Edit tour

Windows Analysis Report
http://fitur-terbaru-dana-2024-s.pages.dev/

Overview

General Information

Sample URL:	http://fitur-terbaru-dana-2024-s.pages.dev/
Analysis ID:	1522076
Tags:	openphish
Infos:

Detection

HTMLPhisher

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected BlockedWebSite

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2972 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 572 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2016,i,1318543053693719760,17697591281558663939,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6388 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://fitur-terbaru-dana-2024-s.pages.dev/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_64	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security
0.1.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected BlockedWebSite

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_64, type: DROPPED

Source: https://fitur-terbaru-dana-2024-s.pages.dev/	HTTP Parser: No favicon
Source: https://fitur-terbaru-dana-2024-s.pages.dev/	HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49733 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49720 version: TLS 1.2

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49733 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: fitur-terbaru-dana-2024-s.pages.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: fitur-terbaru-dana-2024-s.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fitur-terbaru-dana-2024-s.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: fitur-terbaru-dana-2024-s.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fitur-terbaru-dana-2024-s.pages.dev/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: fitur-terbaru-dana-2024-s.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fitur-terbaru-dana-2024-s.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: fitur-terbaru-dana-2024-s.pages.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: fitur-terbaru-dana-2024-s.pages.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: fitur-terbaru-dana-2024-s.pages.dev
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://a.m.dana.id/danaweb/v3/DANA-Logo-white.svg
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://a.m.dana.id/resource/danaweb-v2/hero-personal-bg-subject.png);
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT8SntYkdBep6G96w5OXmttocg3MvwTqlnBfo_dx4
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhW-3Xsq1r5wVb5r0tfUzFr9KzB9hy1r0-W4GkBcDT
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhl9xJVYWF_a9vAhgW5QQgozvZVADTaJgIX64iO7a5
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8hbZEfutKvr9pkj0-mkJYWt-1SBtt3gw-HFOEZc0
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNmeP75Ev6Cw-purlAGWVZjlS_jwUbj1-GPhmzCwi
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7CjmR21syGPxsi4zmVfz9yIyXNR0mLxtwDodD2X6
Source: chromecache_66.2.dr	String found in binary or memory: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXK1GB8tRE9fzqXIcESOz-ukdeGt6Z7KpS7Yyt-Sk
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://cdn.jsdelivr.net/gh/AlexHostX/another
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css
Source: chromecache_66.2.dr	String found in binary or memory: https://code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://code.jquery.com/jquery-1.10.2.min.js
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.5.1.min.js
Source: chromecache_66.2.dr	String found in binary or memory: https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQZ9dATs_nkzyO-gSoQWbtIhJV7bG51r3gOKg&usqp=CAU
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Material
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Nunito:wght
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Varela
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://owlcarousel2.github.io/OwlCarousel2/assets/owlcarousel/assets/owl.carousel.min.css
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://owlcarousel2.github.io/OwlCarousel2/assets/owlcarousel/assets/owl.theme.default.min.css
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://owlcarousel2.github.io/OwlCarousel2/assets/owlcarousel/owl.carousel.js
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://owlcarousel2.github.io/OwlCarousel2/assets/vendors/jquery.min.js
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://siapjadi.com/brimo/bulamata-.png)
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://siapjadi.com/brimo0/bifast1/halo2.jpg)
Source: chromecache_62.2.dr, chromecache_66.2.dr	String found in binary or memory: https://siapjadi.com/header4.png)
Source: chromecache_66.2.dr	String found in binary or memory: https://unpkg.com/ionicons
Source: chromecache_64.2.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: chromecache_64.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
Source: chromecache_66.2.dr	String found in binary or memory: https://www.dana.id
Source: chromecache_66.2.dr	String found in binary or memory: https://www.dana.id/

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49720 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@17/16@8/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2016,i,1318543053693719760,17697591281558663939,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://fitur-terbaru-dana-2024-s.pages.dev/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2016,i,1318543053693719760,17697591281558663939,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
fitur-terbaru-dana-2024-s.pages.dev	172.66.47.104	true	false	unknown
www.google.com	216.58.206.68	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://fitur-terbaru-dana-2024-s.pages.dev/favicon.ico	false	unknown
https://fitur-terbaru-dana-2024-s.pages.dev/cdn-cgi/styles/cf.errors.css	false	unknown
https://fitur-terbaru-dana-2024-s.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637	false	unknown
https://fitur-terbaru-dana-2024-s.pages.dev/	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	chromecache_64.2.dr	false	unknown
https://siapjadi.com/header4.png)	chromecache_62.2.dr, chromecache_66.2.dr	false	unknown
https://code.jquery.com/jquery-1.10.2.min.js	chromecache_62.2.dr, chromecache_66.2.dr	false	unknown
https://siapjadi.com/brimo/bulamata-.png)	chromecache_62.2.dr, chromecache_66.2.dr	false	unknown
https://a.m.dana.id/resource/danaweb-v2/hero-personal-bg-subject.png);	chromecache_62.2.dr, chromecache_66.2.dr	false	unknown
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNmeP75Ev6Cw-purlAGWVZjlS_jwUbj1-GPhmzCwi	chromecache_62.2.dr, chromecache_66.2.dr	false	unknown
https://code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css	chromecache_66.2.dr	false	unknown
https://www.dana.id	chromecache_66.2.dr	false	unknown
https://cdn.jsdelivr.net/gh/AlexHostX/another	chromecache_62.2.dr, chromecache_66.2.dr	false	unknown
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXK1GB8tRE9fzqXIcESOz-ukdeGt6Z7KpS7Yyt-Sk	chromecache_66.2.dr	false	unknown
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7CjmR21syGPxsi4zmVfz9yIyXNR0mLxtwDodD2X6	chromecache_62.2.dr, chromecache_66.2.dr	false	unknown
https://www.cloudflare.com/5xx-error-landing	chromecache_64.2.dr	false	unknown
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT8SntYkdBep6G96w5OXmttocg3MvwTqlnBfo_dx4	chromecache_62.2.dr, chromecache_66.2.dr	false	unknown
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhl9xJVYWF_a9vAhgW5QQgozvZVADTaJgIX64iO7a5	chromecache_62.2.dr, chromecache_66.2.dr	false	unknown
https://owlcarousel2.github.io/OwlCarousel2/assets/owlcarousel/owl.carousel.js	chromecache_62.2.dr, chromecache_66.2.dr	false	unknown
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhW-3Xsq1r5wVb5r0tfUzFr9KzB9hy1r0-W4GkBcDT	chromecache_62.2.dr, chromecache_66.2.dr	false	unknown
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	chromecache_62.2.dr, chromecache_66.2.dr	false	unknown
https://owlcarousel2.github.io/OwlCarousel2/assets/vendors/jquery.min.js	chromecache_62.2.dr, chromecache_66.2.dr	false	unknown
https://code.jquery.com/jquery-3.5.1.min.js	chromecache_62.2.dr, chromecache_66.2.dr	false	unknown
https://a.m.dana.id/danaweb/v3/DANA-Logo-white.svg	chromecache_62.2.dr, chromecache_66.2.dr	false	unknown
https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css	chromecache_62.2.dr, chromecache_66.2.dr	false	unknown
https://www.dana.id/	chromecache_66.2.dr	false	unknown
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8hbZEfutKvr9pkj0-mkJYWt-1SBtt3gw-HFOEZc0	chromecache_62.2.dr, chromecache_66.2.dr	false	unknown
https://owlcarousel2.github.io/OwlCarousel2/assets/owlcarousel/assets/owl.theme.default.min.css	chromecache_62.2.dr, chromecache_66.2.dr	false	unknown
https://siapjadi.com/brimo0/bifast1/halo2.jpg)	chromecache_62.2.dr, chromecache_66.2.dr	false	unknown
https://unpkg.com/ionicons	chromecache_66.2.dr	false	unknown
https://owlcarousel2.github.io/OwlCarousel2/assets/owlcarousel/assets/owl.carousel.min.css	chromecache_62.2.dr, chromecache_66.2.dr	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.66.47.104	fitur-terbaru-dana-2024-s.pages.dev	United States	13335	CLOUDFLARENETUS	false
172.66.44.152	unknown	United States	13335	CLOUDFLARENETUS	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1522076
Start date and time:	2024-09-29 08:14:50 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://fitur-terbaru-dana-2024-s.pages.dev/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@17/16@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.18.3, 172.217.18.14, 74.125.71.84, 34.104.35.123, 4.245.163.56, 2.16.100.168, 88.221.110.91, 192.229.221.95, 13.85.23.206, 20.3.187.198, 142.250.185.131, 199.232.214.172
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://fitur-terbaru-dana-2024-s.pages.dev/

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://fitur-terbaru-dana-2024-s.pages.dev/ Model: jbxai	{ "brand":[], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Learn More", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://fitur-terbaru-dana-2024-s.pages.dev/ Model: jbxai	{ "brand":["Cloudflare"], "contains_trigger_text":true, "trigger_text":"This website has been reported for potential phishing. Phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source.", "prominent_button_name":"Learn More", "text_input_field_labels":["Your IP: 8.46.123.33 Performance & security by Cloudflare"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 05:15:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.978424242041398
Encrypted:	false
SSDEEP:	48:8AdUcT0ArsHAWidAKZdA19ehwiZUklqehHy+3:8ALuAy
MD5:	47E84A3EE92A926F6EF9C6CDC0A2E449
SHA1:	175E63D6A76245389ADFA2571087FFE56F4B465C
SHA-256:	45DCD4FC334367C57FAB92DEE3F7AAE07AFBF495664E1CFAA75D5F0CDF132589
SHA-512:	F604E8C0D0F9424DB05C6A9420980DAA6B6627BF83A589437551E286DD78CD54F9B4CD6E1988341BC85D57AFED2D51216DBAE70CD2DD63A72016EDE65E992EEB
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......".7...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.1....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 05:15:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9902054894795014
Encrypted:	false
SSDEEP:	48:8JdUcT0ArsHAWidAKZdA1weh/iZUkAQkqehwy+2:8XLs9QFy
MD5:	EACC60BFF8909AEB5B1BDCC28DD0B952
SHA1:	CE6FA766A85B257EA7F65D4064FA1A4893FC482C
SHA-256:	CDCB7BA501C41D8C1E64BE7BC471EA69BB9A1F6797331DDB6C0E082CEF7E88BF
SHA-512:	1E326844C2385010C43017DD9F01C9D0BC3894C24DCFCBC7475CAF782511B8BA8EB812E864C7C84F0F8353A5D395635167CB63647B017B6D366497E5E4907225
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....4..7...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.1....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.004363485400761
Encrypted:	false
SSDEEP:	48:8xcdUcT0ArsHAWidAKZdA14tseh7sFiZUkmgqeh7sOy+BX:8xcLknEy
MD5:	EAD442108D858BCE7117C47ED799E772
SHA1:	A144E9FC58A5FECD24CC9D87DCBFF3948A0BEBB4
SHA-256:	C8A285EAD022206B8818C3B402AA55C174198FDD50C9BAF11E03CE871AA5355F
SHA-512:	1605374ED6090B13977701264DB798F1EFC0466EE829F4F9A2BFF3F7A0C116C80779BE0CF0C1215F77A07DDD2B259FA29F3E3A3E2133E292AB326C90824778FE
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.1....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 05:15:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9905768586966346
Encrypted:	false
SSDEEP:	48:8RdUcT0ArsHAWidAKZdA1vehDiZUkwqehMy+R:8PLX2y
MD5:	4F959686A82356438BDC07F655497F19
SHA1:	67A388F034E8A48F2EFA7C280EEDEA17A1679DBB
SHA-256:	9E8733EBBDD82EAF221AA37A67F22D67E24565D64FD0218438C11254BAEA53C1
SHA-512:	88EF1D1193F836C92E876A581021CB31A6C0BA4A8A4899C96FBAB6169874CE11507A73053DCB3177100D257A1E5E7459BD407A33D4BA019D7A66FF64AE49918D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,...../..7...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.1....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 05:15:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.980028732827238
Encrypted:	false
SSDEEP:	48:81dUcT0ArsHAWidAKZdA1hehBiZUk1W1qehiy+C:8DLn9Cy
MD5:	414A86F8987FCD5BDAFB9E572D7841E5
SHA1:	C59C09C42881E3C5D399DDDC3966827A8CD43132
SHA-256:	5D3E647B52927BCF3DE8523F0CF4A848AF3E92956CA94ACE968BA6BADE151709
SHA-512:	D90307DE80AD5AF0CE14A848C642C4F6DAAFF5D80F7C556263571A9873D8BD22AC21354DCC554945B6EB9049EC9BAF04D4DAB4FA6E7F9E8B68E26EB9FD822BAB
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........7...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.1....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 05:15:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.987696795785672
Encrypted:	false
SSDEEP:	48:8cdUcT0ArsHAWidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbEy+yT+:8cLvT/TbxWOvTbEy7T
MD5:	6610B5722CF475DF19B4DB2B0BE67735
SHA1:	A3E529E46BDBA5816099E524CFD194FAD080F442
SHA-256:	22D32CE89259F7CCF7375DE004748972FFA4FC2BEEDDC59946A7187B9E32111B
SHA-512:	6B5B4CB095058C1F92E38154BCEABD77A784CD0EE653BA21E67C145DFE56A7CDB10460C0F1C27B145DA1E0660A92CCC4102AEBA6B8B4B267C26AC2326592A541
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........7...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.1....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (529)
Category:	downloaded
Size (bytes):	36424
Entropy (8bit):	5.221837406690279
Encrypted:	false
SSDEEP:	768:ya5WqlydWFKFZ4FhlFEFp1FhhFk3OBvPw/7Uigf0//po24aZxPg1Pk4:BWjdWwM/lSD1fhYOBvPM73ejbaZxPg1t
MD5:	8D5BFEA00B603576542403D0AD713C11
SHA1:	A041C98C6174BF3477583FECB59AE2FABEBADAB3
SHA-256:	F89EF373418977BC27A13D3AA2921C88FCFFCDC0BE8BBA06B9D7AEFA1DF60BAB
SHA-512:	17B35901C8D9D46EE0613CFEE8166EDADD696AD8BDBDBA928A0503AE6423A333530B81FF629D85FDA45D9FAE2D17B0F8893A7A84D95C464D88DCD94BD91505F9
Malicious:	false
Reputation:	low
URL:	https://fitur-terbaru-dana-2024-s.pages.dev/favicon.ico
Preview:	<html Permissions-Policy: autoplay=(self "dana.mp4").>.<head>..<meta charset="UTF-8">. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">. <meta name="theme-color" content="#118EEA">. <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0, maximum-scale=1">. <title>........ .... \| ................ ..........</title>. <meta name="description" content="DANA adalah bentuk baru uang tunai yang lebih baik. Transaksi apapun, berapapun dan dimanapun jadi mudah bersama DANA. Ambil bagian dalam transformasi keuangan digital di Indonesia sekarang!">.. Facebook Meta Tags -->. <meta property="og:url" content="https://www.dana.id">. <meta property="og:type" content="website">. <meta property="og:title" content="........ .... \| ................ ..........">. <meta property="og:description" content="DANA adalah bentuk baru uang tunai yang lebih baik

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (24050)
Category:	downloaded
Size (bytes):	24051
Entropy (8bit):	4.941039417164537
Encrypted:	false
SSDEEP:	192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk
MD5:	5E8C69A459A691B5D1B9BE442332C87D
SHA1:	F24DD1AD7C9080575D92A9A9A2C42620725EF836
SHA-256:	84E3C77025ACE5AF143972B4A40FC834DCDFD4E449D4B36A57E62326F16B3091
SHA-512:	6DB74B262D717916DE0B0B600EEAD2CC6A10E52A9E26D701FAE761FCBC931F35F251553669A92BE3B524F380F32E62AC6AD572BEA23C78965228CE9EFB92ED42
Malicious:	false
Reputation:	low
URL:	https://fitur-terbaru-dana-2024-s.pages.dev/cdn-cgi/styles/cf.errors.css
Preview:	#cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapper del,#cf-wrapper details,#cf-wrapper dfn,#cf-wrapper div,#cf-wrapper dl,#cf-wrapper dt,#cf-wrapper em,#cf-wrapper embed,#cf-wrapper fieldset,#cf-wrapper figcaption,#cf-wrapper figure,#cf-wrapper footer,#cf-wrapper form,#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3,#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper header,#cf-wrapper hgroup,#cf-wrapper html,#cf-wrapper i,#cf-wrapper iframe,#cf-wrapper img,#cf-wrapper label,#cf-wrapper legend,#cf-wrapper li,#cf-wrapper mark,#cf-wrapper menu,#cf-wrapper nav,#cf-wrapper object,#cf-wrapper ol,#cf-wrapper output,#cf-wrapper p,#cf-wrapper pre,#cf-wrapper s,#cf-wrapper samp,#cf-wrapper section,#cf-wrapper small,#cf-wrapper span,#cf-wrapper strike,#cf-wrapper strong,#cf-wrapper sub,#cf-w

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (394)
Category:	downloaded
Size (bytes):	4394
Entropy (8bit):	5.077331982949202
Encrypted:	false
SSDEEP:	96:1j9jwIjYjUDK/D5DMF+BOisO+A2ZLimzSrR49PaQxJbGD:1j9jhjYjIK/Vo+tsO6ZOmzSrO9ieJGD
MD5:	2B6E69929B2F67A66E43F67956C70622
SHA1:	F5E14276CE3335B81F70803EE7C957BF77F7788E
SHA-256:	A13D5EE7B0ACBD5876D8666B17011D9A8F468ED16850077EC88F6DE0A156CD79
SHA-512:	93C3C2F7DE6CAB3E2FB3898079A48ED355B9007C8D6DCE648F02B302E8311E385B6E6ECDEE3F1728BD49F7C55329843E5E2BC4B1E002CCD6AB0FF0CAF2DBF68F
Malicious:	false
Reputation:	low
URL:	https://fitur-terbaru-dana-2024-s.pages.dev/
Preview:	<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Suspected phishing site \| Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
URL:	https://fitur-terbaru-dana-2024-s.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (529)
Category:	dropped
Size (bytes):	36424
Entropy (8bit):	5.221837406690279
Encrypted:	false
SSDEEP:	768:ya5WqlydWFKFZ4FhlFEFp1FhhFk3OBvPw/7Uigf0//po24aZxPg1Pk4:BWjdWwM/lSD1fhYOBvPM73ejbaZxPg1t
MD5:	8D5BFEA00B603576542403D0AD713C11
SHA1:	A041C98C6174BF3477583FECB59AE2FABEBADAB3
SHA-256:	F89EF373418977BC27A13D3AA2921C88FCFFCDC0BE8BBA06B9D7AEFA1DF60BAB
SHA-512:	17B35901C8D9D46EE0613CFEE8166EDADD696AD8BDBDBA928A0503AE6423A333530B81FF629D85FDA45D9FAE2D17B0F8893A7A84D95C464D88DCD94BD91505F9
Malicious:	false
Reputation:	low
Preview:	<html Permissions-Policy: autoplay=(self "dana.mp4").>.<head>..<meta charset="UTF-8">. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">. <meta name="theme-color" content="#118EEA">. <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0, maximum-scale=1">. <title>........ .... \| ................ ..........</title>. <meta name="description" content="DANA adalah bentuk baru uang tunai yang lebih baik. Transaksi apapun, berapapun dan dimanapun jadi mudah bersama DANA. Ambil bagian dalam transformasi keuangan digital di Indonesia sekarang!">.. Facebook Meta Tags -->. <meta property="og:url" content="https://www.dana.id">. <meta property="og:type" content="website">. <meta property="og:title" content="........ .... \| ................ ..........">. <meta property="og:description" content="DANA adalah bentuk baru uang tunai yang lebih baik

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 08:15:36.131947041 CEST	49674	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:15:36.131967068 CEST	49675	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:15:36.225708961 CEST	49673	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:15:44.218492985 CEST	49709	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:44.218564987 CEST	443	49709	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:44.218643904 CEST	49709	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:44.219077110 CEST	49709	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:44.219110966 CEST	443	49709	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:44.694276094 CEST	443	49709	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:44.726856947 CEST	49709	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:44.726900101 CEST	443	49709	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:44.732393980 CEST	443	49709	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:44.732475996 CEST	49709	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:44.745834112 CEST	49709	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:44.745887995 CEST	49709	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:44.745954037 CEST	49709	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:44.746102095 CEST	443	49709	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:44.746197939 CEST	49709	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:44.746393919 CEST	49710	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:44.746439934 CEST	443	49710	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:44.747590065 CEST	49710	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:44.748495102 CEST	49710	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:44.748523951 CEST	443	49710	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:45.211513042 CEST	443	49710	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:45.219383001 CEST	49710	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:45.219474077 CEST	443	49710	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:45.220442057 CEST	443	49710	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:45.220516920 CEST	49710	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:45.223685980 CEST	49710	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:45.223752022 CEST	443	49710	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:45.224803925 CEST	49710	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:45.224822044 CEST	443	49710	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:45.275522947 CEST	49710	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:45.336174965 CEST	443	49710	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:45.336216927 CEST	443	49710	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:45.336245060 CEST	443	49710	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:45.336263895 CEST	49710	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:45.336270094 CEST	443	49710	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:45.336282015 CEST	443	49710	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:45.336318970 CEST	49710	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:45.336350918 CEST	443	49710	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:45.336401939 CEST	49710	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:45.344463110 CEST	49710	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:45.344500065 CEST	443	49710	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:45.454102039 CEST	49713	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:45.454140902 CEST	443	49713	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:45.454217911 CEST	49713	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:45.454531908 CEST	49713	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:45.454546928 CEST	443	49713	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:45.743633032 CEST	49674	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:15:45.743659019 CEST	49675	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:15:45.826679945 CEST	49673	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:15:45.915973902 CEST	443	49713	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:45.961924076 CEST	49713	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:46.316108942 CEST	49713	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:46.316139936 CEST	443	49713	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:46.320252895 CEST	443	49713	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:46.320333958 CEST	49713	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:46.321923971 CEST	49713	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:46.322086096 CEST	49713	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:46.322113037 CEST	443	49713	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:46.322222948 CEST	49713	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:46.322237015 CEST	443	49713	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:46.322247028 CEST	49713	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:46.322288036 CEST	49713	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:46.323137045 CEST	49714	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:46.323158979 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:46.323225021 CEST	49714	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:46.325820923 CEST	49714	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:46.325829029 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:46.783097029 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:46.784818888 CEST	49714	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:46.784832954 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:46.785110950 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:46.786668062 CEST	49714	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:46.786714077 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:46.786933899 CEST	49714	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:46.831410885 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:46.920802116 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:46.920842886 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:46.920866013 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:46.920887947 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:46.920907021 CEST	49714	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:46.920917034 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:46.920939922 CEST	49714	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:46.920957088 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:46.920983076 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:46.920996904 CEST	49714	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:46.921000004 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:46.921341896 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:46.921361923 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:46.921369076 CEST	49714	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:46.921379089 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:46.921406031 CEST	49714	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:46.970058918 CEST	49714	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:46.970067978 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:47.007378101 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:47.007411003 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:47.007426977 CEST	49714	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:47.007433891 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:47.007468939 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:47.007482052 CEST	49714	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:47.007487059 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:47.007517099 CEST	49714	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:47.007519960 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:47.007606030 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:47.007643938 CEST	49714	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:47.015101910 CEST	49714	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:47.015120029 CEST	443	49714	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:47.118923903 CEST	49715	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:15:47.118979931 CEST	443	49715	184.28.90.27	192.168.2.5
Sep 29, 2024 08:15:47.119040966 CEST	49715	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:15:47.120825052 CEST	49715	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:15:47.120845079 CEST	443	49715	184.28.90.27	192.168.2.5
Sep 29, 2024 08:15:47.410171986 CEST	49716	443	192.168.2.5	216.58.206.68
Sep 29, 2024 08:15:47.410221100 CEST	443	49716	216.58.206.68	192.168.2.5
Sep 29, 2024 08:15:47.410290003 CEST	49716	443	192.168.2.5	216.58.206.68
Sep 29, 2024 08:15:47.411958933 CEST	49717	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:47.411967993 CEST	443	49717	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:47.412026882 CEST	49717	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:47.413749933 CEST	49716	443	192.168.2.5	216.58.206.68
Sep 29, 2024 08:15:47.413764000 CEST	443	49716	216.58.206.68	192.168.2.5
Sep 29, 2024 08:15:47.421483040 CEST	49717	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:47.421506882 CEST	443	49717	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:47.493334055 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 29, 2024 08:15:47.493433952 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:15:47.763777971 CEST	443	49715	184.28.90.27	192.168.2.5
Sep 29, 2024 08:15:47.763871908 CEST	49715	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:15:47.787795067 CEST	49715	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:15:47.787828922 CEST	443	49715	184.28.90.27	192.168.2.5
Sep 29, 2024 08:15:47.788750887 CEST	443	49715	184.28.90.27	192.168.2.5
Sep 29, 2024 08:15:47.836400032 CEST	49715	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:15:47.877335072 CEST	443	49717	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:47.903884888 CEST	49717	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:47.903911114 CEST	443	49717	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:47.904854059 CEST	443	49717	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:47.904917002 CEST	49717	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:47.948385954 CEST	49717	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:47.948410034 CEST	49717	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:47.948508978 CEST	443	49717	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:47.948667049 CEST	49717	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:47.948702097 CEST	49717	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:47.948709011 CEST	443	49717	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:47.948755026 CEST	49717	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:47.949007034 CEST	49718	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:47.949035883 CEST	443	49718	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:47.949103117 CEST	49718	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:47.949516058 CEST	49718	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:47.949529886 CEST	443	49718	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:48.053669930 CEST	49715	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:15:48.074075937 CEST	443	49716	216.58.206.68	192.168.2.5
Sep 29, 2024 08:15:48.074512005 CEST	49716	443	192.168.2.5	216.58.206.68
Sep 29, 2024 08:15:48.074527025 CEST	443	49716	216.58.206.68	192.168.2.5
Sep 29, 2024 08:15:48.075423002 CEST	443	49716	216.58.206.68	192.168.2.5
Sep 29, 2024 08:15:48.075480938 CEST	49716	443	192.168.2.5	216.58.206.68
Sep 29, 2024 08:15:48.079786062 CEST	49716	443	192.168.2.5	216.58.206.68
Sep 29, 2024 08:15:48.079839945 CEST	443	49716	216.58.206.68	192.168.2.5
Sep 29, 2024 08:15:48.099401951 CEST	443	49715	184.28.90.27	192.168.2.5
Sep 29, 2024 08:15:48.133549929 CEST	49716	443	192.168.2.5	216.58.206.68
Sep 29, 2024 08:15:48.133560896 CEST	443	49716	216.58.206.68	192.168.2.5
Sep 29, 2024 08:15:48.239481926 CEST	443	49715	184.28.90.27	192.168.2.5
Sep 29, 2024 08:15:48.239692926 CEST	443	49715	184.28.90.27	192.168.2.5
Sep 29, 2024 08:15:48.239778042 CEST	49715	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:15:48.240057945 CEST	49715	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:15:48.240078926 CEST	443	49715	184.28.90.27	192.168.2.5
Sep 29, 2024 08:15:48.240139961 CEST	49715	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:15:48.240144968 CEST	443	49715	184.28.90.27	192.168.2.5
Sep 29, 2024 08:15:48.265818119 CEST	49720	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:15:48.265935898 CEST	443	49720	184.28.90.27	192.168.2.5
Sep 29, 2024 08:15:48.266103983 CEST	49720	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:15:48.269077063 CEST	49720	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:15:48.269109964 CEST	443	49720	184.28.90.27	192.168.2.5
Sep 29, 2024 08:15:48.338365078 CEST	49716	443	192.168.2.5	216.58.206.68
Sep 29, 2024 08:15:48.406867981 CEST	443	49718	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:48.407217026 CEST	49718	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:48.407244921 CEST	443	49718	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:48.408159018 CEST	443	49718	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:48.408231974 CEST	49718	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:48.408665895 CEST	49718	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:48.408822060 CEST	443	49718	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:48.409082890 CEST	49718	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:48.409089088 CEST	443	49718	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:48.468947887 CEST	49718	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:48.537941933 CEST	443	49718	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:48.537993908 CEST	443	49718	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:48.542929888 CEST	49718	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:48.591340065 CEST	49718	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:48.591372013 CEST	443	49718	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:48.861696959 CEST	49721	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:48.861767054 CEST	443	49721	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:48.861901999 CEST	49721	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:48.862596035 CEST	49721	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:48.862612009 CEST	443	49721	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:48.880116940 CEST	49722	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:48.880158901 CEST	443	49722	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:48.880291939 CEST	49722	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:48.880594015 CEST	49722	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:48.880606890 CEST	443	49722	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:48.917017937 CEST	443	49720	184.28.90.27	192.168.2.5
Sep 29, 2024 08:15:48.917087078 CEST	49720	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:15:48.919164896 CEST	49720	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:15:48.919192076 CEST	443	49720	184.28.90.27	192.168.2.5
Sep 29, 2024 08:15:48.919501066 CEST	443	49720	184.28.90.27	192.168.2.5
Sep 29, 2024 08:15:48.921468019 CEST	49720	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:15:48.963403940 CEST	443	49720	184.28.90.27	192.168.2.5
Sep 29, 2024 08:15:49.193923950 CEST	443	49720	184.28.90.27	192.168.2.5
Sep 29, 2024 08:15:49.194108963 CEST	443	49720	184.28.90.27	192.168.2.5
Sep 29, 2024 08:15:49.194171906 CEST	49720	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:15:49.196928978 CEST	49720	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:15:49.196969986 CEST	443	49720	184.28.90.27	192.168.2.5
Sep 29, 2024 08:15:49.196999073 CEST	49720	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:15:49.197014093 CEST	443	49720	184.28.90.27	192.168.2.5
Sep 29, 2024 08:15:49.330363989 CEST	443	49721	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:49.331069946 CEST	49721	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:49.331120014 CEST	443	49721	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:49.332520962 CEST	443	49721	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:49.332585096 CEST	49721	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:49.334135056 CEST	49721	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:49.334168911 CEST	49721	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:49.334203005 CEST	49721	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:49.334244013 CEST	443	49721	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:49.334317923 CEST	49721	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:49.334732056 CEST	49723	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:49.334851027 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:49.334935904 CEST	49723	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:49.335443974 CEST	49723	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:49.335495949 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:49.336889982 CEST	443	49722	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:49.337124109 CEST	49722	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:49.337151051 CEST	443	49722	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:49.338044882 CEST	443	49722	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:49.338092089 CEST	49722	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:49.339325905 CEST	49722	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:49.339346886 CEST	49722	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:49.339376926 CEST	443	49722	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:49.339469910 CEST	49722	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:49.339476109 CEST	443	49722	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:49.339485884 CEST	49722	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:49.339512110 CEST	49722	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:49.340387106 CEST	49724	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:49.340429068 CEST	443	49724	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:49.340478897 CEST	49724	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:49.341310978 CEST	49724	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:49.341325045 CEST	443	49724	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:49.793191910 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:49.798846006 CEST	443	49724	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:49.889092922 CEST	49723	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:49.889133930 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:49.889200926 CEST	49724	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:49.889218092 CEST	443	49724	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:49.890250921 CEST	443	49724	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:49.890263081 CEST	443	49724	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:49.890307903 CEST	49724	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:49.890630960 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:49.930382967 CEST	49723	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:49.951092958 CEST	49724	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:49.951215029 CEST	443	49724	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:49.951423883 CEST	49723	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:49.951617002 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:49.951749086 CEST	49723	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:49.951770067 CEST	49724	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:49.951786041 CEST	443	49724	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:49.995395899 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.050333977 CEST	443	49724	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:50.050529003 CEST	49724	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:50.051053047 CEST	49724	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:50.051073074 CEST	443	49724	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:50.088819981 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.088920116 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.088963985 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.088993073 CEST	49723	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:50.089008093 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.089025021 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.089108944 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.089133024 CEST	49723	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:50.089152098 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.089183092 CEST	49723	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:50.089637041 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.089886904 CEST	49723	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:50.089895010 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.093499899 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.093554020 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.093579054 CEST	49723	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:50.093585968 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.093808889 CEST	49723	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:50.175623894 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.175718069 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.175775051 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.175818920 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.175844908 CEST	49723	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:50.175858021 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.175905943 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.175930023 CEST	49723	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:50.175936937 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.176023960 CEST	49723	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:50.176326990 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.176526070 CEST	49723	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:50.176532984 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.176681995 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.176729918 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.176753998 CEST	49723	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:50.176768064 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.176805019 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.176876068 CEST	49723	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:50.176882982 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.177113056 CEST	49723	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:50.177330017 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.177489042 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.177628994 CEST	49723	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:50.177768946 CEST	49723	443	192.168.2.5	172.66.47.104
Sep 29, 2024 08:15:50.177784920 CEST	443	49723	172.66.47.104	192.168.2.5
Sep 29, 2024 08:15:50.452797890 CEST	49725	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:50.452848911 CEST	443	49725	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:50.453115940 CEST	49725	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:50.455826044 CEST	49725	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:50.455838919 CEST	443	49725	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:50.919534922 CEST	443	49725	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:51.039812088 CEST	49725	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:51.420713902 CEST	49725	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:51.420751095 CEST	443	49725	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:51.424750090 CEST	443	49725	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:51.424787045 CEST	443	49725	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:51.424818993 CEST	49725	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:51.426268101 CEST	49725	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:51.426318884 CEST	49725	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:51.426462889 CEST	443	49725	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:51.426474094 CEST	49725	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:51.426582098 CEST	49725	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:51.427469969 CEST	49726	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:51.427508116 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:51.427561045 CEST	49726	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:51.427833080 CEST	49726	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:51.427843094 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:51.886764050 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:51.887052059 CEST	49726	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:51.887083054 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:51.887576103 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:51.887897968 CEST	49726	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:51.887975931 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:51.888051987 CEST	49726	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:51.935405016 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.064450026 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.064657927 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.064749956 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.064810991 CEST	49726	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:52.064829111 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.064860106 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.064877033 CEST	49726	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:52.065001965 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.065064907 CEST	49726	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:52.065078974 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.065228939 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.065273046 CEST	49726	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:52.065280914 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.068867922 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.068948030 CEST	49726	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:52.068963051 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.117883921 CEST	49726	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:52.150367022 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.150546074 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.150610924 CEST	49726	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:52.150629044 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.150726080 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.150770903 CEST	49726	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:52.150779009 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.150892973 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.150971889 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.151032925 CEST	49726	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:52.151045084 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.151087046 CEST	49726	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:52.151093006 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.151501894 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.151551962 CEST	49726	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:52.151560068 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.151670933 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.151721001 CEST	49726	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:52.151727915 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.151812077 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.151890039 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.151909113 CEST	49726	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:52.151916981 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.152154922 CEST	49726	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:52.152160883 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.152179003 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:52.152251005 CEST	49726	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:52.152487993 CEST	49726	443	192.168.2.5	172.66.44.152
Sep 29, 2024 08:15:52.152503014 CEST	443	49726	172.66.44.152	192.168.2.5
Sep 29, 2024 08:15:57.962328911 CEST	443	49716	216.58.206.68	192.168.2.5
Sep 29, 2024 08:15:57.962410927 CEST	443	49716	216.58.206.68	192.168.2.5
Sep 29, 2024 08:15:57.965054035 CEST	49716	443	192.168.2.5	216.58.206.68
Sep 29, 2024 08:15:59.009802103 CEST	49716	443	192.168.2.5	216.58.206.68
Sep 29, 2024 08:15:59.009833097 CEST	443	49716	216.58.206.68	192.168.2.5
Sep 29, 2024 08:15:59.104249001 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:15:59.105669022 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:15:59.109082937 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 29, 2024 08:15:59.110503912 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 29, 2024 08:15:59.118601084 CEST	49733	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:15:59.118644953 CEST	443	49733	23.1.237.91	192.168.2.5
Sep 29, 2024 08:15:59.118839025 CEST	49733	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:15:59.129700899 CEST	49733	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:15:59.129718065 CEST	443	49733	23.1.237.91	192.168.2.5
Sep 29, 2024 08:15:59.716857910 CEST	443	49733	23.1.237.91	192.168.2.5
Sep 29, 2024 08:15:59.716959000 CEST	49733	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:16:18.865506887 CEST	443	49733	23.1.237.91	192.168.2.5
Sep 29, 2024 08:16:18.865566969 CEST	49733	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:16:47.641459942 CEST	49737	443	192.168.2.5	216.58.206.68
Sep 29, 2024 08:16:47.641515017 CEST	443	49737	216.58.206.68	192.168.2.5
Sep 29, 2024 08:16:47.641581059 CEST	49737	443	192.168.2.5	216.58.206.68
Sep 29, 2024 08:16:47.641874075 CEST	49737	443	192.168.2.5	216.58.206.68
Sep 29, 2024 08:16:47.641887903 CEST	443	49737	216.58.206.68	192.168.2.5
Sep 29, 2024 08:16:48.295958996 CEST	443	49737	216.58.206.68	192.168.2.5
Sep 29, 2024 08:16:48.296492100 CEST	49737	443	192.168.2.5	216.58.206.68
Sep 29, 2024 08:16:48.296509027 CEST	443	49737	216.58.206.68	192.168.2.5
Sep 29, 2024 08:16:48.296974897 CEST	443	49737	216.58.206.68	192.168.2.5
Sep 29, 2024 08:16:48.297856092 CEST	49737	443	192.168.2.5	216.58.206.68
Sep 29, 2024 08:16:48.297933102 CEST	443	49737	216.58.206.68	192.168.2.5
Sep 29, 2024 08:16:48.353343010 CEST	49737	443	192.168.2.5	216.58.206.68
Sep 29, 2024 08:16:58.212500095 CEST	443	49737	216.58.206.68	192.168.2.5
Sep 29, 2024 08:16:58.212572098 CEST	443	49737	216.58.206.68	192.168.2.5
Sep 29, 2024 08:16:58.215095043 CEST	49737	443	192.168.2.5	216.58.206.68
Sep 29, 2024 08:16:59.190053940 CEST	49737	443	192.168.2.5	216.58.206.68
Sep 29, 2024 08:16:59.190082073 CEST	443	49737	216.58.206.68	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 08:15:42.285092115 CEST	53	59300	1.1.1.1	192.168.2.5
Sep 29, 2024 08:15:42.379301071 CEST	53	62586	1.1.1.1	192.168.2.5
Sep 29, 2024 08:15:43.702856064 CEST	53	62118	1.1.1.1	192.168.2.5
Sep 29, 2024 08:15:44.188366890 CEST	58720	53	192.168.2.5	1.1.1.1
Sep 29, 2024 08:15:44.188551903 CEST	56555	53	192.168.2.5	1.1.1.1
Sep 29, 2024 08:15:44.200047970 CEST	53	58720	1.1.1.1	192.168.2.5
Sep 29, 2024 08:15:44.200179100 CEST	53	56555	1.1.1.1	192.168.2.5
Sep 29, 2024 08:15:44.205349922 CEST	59093	53	192.168.2.5	1.1.1.1
Sep 29, 2024 08:15:44.205600023 CEST	64451	53	192.168.2.5	1.1.1.1
Sep 29, 2024 08:15:44.216903925 CEST	53	64451	1.1.1.1	192.168.2.5
Sep 29, 2024 08:15:44.217870951 CEST	53	59093	1.1.1.1	192.168.2.5
Sep 29, 2024 08:15:47.287199020 CEST	52911	53	192.168.2.5	1.1.1.1
Sep 29, 2024 08:15:47.287667990 CEST	64217	53	192.168.2.5	1.1.1.1
Sep 29, 2024 08:15:47.293915987 CEST	53	52911	1.1.1.1	192.168.2.5
Sep 29, 2024 08:15:47.294151068 CEST	53	64217	1.1.1.1	192.168.2.5
Sep 29, 2024 08:15:48.869807005 CEST	63587	53	192.168.2.5	1.1.1.1
Sep 29, 2024 08:15:48.870357037 CEST	62405	53	192.168.2.5	1.1.1.1
Sep 29, 2024 08:15:48.879508018 CEST	53	62405	1.1.1.1	192.168.2.5
Sep 29, 2024 08:15:48.879525900 CEST	53	63587	1.1.1.1	192.168.2.5
Sep 29, 2024 08:16:01.013035059 CEST	53	51088	1.1.1.1	192.168.2.5
Sep 29, 2024 08:16:19.673238993 CEST	53	53714	1.1.1.1	192.168.2.5
Sep 29, 2024 08:16:42.105024099 CEST	53	60846	1.1.1.1	192.168.2.5
Sep 29, 2024 08:16:42.137025118 CEST	53	54433	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 29, 2024 08:15:44.188366890 CEST	192.168.2.5	1.1.1.1	0xf7d3	Standard query (0)	fitur-terbaru-dana-2024-s.pages.dev	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:15:44.188551903 CEST	192.168.2.5	1.1.1.1	0xf41b	Standard query (0)	fitur-terbaru-dana-2024-s.pages.dev	65	IN (0x0001)	false
Sep 29, 2024 08:15:44.205349922 CEST	192.168.2.5	1.1.1.1	0x677d	Standard query (0)	fitur-terbaru-dana-2024-s.pages.dev	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:15:44.205600023 CEST	192.168.2.5	1.1.1.1	0x64b2	Standard query (0)	fitur-terbaru-dana-2024-s.pages.dev	65	IN (0x0001)	false
Sep 29, 2024 08:15:47.287199020 CEST	192.168.2.5	1.1.1.1	0x7895	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:15:47.287667990 CEST	192.168.2.5	1.1.1.1	0xec02	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 29, 2024 08:15:48.869807005 CEST	192.168.2.5	1.1.1.1	0x554e	Standard query (0)	fitur-terbaru-dana-2024-s.pages.dev	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:15:48.870357037 CEST	192.168.2.5	1.1.1.1	0x5def	Standard query (0)	fitur-terbaru-dana-2024-s.pages.dev	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 29, 2024 08:15:44.200047970 CEST	1.1.1.1	192.168.2.5	0xf7d3	No error (0)	fitur-terbaru-dana-2024-s.pages.dev		172.66.47.104	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:15:44.200047970 CEST	1.1.1.1	192.168.2.5	0xf7d3	No error (0)	fitur-terbaru-dana-2024-s.pages.dev		172.66.44.152	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:15:44.200179100 CEST	1.1.1.1	192.168.2.5	0xf41b	No error (0)	fitur-terbaru-dana-2024-s.pages.dev			65	IN (0x0001)	false
Sep 29, 2024 08:15:44.216903925 CEST	1.1.1.1	192.168.2.5	0x64b2	No error (0)	fitur-terbaru-dana-2024-s.pages.dev			65	IN (0x0001)	false
Sep 29, 2024 08:15:44.217870951 CEST	1.1.1.1	192.168.2.5	0x677d	No error (0)	fitur-terbaru-dana-2024-s.pages.dev		172.66.47.104	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:15:44.217870951 CEST	1.1.1.1	192.168.2.5	0x677d	No error (0)	fitur-terbaru-dana-2024-s.pages.dev		172.66.44.152	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:15:47.293915987 CEST	1.1.1.1	192.168.2.5	0x7895	No error (0)	www.google.com		216.58.206.68	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:15:47.294151068 CEST	1.1.1.1	192.168.2.5	0xec02	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 29, 2024 08:15:48.879508018 CEST	1.1.1.1	192.168.2.5	0x5def	No error (0)	fitur-terbaru-dana-2024-s.pages.dev			65	IN (0x0001)	false
Sep 29, 2024 08:15:48.879525900 CEST	1.1.1.1	192.168.2.5	0x554e	No error (0)	fitur-terbaru-dana-2024-s.pages.dev		172.66.44.152	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:15:48.879525900 CEST	1.1.1.1	192.168.2.5	0x554e	No error (0)	fitur-terbaru-dana-2024-s.pages.dev		172.66.47.104	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:15:58.104444027 CEST	1.1.1.1	192.168.2.5	0x393a	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 08:15:58.104444027 CEST	1.1.1.1	192.168.2.5	0x393a	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:16:11.908144951 CEST	1.1.1.1	192.168.2.5	0x2799	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 08:16:11.908144951 CEST	1.1.1.1	192.168.2.5	0x2799	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:16:34.767746925 CEST	1.1.1.1	192.168.2.5	0xf3e4	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 08:16:34.767746925 CEST	1.1.1.1	192.168.2.5	0xf3e4	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:16:55.285633087 CEST	1.1.1.1	192.168.2.5	0xff4c	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 08:16:55.285633087 CEST	1.1.1.1	192.168.2.5	0xff4c	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:16:59.468662977 CEST	1.1.1.1	192.168.2.5	0xd814	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:16:59.468662977 CEST	1.1.1.1	192.168.2.5	0xd814	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fitur-terbaru-dana-2024-s.pages.dev

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49710	172.66.47.104	443	572	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:15:45 UTC	678	OUT	GET / HTTP/1.1 Host: fitur-terbaru-dana-2024-s.pages.dev Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 06:15:45 UTC	628	IN	HTTP/1.1 200 OK Date: Sun, 29 Sep 2024 06:15:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bvOOdwXF%2Fq71OFmKHVnG9SnGMWdHd0WthuLF%2BiaSKfKLBf7bymz73VlAhCHRWKO3QE5sMHjcG%2BB3gcz%2F8kUfuPERV15cW59TTMf6V51WkNfspPp%2BC9IUjtO3c1KlnqX2ROw%2B9pImBonNSNoPfw%2BWAhZtsnom0g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Speculation-Rules: "/cdn-cgi/speculation" Server: cloudflare CF-RAY: 8ca9d72c0b708cbf-EWR
2024-09-29 06:15:45 UTC	741	IN	Data Raw: 31 31 32 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 112a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-29 06:15:45 UTC	1369	IN	Data Raw: 20 6c 74 20 49 45 20 39 5d 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 27 63 66 5f 73 74 79 6c 65 73 2d 69 65 2d 63 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e Data Ascii: lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMCon
2024-09-29 06:15:45 UTC	1369	IN	Data Raw: 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 20 6d 65 74 68 6f 64 3d 22 47 45 54 22 20 65 6e 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 55 6b 67 46 45 31 59 54 77 7a 45 73 6a 4a 63 50 44 6d 61 75 6f 4c 50 55 77 6d 70 53 4c 44 51 38 5f 65 30 72 72 72 32 69 61 4a 4d 2d 31 37 32 37 35 39 30 35 34 35 2d 30 2e 30 2e 31 2e 31 2d 2f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f Data Ascii: <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain"> <input type="hidden" name="atok" value="UkgFE1YTwzEsjJcPDmauoLPUwmpSLDQ8_e0rrr2iaJM-1727590545-0.0.1.1-/"> <a href="https://www.clo
2024-09-29 06:15:45 UTC	923	IN	Data Raw: 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 Data Ascii: "cf-footer-ip">8.46.123.33</span> <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloud
2024-09-29 06:15:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49714	172.66.47.104	443	572	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:15:46 UTC	597	OUT	GET /cdn-cgi/styles/cf.errors.css HTTP/1.1 Host: fitur-terbaru-dana-2024-s.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://fitur-terbaru-dana-2024-s.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 06:15:46 UTC	411	IN	HTTP/1.1 200 OK Date: Sun, 29 Sep 2024 06:15:46 GMT Content-Type: text/css Content-Length: 24051 Connection: close Last-Modified: Thu, 26 Sep 2024 09:13:11 GMT ETag: "66f525a7-5df3" Server: cloudflare CF-RAY: 8ca9d735fcf96a57-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Sun, 29 Sep 2024 08:15:46 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-09-29 06:15:46 UTC	958	IN	Data Raw: 23 63 66 2d 77 72 61 70 70 65 72 20 61 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 62 62 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 72 74 69 63 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 73 69 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 69 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 6e 76 61 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 70 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 65 6e 74 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 69 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 6f 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 64 64 2c 23 63 66 2d 77 72 61 70 70 Data Ascii: #cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapp
2024-09-29 06:15:46 UTC	1369	IN	Data Raw: 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 6d 6d 61 72 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 61 62 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 66 6f 6f 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 65 61 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 6c 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f Data Ascii: e,#cf-wrapper strong,#cf-wrapper sub,#cf-wrapper summary,#cf-wrapper sup,#cf-wrapper table,#cf-wrapper tbody,#cf-wrapper td,#cf-wrapper tfoot,#cf-wrapper th,#cf-wrapper thead,#cf-wrapper tr,#cf-wrapper tt,#cf-wrapper u,#cf-wrapper ul{margin:0;padding:0;bo
2024-09-29 06:15:46 UTC	1369	IN	Data Raw: 31 2e 35 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 36 2c 31 33 39 2c 33 31 2c 2e 33 29 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 73 65 63 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 63 74 69 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 65 6d Data Ascii: 1.5!important;text-decoration:none!important;letter-spacing:normal;-webkit-tap-highlight-color:rgba(246,139,31,.3);-webkit-font-smoothing:antialiased}#cf-wrapper .cf-section,#cf-wrapper section{background:0 0;display:block;margin-bottom:2em;margin-top:2em
2024-09-29 06:15:46 UTC	1369	IN	Data Raw: 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 74 77 6f 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 32 2e 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 32 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 Data Ascii: ld(2n),#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.four>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.two>.cf-column:nth-child(2n){padding-left:22.5px;padding-right:0}#cf-wrapper .cf-columns.cols-2>.cf-column:nth-chi
2024-09-29 06:15:46 UTC	1369	IN	Data Raw: 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 6f 64 64 29 7b 63 6c 65 61 72 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 34 6e 2b 31 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 Data Ascii: ),#cf-wrapper .cf-columns.four>.cf-column:nth-child(odd){clear:none}#cf-wrapper .cf-columns.cols-4>.cf-column:first-child,#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(4n+1),#cf-wrapper .cf-columns.four>.cf-column:first-child,#cf-wrapper .cf-columns
2024-09-29 06:15:46 UTC	1369	IN	Data Raw: 30 3b 70 61 64 64 69 6e 67 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 33 7d 23 63 66 2d 77 72 61 70 70 65 Data Ascii: 0;padding:0}#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3{font-weight:400}#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper strong{font-weight:600}#cf-wrapper h1{font-size:36px;line-height:1.2}#cf-wrapper h2{font-size:30px;line-height:1.3}#cf-wrappe
2024-09-29 06:15:46 UTC	1369	IN	Data Raw: 68 32 2b 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 6f 6c 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 65 6d 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 3b 63 6f 6c Data Ascii: h2+h4,#cf-wrapper h2+h5,#cf-wrapper h2+h6,#cf-wrapper h3+h5,#cf-wrapper h3+h6,#cf-wrapper h3+p,#cf-wrapper h4+p,#cf-wrapper h5+ol,#cf-wrapper h5+p,#cf-wrapper h5+ul{margin-top:.5em}#cf-wrapper .cf-btn{background-color:transparent;border:1px solid #999;col
2024-09-29 06:15:46 UTC	1369	IN	Data Raw: 3a 23 36 32 61 31 64 38 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 31 36 33 39 35 39 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 64 32 34 32 36 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 68 6f 76 65 72 2c 23 Data Ascii: :#62a1d8;border:1px solid #163959;color:#fff}#cf-wrapper .cf-btn-danger,#cf-wrapper .cf-btn-error,#cf-wrapper .cf-btn-important{background-color:#bd2426;border-color:transparent;color:#fff}#cf-wrapper .cf-btn-danger:hover,#cf-wrapper .cf-btn-error:hover,#
2024-09-29 06:15:46 UTC	1369	IN	Data Raw: 61 63 65 3a 6e 6f 77 72 61 70 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 65 78 74 61 72 65 61 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 34 30 34 30 34 30 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 36 36 36 37 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 34 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e Data Ascii: ace:nowrap}#cf-wrapper input,#cf-wrapper select,#cf-wrapper textarea{background:#fff!important;border:1px solid #999!important;color:#404040!important;font-size:.86667em!important;line-height:1.24!important;margin:0 0 1em!important;max-width:100%!importan
2024-09-29 06:15:46 UTC	1369	IN	Data Raw: 3a 23 34 30 34 30 34 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 3a 37 2e 35 70 78 20 31 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 3a 65 6d 70 74 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 20 2e 63 66 2d 63 6c 6f 73 65 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 2e 37 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 70 61 64 64 69 6e Data Ascii: :#404040;font-size:13px;padding:7.5px 15px;position:relative;vertical-align:middle;border-radius:2px}#cf-wrapper .cf-alert:empty{display:none}#cf-wrapper .cf-alert .cf-close{border:1px solid transparent;color:inherit;font-size:18.75px;line-height:1;paddin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49715	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:15:48 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 06:15:48 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=124154 Date: Sun, 29 Sep 2024 06:15:48 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49718	172.66.47.104	443	572	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:15:48 UTC	689	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: fitur-terbaru-dana-2024-s.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://fitur-terbaru-dana-2024-s.pages.dev/cdn-cgi/styles/cf.errors.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 06:15:48 UTC	409	IN	HTTP/1.1 200 OK Date: Sun, 29 Sep 2024 06:15:48 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Thu, 26 Sep 2024 09:13:11 GMT ETag: "66f525a7-1c4" Server: cloudflare CF-RAY: 8ca9d7401ae78cd4-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Sun, 29 Sep 2024 08:15:48 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-09-29 06:15:48 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49720	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:15:48 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 06:15:49 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=124183 Date: Sun, 29 Sep 2024 06:15:49 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-29 06:15:49 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49723	172.66.47.104	443	572	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:15:49 UTC	626	OUT	GET /favicon.ico HTTP/1.1 Host: fitur-terbaru-dana-2024-s.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://fitur-terbaru-dana-2024-s.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 06:15:50 UTC	761	IN	HTTP/1.1 200 OK Date: Sun, 29 Sep 2024 06:15:50 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=0, must-revalidate referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fvOyW%2FQDjuVyaaeQoCI5MbQgc8qGd4xCrqjZvz0ekK40jdI0HGypo2gDUIfPPwB%2BMQFQv969WtBlhWE0oBav5s4ZqdyL5QYijX%2BBemmE9Y6n1Wj7HaqK7vOlnOV%2B0ZTuIGXMLkvHg1uDy%2FcXW4SRmWwTmLOmIQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Speculation-Rules: "/cdn-cgi/speculation" Server: cloudflare CF-RAY: 8ca9d7498a6017b1-EWR
2024-09-29 06:15:50 UTC	1369	IN	Data Raw: 37 65 66 30 0d 0a 3c 68 74 6d 6c 20 50 65 72 6d 69 73 73 69 6f 6e 73 2d 50 6f 6c 69 63 79 3a 20 61 75 74 6f 70 6c 61 79 3d 28 73 65 6c 66 20 22 64 61 6e 61 2e 6d 70 34 22 29 0a 3e 0a 3c 68 65 61 64 3e 0a 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 31 38 45 45 41 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 Data Ascii: 7ef0<html Permissions-Policy: autoplay=(self "dana.mp4")><head><meta charset="UTF-8"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="theme-color" content="#118EEA"> <meta name="viewport" content="width=device-w
2024-09-29 06:15:50 UTC	1369	IN	Data Raw: 62 31 4e 46 38 6f 61 65 70 39 35 77 48 58 5f 6a 39 46 79 46 7a 76 7a 30 74 4e 68 43 6f 77 76 42 6e 46 79 72 61 55 5f 66 4f 6b 53 65 68 71 55 74 62 4d 62 76 67 36 66 73 30 35 64 4a 79 4a 63 50 6b 2f 73 35 38 30 2f 41 64 64 54 65 78 74 5f 30 34 2d 32 34 2d 30 33 2e 31 39 2e 33 38 2e 6a 70 67 22 3e 0a 0a 20 20 3c 21 2d 2d 20 54 77 69 74 74 65 72 20 4d 65 74 61 20 54 61 67 73 20 2d 2d 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 77 69 74 74 65 72 3a 63 61 72 64 22 20 63 6f 6e 74 65 6e 74 3d 22 73 75 6d 6d 61 72 79 5f 6c 61 72 67 65 5f 69 6d 61 67 65 22 3e 0a 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 64 6f 6d 61 69 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 61 6e 61 2e 69 64 22 3e 0a 20 Data Ascii: b1NF8oaep95wHX_j9FyFzvz0tNhCowvBnFyraU_fOkSehqUtbMbvg6fs05dJyJcPk/s580/AddText_04-24-03.19.38.jpg"> ... Twitter Meta Tags --> <meta name="twitter:card" content="summary_large_image"> <meta property="twitter:domain" content="https://www.dana.id">
2024-09-29 06:15:50 UTC	1369	IN	Data Raw: 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 61 6e 61 2e 69 64 2f 22 20 2f 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 48 61 69 20 54 65 6d 61 6e 44 41 4e 41 2c 20 4a 69 6b 61 20 6d 65 6d 62 75 74 75 68 6b 61 6e 20 62 61 6e 74 75 61 6e 20 79 75 6b 20 68 75 62 75 6e 67 69 20 6b 61 6d 69 20 6c 61 6e 67 73 75 6e 67 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 48 61 69 20 54 65 6d 61 6e 44 41 4e 41 2c 20 4a 69 6b 61 20 6d 65 6d 62 75 74 75 68 6b 61 6e 20 62 61 6e 74 75 61 6e 20 79 75 6b 20 68 75 62 75 6e 67 69 20 6b 61 6d 69 20 6c 61 6e 67 73 75 6e 67 22 3e 0a 20 Data Ascii: tent="https://www.dana.id/" /><meta property="og:description" content="Hai TemanDANA, Jika membutuhkan bantuan yuk hubungi kami langsung"><meta property="twitter:description" content="Hai TemanDANA, Jika membutuhkan bantuan yuk hubungi kami langsung">
2024-09-29 06:15:50 UTC	1369	IN	Data Raw: 6e 69 63 6f 6e 73 40 37 2e 31 2e 30 2f 64 69 73 74 2f 69 6f 6e 69 63 6f 6e 73 2f 69 6f 6e 69 63 6f 6e 73 2e 65 73 6d 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6d 6f 64 75 6c 65 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 75 6e 70 6b 67 2e 63 6f 6d 2f 69 6f 6e 69 63 6f 6e 73 40 37 2e 31 2e 30 2f 64 69 73 74 2f 69 6f 6e 69 63 6f 6e 73 2f 69 6f 6e 69 63 6f 6e 73 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 73 74 79 6c 65 3e 0a 40 69 6d 70 6f 72 74 20 75 72 6c 28 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 4e 75 6e 69 74 6f 3a 77 67 68 74 40 38 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 27 29 3b 0a 7d 0a 2a 20 7b 0a 20 Data Ascii: nicons@7.1.0/dist/ionicons/ionicons.esm.js"></script><script nomodule src="https://unpkg.com/ionicons@7.1.0/dist/ionicons/ionicons.js"></script></head><style>@import url('https://fonts.googleapis.com/css2?family=Nunito:wght@800&display=swap');}* {
2024-09-29 06:15:50 UTC	1369	IN	Data Raw: 65 69 67 68 74 3a 20 36 30 30 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 35 72 65 6d 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 35 76 68 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 31 64 36 36 61 62 3b 0a 7d 0a 2e 74 78 61 6c 78 63 6f 6d 65 20 73 70 61 6e 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 38 30 25 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 7d 0a 2e 62 74 61 6c 78 63 6f 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 30 25 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 32 30 76 68 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 20 20 20 20 66 6c 65 78 2d 77 72 61 70 3a 20 Data Ascii: eight: 600; font-size: 1.5rem; margin-bottom: 5vh; color: #1d66ab;}.txalxcome span { width: 80%; font-size: 18px;}.btalxcome { width: 90%; height: 20vh; display: flex; flex-direction: column; flex-wrap:
2024-09-29 06:15:50 UTC	1369	IN	Data Raw: 30 25 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 30 70 78 3b 0a 20 20 20 20 74 6f 70 3a 20 30 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 35 30 70 78 3b 0a 7d 0a 2e 63 68 61 6c 78 66 72 6d 20 70 20 7b 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 39 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 36 30 30 3b 0a 20 20 20 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 70 78 3b 0a 20 20 20 20 74 6f 70 3a 20 31 31 76 68 3b 0a 7d 0a 2e 63 68 61 6c 78 66 72 6d 20 69 Data Ascii: 0%; border-radius: 0px; top: 0; height: 100%; border: none; margin-top:-50px;}.chalxfrm p { position: absolute; color: #fff; font-size: 19px; font-weight: 600; letter-spacing: 1px; top: 11vh;}.chalxfrm i
2024-09-29 06:15:50 UTC	1369	IN	Data Raw: 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 2e 35 76 68 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 7d 0a 2e 62 74 6e 61 6c 78 66 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 76 68 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 72 6f 77 3b 0a 20 20 20 20 66 6c 65 78 2d 77 72 61 70 3a 20 6e 6f 77 72 61 70 3b 0a 20 20 20 20 61 6c 69 67 6e 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 Data Ascii: : block; margin-top: 2.5vh; font-size: 14px; cursor: pointer;}.btnalxfrm { height: 10vh; display: flex; flex-direction: row; flex-wrap: nowrap; align-content: center; justify-content: center; align-items: cent
2024-09-29 06:15:50 UTC	1369	IN	Data Raw: 3a 20 63 6f 6c 75 6d 6e 3b 0a 20 20 20 20 66 6c 65 78 2d 77 72 61 70 3a 20 6e 6f 77 72 61 70 3b 0a 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 76 77 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 2e 68 64 72 61 6c 78 70 6e 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 35 76 68 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 72 6f 77 3b 0a 20 20 20 20 66 6c 65 78 2d 77 72 61 70 3a 20 6e 6f 77 72 61 70 3b 0a 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 Data Ascii: : column; flex-wrap: nowrap; align-items: center; width: 100vw; height: 100vh; color: white;}.hdralxpn { width: 100%; height: 5vh; display: flex; flex-direction: row; flex-wrap: nowrap; align-items: center
2024-09-29 06:15:50 UTC	1369	IN	Data Raw: 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 6f 75 74 6c 69 6e 65 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 69 6e 68 65 72 69 74 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 76 77 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 20 72 65 Data Ascii: color: #fff; border: none; outline: none; font-family: inherit; background: transparent; font-size: 24px; letter-spacing: 10vw; width: 100%; overflow: hidden; float: left; text-align: left; text-overflow: re
2024-09-29 06:15:50 UTC	1369	IN	Data Raw: 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 69 6e 68 65 72 69 74 3b 0a 20 20 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 20 20 20 20 6f 75 74 6c 69 6e 65 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 70 78 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 32 30 25 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 36 76 68 3b 0a 7d 0a 73 6d 61 6c 78 73 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 76 77 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 32 66 32 66 32 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 72 Data Ascii: font-family: inherit; cursor: pointer; outline: none; border: none; font-size: 25px; width: 20%; height: 6vh;}smalxs { height: 100vh; width: 100vw; background: #f2f2f2; display: flex; flex-direction: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49724	172.66.44.152	443	572	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:15:49 UTC	405	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: fitur-terbaru-dana-2024-s.pages.dev Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 06:15:50 UTC	409	IN	HTTP/1.1 200 OK Date: Sun, 29 Sep 2024 06:15:50 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Thu, 26 Sep 2024 09:13:11 GMT ETag: "66f525a7-1c4" Server: cloudflare CF-RAY: 8ca9d74989fec337-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Sun, 29 Sep 2024 08:15:50 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-09-29 06:15:50 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49726	172.66.44.152	443	572	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:15:51 UTC	370	OUT	GET /favicon.ico HTTP/1.1 Host: fitur-terbaru-dana-2024-s.pages.dev Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 06:15:52 UTC	765	IN	HTTP/1.1 200 OK Date: Sun, 29 Sep 2024 06:15:52 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=0, must-revalidate referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C%2FYF8%2Fu%2BW6e4sXNNrdowjvDPC2FvuPwSEddCKtO%2FIIubZ9W1poabSM3K%2BQabcrX6JBFfUEmZs0PKRqee7IoWFZFGpFi9CuSX9eI0G%2BaBqYiCg54xIbVbv4rnU00TwNruwSwJVNX3AtoanI6FCRrrNJV%2FDOHzLA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Speculation-Rules: "/cdn-cgi/speculation" Server: cloudflare CF-RAY: 8ca9d755dd54435b-EWR
2024-09-29 06:15:52 UTC	1369	IN	Data Raw: 37 65 66 30 0d 0a 3c 68 74 6d 6c 20 50 65 72 6d 69 73 73 69 6f 6e 73 2d 50 6f 6c 69 63 79 3a 20 61 75 74 6f 70 6c 61 79 3d 28 73 65 6c 66 20 22 64 61 6e 61 2e 6d 70 34 22 29 0a 3e 0a 3c 68 65 61 64 3e 0a 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 31 38 45 45 41 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 Data Ascii: 7ef0<html Permissions-Policy: autoplay=(self "dana.mp4")><head><meta charset="UTF-8"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="theme-color" content="#118EEA"> <meta name="viewport" content="width=device-w
2024-09-29 06:15:52 UTC	1369	IN	Data Raw: 62 31 4e 46 38 6f 61 65 70 39 35 77 48 58 5f 6a 39 46 79 46 7a 76 7a 30 74 4e 68 43 6f 77 76 42 6e 46 79 72 61 55 5f 66 4f 6b 53 65 68 71 55 74 62 4d 62 76 67 36 66 73 30 35 64 4a 79 4a 63 50 6b 2f 73 35 38 30 2f 41 64 64 54 65 78 74 5f 30 34 2d 32 34 2d 30 33 2e 31 39 2e 33 38 2e 6a 70 67 22 3e 0a 0a 20 20 3c 21 2d 2d 20 54 77 69 74 74 65 72 20 4d 65 74 61 20 54 61 67 73 20 2d 2d 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 77 69 74 74 65 72 3a 63 61 72 64 22 20 63 6f 6e 74 65 6e 74 3d 22 73 75 6d 6d 61 72 79 5f 6c 61 72 67 65 5f 69 6d 61 67 65 22 3e 0a 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 64 6f 6d 61 69 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 61 6e 61 2e 69 64 22 3e 0a 20 Data Ascii: b1NF8oaep95wHX_j9FyFzvz0tNhCowvBnFyraU_fOkSehqUtbMbvg6fs05dJyJcPk/s580/AddText_04-24-03.19.38.jpg"> ... Twitter Meta Tags --> <meta name="twitter:card" content="summary_large_image"> <meta property="twitter:domain" content="https://www.dana.id">
2024-09-29 06:15:52 UTC	1369	IN	Data Raw: 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 61 6e 61 2e 69 64 2f 22 20 2f 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 48 61 69 20 54 65 6d 61 6e 44 41 4e 41 2c 20 4a 69 6b 61 20 6d 65 6d 62 75 74 75 68 6b 61 6e 20 62 61 6e 74 75 61 6e 20 79 75 6b 20 68 75 62 75 6e 67 69 20 6b 61 6d 69 20 6c 61 6e 67 73 75 6e 67 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 48 61 69 20 54 65 6d 61 6e 44 41 4e 41 2c 20 4a 69 6b 61 20 6d 65 6d 62 75 74 75 68 6b 61 6e 20 62 61 6e 74 75 61 6e 20 79 75 6b 20 68 75 62 75 6e 67 69 20 6b 61 6d 69 20 6c 61 6e 67 73 75 6e 67 22 3e 0a 20 Data Ascii: tent="https://www.dana.id/" /><meta property="og:description" content="Hai TemanDANA, Jika membutuhkan bantuan yuk hubungi kami langsung"><meta property="twitter:description" content="Hai TemanDANA, Jika membutuhkan bantuan yuk hubungi kami langsung">
2024-09-29 06:15:52 UTC	1369	IN	Data Raw: 6e 69 63 6f 6e 73 40 37 2e 31 2e 30 2f 64 69 73 74 2f 69 6f 6e 69 63 6f 6e 73 2f 69 6f 6e 69 63 6f 6e 73 2e 65 73 6d 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6d 6f 64 75 6c 65 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 75 6e 70 6b 67 2e 63 6f 6d 2f 69 6f 6e 69 63 6f 6e 73 40 37 2e 31 2e 30 2f 64 69 73 74 2f 69 6f 6e 69 63 6f 6e 73 2f 69 6f 6e 69 63 6f 6e 73 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 73 74 79 6c 65 3e 0a 40 69 6d 70 6f 72 74 20 75 72 6c 28 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 4e 75 6e 69 74 6f 3a 77 67 68 74 40 38 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 27 29 3b 0a 7d 0a 2a 20 7b 0a 20 Data Ascii: nicons@7.1.0/dist/ionicons/ionicons.esm.js"></script><script nomodule src="https://unpkg.com/ionicons@7.1.0/dist/ionicons/ionicons.js"></script></head><style>@import url('https://fonts.googleapis.com/css2?family=Nunito:wght@800&display=swap');}* {
2024-09-29 06:15:52 UTC	1369	IN	Data Raw: 65 69 67 68 74 3a 20 36 30 30 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 35 72 65 6d 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 35 76 68 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 31 64 36 36 61 62 3b 0a 7d 0a 2e 74 78 61 6c 78 63 6f 6d 65 20 73 70 61 6e 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 38 30 25 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 7d 0a 2e 62 74 61 6c 78 63 6f 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 30 25 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 32 30 76 68 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 20 20 20 20 66 6c 65 78 2d 77 72 61 70 3a 20 Data Ascii: eight: 600; font-size: 1.5rem; margin-bottom: 5vh; color: #1d66ab;}.txalxcome span { width: 80%; font-size: 18px;}.btalxcome { width: 90%; height: 20vh; display: flex; flex-direction: column; flex-wrap:
2024-09-29 06:15:52 UTC	1369	IN	Data Raw: 30 25 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 30 70 78 3b 0a 20 20 20 20 74 6f 70 3a 20 30 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 35 30 70 78 3b 0a 7d 0a 2e 63 68 61 6c 78 66 72 6d 20 70 20 7b 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 39 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 36 30 30 3b 0a 20 20 20 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 70 78 3b 0a 20 20 20 20 74 6f 70 3a 20 31 31 76 68 3b 0a 7d 0a 2e 63 68 61 6c 78 66 72 6d 20 69 Data Ascii: 0%; border-radius: 0px; top: 0; height: 100%; border: none; margin-top:-50px;}.chalxfrm p { position: absolute; color: #fff; font-size: 19px; font-weight: 600; letter-spacing: 1px; top: 11vh;}.chalxfrm i
2024-09-29 06:15:52 UTC	1369	IN	Data Raw: 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 2e 35 76 68 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 7d 0a 2e 62 74 6e 61 6c 78 66 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 76 68 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 72 6f 77 3b 0a 20 20 20 20 66 6c 65 78 2d 77 72 61 70 3a 20 6e 6f 77 72 61 70 3b 0a 20 20 20 20 61 6c 69 67 6e 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 Data Ascii: : block; margin-top: 2.5vh; font-size: 14px; cursor: pointer;}.btnalxfrm { height: 10vh; display: flex; flex-direction: row; flex-wrap: nowrap; align-content: center; justify-content: center; align-items: cent
2024-09-29 06:15:52 UTC	1369	IN	Data Raw: 3a 20 63 6f 6c 75 6d 6e 3b 0a 20 20 20 20 66 6c 65 78 2d 77 72 61 70 3a 20 6e 6f 77 72 61 70 3b 0a 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 76 77 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 2e 68 64 72 61 6c 78 70 6e 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 35 76 68 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 72 6f 77 3b 0a 20 20 20 20 66 6c 65 78 2d 77 72 61 70 3a 20 6e 6f 77 72 61 70 3b 0a 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 Data Ascii: : column; flex-wrap: nowrap; align-items: center; width: 100vw; height: 100vh; color: white;}.hdralxpn { width: 100%; height: 5vh; display: flex; flex-direction: row; flex-wrap: nowrap; align-items: center
2024-09-29 06:15:52 UTC	1369	IN	Data Raw: 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 6f 75 74 6c 69 6e 65 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 69 6e 68 65 72 69 74 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 76 77 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 20 72 65 Data Ascii: color: #fff; border: none; outline: none; font-family: inherit; background: transparent; font-size: 24px; letter-spacing: 10vw; width: 100%; overflow: hidden; float: left; text-align: left; text-overflow: re
2024-09-29 06:15:52 UTC	1369	IN	Data Raw: 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 69 6e 68 65 72 69 74 3b 0a 20 20 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 20 20 20 20 6f 75 74 6c 69 6e 65 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 70 78 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 32 30 25 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 36 76 68 3b 0a 7d 0a 73 6d 61 6c 78 73 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 76 77 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 32 66 32 66 32 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 72 Data Ascii: font-family: inherit; cursor: pointer; outline: none; border: none; font-size: 25px; width: 20%; height: 6vh;}smalxs { height: 100vh; width: 100vw; background: #f2f2f2; display: flex; flex-direction: r

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2972, Parent PID: 5400

General

Target ID:	0
Start time:	02:15:37
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 572, Parent PID: 2972

General

Target ID:	2
Start time:	02:15:41
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2016,i,1318543053693719760,17697591281558663939,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6388, Parent PID: 5400

General

Target ID:	3
Start time:	02:15:43
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://fitur-terbaru-dana-2024-s.pages.dev/"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://fitur-terbaru-dana-2024-s.pages.dev/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

Windows Analysis Report
http://fitur-terbaru-dana-2024-s.pages.dev/