Windows Analysis Report
https://free.putrivpn.biz.id/

Overview

General Information

Sample URL:	https://free.putrivpn.biz.id/
Analysis ID:	1447757
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: https://free.putrivpn.biz.id/

Virustotal: Detection: 13%

Perma Link

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.4:65331 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.34
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.34
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.34
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.34
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: free.putrivpn.biz.idConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/font-roboto.css?1 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://free.putrivpn.biz.id/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/bootstrap.min.css?3 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://free.putrivpn.biz.id/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/telegram.css?237 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://free.putrivpn.biz.id/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/tgwallpaper.min.js?3 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://free.putrivpn.biz.id/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /file/RZNnw0_ix5MuE25XTDryFe2zD8tEcK0Uikpfz5B8ecuF-D-un9OHrfHAxjwtQdlV15D45FAAws6Cn5tM2rbfpapI3XiDX4we1FfLqd0DqVFLnIOrZd5ASBmGe1FWpC8_sr_jqbo5z89OZbOaG-PWOn0iuqheGJDq_xIXrI2QBWo3MqA27LobX_d8G5SNm8eURnw38JJi02QkV6SGVtkbe7IJoixGc_yxsfwiTaPXZuVxES3rEp3VWD4LQHffhFz6s4hvkT_9SgzMSJBfCumfuV34Mt7zpeliMF9ZIng5IYk8u_ADZ2sesM0bEPrlDsg_crHFPmQmibCz6_MzpSjhyg.jpg HTTP/1.1Host: cdn5.cdn-telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://free.putrivpn.biz.id/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /file/RZNnw0_ix5MuE25XTDryFe2zD8tEcK0Uikpfz5B8ecuF-D-un9OHrfHAxjwtQdlV15D45FAAws6Cn5tM2rbfpapI3XiDX4we1FfLqd0DqVFLnIOrZd5ASBmGe1FWpC8_sr_jqbo5z89OZbOaG-PWOn0iuqheGJDq_xIXrI2QBWo3MqA27LobX_d8G5SNm8eURnw38JJi02QkV6SGVtkbe7IJoixGc_yxsfwiTaPXZuVxES3rEp3VWD4LQHffhFz6s4hvkT_9SgzMSJBfCumfuV34Mt7zpeliMF9ZIng5IYk8u_ADZ2sesM0bEPrlDsg_crHFPmQmibCz6_MzpSjhyg.jpg HTTP/1.1Host: cdn5.cdn-telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/bootstrap.min.css?3 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /css/telegram.css?237 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /js/main.js?47 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/400780400283/2/u3yTafRoh-g.259708/f2ec7d02b0bf09876e HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/400780400906/1/nG_ME-jFfII.256820/2569601ad1ecf4c3c2 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001897/3/f0Go0rLpEwk.11343.png/dd4eeb46cc5efc0688 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001737/4/Fn57W9l3xI0.15286.png/d4b936ecc2c939f4fa HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001560/2/n7EACfx4FPY.16465.png/7318c11715aa2ec45b HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /js/tgsticker.js?31 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/SiteDesktop.jpg?2 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/css/telegram.css?237Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/SiteiOS.jpg?2 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/css/telegram.css?237Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/400780400283/2/u3yTafRoh-g.259708/f2ec7d02b0bf09876e HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/400780400906/1/nG_ME-jFfII.256820/2569601ad1ecf4c3c2 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/SiteAndroid.jpg?2 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/css/telegram.css?237Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001897/3/f0Go0rLpEwk.11343.png/dd4eeb46cc5efc0688 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/SiteIconAndroid.svg HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/css/telegram.css?237Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/SiteIconApple.svg HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/css/telegram.css?237Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001737/4/Fn57W9l3xI0.15286.png/d4b936ecc2c939f4fa HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/twitter.png HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/css/telegram.css?237Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /js/tgsticker-worker.js?14 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001132/3/-1qvqKPZsQQ.17975.png/7d57d7159cf4fbe9b2 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001560/2/n7EACfx4FPY.16465.png/7318c11715aa2ec45b HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /js/rlottie-wasm.js HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://telegram.org/js/tgsticker-worker.js?14Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001828/11e9a/1yY7a721t4o.30567.png/e113973dae2bee508b HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001880/3/xOpm7ohoHQ0.12690.png/feb1e161b1d3608613 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001453/3/mNzXWC3RX0c.15740.png/9ce5fa5f3fb74460b4 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001402/5/eOMSj3GzJXo.13579.png/f3cec6c451d023c109 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001166/2/FzTl8_M5mQA.19325.png/b6c5dbc0e4f6553805 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/SiteiOS.jpg?2 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/SiteIconAndroid.svg HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/SiteIconApple.svg HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/SiteAndroid.jpg?2 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/twitter.png HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /js/pako-inflate.min.js HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://telegram.org/js/tgsticker-worker.js?14Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /js/rlottie-wasm.wasm HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://telegram.org/js/tgsticker-worker.js?14Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/t_logo_sprite.svg HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001132/3/-1qvqKPZsQQ.17975.png/7d57d7159cf4fbe9b2 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001880/3/xOpm7ohoHQ0.12690.png/feb1e161b1d3608613 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001453/3/mNzXWC3RX0c.15740.png/9ce5fa5f3fb74460b4 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001828/11e9a/1yY7a721t4o.30567.png/e113973dae2bee508b HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/t_main_Android_demo.mp4 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://telegram.org/Accept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446Range: bytes=0-
Source: global traffic	HTTP traffic detected: GET /file/464001402/5/eOMSj3GzJXo.13579.png/f3cec6c451d023c109 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001493/2/hV6uPcaHk_E.17388/dcccb066a7b4fe44ee HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://telegram.org/js/tgsticker-worker.js?14Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001166/2/FzTl8_M5mQA.19325.png/b6c5dbc0e4f6553805 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/t_logo_sprite.svg HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001812/2/kLAK2TPyvUU.12545/f68c1caf735a2ea3db HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://telegram.org/js/tgsticker-worker.js?14Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001484/1/bzi7gr7XRGU.10147/815df2ef527132dd23 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://telegram.org/js/tgsticker-worker.js?14Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001828/11e99/2FUYW30UXAI.12708/7604effa1e02ddf7f9 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://telegram.org/js/tgsticker-worker.js?14Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001166/1/01aTJ2ISKeU.21801/24028c7b6d07639794 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://telegram.org/js/tgsticker-worker.js?14Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001418/1/fabnJFzygPY.17422/bc9dec9fd8bd26e00e HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://telegram.org/js/tgsticker-worker.js?14Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001880/2/VGTLBN3QuYM.10959/8940838e7dddc787d8 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://telegram.org/js/tgsticker-worker.js?14Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /js/rlottie-wasm.wasm HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001493/2/hV6uPcaHk_E.17388/dcccb066a7b4fe44ee HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001560/1/zLlKYgeDLoA.14496/62085b07461f2d87e4 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://telegram.org/js/tgsticker-worker.js?14Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001453/2/eW_MzRhUGoM.10926/fe1f3bc3dd08367c0a HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://telegram.org/js/tgsticker-worker.js?14Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/t_main_iOS_demo.mp4 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://telegram.org/Accept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446Range: bytes=0-
Source: global traffic	HTTP traffic detected: GET /file/464001812/2/kLAK2TPyvUU.12545/f68c1caf735a2ea3db HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001484/1/bzi7gr7XRGU.10147/815df2ef527132dd23 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001828/11e99/2FUYW30UXAI.12708/7604effa1e02ddf7f9 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/t_main_Android_demo.mp4 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://telegram.org/Accept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446Range: bytes=229376-250837If-Range: "5eb6fd6e-3d3d6"
Source: global traffic	HTTP traffic detected: GET /file/464001166/1/01aTJ2ISKeU.21801/24028c7b6d07639794 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/t_main_iOS_demo.mp4 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://telegram.org/Accept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446Range: bytes=229376-244747If-Range: "5eb6fd6e-3bc0c"
Source: global traffic	HTTP traffic detected: GET /file/464001418/1/fabnJFzygPY.17422/bc9dec9fd8bd26e00e HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001880/2/VGTLBN3QuYM.10959/8940838e7dddc787d8 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001560/1/zLlKYgeDLoA.14496/62085b07461f2d87e4 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/favicon.ico HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/t_main_Android_demo.mp4 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://telegram.org/Accept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446Range: bytes=48128-229375If-Range: "5eb6fd6e-3d3d6"
Source: global traffic	HTTP traffic detected: GET /img/t_main_iOS_demo.mp4 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://telegram.org/Accept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446Range: bytes=48128-229375If-Range: "5eb6fd6e-3bc0c"
Source: global traffic	HTTP traffic detected: GET /file/464001453/2/eW_MzRhUGoM.10926/fe1f3bc3dd08367c0a HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /dl?tme=0026cad0692b4121a0_143055121966919640 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: desktop.telegram.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/bootstrap.min.css?3 HTTP/1.1Host: desktop.telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://desktop.telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=927d752330185bfea8_6862749389111371992
Source: global traffic	HTTP traffic detected: GET /css/telegram.css?237 HTTP/1.1Host: desktop.telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://desktop.telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=927d752330185bfea8_6862749389111371992
Source: global traffic	HTTP traffic detected: GET /js/main.js?47 HTTP/1.1Host: desktop.telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://desktop.telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=927d752330185bfea8_6862749389111371992
Source: global traffic	HTTP traffic detected: GET /img/twitter.png HTTP/1.1Host: desktop.telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://desktop.telegram.org/css/telegram.css?237Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=927d752330185bfea8_6862749389111371992
Source: global traffic	HTTP traffic detected: GET /img/td_laptop.png HTTP/1.1Host: desktop.telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://desktop.telegram.org/css/telegram.css?237Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=927d752330185bfea8_6862749389111371992
Source: global traffic	HTTP traffic detected: GET /img/twitter.png HTTP/1.1Host: desktop.telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=927d752330185bfea8_6862749389111371992
Source: global traffic	HTTP traffic detected: GET /img/favicon.ico HTTP/1.1Host: desktop.telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://desktop.telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=927d752330185bfea8_6862749389111371992
Source: global traffic	HTTP traffic detected: GET /img/td_laptop.png HTTP/1.1Host: desktop.telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=927d752330185bfea8_6862749389111371992
Source: global traffic	HTTP traffic detected: GET /img/favicon.ico HTTP/1.1Host: desktop.telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=927d752330185bfea8_6862749389111371992

Source: global traffic	DNS traffic detected: DNS query: free.putrivpn.biz.id
Source: global traffic	DNS traffic detected: DNS query: telegram.org
Source: global traffic	DNS traffic detected: DNS query: cdn5.cdn-telegram.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: desktop.telegram.org

Source: chromecache_139.2.dr, chromecache_124.2.dr, chromecache_103.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: chromecache_139.2.dr, chromecache_124.2.dr, chromecache_103.2.dr	String found in binary or memory: http://getbootstrap.com/customize/?id=92d2ac1b31978642b6b6)
Source: chromecache_101.2.dr, chromecache_118.2.dr	String found in binary or memory: http://www.videolan.org/x264.html
Source: sets.json.0.dr	String found in binary or memory: https://abczdrowie.pl
Source: sets.json.0.dr	String found in binary or memory: https://alice.tw
Source: sets.json.0.dr	String found in binary or memory: https://autobild.de
Source: sets.json.0.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.0.dr	String found in binary or memory: https://bild.de
Source: sets.json.0.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.0.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.0.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.0.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.0.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.0.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.0.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.0.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.0.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.0.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.0.dr	String found in binary or memory: https://cardsayings.net
Source: sets.json.0.dr	String found in binary or memory: https://chennien.com
Source: sets.json.0.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.0.dr	String found in binary or memory: https://clmbtech.com
Source: sets.json.0.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://cmxd.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.0.dr	String found in binary or memory: https://computerbild.de
Source: sets.json.0.dr	String found in binary or memory: https://cookreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.0.dr	String found in binary or memory: https://desimartini.com
Source: sets.json.0.dr	String found in binary or memory: https://dewarmsteweek.be
Source: sets.json.0.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.0.dr	String found in binary or memory: https://een.be
Source: sets.json.0.dr	String found in binary or memory: https://efront.com
Source: sets.json.0.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.0.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.0.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.0.dr	String found in binary or memory: https://ella.sv
Source: sets.json.0.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.0.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.0.dr	String found in binary or memory: https://fakt.pl
Source: sets.json.0.dr	String found in binary or memory: https://finn.no
Source: sets.json.0.dr	String found in binary or memory: https://firstlook.biz
Source: sets.json.0.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://geforcenow.com
Source: sets.json.0.dr	String found in binary or memory: https://gettalkdesk.com
Source: chromecache_139.2.dr, chromecache_124.2.dr, chromecache_103.2.dr	String found in binary or memory: https://gist.github.com/92d2ac1b31978642b6b6
Source: chromecache_109.2.dr	String found in binary or memory: https://github.com/mapbox/mapbox-gl-js/issues/8771
Source: chromecache_139.2.dr, chromecache_124.2.dr, chromecache_103.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: sets.json.0.dr	String found in binary or memory: https://gliadomain.com
Source: sets.json.0.dr	String found in binary or memory: https://grid.id
Source: sets.json.0.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.0.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.0.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.0.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://hapara.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.global
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.0.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.0.dr	String found in binary or memory: https://hearty.app
Source: sets.json.0.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.0.dr	String found in binary or memory: https://hearty.me
Source: sets.json.0.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.0.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.0.dr	String found in binary or memory: https://hj.rs
Source: sets.json.0.dr	String found in binary or memory: https://hjck.com
Source: sets.json.0.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.0.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.0.dr	String found in binary or memory: https://iolam.it
Source: sets.json.0.dr	String found in binary or memory: https://ishares.com
Source: sets.json.0.dr	String found in binary or memory: https://jagran.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.0.dr	String found in binary or memory: https://kompas.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.0.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.0.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.0.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.0.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.0.dr	String found in binary or memory: https://libero.it
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.0.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.0.dr	String found in binary or memory: https://livemint.com
Source: sets.json.0.dr	String found in binary or memory: https://max.auto
Source: sets.json.0.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.0.dr	String found in binary or memory: https://meo.pt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.0.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.0.dr	String found in binary or memory: https://money.pl
Source: sets.json.0.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://nacion.com
Source: sets.json.0.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.co
Source: sets.json.0.dr	String found in binary or memory: https://nien.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.org
Source: sets.json.0.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.0.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.0.dr	String found in binary or memory: https://nvidia.com
Source: sets.json.0.dr	String found in binary or memory: https://o2.pl
Source: sets.json.0.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.0.dr	String found in binary or memory: https://onet.pl
Source: chromecache_146.2.dr, chromecache_100.2.dr	String found in binary or memory: https://osx.telegram.org/updates/site/artboard.png)
Source: chromecache_146.2.dr, chromecache_100.2.dr	String found in binary or memory: https://osx.telegram.org/updates/site/artboard_2x.png);
Source: sets.json.0.dr	String found in binary or memory: https://ottplay.com
Source: sets.json.0.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://pdmp-apis.no
Source: sets.json.0.dr	String found in binary or memory: https://phonandroid.com
Source: sets.json.0.dr	String found in binary or memory: https://player.pl
Source: sets.json.0.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.0.dr	String found in binary or memory: https://poalim.site
Source: sets.json.0.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.0.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.0.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.0.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.0.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://radio1.be
Source: sets.json.0.dr	String found in binary or memory: https://radio2.be
Source: sets.json.0.dr	String found in binary or memory: https://reactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://repid.org
Source: sets.json.0.dr	String found in binary or memory: https://reshim.org
Source: sets.json.0.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://sackrace.ai
Source: sets.json.0.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.0.dr	String found in binary or memory: https://samayam.com
Source: sets.json.0.dr	String found in binary or memory: https://sapo.io
Source: sets.json.0.dr	String found in binary or memory: https://sapo.pt
Source: sets.json.0.dr	String found in binary or memory: https://shock.co
Source: sets.json.0.dr	String found in binary or memory: https://smoney.vn
Source: sets.json.0.dr	String found in binary or memory: https://socket-to-me.vip
Source: sets.json.0.dr	String found in binary or memory: https://songshare.com
Source: sets.json.0.dr	String found in binary or memory: https://songstats.com
Source: sets.json.0.dr	String found in binary or memory: https://sporza.be
Source: sets.json.0.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.0.dr	String found in binary or memory: https://stripe.com
Source: sets.json.0.dr	String found in binary or memory: https://stripe.network
Source: sets.json.0.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.0.dr	String found in binary or memory: https://supereva.it
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskstgid.com
Source: sets.json.0.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://technology-revealed.com
Source: chromecache_147.2.dr, chromecache_105.2.dr	String found in binary or memory: https://telegram.org/
Source: sets.json.0.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.0.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.app
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.com
Source: sets.json.0.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.0.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://tvid.in
Source: sets.json.0.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://tvn24.pl
Source: chromecache_147.2.dr, chromecache_105.2.dr	String found in binary or memory: https://twitter.com/intent/tweet?text=
Source: sets.json.0.dr	String found in binary or memory: https://unotv.com
Source: sets.json.0.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.0.dr	String found in binary or memory: https://vrt.be
Source: sets.json.0.dr	String found in binary or memory: https://vwo.com
Source: sets.json.0.dr	String found in binary or memory: https://welt.de
Source: sets.json.0.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.0.dr	String found in binary or memory: https://wildix.com
Source: sets.json.0.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.0.dr	String found in binary or memory: https://wingify.com
Source: sets.json.0.dr	String found in binary or memory: https://wordle.at
Source: sets.json.0.dr	String found in binary or memory: https://wp.pl
Source: sets.json.0.dr	String found in binary or memory: https://wpext.pl
Source: sets.json.0.dr	String found in binary or memory: https://www.asadcdn.com
Source: sets.json.0.dr	String found in binary or memory: https://ya.ru
Source: sets.json.0.dr	String found in binary or memory: https://zalo.me
Source: sets.json.0.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://zingmp3.vn

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65333
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 65333 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping8_427325990	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping8_427325990\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping8_427325990\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping8_427325990\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping8_427325990\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping8_427325990\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping8_427325990\manifest.fingerprint	Jump to behavior

Deletes files inside the Windows folder

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_8_1041871337

Jump to behavior

Source: classification engine

Classification label: mal48.win@21/134@18/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2212,i,5931843426714858406,7304963966521873370,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://free.putrivpn.biz.id/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2212,i,5931843426714858406,7304963966521873370,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
34.111.108.175	cdn5.cdn-telegram.org	United States	15169	GOOGLEUS	false
142.250.184.196	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.96.3	free.putrivpn.biz.id	European Union	13335	CLOUDFLARENETUS	false
149.154.167.99	desktop.telegram.org	United Kingdom	62041	TELEGRAMRU	false

Private

IP
192.168.2.4
192.168.2.5

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.214.172	true
desktop.telegram.org	149.154.167.99	true
telegram.org	149.154.167.99	true
free.putrivpn.biz.id	188.114.96.3	true
www.google.com	142.250.184.196	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
cdn5.cdn-telegram.org	34.111.108.175	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://telegram.org/file/464001418/1/fabnJFzygPY.17422/bc9dec9fd8bd26e00e	false	Avira URL Cloud: safe	unknown
https://telegram.org/file/464001166/1/01aTJ2ISKeU.21801/24028c7b6d07639794	false	Avira URL Cloud: safe	unknown
https://telegram.org/file/464001828/11e99/2FUYW30UXAI.12708/7604effa1e02ddf7f9	false	Avira URL Cloud: safe	unknown
https://desktop.telegram.org/	false		unknown
https://telegram.org/file/464001880/3/xOpm7ohoHQ0.12690.png/feb1e161b1d3608613	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://telegram.org/file/464001484/1/bzi7gr7XRGU.10147/815df2ef527132dd23	false	Avira URL Cloud: safe	unknown
https://telegram.org/css/bootstrap.min.css?3	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://telegram.org/img/twitter.png	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://telegram.org/img/t_main_Android_demo.mp4	false	Avira URL Cloud: safe	unknown
https://telegram.org/file/464001132/3/-1qvqKPZsQQ.17975.png/7d57d7159cf4fbe9b2	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://telegram.org/file/464001897/3/f0Go0rLpEwk.11343.png/dd4eeb46cc5efc0688	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://telegram.org/	false		unknown
https://telegram.org/img/SiteIconAndroid.svg	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping8_427325990\LICENSE	ASCII text	EE002CB9E51BB8DFA89640A406A1090A	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping8_427325990\_metadata\verified_contents.json	JSON data	55FAB119C4B25E3B96B68A1412A400B6	BDDA56C51ADEBE8ED0E92658B5020186270085B5	6DDD430EC4522578FC545E37B7811B740AE9BAE80EBCDBE44ABEF6289B82E2EB
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping8_427325990\manifest.fingerprint	ASCII text, with no line terminators	224A1E3D38F496B70BB0A38D237F8FCE	FBC6B5A7C15349EE150549276F58B71674C05513	1538B4C21BDABACD90069B3EFC35E1FA898694695BCC136B08A2586005645A2D
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping8_427325990\manifest.json	JSON data	F67F1900F79CA094D0FC2182B79E7A60	B0C783FB7F8985C82313C2AC4606A820FFEE7C4B	8EB011F941D5A247352B301DF87300D0881D7E50FDFD1C37CE2F85DCF946499A
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping8_427325990\sets.json	JSON data	B63AD3A7023C80F4D2D24BF4AC4145B7	582BFCD098EB6E63B5420F19A81CD3C04D5CD945	86DFE2A9896CA7CAD92BD313A27ED185339D0E4729EDAEB95C1D6A2CBEBB79AA
Chrome Cache Entry: 100	ASCII text, with very long lines (1267)	8507165C54755807224A197057729D87	ACE8A26F8402BAEE786617E4820A0860822921F2	2DF92C7108CF6788CE6FFE7D3170480C6B6CA0367AE57911849B3760F3753994
Chrome Cache Entry: 101	ISO Media, MP4 v2 [ISO 14496-14]	91DAA37E09DF8B688F7832E7D6D80AA6	FC59E29275E98DD5DCE1EFC9B982EC1BA5AD4276	EAF99FDDDBAB6953D53DF2A7E81B5275E90E221E0A7EBD3D99F42CF4B6ABA6D2
Chrome Cache Entry: 102	gzip compressed data, max compression, from Unix, original size modulo 2^32 84899	4C55012442A6CC9653DCADBBB528CD22	AE83B62952FF7E4428C85793289D7423ECE52F05	CF2D5FBEE6986544DA6202828C01898BCB8E8DEBC50611E0C7433E8066834C61
Chrome Cache Entry: 103	ASCII text, with very long lines (42164)	C2656E265EF58A9CC9F4B70B15DA5FB9	85C5EBDB89D4574D72688C2650D4B84B9B09770A	F1D083FFAA644C708F11DB29707AA57C19246E6D32643B03FEE3F82C17B224B3
Chrome Cache Entry: 104	JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 442x270, components 3	89486A05599A1CFD549F8FB2D70E7D73	24867697525DF19B88E79D75FF32384EBA57B321	5A2C666B6E4F30FF921353CD9A3ECCC09B9314C5C5AB11E1A3928936E497B2DC
Chrome Cache Entry: 105	ASCII text	4C9BA6B680FC51B6E5BD4217A1550C88	3FA0E7D643CC1E3008E0FFEBA46A1E3682E2EAF7	51C4D88FD78F3B8EFB16F845E75BE7F1BB288FDF2FD39D033868A0346DB7FADB
Chrome Cache Entry: 106	PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced	4E06D87C860BA8E8A804350F42632217	31D3F89AE95D6F25660020B21E49114AAECFDD59	6B081CB199E67A43DDCD7DDAC0B528C93CC72BB82641937368A41B0AECE43125
Chrome Cache Entry: 107	PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced	77FFE8B3DFF795EA0734BF4B35A94357	2D545FFB0877993DD227D528638A336CD3B9E32C	AD37907E335E7C5D2692B682401F4520753AB539FADEDF74962C6A004B3A179F
Chrome Cache Entry: 108	PNG image data, 21 x 17, 8-bit/color RGBA, non-interlaced	1ED9BF7633F4F449C8D2DF94EA0EB35F	2902BA9C2B127C74C2550298A0578D7D8DA941C2	E7D23B06A4FFD600558E5443D1E32DAAAF13A27CF7BB8B7CC163A92B4054AAF2
Chrome Cache Entry: 109	Java source, ASCII text	A3EECFB5CD60979B65AF8EF49BB66045	D4C4EAAB526E88C2EB58339A28207DBA967BE384	B508251F81DF8FDA1990736E14135063E5421F6C424734C90B263D8BDFC944E9
Chrome Cache Entry: 110	PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced	DA1FF638A4141EED84327E20F936496F	91E5410531539B53C3AEFCC5774413E8A665A57A	B66DE388C12D6611870503C34C5DB37FE079313C4292177435FD8DC7ED6CBE67
Chrome Cache Entry: 111	PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced	77FFE8B3DFF795EA0734BF4B35A94357	2D545FFB0877993DD227D528638A336CD3B9E32C	AD37907E335E7C5D2692B682401F4520753AB539FADEDF74962C6A004B3A179F
Chrome Cache Entry: 112	PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced	4E59E61B2A0205E09DAFAD24DA174530	0DC2ADBA2FBE4F1CD195364EF4F1AB4DC1641993	269F20EB63DB3ECE8035886EBC69112EF94339DA867D47F815237800555E508A
Chrome Cache Entry: 113	gzip compressed data, max compression, from Unix, original size modulo 2^32 246409	EDE943D9BF34428EF8FB13948912141D	F06BD9FE51BF32FBEFA0ACEFBDDAA464F6A64F13	1782968F6F9EB42BC5689B3A2956CE8C45672E126427B870EB5E2FFC415CBC0D
Chrome Cache Entry: 114	gzip compressed data, max compression, from Unix, original size modulo 2^32 144400	86D83D04E8CBDCED71F34637C23C1EB6	2AE58F60868535644CEB753735DB7191D65A6723	91286A9F171E3435452F7FC0523F2FC626A142C1EB3F29BDC38B74335E229CCE
Chrome Cache Entry: 115	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 25.4 (Macintosh), datetime=2024:04:22 17:00:21], progressive, precision 8, 600x374, components 3	80A28097C8C25CF333DB821724CFF3CD	4619B302A74BF1C32419EFFCE72339C563A97858	0B0D6220C2F0C8B630E8F244DC36164CFB135B1CC573C728FBE986F6B97ADF6C
Chrome Cache Entry: 116	ASCII text, with very long lines (65536), with no line terminators	9B31C5083355B2AAAAAEC512F3A0021D	395C9925E89A0AE66F0E016AE664C0AABFD64865	59DF8CAEC8E28F1DD238C2F59FDB02854B51DA69B0BC1A18271C502A9A166295
Chrome Cache Entry: 117	PNG image data, 840 x 487, 8-bit/color RGBA, non-interlaced	40D4266E5AADC87CCEEC1AB420DC2692	266C56990A106B6E9EFB0F9EF2A1A752AA6FA0FC	3A1D4890B3E91A01C20C65B75F1AE028E3C445CAD1FD2D249DD0868876DFE4B4
Chrome Cache Entry: 118	ISO Media, MP4 v2 [ISO 14496-14]	36BEBC24F7516D37CBFBB4EE2AEDF6F6	C40BB63CBE7C48F67FAF8DB89240FD60F912E1CE	03B2AE439D25E00E297B01942883F4EF8A6A5C87E01DD0FAEC6F1EEF24B92816
Chrome Cache Entry: 119	gzip compressed data, max compression, from Unix, original size modulo 2^32 163075	78D3BCD9609C319C6AB7FC403D7F0180	49D91136FA50933FF1B9E52E23F214E578DC93EB	7987BBA1A813626330B373BA05D4644D665378BB8F6A782D2297C101AEED1161
Chrome Cache Entry: 120	gzip compressed data, max compression, from Unix, original size modulo 2^32 163075	78D3BCD9609C319C6AB7FC403D7F0180	49D91136FA50933FF1B9E52E23F214E578DC93EB	7987BBA1A813626330B373BA05D4644D665378BB8F6A782D2297C101AEED1161
Chrome Cache Entry: 121	SVG Scalable Vector Graphics image	4ADC034F937B41471DAAEA71E64A727D	6B5C52D2A35704410262B70296A14D6A4331929D	3399887FAC9F9B581A8C81860C56FCA807C0ED6876307A12C54E0161AA4721DB
Chrome Cache Entry: 122	PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced	1D581B72D19BC828654229A0773A5300	FF517C8BB4B37351FF3DD72F7EC66FC584E90D5C	D2B3858E94ED122782DE9028F668334438649E46E5D2C6D761E3359C8E3DE200
Chrome Cache Entry: 123	PNG image data, 21 x 17, 8-bit/color RGBA, non-interlaced	1ED9BF7633F4F449C8D2DF94EA0EB35F	2902BA9C2B127C74C2550298A0578D7D8DA941C2	E7D23B06A4FFD600558E5443D1E32DAAAF13A27CF7BB8B7CC163A92B4054AAF2
Chrome Cache Entry: 124	ASCII text, with very long lines (42164)	C2656E265EF58A9CC9F4B70B15DA5FB9	85C5EBDB89D4574D72688C2650D4B84B9B09770A	F1D083FFAA644C708F11DB29707AA57C19246E6D32643B03FEE3F82C17B224B3
Chrome Cache Entry: 125	gzip compressed data, max compression, from Unix, original size modulo 2^32 200401	88C7CE379C5D6A55E0133A0B85FEAB54	AF1723D1CBFC88AC39B878645E82B1675D760F05	38A05617438DED40DB7FAE3F70EFE9CD3ADFD0A14C0EC4AF08F1D73019A10663
Chrome Cache Entry: 126	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 25.4 (Macintosh), datetime=2024:04:22 17:00:21], progressive, precision 8, 600x374, components 3	80A28097C8C25CF333DB821724CFF3CD	4619B302A74BF1C32419EFFCE72339C563A97858	0B0D6220C2F0C8B630E8F244DC36164CFB135B1CC573C728FBE986F6B97ADF6C
Chrome Cache Entry: 127	WebAssembly (wasm) binary module version 0x1 (MVP)	E725DC036AD50BA694C90EE1F72C4B5B	09F0EDED8AA4CEB9AB1B326F5265DCBE9FC0B8E8	F50ED354FD14CCE39533AF5FC58C0E4387A326748114C57A2CE3C98611DA673B
Chrome Cache Entry: 128	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 25.4 (Macintosh), datetime=2024:03:27 16:16:22], progressive, precision 8, 600x350, components 3	C4BF438F90794C480FD0FCAD5F1D8432	0D395450A43D6A94428A6F6C99B02F90A08FD262	DB092C7E51035DE44DEE2650796BEF0601CAC17812D808020E5892657B1CB0F7
Chrome Cache Entry: 129	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 25.4 (Macintosh), datetime=2024:03:27 16:16:22], progressive, precision 8, 600x350, components 3	C4BF438F90794C480FD0FCAD5F1D8432	0D395450A43D6A94428A6F6C99B02F90A08FD262	DB092C7E51035DE44DEE2650796BEF0601CAC17812D808020E5892657B1CB0F7
Chrome Cache Entry: 130	PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced	9C2A194EE50807AE9342B60634BE2445	553DFD2BA2A5E11468A3B57ABA897995F2F4D676	EC1788BCDD05595BBCD16E5C7C13BCE6481B620EBBC4200B2E6598C02C82AA78
Chrome Cache Entry: 131	PNG image data, 21 x 17, 8-bit/color RGBA, non-interlaced	1ED9BF7633F4F449C8D2DF94EA0EB35F	2902BA9C2B127C74C2550298A0578D7D8DA941C2	E7D23B06A4FFD600558E5443D1E32DAAAF13A27CF7BB8B7CC163A92B4054AAF2
Chrome Cache Entry: 132	PNG image data, 320 x 320, 8-bit/color RGBA, non-interlaced	0C6C45EE2597151FA5E955D11D2D38FE	771AA6BBE2765CD2D6F754E14D5E12FFC476E939	889DDFB8550BAC935B0A02E52BEF9D0950F0734D7A70661A0930A3D8E6A2F372
Chrome Cache Entry: 133	SVG Scalable Vector Graphics image	4ADC034F937B41471DAAEA71E64A727D	6B5C52D2A35704410262B70296A14D6A4331929D	3399887FAC9F9B581A8C81860C56FCA807C0ED6876307A12C54E0161AA4721DB
Chrome Cache Entry: 134	gzip compressed data, max compression, from Unix, original size modulo 2^32 131568	6FFE0373E13C95E1253EE372A3D7FEDB	BB6C4764E927A8ED8CBF14BABEA3E28FF1F07D4B	1F0B318040B210A65B48D386D9680B29212DA0D01DEE9CC9F56D485334BDC11A
Chrome Cache Entry: 135	ASCII text, with very long lines (1267)	388FA0CA56BC8C968A1D6D18E0EEB924	A7A5CFD8DBA3E4EA0862FE299510D415C90D1748	6B9ABDFD5D2B553CED459FF3580F4929E8481660AA5E8F21A7A688668312D048
Chrome Cache Entry: 136	gzip compressed data, max compression, from Unix, original size modulo 2^32 84899	4C55012442A6CC9653DCADBBB528CD22	AE83B62952FF7E4428C85793289D7423ECE52F05	CF2D5FBEE6986544DA6202828C01898BCB8E8DEBC50611E0C7433E8066834C61
Chrome Cache Entry: 137	ASCII text	C706681409217A14A24C7E2DEB8CF423	08B443FE5BC6A223A9DE08FB56282365B1D13857	84B97B3FA8847B64C6D3833561E4B3146530577171E85AD226578A087DB70974
Chrome Cache Entry: 138	SVG Scalable Vector Graphics image	008103375773357B988BF6B4E7DFF3F3	908CA865AC3A7F6B57DC7D5DB70A429CFF959E98	A5C59C1B52F5DD4D1C06A628F27079F4481D0EE7B40BCCD1CD91FF963E2D674F
Chrome Cache Entry: 139	ASCII text, with very long lines (42164)	C2656E265EF58A9CC9F4B70B15DA5FB9	85C5EBDB89D4574D72688C2650D4B84B9B09770A	F1D083FFAA644C708F11DB29707AA57C19246E6D32643B03FEE3F82C17B224B3
Chrome Cache Entry: 140	gzip compressed data, max compression, from Unix, original size modulo 2^32 144400	86D83D04E8CBDCED71F34637C23C1EB6	2AE58F60868535644CEB753735DB7191D65A6723	91286A9F171E3435452F7FC0523F2FC626A142C1EB3F29BDC38B74335E229CCE
Chrome Cache Entry: 141	JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 290x270, components 3	F5EB8DCF9B18F19053034101E920574E	9513C6C5E39669AD27132D470008955DBAAE61F0	15A94720D72ED1727FB281ED4AF914E17CD8166BB18F5A8484F32F9FAFF4F365
Chrome Cache Entry: 142	PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced	4E59E61B2A0205E09DAFAD24DA174530	0DC2ADBA2FBE4F1CD195364EF4F1AB4DC1641993	269F20EB63DB3ECE8035886EBC69112EF94339DA867D47F815237800555E508A
Chrome Cache Entry: 143	PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced	DA1FF638A4141EED84327E20F936496F	91E5410531539B53C3AEFCC5774413E8A665A57A	B66DE388C12D6611870503C34C5DB37FE079313C4292177435FD8DC7ED6CBE67
Chrome Cache Entry: 144	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel	5791D664309E275F4569D2F993C44782	A68F363153614A09F10AE2892C134B9C4B001D4B	4FF54BC38C267DC3A8C95F6ED4590336BAAEC70433EF15D027DDCA608C391E78
Chrome Cache Entry: 145	gzip compressed data, max compression, from Unix, original size modulo 2^32 102073	FCF0262BEB96C58FD7AEB5C0BB8FC4AF	22C51ED3EB77FC79AC3FE8131F8CB08C9AFD532E	E81EA8894A34C2673DC7E7AFA5055EDED2622F15DAB8F452EA79C240C6969F3F
Chrome Cache Entry: 146	ASCII text, with very long lines (1267)	8507165C54755807224A197057729D87	ACE8A26F8402BAEE786617E4820A0860822921F2	2DF92C7108CF6788CE6FFE7D3170480C6B6CA0367AE57911849B3760F3753994
Chrome Cache Entry: 147	ASCII text	4C9BA6B680FC51B6E5BD4217A1550C88	3FA0E7D643CC1E3008E0FFEBA46A1E3682E2EAF7	51C4D88FD78F3B8EFB16F845E75BE7F1BB288FDF2FD39D033868A0346DB7FADB
Chrome Cache Entry: 148	WebAssembly (wasm) binary module version 0x1 (MVP)	E725DC036AD50BA694C90EE1F72C4B5B	09F0EDED8AA4CEB9AB1B326F5265DCBE9FC0B8E8	F50ED354FD14CCE39533AF5FC58C0E4387A326748114C57A2CE3C98611DA673B
Chrome Cache Entry: 149	PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced	4E06D87C860BA8E8A804350F42632217	31D3F89AE95D6F25660020B21E49114AAECFDD59	6B081CB199E67A43DDCD7DDAC0B528C93CC72BB82641937368A41B0AECE43125
Chrome Cache Entry: 150	PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced	EB46CED34F8CD5637A3CA911BD12F300	A26B44E6E634E4D670A38549033D3539A981E415	DF53D5B90C9E669236F8593B7FC941A6DA753EE8EEC79A64C6955A4A67DCB45F
Chrome Cache Entry: 151	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1246x260, components 3	0844F137AFE5EE62B102B8CF83D98863	2D8E0766B0C2D16C86BC5F713B03F2328D2569BC	F65E84718BC30E4A01CD4401BBBEA3448F2A59C705C3D140261A62432F4B8585
Chrome Cache Entry: 152	ASCII text, with very long lines (22681)	8E548B1AD991B0CD636A7E4939E3C420	FFACC63C9B5D77B0597F9C054CA349312626A5FE	2CA27E9A8DAE569CDEAC42752ED1AED1AFEFF7F19282D3CC12C0AAA54A08BC04
Chrome Cache Entry: 153	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel	5791D664309E275F4569D2F993C44782	A68F363153614A09F10AE2892C134B9C4B001D4B	4FF54BC38C267DC3A8C95F6ED4590336BAAEC70433EF15D027DDCA608C391E78
Chrome Cache Entry: 154	gzip compressed data, max compression, from Unix, original size modulo 2^32 110206	BF88A2E44AE44DE60408010047AA2534	644FBA3DBB11BFACCA45F72D098CD16EE3679F58	3B2E89FEC8654E1F8D5B45B794F310F9F287E0E9B249B0E3279016E5D5873409
Chrome Cache Entry: 155	gzip compressed data, max compression, from Unix, original size modulo 2^32 131568	6FFE0373E13C95E1253EE372A3D7FEDB	BB6C4764E927A8ED8CBF14BABEA3E28FF1F07D4B	1F0B318040B210A65B48D386D9680B29212DA0D01DEE9CC9F56D485334BDC11A
Chrome Cache Entry: 156	SVG Scalable Vector Graphics image	E75F7F8AC71782DDA40464528A4F619B	1294A00A625B50FF7C3EB3119A71D49399C9AC29	832FBEFD7A4FE8F651058597D9F1910883D1CBD56D0CEB343E7D6170AEECF982
Chrome Cache Entry: 157	gzip compressed data, max compression, from Unix, original size modulo 2^32 110206	BF88A2E44AE44DE60408010047AA2534	644FBA3DBB11BFACCA45F72D098CD16EE3679F58	3B2E89FEC8654E1F8D5B45B794F310F9F287E0E9B249B0E3279016E5D5873409
Chrome Cache Entry: 158	gzip compressed data, max compression, from Unix, original size modulo 2^32 246409	EDE943D9BF34428EF8FB13948912141D	F06BD9FE51BF32FBEFA0ACEFBDDAA464F6A64F13	1782968F6F9EB42BC5689B3A2956CE8C45672E126427B870EB5E2FFC415CBC0D
Chrome Cache Entry: 159	JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 290x270, components 3	F5EB8DCF9B18F19053034101E920574E	9513C6C5E39669AD27132D470008955DBAAE61F0	15A94720D72ED1727FB281ED4AF914E17CD8166BB18F5A8484F32F9FAFF4F365
Chrome Cache Entry: 160	SVG Scalable Vector Graphics image	008103375773357B988BF6B4E7DFF3F3	908CA865AC3A7F6B57DC7D5DB70A429CFF959E98	A5C59C1B52F5DD4D1C06A628F27079F4481D0EE7B40BCCD1CD91FF963E2D674F
Chrome Cache Entry: 161	PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced	9C2A194EE50807AE9342B60634BE2445	553DFD2BA2A5E11468A3B57ABA897995F2F4D676	EC1788BCDD05595BBCD16E5C7C13BCE6481B620EBBC4200B2E6598C02C82AA78
Chrome Cache Entry: 162	PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced	EB46CED34F8CD5637A3CA911BD12F300	A26B44E6E634E4D670A38549033D3539A981E415	DF53D5B90C9E669236F8593B7FC941A6DA753EE8EEC79A64C6955A4A67DCB45F
Chrome Cache Entry: 163	PNG image data, 840 x 487, 8-bit/color RGBA, non-interlaced	40D4266E5AADC87CCEEC1AB420DC2692	266C56990A106B6E9EFB0F9EF2A1A752AA6FA0FC	3A1D4890B3E91A01C20C65B75F1AE028E3C445CAD1FD2D249DD0868876DFE4B4
Chrome Cache Entry: 164	ASCII text	1400A5F5BB460526B907B489C84AC96A	1CDB62D2B39EFF966E96A476F72704BC86591036	42D42F23D7276824168808093BE0F20E3E53673718C79349CC22DA88F58D3E23
Chrome Cache Entry: 165	PNG image data, 320 x 320, 8-bit/color RGBA, non-interlaced	0C6C45EE2597151FA5E955D11D2D38FE	771AA6BBE2765CD2D6F754E14D5E12FFC476E939	889DDFB8550BAC935B0A02E52BEF9D0950F0734D7A70661A0930A3D8E6A2F372
Chrome Cache Entry: 166	gzip compressed data, max compression, from Unix, original size modulo 2^32 102073	FCF0262BEB96C58FD7AEB5C0BB8FC4AF	22C51ED3EB77FC79AC3FE8131F8CB08C9AFD532E	E81EA8894A34C2673DC7E7AFA5055EDED2622F15DAB8F452EA79C240C6969F3F
Chrome Cache Entry: 167	PNG image data, 21 x 17, 8-bit/color RGBA, non-interlaced	1ED9BF7633F4F449C8D2DF94EA0EB35F	2902BA9C2B127C74C2550298A0578D7D8DA941C2	E7D23B06A4FFD600558E5443D1E32DAAAF13A27CF7BB8B7CC163A92B4054AAF2
Chrome Cache Entry: 168	PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced	1D581B72D19BC828654229A0773A5300	FF517C8BB4B37351FF3DD72F7EC66FC584E90D5C	D2B3858E94ED122782DE9028F668334438649E46E5D2C6D761E3359C8E3DE200
Chrome Cache Entry: 169	SVG Scalable Vector Graphics image	E75F7F8AC71782DDA40464528A4F619B	1294A00A625B50FF7C3EB3119A71D49399C9AC29	832FBEFD7A4FE8F651058597D9F1910883D1CBD56D0CEB343E7D6170AEECF982
Chrome Cache Entry: 170	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel	5791D664309E275F4569D2F993C44782	A68F363153614A09F10AE2892C134B9C4B001D4B	4FF54BC38C267DC3A8C95F6ED4590336BAAEC70433EF15D027DDCA608C391E78
Chrome Cache Entry: 91	ASCII text, with very long lines (2979), with no line terminators	2B89D34702716A8AD2CC3977718F53A3	04406EBD6A9E2CE79DBAC5E5048CFE1384E4574A	2031E418EE10AF8110729B3F327B968462FC0A9D8D1DA095387BB472CCD0DEE6
Chrome Cache Entry: 92	JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 442x270, components 3	89486A05599A1CFD549F8FB2D70E7D73	24867697525DF19B88E79D75FF32384EBA57B321	5A2C666B6E4F30FF921353CD9A3ECCC09B9314C5C5AB11E1A3928936E497B2DC
Chrome Cache Entry: 93	gzip compressed data, max compression, from Unix, original size modulo 2^32 140502	22FC89B07D3463221776FE84924F0093	EC315241AF796928056AA2408759A5DD502A47ED	E3327B49B4ABB4C0919AC93668E7AD15BBC6FBD3741FADB82A7DCB6D70175F15
Chrome Cache Entry: 94	PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced	5F245AC9016657DFAFCBDBF61B61E514	4033C942A333F667EF26C5D45ED5E233BD83B8B9	006D88E7389F56F925CDAC325A2D6FC7956BBDCC30E46214BDD97B43274BD78E
Chrome Cache Entry: 95	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x320, components 3	C57231E11770EB241B98B21E6DCCA661	81E99E712A82A9592CDD7A58F5D2D2FE822787A9	7AAFDD942598B522B99533B1BF63222AA2CD2CF4202D8BD766096CAB031E555D
Chrome Cache Entry: 96	gzip compressed data, max compression, from Unix, original size modulo 2^32 140502	22FC89B07D3463221776FE84924F0093	EC315241AF796928056AA2408759A5DD502A47ED	E3327B49B4ABB4C0919AC93668E7AD15BBC6FBD3741FADB82A7DCB6D70175F15
Chrome Cache Entry: 97	gzip compressed data, max compression, from Unix, original size modulo 2^32 200401	88C7CE379C5D6A55E0133A0B85FEAB54	AF1723D1CBFC88AC39B878645E82B1675D760F05	38A05617438DED40DB7FAE3F70EFE9CD3ADFD0A14C0EC4AF08F1D73019A10663
Chrome Cache Entry: 98	PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced	5F245AC9016657DFAFCBDBF61B61E514	4033C942A333F667EF26C5D45ED5E233BD83B8B9	006D88E7389F56F925CDAC325A2D6FC7956BBDCC30E46214BDD97B43274BD78E
Chrome Cache Entry: 99	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x320, components 3	C57231E11770EB241B98B21E6DCCA661	81E99E712A82A9592CDD7A58F5D2D2FE822787A9	7AAFDD942598B522B99533B1BF63222AA2CD2CF4202D8BD766096CAB031E555D

AV Detection

Multi AV Scanner detection for submitted file

Source: https://free.putrivpn.biz.id/

Virustotal: Detection: 13%

Perma Link

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.4:65331 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.34
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.34
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.34
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.34
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: free.putrivpn.biz.idConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/font-roboto.css?1 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://free.putrivpn.biz.id/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/bootstrap.min.css?3 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://free.putrivpn.biz.id/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/telegram.css?237 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://free.putrivpn.biz.id/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/tgwallpaper.min.js?3 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://free.putrivpn.biz.id/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /file/RZNnw0_ix5MuE25XTDryFe2zD8tEcK0Uikpfz5B8ecuF-D-un9OHrfHAxjwtQdlV15D45FAAws6Cn5tM2rbfpapI3XiDX4we1FfLqd0DqVFLnIOrZd5ASBmGe1FWpC8_sr_jqbo5z89OZbOaG-PWOn0iuqheGJDq_xIXrI2QBWo3MqA27LobX_d8G5SNm8eURnw38JJi02QkV6SGVtkbe7IJoixGc_yxsfwiTaPXZuVxES3rEp3VWD4LQHffhFz6s4hvkT_9SgzMSJBfCumfuV34Mt7zpeliMF9ZIng5IYk8u_ADZ2sesM0bEPrlDsg_crHFPmQmibCz6_MzpSjhyg.jpg HTTP/1.1Host: cdn5.cdn-telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://free.putrivpn.biz.id/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /file/RZNnw0_ix5MuE25XTDryFe2zD8tEcK0Uikpfz5B8ecuF-D-un9OHrfHAxjwtQdlV15D45FAAws6Cn5tM2rbfpapI3XiDX4we1FfLqd0DqVFLnIOrZd5ASBmGe1FWpC8_sr_jqbo5z89OZbOaG-PWOn0iuqheGJDq_xIXrI2QBWo3MqA27LobX_d8G5SNm8eURnw38JJi02QkV6SGVtkbe7IJoixGc_yxsfwiTaPXZuVxES3rEp3VWD4LQHffhFz6s4hvkT_9SgzMSJBfCumfuV34Mt7zpeliMF9ZIng5IYk8u_ADZ2sesM0bEPrlDsg_crHFPmQmibCz6_MzpSjhyg.jpg HTTP/1.1Host: cdn5.cdn-telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/bootstrap.min.css?3 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /css/telegram.css?237 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /js/main.js?47 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/400780400283/2/u3yTafRoh-g.259708/f2ec7d02b0bf09876e HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/400780400906/1/nG_ME-jFfII.256820/2569601ad1ecf4c3c2 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001897/3/f0Go0rLpEwk.11343.png/dd4eeb46cc5efc0688 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001737/4/Fn57W9l3xI0.15286.png/d4b936ecc2c939f4fa HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001560/2/n7EACfx4FPY.16465.png/7318c11715aa2ec45b HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /js/tgsticker.js?31 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/SiteDesktop.jpg?2 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/css/telegram.css?237Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/SiteiOS.jpg?2 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/css/telegram.css?237Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/400780400283/2/u3yTafRoh-g.259708/f2ec7d02b0bf09876e HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/400780400906/1/nG_ME-jFfII.256820/2569601ad1ecf4c3c2 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/SiteAndroid.jpg?2 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/css/telegram.css?237Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001897/3/f0Go0rLpEwk.11343.png/dd4eeb46cc5efc0688 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/SiteIconAndroid.svg HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/css/telegram.css?237Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/SiteIconApple.svg HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/css/telegram.css?237Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001737/4/Fn57W9l3xI0.15286.png/d4b936ecc2c939f4fa HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/twitter.png HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/css/telegram.css?237Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /js/tgsticker-worker.js?14 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001132/3/-1qvqKPZsQQ.17975.png/7d57d7159cf4fbe9b2 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001560/2/n7EACfx4FPY.16465.png/7318c11715aa2ec45b HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /js/rlottie-wasm.js HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://telegram.org/js/tgsticker-worker.js?14Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001828/11e9a/1yY7a721t4o.30567.png/e113973dae2bee508b HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001880/3/xOpm7ohoHQ0.12690.png/feb1e161b1d3608613 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001453/3/mNzXWC3RX0c.15740.png/9ce5fa5f3fb74460b4 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001402/5/eOMSj3GzJXo.13579.png/f3cec6c451d023c109 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001166/2/FzTl8_M5mQA.19325.png/b6c5dbc0e4f6553805 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/SiteiOS.jpg?2 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/SiteIconAndroid.svg HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/SiteIconApple.svg HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/SiteAndroid.jpg?2 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/twitter.png HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /js/pako-inflate.min.js HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://telegram.org/js/tgsticker-worker.js?14Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /js/rlottie-wasm.wasm HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://telegram.org/js/tgsticker-worker.js?14Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/t_logo_sprite.svg HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001132/3/-1qvqKPZsQQ.17975.png/7d57d7159cf4fbe9b2 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001880/3/xOpm7ohoHQ0.12690.png/feb1e161b1d3608613 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001453/3/mNzXWC3RX0c.15740.png/9ce5fa5f3fb74460b4 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001828/11e9a/1yY7a721t4o.30567.png/e113973dae2bee508b HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/t_main_Android_demo.mp4 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://telegram.org/Accept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446Range: bytes=0-
Source: global traffic	HTTP traffic detected: GET /file/464001402/5/eOMSj3GzJXo.13579.png/f3cec6c451d023c109 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001493/2/hV6uPcaHk_E.17388/dcccb066a7b4fe44ee HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://telegram.org/js/tgsticker-worker.js?14Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001166/2/FzTl8_M5mQA.19325.png/b6c5dbc0e4f6553805 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/t_logo_sprite.svg HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001812/2/kLAK2TPyvUU.12545/f68c1caf735a2ea3db HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://telegram.org/js/tgsticker-worker.js?14Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001484/1/bzi7gr7XRGU.10147/815df2ef527132dd23 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://telegram.org/js/tgsticker-worker.js?14Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001828/11e99/2FUYW30UXAI.12708/7604effa1e02ddf7f9 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://telegram.org/js/tgsticker-worker.js?14Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001166/1/01aTJ2ISKeU.21801/24028c7b6d07639794 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://telegram.org/js/tgsticker-worker.js?14Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001418/1/fabnJFzygPY.17422/bc9dec9fd8bd26e00e HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://telegram.org/js/tgsticker-worker.js?14Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001880/2/VGTLBN3QuYM.10959/8940838e7dddc787d8 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://telegram.org/js/tgsticker-worker.js?14Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /js/rlottie-wasm.wasm HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001493/2/hV6uPcaHk_E.17388/dcccb066a7b4fe44ee HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001560/1/zLlKYgeDLoA.14496/62085b07461f2d87e4 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://telegram.org/js/tgsticker-worker.js?14Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001453/2/eW_MzRhUGoM.10926/fe1f3bc3dd08367c0a HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://telegram.org/js/tgsticker-worker.js?14Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/t_main_iOS_demo.mp4 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://telegram.org/Accept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446Range: bytes=0-
Source: global traffic	HTTP traffic detected: GET /file/464001812/2/kLAK2TPyvUU.12545/f68c1caf735a2ea3db HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001484/1/bzi7gr7XRGU.10147/815df2ef527132dd23 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001828/11e99/2FUYW30UXAI.12708/7604effa1e02ddf7f9 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/t_main_Android_demo.mp4 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://telegram.org/Accept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446Range: bytes=229376-250837If-Range: "5eb6fd6e-3d3d6"
Source: global traffic	HTTP traffic detected: GET /file/464001166/1/01aTJ2ISKeU.21801/24028c7b6d07639794 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/t_main_iOS_demo.mp4 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://telegram.org/Accept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446Range: bytes=229376-244747If-Range: "5eb6fd6e-3bc0c"
Source: global traffic	HTTP traffic detected: GET /file/464001418/1/fabnJFzygPY.17422/bc9dec9fd8bd26e00e HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001880/2/VGTLBN3QuYM.10959/8940838e7dddc787d8 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /file/464001560/1/zLlKYgeDLoA.14496/62085b07461f2d87e4 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/favicon.ico HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /img/t_main_Android_demo.mp4 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://telegram.org/Accept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446Range: bytes=48128-229375If-Range: "5eb6fd6e-3d3d6"
Source: global traffic	HTTP traffic detected: GET /img/t_main_iOS_demo.mp4 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://telegram.org/Accept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446Range: bytes=48128-229375If-Range: "5eb6fd6e-3bc0c"
Source: global traffic	HTTP traffic detected: GET /file/464001453/2/eW_MzRhUGoM.10926/fe1f3bc3dd08367c0a HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET /dl?tme=0026cad0692b4121a0_143055121966919640 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=3c2fcd2d5b7782fddf_193317994058487446
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: desktop.telegram.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/bootstrap.min.css?3 HTTP/1.1Host: desktop.telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://desktop.telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=927d752330185bfea8_6862749389111371992
Source: global traffic	HTTP traffic detected: GET /css/telegram.css?237 HTTP/1.1Host: desktop.telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://desktop.telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=927d752330185bfea8_6862749389111371992
Source: global traffic	HTTP traffic detected: GET /js/main.js?47 HTTP/1.1Host: desktop.telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://desktop.telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=927d752330185bfea8_6862749389111371992
Source: global traffic	HTTP traffic detected: GET /img/twitter.png HTTP/1.1Host: desktop.telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://desktop.telegram.org/css/telegram.css?237Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=927d752330185bfea8_6862749389111371992
Source: global traffic	HTTP traffic detected: GET /img/td_laptop.png HTTP/1.1Host: desktop.telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://desktop.telegram.org/css/telegram.css?237Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=927d752330185bfea8_6862749389111371992
Source: global traffic	HTTP traffic detected: GET /img/twitter.png HTTP/1.1Host: desktop.telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=927d752330185bfea8_6862749389111371992
Source: global traffic	HTTP traffic detected: GET /img/favicon.ico HTTP/1.1Host: desktop.telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://desktop.telegram.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=927d752330185bfea8_6862749389111371992
Source: global traffic	HTTP traffic detected: GET /img/td_laptop.png HTTP/1.1Host: desktop.telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=927d752330185bfea8_6862749389111371992
Source: global traffic	HTTP traffic detected: GET /img/favicon.ico HTTP/1.1Host: desktop.telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: stel_ssid=927d752330185bfea8_6862749389111371992

Source: global traffic	DNS traffic detected: DNS query: free.putrivpn.biz.id
Source: global traffic	DNS traffic detected: DNS query: telegram.org
Source: global traffic	DNS traffic detected: DNS query: cdn5.cdn-telegram.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: desktop.telegram.org

Source: chromecache_139.2.dr, chromecache_124.2.dr, chromecache_103.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: chromecache_139.2.dr, chromecache_124.2.dr, chromecache_103.2.dr	String found in binary or memory: http://getbootstrap.com/customize/?id=92d2ac1b31978642b6b6)
Source: chromecache_101.2.dr, chromecache_118.2.dr	String found in binary or memory: http://www.videolan.org/x264.html
Source: sets.json.0.dr	String found in binary or memory: https://abczdrowie.pl
Source: sets.json.0.dr	String found in binary or memory: https://alice.tw
Source: sets.json.0.dr	String found in binary or memory: https://autobild.de
Source: sets.json.0.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.0.dr	String found in binary or memory: https://bild.de
Source: sets.json.0.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.0.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.0.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.0.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.0.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.0.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.0.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.0.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.0.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.0.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.0.dr	String found in binary or memory: https://cardsayings.net
Source: sets.json.0.dr	String found in binary or memory: https://chennien.com
Source: sets.json.0.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.0.dr	String found in binary or memory: https://clmbtech.com
Source: sets.json.0.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://cmxd.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.0.dr	String found in binary or memory: https://computerbild.de
Source: sets.json.0.dr	String found in binary or memory: https://cookreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.0.dr	String found in binary or memory: https://desimartini.com
Source: sets.json.0.dr	String found in binary or memory: https://dewarmsteweek.be
Source: sets.json.0.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.0.dr	String found in binary or memory: https://een.be
Source: sets.json.0.dr	String found in binary or memory: https://efront.com
Source: sets.json.0.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.0.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.0.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.0.dr	String found in binary or memory: https://ella.sv
Source: sets.json.0.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.0.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.0.dr	String found in binary or memory: https://fakt.pl
Source: sets.json.0.dr	String found in binary or memory: https://finn.no
Source: sets.json.0.dr	String found in binary or memory: https://firstlook.biz
Source: sets.json.0.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://geforcenow.com
Source: sets.json.0.dr	String found in binary or memory: https://gettalkdesk.com
Source: chromecache_139.2.dr, chromecache_124.2.dr, chromecache_103.2.dr	String found in binary or memory: https://gist.github.com/92d2ac1b31978642b6b6
Source: chromecache_109.2.dr	String found in binary or memory: https://github.com/mapbox/mapbox-gl-js/issues/8771
Source: chromecache_139.2.dr, chromecache_124.2.dr, chromecache_103.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: sets.json.0.dr	String found in binary or memory: https://gliadomain.com
Source: sets.json.0.dr	String found in binary or memory: https://grid.id
Source: sets.json.0.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.0.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.0.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.0.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://hapara.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.global
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.0.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.0.dr	String found in binary or memory: https://hearty.app
Source: sets.json.0.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.0.dr	String found in binary or memory: https://hearty.me
Source: sets.json.0.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.0.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.0.dr	String found in binary or memory: https://hj.rs
Source: sets.json.0.dr	String found in binary or memory: https://hjck.com
Source: sets.json.0.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.0.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.0.dr	String found in binary or memory: https://iolam.it
Source: sets.json.0.dr	String found in binary or memory: https://ishares.com
Source: sets.json.0.dr	String found in binary or memory: https://jagran.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.0.dr	String found in binary or memory: https://kompas.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.0.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.0.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.0.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.0.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.0.dr	String found in binary or memory: https://libero.it
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.0.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.0.dr	String found in binary or memory: https://livemint.com
Source: sets.json.0.dr	String found in binary or memory: https://max.auto
Source: sets.json.0.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.0.dr	String found in binary or memory: https://meo.pt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.0.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.0.dr	String found in binary or memory: https://money.pl
Source: sets.json.0.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://nacion.com
Source: sets.json.0.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.co
Source: sets.json.0.dr	String found in binary or memory: https://nien.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.org
Source: sets.json.0.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.0.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.0.dr	String found in binary or memory: https://nvidia.com
Source: sets.json.0.dr	String found in binary or memory: https://o2.pl
Source: sets.json.0.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.0.dr	String found in binary or memory: https://onet.pl
Source: chromecache_146.2.dr, chromecache_100.2.dr	String found in binary or memory: https://osx.telegram.org/updates/site/artboard.png)
Source: chromecache_146.2.dr, chromecache_100.2.dr	String found in binary or memory: https://osx.telegram.org/updates/site/artboard_2x.png);
Source: sets.json.0.dr	String found in binary or memory: https://ottplay.com
Source: sets.json.0.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://pdmp-apis.no
Source: sets.json.0.dr	String found in binary or memory: https://phonandroid.com
Source: sets.json.0.dr	String found in binary or memory: https://player.pl
Source: sets.json.0.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.0.dr	String found in binary or memory: https://poalim.site
Source: sets.json.0.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.0.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.0.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.0.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.0.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://radio1.be
Source: sets.json.0.dr	String found in binary or memory: https://radio2.be
Source: sets.json.0.dr	String found in binary or memory: https://reactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://repid.org
Source: sets.json.0.dr	String found in binary or memory: https://reshim.org
Source: sets.json.0.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://sackrace.ai
Source: sets.json.0.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.0.dr	String found in binary or memory: https://samayam.com
Source: sets.json.0.dr	String found in binary or memory: https://sapo.io
Source: sets.json.0.dr	String found in binary or memory: https://sapo.pt
Source: sets.json.0.dr	String found in binary or memory: https://shock.co
Source: sets.json.0.dr	String found in binary or memory: https://smoney.vn
Source: sets.json.0.dr	String found in binary or memory: https://socket-to-me.vip
Source: sets.json.0.dr	String found in binary or memory: https://songshare.com
Source: sets.json.0.dr	String found in binary or memory: https://songstats.com
Source: sets.json.0.dr	String found in binary or memory: https://sporza.be
Source: sets.json.0.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.0.dr	String found in binary or memory: https://stripe.com
Source: sets.json.0.dr	String found in binary or memory: https://stripe.network
Source: sets.json.0.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.0.dr	String found in binary or memory: https://supereva.it
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskstgid.com
Source: sets.json.0.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://technology-revealed.com
Source: chromecache_147.2.dr, chromecache_105.2.dr	String found in binary or memory: https://telegram.org/
Source: sets.json.0.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.0.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.app
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.com
Source: sets.json.0.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.0.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://tvid.in
Source: sets.json.0.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://tvn24.pl
Source: chromecache_147.2.dr, chromecache_105.2.dr	String found in binary or memory: https://twitter.com/intent/tweet?text=
Source: sets.json.0.dr	String found in binary or memory: https://unotv.com
Source: sets.json.0.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.0.dr	String found in binary or memory: https://vrt.be
Source: sets.json.0.dr	String found in binary or memory: https://vwo.com
Source: sets.json.0.dr	String found in binary or memory: https://welt.de
Source: sets.json.0.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.0.dr	String found in binary or memory: https://wildix.com
Source: sets.json.0.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.0.dr	String found in binary or memory: https://wingify.com
Source: sets.json.0.dr	String found in binary or memory: https://wordle.at
Source: sets.json.0.dr	String found in binary or memory: https://wp.pl
Source: sets.json.0.dr	String found in binary or memory: https://wpext.pl
Source: sets.json.0.dr	String found in binary or memory: https://www.asadcdn.com
Source: sets.json.0.dr	String found in binary or memory: https://ya.ru
Source: sets.json.0.dr	String found in binary or memory: https://zalo.me
Source: sets.json.0.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://zingmp3.vn

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65333
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 65333 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping8_427325990	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping8_427325990\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping8_427325990\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping8_427325990\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping8_427325990\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping8_427325990\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping8_427325990\manifest.fingerprint	Jump to behavior

Deletes files inside the Windows folder

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_8_1041871337

Jump to behavior

Source: classification engine

Classification label: mal48.win@21/134@18/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2212,i,5931843426714858406,7304963966521873370,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://free.putrivpn.biz.id/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2212,i,5931843426714858406,7304963966521873370,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1447757
Product:	CloudBasic
Start time:	00:49:33
Start date:	27.05.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://free.putrivpn.biz.id/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://free.putrivpn.biz.id/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://free.putrivpn.biz.id/