# FoilLab — Challenge: Silent Channel
# DNS query capture — 2026-01-15 09:00:00 to 10:35:00 UTC
# Source: core-switch-01 (interface GigabitEthernet0/1), passive mirror
# Format: [timestamp UTC] [client-ip] [dns-server] [qtype] [query]
# ──────────────────────────────────────────────────────────────────────────────

[2026-01-15 09:00:04] 192.168.1.10  8.8.8.8   A     google.com
[2026-01-15 09:00:05] 192.168.1.10  8.8.8.8   A     www.google.com
[2026-01-15 09:00:11] 192.168.1.15  8.8.8.8   A     outlook.office365.com
[2026-01-15 09:00:14] 192.168.1.15  8.8.8.8   A     login.microsoftonline.com
[2026-01-15 09:00:22] 192.168.1.31  8.8.8.8   A     slack.com
[2026-01-15 09:00:29] 192.168.1.31  8.8.8.8   A     api.slack.com
[2026-01-15 09:00:33] 192.168.1.42  8.8.8.8   A     erp-internal.company.local
[2026-01-15 09:00:34] 192.168.1.42  8.8.8.8   A     confluence.company.local
[2026-01-15 09:00:38] 192.168.1.18  8.8.8.8   A     github.com
[2026-01-15 09:00:44] 192.168.1.18  8.8.8.8   A     api.github.com
[2026-01-15 09:01:02] 192.168.1.10  8.8.8.8   A     docs.google.com
[2026-01-15 09:01:07] 192.168.1.22  8.8.8.8   A     zoom.us
[2026-01-15 09:01:09] 192.168.1.22  8.8.8.8   A     www.zoom.us
[2026-01-15 09:01:15] 192.168.1.42  8.8.8.8   A     erp-internal.company.local
[2026-01-15 09:01:21] 192.168.1.55  8.8.8.8   A     cdn.jsdelivr.net
[2026-01-15 09:01:34] 192.168.1.55  8.8.8.8   A     fonts.googleapis.com
[2026-01-15 09:01:38] 192.168.1.15  8.8.8.8   A     teams.microsoft.com
[2026-01-15 09:01:44] 192.168.1.15  8.8.8.8   A     outlook.office.com
[2026-01-15 09:02:01] 192.168.1.31  8.8.8.8   A     notion.so
[2026-01-15 09:02:08] 192.168.1.31  8.8.8.8   A     www.notion.so
[2026-01-15 09:02:12] 192.168.1.10  8.8.8.8   A     drive.google.com
[2026-01-15 09:02:19] 192.168.1.42  8.8.8.8   A     jira.company.local
[2026-01-15 09:02:25] 192.168.1.18  8.8.8.8   A     stackoverflow.com
[2026-01-15 09:02:31] 192.168.1.18  8.8.8.8   A     cdn.sstatic.net
[2026-01-15 09:02:44] 192.168.1.22  8.8.8.8   A     calendly.com
[2026-01-15 09:02:55] 192.168.1.55  8.8.8.8   A     unpkg.com
[2026-01-15 09:03:01] 192.168.1.10  8.8.8.8   A     mail.google.com
[2026-01-15 09:03:09] 192.168.1.15  8.8.8.8   A     sharepoint.com
[2026-01-15 09:03:14] 192.168.1.42  8.8.8.8   A     erp-internal.company.local
[2026-01-15 09:03:22] 192.168.1.31  8.8.8.8   A     figma.com
[2026-01-15 09:03:29] 192.168.1.31  8.8.8.8   A     www.figma.com
[2026-01-15 09:04:01] 192.168.1.18  8.8.8.8   A     npmjs.com
[2026-01-15 09:04:07] 192.168.1.18  8.8.8.8   A     registry.npmjs.org
[2026-01-15 09:04:15] 192.168.1.22  8.8.8.8   A     hubspot.com
[2026-01-15 09:04:21] 192.168.1.10  8.8.8.8   A     accounts.google.com
[2026-01-15 09:04:28] 192.168.1.55  8.8.8.8   A     cloudflare.com
[2026-01-15 09:04:33] 192.168.1.42  8.8.8.8   A     confluence.company.local
[2026-01-15 09:04:41] 192.168.1.15  8.8.8.8   A     login.microsoftonline.com
[2026-01-15 09:05:02] 192.168.1.31  8.8.8.8   A     miro.com
[2026-01-15 09:05:11] 192.168.1.18  8.8.8.8   A     pypi.org
[2026-01-15 09:05:18] 192.168.1.10  8.8.8.8   A     calendar.google.com
[2026-01-15 09:05:24] 192.168.1.22  8.8.8.8   A     dropbox.com
[2026-01-15 09:05:31] 192.168.1.42  8.8.8.8   A     erp-internal.company.local
[2026-01-15 09:05:38] 192.168.1.55  8.8.8.8   A     stripe.com
[2026-01-15 09:05:44] 192.168.1.31  8.8.8.8   A     airtable.com
[2026-01-15 09:06:01] 192.168.1.15  8.8.8.8   A     onedrive.live.com
[2026-01-15 09:06:09] 192.168.1.18  8.8.8.8   A     docker.com
[2026-01-15 09:06:15] 192.168.1.22  8.8.8.8   A     trello.com
[2026-01-15 09:06:22] 192.168.1.10  8.8.8.8   A     youtube.com
[2026-01-15 09:06:29] 192.168.1.42  8.8.8.8   A     jira.company.local
[2026-01-15 09:07:01] 192.168.1.31  8.8.8.8   A     linear.app
[2026-01-15 09:07:08] 192.168.1.55  8.8.8.8   A     vercel.com
[2026-01-15 09:07:14] 192.168.1.18  8.8.8.8   A     hub.docker.com
[2026-01-15 09:07:21] 192.168.1.15  8.8.8.8   A     office.com
[2026-01-15 09:07:28] 192.168.1.22  8.8.8.8   A     asana.com
[2026-01-15 09:07:35] 192.168.1.42  8.8.8.8   A     erp-internal.company.local
[2026-01-15 09:08:01] 192.168.1.10  8.8.8.8   A     sheets.google.com
[2026-01-15 09:08:09] 192.168.1.31  8.8.8.8   A     clickup.com
[2026-01-15 09:08:17] 192.168.1.18  8.8.8.8   A     grafana.com
[2026-01-15 09:08:24] 192.168.1.55  8.8.8.8   A     netlify.com
[2026-01-15 09:08:31] 192.168.1.22  8.8.8.8   A     monday.com
[2026-01-15 09:08:38] 192.168.1.42  8.8.8.8   A     confluence.company.local
[2026-01-15 09:09:01] 192.168.1.15  8.8.8.8   A     microsoft.com
[2026-01-15 09:09:08] 192.168.1.10  8.8.8.8   A     slides.google.com
[2026-01-15 09:09:15] 192.168.1.31  8.8.8.8   A     loom.com
[2026-01-15 09:09:22] 192.168.1.18  8.8.8.8   A     sentry.io
[2026-01-15 09:09:29] 192.168.1.22  8.8.8.8   A     intercom.io
[2026-01-15 09:09:35] 192.168.1.42  8.8.8.8   A     erp-internal.company.local
[2026-01-15 09:10:01] 192.168.1.55  8.8.8.8   A     render.com
[2026-01-15 09:10:08] 192.168.1.15  8.8.8.8   A     azure.microsoft.com
[2026-01-15 09:10:14] 192.168.1.10  8.8.8.8   A     maps.google.com
[2026-01-15 09:10:21] 192.168.1.31  8.8.8.8   A     canva.com
[2026-01-15 09:10:28] 192.168.1.18  8.8.8.8   A     datadog.com
[2026-01-15 09:10:35] 192.168.1.42  8.8.8.8   A     jira.company.local
[2026-01-15 09:11:01] 192.168.1.22  8.8.8.8   A     zendesk.com
[2026-01-15 09:11:08] 192.168.1.55  8.8.8.8   A     heroku.com
[2026-01-15 09:11:14] 192.168.1.15  8.8.8.8   A     sharepoint.office365.com
[2026-01-15 09:11:21] 192.168.1.10  8.8.8.8   A     www.google.com
[2026-01-15 09:11:28] 192.168.1.31  8.8.8.8   A     webflow.com
[2026-01-15 09:11:35] 192.168.1.42  8.8.8.8   A     erp-internal.company.local
[2026-01-15 09:12:01] 192.168.1.18  8.8.8.8   A     bitbucket.org
[2026-01-15 09:12:08] 192.168.1.22  8.8.8.8   A     freshdesk.com
[2026-01-15 09:12:14] 192.168.1.55  8.8.8.8   A     digitalocean.com
[2026-01-15 09:12:21] 192.168.1.15  8.8.8.8   A     outlook.live.com
[2026-01-15 09:12:28] 192.168.1.10  8.8.8.8   A     google.com
[2026-01-15 09:12:35] 192.168.1.42  8.8.8.8   A     confluence.company.local
[2026-01-15 09:13:01] 192.168.1.31  8.8.8.8   A     atlassian.com
[2026-01-15 09:13:08] 192.168.1.18  8.8.8.8   A     gitlab.com
[2026-01-15 09:13:14] 192.168.1.22  8.8.8.8   A     salesforce.com
[2026-01-15 09:13:21] 192.168.1.55  8.8.8.8   A     aws.amazon.com
[2026-01-15 09:13:28] 192.168.1.42  8.8.8.8   A     erp-internal.company.local
[2026-01-15 09:14:01] 192.168.1.15  8.8.8.8   A     teams.microsoft.com
[2026-01-15 09:14:08] 192.168.1.10  8.8.8.8   A     accounts.google.com
[2026-01-15 09:14:15] 192.168.1.31  8.8.8.8   A     evernote.com
[2026-01-15 09:14:22] 192.168.1.18  8.8.8.8   A     kubernetes.io
[2026-01-15 09:14:29] 192.168.1.22  8.8.8.8   A     workday.com
[2026-01-15 09:14:35] 192.168.1.42  8.8.8.8   A     jira.company.local

# ── Anomalous traffic starts here ─────────────────────────────────────────────

[2026-01-15 09:15:01] 192.168.1.55  8.8.8.8   A     hashicorp.com
[2026-01-15 09:15:08] 192.168.1.15  8.8.8.8   A     login.microsoftonline.com
[2026-01-15 09:15:14] 192.168.1.10  8.8.8.8   A     plus.google.com
[2026-01-15 09:15:21] 192.168.1.31  8.8.8.8   A     todoist.com
[2026-01-15 09:15:28] 192.168.1.42  8.8.8.8   A     erp-internal.company.local
[2026-01-15 09:15:34] 192.168.1.18  8.8.8.8   A     npmjs.org
[2026-01-15 09:16:01] 192.168.1.22  8.8.8.8   A     calendly.com
[2026-01-15 09:16:08] 192.168.1.55  8.8.8.8   A     cloudfront.net
[2026-01-15 09:16:14] 192.168.1.15  8.8.8.8   A     outlook.office365.com
[2026-01-15 09:16:21] 192.168.1.10  8.8.8.8   A     gmail.com
[2026-01-15 09:16:28] 192.168.1.42  8.8.8.8   A     464f494c7b6330.1.exfil.badactor.cc
[2026-01-15 09:16:35] 192.168.1.31  8.8.8.8   A     basecamp.com
[2026-01-15 09:16:41] 192.168.1.18  8.8.8.8   A     github.com
[2026-01-15 09:17:01] 192.168.1.22  8.8.8.8   A     zoom.us
[2026-01-15 09:17:08] 192.168.1.55  8.8.8.8   A     sentry.io
[2026-01-15 09:17:14] 192.168.1.15  8.8.8.8   A     microsoft.com
[2026-01-15 09:17:21] 192.168.1.10  8.8.8.8   A     drive.google.com
[2026-01-15 09:17:28] 192.168.1.42  8.8.8.8   A     erp-internal.company.local
[2026-01-15 09:17:35] 192.168.1.31  8.8.8.8   A     figma.com
[2026-01-15 09:17:41] 192.168.1.18  8.8.8.8   A     docker.com
[2026-01-15 09:18:01] 192.168.1.22  8.8.8.8   A     slack.com
[2026-01-15 09:18:08] 192.168.1.55  8.8.8.8   A     vercel.com
[2026-01-15 09:18:14] 192.168.1.42  8.8.8.8   A     763372745f6368.2.exfil.badactor.cc
[2026-01-15 09:18:21] 192.168.1.15  8.8.8.8   A     azure.com
[2026-01-15 09:18:28] 192.168.1.10  8.8.8.8   A     www.youtube.com
[2026-01-15 09:18:35] 192.168.1.31  8.8.8.8   A     notion.so
[2026-01-15 09:18:41] 192.168.1.18  8.8.8.8   A     stackoverflow.com
[2026-01-15 09:19:01] 192.168.1.22  8.8.8.8   A     hubspot.com
[2026-01-15 09:19:08] 192.168.1.42  8.8.8.8   A     confluence.company.local
[2026-01-15 09:19:14] 192.168.1.55  8.8.8.8   A     netlify.com
[2026-01-15 09:19:21] 192.168.1.15  8.8.8.8   A     teams.microsoft.com
[2026-01-15 09:19:28] 192.168.1.10  8.8.8.8   A     maps.google.com
[2026-01-15 09:19:35] 192.168.1.31  8.8.8.8   A     clickup.com
[2026-01-15 09:19:41] 192.168.1.42  8.8.8.8   A     346e6e336c5f64.3.exfil.badactor.cc
[2026-01-15 09:20:01] 192.168.1.18  8.8.8.8   A     pypi.org
[2026-01-15 09:20:08] 192.168.1.22  8.8.8.8   A     asana.com
[2026-01-15 09:20:14] 192.168.1.55  8.8.8.8   A     render.com
[2026-01-15 09:20:21] 192.168.1.15  8.8.8.8   A     onedrive.com
[2026-01-15 09:20:28] 192.168.1.10  8.8.8.8   A     calendar.google.com
[2026-01-15 09:20:35] 192.168.1.42  8.8.8.8   A     erp-internal.company.local
[2026-01-15 09:20:41] 192.168.1.31  8.8.8.8   A     linear.app
[2026-01-15 09:21:01] 192.168.1.18  8.8.8.8   A     gitlab.com
[2026-01-15 09:21:08] 192.168.1.22  8.8.8.8   A     salesforce.com
[2026-01-15 09:21:14] 192.168.1.42  8.8.8.8   A     6e735f37787d.4.exfil.badactor.cc
[2026-01-15 09:21:21] 192.168.1.55  8.8.8.8   A     cloudflare.com
[2026-01-15 09:21:28] 192.168.1.15  8.8.8.8   A     office365.com
[2026-01-15 09:21:35] 192.168.1.10  8.8.8.8   A     google.com
[2026-01-15 09:21:41] 192.168.1.31  8.8.8.8   A     miro.com
[2026-01-15 09:22:01] 192.168.1.18  8.8.8.8   A     github.com
[2026-01-15 09:22:08] 192.168.1.22  8.8.8.8   A     monday.com
[2026-01-15 09:22:14] 192.168.1.42  8.8.8.8   A     confluence.company.local
[2026-01-15 09:22:21] 192.168.1.55  8.8.8.8   A     heroku.com
[2026-01-15 09:22:28] 192.168.1.15  8.8.8.8   A     sharepoint.com
[2026-01-15 09:22:35] 192.168.1.10  8.8.8.8   A     docs.google.com

# ──────────────────────────────────────────────────────────────────────────────
# END OF CAPTURE
# Total records: 152 | Capture window: 82 minutes | Sensor: core-switch-01
