.190.156.78 \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-5012aad9b09bf0eb:SESSION-5012aad9b09bf0eb\tSESSION-5012aad9b09bf0eb \u2192 pe:tls:SESSION-5012aad9b09bf0eb\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-60d15048f5022601:host:34.198.2.0:host:172.234.197.23\tSESSION-60d15048f5022601 \u2192 host:34.198.2.0 \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-eeb1578b9cc87ce2:host:172.232.0.17\tSESSION-eeb1578b9cc87ce2 \u2192 host:172.232.0.17\nFLOW_DST_PORTOBS\te:fp:flow:51c075e75f1f:port:tcp:18694\tflow:51c075e75f1f \u2192 port:tcp:18694\nFLOW_FROM_HOSTOBS\te:from:SESSION-06f3798479e59b72:host:172.234.197.23\tSESSION-06f3798479e59b72 \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-06f3798479e59b72:host:45.148.10.152\tSESSION-06f3798479e59b72 \u2192 host:45.148.10.152\nFLOW_FROM_HOSTOBS\te:from:SESSION-65f53457d50be6fd:host:172.234.197.23\tSESSION-65f53457d50be6fd \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-e9d6c100dac5ff40:host:172.234.197.23\tSESSION-e9d6c100dac5ff40 \u2192 host:172.234.197.23\nFLOW_QUERIED_DNSOBS\te:fd:flow:99cd9173a6aa:dns:172-234-197-23.ip.linodeusercontent.com\tflow:99cd9173a6aa \u2192 dns:172-234-197-23.ip.linodeusercontent.com\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-0f63d360cf143853:host:89.190.156.78\tSESSION-0f63d360cf143853 \u2192 host:89.190.156.78\nFLOW_FROM_HOSTOBS\te:from:SESSION-062c72215e61d30f:host:91.204.208.35\tSESSION-062c72215e61d30f \u2192 host:91.204.208.35\nFLOW_FROM_HOSTOBS\te:from:SESSION-88032ac2aa7f41ae:host:89.190.156.78\tSESSION-88032ac2aa7f41ae \u2192 host:89.190.156.78\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-bf2258c4de57eec3:host:172.234.197.23\tSESSION-bf2258c4de57eec3 \u2192 host:172.234.197.23\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:211.251.245.88:geo_37.51120_126.97410\thost:211.251.245.88 \u2192 geo_37.51120_126.97410\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-49ed4f4a29cfb6b3:PCAP:capture_20260506120001:ed45599fcb5b\tSESSION-49ed4f4a29cfb6b3 \u2192 PCAP:capture_20260506120001:ed45599fcb5b\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-b58bf26b90688bb4:host:172.234.197.23\tSESSION-b58bf26b90688bb4 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-60c9f814ed617fcc:host:45.148.10.157\tSESSION-60c9f814ed617fcc \u2192 host:45.148.10.157\nHOST_IN_ASNOBS 85%\te:ha:host:185.247.137.22:asn:211298\thost:185.247.137.22 \u2192 asn:211298\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-d4b585270ad704cf:flow:edcdfd648e8c\tSESSION-d4b585270ad704cf \u2192 flow:edcdfd648e8c\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-88032ac2aa7f41ae:host:89.190.156.78\tSESSION-88032ac2aa7f41ae \u2192 host:89.190.156.78\nflow_observed5-aryOBS\te:fo:flow:eea34932bdf6\tflow:eea34932bdf6 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-4473489472864a95:host:172.234.197.23:host:172.232.0.17\tSESSION-4473489472864a95 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:2.57.122.193:geo_45.99680_24.99700\thost:2.57.122.193 \u2192 geo_45.99680_24.99700\nFLOW_TO_HOSTOBS\te:to:SESSION-608e54dcb808ad4f:host:104.194.149.41\tSESSION-608e54dcb808ad4f \u2192 host:104.194.149.41\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-b9cb91009e614d5f:SESSION-b9cb91009e614d5f\tSESSION-b9cb91009e614d5f \u2192 pe:dns:SESSION-b9cb91009e614d5f\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-c041b784113284dc:flow:080ac7a1b45b\tSESSION-c041b784113284dc \u2192 flow:080ac7a1b45b\nFLOW_TO_HOSTOBS\te:to:SESSION-de4dfe84e12d6d3a:host:172.232.0.17\tSESSION-de4dfe84e12d6d3a \u2192 host:172.232.0.17\nFLOW_TO_HOSTOBS\te:to:SESSION-19756d4907ce3f22:host:172.234.197.23\tSESSION-19756d4907ce3f22 \u2192 host:172.234.197.23\nFLOW_DST_PORTOBS\te:fp:flow:9661bdae631b:port:tcp:21\tflow:9661bdae631b \u2192 port:tcp:21\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-19756d4907ce3f22:flow:d4333a8895f0\tSESSION-19756d4907ce3f22 \u2192 flow:d4333a8895f0\nFLOW_DST_PORTOBS\te:fp:flow:dd796c5d886d:port:udp:53\tflow:dd796c5d886d \u2192 port:udp:53\nFLOW_DST_PORTOBS\te:fp:flow:288b4666fe88:port:tcp:22\tflow:288b4666fe88 \u2192 port:tcp:22\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-9921af6a5702b3bf:host:172.232.0.17\tSESSION-9921af6a5702b3bf \u2192 host:172.232.0.17\nFLOW_QUERIED_DNSOBS\te:fd:flow:4991c4ddcaed:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\tflow:4991c4ddcaed \u2192 dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-afea5cf8af463adc:flow:0b2ff889b5a5\tSESSION-afea5cf8af463adc \u2192 flow:0b2ff889b5a5\nHOST_IN_ASNOBS 85%\te:ha:host:183.202.141.98:asn:56042\thost:183.202.141.98 \u2192 asn:56042\nflow_observed5-aryOBS\te:fo:flow:18f0172914c9\tflow:18f0172914c9 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%\te:bsg:SESSION-47a5cb6f1c89acd9:BSG-BEACON-a8a8c3c8a37f\tSESSION-47a5cb6f1c89acd9 \u2192 BSG-BEACON-a8a8c3c8a37f\nFLOW_DST_PORTOBS\te:fp:flow:c81b3731a7ee:port:udp:53\tflow:c81b3731a7ee \u2192 port:udp:53\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-02436cab82ff2be9:flow:7d994515472c\tSESSION-02436cab82ff2be9 \u2192 flow:7d994515472c\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-e3fc51c5a9708a6d:PCAP:capture_20260506040001:e9f965e38ce8\tSESSION-e3fc51c5a9708a6d \u2192 PCAP:capture_20260506040001:e9f965e38ce8\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-3edcaa2f576ed9ad:host:89.190.156.78\tSESSION-3edcaa2f576ed9ad \u2192 host:89.190.156.78\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-ed5316eada695a91:flow:61ec9c17e8a7\tSESSION-ed5316eada695a91 \u2192 flow:61ec9c17e8a7\nFLOW_DST_PORTOBS\te:fp:flow:d8584035cf2a:port:tcp:443\tflow:d8584035cf2a \u2192 port:tcp:443\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-ce73b8d8d0c5eb5d:PCAP:capture_20260506120001:ed45599fcb5b\tSESSION-ce73b8d8d0c5eb5d \u2192 PCAP:capture_20260506120001:ed45599fcb5b\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:45.148.10.152:geo_52.37590_4.89750\thost:45.148.10.152 \u2192 geo_52.37590_4.89750\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-6fdf8b8840f3f546:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-6fdf8b8840f3f546 \u2192 PCAP:capture_20260506130001:193918cc1ff8\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-2801fe3d7a774cf5:PCAP:capture_20260506070001:142364cf903b\tSESSION-2801fe3d7a774cf5 \u2192 PCAP:capture_20260506070001:142364cf903b\nFLOW_TO_HOSTOBS\te:to:SESSION-a0b2525ee823a3ef:host:172.234.197.23\tSESSION-a0b2525ee823a3ef \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-45458b9765283300:SESSION-45458b9765283300\tSESSION-45458b9765283300 \u2192 pe:tls:SESSION-45458b9765283300\nFLOW_TLS_SNIOBS\te:fs:flow:98c0b157084d:tls_sni:172-234-197-23.ip.linodeusercontent.com\tflow:98c0b157084d \u2192 tls_sni:172-234-197-23.ip.linodeusercontent.com\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-e06fb47105f2ac43:PCAP:capture_20260506140001:5d47d72c8963\tSESSION-e06fb47105f2ac43 \u2192 PCAP:capture_20260506140001:5d47d72c8963\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-7549dce926e94eea:host:89.190.156.78:host:172.234.197.23\tSESSION-7549dce926e94eea \u2192 host:89.190.156.78 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-49ed4f4a29cfb6b3:host:172.234.197.23\tSESSION-49ed4f4a29cfb6b3 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-eeb1578b9cc87ce2:host:172.234.197.23\tSESSION-eeb1578b9cc87ce2 \u2192 host:172.234.197.23\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:185.247.137.22:geo_51.50810_-0.12780\thost:185.247.137.22 \u2192 geo_51.50810_-0.12780\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-9273bd2df9f7c64b:PCAP:capture_20260506030001:5cc356b1b859\tSESSION-9273bd2df9f7c64b \u2192 PCAP:capture_20260506030001:5cc356b1b859\nHOST_IN_ASNOBS 85%\te:ha:host:2.57.122.193:asn:47890\thost:2.57.122.193 \u2192 asn:47890\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-9b63d3522aab6528:flow:e903432acbba\tSESSION-9b63d3522aab6528 \u2192 flow:e903432acbba\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%\te:bsg:SESSION-4390daf7eeef0d52:BSG-BEACON-f6c2b3d0e42d\tSESSION-4390daf7eeef0d52 \u2192 BSG-BEACON-f6c2b3d0e42d\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-0f63d360cf143853:SESSION-0f63d360cf143853\tSESSION-0f63d360cf143853 \u2192 pe:tls:SESSION-0f63d360cf143853\nflow_observed3-aryOBS\te:fo:flow:73ae520c0fe3\tflow:73ae520c0fe3 \u2192 host:172.234.197.23 \u2192 host:45.156.87.254\nFLOW_DST_PORTOBS\te:fp:flow:65293682ec9b:port:tcp:22\tflow:65293682ec9b \u2192 port:tcp:22\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-7549dce926e94eea:SESSION-7549dce926e94eea\tSESSION-7549dce926e94eea \u2192 pe:tls:SESSION-7549dce926e94eea\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-51e53ba41d3daf57:SESSION-51e53ba41d3daf57\tSESSION-51e53ba41d3daf57 \u2192 pe:tls:SESSION-51e53ba41d3daf57\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-9273bd2df9f7c64b:host:3.223.134.5:host:172.234.197.23\tSESSION-9273bd2df9f7c64b \u2192 host:3.223.134.5 \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-ce73b8d8d0c5eb5d:SESSION-ce73b8d8d0c5eb5d\tSESSION-ce73b8d8d0c5eb5d \u2192 pe:rst:SESSION-ce73b8d8d0c5eb5d\nflow_observed4-aryOBS\te:fo:flow:e73d03d30fbd\tflow:e73d03d30fbd \u2192 host:172.234.197.23 \u2192 host:104.194.145.47 \u2192 port:tcp:58327\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-2801fe3d7a774cf5:flow:34fc5fb47634\tSESSION-2801fe3d7a774cf5 \u2192 flow:34fc5fb47634\nFLOW_TLS_SNIOBS\te:fs:flow:c3dc2fae803e:tls_sni:172-234-197-23.ip.linodeusercontent.com\tflow:c3dc2fae803e \u2192 tls_sni:172-234-197-23.ip.linodeusercontent.com\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-34a7e03bf798caf5:host:172.234.197.23\tSESSION-34a7e03bf798caf5 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-1ae5761b52438ad8:host:2.57.122.194\tSESSION-1ae5761b52438ad8 \u2192 host:2.57.122.194\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-e3fc51c5a9708a6d:host:172.234.197.23:host:172.232.0.17\tSESSION-e3fc51c5a9708a6d \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nFLOW_DST_PORTOBS\te:fp:flow:fe381d2d7005:port:tcp:22\tflow:fe381d2d7005 \u2192 port:tcp:22\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-8e6dba6c98daea8c:SESSION-8e6dba6c98daea8c\tSESSION-8e6dba6c98daea8c \u2192 pe:tls:SESSION-8e6dba6c98daea8c\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-c041b784113284dc:host:172.234.197.23:host:172.232.0.17\tSESSION-c041b784113284dc \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-d05fb923cf4a0ee4:SESSION-d05fb923cf4a0ee4\tSESSION-d05fb923cf4a0ee4 \u2192 pe:syn:SESSION-d05fb923cf4a0ee4\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%\te:bsg:SESSION-4473489472864a95:BSG-BEACON-f6c2b3d0e42d\tSESSION-4473489472864a95 \u2192 BSG-BEACON-f6c2b3d0e42d\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%\te:bsg:SESSION-d92c82faf3e575a2:BSG-BEACON-a8a8c3c8a37f\tSESSION-d92c82faf3e575a2 \u2192 BSG-BEACON-a8a8c3c8a37f\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-0508ecf5fca31f9f:host:172.234.197.23\tSESSION-0508ecf5fca31f9f \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-395abcc328361cc1:host:172.232.0.17\tSESSION-395abcc328361cc1 \u2192 host:172.232.0.17\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-4473489472864a95:SESSION-4473489472864a95\tSESSION-4473489472864a95 \u2192 pe:dns:SESSION-4473489472864a95\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-2aaccea6dccbc46a:flow:4991c4ddcaed\tSESSION-2aaccea6dccbc46a \u2192 flow:4991c4ddcaed\nflow_observed5-aryOBS\te:fo:flow:c2c154dd91a3\tflow:c2c154dd91a3 \u2192 host:45.148.10.157 \u2192 host:172.234.197.23 \u2192 port:tcp:22 \u2192 svc:ssh\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-51d7f2698b47beca:PCAP:capture_20260506020001:cb849d7e9012\tSESSION-51d7f2698b47beca \u2192 PCAP:capture_20260506020001:cb849d7e9012\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-e0cca33290218eee:SESSION-e0cca33290218eee\tSESSION-e0cca33290218eee \u2192 pe:syn:SESSION-e0cca33290218eee\nflow_observed5-aryOBS\te:fo:flow:7a3efc7c62c3\tflow:7a3efc7c62c3 \u2192 host:46.151.178.13 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nFLOW_QUERIED_DNSOBS\te:fd:flow:080ac7a1b45b:dns:172-234-197-23.ip.linodeusercontent.com\tflow:080ac7a1b45b \u2192 dns:172-234-197-23.ip.linodeusercontent.com\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-cb177f6b8a87aae0:host:148.72.247.49\tSESSION-cb177f6b8a87aae0 \u2192 host:148.72.247.49\nFLOW_FROM_HOSTOBS\te:from:SESSION-28215304c7f8ba86:host:74.7.242.172\tSESSION-28215304c7f8ba86 \u2192 host:74.7.242.172\nFLOW_DST_PORTOBS\te:fp:flow:1b8efe77f1d2:port:udp:53\tflow:1b8efe77f1d2 \u2192 port:udp:53\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-4b726f82be41475c:host:172.234.197.23\tSESSION-4b726f82be41475c \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-79a0413209e2baca:host:213.209.159.56\tSESSION-79a0413209e2baca \u2192 host:213.209.159.56\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-65f53457d50be6fd:flow:114a8ab669ec\tSESSION-65f53457d50be6fd \u2192 flow:114a8ab669ec\nflow_observed4-aryOBS\te:fo:flow:274ee5f63645\tflow:274ee5f63645 \u2192 host:172.234.197.23 \u2192 host:185.125.190.56 \u2192 port:udp:123\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-d05fb923cf4a0ee4:PCAP:capture_20260506040001:e9f965e38ce8\tSESSION-d05fb923cf4a0ee4 \u2192 PCAP:capture_20260506040001:e9f965e38ce8\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-b9b9c8c14f596810:PCAP:capture_20260506050001:4dfc529b4866\tSESSION-b9b9c8c14f596810 \u2192 PCAP:capture_20260506050001:4dfc529b4866\nflow_observed3-aryOBS\te:fo:flow:fb8bd5371f47\tflow:fb8bd5371f47 \u2192 host:103.155.16.117 \u2192 host:172.234.197.23\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%\te:bsg:SESSION-7a22528435ec40e3:BSG-BEACON-f6c2b3d0e42d\tSESSION-7a22528435ec40e3 \u2192 BSG-BEACON-f6c2b3d0e42d\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-c495d9e5ab9acfbc:host:172.234.197.23\tSESSION-c495d9e5ab9acfbc \u2192 host:172.234.197.23\nflow_observed4-aryOBS\te:fo:flow:ae85aeeb1dac\tflow:ae85aeeb1dac \u2192 host:91.204.208.35 \u2192 host:172.234.197.23 \u2192 port:tcp:23\nflow_observed5-aryOBS\te:fo:flow:e49bf2972d42\tflow:e49bf2972d42 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:185.125.190.56:geo_51.49640_-0.12240\thost:185.125.190.56 \u2192 geo_51.49640_-0.12240\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-93717221407cc62b:SESSION-93717221407cc62b\tSESSION-93717221407cc62b \u2192 pe:rst:SESSION-93717221407cc62b\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-afea5cf8af463adc:PCAP:capture_20260506030001:5cc356b1b859\tSESSION-afea5cf8af463adc \u2192 PCAP:capture_20260506030001:5cc356b1b859\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-77c2b91a994d6b29:flow:c1c688f8cf4a\tSESSION-77c2b91a994d6b29 \u2192 flow:c1c688f8cf4a\nHOST_IN_ASNOBS 85%\te:ha:host:74.7.242.149:asn:8075\thost:74.7.242.149 \u2192 asn:8075\nflow_observed4-aryOBS\te:fo:flow:4d30fbc2be96\tflow:4d30fbc2be96 \u2192 host:172.234.197.23 \u2192 host:45.227.254.170 \u2192 port:tcp:40232\nFLOW_FROM_HOSTOBS\te:from:SESSION-64cf3cf6299680da:host:172.234.197.23\tSESSION-64cf3cf6299680da \u2192 host:172.234.197.23\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:92.118.39.235:geo_45.99680_24.99700\thost:92.118.39.235 \u2192 geo_45.99680_24.99700\nflow_observed3-aryOBS\te:fo:flow:98684bb183ca\tflow:98684bb183ca \u2192 host:172.234.197.23 \u2192 host:45.227.254.170\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%\te:bsg:SESSION-d4b585270ad704cf:BSG-BEACON-3e264b836441\tSESSION-d4b585270ad704cf \u2192 BSG-BEACON-3e264b836441\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-ff5fd6c4007b2145:host:185.125.190.56\tSESSION-ff5fd6c4007b2145 \u2192 host:185.125.190.56\nFLOW_FROM_HOSTOBS\te:from:SESSION-c79e5eebc4868479:host:103.155.16.117\tSESSION-c79e5eebc4868479 \u2192 host:103.155.16.117\nFLOW_FROM_HOSTOBS\te:from:SESSION-c041b784113284dc:host:172.234.197.23\tSESSION-c041b784113284dc \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-8f55e302ff5e6c0d:host:172.234.197.23\tSESSION-8f55e302ff5e6c0d \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-47a5cb6f1c89acd9:host:103.155.16.117\tSESSION-47a5cb6f1c89acd9 \u2192 host:103.155.16.117\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-a6c427a7783be300:flow:288b4666fe88\tSESSION-a6c427a7783be300 \u2192 flow:288b4666fe88\nFLOW_TO_HOSTOBS\te:to:SESSION-49abda6ad4a45bbb:host:172.232.0.17\tSESSION-49abda6ad4a45bbb \u2192 host:172.232.0.17\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-1f294c1fb71330bd:PCAP:capture_20260506110001:db30e8f19576\tSESSION-1f294c1fb71330bd \u2192 PCAP:capture_20260506110001:db30e8f19576\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-88032ac2aa7f41ae:SESSION-88032ac2aa7f41ae\tSESSION-88032ac2aa7f41ae \u2192 pe:tls:SESSION-88032ac2aa7f41ae\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-34a7e03bf798caf5:host:180.167.128.203\tSESSION-34a7e03bf798caf5 \u2192 host:180.167.128.203\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-b45740c93fb46f4f:host:172.234.197.23\tSESSION-b45740c93fb46f4f \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-4f726ca0d8d8e058:host:2.57.122.193\tSESSION-4f726ca0d8d8e058 \u2192 host:2.57.122.193\nFLOW_TLS_SNIOBS\te:fs:flow:880e4b1bdb27:tls_sni:172-234-197-23.ip.linodeusercontent.com\tflow:880e4b1bdb27 \u2192 tls_sni:172-234-197-23.ip.linodeusercontent.com\nFLOW_FROM_HOSTOBS\te:from:SESSION-cb177f6b8a87aae0:host:148.72.247.49\tSESSION-cb177f6b8a87aae0 \u2192 host:148.72.247.49\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-e07ada5095ddfcf9:host:172.234.197.23\tSESSION-e07ada5095ddfcf9 \u2192 host:172.234.197.23\nASN_IN_ORGOBS 80%\te:ao:asn:210259:org:LLC Applied Computational Technologies\tasn:210259 \u2192 org:LLC Applied Computational Technologies\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:5.34.178.101:geo_25.77010_-80.19280\thost:5.34.178.101 \u2192 geo_25.77010_-80.19280\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-5012aad9b09bf0eb:flow:a6790ddc9702\tSESSION-5012aad9b09bf0eb \u2192 flow:a6790ddc9702\nFLOW_TO_HOSTOBS\te:to:SESSION-c5aeac75f92d444f:host:172.234.197.23\tSESSION-c5aeac75f92d444f \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-7549dce926e94eea:host:89.190.156.78\tSESSION-7549dce926e94eea \u2192 host:89.190.156.78\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-b868bf37bed38f15:flow:19202654408c\tSESSION-b868bf37bed38f15 \u2192 flow:19202654408c\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-868e23b316c7b0f8:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-868e23b316c7b0f8 \u2192 PCAP:capture_20260506130001:193918cc1ff8\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-7155cec198655999:host:172.234.197.23\tSESSION-7155cec198655999 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-7a22528435ec40e3:host:172.234.197.23\tSESSION-7a22528435ec40e3 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-ce73b8d8d0c5eb5d:host:172.234.197.23\tSESSION-ce73b8d8d0c5eb5d \u2192 host:172.234.197.23\nflow_observed5-aryOBS\te:fo:flow:a05587dca278\tflow:a05587dca278 \u2192 host:45.33.109.10 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nFLOW_DST_PORTOBS\te:fp:flow:1119d003b239:port:udp:53\tflow:1119d003b239 \u2192 port:udp:53\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-742f34cda3a4e617:SESSION-742f34cda3a4e617\tSESSION-742f34cda3a4e617 \u2192 pe:dns:SESSION-742f34cda3a4e617\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-51e53ba41d3daf57:host:185.247.137.6:host:172.234.197.23\tSESSION-51e53ba41d3daf57 \u2192 host:185.247.137.6 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-06f3798479e59b72:host:45.148.10.152\tSESSION-06f3798479e59b72 \u2192 host:45.148.10.152\nFLOW_QUERIED_DNSOBS\te:fd:flow:937c5e286676:dns:172-234-197-23.ip.linodeusercontent.com\tflow:937c5e286676 \u2192 dns:172-234-197-23.ip.linodeusercontent.com\nASN_IN_ORGOBS 80%\te:ao:asn:132203:org:Tencent Building, Kejizhongyi Avenue\tasn:132203 \u2192 org:Tencent Building, Kejizhongyi Avenue\nFLOW_TO_HOSTOBS\te:to:SESSION-1ae5761b52438ad8:host:2.57.122.194\tSESSION-1ae5761b52438ad8 \u2192 host:2.57.122.194\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-60d15048f5022601:SESSION-60d15048f5022601\tSESSION-60d15048f5022601 \u2192 pe:tls:SESSION-60d15048f5022601\nFLOW_FROM_HOSTOBS\te:from:SESSION-f57befbbc9509b01:host:172.234.197.23\tSESSION-f57befbbc9509b01 \u2192 host:172.234.197.23\nASN_IN_ORGOBS 80%\te:ao:asn:204957:org:Green Floid LLC\tasn:204957 \u2192 org:Green Floid LLC\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-51d7f2698b47beca:host:18.153.49.6\tSESSION-51d7f2698b47beca \u2192 host:18.153.49.6\nFLOW_DST_PORTOBS\te:fp:flow:0f567f8a82dd:port:tcp:59950\tflow:0f567f8a82dd \u2192 port:tcp:59950\nFLOW_TO_HOSTOBS\te:to:SESSION-ff5fd6c4007b2145:host:185.125.190.56\tSESSION-ff5fd6c4007b2145 \u2192 host:185.125.190.56\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:52.232.35.131:geo_52.37590_4.89750\thost:52.232.35.131 \u2192 geo_52.37590_4.89750\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-a0b2525ee823a3ef:host:213.209.159.56\tSESSION-a0b2525ee823a3ef \u2192 host:213.209.159.56\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-eeb1578b9cc87ce2:host:172.232.0.17\tSESSION-eeb1578b9cc87ce2 \u2192 host:172.232.0.17\nflow_observed4-aryOBS\te:fo:flow:29f0f80dc5aa\tflow:29f0f80dc5aa \u2192 host:172.234.197.23 \u2192 host:92.118.39.195 \u2192 port:tcp:9360\nHOST_IN_ASNOBS 85%\te:ha:host:92.118.39.195:asn:47890\thost:92.118.39.195 \u2192 asn:47890\nflow_observed5-aryOBS\te:fo:flow:eab42a9b6bf8\tflow:eab42a9b6bf8 \u2192 host:34.198.2.0 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nflow_observed5-aryOBS\te:fo:flow:e6a35db00740\tflow:e6a35db00740 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:91.204.208.35:geo_51.49640_-0.12240\thost:91.204.208.35 \u2192 geo_51.49640_-0.12240\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-79b2777978dd27ca:host:172.234.197.23:host:172.232.0.17\tSESSION-79b2777978dd27ca \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nFLOW_FROM_HOSTOBS\te:from:SESSION-b9b9c8c14f596810:host:89.190.156.78\tSESSION-b9b9c8c14f596810 \u2192 host:89.190.156.78\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-eda5f2c165ee908a:flow:51e69965ce12\tSESSION-eda5f2c165ee908a \u2192 flow:51e69965ce12\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:45.61.133.121:geo_36.10200_-115.14470\thost:45.61.133.121 \u2192 geo_36.10200_-115.14470\nflow_observed4-aryOBS\te:fo:flow:3e4cd8770b96\tflow:3e4cd8770b96 \u2192 host:172.234.197.23 \u2192 host:5.34.178.101 \u2192 port:tcp:52976\nflow_observed4-aryOBS\te:fo:flow:e1aadcf35da1\tflow:e1aadcf35da1 \u2192 host:172.234.197.23 \u2192 host:70.54.182.130 \u2192 port:tcp:48929\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-64cf3cf6299680da:SESSION-64cf3cf6299680da\tSESSION-64cf3cf6299680da \u2192 pe:rst:SESSION-64cf3cf6299680da\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:45.153.34.112:geo_50.88970_6.05630\thost:45.153.34.112 \u2192 geo_50.88970_6.05630\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-386b135d546c92f7:host:172.234.197.23\tSESSION-386b135d546c92f7 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-003788b015d527cd:host:172.234.197.23\tSESSION-003788b015d527cd \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-f4f04d9d25e66b28:host:92.118.39.195\tSESSION-f4f04d9d25e66b28 \u2192 host:92.118.39.195\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-bae5bc563a407479:host:172.234.197.23\tSESSION-bae5bc563a407479 \u2192 host:172.234.197.23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-3edcaa2f576ed9ad:flow:e2978a833c12\tSESSION-3edcaa2f576ed9ad \u2192 flow:e2978a833c12\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-3657adb5f65190d3:flow:f969770eb36a\tSESSION-3657adb5f65190d3 \u2192 flow:f969770eb36a\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-ce73b8d8d0c5eb5d:flow:649ec01154f8\tSESSION-ce73b8d8d0c5eb5d \u2192 flow:649ec01154f8\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-bf2258c4de57eec3:host:92.118.39.23\tSESSION-bf2258c4de57eec3 \u2192 host:92.118.39.23\nflow_observed5-aryOBS\te:fo:flow:7a42c8b90c61\tflow:7a42c8b90c61 \u2192 host:74.7.243.62 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nFLOW_DST_PORTOBS\te:fp:flow:e1aadcf35da1:port:tcp:48929\tflow:e1aadcf35da1 \u2192 port:tcp:48929\nFLOW_QUERIED_DNSOBS\te:fd:flow:18f0172914c9:dns:172-234-197-23.ip.linodeusercontent.com\tflow:18f0172914c9 \u2192 dns:172-234-197-23.ip.linodeusercontent.com\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-51e53ba41d3daf57:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-51e53ba41d3daf57 \u2192 PCAP:capture_20260506130001:193918cc1ff8\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-868e23b316c7b0f8:host:172.234.197.23:host:107.189.27.59\tSESSION-868e23b316c7b0f8 \u2192 host:172.234.197.23 \u2192 host:107.189.27.59\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-608e54dcb808ad4f:host:104.194.149.41\tSESSION-608e54dcb808ad4f \u2192 host:104.194.149.41\nFLOW_DST_PORTOBS\te:fp:flow:1fc954fe1e5f:port:udp:53\tflow:1fc954fe1e5f \u2192 port:udp:53\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-f0b8de3575b1c3f3:host:172.234.197.23\tSESSION-f0b8de3575b1c3f3 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-3edcaa2f576ed9ad:PCAP:capture_20260506050001:4dfc529b4866\tSESSION-3edcaa2f576ed9ad \u2192 PCAP:capture_20260506050001:4dfc529b4866\nASN_IN_ORGOBS 80%\te:ao:asn:211443:org:Sino Worldwide Trading Limited\tasn:211443 \u2192 org:Sino Worldwide Trading Limited\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-8e6dba6c98daea8c:flow:6c52770a5a7c\tSESSION-8e6dba6c98daea8c \u2192 flow:6c52770a5a7c\nHOST_IN_ASNOBS 85%\te:ha:host:106.107.248.155:asn:4780\thost:106.107.248.155 \u2192 asn:4780\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-02436cab82ff2be9:SESSION-02436cab82ff2be9\tSESSION-02436cab82ff2be9 \u2192 pe:rst:SESSION-02436cab82ff2be9\nFLOW_TO_HOSTOBS\te:to:SESSION-47a5cb6f1c89acd9:host:172.234.197.23\tSESSION-47a5cb6f1c89acd9 \u2192 host:172.234.197.23\nflow_observed3-aryOBS\te:fo:flow:258abd61bf99\tflow:258abd61bf99 \u2192 host:172.234.197.23 \u2192 host:2.57.122.196\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-bf2258c4de57eec3:host:172.234.197.23:host:92.118.39.23\tSESSION-bf2258c4de57eec3 \u2192 host:172.234.197.23 \u2192 host:92.118.39.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-93087fea180212af:host:172.234.197.23\tSESSION-93087fea180212af \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-547dd5952328fc79:host:172.234.197.23:host:211.251.245.88\tSESSION-547dd5952328fc79 \u2192 host:172.234.197.23 \u2192 host:211.251.245.88\nFLOW_QUERIED_DNSOBS\te:fd:flow:39fd59b217e1:dns:172-234-197-23.ip.linodeusercontent.com\tflow:39fd59b217e1 \u2192 dns:172-234-197-23.ip.linodeusercontent.com\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-742f34cda3a4e617:host:172.232.0.17\tSESSION-742f34cda3a4e617 \u2192 host:172.232.0.17\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-5012aad9b09bf0eb:host:74.7.242.149:host:172.234.197.23\tSESSION-5012aad9b09bf0eb \u2192 host:74.7.242.149 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-88032ac2aa7f41ae:PCAP:capture_20260506050001:4dfc529b4866\tSESSION-88032ac2aa7f41ae \u2192 PCAP:capture_20260506050001:4dfc529b4866\nFLOW_TO_HOSTOBS\te:to:SESSION-2801fe3d7a774cf5:host:45.153.34.112\tSESSION-2801fe3d7a774cf5 \u2192 host:45.153.34.112\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-ec3a8cbc58b1e5f2:PCAP:capture_20260506090001:f14948ae9de4\tSESSION-ec3a8cbc58b1e5f2 \u2192 PCAP:capture_20260506090001:f14948ae9de4\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-64839ebd252cff52:PCAP:capture_20260506140001:5d47d72c8963\tSESSION-64839ebd252cff52 \u2192 PCAP:capture_20260506140001:5d47d72c8963\nFLOW_FROM_HOSTOBS\te:from:SESSION-0508ecf5fca31f9f:host:3.126.146.176\tSESSION-0508ecf5fca31f9f \u2192 host:3.126.146.176\nFLOW_TO_HOSTOBS\te:to:SESSION-537b4787a5d32b32:host:172.232.0.17\tSESSION-537b4787a5d32b32 \u2192 host:172.232.0.17\nFLOW_TO_HOSTOBS\te:to:SESSION-28215304c7f8ba86:host:172.234.197.23\tSESSION-28215304c7f8ba86 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-6fdf8b8840f3f546:host:172.234.197.23\tSESSION-6fdf8b8840f3f546 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-e9d6c100dac5ff40:PCAP:capture_20260506040001:e9f965e38ce8\tSESSION-e9d6c100dac5ff40 \u2192 PCAP:capture_20260506040001:e9f965e38ce8\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:51.224.22.45:geo_52.51960_13.40690\thost:51.224.22.45 \u2192 geo_52.51960_13.40690\nflow_observed5-aryOBS\te:fo:flow:82f6ffde6d35\tflow:82f6ffde6d35 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-0f63d360cf143853:host:172.234.197.23\tSESSION-0f63d360cf143853 \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-51d7b5d9b2653285:SESSION-51d7b5d9b2653285\tSESSION-51d7b5d9b2653285 \u2192 pe:tls:SESSION-51d7b5d9b2653285\nFLOW_FROM_HOSTOBS\te:from:SESSION-d68993c6291186b3:host:45.33.109.10\tSESSION-d68993c6291186b3 \u2192 host:45.33.109.10\nflow_observed5-aryOBS\te:fo:flow:a527250caa23\tflow:a527250caa23 \u2192 host:162.214.75.117 \u2192 host:172.234.197.23 \u2192 port:tcp:22 \u2192 svc:ssh\nflow_observed5-aryOBS\te:fo:flow:51e69965ce12\tflow:51e69965ce12 \u2192 host:172.234.197.23 \u2192 host:104.21.7.232 \u2192 port:tcp:443 \u2192 svc:https\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-8321b4fe85ec7c76:SESSION-8321b4fe85ec7c76\tSESSION-8321b4fe85ec7c76 \u2192 pe:dns:SESSION-8321b4fe85ec7c76\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%\te:bsg:SESSION-ddee689ce64bb7f1:BSG-BEACON-f6c2b3d0e42d\tSESSION-ddee689ce64bb7f1 \u2192 BSG-BEACON-f6c2b3d0e42d\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-02436cab82ff2be9:host:2.57.122.196:host:172.234.197.23\tSESSION-02436cab82ff2be9 \u2192 host:2.57.122.196 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-608e54dcb808ad4f:host:172.234.197.23\tSESSION-608e54dcb808ad4f \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-48b1abbe41658d68:host:195.211.96.85\tSESSION-48b1abbe41658d68 \u2192 host:195.211.96.85\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-183409131ad9123b:host:124.129.100.19:host:172.234.197.23\tSESSION-183409131ad9123b \u2192 host:124.129.100.19 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-8db7c39e7c6a0413:host:46.151.178.13\tSESSION-8db7c39e7c6a0413 \u2192 host:46.151.178.13\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-56800f0e4776fb43:flow:08fd29599773\tSESSION-56800f0e4776fb43 \u2192 flow:08fd29599773\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-f4f04d9d25e66b28:flow:29f0f80dc5aa\tSESSION-f4f04d9d25e66b28 \u2192 flow:29f0f80dc5aa\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-e3fc51c5a9708a6d:SESSION-e3fc51c5a9708a6d\tSESSION-e3fc51c5a9708a6d \u2192 pe:dns:SESSION-e3fc51c5a9708a6d\nFLOW_DST_PORTOBS\te:fp:flow:02a69204bf87:port:tcp:443\tflow:02a69204bf87 \u2192 port:tcp:443\nFLOW_FROM_HOSTOBS\te:from:SESSION-3edcaa2f576ed9ad:host:89.190.156.78\tSESSION-3edcaa2f576ed9ad \u2192 host:89.190.156.78\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-f52f57c02498535b:host:172.234.197.23:host:104.194.145.47\tSESSION-f52f57c02498535b \u2192 host:172.234.197.23 \u2192 host:104.194.145.47\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-2afb3b9c44db3352:host:172.232.0.17\tSESSION-2afb3b9c44db3352 \u2192 host:172.232.0.17\nFLOW_TO_HOSTOBS\te:to:SESSION-547dd5952328fc79:host:211.251.245.88\tSESSION-547dd5952328fc79 \u2192 host:211.251.245.88\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-06c2cef68b8aaa66:host:2.57.122.193:host:172.234.197.23\tSESSION-06c2cef68b8aaa66 \u2192 host:2.57.122.193 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-7155cec198655999:PCAP:capture_20260506050001:4dfc529b4866\tSESSION-7155cec198655999 \u2192 PCAP:capture_20260506050001:4dfc529b4866\nASN_IN_ORGOBS 80%\te:ao:asn:6939:org:Hurricane Electric LLC\tasn:6939 \u2192 org:Hurricane Electric LLC\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-ee97936cb69b9d13:host:172.234.197.23\tSESSION-ee97936cb69b9d13 \u2192 host:172.234.197.23\nflow_observed5-aryOBS\te:fo:flow:6cdc7ef329cb\tflow:6cdc7ef329cb \u2192 host:185.247.137.206 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nflow_observed5-aryOBS\te:fo:flow:4c12feb7d691\tflow:4c12feb7d691 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nFLOW_DST_PORTOBS\te:fp:flow:df64d227b047:port:tcp:443\tflow:df64d227b047 \u2192 port:tcp:443\nFLOW_DST_PORTOBS\te:fp:flow:880e4b1bdb27:port:tcp:443\tflow:880e4b1bdb27 \u2192 port:tcp:443\nFLOW_TO_HOSTOBS\te:to:SESSION-4390daf7eeef0d52:host:172.232.0.17\tSESSION-4390daf7eeef0d52 \u2192 host:172.232.0.17\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-f29056eb8e4d0543:SESSION-f29056eb8e4d0543\tSESSION-f29056eb8e4d0543 \u2192 pe:dns:SESSION-f29056eb8e4d0543\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%\te:bsg:SESSION-d05fb923cf4a0ee4:BSG-BEACON-3e264b836441\tSESSION-d05fb923cf4a0ee4 \u2192 BSG-BEACON-3e264b836441\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%\te:bsg:SESSION-f57befbbc9509b01:BSG-BEACON-f6c2b3d0e42d\tSESSION-f57befbbc9509b01 \u2192 BSG-BEACON-f6c2b3d0e42d\nflow_observed5-aryOBS\te:fo:flow:79c6b8311121\tflow:79c6b8311121 \u2192 host:45.61.133.121 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:124.129.100.19:geo_36.06100_120.38140\thost:124.129.100.19 \u2192 geo_36.06100_120.38140\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-110d1ee95c8ccd23:SESSION-110d1ee95c8ccd23\tSESSION-110d1ee95c8ccd23 \u2192 pe:tls:SESSION-110d1ee95c8ccd23\nFLOW_TO_HOSTOBS\te:to:SESSION-ce73b8d8d0c5eb5d:host:2.57.122.193\tSESSION-ce73b8d8d0c5eb5d \u2192 host:2.57.122.193\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-acef8d31e86c7acd:flow:18f0172914c9\tSESSION-acef8d31e86c7acd \u2192 flow:18f0172914c9\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-00e01dcc7487e071:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-00e01dcc7487e071 \u2192 PCAP:capture_20260506130001:193918cc1ff8\nflow_observed3-aryOBS\te:fo:flow:a7ad13b94d62\tflow:a7ad13b94d62 \u2192 host:103.155.16.117 \u2192 host:172.234.197.23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-ddee689ce64bb7f1:flow:39a4be8c95c8\tSESSION-ddee689ce64bb7f1 \u2192 flow:39a4be8c95c8\nFLOW_FROM_HOSTOBS\te:from:SESSION-02436cab82ff2be9:host:2.57.122.196\tSESSION-02436cab82ff2be9 \u2192 host:2.57.122.196\nFLOW_TO_HOSTOBS\te:to:SESSION-0f63d360cf143853:host:172.234.197.23\tSESSION-0f63d360cf143853 \u2192 host:172.234.197.23\nFLOW_QUERIED_DNSOBS\te:fd:flow:114a8ab669ec:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\tflow:114a8ab669ec \u2192 dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-386b135d546c92f7:PCAP:capture_20260506110001:db30e8f19576\tSESSION-386b135d546c92f7 \u2192 PCAP:capture_20260506110001:db30e8f19576\nHOST_IN_ASNOBS 85%\te:ha:host:45.153.34.112:asn:51396\thost:45.153.34.112 \u2192 asn:51396\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-b868bf37bed38f15:SESSION-b868bf37bed38f15\tSESSION-b868bf37bed38f15 \u2192 pe:tls:SESSION-b868bf37bed38f15\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-8f6eea3c975ecf64:flow:1e7439e55ec0\tSESSION-8f6eea3c975ecf64 \u2192 flow:1e7439e55ec0\nflow_observed3-aryOBS\te:fo:flow:92d90165a95f\tflow:92d90165a95f \u2192 host:172.234.197.23 \u2192 host:45.156.87.254\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-ce73b8d8d0c5eb5d:host:172.234.197.23\tSESSION-ce73b8d8d0c5eb5d \u2192 host:172.234.197.23\nFLOW_QUERIED_DNSOBS\te:fd:flow:a6ea0602e5c3:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\tflow:a6ea0602e5c3 \u2192 dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\nFLOW_QUERIED_DNSOBS\te:fd:flow:8d08ea6ea9f9:dns:172-234-197-23.ip.linodeusercontent.com\tflow:8d08ea6ea9f9 \u2192 dns:172-234-197-23.ip.linodeusercontent.com\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-464991c3566dab39:host:63.179.136.145\tSESSION-464991c3566dab39 \u2192 host:63.179.136.145\nFLOW_QUERIED_DNSOBS\te:fd:flow:7673e13f4289:dns:172-234-197-23.ip.linodeusercontent.com\tflow:7673e13f4289 \u2192 dns:172-234-197-23.ip.linodeusercontent.com\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%\te:bsg:SESSION-e06fb47105f2ac43:BSG-BEACON-a8a8c3c8a37f\tSESSION-e06fb47105f2ac43 \u2192 BSG-BEACON-a8a8c3c8a37f\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-49ed4f4a29cfb6b3:host:172.232.0.17\tSESSION-49ed4f4a29cfb6b3 \u2192 host:172.232.0.17\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-613308d4fce0daf0:host:172.234.197.23\tSESSION-613308d4fce0daf0 \u2192 host:172.234.197.23\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:195.123.246.80:geo_50.08830_14.41240\thost:195.123.246.80 \u2192 geo_50.08830_14.41240\nFLOW_DST_PORTOBS\te:fp:flow:86b2060928ad:port:tcp:22\tflow:86b2060928ad \u2192 port:tcp:22\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%\te:bsg:SESSION-2afb3b9c44db3352:BSG-BEACON-f6c2b3d0e42d\tSESSION-2afb3b9c44db3352 \u2192 BSG-BEACON-f6c2b3d0e42d\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-17520ab71e811bf1:host:52.232.35.131\tSESSION-17520ab71e811bf1 \u2192 host:52.232.35.131\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-afea5cf8af463adc:host:34.197.28.78:host:172.234.197.23\tSESSION-afea5cf8af463adc \u2192 host:34.197.28.78 \u2192 host:172.234.197.23\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:2.57.122.196:geo_45.99680_24.99700\thost:2.57.122.196 \u2192 geo_45.99680_24.99700\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-fcda3062255c0ddf:flow:18d38100af2b\tSESSION-fcda3062255c0ddf \u2192 flow:18d38100af2b\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-34a7e03bf798caf5:flow:75f5a0d5f164\tSESSION-34a7e03bf798caf5 \u2192 flow:75f5a0d5f164\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-a6bd6f290a9108c0:host:91.204.208.35\tSESSION-a6bd6f290a9108c0 \u2192 host:91.204.208.35\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-49ed4f4a29cfb6b3:SESSION-49ed4f4a29cfb6b3\tSESSION-49ed4f4a29cfb6b3 \u2192 pe:dns:SESSION-49ed4f4a29cfb6b3\nFLOW_DST_PORTOBS\te:fp:flow:6568cd0686fe:port:udp:53\tflow:6568cd0686fe \u2192 port:udp:53\nflow_observed5-aryOBS\te:fo:flow:39fd59b217e1\tflow:39fd59b217e1 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%\te:bsg:SESSION-ed5316eada695a91:BSG-BEACON-f6c2b3d0e42d\tSESSION-ed5316eada695a91 \u2192 BSG-BEACON-f6c2b3d0e42d\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-48df9718fdcf0dd4:host:70.54.182.130\tSESSION-48df9718fdcf0dd4 \u2192 host:70.54.182.130\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-fa3c66e6c8c7cc27:flow:796619995967\tSESSION-fa3c66e6c8c7cc27 \u2192 flow:796619995967\nFLOW_QUERIED_DNSOBS\te:fd:flow:82f6ffde6d35:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\tflow:82f6ffde6d35 \u2192 dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-9bfef0c13717a796:host:172.234.197.23\tSESSION-9bfef0c13717a796 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-a6c427a7783be300:PCAP:capture_20260506060001:f9f9110b5bb4\tSESSION-a6c427a7783be300 \u2192 PCAP:capture_20260506060001:f9f9110b5bb4\nHOST_IN_ASNOBS 85%\te:ha:host:162.214.75.117:asn:46606\thost:162.214.75.117 \u2192 asn:46606\nFLOW_DST_PORTOBS\te:fp:flow:751ba8c1a7c7:port:tcp:43722\tflow:751ba8c1a7c7 \u2192 port:tcp:43722\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-64839ebd252cff52:host:172.234.197.23\tSESSION-64839ebd252cff52 \u2192 host:172.234.197.23\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:43.157.180.116:geo_-23.54750_-46.63610\thost:43.157.180.116 \u2192 geo_-23.54750_-46.63610\nFLOW_DST_PORTOBS\te:fp:flow:0f87fd9755d2:port:tcp:22\tflow:0f87fd9755d2 \u2192 port:tcp:22\nflow_observed4-aryOBS\te:fo:flow:9661bdae631b\tflow:9661bdae631b \u2192 host:81.29.142.50 \u2192 host:172.234.197.23 \u2192 port:tcp:21\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-d4b585270ad704cf:SESSION-d4b585270ad704cf\tSESSION-d4b585270ad704cf \u2192 pe:tls:SESSION-d4b585270ad704cf\nFLOW_TLS_SNIOBS\te:fs:flow:51e69965ce12:tls_sni:wpcodeusage.com\tflow:51e69965ce12 \u2192 tls_sni:wpcodeusage.com\nflow_observed3-aryOBS\te:fo:flow:19793244e1ec\tflow:19793244e1ec \u2192 host:63.179.136.145 \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-51919fc68b872311:SESSION-51919fc68b872311\tSESSION-51919fc68b872311 \u2192 pe:tls:SESSION-51919fc68b872311\nflow_observed5-aryOBS\te:fo:flow:1b4a85eb6bc1\tflow:1b4a85eb6bc1 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-60c9f814ed617fcc:PCAP:capture_20260506030001:5cc356b1b859\tSESSION-60c9f814ed617fcc \u2192 PCAP:capture_20260506030001:5cc356b1b859\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-19756d4907ce3f22:SESSION-19756d4907ce3f22\tSESSION-19756d4907ce3f22 \u2192 pe:tls:SESSION-19756d4907ce3f22\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-003788b015d527cd:PCAP:capture_20260506140001:5d47d72c8963\tSESSION-003788b015d527cd \u2192 PCAP:capture_20260506140001:5d47d72c8963\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-54b06c4ee1c885b8:SESSION-54b06c4ee1c885b8\tSESSION-54b06c4ee1c885b8 \u2192 pe:dns:SESSION-54b06c4ee1c885b8\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-97e750ad2d476b32:flow:aaf2c7b4d443\tSESSION-97e750ad2d476b32 \u2192 flow:aaf2c7b4d443\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-062c72215e61d30f:host:91.204.208.35:host:172.234.197.23\tSESSION-062c72215e61d30f \u2192 host:91.204.208.35 \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-7a22528435ec40e3:SESSION-7a22528435ec40e3\tSESSION-7a22528435ec40e3 \u2192 pe:dns:SESSION-7a22528435ec40e3\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-464991c3566dab39:host:172.234.197.23\tSESSION-464991c3566dab39 \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-8f6eea3c975ecf64:SESSION-8f6eea3c975ecf64\tSESSION-8f6eea3c975ecf64 \u2192 pe:syn:SESSION-8f6eea3c975ecf64\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-00e01dcc7487e071:SESSION-00e01dcc7487e071\tSESSION-00e01dcc7487e071 \u2192 pe:syn:SESSION-00e01dcc7487e071\nHOST_IN_ASNOBS 85%\te:ha:host:103.81.111.187:asn:150958\thost:103.81.111.187 \u2192 asn:150958\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-77c2b91a994d6b29:host:172.234.197.23:host:172.232.0.17\tSESSION-77c2b91a994d6b29 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-3bdf02dba5935e9e:flow:88cca16d0446\tSESSION-3bdf02dba5935e9e \u2192 flow:88cca16d0446\nFLOW_TO_HOSTOBS\te:to:SESSION-cc57470cff674b4d:host:2.57.122.194\tSESSION-cc57470cff674b4d \u2192 host:2.57.122.194\nflow_observed5-aryOBS\te:fo:flow:7a63b783bb1f\tflow:7a63b783bb1f \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-9931d5e5bc996b57:SESSION-9931d5e5bc996b57\tSESSION-9931d5e5bc996b57 \u2192 pe:tls:SESSION-9931d5e5bc996b57\nFLOW_TO_HOSTOBS\te:to:SESSION-9273bd2df9f7c64b:host:172.234.197.23\tSESSION-9273bd2df9f7c64b \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-63905cf2a7bf050e:host:172.232.0.17\tSESSION-63905cf2a7bf050e \u2192 host:172.232.0.17\nFLOW_DST_PORTOBS\te:fp:flow:823309092ce5:port:udp:53\tflow:823309092ce5 \u2192 port:udp:53\nFLOW_QUERIED_DNSOBS\te:fd:flow:4c12feb7d691:dns:172-234-197-23.ip.linodeusercontent.com\tflow:4c12feb7d691 \u2192 dns:172-234-197-23.ip.linodeusercontent.com\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-54190c4a9018c8b2:host:172.234.197.23\tSESSION-54190c4a9018c8b2 \u2192 host:172.234.197.23\nflow_observed5-aryOBS\te:fo:flow:86b2060928ad\tflow:86b2060928ad \u2192 host:2.57.122.193 \u2192 host:172.234.197.23 \u2192 port:tcp:22 \u2192 svc:ssh\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-ed5316eada695a91:host:172.234.197.23:host:172.232.0.17\tSESSION-ed5316eada695a91 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nFLOW_FROM_HOSTOBS\te:from:SESSION-dd0bfa1ac17855c2:host:43.157.180.116\tSESSION-dd0bfa1ac17855c2 \u2192 host:43.157.180.116\nFLOW_TO_HOSTOBS\te:to:SESSION-f52f57c02498535b:host:104.194.145.47\tSESSION-f52f57c02498535b \u2192 host:104.194.145.47\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-28215304c7f8ba86:PCAP:capture_20260506090001:f14948ae9de4\tSESSION-28215304c7f8ba86 \u2192 PCAP:capture_20260506090001:f14948ae9de4\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-45458b9765283300:host:172.234.197.23\tSESSION-45458b9765283300 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-00e01dcc7487e071:host:92.118.39.235\tSESSION-00e01dcc7487e071 \u2192 host:92.118.39.235\nHOST_IN_ASNOBS 85%\te:ha:host:213.209.159.56:asn:208137\thost:213.209.159.56 \u2192 asn:208137\nFLOW_TO_HOSTOBS\te:to:SESSION-ee97936cb69b9d13:host:172.234.197.23\tSESSION-ee97936cb69b9d13 \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-c79e5eebc4868479:host:103.155.16.117:host:172.234.197.23\tSESSION-c79e5eebc4868479 \u2192 host:103.155.16.117 \u2192 host:172.234.197.23\nflow_observed5-aryOBS\te:fo:flow:98c0b157084d\tflow:98c0b157084d \u2192 host:40.77.167.70 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nFLOW_FROM_HOSTOBS\te:from:SESSION-ff5fd6c4007b2145:host:172.234.197.23\tSESSION-ff5fd6c4007b2145 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-183409131ad9123b:host:124.129.100.19\tSESSION-183409131ad9123b \u2192 host:124.129.100.19\nFLOW_TO_HOSTOBS\te:to:SESSION-9b63d3522aab6528:host:172.232.0.17\tSESSION-9b63d3522aab6528 \u2192 host:172.232.0.17\nFLOW_FROM_HOSTOBS\te:from:SESSION-464991c3566dab39:host:63.179.136.145\tSESSION-464991c3566dab39 \u2192 host:63.179.136.145\nFLOW_DST_PORTOBS\te:fp:flow:2dba1bb6c758:port:tcp:37168\tflow:2dba1bb6c758 \u2192 port:tcp:37168\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-48b1abbe41658d68:SESSION-48b1abbe41658d68\tSESSION-48b1abbe41658d68 \u2192 pe:tls:SESSION-48b1abbe41658d68\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-4f726ca0d8d8e058:flow:23359d44f167\tSESSION-4f726ca0d8d8e058 \u2192 flow:23359d44f167\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-8f6eea3c975ecf64:SESSION-8f6eea3c975ecf64\tSESSION-8f6eea3c975ecf64 \u2192 pe:tls:SESSION-8f6eea3c975ecf64\nFLOW_TO_HOSTOBS\te:to:SESSION-60c9f814ed617fcc:host:172.234.197.23\tSESSION-60c9f814ed617fcc \u2192 host:172.234.197.23\nFLOW_DST_PORTOBS\te:fp:flow:b9a22427e56f:port:tcp:443\tflow:b9a22427e56f \u2192 port:tcp:443\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-d92c82faf3e575a2:host:103.155.16.117:host:172.234.197.23\tSESSION-d92c82faf3e575a2 \u2192 host:103.155.16.117 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-cb177f6b8a87aae0:host:172.234.197.23\tSESSION-cb177f6b8a87aae0 \u2192 host:172.234.197.23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-308a7d658a499624:flow:9661bdae631b\tSESSION-308a7d658a499624 \u2192 flow:9661bdae631b\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-77c2b91a994d6b29:SESSION-77c2b91a994d6b29\tSESSION-77c2b91a994d6b29 \u2192 pe:dns:SESSION-77c2b91a994d6b29\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-79b2777978dd27ca:flow:823309092ce5\tSESSION-79b2777978dd27ca \u2192 flow:823309092ce5\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%\te:bsg:SESSION-b58bf26b90688bb4:BSG-BEACON-f6c2b3d0e42d\tSESSION-b58bf26b90688bb4 \u2192 BSG-BEACON-f6c2b3d0e42d\nFLOW_FROM_HOSTOBS\te:from:SESSION-ed10882d03a99e9f:host:172.234.197.23\tSESSION-ed10882d03a99e9f \u2192 host:172.234.197.23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-f05eefe35c8f9a76:flow:9856a9006d65\tSESSION-f05eefe35c8f9a76 \u2192 flow:9856a9006d65\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-d65a73ebc3ea4bbf:flow:3a3e7a160682\tSESSION-d65a73ebc3ea4bbf \u2192 flow:3a3e7a160682\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-60d15048f5022601:host:172.234.197.23\tSESSION-60d15048f5022601 \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-19756d4907ce3f22:SESSION-19756d4907ce3f22\tSESSION-19756d4907ce3f22 \u2192 pe:syn:SESSION-19756d4907ce3f22\nFLOW_DST_PORTOBS\te:fp:flow:7cc2d28880a5:port:udp:53\tflow:7cc2d28880a5 \u2192 port:udp:53\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-f57befbbc9509b01:PCAP:capture_20260506070001:142364cf903b\tSESSION-f57befbbc9509b01 \u2192 PCAP:capture_20260506070001:142364cf903b\nflow_observed5-aryOBS\te:fo:flow:a6790ddc9702\tflow:a6790ddc9702 \u2192 host:74.7.242.149 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nFLOW_DST_PORTOBS\te:fp:flow:7d422775f052:port:tcp:18739\tflow:7d422775f052 \u2192 port:tcp:18739\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-fa3c66e6c8c7cc27:host:172.234.197.23\tSESSION-fa3c66e6c8c7cc27 \u2192 host:172.234.197.23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-9931d5e5bc996b57:flow:1e45f245d9e1\tSESSION-9931d5e5bc996b57 \u2192 flow:1e45f245d9e1\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:89.190.156.78:geo_52.37590_4.89750\thost:89.190.156.78 \u2192 geo_52.37590_4.89750\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-02436cab82ff2be9:host:172.234.197.23\tSESSION-02436cab82ff2be9 \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-3edcaa2f576ed9ad:host:89.190.156.78:host:172.234.197.23\tSESSION-3edcaa2f576ed9ad \u2192 host:89.190.156.78 \u2192 host:172.234.197.23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-062c72215e61d30f:flow:ae85aeeb1dac\tSESSION-062c72215e61d30f \u2192 flow:ae85aeeb1dac\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%\te:bsg:SESSION-d68993c6291186b3:BSG-BEACON-3e264b836441\tSESSION-d68993c6291186b3 \u2192 BSG-BEACON-3e264b836441\nFLOW_FROM_HOSTOBS\te:from:SESSION-ed5316eada695a91:host:172.234.197.23\tSESSION-ed5316eada695a91 \u2192 host:172.234.197.23\nflow_observed4-aryOBS\te:fo:flow:ad158fcc812d\tflow:ad158fcc812d \u2192 host:172.234.197.23 \u2192 host:45.61.133.121 \u2192 port:tcp:63631\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-062c72215e61d30f:SESSION-062c72215e61d30f\tSESSION-062c72215e61d30f \u2192 pe:syn:SESSION-062c72215e61d30f\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-b868bf37bed38f15:host:172.234.197.23:host:192.119.111.204\tSESSION-b868bf37bed38f15 \u2192 host:172.234.197.23 \u2192 host:192.119.111.204\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-0f1fcc9050279648:SESSION-0f1fcc9050279648\tSESSION-0f1fcc9050279648 \u2192 pe:tls:SESSION-0f1fcc9050279648\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-e06fb47105f2ac43:host:103.155.16.117:host:172.234.197.23\tSESSION-e06fb47105f2ac43 \u2192 host:103.155.16.117 \u2192 host:172.234.197.23\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:51.224.145.102:geo_52.51960_13.40690\thost:51.224.145.102 \u2192 geo_52.51960_13.40690\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-d4b585270ad704cf:PCAP:capture_20260506040001:e9f965e38ce8\tSESSION-d4b585270ad704cf \u2192 PCAP:capture_20260506040001:e9f965e38ce8\nFLOW_FROM_HOSTOBS\te:from:SESSION-4305e5b024f7a223:host:172.234.197.23\tSESSION-4305e5b024f7a223 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-308a7d658a499624:host:81.29.142.50\tSESSION-308a7d658a499624 \u2192 host:81.29.142.50\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-e07ada5095ddfcf9:flow:225be6166274\tSESSION-e07ada5095ddfcf9 \u2192 flow:225be6166274\nFLOW_FROM_HOSTOBS\te:from:SESSION-4390daf7eeef0d52:host:172.234.197.23\tSESSION-4390daf7eeef0d52 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-742f34cda3a4e617:PCAP:capture_20260506080002:53e6ba03f554\tSESSION-742f34cda3a4e617 \u2192 PCAP:capture_20260506080002:53e6ba03f554\nFLOW_FROM_HOSTOBS\te:from:SESSION-8e6dba6c98daea8c:host:89.190.156.78\tSESSION-8e6dba6c98daea8c \u2192 host:89.190.156.78\nflow_observed5-aryOBS\te:fo:flow:c3dc2fae803e\tflow:c3dc2fae803e \u2192 host:74.7.175.174 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nFLOW_DST_PORTOBS\te:fp:flow:526ed535a114:port:tcp:58327\tflow:526ed535a114 \u2192 port:tcp:58327\nFLOW_DST_PORTOBS\te:fp:flow:de5fce5ad04d:port:tcp:57742\tflow:de5fce5ad04d \u2192 port:tcp:57742\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-0f1fcc9050279648:flow:551e75da8fde\tSESSION-0f1fcc9050279648 \u2192 flow:551e75da8fde\nFLOW_TO_HOSTOBS\te:to:SESSION-54b06c4ee1c885b8:host:172.232.0.17\tSESSION-54b06c4ee1c885b8 \u2192 host:172.232.0.17\nflow_observed4-aryOBS\te:fo:flow:fd171cb16a1a\tflow:fd171cb16a1a \u2192 host:172.234.197.23 \u2192 host:104.194.149.41 \u2192 port:tcp:58020\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-5b5e9844e8d91210:host:172.234.197.23\tSESSION-5b5e9844e8d91210 \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-8321b4fe85ec7c76:host:172.234.197.23:host:172.232.0.17\tSESSION-8321b4fe85ec7c76 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nflow_observed5-aryOBS\te:fo:flow:e7ea76711a78\tflow:e7ea76711a78 \u2192 host:89.190.156.78 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nflow_observed5-aryOBS\te:fo:flow:39a4be8c95c8\tflow:39a4be8c95c8 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-9bfef0c13717a796:host:172.234.197.23:host:45.61.133.121\tSESSION-9bfef0c13717a796 \u2192 host:172.234.197.23 \u2192 host:45.61.133.121\nFLOW_FROM_HOSTOBS\te:from:SESSION-97e750ad2d476b32:host:103.155.16.117\tSESSION-97e750ad2d476b32 \u2192 host:103.155.16.117\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-17520ab71e811bf1:host:172.234.197.23\tSESSION-17520ab71e811bf1 \u2192 host:172.234.197.23\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%\te:bsg:SESSION-4f93282fb27f899d:BSG-BEACON-f6c2b3d0e42d\tSESSION-4f93282fb27f899d \u2192 BSG-BEACON-f6c2b3d0e42d\nFLOW_TO_HOSTOBS\te:to:SESSION-90d6ffa3c7df5be4:host:172.232.0.17\tSESSION-90d6ffa3c7df5be4 \u2192 host:172.232.0.17\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-e96b201766459115:PCAP:capture_20260506040001:e9f965e38ce8\tSESSION-e96b201766459115 \u2192 PCAP:capture_20260506040001:e9f965e38ce8\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%\te:bsg:SESSION-e123b6403f799b1d:BSG-DATA_EXFIL-94dc914f8283\tSESSION-e123b6403f799b1d \u2192 BSG-DATA_EXFIL-94dc914f8283\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-441a69db47f1f67e:host:106.107.248.155\tSESSION-441a69db47f1f67e \u2192 host:106.107.248.155\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-06c2cef68b8aaa66:PCAP:capture_20260506070001:142364cf903b\tSESSION-06c2cef68b8aaa66 \u2192 PCAP:capture_20260506070001:142364cf903b\nHOST_IN_ASNOBS 85%\te:ha:host:104.194.145.47:asn:198983\thost:104.194.145.47 \u2192 asn:198983\nASN_IN_ORGOBS 80%\te:ao:asn:577:org:Bell Canada\tasn:577 \u2192 org:Bell Canada\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-1f294c1fb71330bd:host:172.234.197.23:host:172.232.0.17\tSESSION-1f294c1fb71330bd \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-e123b6403f799b1d:flow:98c0b157084d\tSESSION-e123b6403f799b1d \u2192 flow:98c0b157084d\nflow_observed4-aryOBS\te:fo:flow:d9cbf99a4686\tflow:d9cbf99a4686 \u2192 host:172.234.197.23 \u2192 host:92.118.39.23 \u2192 port:tcp:26966\nFLOW_FROM_HOSTOBS\te:from:SESSION-4473489472864a95:host:172.234.197.23\tSESSION-4473489472864a95 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-2aaccea6dccbc46a:host:172.232.0.17\tSESSION-2aaccea6dccbc46a \u2192 host:172.232.0.17\nflow_observed5-aryOBS\te:fo:flow:fa86c0038549\tflow:fa86c0038549 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nFLOW_TO_HOSTOBS\te:to:SESSION-7155cec198655999:host:172.232.0.17\tSESSION-7155cec198655999 \u2192 host:172.232.0.17\nHOST_IN_ASNOBS 85%\te:ha:host:185.125.190.56:asn:41231\thost:185.125.190.56 \u2192 asn:41231\nflow_observed4-aryOBS\te:fo:flow:526ed535a114\tflow:526ed535a114 \u2192 host:172.234.197.23 \u2192 host:104.194.145.47 \u2192 port:tcp:58327\nFLOW_FROM_HOSTOBS\te:from:SESSION-868e23b316c7b0f8:host:172.234.197.23\tSESSION-868e23b316c7b0f8 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-0ee78febbe613cbe:host:103.155.16.117\tSESSION-0ee78febbe613cbe \u2192 host:103.155.16.117\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 50%\te:bsg:SESSION-9273bd2df9f7c64b:BSG-DATA_EXFIL-11b63b9d53b9\tSESSION-9273bd2df9f7c64b \u2192 BSG-DATA_EXFIL-11b63b9d53b9\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-19756d4907ce3f22:host:172.236.228.38:host:172.234.197.23\tSESSION-19756d4907ce3f22 \u2192 host:172.236.228.38 \u2192 host:172.234.197.23\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:107.189.27.59:geo_52.43630_4.82770\thost:107.189.27.59 \u2192 geo_52.43630_4.82770\nflow_observed4-aryOBS\te:fo:flow:f082ca34669c\tflow:f082ca34669c \u2192 host:172.234.197.23 \u2192 host:2.57.122.196 \u2192 port:tcp:3392\nflow_observed5-aryOBS\te:fo:flow:df64d227b047\tflow:df64d227b047 \u2192 host:89.190.156.78 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nflow_observed3-aryOBS\te:fo:flow:07feb12ee68f\tflow:07feb12ee68f \u2192 host:103.155.16.117 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-f05eefe35c8f9a76:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-f05eefe35c8f9a76 \u2192 PCAP:capture_20260506130001:193918cc1ff8\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-c0f54da92702e4ac:PCAP:capture_20260506040001:e9f965e38ce8\tSESSION-c0f54da92702e4ac \u2192 PCAP:capture_20260506040001:e9f965e38ce8\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-ce73b8d8d0c5eb5d:host:2.57.122.193\tSESSION-ce73b8d8d0c5eb5d \u2192 host:2.57.122.193\nFLOW_TO_HOSTOBS\te:to:SESSION-0ee78febbe613cbe:host:172.234.197.23\tSESSION-0ee78febbe613cbe \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-f57befbbc9509b01:host:172.234.197.23\tSESSION-f57befbbc9509b01 \u2192 host:172.234.197.23\nHOST_IN_ASNOBS 85%\te:ha:host:2.57.122.194:asn:47890\thost:2.57.122.194 \u2192 asn:47890\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-48b1abbe41658d68:host:172.234.197.23:host:195.211.96.85\tSESSION-48b1abbe41658d68 \u2192 host:172.234.197.23 \u2192 host:195.211.96.85\nFLOW_FROM_HOSTOBS\te:from:SESSION-eda5f2c165ee908a:host:172.234.197.23\tSESSION-eda5f2c165ee908a \u2192 host:172.234.197.23\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:170.187.163.133:geo_40.82290_-74.45920\thost:170.187.163.133 \u2192 geo_40.82290_-74.45920\nHOST_IN_ASNOBS 85%\te:ha:host:104.194.149.41:asn:198983\thost:104.194.149.41 \u2192 asn:198983\nFLOW_DST_PORTOBS\te:fp:flow:18f0172914c9:port:udp:53\tflow:18f0172914c9 \u2192 port:udp:53\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-c5aeac75f92d444f:host:162.214.75.117:host:172.234.197.23\tSESSION-c5aeac75f92d444f \u2192 host:162.214.75.117 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-183409131ad9123b:host:124.129.100.19\tSESSION-183409131ad9123b \u2192 host:124.129.100.19\nFLOW_TO_HOSTOBS\te:to:SESSION-d05fb923cf4a0ee4:host:172.234.197.23\tSESSION-d05fb923cf4a0ee4 \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-f52f57c02498535b:SESSION-f52f57c02498535b\tSESSION-f52f57c02498535b \u2192 pe:tls:SESSION-f52f57c02498535b\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-4390daf7eeef0d52:PCAP:capture_20260506060001:f9f9110b5bb4\tSESSION-4390daf7eeef0d52 \u2192 PCAP:capture_20260506060001:f9f9110b5bb4\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-a13a17be1b938278:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-a13a17be1b938278 \u2192 PCAP:capture_20260506130001:193918cc1ff8\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-ed5316eada695a91:host:172.232.0.17\tSESSION-ed5316eada695a91 \u2192 host:172.232.0.17\nFLOW_DST_PORTOBS\te:fp:flow:b8e6066fd4c7:port:tcp:443\tflow:b8e6066fd4c7 \u2192 port:tcp:443\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-f0b8de3575b1c3f3:host:172.234.197.23:host:45.227.254.170\tSESSION-f0b8de3575b1c3f3 \u2192 host:172.234.197.23 \u2192 host:45.227.254.170\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:45.156.87.254:geo_50.88970_6.05630\thost:45.156.87.254 \u2192 geo_50.88970_6.05630\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-1f294c1fb71330bd:host:172.234.197.23\tSESSION-1f294c1fb71330bd \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-8db7c39e7c6a0413:SESSION-8db7c39e7c6a0413\tSESSION-8db7c39e7c6a0413 \u2192 pe:syn:SESSION-8db7c39e7c6a0413\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-d05fb923cf4a0ee4:flow:04542ba83818\tSESSION-d05fb923cf4a0ee4 \u2192 flow:04542ba83818\nFLOW_QUERIED_DNSOBS\te:fd:flow:e6a35db00740:dns:172-234-197-23.ip.linodeusercontent.com\tflow:e6a35db00740 \u2192 dns:172-234-197-23.ip.linodeusercontent.com\nflow_observed4-aryOBS\te:fo:flow:7bb80f6e2570\tflow:7bb80f6e2570 \u2192 host:172.234.197.23 \u2192 host:211.251.245.88 \u2192 port:tcp:41574\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-464991c3566dab39:flow:19793244e1ec\tSESSION-464991c3566dab39 \u2192 flow:19793244e1ec\nflow_observed3-aryOBS\te:fo:flow:9856a9006d65\tflow:9856a9006d65 \u2192 host:172.234.197.23 \u2192 host:2.57.122.194\nASN_IN_ORGOBS 80%\te:ao:asn:26496:org:GoDaddy.com, LLC\tasn:26496 \u2192 org:GoDaddy.com, LLC\nFLOW_FROM_HOSTOBS\te:from:SESSION-f05eefe35c8f9a76:host:172.234.197.23\tSESSION-f05eefe35c8f9a76 \u2192 host:172.234.197.23\nFLOW_QUERIED_DNSOBS\te:fd:flow:61ec9c17e8a7:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\tflow:61ec9c17e8a7 \u2192 dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-06f3798479e59b72:SESSION-06f3798479e59b72\tSESSION-06f3798479e59b72 \u2192 pe:rst:SESSION-06f3798479e59b72\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-90d6ffa3c7df5be4:SESSION-90d6ffa3c7df5be4\tSESSION-90d6ffa3c7df5be4 \u2192 pe:dns:SESSION-90d6ffa3c7df5be4\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-e96b201766459115:host:45.33.109.10:host:172.234.197.23\tSESSION-e96b201766459115 \u2192 host:45.33.109.10 \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-464991c3566dab39:host:172.234.197.23\tSESSION-464991c3566dab39 \u2192 host:172.234.197.23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-ed10882d03a99e9f:flow:98684bb183ca\tSESSION-ed10882d03a99e9f \u2192 flow:98684bb183ca\nFLOW_TO_HOSTOBS\te:to:SESSION-dd0bfa1ac17855c2:host:172.234.197.23\tSESSION-dd0bfa1ac17855c2 \u2192 host:172.234.197.23\nflow_observed5-aryOBS\te:fo:flow:551e75da8fde\tflow:551e75da8fde \u2192 host:185.247.137.22 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nFLOW_QUERIED_DNSOBS\te:fd:flow:e903432acbba:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\tflow:e903432acbba \u2192 dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\nHOST_IN_ASNOBS 85%\te:ha:host:211.251.245.88:asn:4766\thost:211.251.245.88 \u2192 asn:4766\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-e123b6403f799b1d:SESSION-e123b6403f799b1d\tSESSION-e123b6403f799b1d \u2192 pe:syn:SESSION-e123b6403f799b1d\nflow_observed5-aryOBS\te:fo:flow:e2978a833c12\tflow:e2978a833c12 \u2192 host:89.190.156.78 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-537b4787a5d32b32:host:172.234.197.23\tSESSION-537b4787a5d32b32 \u2192 host:172.234.197.23\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%\te:bsg:SESSION-79b2777978dd27ca:BSG-BEACON-f6c2b3d0e42d\tSESSION-79b2777978dd27ca \u2192 BSG-BEACON-f6c2b3d0e42d\nFLOW_FROM_HOSTOBS\te:from:SESSION-e9d6c100dac5ff40:host:172.234.197.23\tSESSION-e9d6c100dac5ff40 \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-88032ac2aa7f41ae:host:89.190.156.78:host:172.234.197.23\tSESSION-88032ac2aa7f41ae \u2192 host:89.190.156.78 \u2192 host:172.234.197.23\nFLOW_DST_PORTOBS\te:fp:flow:7bb80f6e2570:port:tcp:41574\tflow:7bb80f6e2570 \u2192 port:tcp:41574\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%\te:bsg:SESSION-acef8d31e86c7acd:BSG-BEACON-f6c2b3d0e42d\tSESSION-acef8d31e86c7acd \u2192 BSG-BEACON-f6c2b3d0e42d\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-d05fb923cf4a0ee4:host:45.33.109.10\tSESSION-d05fb923cf4a0ee4 \u2192 host:45.33.109.10\nFLOW_TO_HOSTOBS\te:to:SESSION-a6bd6f290a9108c0:host:172.234.197.23\tSESSION-a6bd6f290a9108c0 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-ed10882d03a99e9f:host:172.234.197.23\tSESSION-ed10882d03a99e9f \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-e7ce4665dfa45d3c:host:172.234.197.23:host:172.232.0.17\tSESSION-e7ce4665dfa45d3c \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nFLOW_TO_HOSTOBS\te:to:SESSION-77c2b91a994d6b29:host:172.232.0.17\tSESSION-77c2b91a994d6b29 \u2192 host:172.232.0.17\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-17520ab71e811bf1:SESSION-17520ab71e811bf1\tSESSION-17520ab71e811bf1 \u2192 pe:tls:SESSION-17520ab71e811bf1\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-1ae5761b52438ad8:flow:2dba1bb6c758\tSESSION-1ae5761b52438ad8 \u2192 flow:2dba1bb6c758\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%\te:bsg:SESSION-c0f54da92702e4ac:BSG-BEACON-3e264b836441\tSESSION-c0f54da92702e4ac \u2192 BSG-BEACON-3e264b836441\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-ec3a8cbc58b1e5f2:host:74.7.175.174:host:172.234.197.23\tSESSION-ec3a8cbc58b1e5f2 \u2192 host:74.7.175.174 \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-a13a17be1b938278:host:172.234.197.23:host:104.194.145.47\tSESSION-a13a17be1b938278 \u2192 host:172.234.197.23 \u2192 host:104.194.145.47\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-acef8d31e86c7acd:SESSION-acef8d31e86c7acd\tSESSION-acef8d31e86c7acd \u2192 pe:dns:SESSION-acef8d31e86c7acd\nFLOW_TO_HOSTOBS\te:to:SESSION-e0cca33290218eee:host:172.234.197.23\tSESSION-e0cca33290218eee \u2192 host:172.234.197.23\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:104.194.145.47:geo_51.49640_-0.12240\thost:104.194.145.47 \u2192 geo_51.49640_-0.12240\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%\te:bsg:SESSION-e3fc51c5a9708a6d:BSG-BEACON-f6c2b3d0e42d\tSESSION-e3fc51c5a9708a6d \u2192 BSG-BEACON-f6c2b3d0e42d\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-6fdf8b8840f3f546:flow:3e4cd8770b96\tSESSION-6fdf8b8840f3f546 \u2192 flow:3e4cd8770b96\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-34b2326f558473f5:host:172.234.197.23\tSESSION-34b2326f558473f5 \u2192 host:172.234.197.23\nFLOW_DST_PORTOBS\te:fp:flow:a6ea0602e5c3:port:udp:53\tflow:a6ea0602e5c3 \u2192 port:udp:53\nFLOW_DST_PORTOBS\te:fp:flow:e6a35db00740:port:udp:53\tflow:e6a35db00740 \u2192 port:udp:53\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:74.82.47.3:geo_39.15930_-111.81900\thost:74.82.47.3 \u2192 geo_39.15930_-111.81900\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-3bdf02dba5935e9e:host:172.234.197.23\tSESSION-3bdf02dba5935e9e \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-ee97936cb69b9d13:host:46.151.178.13:host:172.234.197.23\tSESSION-ee97936cb69b9d13 \u2192 host:46.151.178.13 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-5012aad9b09bf0eb:host:172.234.197.23\tSESSION-5012aad9b09bf0eb \u2192 host:172.234.197.23\nFLOW_DST_PORTOBS\te:fp:flow:8d353e4da0fd:port:tcp:443\tflow:8d353e4da0fd \u2192 port:tcp:443\nFLOW_DST_PORTOBS\te:fp:flow:b043921b4335:port:tcp:443\tflow:b043921b4335 \u2192 port:tcp:443\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-28215304c7f8ba86:flow:d8584035cf2a\tSESSION-28215304c7f8ba86 \u2192 flow:d8584035cf2a\nflow_observed5-aryOBS\te:fo:flow:deb2950ce21a\tflow:deb2950ce21a \u2192 host:89.190.156.78 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nflow_observed3-aryOBS\te:fo:flow:9c788f76936f\tflow:9c788f76936f \u2192 host:172.234.197.23 \u2192 host:2.57.122.196\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-de4dfe84e12d6d3a:SESSION-de4dfe84e12d6d3a\tSESSION-de4dfe84e12d6d3a \u2192 pe:dns:SESSION-de4dfe84e12d6d3a\nflow_observed3-aryOBS\te:fo:flow:ed98d1d2d802\tflow:ed98d1d2d802 \u2192 host:124.129.100.19 \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-bae5bc563a407479:host:172.234.197.23:host:2.57.122.196\tSESSION-bae5bc563a407479 \u2192 host:172.234.197.23 \u2192 host:2.57.122.196\nHOST_IN_ASNOBS 85%\te:ha:host:92.118.39.235:asn:47890\thost:92.118.39.235 \u2192 asn:47890\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-7549dce926e94eea:SESSION-7549dce926e94eea\tSESSION-7549dce926e94eea \u2192 pe:syn:SESSION-7549dce926e94eea\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-88b7a3fbe4aa9c73:host:172.234.197.23\tSESSION-88b7a3fbe4aa9c73 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-b9cb91009e614d5f:host:172.234.197.23\tSESSION-b9cb91009e614d5f \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-06c2cef68b8aaa66:host:172.234.197.23\tSESSION-06c2cef68b8aaa66 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-e07ada5095ddfcf9:host:45.153.34.112\tSESSION-e07ada5095ddfcf9 \u2192 host:45.153.34.112\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-e9d6c100dac5ff40:host:172.234.197.23:host:213.209.159.56\tSESSION-e9d6c100dac5ff40 \u2192 host:172.234.197.23 \u2192 host:213.209.159.56\nFLOW_DST_PORTOBS\te:fp:flow:c1c688f8cf4a:port:udp:53\tflow:c1c688f8cf4a \u2192 port:udp:53\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-4305e5b024f7a223:host:172.234.197.23\tSESSION-4305e5b024f7a223 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-9b63d3522aab6528:PCAP:capture_20260506100001:1dcaef79479b\tSESSION-9b63d3522aab6528 \u2192 PCAP:capture_20260506100001:1dcaef79479b\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-88b7a3fbe4aa9c73:SESSION-88b7a3fbe4aa9c73\tSESSION-88b7a3fbe4aa9c73 \u2192 pe:syn:SESSION-88b7a3fbe4aa9c73\nFLOW_QUERIED_DNSOBS\te:fd:flow:c1c688f8cf4a:dns:172-234-197-23.ip.linodeusercontent.com\tflow:c1c688f8cf4a \u2192 dns:172-234-197-23.ip.linodeusercontent.com\nFLOW_FROM_HOSTOBS\te:from:SESSION-00e01dcc7487e071:host:92.118.39.235\tSESSION-00e01dcc7487e071 \u2192 host:92.118.39.235\nflow_observed5-aryOBS\te:fo:flow:823309092ce5\tflow:823309092ce5 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-54190c4a9018c8b2:PCAP:capture_20260506090001:f14948ae9de4\tSESSION-54190c4a9018c8b2 \u2192 PCAP:capture_20260506090001:f14948ae9de4\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-441a69db47f1f67e:PCAP:capture_20260506110001:db30e8f19576\tSESSION-441a69db47f1f67e \u2192 PCAP:capture_20260506110001:db30e8f19576\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-1f294c1fb71330bd:flow:1fc954fe1e5f\tSESSION-1f294c1fb71330bd \u2192 flow:1fc954fe1e5f\nFLOW_TO_HOSTOBS\te:to:SESSION-e25260d84d1899f3:host:172.232.0.17\tSESSION-e25260d84d1899f3 \u2192 host:172.232.0.17\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-742f34cda3a4e617:flow:8d08ea6ea9f9\tSESSION-742f34cda3a4e617 \u2192 flow:8d08ea6ea9f9\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-64839ebd252cff52:host:172.234.197.23:host:45.156.87.254\tSESSION-64839ebd252cff52 \u2192 host:172.234.197.23 \u2192 host:45.156.87.254\nFLOW_QUERIED_DNSOBS\te:fd:flow:6e2a85228dbb:dns:172-234-197-23.ip.linodeusercontent.com\tflow:6e2a85228dbb \u2192 dns:172-234-197-23.ip.linodeusercontent.com\nFLOW_DST_PORTOBS\te:fp:flow:d9af8e073824:port:tcp:26966\tflow:d9af8e073824 \u2192 port:tcp:26966\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-441a69db47f1f67e:host:106.107.248.155:host:172.234.197.23\tSESSION-441a69db47f1f67e \u2192 host:106.107.248.155 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-d4b585270ad704cf:host:45.33.109.10\tSESSION-d4b585270ad704cf \u2192 host:45.33.109.10\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-64cf3cf6299680da:host:172.234.197.23\tSESSION-64cf3cf6299680da \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-d65a73ebc3ea4bbf:host:172.234.197.23\tSESSION-d65a73ebc3ea4bbf \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-f0b8de3575b1c3f3:host:172.234.197.23\tSESSION-f0b8de3575b1c3f3 \u2192 host:172.234.197.23\nflow_observed4-aryOBS\te:fo:flow:6845e8b68c70\tflow:6845e8b68c70 \u2192 host:91.204.208.35 \u2192 host:172.234.197.23 \u2192 port:tcp:23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-ea4986b0ffcf3593:host:172.234.197.23\tSESSION-ea4986b0ffcf3593 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-bb28c78a797947d2:host:172.234.197.23\tSESSION-bb28c78a797947d2 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-6fdf8b8840f3f546:host:5.34.178.101\tSESSION-6fdf8b8840f3f546 \u2192 host:5.34.178.101\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-51919fc68b872311:PCAP:capture_20260506100001:1dcaef79479b\tSESSION-51919fc68b872311 \u2192 PCAP:capture_20260506100001:1dcaef79479b\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%\te:bsg:SESSION-2aaccea6dccbc46a:BSG-BEACON-f6c2b3d0e42d\tSESSION-2aaccea6dccbc46a \u2192 BSG-BEACON-f6c2b3d0e42d\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-bae5bc563a407479:flow:258abd61bf99\tSESSION-bae5bc563a407479 \u2192 flow:258abd61bf99\nFLOW_TO_HOSTOBS\te:to:SESSION-88b7a3fbe4aa9c73:host:172.234.197.23\tSESSION-88b7a3fbe4aa9c73 \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-8e6dba6c98daea8c:host:89.190.156.78:host:172.234.197.23\tSESSION-8e6dba6c98daea8c \u2192 host:89.190.156.78 \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-90d6ffa3c7df5be4:host:172.234.197.23:host:172.232.0.17\tSESSION-90d6ffa3c7df5be4 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-fcda3062255c0ddf:host:172.234.197.23:host:92.118.39.235\tSESSION-fcda3062255c0ddf \u2192 host:172.234.197.23 \u2192 host:92.118.39.235\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-613308d4fce0daf0:flow:d6f713bf2ef5\tSESSION-613308d4fce0daf0 \u2192 flow:d6f713bf2ef5\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-e96b201766459115:SESSION-e96b201766459115\tSESSION-e96b201766459115 \u2192 pe:rst:SESSION-e96b201766459115\nFLOW_TO_HOSTOBS\te:to:SESSION-e3fc51c5a9708a6d:host:172.232.0.17\tSESSION-e3fc51c5a9708a6d \u2192 host:172.232.0.17\nFLOW_DST_PORTOBS\te:fp:flow:dd2a74d69ecd:port:tcp:443\tflow:dd2a74d69ecd \u2192 port:tcp:443\nFLOW_DST_PORTOBS\te:fp:flow:eb8627c18ed1:port:tcp:57742\tflow:eb8627c18ed1 \u2192 port:tcp:57742\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-49ed4f4a29cfb6b3:flow:7673e13f4289\tSESSION-49ed4f4a29cfb6b3 \u2192 flow:7673e13f4289\nflow_observed5-aryOBS\te:fo:flow:114a8ab669ec\tflow:114a8ab669ec \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-60d15048f5022601:flow:eab42a9b6bf8\tSESSION-60d15048f5022601 \u2192 flow:eab42a9b6bf8\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 65%\te:bsg:SESSION-51919fc68b872311:BSG-DATA_EXFIL-732524e71ecb\tSESSION-51919fc68b872311 \u2192 BSG-DATA_EXFIL-732524e71ecb\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-64839ebd252cff52:host:45.156.87.254\tSESSION-64839ebd252cff52 \u2192 host:45.156.87.254\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-cc57470cff674b4d:host:172.234.197.23:host:2.57.122.194\tSESSION-cc57470cff674b4d \u2192 host:172.234.197.23 \u2192 host:2.57.122.194\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-54190c4a9018c8b2:flow:63ff435747ca\tSESSION-54190c4a9018c8b2 \u2192 flow:63ff435747ca\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-0f1fcc9050279648:host:185.247.137.22\tSESSION-0f1fcc9050279648 \u2192 host:185.247.137.22\nFLOW_DST_PORTOBS\te:fp:flow:c31e76db5dae:port:udp:53\tflow:c31e76db5dae \u2192 port:udp:53\nflow_observed5-aryOBS\te:fo:flow:6e2a85228dbb\tflow:6e2a85228dbb \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nFLOW_DST_PORTOBS\te:fp:flow:7d994515472c:port:tcp:22\tflow:7d994515472c \u2192 port:tcp:22\nFLOW_FROM_HOSTOBS\te:from:SESSION-51919fc68b872311:host:66.228.53.78\tSESSION-51919fc68b872311 \u2192 host:66.228.53.78\nFLOW_FROM_HOSTOBS\te:from:SESSION-17520ab71e811bf1:host:52.232.35.131\tSESSION-17520ab71e811bf1 \u2192 host:52.232.35.131\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-56800f0e4776fb43:host:172.234.197.23\tSESSION-56800f0e4776fb43 \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-062c72215e61d30f:host:172.234.197.23\tSESSION-062c72215e61d30f \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-386b135d546c92f7:host:103.81.111.187\tSESSION-386b135d546c92f7 \u2192 host:103.81.111.187\nFLOW_TO_HOSTOBS\te:to:SESSION-48df9718fdcf0dd4:host:70.54.182.130\tSESSION-48df9718fdcf0dd4 \u2192 host:70.54.182.130\nFLOW_TO_HOSTOBS\te:to:SESSION-a6c427a7783be300:host:172.234.197.23\tSESSION-a6c427a7783be300 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-7549dce926e94eea:host:172.234.197.23\tSESSION-7549dce926e94eea \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-7549dce926e94eea:host:89.190.156.78\tSESSION-7549dce926e94eea \u2192 host:89.190.156.78\nFLOW_FROM_HOSTOBS\te:from:SESSION-e0cca33290218eee:host:74.7.243.62\tSESSION-e0cca33290218eee \u2192 host:74.7.243.62\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-06f3798479e59b72:PCAP:capture_20260506070001:142364cf903b\tSESSION-06f3798479e59b72 \u2192 PCAP:capture_20260506070001:142364cf903b\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%\te:bsg:SESSION-4b726f82be41475c:BSG-BEACON-a8a8c3c8a37f\tSESSION-4b726f82be41475c \u2192 BSG-BEACON-a8a8c3c8a37f\nASN_IN_ORGOBS 80%\te:ao:asn:47890:org:Unmanaged Ltd\tasn:47890 \u2192 org:Unmanaged Ltd\nflow_observed4-aryOBS\te:fo:flow:649ec01154f8\tflow:649ec01154f8 \u2192 host:172.234.197.23 \u2192 host:2.57.122.193 \u2192 port:tcp:50248\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-51e53ba41d3daf57:host:185.247.137.6\tSESSION-51e53ba41d3daf57 \u2192 host:185.247.137.6\nFLOW_FROM_HOSTOBS\te:from:SESSION-6fdf8b8840f3f546:host:172.234.197.23\tSESSION-6fdf8b8840f3f546 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-0f63d360cf143853:host:89.190.156.78\tSESSION-0f63d360cf143853 \u2192 host:89.190.156.78\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-79a0413209e2baca:PCAP:capture_20260506040001:e9f965e38ce8\tSESSION-79a0413209e2baca \u2192 PCAP:capture_20260506040001:e9f965e38ce8\nFLOW_TO_HOSTOBS\te:to:SESSION-eda5f2c165ee908a:host:104.21.7.232\tSESSION-eda5f2c165ee908a \u2192 host:104.21.7.232\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%\te:bsg:SESSION-1f294c1fb71330bd:BSG-BEACON-f6c2b3d0e42d\tSESSION-1f294c1fb71330bd \u2192 BSG-BEACON-f6c2b3d0e42d\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-17520ab71e811bf1:PCAP:capture_20260506140001:5d47d72c8963\tSESSION-17520ab71e811bf1 \u2192 PCAP:capture_20260506140001:5d47d72c8963\nFLOW_FROM_HOSTOBS\te:from:SESSION-03da2e7ddf212c4e:host:103.25.56.113\tSESSION-03da2e7ddf212c4e \u2192 host:103.25.56.113\nFLOW_FROM_HOSTOBS\te:from:SESSION-63905cf2a7bf050e:host:172.234.197.23\tSESSION-63905cf2a7bf050e \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-eda5f2c165ee908a:host:172.234.197.23\tSESSION-eda5f2c165ee908a \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-e123b6403f799b1d:host:40.77.167.70\tSESSION-e123b6403f799b1d \u2192 host:40.77.167.70\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-2aaccea6dccbc46a:PCAP:capture_20260506140001:5d47d72c8963\tSESSION-2aaccea6dccbc46a \u2192 PCAP:capture_20260506140001:5d47d72c8963\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-88b7a3fbe4aa9c73:host:185.247.137.206:host:172.234.197.23\tSESSION-88b7a3fbe4aa9c73 \u2192 host:185.247.137.206 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-868e23b316c7b0f8:host:172.234.197.23\tSESSION-868e23b316c7b0f8 \u2192 host:172.234.197.23\nASN_IN_ORGOBS 80%\te:ao:asn:138915:org:Kaopu Cloud HK Limited\tasn:138915 \u2192 org:Kaopu Cloud HK Limited\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-12e4996e91ea82c2:SESSION-12e4996e91ea82c2\tSESSION-12e4996e91ea82c2 \u2192 pe:tls:SESSION-12e4996e91ea82c2\nFLOW_DST_PORTOBS\te:fp:flow:eea34932bdf6:port:udp:53\tflow:eea34932bdf6 \u2192 port:udp:53\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-1b2f39e4e24dfa1e:SESSION-1b2f39e4e24dfa1e\tSESSION-1b2f39e4e24dfa1e \u2192 pe:syn:SESSION-1b2f39e4e24dfa1e\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:192.119.111.204:geo_37.75100_-97.82200\thost:192.119.111.204 \u2192 geo_37.75100_-97.82200\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-ff5fd6c4007b2145:flow:274ee5f63645\tSESSION-ff5fd6c4007b2145 \u2192 flow:274ee5f63645\nFLOW_DST_PORTOBS\te:fp:flow:39fd59b217e1:port:udp:53\tflow:39fd59b217e1 \u2192 port:udp:53\nFLOW_DST_PORTOBS\te:fp:flow:a4aa40b777fd:port:tcp:52976\tflow:a4aa40b777fd \u2192 port:tcp:52976\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-60c9f814ed617fcc:SESSION-60c9f814ed617fcc\tSESSION-60c9f814ed617fcc \u2192 pe:rst:SESSION-60c9f814ed617fcc\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-b9cb91009e614d5f:flow:1da98017ced9\tSESSION-b9cb91009e614d5f \u2192 flow:1da98017ced9\nASN_IN_ORGOBS 80%\te:ao:asn:208137:org:Feo Prest SRL\tasn:208137 \u2192 org:Feo Prest SRL\nHOST_IN_ASNOBS 85%\te:ha:host:74.82.47.3:asn:6939\thost:74.82.47.3 \u2192 asn:6939\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-003788b015d527cd:host:172.234.197.23:host:45.156.87.254\tSESSION-003788b015d527cd \u2192 host:172.234.197.23 \u2192 host:45.156.87.254\nFLOW_TO_HOSTOBS\te:to:SESSION-56800f0e4776fb43:host:172.234.197.23\tSESSION-56800f0e4776fb43 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-ed5316eada695a91:host:172.234.197.23\tSESSION-ed5316eada695a91 \u2192 host:172.234.197.23\nFLOW_DST_PORTOBS\te:fp:flow:469687814548:port:tcp:443\tflow:469687814548 \u2192 port:tcp:443\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-8321b4fe85ec7c76:host:172.234.197.23\tSESSION-8321b4fe85ec7c76 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-1ae5761b52438ad8:host:172.234.197.23\tSESSION-1ae5761b52438ad8 \u2192 host:172.234.197.23\nFLOW_DST_PORTOBS\te:fp:flow:79c6b8311121:port:tcp:443\tflow:79c6b8311121 \u2192 port:tcp:443\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-88b7a3fbe4aa9c73:flow:6cdc7ef329cb\tSESSION-88b7a3fbe4aa9c73 \u2192 flow:6cdc7ef329cb\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-8e6dba6c98daea8c:host:172.234.197.23\tSESSION-8e6dba6c98daea8c \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-7155cec198655999:SESSION-7155cec198655999\tSESSION-7155cec198655999 \u2192 pe:dns:SESSION-7155cec198655999\nflow_observed3-aryOBS\te:fo:flow:780372653948\tflow:780372653948 \u2192 host:3.126.146.176 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-8f6eea3c975ecf64:host:74.7.242.172\tSESSION-8f6eea3c975ecf64 \u2192 host:74.7.242.172\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-49abda6ad4a45bbb:SESSION-49abda6ad4a45bbb\tSESSION-49abda6ad4a45bbb \u2192 pe:dns:SESSION-49abda6ad4a45bbb\nHOST_IN_ASNOBS 85%\te:ha:host:43.157.180.116:asn:132203\thost:43.157.180.116 \u2192 asn:132203\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-0f63d360cf143853:PCAP:capture_20260506050001:4dfc529b4866\tSESSION-0f63d360cf143853 \u2192 PCAP:capture_20260506050001:4dfc529b4866\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:45.33.109.10:geo_37.56250_-122.00040\thost:45.33.109.10 \u2192 geo_37.56250_-122.00040\nflow_observed5-aryOBS\te:fo:flow:2728835a14a6\tflow:2728835a14a6 \u2192 host:74.82.47.3 \u2192 host:172.234.197.23 \u2192 port:tcp:22 \u2192 svc:ssh\nASN_IN_ORGOBS 80%\te:ao:asn:56042:org:China Mobile communications corporation\tasn:56042 \u2192 org:China Mobile communications corporation\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-e3fc51c5a9708a6d:host:172.234.197.23\tSESSION-e3fc51c5a9708a6d \u2192 host:172.234.197.23\nflow_observed3-aryOBS\te:fo:flow:34fc5fb47634\tflow:34fc5fb47634 \u2192 host:172.234.197.23 \u2192 host:45.153.34.112\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-b9cb91009e614d5f:host:172.232.0.17\tSESSION-b9cb91009e614d5f \u2192 host:172.232.0.17\nFLOW_TO_HOSTOBS\te:to:SESSION-afea5cf8af463adc:host:172.234.197.23\tSESSION-afea5cf8af463adc \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-79a0413209e2baca:SESSION-79a0413209e2baca\tSESSION-79a0413209e2baca \u2192 pe:rst:SESSION-79a0413209e2baca\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-2afb3b9c44db3352:flow:937c5e286676\tSESSION-2afb3b9c44db3352 \u2192 flow:937c5e286676\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-3657adb5f65190d3:PCAP:capture_20260506020001:cb849d7e9012\tSESSION-3657adb5f65190d3 \u2192 PCAP:capture_20260506020001:cb849d7e9012\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:185.247.137.6:geo_51.50810_-0.12780\thost:185.247.137.6 \u2192 geo_51.50810_-0.12780\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-4f93282fb27f899d:host:172.234.197.23:host:172.232.0.17\tSESSION-4f93282fb27f899d \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-fa3c66e6c8c7cc27:SESSION-fa3c66e6c8c7cc27\tSESSION-fa3c66e6c8c7cc27 \u2192 pe:tls:SESSION-fa3c66e6c8c7cc27\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-d4b585270ad704cf:host:45.33.109.10:host:172.234.197.23\tSESSION-d4b585270ad704cf \u2192 host:45.33.109.10 \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-b9cb91009e614d5f:host:172.232.0.17\tSESSION-b9cb91009e614d5f \u2192 host:172.232.0.17\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-d68993c6291186b3:SESSION-d68993c6291186b3\tSESSION-d68993c6291186b3 \u2192 pe:tls:SESSION-d68993c6291186b3\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-f57befbbc9509b01:flow:eea34932bdf6\tSESSION-f57befbbc9509b01 \u2192 flow:eea34932bdf6\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-88032ac2aa7f41ae:flow:deb2950ce21a\tSESSION-88032ac2aa7f41ae \u2192 flow:deb2950ce21a\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-547dd5952328fc79:flow:7bb80f6e2570\tSESSION-547dd5952328fc79 \u2192 flow:7bb80f6e2570\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-06c2cef68b8aaa66:SESSION-06c2cef68b8aaa66\tSESSION-06c2cef68b8aaa66 \u2192 pe:syn:SESSION-06c2cef68b8aaa66\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-608e54dcb808ad4f:host:172.234.197.23:host:104.194.149.41\tSESSION-608e54dcb808ad4f \u2192 host:172.234.197.23 \u2192 host:104.194.149.41\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-4f726ca0d8d8e058:host:172.234.197.23:host:2.57.122.193\tSESSION-4f726ca0d8d8e058 \u2192 host:172.234.197.23 \u2192 host:2.57.122.193\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-fa3c66e6c8c7cc27:SESSION-fa3c66e6c8c7cc27\tSESSION-fa3c66e6c8c7cc27 \u2192 pe:syn:SESSION-fa3c66e6c8c7cc27\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-2afb3b9c44db3352:host:172.234.197.23:host:172.232.0.17\tSESSION-2afb3b9c44db3352 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:45.178.249.135:geo_-20.01650_-44.43390\thost:45.178.249.135 \u2192 geo_-20.01650_-44.43390\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-48df9718fdcf0dd4:flow:e1aadcf35da1\tSESSION-48df9718fdcf0dd4 \u2192 flow:e1aadcf35da1\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-742f34cda3a4e617:host:172.234.197.23:host:172.232.0.17\tSESSION-742f34cda3a4e617 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nflow_observed5-aryOBS\te:fo:flow:edcdfd648e8c\tflow:edcdfd648e8c \u2192 host:45.33.109.10 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-34a7e03bf798caf5:PCAP:capture_20260506080002:53e6ba03f554\tSESSION-34a7e03bf798caf5 \u2192 PCAP:capture_20260506080002:53e6ba03f554\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-d05fb923cf4a0ee4:SESSION-d05fb923cf4a0ee4\tSESSION-d05fb923cf4a0ee4 \u2192 pe:rst:SESSION-d05fb923cf4a0ee4\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-a6c427a7783be300:host:172.234.197.23\tSESSION-a6c427a7783be300 \u2192 host:172.234.197.23\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-12e4996e91ea82c2:host:172.234.197.23:host:5.34.178.101\tSESSION-12e4996e91ea82c2 \u2192 host:172.234.197.23 \u2192 host:5.34.178.101\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-4390daf7eeef0d52:host:172.232.0.17\tSESSION-4390daf7eeef0d52 \u2192 host:172.232.0.17\nFLOW_FROM_HOSTOBS\te:from:SESSION-bae5bc563a407479:host:172.234.197.23\tSESSION-bae5bc563a407479 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-f52f57c02498535b:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-f52f57c02498535b \u2192 PCAP:capture_20260506130001:193918cc1ff8\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-06c2cef68b8aaa66:flow:86b2060928ad\tSESSION-06c2cef68b8aaa66 \u2192 flow:86b2060928ad\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-608e54dcb808ad4f:SESSION-608e54dcb808ad4f\tSESSION-608e54dcb808ad4f \u2192 pe:tls:SESSION-608e54dcb808ad4f\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-b58bf26b90688bb4:host:172.232.0.17\tSESSION-b58bf26b90688bb4 \u2192 host:172.232.0.17\nFLOW_TLS_SNIOBS\te:fs:flow:b9a22427e56f:tls_sni:172-234-197-23.ip.linodeusercontent.com\tflow:b9a22427e56f \u2192 tls_sni:172-234-197-23.ip.linodeusercontent.com\nFLOW_DST_PORTOBS\te:fp:flow:796619995967:port:tcp:443\tflow:796619995967 \u2192 port:tcp:443\nFLOW_TO_HOSTOBS\te:to:SESSION-d4b585270ad704cf:host:172.234.197.23\tSESSION-d4b585270ad704cf \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-868e23b316c7b0f8:SESSION-868e23b316c7b0f8\tSESSION-868e23b316c7b0f8 \u2192 pe:tls:SESSION-868e23b316c7b0f8\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-eeb1578b9cc87ce2:flow:e6a35db00740\tSESSION-eeb1578b9cc87ce2 \u2192 flow:e6a35db00740\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-17520ab71e811bf1:flow:dd2a74d69ecd\tSESSION-17520ab71e811bf1 \u2192 flow:dd2a74d69ecd\nFLOW_TO_HOSTOBS\te:to:SESSION-e06fb47105f2ac43:host:172.234.197.23\tSESSION-e06fb47105f2ac43 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-613308d4fce0daf0:host:5.181.20.206\tSESSION-613308d4fce0daf0 \u2192 host:5.181.20.206\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-4305e5b024f7a223:host:45.148.10.152\tSESSION-4305e5b024f7a223 \u2192 host:45.148.10.152\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-51919fc68b872311:flow:02a69204bf87\tSESSION-51919fc68b872311 \u2192 flow:02a69204bf87\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-49abda6ad4a45bbb:host:172.234.197.23:host:172.232.0.17\tSESSION-49abda6ad4a45bbb \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nflow_observed5-aryOBS\te:fo:flow:7d994515472c\tflow:7d994515472c \u2192 host:2.57.122.196 \u2192 host:172.234.197.23 \u2192 port:tcp:22 \u2192 svc:ssh\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-45458b9765283300:host:74.7.243.19\tSESSION-45458b9765283300 \u2192 host:74.7.243.19\nFLOW_QUERIED_DNSOBS\te:fd:flow:1da98017ced9:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\tflow:1da98017ced9 \u2192 dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-6fdf8b8840f3f546:host:172.234.197.23:host:5.34.178.101\tSESSION-6fdf8b8840f3f546 \u2192 host:172.234.197.23 \u2192 host:5.34.178.101\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-54b06c4ee1c885b8:host:172.234.197.23:host:172.232.0.17\tSESSION-54b06c4ee1c885b8 \u2192 host:172.234.197.23 \u2192 host:172.232.0.17\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:63.179.136.145:geo_50.11690_8.68370\thost:63.179.136.145 \u2192 geo_50.11690_8.68370\nFLOW_QUERIED_DNSOBS\te:fd:flow:dd796c5d886d:dns:172-234-197-23.ip.linodeusercontent.com\tflow:dd796c5d886d \u2192 dns:172-234-197-23.ip.linodeusercontent.com\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:213.209.159.56:geo_24.00000_121.00000\thost:213.209.159.56 \u2192 geo_24.00000_121.00000\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-de4dfe84e12d6d3a:host:172.234.197.23\tSESSION-de4dfe84e12d6d3a \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-7f858f15c17e12f2:host:107.189.27.59\tSESSION-7f858f15c17e12f2 \u2192 host:107.189.27.59\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-8e6dba6c98daea8c:PCAP:capture_20260506050001:4dfc529b4866\tSESSION-8e6dba6c98daea8c \u2192 PCAP:capture_20260506050001:4dfc529b4866\nflow_observed5-aryOBS\te:fo:flow:dd796c5d886d\tflow:dd796c5d886d \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nFLOW_FROM_HOSTOBS\te:from:SESSION-54b06c4ee1c885b8:host:172.234.197.23\tSESSION-54b06c4ee1c885b8 \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-5012aad9b09bf0eb:host:172.234.197.23\tSESSION-5012aad9b09bf0eb \u2192 host:172.234.197.23\nflow_observed4-aryOBS\te:fo:flow:77a0f3565630\tflow:77a0f3565630 \u2192 host:170.187.163.133 \u2192 host:172.234.197.23 \u2192 port:tcp:10004\nFLOW_FROM_HOSTOBS\te:from:SESSION-bb28c78a797947d2:host:106.107.248.155\tSESSION-bb28c78a797947d2 \u2192 host:106.107.248.155\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-48b1abbe41658d68:host:172.234.197.23\tSESSION-48b1abbe41658d68 \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-03da2e7ddf212c4e:host:172.234.197.23\tSESSION-03da2e7ddf212c4e \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-b868bf37bed38f15:host:172.234.197.23\tSESSION-b868bf37bed38f15 \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-49ed4f4a29cfb6b3:host:172.232.0.17\tSESSION-49ed4f4a29cfb6b3 \u2192 host:172.232.0.17\nHOST_IN_ASNOBS 85%\te:ha:host:45.178.249.135:asn:269051\thost:45.178.249.135 \u2192 asn:269051\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-e123b6403f799b1d:host:40.77.167.70:host:172.234.197.23\tSESSION-e123b6403f799b1d \u2192 host:40.77.167.70 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-12e4996e91ea82c2:host:172.234.197.23\tSESSION-12e4996e91ea82c2 \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-f29056eb8e4d0543:host:172.232.0.17\tSESSION-f29056eb8e4d0543 \u2192 host:172.232.0.17\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-c041b784113284dc:host:172.232.0.17\tSESSION-c041b784113284dc \u2192 host:172.232.0.17\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-e96b201766459115:SESSION-e96b201766459115\tSESSION-e96b201766459115 \u2192 pe:tls:SESSION-e96b201766459115\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-0086120f9ffcd7cf:host:192.119.111.204\tSESSION-0086120f9ffcd7cf \u2192 host:192.119.111.204\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-d4b585270ad704cf:SESSION-d4b585270ad704cf\tSESSION-d4b585270ad704cf \u2192 pe:syn:SESSION-d4b585270ad704cf\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-06f3798479e59b72:host:172.234.197.23\tSESSION-06f3798479e59b72 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-54190c4a9018c8b2:host:74.7.242.149\tSESSION-54190c4a9018c8b2 \u2192 host:74.7.242.149\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-2801fe3d7a774cf5:host:45.153.34.112\tSESSION-2801fe3d7a774cf5 \u2192 host:45.153.34.112\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-868e23b316c7b0f8:host:107.189.27.59\tSESSION-868e23b316c7b0f8 \u2192 host:107.189.27.59\nFLOW_TO_HOSTOBS\te:to:SESSION-c041b784113284dc:host:172.232.0.17\tSESSION-c041b784113284dc \u2192 host:172.232.0.17\nFLOW_DST_PORTOBS\te:fp:flow:6cdc7ef329cb:port:tcp:443\tflow:6cdc7ef329cb \u2192 port:tcp:443\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-e0cca33290218eee:SESSION-e0cca33290218eee\tSESSION-e0cca33290218eee \u2192 pe:tls:SESSION-e0cca33290218eee\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-a6bd6f290a9108c0:flow:6845e8b68c70\tSESSION-a6bd6f290a9108c0 \u2192 flow:6845e8b68c70\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-51e53ba41d3daf57:flow:b043921b4335\tSESSION-51e53ba41d3daf57 \u2192 flow:b043921b4335\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-e25260d84d1899f3:flow:fa86c0038549\tSESSION-e25260d84d1899f3 \u2192 flow:fa86c0038549\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-56800f0e4776fb43:PCAP:capture_20260506140001:5d47d72c8963\tSESSION-56800f0e4776fb43 \u2192 PCAP:capture_20260506140001:5d47d72c8963\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-45458b9765283300:SESSION-45458b9765283300\tSESSION-45458b9765283300 \u2192 pe:syn:SESSION-45458b9765283300\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-3657adb5f65190d3:host:45.178.249.135:host:172.234.197.23\tSESSION-3657adb5f65190d3 \u2192 host:45.178.249.135 \u2192 host:172.234.197.23\nFLOW_DST_PORTOBS\te:fp:flow:3e4cd8770b96:port:tcp:52976\tflow:3e4cd8770b96 \u2192 port:tcp:52976\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-2afb3b9c44db3352:PCAP:capture_20260506140001:5d47d72c8963\tSESSION-2afb3b9c44db3352 \u2192 PCAP:capture_20260506140001:5d47d72c8963\nPORT_IMPLIED_SERVICEIMP 70%\te:ps:port:tcp:443:svc:https\tport:tcp:443 \u2192 svc:https\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%\te:bsg:SESSION-8321b4fe85ec7c76:BSG-BEACON-f6c2b3d0e42d\tSESSION-8321b4fe85ec7c76 \u2192 BSG-BEACON-f6c2b3d0e42d\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 75%\te:bsg:SESSION-f29056eb8e4d0543:BSG-BEACON-f6c2b3d0e42d\tSESSION-f29056eb8e4d0543 \u2192 BSG-BEACON-f6c2b3d0e42d\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-b9b9c8c14f596810:host:172.234.197.23\tSESSION-b9b9c8c14f596810 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-4473489472864a95:PCAP:capture_20260506090001:f14948ae9de4\tSESSION-4473489472864a95 \u2192 PCAP:capture_20260506090001:f14948ae9de4\nFLOW_FROM_HOSTOBS\te:from:SESSION-0f1fcc9050279648:host:185.247.137.22\tSESSION-0f1fcc9050279648 \u2192 host:185.247.137.22\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-062c72215e61d30f:host:172.234.197.23\tSESSION-062c72215e61d30f \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-f57befbbc9509b01:host:172.232.0.17\tSESSION-f57befbbc9509b01 \u2192 host:172.232.0.17\nFLOW_QUERIED_DNSOBS\te:fd:flow:e49bf2972d42:dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\tflow:e49bf2972d42 \u2192 dns:172-234-197-23.ip.linodeusercontent.com.members.linode.com\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-acef8d31e86c7acd:host:172.234.197.23\tSESSION-acef8d31e86c7acd \u2192 host:172.234.197.23\nFLOW_DST_PORTOBS\te:fp:flow:98c0b157084d:port:tcp:443\tflow:98c0b157084d \u2192 port:tcp:443\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-34b2326f558473f5:SESSION-34b2326f558473f5\tSESSION-34b2326f558473f5 \u2192 pe:tls:SESSION-34b2326f558473f5\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:tls:SESSION-6fdf8b8840f3f546:SESSION-6fdf8b8840f3f546\tSESSION-6fdf8b8840f3f546 \u2192 pe:tls:SESSION-6fdf8b8840f3f546\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-93717221407cc62b:PCAP:capture_20260506110001:db30e8f19576\tSESSION-93717221407cc62b \u2192 PCAP:capture_20260506110001:db30e8f19576\nFLOW_TO_HOSTOBS\te:to:SESSION-f05eefe35c8f9a76:host:2.57.122.194\tSESSION-f05eefe35c8f9a76 \u2192 host:2.57.122.194\nFLOW_FROM_HOSTOBS\te:from:SESSION-3bdf02dba5935e9e:host:183.202.141.98\tSESSION-3bdf02dba5935e9e \u2192 host:183.202.141.98\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-dd0bfa1ac17855c2:SESSION-dd0bfa1ac17855c2\tSESSION-dd0bfa1ac17855c2 \u2192 pe:syn:SESSION-dd0bfa1ac17855c2\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-79b2777978dd27ca:host:172.232.0.17\tSESSION-79b2777978dd27ca \u2192 host:172.232.0.17\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-9921af6a5702b3bf:host:172.234.197.23\tSESSION-9921af6a5702b3bf \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-f29056eb8e4d0543:host:172.234.197.23\tSESSION-f29056eb8e4d0543 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-9bfef0c13717a796:host:172.234.197.23\tSESSION-9bfef0c13717a796 \u2192 host:172.234.197.23\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-0f1fcc9050279648:SESSION-0f1fcc9050279648\tSESSION-0f1fcc9050279648 \u2192 pe:syn:SESSION-0f1fcc9050279648\nHOST_IN_ASNOBS 85%\te:ha:host:5.181.20.206:asn:209847\thost:5.181.20.206 \u2192 asn:209847\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-dd0bfa1ac17855c2:SESSION-dd0bfa1ac17855c2\tSESSION-dd0bfa1ac17855c2 \u2192 pe:rst:SESSION-dd0bfa1ac17855c2\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-b45740c93fb46f4f:host:170.187.163.133:host:172.234.197.23\tSESSION-b45740c93fb46f4f \u2192 host:170.187.163.133 \u2192 host:172.234.197.23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-dd0bfa1ac17855c2:flow:b9a22427e56f\tSESSION-dd0bfa1ac17855c2 \u2192 flow:b9a22427e56f\nflow_observed5-aryOBS\te:fo:flow:99cd9173a6aa\tflow:99cd9173a6aa \u2192 host:172.234.197.23 \u2192 host:172.232.0.17 \u2192 port:udp:53 \u2192 svc:dns\nFLOW_FROM_HOSTOBS\te:from:SESSION-afea5cf8af463adc:host:34.197.28.78\tSESSION-afea5cf8af463adc \u2192 host:34.197.28.78\nFLOW_DST_PORTOBS\te:fp:flow:1e45f245d9e1:port:tcp:50746\tflow:1e45f245d9e1 \u2192 port:tcp:50746\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-60c9f814ed617fcc:host:45.148.10.157\tSESSION-60c9f814ed617fcc \u2192 host:45.148.10.157\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-8321b4fe85ec7c76:PCAP:capture_20260506030001:5cc356b1b859\tSESSION-8321b4fe85ec7c76 \u2192 PCAP:capture_20260506030001:5cc356b1b859\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-79a0413209e2baca:flow:7d422775f052\tSESSION-79a0413209e2baca \u2192 flow:7d422775f052\nASN_IN_ORGOBS 80%\te:ao:asn:14956:org:RouterHosting LLC\tasn:14956 \u2192 org:RouterHosting LLC\nHOST_IN_ASNOBS 85%\te:ha:host:172.232.0.17:asn:63949\thost:172.232.0.17 \u2192 asn:63949\nFLOW_TO_HOSTOBS\te:to:SESSION-51919fc68b872311:host:172.234.197.23\tSESSION-51919fc68b872311 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-8f55e302ff5e6c0d:host:172.234.197.23\tSESSION-8f55e302ff5e6c0d \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-4f93282fb27f899d:host:172.232.0.17\tSESSION-4f93282fb27f899d \u2192 host:172.232.0.17\nFLOW_DST_PORTOBS\te:fp:flow:19202654408c:port:tcp:60604\tflow:19202654408c \u2192 port:tcp:60604\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-fcda3062255c0ddf:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-fcda3062255c0ddf \u2192 PCAP:capture_20260506130001:193918cc1ff8\nFLOW_FROM_HOSTOBS\te:from:SESSION-608e54dcb808ad4f:host:172.234.197.23\tSESSION-608e54dcb808ad4f \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-2aaccea6dccbc46a:host:172.232.0.17\tSESSION-2aaccea6dccbc46a \u2192 host:172.232.0.17\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-e06fb47105f2ac43:host:103.155.16.117\tSESSION-e06fb47105f2ac43 \u2192 host:103.155.16.117\nflow_observed3-aryOBS\te:fo:flow:d6f713bf2ef5\tflow:d6f713bf2ef5 \u2192 host:5.181.20.206 \u2192 host:172.234.197.23\nHOST_IN_ASNOBS 85%\te:ha:host:74.7.175.174:asn:8075\thost:74.7.175.174 \u2192 asn:8075\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-51d7f2698b47beca:flow:5817e49bd4d7\tSESSION-51d7f2698b47beca \u2192 flow:5817e49bd4d7\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-e0cca33290218eee:flow:880e4b1bdb27\tSESSION-e0cca33290218eee \u2192 flow:880e4b1bdb27\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-e7ce4665dfa45d3c:host:172.232.0.17\tSESSION-e7ce4665dfa45d3c \u2192 host:172.232.0.17\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:103.155.16.117:geo_1.29390_103.84610\thost:103.155.16.117 \u2192 geo_1.29390_103.84610\nSESSION_MEMBER_OF_BEHAVIOR_GROUPOBS 90%\te:bsg:SESSION-c041b784113284dc:BSG-BEACON-f6c2b3d0e42d\tSESSION-c041b784113284dc \u2192 BSG-BEACON-f6c2b3d0e42d\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-c0f54da92702e4ac:SESSION-c0f54da92702e4ac\tSESSION-c0f54da92702e4ac \u2192 pe:syn:SESSION-c0f54da92702e4ac\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:dns:SESSION-2afb3b9c44db3352:SESSION-2afb3b9c44db3352\tSESSION-2afb3b9c44db3352 \u2192 pe:dns:SESSION-2afb3b9c44db3352\nFLOW_FROM_HOSTOBS\te:from:SESSION-c0f54da92702e4ac:host:45.33.109.10\tSESSION-c0f54da92702e4ac \u2192 host:45.33.109.10\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-dd0bfa1ac17855c2:host:43.157.180.116:host:172.234.197.23\tSESSION-dd0bfa1ac17855c2 \u2192 host:43.157.180.116 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-bae5bc563a407479:host:2.57.122.196\tSESSION-bae5bc563a407479 \u2192 host:2.57.122.196\nFLOW_TO_HOSTOBS\te:to:SESSION-e07ada5095ddfcf9:host:45.153.34.112\tSESSION-e07ada5095ddfcf9 \u2192 host:45.153.34.112\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-ff5fd6c4007b2145:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-ff5fd6c4007b2145 \u2192 PCAP:capture_20260506130001:193918cc1ff8\nFLOW_TO_HOSTOBS\te:to:SESSION-6fdf8b8840f3f546:host:5.34.178.101\tSESSION-6fdf8b8840f3f546 \u2192 host:5.34.178.101\nFLOW_FROM_HOSTOBS\te:from:SESSION-90d6ffa3c7df5be4:host:172.234.197.23\tSESSION-90d6ffa3c7df5be4 \u2192 host:172.234.197.23\nFLOW_TO_HOSTOBS\te:to:SESSION-02436cab82ff2be9:host:172.234.197.23\tSESSION-02436cab82ff2be9 \u2192 host:172.234.197.23\nFLOW_QUERIED_DNSOBS\te:fd:flow:7a63b783bb1f:dns:wpcodeusage.com\tflow:7a63b783bb1f \u2192 dns:wpcodeusage.com\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-54190c4a9018c8b2:host:74.7.242.149\tSESSION-54190c4a9018c8b2 \u2192 host:74.7.242.149\nFLOW_TO_HOSTOBS\te:to:SESSION-308a7d658a499624:host:172.234.197.23\tSESSION-308a7d658a499624 \u2192 host:172.234.197.23\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:46.151.178.13:geo_52.38240_4.89950\thost:46.151.178.13 \u2192 geo_52.38240_4.89950\nFLOW_TO_HOSTOBS\te:to:SESSION-110d1ee95c8ccd23:host:104.194.149.41\tSESSION-110d1ee95c8ccd23 \u2192 host:104.194.149.41\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-f4f04d9d25e66b28:host:172.234.197.23\tSESSION-f4f04d9d25e66b28 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-8db7c39e7c6a0413:host:46.151.178.13\tSESSION-8db7c39e7c6a0413 \u2192 host:46.151.178.13\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-d68993c6291186b3:PCAP:capture_20260506040001:e9f965e38ce8\tSESSION-d68993c6291186b3 \u2192 PCAP:capture_20260506040001:e9f965e38ce8\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-45458b9765283300:host:74.7.243.19:host:172.234.197.23\tSESSION-45458b9765283300 \u2192 host:74.7.243.19 \u2192 host:172.234.197.23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-e06fb47105f2ac43:flow:932b37022a67\tSESSION-e06fb47105f2ac43 \u2192 flow:932b37022a67\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-f52f57c02498535b:flow:e73d03d30fbd\tSESSION-f52f57c02498535b \u2192 flow:e73d03d30fbd\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-c495d9e5ab9acfbc:host:172.232.0.17\tSESSION-c495d9e5ab9acfbc \u2192 host:172.232.0.17\nFLOW_FROM_HOSTOBS\te:from:SESSION-a13a17be1b938278:host:172.234.197.23\tSESSION-a13a17be1b938278 \u2192 host:172.234.197.23\nflow_observed4-aryOBS\te:fo:flow:19202654408c\tflow:19202654408c \u2192 host:172.234.197.23 \u2192 host:192.119.111.204 \u2192 port:tcp:60604\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-9931d5e5bc996b57:host:172.234.197.23:host:195.123.246.80\tSESSION-9931d5e5bc996b57 \u2192 host:172.234.197.23 \u2192 host:195.123.246.80\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-4b726f82be41475c:host:103.155.16.117:host:172.234.197.23\tSESSION-4b726f82be41475c \u2192 host:103.155.16.117 \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-1ae5761b52438ad8:PCAP:capture_20260506130001:193918cc1ff8\tSESSION-1ae5761b52438ad8 \u2192 PCAP:capture_20260506130001:193918cc1ff8\nASN_IN_ORGOBS 80%\te:ao:asn:136557:org:Host Universal Pty Ltd\tasn:136557 \u2192 org:Host Universal Pty Ltd\nHOST_IN_ASNOBS 85%\te:ha:host:40.77.167.70:asn:8075\thost:40.77.167.70 \u2192 asn:8075\nHOST_GEO_ESTIMATEOBS 60%\te:hg:host:3.223.134.5:geo_39.04690_-77.49030\thost:3.223.134.5 \u2192 geo_39.04690_-77.49030\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-12e4996e91ea82c2:host:172.234.197.23\tSESSION-12e4996e91ea82c2 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-4f93282fb27f899d:host:172.234.197.23\tSESSION-4f93282fb27f899d \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-547dd5952328fc79:host:211.251.245.88\tSESSION-547dd5952328fc79 \u2192 host:211.251.245.88\nFLOW_DST_PORTOBS\te:fp:flow:75f5a0d5f164:port:tcp:22\tflow:75f5a0d5f164 \u2192 port:tcp:22\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-8f6eea3c975ecf64:host:74.7.242.172\tSESSION-8f6eea3c975ecf64 \u2192 host:74.7.242.172\nFLOW_DST_PORTOBS\te:fp:flow:edcdfd648e8c:port:tcp:443\tflow:edcdfd648e8c \u2192 port:tcp:443\nFLOW_TO_HOSTOBS\te:to:SESSION-64839ebd252cff52:host:45.156.87.254\tSESSION-64839ebd252cff52 \u2192 host:45.156.87.254\nFLOW_TO_HOSTOBS\te:to:SESSION-a13a17be1b938278:host:104.194.145.47\tSESSION-a13a17be1b938278 \u2192 host:104.194.145.47\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-308a7d658a499624:host:81.29.142.50:host:172.234.197.23\tSESSION-308a7d658a499624 \u2192 host:81.29.142.50 \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-e7ce4665dfa45d3c:host:172.234.197.23\tSESSION-e7ce4665dfa45d3c \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-4f93282fb27f899d:PCAP:capture_20260506020001:cb849d7e9012\tSESSION-4f93282fb27f899d \u2192 PCAP:capture_20260506020001:cb849d7e9012\nFLOW_TO_HOSTOBS\te:to:SESSION-ea4986b0ffcf3593:host:172.234.197.23\tSESSION-ea4986b0ffcf3593 \u2192 host:172.234.197.23\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-0508ecf5fca31f9f:flow:780372653948\tSESSION-0508ecf5fca31f9f \u2192 flow:780372653948\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-e3fc51c5a9708a6d:flow:69ea25c11391\tSESSION-e3fc51c5a9708a6d \u2192 flow:69ea25c11391\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-0ee78febbe613cbe:flow:fb8bd5371f47\tSESSION-0ee78febbe613cbe \u2192 flow:fb8bd5371f47\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:rst:SESSION-547dd5952328fc79:SESSION-547dd5952328fc79\tSESSION-547dd5952328fc79 \u2192 pe:rst:SESSION-547dd5952328fc79\nFLOW_TO_HOSTOBS\te:to:SESSION-cb177f6b8a87aae0:host:172.234.197.23\tSESSION-cb177f6b8a87aae0 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-49abda6ad4a45bbb:host:172.234.197.23\tSESSION-49abda6ad4a45bbb \u2192 host:172.234.197.23\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-183409131ad9123b:PCAP:capture_20260506120001:ed45599fcb5b\tSESSION-183409131ad9123b \u2192 PCAP:capture_20260506120001:ed45599fcb5b\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-47a5cb6f1c89acd9:host:172.234.197.23\tSESSION-47a5cb6f1c89acd9 \u2192 host:172.234.197.23\nflow_observed3-aryOBS\te:fo:flow:94ead5a3cc24\tflow:94ead5a3cc24 \u2192 host:51.224.145.102 \u2192 host:172.234.197.23\nHOST_IN_ASNOBS 85%\te:ha:host:51.224.145.102:asn:16509\thost:51.224.145.102 \u2192 asn:16509\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-e123b6403f799b1d:host:172.234.197.23\tSESSION-e123b6403f799b1d \u2192 host:172.234.197.23\nFLOW_DST_PORTOBS\te:fp:flow:937c5e286676:port:udp:53\tflow:937c5e286676 \u2192 port:udp:53\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-464991c3566dab39:PCAP:capture_20260506020001:cb849d7e9012\tSESSION-464991c3566dab39 \u2192 PCAP:capture_20260506020001:cb849d7e9012\nflow_observed5-aryOBS\te:fo:flow:bb6249832db5\tflow:bb6249832db5 \u2192 host:89.190.156.78 \u2192 host:172.234.197.23 \u2192 port:tcp:443 \u2192 svc:https\nSESSION_DERIVED_FROM_PCAPOBS\te:derived:SESSION-e25260d84d1899f3:PCAP:capture_20260506020001:cb849d7e9012\tSESSION-e25260d84d1899f3 \u2192 PCAP:capture_20260506020001:cb849d7e9012\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-a13a17be1b938278:flow:526ed535a114\tSESSION-a13a17be1b938278 \u2192 flow:526ed535a114\nSESSION_BETWEEN_HOSTS3-aryOBS\te:sbh:SESSION-a6c427a7783be300:host:45.227.254.170:host:172.234.197.23\tSESSION-a6c427a7783be300 \u2192 host:45.227.254.170 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-0ee78febbe613cbe:host:172.234.197.23\tSESSION-0ee78febbe613cbe \u2192 host:172.234.197.23\nFLOW_FROM_HOSTOBS\te:from:SESSION-441a69db47f1f67e:host:106.107.248.155\tSESSION-441a69db47f1f67e \u2192 host:106.107.248.155\nFLOW_QUERIED_DNSOBS\te:fd:flow:4f3d29822dfd:dns:172-234-197-23.ip.linodeusercontent.com\tflow:4f3d29822dfd \u2192 dns:172-234-197-23.ip.linodeusercontent.com\nFLOW_TO_HOSTOBS\te:to:SESSION-b9b9c8c14f596810:host:172.234.197.23\tSESSION-b9b9c8c14f596810 \u2192 host:172.234.197.23\nHOST_IN_ASNOBS 85%\te:ha:host:2.57.122.196:asn:47890\thost:2.57.122.196 \u2192 asn:47890\nSESSION_OBSERVED_FLOWOBS\te:sof:SESSION-7f858f15c17e12f2:flow:de5fce5ad04d\tSESSION-7f858f15c17e12f2 \u2192 flow:de5fce5ad04d\nFLOW_TO_HOSTOBS\te:to:SESSION-51e53ba41d3daf57:host:172.234.197.23\tSESSION-51e53ba41d3daf57 \u2192 host:172.234.197.23\nSESSION_OBSERVED_HOSTOBS\te:soh:SESSION-d92c82faf3e575a2:host:103.155.16.117\tSESSION-d92c82faf3e575a2 \u2192 host:103.155.16.117\nSESSION_CONTAINS_EVENTOBS\te:pe:pe:syn:SESSION-ee97936cb69b9d13:SESSION-ee97936cb69b9d13\tSESSION-ee97936cb69b9d13 \u2192 pe:syn:SESSION-ee97936cb69b9d13<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"class_list":["post-5905","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/index.php?rest_route=\/wp\/v2\/pages\/5905","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5905"}],"version-history":[{"count":1,"href":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/index.php?rest_route=\/wp\/v2\/pages\/5905\/revisions"}],"predecessor-version":[{"id":5907,"href":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/index.php?rest_route=\/wp\/v2\/pages\/5905\/revisions\/5907"}],"wp:attachment":[{"href":"https:\/\/neurosphere-2.tail52f848.ts.net\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5905"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}