Edit tour

Windows Analysis Report
http://www.telegramwg.com/

Overview

General Information

Sample URL:	http://www.telegramwg.com/
Analysis ID:	1589321
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

AI detected suspicious URL

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

PE file contains an invalid checksum

PE file contains sections with non-standard names

PE file does not import any functions

PE file overlay found

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3172 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6572 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1916,i,13595971360626531261,10883008088770361023,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7060 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5728 --field-trial-handle=1916,i,13595971360626531261,10883008088770361023,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6788 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5668 --field-trial-handle=1916,i,13595971360626531261,10883008088770361023,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2556 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.telegramwg.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /v6/collect?dt=4 HTTP/1.1Host: collect-v6.51.laConnection: keep-aliveContent-Length: 485sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.telegramwg.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.telegramwg.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_89.2.dr	String found in binary or memory: https://apps.apple.com/us/app/telegram-messenger/id686449807
Source: chromecache_89.2.dr	String found in binary or memory: https://beian.miit.gov.cn
Source: chromecache_89.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/telegram-13/a.png
Source: chromecache_89.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/telegram-13/d2.gif
Source: chromecache_89.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/telegram-13/d3.gif
Source: chromecache_89.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/telegram-13/d7.gif
Source: chromecache_89.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/telegram-13/logo.png
Source: chromecache_89.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/telegram-favicon.ico
Source: chromecache_89.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/telegram-logo.png
Source: chromecache_89.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/tg-07/Telegram
Source: chromecache_89.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/tg-07/top.png
Source: Unconfirmed 593715.crdownload.0.dr, Unconfirmed 134623.crdownload.0.dr	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: chromecache_89.2.dr	String found in binary or memory: https://www.sanxiang-sh.com/upload/Telegram.apk
Source: chromecache_89.2.dr	String found in binary or memory: https://www.sanxiang-sh.com/upload/tsetup-x64.5.7.2.exe

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: 8a5cd1c2-a8cd-4bb5-b9b4-362d991696f5.tmp.0.dr	Static PE information: No import functions for PE file found
Source: 39c03c9a-ff65-46e3-9f75-ab0f5a6b5d6f.tmp.0.dr	Static PE information: No import functions for PE file found

Source: 8a5cd1c2-a8cd-4bb5-b9b4-362d991696f5.tmp.0.dr	Static PE information: Data appended to the last section found
Source: 39c03c9a-ff65-46e3-9f75-ab0f5a6b5d6f.tmp.0.dr	Static PE information: Data appended to the last section found

Source: classification engine

Classification label: mal60.win@23/49@22/11

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1916,i,13595971360626531261,10883008088770361023,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.telegramwg.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5728 --field-trial-handle=1916,i,13595971360626531261,10883008088770361023,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5668 --field-trial-handle=1916,i,13595971360626531261,10883008088770361023,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1916,i,13595971360626531261,10883008088770361023,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5728 --field-trial-handle=1916,i,13595971360626531261,10883008088770361023,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5668 --field-trial-handle=1916,i,13595971360626531261,10883008088770361023,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: 8a5cd1c2-a8cd-4bb5-b9b4-362d991696f5.tmp.0.dr	Static PE information: real checksum: 0x2bfe34d should be: 0x5086
Source: 39c03c9a-ff65-46e3-9f75-ab0f5a6b5d6f.tmp.0.dr	Static PE information: real checksum: 0x2bfe34d should be: 0x1264f

Source: 39c03c9a-ff65-46e3-9f75-ab0f5a6b5d6f.tmp.0.dr	Static PE information: section name: .didata
Source: 8a5cd1c2-a8cd-4bb5-b9b4-362d991696f5.tmp.0.dr	Static PE information: section name: .didata
Source: Unconfirmed 593715.crdownload.0.dr	Static PE information: section name: .didata
Source: Unconfirmed 134623.crdownload.0.dr	Static PE information: section name: .didata
Source: chromecache_99.2.dr	Static PE information: section name: .didata

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 593715.crdownload	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 99	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\39c03c9a-ff65-46e3-9f75-ab0f5a6b5d6f.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\8a5cd1c2-a8cd-4bb5-b9b4-362d991696f5.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 134623.crdownload	Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 99
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 99			Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: Unconfirmed 593715.crdownload.0.dr

Binary or memory string: +VMCi

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	11 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://www.telegramwg.com/	100%	Avira URL Cloud	phishing

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\Downloads\Unconfirmed 593715.crdownload	0%	ReversingLabs

Source	Detection	Scanner	Label
https://www.telegramwg.com/static/js/jquery.js	100%	Avira URL Cloud	phishing
https://www.sanxiang-sh.com/upload/tsetup-x64.5.7.2.exe	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/telegram-13/d7.gif	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/telegram-13/a.png	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/telegram-13/logo.png	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/telegram-13/d2.gif	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/tg-07/Telegram%20150.png	0%	Avira URL Cloud	safe
https://www.sanxiang-sh.com/upload/Telegram.apk	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/tg-07/Telegram	0%	Avira URL Cloud	safe
https://www.telegramwg.com/static/js/public.js	100%	Avira URL Cloud	phishing
https://www.telegramwg.com/static/css/style.min.css	100%	Avira URL Cloud	phishing
https://image.sanxiang-sh.com/telegram-13/d3.gif	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/tg-07/top.png	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/telegram-favicon.ico	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/telegram-logo.png	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
hcdnwsa120.v5.cdnhwczoy106.cn	90.84.161.20	true	false	high
www.sanxiang-sh.com	104.21.20.160	true	false	unknown
www.google.com	142.250.181.228	true	false	high
www.telegramwg.com	104.21.80.1	true	true	unknown
image.sanxiang-sh.com	172.67.193.48	true	false	unknown
collect-v6.51.la	unknown	unknown	false	high
sdk.51.la	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://collect-v6.51.la/v6/collect?dt=4	false		high
https://www.telegramwg.com/static/js/jquery.js	false	Avira URL Cloud: phishing	unknown
https://image.sanxiang-sh.com/telegram-13/d7.gif	false	Avira URL Cloud: safe	unknown
https://www.sanxiang-sh.com/upload/tsetup-x64.5.7.2.exe	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/telegram-13/d2.gif	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/tg-07/Telegram%20150.png	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/telegram-13/logo.png	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/telegram-13/a.png	false	Avira URL Cloud: safe	unknown
https://www.telegramwg.com/static/js/public.js	false	Avira URL Cloud: phishing	unknown
https://image.sanxiang-sh.com/tg-07/top.png	false	Avira URL Cloud: safe	unknown
https://www.telegramwg.com/static/css/style.min.css	false	Avira URL Cloud: phishing	unknown
https://sdk.51.la/js-sdk-pro.min.js?id=3KK9Zot37TeXAqY2&ck=3KK9Zot37TeXAqY2	false		high
https://image.sanxiang-sh.com/telegram-13/d3.gif	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/telegram-favicon.ico	false	Avira URL Cloud: safe	unknown
https://www.telegramwg.com/	false		unknown
https://image.sanxiang-sh.com/telegram-logo.png	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU	Unconfirmed 593715.crdownload.0.dr, Unconfirmed 134623.crdownload.0.dr	false		high
https://beian.miit.gov.cn	chromecache_89.2.dr	false		high
https://www.sanxiang-sh.com/upload/Telegram.apk	chromecache_89.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/tg-07/Telegram	chromecache_89.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.80.1	www.telegramwg.com	United States	13335	CLOUDFLARENETUS	true
172.67.193.48	image.sanxiang-sh.com	United States	13335	CLOUDFLARENETUS	false
104.21.112.1	unknown	United States	13335	CLOUDFLARENETUS	false
98.98.25.19	unknown	United States	7018	ATT-INTERNET4US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.181.228	www.google.com	United States	15169	GOOGLEUS	false
90.84.161.20	hcdnwsa120.v5.cdnhwczoy106.cn	France	5511	OPENTRANSITFR	false
104.21.20.160	www.sanxiang-sh.com	United States	13335	CLOUDFLARENETUS	false
90.84.161.21	unknown	France	5511	OPENTRANSITFR	false

Private

IP
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1589321
Start date and time:	2025-01-12 01:04:42 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://www.telegramwg.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.win@23/49@22/11
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.16.195, 142.250.181.238, 64.233.184.84, 142.250.186.46, 216.58.206.78, 199.232.214.172, 192.229.221.95, 172.217.18.110, 172.217.18.14, 216.58.206.46, 142.250.185.238, 216.58.206.35, 142.250.185.78, 172.217.16.206, 184.28.90.27, 4.245.163.56, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing network information.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://www.telegramwg.com/

Input	Output
URL: http://www.telegramwg.com Model: Joe Sandbox AI	{ "typosquatting": true, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": true, "third_party_hosting": true }
URL: http://www.telegramwg.com
URL: https://www.telegramwg.com/static/js/public.js... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript code appears to be a benign script that handles basic user interface functionality, such as a 'back to top' button and device-specific download links. It does not exhibit any high-risk behaviors like dynamic code execution, data exfiltration, or suspicious redirects. The script uses common jQuery methods and browser APIs, which are considered low-risk. While it includes some moderate-risk indicators like aggressive DOM manipulation, the overall context suggests this is a legitimate implementation of common web development practices." }
$('#to-top').click(function() { $('body,html').animate({scrollTop:0},1); return false; }); $(window).scroll(function() { const scrollTop = $(window).scrollTop(); const windowHeight = $(window).height(); if (scrollTop > 200 ) { $('#to-top').fadeIn(1).css('display', 'flex'); } else { $('#to-top').fadeOut(1).css('display', 'none'); } }); // function getOperatingSystem() { var userAgent = navigator.userAgent \|\| navigator.vendor \|\| window.opera; if (/android/i.test(userAgent)) { return "android"; } if (/iPad\|iPhone\|iPod/.test(userAgent) && !window.MSStream) { return "ios"; } return "pc"; } if(getOperatingSystem()=="android"){ $(".down-link").css("display",'none') $(".down-link.android").css("display",'inline-block') } if(getOperatingSystem()=="ios"){ $(".down-link").css("display",'none') $(".down-link.ios").css("display",'inline-block') } // $("header .nav.open").on("touchmove",function(event){ event.preventDefault(); }) $('#nav-btn').click(function(){ if ($(this).hasClass('open')) { $(this).removeClass('open') $('header .nav').removeClass('open') } else { $(this).addClass('open') $('header .nav').addClass('open') } })
URL: https://www.telegramwg.com/static/js/jquery.js... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "This appears to be the minified version of the jQuery library, which is a widely-used and trusted JavaScript library. The code does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or suspicious redirects. The behaviors observed are typical of a legitimate JavaScript library, including DOM manipulation, event handling, and utility functions. While the code is obfuscated, this is a common practice for minified libraries to improve performance. Overall, this script poses a low risk and is likely a benign, widely-used JavaScript library." }
/!jQuery v3.3.1 \| (c) JS Foundation and other contributors \| jquery.org/license/!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t\|\|r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?l[c.call(e)]\|\|"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},T=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g;w.fn=w.prototype={jquery:"3.3.1",constructor:w,length:0,toArray:function(){return o.call(this)},get:function(e){return null==e?o.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=w.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return w.each(this,e)},map:function(e){return this.pushStack(w.map(this,function(t,n){return e.call(t,n,t)}))},slice:function(){return this.pushStack(o.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(n>=0&&n<t?[this[n]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:s,sort:n.sort,splice:n.splice},w.extend=w.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]\|\|{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]\|\|{},s++),"object"==typeof a\|\|g(a)\|\|(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)n=a[t],a!==(r=e[t])&&(l&&r&&(w.isPlainObject(r)\|\|(i=Array.isArray(r)))?(i?(i=!1,o=n&&Array.isArray(n)?n:[]):o=n&&w.isPlainObject(n)?n:{},a[t]=w.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},w.extend({expando:"jQuery"+("3.3.1"+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e\|\|"[object Object]"!==c.call(e))&&(!(t=i(e))\|\|"function"==typeof(n=f.call(t,"constructor")&&t.constructor)&&p.call(n)===d)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e){m(e)},each:function(e,t){var n,r=0;if(C(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},trim:function(e){return null==e?"":(e+"").replace(T,"")},makeArray:function(e,t){var n=t\|\|[];return null!=e&&(C(Object(e))?w.merge(n,"string"==typeof e?[e]:e):s.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:u.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r,i=[],o=0,a=e.length,s=!n;o<a;o++)(r=!t(e[o],o))!==s&&i.push(e[o]);return i},map:function(e,t,n){var r,i,o=0,s=[];if(C(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&s.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&s.push(i);return a.apply([],s)},guid:1,support:h}),"function"==typeof Symbol&&(w.fn[Symbol.iterator]=n[Symbol.iterator]),w.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){l["[object "+t+"]"]=t.toLowerCase()});function C(e){var t=!!e&&"length"in e&&e.length,n=x(e);return!g(e)&&!y(e)&&("array"===n\|\|0===t\|\|"number"==typeof t&&t>0&&t-1 in e)}var E=function(e){var t,n,r,i,o,a,s,u,l,c,f,p,d,h,g,y,v,m,x,b="sizzle"+1*new Date,w=e.document,T=0,C=0,E=ae(),k=ae(),S=ae(),D=function(e,t){return e===t&&(f=!0),0},N={}.hasOwnProperty,A=[],j=A.pop,q=A.push,L=A.push,H=A.slice,O=function(e,t){for(var n=0,r=e.length;n<r;n++)if(e[n]===t)return n;retur
URL: https://www.telegramwg.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": true, "contains_fake_security_alerts": false }

URL: https://www.telegramwg.com/ Model: Joe Sandbox AI	{ "brands": [ "Telegram" ] }
	{ "brands": [ "Telegram" ] }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 11 23:05:39 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9711736708714254
Encrypted:	false
SSDEEP:	48:8KdOTqKDH5idAKZdA19ehwiZUklqehNy+3:8bTPuy
MD5:	F3834A5E332455FDC3BE7400AA2FA609
SHA1:	B86009909D06F730209C25E8E648F626562A6D6E
SHA-256:	5B129DA6C28D1E80A6F52437B0CD87AB716DA55CB98FD193FBBDDB634F45235B
SHA-512:	051C692DC2BB6C470063951D1D00EDEAE0500A25B2E334B9E19D2606CBD56B6F379FB508536A6E2DD88ED0E3E9D23E525933EEB2C283711EDAEB6B14D638CD88
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......^..d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Source: https://www.telegramwg.com/static/js/jquery.js	Avira URL Cloud: Label: phishing
Source: https://www.telegramwg.com/static/js/public.js	Avira URL Cloud: Label: phishing
Source: https://www.telegramwg.com/static/css/style.min.css	Avira URL Cloud: Label: phishing

Source: URL	Joe Sandbox AI: AI detected Brand spoofing attempt in URL: http://www.telegramwg.com
Source: URL	Joe Sandbox AI: AI detected Typosquatting in URL: http://www.telegramwg.com

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.telegramwg.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/css/style.min.css HTTP/1.1Host: www.telegramwg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.telegramwg.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js-sdk-pro.min.js?id=3KK9Zot37TeXAqY2&ck=3KK9Zot37TeXAqY2 HTTP/1.1Host: sdk.51.laConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telegramwg.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /telegram-logo.png HTTP/1.1Host: image.sanxiang-sh.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telegramwg.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /telegram-13/a.png HTTP/1.1Host: image.sanxiang-sh.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telegramwg.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/js/jquery.js HTTP/1.1Host: www.telegramwg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telegramwg.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__3KK9Zot37TeXAqY2=%7B%22sid%22%3A%20%229e5d0ff0-b096-559b-9a9d-0dbb54861d60%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736642145260%2C%20%22ct%22%3A%201736640345260%7D; __51uvsct__3KK9Zot37TeXAqY2=1; __51vcke__3KK9Zot37TeXAqY2=6bbd0c83-38da-54f5-9807-e3d55085f375; __51vuft__3KK9Zot37TeXAqY2=1736640345266
Source: global traffic	HTTP traffic detected: GET /static/js/public.js HTTP/1.1Host: www.telegramwg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.telegramwg.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__3KK9Zot37TeXAqY2=%7B%22sid%22%3A%20%229e5d0ff0-b096-559b-9a9d-0dbb54861d60%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736642145260%2C%20%22ct%22%3A%201736640345260%7D; __51uvsct__3KK9Zot37TeXAqY2=1; __51vcke__3KK9Zot37TeXAqY2=6bbd0c83-38da-54f5-9807-e3d55085f375; __51vuft__3KK9Zot37TeXAqY2=1736640345266
Source: global traffic	HTTP traffic detected: GET /telegram-logo.png HTTP/1.1Host: image.sanxiang-sh.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /telegram-13/logo.png HTTP/1.1Host: image.sanxiang-sh.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telegramwg.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /telegram-13/d2.gif HTTP/1.1Host: image.sanxiang-sh.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telegramwg.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /telegram-13/d7.gif HTTP/1.1Host: image.sanxiang-sh.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telegramwg.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /telegram-13/d3.gif HTTP/1.1Host: image.sanxiang-sh.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telegramwg.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tg-07/top.png HTTP/1.1Host: image.sanxiang-sh.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telegramwg.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tg-07/Telegram%20150.png HTTP/1.1Host: image.sanxiang-sh.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telegramwg.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js-sdk-pro.min.js?id=3KK9Zot37TeXAqY2&ck=3KK9Zot37TeXAqY2 HTTP/1.1Host: sdk.51.laConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /telegram-13/a.png HTTP/1.1Host: image.sanxiang-sh.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/js/public.js HTTP/1.1Host: www.telegramwg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__3KK9Zot37TeXAqY2=%7B%22sid%22%3A%20%229e5d0ff0-b096-559b-9a9d-0dbb54861d60%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736642145260%2C%20%22ct%22%3A%201736640345260%7D; __51uvsct__3KK9Zot37TeXAqY2=1; __51vcke__3KK9Zot37TeXAqY2=6bbd0c83-38da-54f5-9807-e3d55085f375; __51vuft__3KK9Zot37TeXAqY2=1736640345266
Source: global traffic	HTTP traffic detected: GET /static/js/jquery.js HTTP/1.1Host: www.telegramwg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__3KK9Zot37TeXAqY2=%7B%22sid%22%3A%20%229e5d0ff0-b096-559b-9a9d-0dbb54861d60%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736642145260%2C%20%22ct%22%3A%201736640345260%7D; __51uvsct__3KK9Zot37TeXAqY2=1; __51vcke__3KK9Zot37TeXAqY2=6bbd0c83-38da-54f5-9807-e3d55085f375; __51vuft__3KK9Zot37TeXAqY2=1736640345266
Source: global traffic	HTTP traffic detected: GET /telegram-13/logo.png HTTP/1.1Host: image.sanxiang-sh.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tg-07/top.png HTTP/1.1Host: image.sanxiang-sh.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tg-07/Telegram%20150.png HTTP/1.1Host: image.sanxiang-sh.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /telegram-13/d3.gif HTTP/1.1Host: image.sanxiang-sh.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /telegram-13/d2.gif HTTP/1.1Host: image.sanxiang-sh.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v6/collect?dt=4 HTTP/1.1Host: collect-v6.51.laConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /telegram-favicon.ico HTTP/1.1Host: image.sanxiang-sh.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.telegramwg.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /telegram-13/d7.gif HTTP/1.1Host: image.sanxiang-sh.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /telegram-favicon.ico HTTP/1.1Host: image.sanxiang-sh.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /upload/tsetup-x64.5.7.2.exe HTTP/1.1Host: www.sanxiang-sh.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://www.telegramwg.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /upload/tsetup-x64.5.7.2.exe HTTP/1.1Host: www.sanxiang-sh.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://www.telegramwg.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.telegramwg.com
Source: global traffic	DNS traffic detected: DNS query: sdk.51.la
Source: global traffic	DNS traffic detected: DNS query: image.sanxiang-sh.com
Source: global traffic	DNS traffic detected: DNS query: collect-v6.51.la
Source: global traffic	DNS traffic detected: DNS query: www.sanxiang-sh.com

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 12, 2025 01:05:42.184689999 CET	192.168.2.5	1.1.1.1	0xd4da	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:42.184813976 CET	192.168.2.5	1.1.1.1	0x4a22	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 12, 2025 01:05:43.250612020 CET	192.168.2.5	1.1.1.1	0xa070	Standard query (0)	www.telegramwg.com	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:43.251065969 CET	192.168.2.5	1.1.1.1	0x5120	Standard query (0)	www.telegramwg.com	65	IN (0x0001)	false
Jan 12, 2025 01:05:43.273835897 CET	192.168.2.5	1.1.1.1	0x25c3	Standard query (0)	www.telegramwg.com	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:43.274080038 CET	192.168.2.5	1.1.1.1	0xd3ac	Standard query (0)	www.telegramwg.com	65	IN (0x0001)	false
Jan 12, 2025 01:05:44.696361065 CET	192.168.2.5	1.1.1.1	0xc8bb	Standard query (0)	sdk.51.la	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:44.696527004 CET	192.168.2.5	1.1.1.1	0x8b26	Standard query (0)	sdk.51.la	65	IN (0x0001)	false
Jan 12, 2025 01:05:44.697365999 CET	192.168.2.5	1.1.1.1	0x55e9	Standard query (0)	image.sanxiang-sh.com	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:44.697573900 CET	192.168.2.5	1.1.1.1	0xb31f	Standard query (0)	image.sanxiang-sh.com	65	IN (0x0001)	false
Jan 12, 2025 01:05:46.016797066 CET	192.168.2.5	1.1.1.1	0xaafc	Standard query (0)	image.sanxiang-sh.com	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:46.017011881 CET	192.168.2.5	1.1.1.1	0xf4a3	Standard query (0)	image.sanxiang-sh.com	65	IN (0x0001)	false
Jan 12, 2025 01:05:46.020849943 CET	192.168.2.5	1.1.1.1	0x79d3	Standard query (0)	collect-v6.51.la	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:46.021194935 CET	192.168.2.5	1.1.1.1	0xf34e	Standard query (0)	collect-v6.51.la	65	IN (0x0001)	false
Jan 12, 2025 01:05:46.039032936 CET	192.168.2.5	1.1.1.1	0x4dd	Standard query (0)	sdk.51.la	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:46.039295912 CET	192.168.2.5	1.1.1.1	0xca4a	Standard query (0)	sdk.51.la	65	IN (0x0001)	false
Jan 12, 2025 01:05:46.669111967 CET	192.168.2.5	1.1.1.1	0xd47f	Standard query (0)	www.telegramwg.com	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:46.669370890 CET	192.168.2.5	1.1.1.1	0x7f0e	Standard query (0)	www.telegramwg.com	65	IN (0x0001)	false
Jan 12, 2025 01:05:48.567780018 CET	192.168.2.5	1.1.1.1	0x13d5	Standard query (0)	collect-v6.51.la	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:48.568017006 CET	192.168.2.5	1.1.1.1	0xedaf	Standard query (0)	collect-v6.51.la	65	IN (0x0001)	false
Jan 12, 2025 01:06:15.626480103 CET	192.168.2.5	1.1.1.1	0xcf5d	Standard query (0)	www.sanxiang-sh.com	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:06:15.627192020 CET	192.168.2.5	1.1.1.1	0xa9ce	Standard query (0)	www.sanxiang-sh.com	65	IN (0x0001)	false

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 12, 2025 01:05:42.191696882 CET	1.1.1.1	192.168.2.5	0x4a22	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 12, 2025 01:05:42.191716909 CET	1.1.1.1	192.168.2.5	0xd4da	No error (0)	www.google.com		142.250.181.228	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:43.262890100 CET	1.1.1.1	192.168.2.5	0x5120	No error (0)	www.telegramwg.com			65	IN (0x0001)	false
Jan 12, 2025 01:05:43.263086081 CET	1.1.1.1	192.168.2.5	0xa070	No error (0)	www.telegramwg.com		104.21.80.1	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:43.263086081 CET	1.1.1.1	192.168.2.5	0xa070	No error (0)	www.telegramwg.com		104.21.16.1	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:43.263086081 CET	1.1.1.1	192.168.2.5	0xa070	No error (0)	www.telegramwg.com		104.21.64.1	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:43.263086081 CET	1.1.1.1	192.168.2.5	0xa070	No error (0)	www.telegramwg.com		104.21.112.1	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:43.263086081 CET	1.1.1.1	192.168.2.5	0xa070	No error (0)	www.telegramwg.com		104.21.32.1	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:43.263086081 CET	1.1.1.1	192.168.2.5	0xa070	No error (0)	www.telegramwg.com		104.21.48.1	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:43.263086081 CET	1.1.1.1	192.168.2.5	0xa070	No error (0)	www.telegramwg.com		104.21.96.1	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:43.286550999 CET	1.1.1.1	192.168.2.5	0x25c3	No error (0)	www.telegramwg.com		104.21.80.1	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:43.286550999 CET	1.1.1.1	192.168.2.5	0x25c3	No error (0)	www.telegramwg.com		104.21.48.1	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:43.286550999 CET	1.1.1.1	192.168.2.5	0x25c3	No error (0)	www.telegramwg.com		104.21.32.1	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:43.286550999 CET	1.1.1.1	192.168.2.5	0x25c3	No error (0)	www.telegramwg.com		104.21.16.1	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:43.286550999 CET	1.1.1.1	192.168.2.5	0x25c3	No error (0)	www.telegramwg.com		104.21.96.1	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:43.286550999 CET	1.1.1.1	192.168.2.5	0x25c3	No error (0)	www.telegramwg.com		104.21.112.1	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:43.286550999 CET	1.1.1.1	192.168.2.5	0x25c3	No error (0)	www.telegramwg.com		104.21.64.1	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:43.308963060 CET	1.1.1.1	192.168.2.5	0xd3ac	No error (0)	www.telegramwg.com			65	IN (0x0001)	false
Jan 12, 2025 01:05:44.703704119 CET	1.1.1.1	192.168.2.5	0xc8bb	No error (0)	sdk.51.la	sdk.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:05:44.703704119 CET	1.1.1.1	192.168.2.5	0xc8bb	No error (0)	sdk.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:05:44.703704119 CET	1.1.1.1	192.168.2.5	0xc8bb	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.20	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:44.703704119 CET	1.1.1.1	192.168.2.5	0xc8bb	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.16	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:44.703704119 CET	1.1.1.1	192.168.2.5	0xc8bb	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		148.153.240.68	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:44.703704119 CET	1.1.1.1	192.168.2.5	0xc8bb	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.21	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:44.710691929 CET	1.1.1.1	192.168.2.5	0xb31f	No error (0)	image.sanxiang-sh.com			65	IN (0x0001)	false
Jan 12, 2025 01:05:44.857853889 CET	1.1.1.1	192.168.2.5	0x55e9	No error (0)	image.sanxiang-sh.com		172.67.193.48	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:44.857853889 CET	1.1.1.1	192.168.2.5	0x55e9	No error (0)	image.sanxiang-sh.com		104.21.20.160	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:45.134902954 CET	1.1.1.1	192.168.2.5	0x8b26	No error (0)	sdk.51.la	sdk.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:05:45.134902954 CET	1.1.1.1	192.168.2.5	0x8b26	No error (0)	sdk.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:05:46.026179075 CET	1.1.1.1	192.168.2.5	0xaafc	No error (0)	image.sanxiang-sh.com		104.21.20.160	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:46.026179075 CET	1.1.1.1	192.168.2.5	0xaafc	No error (0)	image.sanxiang-sh.com		172.67.193.48	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:46.029957056 CET	1.1.1.1	192.168.2.5	0xf4a3	No error (0)	image.sanxiang-sh.com			65	IN (0x0001)	false
Jan 12, 2025 01:05:46.047075033 CET	1.1.1.1	192.168.2.5	0xca4a	No error (0)	sdk.51.la	sdk.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:05:46.047075033 CET	1.1.1.1	192.168.2.5	0xca4a	No error (0)	sdk.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:05:46.352510929 CET	1.1.1.1	192.168.2.5	0x79d3	No error (0)	collect-v6.51.la	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:05:46.352510929 CET	1.1.1.1	192.168.2.5	0x79d3	No error (0)	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:05:46.352510929 CET	1.1.1.1	192.168.2.5	0x79d3	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		98.98.25.19	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:46.352510929 CET	1.1.1.1	192.168.2.5	0x79d3	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		149.104.73.29	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:46.527525902 CET	1.1.1.1	192.168.2.5	0x4dd	No error (0)	sdk.51.la	sdk.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:05:46.527525902 CET	1.1.1.1	192.168.2.5	0x4dd	No error (0)	sdk.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:05:46.527525902 CET	1.1.1.1	192.168.2.5	0x4dd	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.20	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:46.527525902 CET	1.1.1.1	192.168.2.5	0x4dd	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.21	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:46.527525902 CET	1.1.1.1	192.168.2.5	0x4dd	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		148.153.240.68	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:46.527525902 CET	1.1.1.1	192.168.2.5	0x4dd	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.16	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:46.584615946 CET	1.1.1.1	192.168.2.5	0xf34e	No error (0)	collect-v6.51.la	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:05:46.584615946 CET	1.1.1.1	192.168.2.5	0xf34e	No error (0)	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:05:46.681018114 CET	1.1.1.1	192.168.2.5	0xd47f	No error (0)	www.telegramwg.com		104.21.112.1	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:46.681018114 CET	1.1.1.1	192.168.2.5	0xd47f	No error (0)	www.telegramwg.com		104.21.16.1	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:46.681018114 CET	1.1.1.1	192.168.2.5	0xd47f	No error (0)	www.telegramwg.com		104.21.80.1	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:46.681018114 CET	1.1.1.1	192.168.2.5	0xd47f	No error (0)	www.telegramwg.com		104.21.32.1	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:46.681018114 CET	1.1.1.1	192.168.2.5	0xd47f	No error (0)	www.telegramwg.com		104.21.48.1	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:46.681018114 CET	1.1.1.1	192.168.2.5	0xd47f	No error (0)	www.telegramwg.com		104.21.96.1	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:46.681018114 CET	1.1.1.1	192.168.2.5	0xd47f	No error (0)	www.telegramwg.com		104.21.64.1	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:46.683721066 CET	1.1.1.1	192.168.2.5	0x7f0e	No error (0)	www.telegramwg.com			65	IN (0x0001)	false
Jan 12, 2025 01:05:49.071724892 CET	1.1.1.1	192.168.2.5	0x13d5	No error (0)	collect-v6.51.la	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:05:49.071724892 CET	1.1.1.1	192.168.2.5	0x13d5	No error (0)	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:05:49.071724892 CET	1.1.1.1	192.168.2.5	0x13d5	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.21	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:49.071724892 CET	1.1.1.1	192.168.2.5	0x13d5	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		148.153.240.68	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:49.071724892 CET	1.1.1.1	192.168.2.5	0x13d5	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.16	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:49.071724892 CET	1.1.1.1	192.168.2.5	0x13d5	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.20	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:05:49.130217075 CET	1.1.1.1	192.168.2.5	0xedaf	No error (0)	collect-v6.51.la	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:05:49.130217075 CET	1.1.1.1	192.168.2.5	0xedaf	No error (0)	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:06:15.638211012 CET	1.1.1.1	192.168.2.5	0xa9ce	No error (0)	www.sanxiang-sh.com			65	IN (0x0001)	false
Jan 12, 2025 01:06:15.638731003 CET	1.1.1.1	192.168.2.5	0xcf5d	No error (0)	www.sanxiang-sh.com		104.21.20.160	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:06:15.638731003 CET	1.1.1.1	192.168.2.5	0xcf5d	No error (0)	www.sanxiang-sh.com		172.67.193.48	A (IP address)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:05:43 UTC	661	OUT	GET / HTTP/1.1 Host: www.telegramwg.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:05:44 UTC	815	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:05:44 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MF2%2FYMI6jKz86z7uH3%2BHCmyevsISA3FWVeL9AmyXn7vjnwn7cLNVgvDd8R3Of49iDSacu3m66AUsPmNM37c2pcp0jsDc0gApkDLE1Bcq7VE1yZrnlj%2FWZU5FIVF74pgQIdYC75Q%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9008e5852e550f36-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1483&min_rtt=1465&rtt_var=586&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=1239&delivery_rate=1809169&cwnd=231&unsent_bytes=0&cid=8164f26fad1e407e&ts=857&x=0"
2025-01-12 00:05:44 UTC	554	IN	Data Raw: 31 61 33 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 2d 43 4e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0d 0a 09 3c 74 69 74 6c 65 3e 74 65 6c 65 67 72 61 6d e5 ae 98 e7 bd 91 20 2d 20 54 47 e7 ba b8 e9 a3 9e e6 9c ba e5 ae 98 e7 bd 91 2c e5 bc ba e5 a4 a7 e7 9a 84 e7 be a4 e7 bb 84 e5 8a 9f e8 83 bd 2c e8 ae a9 e5 9b a2 e9 98 9f e5 8d 8f e4 bd 9c e6 9b b4 e9 ab 98 e6 95 88 3c 2f 74 69 74 6c 65 3e 0d 0a 09 3c 6d 65 74 61 20 Data Ascii: 1a39<!DOCTYPE html><html lang="zh-CN"><head><meta charset="UTF-8"><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>telegram - TG,,</title><meta
2025-01-12 00:05:44 UTC	1369	IN	Data Raw: 89 e5 85 a8 e4 b8 94 e7 94 a8 e6 88 b7 e5 8f 8b e5 a5 bd e7 9a 84 e9 80 9a e4 bf a1 e5 b9 b3 e5 8f b0 e3 80 82 e5 8a a0 e5 af 86 e7 9a 84 e7 94 b5 e6 8a a5 e4 b8 ad e6 96 87 e6 9c 8d e5 8a a1 e8 ae a9 e6 af 8f e6 9d a1 e6 b6 88 e6 81 af e9 83 bd e7 a7 81 e5 af 86 e6 97 a0 e5 bf a7 e3 80 82 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 62 61 69 64 75 2d 73 69 74 65 Data Ascii: "><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no" /><meta name="baidu-site
2025-01-12 00:05:44 UTC	1369	IN	Data Raw: 6f 67 6f 22 3e 20 54 65 6c 65 67 72 61 6d 3c 2f 64 69 76 3e 0d 0a 09 09 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 75 6e 63 74 69 6f 6e 22 3e 0d 0a 09 09 09 3c 73 70 61 6e 3e e7 a7 81 e5 af 86 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 3c 73 70 61 6e 3e e5 bc ba e5 a4 a7 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 3c 73 70 61 6e 3e e7 a4 be e4 ba a4 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 3c 73 70 61 6e 3e e5 ae 89 e5 85 a8 3c 2f 73 70 61 6e 3e 0d 0a 09 09 20 20 3c 2f 64 69 76 3e 0d 0a 09 09 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 61 6e 78 69 61 6e 67 2d 73 68 2e 63 6f 6d 2f 75 70 6c 6f 61 64 2f 74 73 65 74 75 70 2d 78 36 34 2e 35 2e 37 2e 32 2e 65 78 65 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 63 6c 61 73 73 3d 22 62 75 74 74 6f Data Ascii: ogo"> Telegram</div> <div class="function"><span></span><span></span><span></span><span></span> </div> <a href="https://www.sanxiang-sh.com/upload/tsetup-x64.5.7.2.exe" rel="nofollow" class="butto
2025-01-12 00:05:44 UTC	1369	IN	Data Raw: 73 68 2e 63 6f 6d 2f 75 70 6c 6f 61 64 2f 54 65 6c 65 67 72 61 6d 2e 61 70 6b 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 63 6c 61 73 73 3d 22 62 75 74 74 6f 6e 20 64 6f 77 6e 2d 6c 69 6e 6b 20 61 6e 64 72 6f 69 64 22 3e e7 ab 8b e5 8d b3 e4 bd 93 e9 aa 8c 3c 2f 61 3e 0d 0a 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 70 70 73 2e 61 70 70 6c 65 2e 63 6f 6d 2f 75 73 2f 61 70 70 2f 74 65 6c 65 67 72 61 6d 2d 6d 65 73 73 65 6e 67 65 72 2f 69 64 36 38 36 34 34 39 38 30 37 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 63 6c 61 73 73 3d 22 62 75 74 74 6f 6e 20 64 6f 77 6e 2d 6c 69 6e 6b 20 69 6f 73 22 3e e7 ab 8b e5 8d b3 e4 bd 93 e9 aa 8c 3c 2f 61 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a Data Ascii: sh.com/upload/Telegram.apk" rel="nofollow" class="button down-link android"></a><a href="https://apps.apple.com/us/app/telegram-messenger/id686449807" rel="nofollow" class="button down-link ios"></a></div></div>
2025-01-12 00:05:44 UTC	1369	IN	Data Raw: 9c e7 b3 bb e7 bb 9f e3 80 82 3c 2f 70 3e 0d 0a 09 09 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 64 65 73 63 22 3e 32 2e e5 85 81 e8 ae b8 e7 94 a8 e6 88 b7 e5 9c a8 e4 b8 8d e5 90 8c e8 ae be e5 a4 87 e9 97 b4 e6 97 a0 e7 bc 9d e5 88 87 e6 8d a2 ef bc 8c e4 bf 9d e6 8c 81 e8 81 8a e5 a4 a9 e8 ae b0 e5 bd 95 e5 90 8c e6 ad a5 e3 80 82 3c 2f 70 3e 0d 0a 09 09 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 64 65 73 63 22 3e 33 2e e6 94 af e6 8c 81 e6 a1 8c e9 9d a2 e5 92 8c e7 a7 bb e5 8a a8 e8 ae be e5 a4 87 ef bc 8c e6 bb a1 e8 b6 b3 e4 b8 8d e5 90 8c e4 bd bf e7 94 a8 e5 9c ba e6 99 af e3 80 82 3c 2f 70 3e 0d 0a 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 61 6e 78 69 61 6e 67 2d 73 68 2e 63 6f 6d 2f 75 70 6c 6f 61 64 2f 74 73 65 Data Ascii: </p><p class="desc">2.</p><p class="desc">3.</p><a href="https://www.sanxiang-sh.com/upload/tse
2025-01-12 00:05:44 UTC	691	IN	Data Raw: 65 73 73 65 6e 67 65 72 2f 69 64 36 38 36 34 34 39 38 30 37 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 63 6c 61 73 73 3d 22 62 75 74 74 6f 6e 20 64 6f 77 6e 2d 6c 69 6e 6b 20 69 6f 73 22 3e e7 ab 8b e5 8d b3 e4 bd 93 e9 aa 8c 3c 2f 61 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 20 20 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 73 65 63 74 69 6f 6e 3e 0d 0a 3c 2f 6d 61 69 6e 3e 0d 0a 3c 61 20 69 64 3d 22 74 6f 2d 74 6f 70 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 69 6d 61 67 65 2e 73 61 6e 78 69 61 6e 67 2d 73 68 2e 63 6f 6d 2f 74 67 2d 30 37 2f 74 6f 70 2e 70 6e 67 22 20 61 6c 74 3d 22 e8 bf 94 e5 9b 9e e9 a1 b6 e9 83 a8 22 20 2f 3e 3c 2f 61 3e 0d 0a 3c 66 6f 6f 74 65 72 3e Data Ascii: essenger/id686449807" rel="nofollow" class="button down-link ios"></a></div></div></div> </div></section></main><a id="to-top"><img src="https://image.sanxiang-sh.com/tg-07/top.png" alt="" /></a><footer>
2025-01-12 00:05:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:05:45 UTC	559	OUT	GET /static/css/style.min.css HTTP/1.1 Host: www.telegramwg.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.telegramwg.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:05:45 UTC	891	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:05:45 GMT Content-Type: text/css; charset=utf-8 Content-Length: 15971 Connection: close Last-Modified: Wed, 11 Dec 2024 07:34:57 GMT Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 7057 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PDQGxg9MEESKJ3d2PQafqDJVjy0BDcGhJoLb27Q5DTwDp7%2F0d7mKyN3c1SsOBA420%2FBgoXnmCGhFnhRKQzR288cK%2FeCUNTJpLDFtr7puN3V5caQs8QuxpBsJaF0eRuB7NQo9j6U%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9008e58ded510f36-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1512&min_rtt=1498&rtt_var=572&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2834&recv_bytes=1137&delivery_rate=1949265&cwnd=231&unsent_bytes=0&cid=a9f438b8a6214cc0&ts=162&x=0"
2025-01-12 00:05:45 UTC	478	IN	Data Raw: 3a 72 6f 6f 74 7b 2d 2d 68 65 61 64 65 72 48 65 69 67 68 74 3a 20 36 34 70 78 3b 2d 2d 70 61 64 64 69 6e 67 3a 20 37 32 70 78 3b 2d 2d 74 68 65 6d 65 43 6f 6c 6f 72 3a 20 23 30 31 38 62 63 36 3b 2d 2d 6d 61 78 57 69 64 74 68 3a 20 31 32 30 30 70 78 7d 2a 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 61 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 2e 70 2d 6c 72 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 76 61 72 28 2d 2d 70 61 64 64 69 6e 67 29 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 76 61 72 28 2d 2d 70 61 64 64 69 6e 67 29 7d 62 6f 64 79 7b 66 6f 6e 74 3a 31 32 Data Ascii: :root{--headerHeight: 64px;--padding: 72px;--themeColor: #018bc6;--maxWidth: 1200px}*{-webkit-box-sizing:border-box;box-sizing:border-box;margin:0;padding:0}a{text-decoration:none}.p-lr{padding-left:var(--padding);padding-right:var(--padding)}body{font:12
2025-01-12 00:05:45 UTC	1369	IN	Data Raw: 30 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 23 74 6f 2d 74 6f 70 20 69 6d 67 7b 77 69 64 74 68 3a 35 30 70 78 3b 68 65 69 67 68 74 3a 35 30 70 78 7d 68 65 61 64 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d Data Ascii: 0;display:none;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center}#to-top img{width:50px;height:50px}header{background-
2025-01-12 00:05:45 UTC	1369	IN	Data Raw: 6f 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 7d 2e 63 72 75 6d 62 73 20 61 7b 63 6f 6c 6f 72 3a 23 36 36 36 7d 2e 63 72 75 6d 62 73 20 61 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 74 68 65 6d 65 43 6f 6c 6f 72 29 7d 2e 63 72 75 6d 62 73 20 73 70 61 6e 2c 2e 63 72 75 6d 62 73 20 61 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6c 69 73 74 7b 70 61 64 64 69 6e 67 3a 32 34 70 78 7d 2e 6c 69 73 74 20 2e 6c 69 7b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 Data Ascii: o;font-size:14px}.crumbs a{color:#666}.crumbs a:hover{color:var(--themeColor)}.crumbs span,.crumbs a{margin-right:5px}.list{padding:24px}.list .li{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-it
2025-01-12 00:05:45 UTC	1369	IN	Data Raw: 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 7d 2e 6c 69 73 74 20 2e 6c 69 20 2e 69 6e 66 6f 20 2e 6f 74 68 65 72 73 20 2e 72 65 61 64 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 63 6f 6c 6f 72 3a 23 34 37 35 66 66 66 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 7d 6d 61 69 6e 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 76 61 72 28 2d 2d 68 65 61 64 65 72 48 65 69 67 68 74 29 7d 2e 77 72 61 70 70 65 72 7b 6d 61 78 2d 77 69 64 74 68 3a 76 61 72 28 2d 2d 6d 61 78 57 69 64 74 68 29 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 7d 66 6f 6f 74 65 72 7b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 31 35 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 63 6f 6c 6f 72 3a 23 31 31 31 3b Data Ascii: -content:space-between}.list .li .info .others .read{font-size:14px;font-weight:400;color:#475fff;margin-left:auto}main{padding-top:var(--headerHeight)}.wrapper{max-width:var(--maxWidth);margin:0 auto}footer{padding:30px 15px;text-align:center;color:#111;
2025-01-12 00:05:45 UTC	1369	IN	Data Raw: 70 3a 77 72 61 70 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 7d 2e 62 61 6e 6e 65 72 20 2e 70 69 63 7b 77 69 64 74 68 3a 35 35 25 7d 2e 62 61 6e 6e 65 72 20 2e 69 6e 66 6f 7b 77 69 64 74 68 3a 34 33 25 7d 2e 62 61 6e 6e 65 72 20 2e 69 6e 66 6f 20 2e 6c 6f 67 6f 7b 77 69 64 74 68 3a 39 2e 30 36 32 35 72 65 6d 3b 68 65 69 67 68 74 3a 39 2e 30 36 32 35 72 65 6d 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 2e 35 36 32 35 72 65 6d 7d 2e 62 61 6e 6e 65 72 20 2e 69 6e 66 6f 20 2e 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 35 33 70 78 3b 6c 65 74 74 65 Data Ascii: p:wrap;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.banner .pic{width:55%}.banner .info{width:43%}.banner .info .logo{width:9.0625rem;height:9.0625rem;margin-bottom:1.5625rem}.banner .info .title{font-size:45px;line-height:53px;lette
2025-01-12 00:05:45 UTC	1369	IN	Data Raw: 75 6e 64 65 72 6c 69 6e 65 7d 2e 62 61 6e 6e 65 72 20 2e 70 69 63 7b 6d 61 78 2d 77 69 64 74 68 3a 35 30 30 70 78 3b 77 69 64 74 68 3a 35 30 25 7d 2e 69 6e 64 65 78 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 73 65 63 74 69 6f 6e 32 7b 70 61 64 64 69 6e 67 3a 31 2e 38 37 35 72 65 6d 20 30 20 36 2e 32 35 72 65 6d 7d 2e 69 6e 64 65 78 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 73 65 63 74 69 6f 6e 32 20 2e 77 72 61 70 70 65 72 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 2e 69 6e 64 65 78 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 73 65 63 74 69 6f 6e 32 20 2e 6d 6f 75 64 6c 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 3a 34 35 70 78 20 61 75 74 6f 3b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 74 65 78 74 2d 61 6c 69 67 6e Data Ascii: underline}.banner .pic{max-width:500px;width:50%}.index-container .section2{padding:1.875rem 0 6.25rem}.index-container .section2 .wrapper{overflow:hidden}.index-container .section2 .moudle-title{margin:45px auto;font-size:30px;font-weight:bold;text-align
2025-01-12 00:05:45 UTC	1369	IN	Data Raw: 72 74 69 63 6c 65 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 63 68 61 6e 6e 65 6c 2d 6c 69 73 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 33 30 70 78 7d 2e 61 72 74 69 63 6c 65 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 63 68 61 6e 6e 65 6c 2d 6c 69 73 74 20 2e 63 68 61 6e 6e 65 6c 2d 74 69 74 6c 65 7b 70 61 64 64 69 6e 67 3a 32 34 70 78 20 32 34 70 78 20 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 70 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 2d 6d 73 Data Ascii: rticle-container .channel-list{padding-bottom:5px;background-color:#fff;margin-bottom:30px}.article-container .channel-list .channel-title{padding:24px 24px 0;font-size:18px;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms
2025-01-12 00:05:45 UTC	1369	IN	Data Raw: 72 3a 23 36 36 36 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 7d 2e 61 72 74 69 63 6c 65 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 70 61 67 69 6e 61 74 69 6f 6e 20 61 2e 63 75 72 72 65 6e 74 2c 2e 61 72 74 69 63 6c 65 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 70 61 67 69 6e 61 74 69 6f 6e 20 61 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 74 68 65 6d 65 43 6f 6c 6f 72 29 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 61 72 74 69 63 6c 65 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 63 6f 6e 74 61 69 6e 65 72 7b 70 61 64 64 69 6e 67 3a 32 34 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 6d 61 72 67 69 Data Ascii: r:#666;-webkit-box-sizing:border-box;box-sizing:border-box}.article-container .pagination a.current,.article-container .pagination a:hover{background-color:var(--themeColor);color:#fff}.article-container .container{padding:24px;background-color:#fff;margi
2025-01-12 00:05:45 UTC	1369	IN	Data Raw: 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 32 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2e 2e 2f 69 6d 61 67 65 2f 69 6d 67 34 37 2e 70 6e 67 29 20 72 65 70 65 61 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 3b 6d 61 72 67 69 6e 3a 31 36 70 78 20 30 7d 2e 61 72 74 69 63 6c 65 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 63 6f 6e 74 61 69 6e 65 72 20 61 72 74 69 63 6c 65 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 63 6f 6c 6f 72 3a 23 36 36 36 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 30 70 78 7d 2e 61 72 74 69 63 6c Data Ascii: :100%;height:12px;background:url(../image/img47.png) repeat;background-size:100%;margin:16px 0}.article-container .container article{display:block;word-wrap:break-word;word-break:break-all;font-size:15px;font-weight:400;color:#666;line-height:30px}.articl
2025-01-12 00:05:45 UTC	1369	IN	Data Raw: 65 6d 20 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 7d 2e 6c 69 73 74 20 2e 6c 69 20 69 6d 67 7b 77 69 64 74 68 3a 31 30 30 70 78 3b 68 65 69 67 68 74 3a 36 36 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 31 35 70 78 7d 2e 6c 69 73 74 20 2e 6c 69 20 2e 69 6e 66 6f 7b 77 69 64 74 68 3a 63 61 6c 63 28 31 30 30 25 20 2d 20 31 31 32 70 78 29 7d 2e 6c 69 73 74 20 2e 6c 69 20 2e 69 6e 66 6f 20 2e 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 63 6f 6c 6f 72 3a 23 33 33 33 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 30 70 78 7d 2e 6c 69 73 74 20 2e 6c 69 20 2e 69 6e 66 6f 20 2e 64 65 73 63 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 6c 69 73 74 20 2e 6c 69 20 2e 69 6e 66 6f 20 2e 74 69 6d 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 Data Ascii: em 0;margin-bottom:0}.list .li img{width:100px;height:66px;margin-right:15px}.list .li .info{width:calc(100% - 112px)}.list .li .info .title{font-size:14px;color:#333;margin-bottom:10px}.list .li .info .desc{display:none}.list .li .info .time{font-size:12

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:05:45 UTC	568	OUT	GET /js-sdk-pro.min.js?id=3KK9Zot37TeXAqY2&ck=3KK9Zot37TeXAqY2 HTTP/1.1 Host: sdk.51.la Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.telegramwg.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:05:45 UTC	433	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:05:45 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close Server: openresty Cache-Control: no-store Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true via: EU-GER-frankfurt-EDGE5-CACHE3[163],EU-GER-frankfurt-EDGE5-CACHE3[ovl,162],CHN-HElangfang-GLOBAL6-CACHE48[ovl,17] X-CCDN-REQ-ID-46B1: fd07c0732d00bafb618c80c43158bd6a
2025-01-12 00:05:45 UTC	15951	IN	Data Raw: 31 35 34 64 0d 0a 2f 2a 21 0a 2a 20 35 31 4c 41 20 41 6e 61 6c 79 73 69 73 20 4a 61 76 61 73 63 72 69 70 74 20 53 6f 66 74 77 61 72 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 20 4b 69 74 0a 2a 20 6a 73 2d 73 64 6b 2d 70 72 6f 20 76 31 2e 35 38 2e 33 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 c2 a9 20 32 30 31 36 2d 32 30 32 32 20 35 31 2e 6c 61 20 41 6c 6c 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 0a 2a 2f 0a 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 27 75 73 65 20 73 74 72 69 63 74 27 3b 76 61 72 20 65 3d 77 69 6e 64 6f 77 2c 67 3d 65 5b 27 64 6f 63 75 6d 65 6e 74 27 5d 2c 68 3d 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 2c 69 3d 41 28 27 4f 62 6a 65 63 74 27 29 2c 6a 3d 41 28 27 4e 75 6d 62 65 72 27 29 2c 6b 3d 41 28 27 53 74 72 69 6e 67 27 29 2c Data Ascii: 154d/! 51LA Analysis Javascript Software Development Kit* js-sdk-pro v1.58.3* Copyright 2016-2022 51.la All Rights Reserved*/(function(c){'use strict';var e=window,g=e['document'],h=encodeURIComponent,i=A('Object'),j=A('Number'),k=A('String'),
2025-01-12 00:05:45 UTC	16384	IN	Data Raw: 28 66 68 3d 66 69 5b 27 69 6e 64 65 78 4f 66 27 5d 28 27 72 76 3a 27 29 2c 70 61 72 73 65 49 6e 74 28 66 69 5b 27 73 75 62 73 74 72 69 6e 67 27 5d 28 66 68 2b 30 78 33 2c 66 69 5b 27 69 6e 64 65 78 4f 66 27 5d 28 27 2e 27 2c 66 68 29 29 2c 30 78 61 29 29 3a 28 66 66 3d 66 69 5b 27 69 6e 64 65 78 4f 66 27 5d 28 27 45 64 67 65 2f 27 29 29 3e 30 78 30 26 26 70 61 72 73 65 49 6e 74 28 66 69 5b 27 73 75 62 73 74 72 69 6e 67 27 5d 28 66 66 2b 30 78 35 2c 66 69 5b 27 69 6e 64 65 78 4f 66 27 5d 28 27 2e 27 2c 66 66 29 29 2c 30 78 61 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 66 6a 28 66 6b 2c 66 6c 2c 66 6d 29 7b 76 61 72 20 66 6e 2c 66 6f 2c 66 70 2c 66 71 2c 66 72 2c 66 73 2c 66 74 2c 66 75 3d 5b 5d 2c 66 76 3d 5b 5d 2c 66 77 3d 30 78 30 2c 66 78 3d 66 65 28 29 7c 7c Data Ascii: (fh=fi['indexOf']('rv:'),parseInt(fi['substring'](fh+0x3,fi['indexOf']('.',fh)),0xa)):(ff=fi['indexOf']('Edge/'))>0x0&&parseInt(fi['substring'](ff+0x5,fi['indexOf']('.',ff)),0xa);}function fj(fk,fl,fm){var fn,fo,fp,fq,fr,fs,ft,fu=[],fv=[],fw=0x0,fx=fe()\|\|
2025-01-12 00:05:45 UTC	3708	IN	Data Raw: 27 2c 27 61 6e 6f 6e 79 6d 6f 75 73 27 29 2c 6a 6b 5b 27 73 65 74 41 74 74 72 69 62 75 74 65 27 5d 28 27 63 68 61 72 73 65 74 27 2c 27 55 54 46 2d 38 27 29 2c 64 6f 63 75 6d 65 6e 74 5b 27 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 27 5d 28 27 68 65 61 64 27 29 5b 30 78 30 5d 5b 27 61 70 70 65 6e 64 43 68 69 6c 64 27 5d 28 6a 6b 29 2c 6a 6b 5b 27 72 65 61 64 79 53 74 61 74 65 27 5d 3f 6a 6b 5b 27 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 27 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 28 27 63 6f 6d 70 6c 65 74 65 27 3d 3d 6a 6b 5b 27 72 65 61 64 79 53 74 61 74 65 27 5d 7c 7c 27 6c 6f 61 64 65 64 27 3d 3d 6a 6b 5b 27 72 65 61 64 79 53 74 61 74 65 27 5d 29 26 26 6a 69 26 26 6a 69 28 29 3b 7d 3a 6a 6b 5b 27 6f 6e 6c 6f 61 64 27 5d 3d Data Ascii: ','anonymous'),jk['setAttribute']('charset','UTF-8'),document['getElementsByTagName']('head')[0x0]['appendChild'](jk),jk['readyState']?jk['onreadystatechange']=function(){('complete'==jk['readyState']\|\|'loaded'==jk['readyState'])&&ji&&ji();}:jk['onload']=

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:05:45 UTC	600	OUT	GET /telegram-logo.png HTTP/1.1 Host: image.sanxiang-sh.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.telegramwg.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:05:45 UTC	948	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:05:45 GMT Content-Type: image/jpeg Content-Length: 9739 Connection: close ETag: "e94e30d49b2c58c8ce7bf1a96be1458a" Last-Modified: Tue, 17 Dec 2024 06:25:16 GMT Vary: Accept-Encoding Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 1817 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1AJmTNuOXIMQ6sSD67Yge9DTKl%2B16I7Y5hgNivnyg68gKRD0KZhOz6Vj2l%2FSpyt9I2dGZm3F0phsPWtjTZ6m0%2F%2FWNLrHF8U0jXSnrPLRXaFHyyBiBKevZfDmBriE5s22ZNqRRABeYNs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9008e592085f43b2-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1635&min_rtt=1631&rtt_var=620&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2873&recv_bytes=1178&delivery_rate=1751649&cwnd=238&unsent_bytes=0&cid=7de74d3a3590e83d&ts=156&x=0"
2025-01-12 00:05:45 UTC	421	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 dc 00 00 00 64 08 06 00 00 00 ed c3 5e 99 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 04 ee 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 37 2e 31 2d 63 30 30 30 20 37 39 2e 62 30 66 38 62 65 39 2c 20 32 30 32 31 2f 31 32 2f 30 38 2d 31 39 3a 31 31 3a 32 32 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 Data Ascii: PNGIHDRd^pHYs+iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be9, 2021/12/08-19:11:22 "> <rdf:R
2025-01-12 00:05:45 UTC	1369	IN	Data Raw: 74 73 2f 31 2e 31 2f 22 20 78 6d 6c 6e 73 3a 70 68 6f 74 6f 73 68 6f 70 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 70 68 6f 74 6f 73 68 6f 70 2f 31 2e 30 2f 22 20 78 6d 6c 6e 73 3a 78 6d 70 4d 4d 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 6d 6d 2f 22 20 78 6d 6c 6e 73 3a 73 74 45 76 74 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 73 54 79 70 65 2f 52 65 73 6f 75 72 63 65 45 76 65 6e 74 23 22 20 78 6d 70 3a 43 72 65 61 74 6f 72 54 6f 6f 6c 3d 22 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 33 2e 32 20 28 57 69 6e 64 6f 77 73 29 22 20 78 6d 70 3a 43 72 65 61 74 65 44 61 74 65 3d 22 32 30 32 34 2d 31 32 2d 30 36 54 31 35 3a 30 39 3a 31 35 Data Ascii: ts/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 23.2 (Windows)" xmp:CreateDate="2024-12-06T15:09:15
2025-01-12 00:05:45 UTC	1369	IN	Data Raw: f6 f7 0c 71 8f f8 cd ee 32 26 5c 8c 28 68 ae e0 df a7 c9 2d 9d 27 fb 71 dd 9d a2 ce ed a0 db 54 69 17 a7 09 9a 2c 2a 44 54 7d 54 60 1c 61 9f 2a 3f c0 cf 3e fa fa c5 95 c7 f9 b2 e4 9a d5 4d 4c b8 18 51 d0 1c 12 3c a2 89 01 46 fa 5b 48 7f 14 d5 cf 03 d7 aa d0 2a 51 da 2f 25 b7 4d a2 a8 82 8a 32 09 fa 12 e2 7c 77 86 e9 9f 1d 62 d5 71 ee 10 af e1 b6 63 c2 c5 88 80 86 45 7a dd ee c3 e9 64 e7 92 eb 12 79 ef 8b 02 b7 01 cb e7 b4 1b fe 55 4e 2e 2b 7d 5f 6a 74 b5 ca f7 fc ba 3a fb ff a7 15 1e f7 dc c4 03 b9 8b 17 f6 34 ea df c5 84 8b 11 05 0d 11 ae f7 5b 67 3a 7a 3b 64 27 2a 77 83 ee 10 c8 cc 2d 11 45 18 2f 15 f3 16 d6 57 98 02 7d 19 91 fb cf 8e e9 a3 67 bf b4 6c 2c 42 63 73 db 8a 09 17 23 02 ea 23 dc ae 5d ce e0 15 ff 79 9d 78 f9 2f 0b fa 39 60 a5 88 38 8b ee a7 Data Ascii: q2&\(h-'qTi,DT}T`a?>MLQ<F[HQ/%M2\|wbqcEzdyUN.+}_jt:4[g:z;d'w-E/W}gl,Bcs##]yx/9`8
2025-01-12 00:05:45 UTC	1369	IN	Data Raw: 25 e1 54 1f 75 b6 ac c8 47 1b 9f da d9 9a ef 73 dc f6 cd 40 a5 1d e2 57 01 9f 05 96 12 9d 30 29 e0 2c f0 14 f0 56 1d f5 8b e1 02 6d 40 37 05 c2 75 62 13 41 8c 45 86 cb 23 7b 53 78 ba 05 91 d5 50 a3 39 b9 c8 48 3a c2 9a f6 04 ef e9 49 f2 be 15 29 ae ec 49 b2 aa 2d 41 d2 91 39 9a ac 1c 7c e0 ec 74 c3 27 e2 01 20 82 80 ae 56 cf df ca ae bd af 00 e5 de 65 b0 0a 78 2f d0 07 4c 14 7d 5e 2a 72 33 bb c4 1f 20 0d 8c 60 66 6b 89 1d 1a 91 e0 03 39 8c b4 21 e1 b2 44 d7 ba 31 9a 00 77 e0 7c 26 a3 1d ba dd 51 59 82 5c fa 9c c9 5a 63 2c 02 b4 25 61 6b 77 92 1b 56 b4 b0 a3 37 c5 86 2e 97 ae 94 33 eb 9b d5 dc a7 c2 89 c9 da ce 07 aa 3a 3e cb b1 5c a2 22 97 0f ac ca 64 28 4f 38 1f 13 6a 8f b9 7e 52 e8 97 15 77 19 fa 7b c5 65 e6 97 8b f1 2e 80 4b 3a dd 25 c8 a0 42 a6 9a 08 Data Ascii: %TuGs@W0),Vm@7ubAE#{SxP9H:I)I-A9\|t' Vex/L}^*r3 `fk9!D1w\|&QY\Zc,%akwV7.3:>\"d(O8j~Rw{e.K:%B
2025-01-12 00:05:45 UTC	1369	IN	Data Raw: 57 4e 4e e6 c9 2d d0 e0 4d d0 78 22 9b 1b 6f a4 22 fa 81 7f 83 69 b8 14 66 16 8d 02 bf 0e ae 34 a6 49 36 61 6b 6b 7d c0 ef 62 9a e0 99 08 fd 24 30 81 fe 14 66 56 29 66 32 9d c4 08 75 14 d3 4c d7 63 02 d6 41 20 40 98 19 38 82 69 a9 1b 81 cb 31 a1 9e c2 7c b6 a7 82 2b 0f 7c 00 33 b9 56 60 42 37 01 bc 82 f9 6f 2f 06 f7 07 05 b2 e4 28 2c 69 2c c7 34 64 7b f0 d9 99 a0 de 29 cc b4 9b c6 cc e9 15 14 7c af 91 e0 f3 75 d8 24 d2 19 b4 db 8e 69 a6 f7 05 75 c2 04 86 70 09 25 17 8c df c5 34 ad 17 94 3b 89 91 b0 37 78 66 f9 e0 bf eb 30 a2 4d 62 cf fe 7c 50 ae af e8 3e 97 01 57 bb 82 ce 35 8b 2a 25 63 94 42 19 b9 75 1d e8 49 3b 5c de 9d e4 83 ab d2 5c b7 22 c5 fa 8e 64 4d 8b d4 c0 ec be b5 a3 63 79 9e 3c 36 c5 8f 0f 4f 71 e8 62 9e 8e a4 c3 1d 1b 5b f9 c3 4d 6d f4 a4 9d Data Ascii: WNN-Mx"o"if4I6akk}b$0fV)f2uLcA @8i1\|+\|3V`B7o/(,i,4d{)\|u$iup%4;7xf0Mb\|P>W5*%cBuI;\\"dMcy<6Oqb[Mm
2025-01-12 00:05:45 UTC	1369	IN	Data Raw: f8 2e a6 69 c2 40 40 a9 a5 88 f9 0f 24 8b 69 9d 90 c8 0e 26 a8 6f 04 ed 26 e6 d5 f5 31 1f f2 1c 16 a4 c8 05 9f ef 03 fe 01 33 df ae 0f da e9 c7 08 17 ae e5 4d 07 f5 5e 05 1e c1 fc cf 5a 10 8e ab d4 8f b3 1a 0b 50 fc 01 36 21 4d 53 88 5a be 88 f9 9e 03 c0 9d 98 f6 7d db f6 00 ba c0 98 a2 bd 91 6a a9 99 7f 93 79 0b 6e a4 1c a9 39 fa 18 c2 57 cb 6f 7c 6c 78 92 27 8e 4c 32 34 9a 9f cd 06 49 08 6c ec 4c f2 f9 cd ed 7c 64 4d 86 96 44 7d 84 f6 7c f3 07 73 9e ce 8d 99 68 99 bc d0 d9 5b a8 79 2d b2 ee 57 15 d7 80 69 0a 5b 73 c2 35 a9 73 c0 5f 63 9a a4 54 14 28 d4 46 e3 c1 35 5f 43 16 97 a3 e8 f3 8b 98 c9 d6 8b 09 75 0a 23 db ff c4 fc c0 52 70 b0 c9 e0 02 73 cd a9 e2 3e 67 b0 49 22 83 4d ea 63 58 e0 64 0f f0 4f 18 11 9a f1 0c 77 60 e6 6a 98 92 95 0a fa f8 26 b6 7c Data Ascii: .i@@$i&o&13M^ZP6!MSZ}jyn9Wo\|lx'L24IlL\|dMD}\|sh[y-Wi[s5s_cT(F5_Cu#Rps>gI"McXdOw`j&\|
2025-01-12 00:05:45 UTC	1369	IN	Data Raw: 72 e6 61 82 7d 1a 0b a1 5f 85 09 56 9a c2 cc 3d 8e 69 b1 97 b0 20 c7 e8 bc 36 86 b0 3c c3 31 2c 2b 25 83 09 d7 71 8c a8 21 c6 b0 d4 a8 a3 58 88 7f 03 26 bc 2d 98 d0 8f 53 d8 26 b3 07 0b ea 14 ef 5a e8 0c da 0d 17 7d 4f 05 6d 86 da 42 30 e1 ec c2 34 4d 98 29 b3 15 d3 96 3f c2 26 96 31 8c 24 2e 85 45 fd f3 98 d6 2e de 0e 14 22 07 fc 0b b0 1b 33 2d 37 05 fd e5 b0 c9 e7 e7 c1 b3 e9 c1 4c e3 fe 60 2c c7 83 7f 83 11 f4 35 e0 7b c1 f3 f5 82 be 5e 9b f7 8c c0 cc ef d0 74 d6 60 9c cf ce 2b 73 06 9b 7c de a4 90 62 76 d6 55 2f 7f 54 9d e4 10 aa 5b a0 10 af 6c 24 58 51 09 a5 de 94 33 32 e1 f1 ca d9 19 b6 2e 4d d1 1a 71 71 bb 5c 1f e3 39 9f 13 13 79 bc 72 36 6c 84 f1 c1 bc 50 8b aa 22 ce 90 7a d3 47 4b 16 2e 8f 3c 96 ec fb 68 c4 7a 60 82 f3 08 96 0c bc 14 f3 49 92 98 Data Ascii: ra}_V=i 6<1,+%q!X&-S&Z}OmB04M)?&1$.E."3-7L`,5{^t`+s\|bvU/T[l$XQ32.Mqq\9yr6lP"zGK.<hz`I
2025-01-12 00:05:45 UTC	1104	IN	Data Raw: 3a 46 a9 86 a5 42 a6 54 64 2e 96 d8 34 5a 6b db 8d 8c 4f 44 55 99 46 f5 61 84 af 1d fa c2 86 23 f3 8b c6 1a 2e 46 14 94 dc 87 75 28 33 70 5c 91 07 50 5e 56 d5 b9 ea a2 c6 58 49 45 39 ac 2d 4e 52 74 55 8a 8e 56 69 bb 81 f1 a9 af be a8 be ac c8 03 87 32 03 b1 76 8b d1 30 4a 6f 7c bc 43 bc c3 2a 7b 70 f4 7e 41 4f 36 27 c7 b2 d6 65 81 6a 65 a2 2f 2d d4 35 3e 41 05 3d 89 a3 f7 ab ca 1e ee 90 f8 c5 88 31 1a 46 f9 e3 b0 ee 5a 3f 3d 9a cb 3f aa c8 f7 54 99 2a 2f e4 f5 ad af 95 af 5f 0f 2a f5 5f df f8 54 99 52 e4 7b a3 b9 fc a3 c3 77 c5 cb 00 31 9a 83 8a e7 cf 9d fd d2 96 b1 bc ef de 07 fa 14 0b 52 6f 9a 64 db d5 84 46 88 5c 4b 9b 0b ca 65 41 9e ca fb ee 7d 67 bf b4 e5 5d 9f 50 1b 63 f1 50 f5 c0 c7 23 6f 7e 7b 18 e5 5e 45 9e 06 72 5a 4e 8a 1b 55 74 97 1a 35 8c 2f Data Ascii: :FBTd.4ZkODUFa#.Fu(3p\P^VXIE9-NRtUVi2v0Jo\|C{p~AO6'eje/-5>A=1FZ?=?T/_*_TR{w1RodF\KeA}g]PcP#o~{^ErZNUt5/

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:05:45 UTC	600	OUT	GET /telegram-13/a.png HTTP/1.1 Host: image.sanxiang-sh.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.telegramwg.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:05:45 UTC	961	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:05:45 GMT Content-Type: image/jpeg Content-Length: 44059 Connection: close ETag: "33eab872d190102b7092d36d92f856b1" Last-Modified: Thu, 05 Dec 2024 09:31:38 GMT Vary: Accept-Encoding Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 7057 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=auFWKOSRPq8YNAOeuxdqUfY7Ubt0NLSLIEtsy6%2BG8DCuO%2F%2B%2Fur5CZbIhglTQQ%2F8e7F4bVTIjEKYwcykdqiuwOMtyjHA%2Bb%2BvLrMiSNE4w7zX4ONrAv1ef%2Fys54wZ%2Br8a%2BI1BfQfz3zcI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9008e5920bb072c2-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1802&min_rtt=1794&rtt_var=689&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2871&recv_bytes=1178&delivery_rate=1569892&cwnd=164&unsent_bytes=0&cid=00ac93269417a571&ts=147&x=0"
2025-01-12 00:05:45 UTC	408	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 f7 00 00 01 40 08 03 00 00 00 0f 86 a3 d9 00 00 03 00 50 4c 54 45 00 00 00 53 53 53 77 78 78 54 54 54 ac ad ae a9 aa ab ae af b0 58 58 58 53 53 53 b3 b4 b6 9b 9d 9e 56 56 56 58 58 58 55 55 55 65 65 65 86 86 87 7c 7c 7d ff ff ff 1a 23 2c 1c 1f 24 16 18 1c 23 2f 3f 1c 24 2f f2 f2 f1 5b 5c 5c 0e 16 2c fa fb fb 56 56 56 f0 fd de 38 38 39 f5 f6 f7 0c 12 28 18 20 29 26 31 43 03 ab c6 12 1a 2f 1e 28 33 04 b3 c4 10 1e 35 ca ca ca 10 14 12 3f 40 41 3b 9f dc e0 e1 e0 20 2a 3b 2b 31 38 eb ec ec e6 e7 e6 15 17 1a 11 1c 13 1c 2a 42 47 46 46 2a 2b 2e 37 3f 4a 22 2b 36 18 23 14 da da d9 61 61 62 18 27 3f 3d 46 51 13 22 3a 45 69 91 4a 6e 97 1b 21 35 1a 1c 1f 30 39 42 98 ac 82 69 69 6a de da b2 2b 37 49 2c 3f 56 26 Data Ascii: PNGIHDR@PLTESSSwxxTTTXXXSSSVVVXXXUUUeee\|\|}#,$#/?$/[\\,VVV889( )&1C/(35?@A; ;+18BGFF*+.7?J"+6#aab'?=FQ":EiJn!509Biij+7I,?V&
2025-01-12 00:05:45 UTC	1369	IN	Data Raw: 9f a0 45 51 1f 32 40 26 c9 e2 f3 85 a4 b0 ae ae af 04 86 aa 3e 5e 82 49 55 2e 61 93 69 3d 4a 28 05 60 8e 79 9b a7 a9 b1 9f c1 c8 b2 55 60 32 8c 8c 8f 08 75 a3 d7 dc c7 a5 b6 8f 51 5d 23 f0 ec e5 a0 aa 98 bb bc bd 7b 7b 7b c3 c3 c3 62 6c 38 b4 df f1 03 95 b5 6c 73 84 fa f2 e1 d9 e9 f5 f2 ea d7 17 79 a9 96 a3 94 9a 99 9e 98 ad bd 30 9b db b9 bd aa 59 af e0 dc f4 cd 76 97 93 7d 9b 7b 36 4a 3d 20 82 b6 a7 a6 a9 be e0 b1 b5 b5 b5 a2 d0 ee 96 94 95 d2 d3 a9 5c 81 96 ee e7 c9 b4 b4 a1 74 7d 8e 6f 77 3d 44 7c 97 33 8e c0 4f 7a 91 cb da cd ab bd a4 c6 c9 a0 72 b9 e5 7c 82 48 5d 68 26 a6 b6 c4 77 92 b1 4c 86 ab bc d4 ec 93 95 86 88 a7 c0 87 9d 93 8a 90 47 8c c4 e8 48 99 ca 0f 46 53 53 92 97 cb eb bf 71 71 74 60 92 b6 7c 83 35 76 9d bd 6b 75 29 5e a6 d0 38 73 92 89 Data Ascii: EQ2@&>^IU.ai=J(`yU`2uQ]#{{{bl8lsy0Yv}{6J= \t}ow=D\|3Ozr\|H]h&wLGHFSSqqt`\|5vku)^8s
2025-01-12 00:05:45 UTC	1369	IN	Data Raw: 33 f0 a0 5a a1 9b 10 7d 55 f3 3b f7 ee dd 5b cf 55 4c b3 52 49 48 34 1a 0a c5 08 71 25 11 3b eb 28 64 e8 09 d5 dc c9 e8 8a 6e 48 a1 e8 d9 b3 01 61 f9 5d ee 3b 5a 03 4e 5a 7d e1 2d 97 f9 f7 a1 b9 52 73 fc 81 c9 fa c2 cc dc 72 89 38 df a8 01 f7 7a 0d d0 57 4b a5 3a 44 e0 37 f1 41 5b 20 4d 16 c1 bd ab 7d 71 29 03 7c a1 ab f8 08 ca 5d da 97 96 dc 26 1e 8f 27 49 53 50 72 6a 9e 2f 58 06 37 96 68 2e 3d 87 1f 59 22 ec 57 a0 af af 40 20 1f ec 5f 9b 1d 69 b5 ec 88 6c db 76 3a ed 70 8f 3b 68 78 70 30 32 08 ae 59 58 0a c3 72 eb f0 e8 e8 30 3c 48 63 e9 9e d9 b5 83 91 60 df 30 44 8f 60 82 16 95 a2 92 14 85 02 01 6a 95 44 42 22 c4 a3 92 6a 12 f8 96 99 48 98 26 b0 07 d3 c0 de d0 a2 a1 98 aa 82 7e c1 bd a2 2a 0a d6 45 ca 30 52 ba 12 0b 04 02 67 bb 7e df f9 02 f7 ac e7 c9 Data Ascii: 3Z}U;[ULRIH4q%;(dnHa];ZNZ}-Rsr8zWK:D7A[ M}q)\|]&'ISPrj/X7h.=Y"W@ _ilv:p;hxp02YXr0<Hc`0D`jDB"jH&~*E0Rg~
2025-01-12 00:05:45 UTC	1369	IN	Data Raw: 0b 75 fd be f3 f5 0f fb da 19 68 a1 ba 78 7d bc 77 7c 91 89 af 96 b8 21 ea 4f 6b 1f 41 bf 44 59 a7 50 de 77 b9 27 ec 8b c5 26 b4 9d 65 ed 52 f3 e2 d0 8b 60 ff 94 e7 6f 52 c2 87 e1 33 ed 82 6b de d9 52 de f9 91 f2 fd 12 ee 36 09 7b d8 bd cb fd 53 22 e8 80 7e f2 fb 4b 88 39 f8 b3 c1 3d c0 87 f3 f7 20 e2 73 ca b1 33 19 cb 96 83 a8 6f 46 70 e0 75 61 2c e2 97 61 ee 84 fd ef c7 77 fc 7e df 5d 1f 26 da b9 c3 96 8e 99 99 0a 94 e7 30 8f 2d 2c d5 e7 63 12 b8 07 dc 15 35 14 08 05 62 52 cc e1 3e 66 ee ec 18 92 a4 60 0c 95 1b de ca 5a f8 ae ea 5a 48 4c 88 aa 7a 42 e9 72 df f1 ba bf 8d 7b c8 e1 7e 6e 6e b9 5e 00 f7 8f 4f d6 d9 e9 4b a2 94 e3 7a fd f4 dc f4 c2 34 5a 9a 88 73 2d 54 2c 9b 65 41 3d 83 ef 60 5f 74 62 4e 96 0d 7f 28 0b c7 27 f4 c9 e7 19 fb 38 94 24 9a 8b 00 Data Ascii: uhx}w\|!OkADYPw'&eR`oR3kR6{S"~K9= s3oFpua,aw~]&0-,c5bR>f`ZZHLzBr{~nn^OKz4Zs-T,eA=`_tbN('8$
2025-01-12 00:05:45 UTC	1369	IN	Data Raw: 5c f0 f9 18 dc a3 65 c3 a7 9c b3 35 42 07 b6 7c 64 2b 8f a5 09 7d 2b 93 5b ff 65 cf 4e 23 e5 70 aa 4f a7 fd 22 fc eb 00 3f e8 8f 8c 21 19 c9 a8 75 32 ec 88 35 9a 91 82 6b 83 7b 03 39 47 a2 2a 0e d7 e2 b9 98 43 dc 07 e8 cc ca d0 0d 4c a4 e3 2a 45 d1 f4 14 02 be 81 31 49 d3 14 c3 30 28 11 61 11 68 98 40 af 27 eb 29 ac 8a ee b9 55 c7 cb f3 7b 8f 7b 68 61 b9 76 c2 7d ad b4 4c 86 0f 11 f7 d3 f8 07 b9 b9 9e 2f fb ac dd dd 7d aa 61 d6 eb e0 1e f8 b3 df 8b 98 33 34 d4 ce 3d 67 7b ef 7c 96 d3 cb 45 36 7b 7c e5 f5 e0 bc 89 8c 49 71 87 fb b8 33 6f 05 9a 6f 0f 3a 00 7f 96 4a 33 14 74 22 f0 7c d8 77 66 7d 6f cf 4a 6b bc 0a 82 ec f2 36 a4 f3 2b 05 ad 30 de 64 e3 12 bf a1 d3 8b 68 e0 5e cf e4 20 cb 60 bf a7 44 13 55 54 89 b1 97 98 7b c5 44 89 07 29 5e 33 0d ca fe 06 56 Data Ascii: \e5B\|d+}+[eN#pO"?!u25k{9GCLE1I0(ah@')U{{hav}L/}a34=g{\|E6{\|Iq3oo:J3t"\|wf}oJk6+0dh^ `DUT{D)^3V
2025-01-12 00:05:45 UTC	1369	IN	Data Raw: 5d 3a c7 97 0f 41 68 33 8d 8d 1b 1b 7c 28 f2 77 f8 d3 47 33 0b e5 5e 48 a7 70 e7 f0 94 ac 74 0a ca e2 6c 54 9f 13 7a 29 9f f3 78 8d 84 7b bf 06 b9 af 4f b8 47 83 5d e3 91 6d 99 a6 f1 68 9d 65 5a 00 d0 32 21 0b cb 1f 4b 33 7f 52 86 f1 4b df 66 b1 da 4f c8 86 a6 87 70 12 17 7e 4d a6 b1 2b 99 60 65 9d 9d 5e e5 40 2a 8b 8a 34 2f 0f fc 17 47 f3 ca c3 2f 15 ef 1f ab 78 7f e4 d4 dd 3a d2 39 58 09 7c ec 98 da bb a9 f7 8f f4 c3 6f 3f 7c 3c a8 9f 78 fd e9 b5 a1 6b 33 2c b3 54 72 0d 17 80 b2 0c c3 d4 66 5f d5 24 9b 7e 79 b6 08 aa 38 93 79 b2 fd 34 43 25 1a b7 0a bd 14 f7 ed f1 fe d6 88 20 ef 07 7c f3 f0 d4 d4 d4 3b 7d fa c3 87 0f d3 da b3 4f 9f 3e 9d 9e 71 ec f4 f2 ae 33 10 2c bd f4 66 e3 a6 ae cd b6 aa 8e 03 37 4f 4a 48 aa 9f a6 2b 8e e5 b3 89 65 51 3d 66 e8 d5 c6 Data Ascii: ]:Ah3\|(wG3^HptlTz)x{OG]mheZ2!K3RKfOp~M+`e^@*4/G/x:9X\|o?\|<xk3,Trf_$~y8y4C% \|;}O>q3,f7OJH+eQ=f
2025-01-12 00:05:45 UTC	1369	IN	Data Raw: cd 5b ad 66 4a 0a 7c fe 95 39 de df b4 92 dc c2 f2 82 6d 27 41 3e 2e ff 66 96 4e d3 89 c9 97 eb fe 56 2b dc 17 51 f5 7f ef f0 73 b8 bf 05 7f 4f 7c ef de d8 2e 7e 6e c5 d1 70 1f 21 e5 d2 bb cf 09 79 b8 9f 51 e8 37 6d 9d 29 2d ee 17 29 60 2c dc cb fb b6 14 bd c1 d5 f5 16 10 f0 af 8c e7 14 57 d3 dc 7f ee f0 bd 71 8e 0e e8 e8 2c 05 87 7b 3d c0 fd b2 3f b7 32 8f 06 82 f2 79 9b 49 7c 70 89 61 1f c8 ef 62 3c 07 09 fb 98 85 9a 96 9a 4e 7d 68 8b 56 c6 31 ff 42 0b ff bd c3 cf f3 f7 b3 b2 1b ad 02 88 0a 71 8f ec 2c 2d 93 68 fd bd a4 bf d0 58 4a 60 3f 99 ae 93 39 d2 70 0f eb 9d 35 55 d5 5d b5 87 1f be 32 7e bf 34 b5 a4 f6 12 d3 65 e7 9e 77 ad 64 3b 5a bc 2e 6e df 80 ff 6f cc 96 09 58 05 8d 64 12 28 c5 ca d6 e5 52 3d 5b 58 c1 02 0d 5b 2d f6 37 67 ef 95 71 96 c8 47 15 Data Ascii: [fJ\|9m'A>.fNV+QsO\|.~np!yQ7m)-)`,Wq,{=?2yI\|pab<N}hV1Bq,-hXJ`?9p5U]2~4ewd;Z.noXd(R=[X[-7gqG
2025-01-12 00:05:45 UTC	1369	IN	Data Raw: 34 ed 8e ec 6c 30 cc 4b f1 72 fe 4e 28 25 ac 43 b9 ac 15 4b 80 cf 1f 83 db df 7a eb f6 54 92 ef 45 28 99 49 b1 6a ec 06 7e 1c fc e5 0e 97 55 99 b9 7f be 06 03 f6 eb 00 ff 35 f6 ac 78 f6 e9 c2 70 d3 ab a9 90 ce 94 7d 7e 36 32 ff 78 fd 13 af ad 5f db 73 58 e7 91 ba a6 02 f0 ff 4f ef 6b 3b ff 97 dc 5f 78 d9 2d 32 0d d9 1d cb 41 80 af dc 07 ca 26 5a 5a d2 b1 f0 68 75 c3 58 62 a4 a3 61 34 52 16 49 65 42 a1 58 30 86 64 26 32 a3 e3 41 56 76 a2 4e f4 2f af 8b fc c5 c0 8f dc 06 04 64 6a bd 39 94 b9 fe 9e f8 5e 5c 3e 16 f2 25 c8 b9 c6 70 ef b8 fb 0d c6 d7 53 e0 9c a2 d8 27 65 5d e4 24 76 30 84 c4 d2 48 09 f1 9c 92 bb 5c 56 4b 26 ea 81 7c 81 fe 59 d1 95 1c d6 ad bb 52 c0 df 06 fa ac 58 be 0e ee 2d e0 b6 42 cd 8b 3e c5 8a 86 f8 fb 8d 2c 90 d6 cf e8 68 d5 8e 87 cb 85 Data Ascii: 4l0KrN(%CKzTE(Ij~U5xp}~62x_sXOk;_x-2A&ZZhuXba4RIeBX0d&2AVvN/dj9^\>%pS'e]$v0H\VK&\|YRX-B>,h
2025-01-12 00:05:45 UTC	1369	IN	Data Raw: 1a a4 3b fc c0 ae 9f de 7f e8 29 05 1f ec 71 cd 48 48 dd b2 e5 d6 2d b7 3a 72 1d fe a8 ec 6b 98 8e a3 8c 21 1f e8 25 7d 21 25 f9 85 83 7d 3c ad 8a 6f 8f a7 b3 09 1e 53 19 6d f9 83 7b ab e1 6d 4f 4d 6e cf 8b 6b 48 45 c0 47 67 ea a6 6e 3b 76 dc e0 be 4e ae 41 0e 5e df ce bf f7 59 a7 0e fb a0 ee 24 b2 05 de da e2 ae 3f df d3 93 73 7d 3d 17 5a fc a1 13 19 7f 4f 39 5e 70 25 5b 95 3b 34 93 0a fb 7b 2e f6 ca 42 8f 91 4c 8f 4d f9 5a 65 a0 df 2f b8 af 30 dc 33 0d f9 f5 f9 d9 f9 19 d9 bc 6d fe f5 9d 04 3d e2 ef 71 cb b1 74 b6 7a e1 f0 e6 85 d6 8e 8c e2 ba 59 66 e8 07 74 63 08 19 8b a4 10 d9 44 fc 88 b0 27 1a 24 ec a1 cd 89 48 b0 4c 4e d3 8d 0a 70 ef 27 2e d2 89 0b 6f 3d 7a f5 bd 10 3f ae b8 27 12 c2 fc f8 f8 b8 ec a2 26 ec 27 48 d9 5b b3 1b 24 8d 6e 18 4d 23 e5 1e Data Ascii: ;)qHH-:rk!%}!%}<oSm{mOMnkHEGgn;vNA^Y$?s}=ZO9^p%[;4{.BLMZe/03m=qtzYftcD'$HLNp'.o=z?'&'H[$nM#
2025-01-12 00:05:45 UTC	1369	IN	Data Raw: 4b c2 1a 7f 5f d1 db ec 72 7f b4 67 9d 40 9f 80 4e 76 13 4d a0 27 57 76 b5 34 d4 75 b5 f4 37 55 3e fc 70 d7 df 05 3d 9f e6 1e b4 fa ec d5 75 84 3b 9c 5b 3e d5 35 e6 4e 5b 00 fd 1c da f7 03 ee 9b 95 7b d9 cb 70 86 3b 5a b8 9f 61 20 5f 07 74 0c f7 b3 d3 df 7e 8d be fd ee 15 4b 36 d2 a3 95 f6 2c 59 0f 7a 1b f8 7b b8 ef af 46 55 a8 c3 a8 1b 7d ac f2 a2 8f 1c e8 c1 5e 64 a8 47 1c 0c f6 88 93 0a be 65 5f 88 77 d5 dd fd 19 02 78 54 8d 5a 3a 2c f7 86 6f c7 f7 5b 8b bc e4 2b f7 bb 6e be 19 7f 2f ab 27 1c 2c 13 20 6b 9b 0d f8 9e f9 f7 3e af 9b 77 6a 1a e5 37 e6 4d be c4 ec ad 7c 45 7f aa bd bd 1d bb bc 6a af 2f 30 9e 49 d4 e3 26 32 a5 a4 e3 7b c3 3d 01 3e f1 fd bc c4 3a 0c e0 23 06 74 e0 de 62 8f be 9b 56 68 a7 a6 1e 44 1c 29 1e 2d 0d f9 29 b9 92 a8 1e 23 76 ea 88 Data Ascii: K_rg@NvM'Wv4u7U>p=u;[>5N[{p;Za _t~K6,Yz{FU}^dGe_wxTZ:,o[+n/', k>wj7M\|Ej/0I&2{=>:#tbVhD)-)#v

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:05:46 UTC	912	OUT	GET /static/js/jquery.js HTTP/1.1 Host: www.telegramwg.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.telegramwg.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __vtins__3KK9Zot37TeXAqY2=%7B%22sid%22%3A%20%229e5d0ff0-b096-559b-9a9d-0dbb54861d60%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736642145260%2C%20%22ct%22%3A%201736640345260%7D; __51uvsct__3KK9Zot37TeXAqY2=1; __51vcke__3KK9Zot37TeXAqY2=6bbd0c83-38da-54f5-9807-e3d55085f375; __51vuft__3KK9Zot37TeXAqY2=1736640345266
2025-01-12 00:05:46 UTC	894	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:05:46 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 86923 Connection: close Last-Modified: Wed, 11 Dec 2024 07:34:58 GMT Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 7058 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZEiJUvXIx0Hw1K%2F0iGeVy40kOgU77GEboyXr6utg5DsTDuvmE4oyPYWi8Vwtt2rSDDuKGHCZAVMvK6yxq8UV2SofNU8RC6PFTHNrrkUrGp32ym2m7qlZfwklKE3J4xIL1PyE8Zc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9008e5963d0043ee-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1645&min_rtt=1643&rtt_var=621&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=1490&delivery_rate=1755862&cwnd=228&unsent_bytes=0&cid=460bcfb4bbb10491&ts=153&x=0"
2025-01-12 00:05:46 UTC	475	IN	Data Raw: 2f 2a 21 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 Data Ascii: /!jQuery v3.3.1 \| (c) JS Foundation and other contributors \| jquery.org/license/!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery req
2025-01-12 00:05:46 UTC	1369	IN	Data Raw: 69 6e 67 2c 66 3d 6c 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 70 3d 66 2e 74 6f 53 74 72 69 6e 67 2c 64 3d 70 2e 63 61 6c 6c 28 4f 62 6a 65 63 74 29 2c 68 3d 7b 7d 2c 67 3d 66 75 6e 63 74 69 6f 6e 20 65 28 74 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 22 6e 75 6d 62 65 72 22 21 3d 74 79 70 65 6f 66 20 74 2e 6e 6f 64 65 54 79 70 65 7d 2c 79 3d 66 75 6e 63 74 69 6f 6e 20 65 28 74 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 21 3d 74 26 26 74 3d 3d 3d 74 2e 77 69 6e 64 6f 77 7d 2c 76 3d 7b 74 79 70 65 3a 21 30 2c 73 72 63 3a 21 30 2c 6e 6f 4d 6f 64 75 6c 65 3a 21 30 7d 3b 66 75 6e 63 74 69 6f 6e 20 6d 28 65 2c 74 2c 6e 29 7b 76 61 72 20 69 2c 6f 3d 28 74 3d 74 7c 7c 72 29 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e Data Ascii: ing,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t\|\|r).createElemen
2025-01-12 00:05:46 UTC	1369	IN	Data Raw: 3b 66 6f 72 28 22 62 6f 6f 6c 65 61 6e 22 3d 3d 74 79 70 65 6f 66 20 61 26 26 28 6c 3d 61 2c 61 3d 61 72 67 75 6d 65 6e 74 73 5b 73 5d 7c 7c 7b 7d 2c 73 2b 2b 29 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 61 7c 7c 67 28 61 29 7c 7c 28 61 3d 7b 7d 29 2c 73 3d 3d 3d 75 26 26 28 61 3d 74 68 69 73 2c 73 2d 2d 29 3b 73 3c 75 3b 73 2b 2b 29 69 66 28 6e 75 6c 6c 21 3d 28 65 3d 61 72 67 75 6d 65 6e 74 73 5b 73 5d 29 29 66 6f 72 28 74 20 69 6e 20 65 29 6e 3d 61 5b 74 5d 2c 61 21 3d 3d 28 72 3d 65 5b 74 5d 29 26 26 28 6c 26 26 72 26 26 28 77 2e 69 73 50 6c 61 69 6e 4f 62 6a 65 63 74 28 72 29 7c 7c 28 69 3d 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 72 29 29 29 3f 28 69 3f 28 69 3d 21 31 2c 6f 3d 6e 26 26 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 6e 29 3f Data Ascii: ;for("boolean"==typeof a&&(l=a,a=arguments[s]\|\|{},s++),"object"==typeof a\|\|g(a)\|\|(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)n=a[t],a!==(r=e[t])&&(l&&r&&(w.isPlainObject(r)\|\|(i=Array.isArray(r)))?(i?(i=!1,o=n&&Array.isArray(n)?
2025-01-12 00:05:46 UTC	1369	IN	Data Raw: 43 28 65 29 29 66 6f 72 28 72 3d 65 2e 6c 65 6e 67 74 68 3b 6f 3c 72 3b 6f 2b 2b 29 6e 75 6c 6c 21 3d 28 69 3d 74 28 65 5b 6f 5d 2c 6f 2c 6e 29 29 26 26 73 2e 70 75 73 68 28 69 29 3b 65 6c 73 65 20 66 6f 72 28 6f 20 69 6e 20 65 29 6e 75 6c 6c 21 3d 28 69 3d 74 28 65 5b 6f 5d 2c 6f 2c 6e 29 29 26 26 73 2e 70 75 73 68 28 69 29 3b 72 65 74 75 72 6e 20 61 2e 61 70 70 6c 79 28 5b 5d 2c 73 29 7d 2c 67 75 69 64 3a 31 2c 73 75 70 70 6f 72 74 3a 68 7d 29 2c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 26 26 28 77 2e 66 6e 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 6e 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 29 2c 77 2e 65 61 63 68 28 22 42 6f 6f 6c 65 61 6e 20 4e 75 6d 62 65 72 20 53 74 72 69 6e 67 20 46 75 6e 63 Data Ascii: C(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&s.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&s.push(i);return a.apply([],s)},guid:1,support:h}),"function"==typeof Symbol&&(w.fn[Symbol.iterator]=n[Symbol.iterator]),w.each("Boolean Number String Func
2025-01-12 00:05:46 UTC	1369	IN	Data Raw: 2b 22 2a 22 29 2c 7a 3d 6e 65 77 20 52 65 67 45 78 70 28 22 3d 22 2b 4d 2b 22 2a 28 5b 5e 5c 5c 5d 27 5c 22 5d 2a 3f 29 22 2b 4d 2b 22 2a 5c 5c 5d 22 2c 22 67 22 29 2c 58 3d 6e 65 77 20 52 65 67 45 78 70 28 57 29 2c 55 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5e 22 2b 52 2b 22 24 22 29 2c 56 3d 7b 49 44 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 23 28 22 2b 52 2b 22 29 22 29 2c 43 4c 41 53 53 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 5c 5c 2e 28 22 2b 52 2b 22 29 22 29 2c 54 41 47 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 28 22 2b 52 2b 22 7c 5b 2a 5d 29 22 29 2c 41 54 54 52 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 22 2b 49 29 2c 50 53 45 55 44 4f 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 22 2b 57 29 2c 43 48 49 4c 44 3a 6e 65 77 20 52 65 67 45 78 70 28 22 Data Ascii: +""),z=new RegExp("="+M+"([^\\]'\"]?)"+M+"\\]","g"),X=new RegExp(W),U=new RegExp("^"+R+"$"),V={ID:new RegExp("^#("+R+")"),CLASS:new RegExp("^\\.("+R+")"),TAG:new RegExp("^("+R+"\|[*])"),ATTR:new RegExp("^"+I),PSEUDO:new RegExp("^"+W),CHILD:new RegExp("
2025-01-12 00:05:46 UTC	1369	IN	Data Raw: 3d 6e 2d 31 7d 7d 7d 66 75 6e 63 74 69 6f 6e 20 6f 65 28 65 2c 74 2c 72 2c 69 29 7b 76 61 72 20 6f 2c 73 2c 6c 2c 63 2c 66 2c 68 2c 76 2c 6d 3d 74 26 26 74 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2c 54 3d 74 3f 74 2e 6e 6f 64 65 54 79 70 65 3a 39 3b 69 66 28 72 3d 72 7c 7c 5b 5d 2c 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 65 7c 7c 21 65 7c 7c 31 21 3d 3d 54 26 26 39 21 3d 3d 54 26 26 31 31 21 3d 3d 54 29 72 65 74 75 72 6e 20 72 3b 69 66 28 21 69 26 26 28 28 74 3f 74 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 74 3a 77 29 21 3d 3d 64 26 26 70 28 74 29 2c 74 3d 74 7c 7c 64 2c 67 29 29 7b 69 66 28 31 31 21 3d 3d 54 26 26 28 66 3d 4a 2e 65 78 65 63 28 65 29 29 29 69 66 28 6f 3d 66 5b 31 5d 29 7b 69 66 28 39 3d 3d 3d 54 29 7b 69 66 28 21 28 6c Data Ascii: =n-1}}}function oe(e,t,r,i){var o,s,l,c,f,h,v,m=t&&t.ownerDocument,T=t?t.nodeType:9;if(r=r\|\|[],"string"!=typeof e\|\|!e\|\|1!==T&&9!==T&&11!==T)return r;if(!i&&((t?t.ownerDocument\|\|t:w)!==d&&p(t),t=t\|\|d,g)){if(11!==T&&(f=J.exec(e)))if(o=f[1]){if(9===T){if(!(l
2025-01-12 00:05:46 UTC	1369	IN	Data Raw: 65 2e 6e 6f 64 65 54 79 70 65 26 26 31 3d 3d 3d 74 2e 6e 6f 64 65 54 79 70 65 26 26 65 2e 73 6f 75 72 63 65 49 6e 64 65 78 2d 74 2e 73 6f 75 72 63 65 49 6e 64 65 78 3b 69 66 28 72 29 72 65 74 75 72 6e 20 72 3b 69 66 28 6e 29 77 68 69 6c 65 28 6e 3d 6e 2e 6e 65 78 74 53 69 62 6c 69 6e 67 29 69 66 28 6e 3d 3d 3d 74 29 72 65 74 75 72 6e 2d 31 3b 72 65 74 75 72 6e 20 65 3f 31 3a 2d 31 7d 66 75 6e 63 74 69 6f 6e 20 66 65 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 22 69 6e 70 75 74 22 3d 3d 3d 74 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 26 26 74 2e 74 79 70 65 3d 3d 3d 65 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 65 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 Data Ascii: e.nodeType&&1===t.nodeType&&e.sourceIndex-t.sourceIndex;if(r)return r;if(n)while(n=n.nextSibling)if(n===t)return-1;return e?1:-1}function fe(e){return function(t){return"input"===t.nodeName.toLowerCase()&&t.type===e}}function pe(e){return function(t){var
2025-01-12 00:05:46 UTC	1369	IN	Data Raw: 79 54 61 67 4e 61 6d 65 28 22 2a 22 29 2e 6c 65 6e 67 74 68 7d 29 2c 6e 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 3d 51 2e 74 65 73 74 28 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 29 2c 6e 2e 67 65 74 42 79 49 64 3d 75 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 68 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 65 29 2e 69 64 3d 62 2c 21 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 4e 61 6d 65 7c 7c 21 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 4e 61 6d 65 28 62 29 2e 6c 65 6e 67 74 68 7d 29 2c 6e 2e 67 65 74 42 79 49 64 3f 28 72 2e 66 69 6c 74 65 72 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 72 65 70 6c 61 63 65 28 5a 2c 65 65 29 3b 72 65 74 75 72 6e 20 66 Data Ascii: yTagName("*").length}),n.getElementsByClassName=Q.test(d.getElementsByClassName),n.getById=ue(function(e){return h.appendChild(e).id=b,!d.getElementsByName\|\|!d.getElementsByName(b).length}),n.getById?(r.filter.ID=function(e){var t=e.replace(Z,ee);return f
2025-01-12 00:05:46 UTC	1369	IN	Data Raw: 3d 27 22 2b 62 2b 22 27 3e 3c 2f 61 3e 3c 73 65 6c 65 63 74 20 69 64 3d 27 22 2b 62 2b 22 2d 5c 72 5c 5c 27 20 6d 73 61 6c 6c 6f 77 63 61 70 74 75 72 65 3d 27 27 3e 3c 6f 70 74 69 6f 6e 20 73 65 6c 65 63 74 65 64 3d 27 27 3e 3c 2f 6f 70 74 69 6f 6e 3e 3c 2f 73 65 6c 65 63 74 3e 22 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 6d 73 61 6c 6c 6f 77 63 61 70 74 75 72 65 5e 3d 27 27 5d 22 29 2e 6c 65 6e 67 74 68 26 26 79 2e 70 75 73 68 28 22 5b 2a 5e 24 5d 3d 22 2b 4d 2b 22 2a 28 3f 3a 27 27 7c 5c 22 5c 22 29 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 73 65 6c 65 63 74 65 64 5d 22 29 2e 6c 65 6e 67 74 68 7c 7c 79 2e 70 75 73 68 28 22 5c 5c 5b 22 2b 4d 2b 22 2a 28 3f 3a 76 61 6c 75 65 7c 22 2b 50 2b 22 29 22 29 Data Ascii: ='"+b+"'></a><select id='"+b+"-\r\\' msallowcapture=''><option selected=''></option></select>",e.querySelectorAll("[msallowcapture^='']").length&&y.push("[^$]="+M+"(?:''\|\"\")"),e.querySelectorAll("[selected]").length\|\|y.push("\\["+M+"*(?:value\|"+P+")")
2025-01-12 00:05:46 UTC	1369	IN	Data Raw: 65 3d 3d 3d 72 7c 7c 21 28 21 72 7c 7c 31 21 3d 3d 72 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 28 6e 2e 63 6f 6e 74 61 69 6e 73 3f 6e 2e 63 6f 6e 74 61 69 6e 73 28 72 29 3a 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 26 26 31 36 26 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 72 29 29 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 74 29 77 68 69 6c 65 28 74 3d 74 2e 70 61 72 65 6e 74 4e 6f 64 65 29 69 66 28 74 3d 3d 3d 65 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 44 3d 74 3f 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 65 3d 3d 3d 74 29 72 65 74 75 72 6e 20 66 3d 21 30 2c 30 3b 76 61 72 20 72 3d 21 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 Data Ascii: e===r\|\|!(!r\|\|1!==r.nodeType\|\|!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},D=t?function(e,t){if(e===t)return f=!0,0;var r=!e.compareDocumentPosi

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:05:46 UTC	912	OUT	GET /static/js/public.js HTTP/1.1 Host: www.telegramwg.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.telegramwg.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __vtins__3KK9Zot37TeXAqY2=%7B%22sid%22%3A%20%229e5d0ff0-b096-559b-9a9d-0dbb54861d60%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736642145260%2C%20%22ct%22%3A%201736640345260%7D; __51uvsct__3KK9Zot37TeXAqY2=1; __51vcke__3KK9Zot37TeXAqY2=6bbd0c83-38da-54f5-9807-e3d55085f375; __51vuft__3KK9Zot37TeXAqY2=1736640345266
2025-01-12 00:05:46 UTC	893	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:05:46 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 1331 Connection: close Last-Modified: Wed, 11 Dec 2024 07:34:58 GMT Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 7058 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fXGbc0CLwM82TVe44IWItY97glC7L7G8Afhtt4KKkt8JR3GLDmbK5xcvZyvdu%2FNtNmmsBky00priM72inevEaRoGvicHCBrx9TqkLVPoZ5EcNRHuLjIF44TSCAqhv5Nq3VixZa4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9008e5963c6a0f36-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1526&min_rtt=1524&rtt_var=576&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2833&recv_bytes=1490&delivery_rate=1893644&cwnd=231&unsent_bytes=0&cid=ddbbe7b49148cbf5&ts=153&x=0"
2025-01-12 00:05:46 UTC	476	IN	Data Raw: 24 28 27 23 74 6f 2d 74 6f 70 27 29 2e 63 6c 69 63 6b 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 24 28 27 62 6f 64 79 2c 68 74 6d 6c 27 29 2e 61 6e 69 6d 61 74 65 28 7b 73 63 72 6f 6c 6c 54 6f 70 3a 30 7d 2c 31 29 3b 0d 0a 20 20 20 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 0d 0a 7d 29 3b 0d 0a 0d 0a 24 28 77 69 6e 64 6f 77 29 2e 73 63 72 6f 6c 6c 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 63 6f 6e 73 74 20 73 63 72 6f 6c 6c 54 6f 70 20 3d 20 24 28 77 69 6e 64 6f 77 29 2e 73 63 72 6f 6c 6c 54 6f 70 28 29 3b 0d 0a 20 20 20 20 63 6f 6e 73 74 20 77 69 6e 64 6f 77 48 65 69 67 68 74 20 3d 20 24 28 77 69 6e 64 6f 77 29 2e 68 65 69 67 68 74 28 29 3b 0d 0a 20 20 20 20 69 66 20 28 73 63 72 6f 6c 6c 54 6f 70 20 3e 20 32 30 30 20 29 20 7b Data Ascii: $('#to-top').click(function() { $('body,html').animate({scrollTop:0},1); return false;});$(window).scroll(function() { const scrollTop = $(window).scrollTop(); const windowHeight = $(window).height(); if (scrollTop > 200 ) {
2025-01-12 00:05:46 UTC	855	IN	Data Raw: 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 20 7c 7c 20 6e 61 76 69 67 61 74 6f 72 2e 76 65 6e 64 6f 72 20 7c 7c 20 77 69 6e 64 6f 77 2e 6f 70 65 72 61 3b 0d 0a 20 20 20 20 69 66 20 28 2f 61 6e 64 72 6f 69 64 2f 69 2e 74 65 73 74 28 75 73 65 72 41 67 65 6e 74 29 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 22 61 6e 64 72 6f 69 64 22 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 69 66 20 28 2f 69 50 61 64 7c 69 50 68 6f 6e 65 7c 69 50 6f 64 2f 2e 74 65 73 74 28 75 73 65 72 41 67 65 6e 74 29 20 26 26 20 21 77 69 6e 64 6f 77 2e 4d 53 53 74 72 65 61 6d 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 22 69 6f 73 22 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 72 65 74 75 72 6e 20 22 70 63 22 3b 0d 0a 7d 0d 0a 0d 0a 69 66 28 67 65 74 Data Ascii: vigator.userAgent \|\| navigator.vendor \|\| window.opera; if (/android/i.test(userAgent)) { return "android"; } if (/iPad\|iPhone\|iPod/.test(userAgent) && !window.MSStream) { return "ios"; } return "pc";}if(get

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:05:46 UTC	362	OUT	GET /telegram-logo.png HTTP/1.1 Host: image.sanxiang-sh.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:05:47 UTC	953	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:05:47 GMT Content-Type: image/jpeg Content-Length: 9739 Connection: close ETag: "e94e30d49b2c58c8ce7bf1a96be1458a" Last-Modified: Tue, 17 Dec 2024 06:25:16 GMT Vary: Accept-Encoding Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 1819 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xraEtnh0HZB%2F7WAyckr6WWo9EqlXVk1bFyd0WrVnR0QPbwZwc24A%2B217om1wJQJVw%2BFBDh%2F6YGL6%2BqohxGd81YcsqA%2BUSC4SIktnfvYoEmDvDHArSs0E0GTzaLl%2FedvEIbsK16o1OKk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9008e599199041f9-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1728&min_rtt=1727&rtt_var=651&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2873&recv_bytes=940&delivery_rate=1676234&cwnd=216&unsent_bytes=0&cid=d8c83aba1c868280&ts=151&x=0"
2025-01-12 00:05:47 UTC	416	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 dc 00 00 00 64 08 06 00 00 00 ed c3 5e 99 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 04 ee 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 37 2e 31 2d 63 30 30 30 20 37 39 2e 62 30 66 38 62 65 39 2c 20 32 30 32 31 2f 31 32 2f 30 38 2d 31 39 3a 31 31 3a 32 32 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 Data Ascii: PNGIHDRd^pHYs+iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be9, 2021/12/08-19:11:22 "> <rdf:R
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: 6c 65 6d 65 6e 74 73 2f 31 2e 31 2f 22 20 78 6d 6c 6e 73 3a 70 68 6f 74 6f 73 68 6f 70 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 70 68 6f 74 6f 73 68 6f 70 2f 31 2e 30 2f 22 20 78 6d 6c 6e 73 3a 78 6d 70 4d 4d 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 6d 6d 2f 22 20 78 6d 6c 6e 73 3a 73 74 45 76 74 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 73 54 79 70 65 2f 52 65 73 6f 75 72 63 65 45 76 65 6e 74 23 22 20 78 6d 70 3a 43 72 65 61 74 6f 72 54 6f 6f 6c 3d 22 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 33 2e 32 20 28 57 69 6e 64 6f 77 73 29 22 20 78 6d 70 3a 43 72 65 61 74 65 44 61 74 65 3d 22 32 30 32 34 2d 31 32 2d 30 36 54 31 35 3a Data Ascii: lements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 23.2 (Windows)" xmp:CreateDate="2024-12-06T15:
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: 63 79 8f 27 87 f6 f7 0c 71 8f f8 cd ee 32 26 5c 8c 28 68 ae e0 df a7 c9 2d 9d 27 fb 71 dd 9d a2 ce ed a0 db 54 69 17 a7 09 9a 2c 2a 44 54 7d 54 60 1c 61 9f 2a 3f c0 cf 3e fa fa c5 95 c7 f9 b2 e4 9a d5 4d 4c b8 18 51 d0 1c 12 3c a2 89 01 46 fa 5b 48 7f 14 d5 cf 03 d7 aa d0 2a 51 da 2f 25 b7 4d a2 a8 82 8a 32 09 fa 12 e2 7c 77 86 e9 9f 1d 62 d5 71 ee 10 af e1 b6 63 c2 c5 88 80 86 45 7a dd ee c3 e9 64 e7 92 eb 12 79 ef 8b 02 b7 01 cb e7 b4 1b fe 55 4e 2e 2b 7d 5f 6a 74 b5 ca f7 fc ba 3a fb ff a7 15 1e f7 dc c4 03 b9 8b 17 f6 34 ea df c5 84 8b 11 05 0d 11 ae f7 5b 67 3a 7a 3b 64 27 2a 77 83 ee 10 c8 cc 2d 11 45 18 2f 15 f3 16 d6 57 98 02 7d 19 91 fb cf 8e e9 a3 67 bf b4 6c 2c 42 63 73 db 8a 09 17 23 02 ea 23 dc ae 5d ce e0 15 ff 79 9d 78 f9 2f 0b fa 39 60 a5 Data Ascii: cy'q2&\(h-'qTi,DT}T`a?>MLQ<F[HQ/%M2\|wbqcEzdyUN.+}_jt:4[g:z;d'w-E/W}gl,Bcs##]yx/9`
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: ad 4a b3 be c3 25 e1 54 1f 75 b6 ac c8 47 1b 9f da d9 9a ef 73 dc f6 cd 40 a5 1d e2 57 01 9f 05 96 12 9d 30 29 e0 2c f0 14 f0 56 1d f5 8b e1 02 6d 40 37 05 c2 75 62 13 41 8c 45 86 cb 23 7b 53 78 ba 05 91 d5 50 a3 39 b9 c8 48 3a c2 9a f6 04 ef e9 49 f2 be 15 29 ae ec 49 b2 aa 2d 41 d2 91 39 9a ac 1c 7c e0 ec 74 c3 27 e2 01 20 82 80 ae 56 cf df ca ae bd af 00 e5 de 65 b0 0a 78 2f d0 07 4c 14 7d 5e 2a 72 33 bb c4 1f 20 0d 8c 60 66 6b 89 1d 1a 91 e0 03 39 8c b4 21 e1 b2 44 d7 ba 31 9a 00 77 e0 7c 26 a3 1d ba dd 51 59 82 5c fa 9c c9 5a 63 2c 02 b4 25 61 6b 77 92 1b 56 b4 b0 a3 37 c5 86 2e 97 ae 94 33 eb 9b d5 dc a7 c2 89 c9 da ce 07 aa 3a 3e cb b1 5c a2 22 97 0f ac ca 64 28 4f 38 1f 13 6a 8f b9 7e 52 e8 97 15 77 19 fa 7b c5 65 e6 97 8b f1 2e 80 4b 3a dd 25 c8 Data Ascii: J%TuGs@W0),Vm@7ubAE#{SxP9H:I)I-A9\|t' Vex/L}^*r3 `fk9!D1w\|&QY\Zc,%akwV7.3:>\"d(O8j~Rw{e.K:%
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: a9 72 60 5f ce 57 4e 4e e6 c9 2d d0 e0 4d d0 78 22 9b 1b 6f a4 22 fa 81 7f 83 69 b8 14 66 16 8d 02 bf 0e ae 34 a6 49 36 61 6b 6b 7d c0 ef 62 9a e0 99 08 fd 24 30 81 fe 14 66 56 29 66 32 9d c4 08 75 14 d3 4c d7 63 02 d6 41 20 40 98 19 38 82 69 a9 1b 81 cb 31 a1 9e c2 7c b6 a7 82 2b 0f 7c 00 33 b9 56 60 42 37 01 bc 82 f9 6f 2f 06 f7 07 05 b2 e4 28 2c 69 2c c7 34 64 7b f0 d9 99 a0 de 29 cc b4 9b c6 cc e9 15 14 7c af 91 e0 f3 75 d8 24 d2 19 b4 db 8e 69 a6 f7 05 75 c2 04 86 70 09 25 17 8c df c5 34 ad 17 94 3b 89 91 b0 37 78 66 f9 e0 bf eb 30 a2 4d 62 cf fe 7c 50 ae af e8 3e 97 01 57 bb 82 ce 35 8b 2a 25 63 94 42 19 b9 75 1d e8 49 3b 5c de 9d e4 83 ab d2 5c b7 22 c5 fa 8e 64 4d 8b d4 c0 ec be b5 a3 63 79 9e 3c 36 c5 8f 0f 4f 71 e8 62 9e 8e a4 c3 1d 1b 5b f9 c3 Data Ascii: r`_WNN-Mx"o"if4I6akk}b$0fV)f2uLcA @8i1\|+\|3V`B7o/(,i,4d{)\|u$iup%4;7xf0Mb\|P>W5*%cBuI;\\"dMcy<6Oqb[
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: cc f5 95 a0 20 f8 2e a6 69 c2 40 40 a9 a5 88 f9 0f 24 8b 69 9d 90 c8 0e 26 a8 6f 04 ed 26 e6 d5 f5 31 1f f2 1c 16 a4 c8 05 9f ef 03 fe 01 33 df ae 0f da e9 c7 08 17 ae e5 4d 07 f5 5e 05 1e c1 fc cf 5a 10 8e ab d4 8f b3 1a 0b 50 fc 01 36 21 4d 53 88 5a be 88 f9 9e 03 c0 9d 98 f6 7d db f6 00 ba c0 98 a2 bd 91 6a a9 99 7f 93 79 0b 6e a4 1c a9 39 fa 18 c2 57 cb 6f 7c 6c 78 92 27 8e 4c 32 34 9a 9f cd 06 49 08 6c ec 4c f2 f9 cd ed 7c 64 4d 86 96 44 7d 84 f6 7c f3 07 73 9e ce 8d 99 68 99 bc d0 d9 5b a8 79 2d b2 ee 57 15 d7 80 69 0a 5b 73 c2 35 a9 73 c0 5f 63 9a a4 54 14 28 d4 46 e3 c1 35 5f 43 16 97 a3 e8 f3 8b 98 c9 d6 8b 09 75 0a 23 db ff c4 fc c0 52 70 b0 c9 e0 02 73 cd a9 e2 3e 67 b0 49 22 83 4d ea 63 58 e0 64 0f f0 4f 18 11 9a f1 0c 77 60 e6 6a 98 92 95 0a Data Ascii: .i@@$i&o&13M^ZP6!MSZ}jyn9Wo\|lx'L24IlL\|dMD}\|sh[y-Wi[s5s_cT(F5_Cu#Rps>gI"McXdOw`j
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: ce 80 cf 51 3e 72 e6 61 82 7d 1a 0b a1 5f 85 09 56 9a c2 cc 3d 8e 69 b1 97 b0 20 c7 e8 bc 36 86 b0 3c c3 31 2c 2b 25 83 09 d7 71 8c a8 21 c6 b0 d4 a8 a3 58 88 7f 03 26 bc 2d 98 d0 8f 53 d8 26 b3 07 0b ea 14 ef 5a e8 0c da 0d 17 7d 4f 05 6d 86 da 42 30 e1 ec c2 34 4d 98 29 b3 15 d3 96 3f c2 26 96 31 8c 24 2e 85 45 fd f3 98 d6 2e de 0e 14 22 07 fc 0b b0 1b 33 2d 37 05 fd e5 b0 c9 e7 e7 c1 b3 e9 c1 4c e3 fe 60 2c c7 83 7f 83 11 f4 35 e0 7b c1 f3 f5 82 be 5e 9b f7 8c c0 cc ef d0 74 d6 60 9c cf ce 2b 73 06 9b 7c de a4 90 62 76 d6 55 2f 7f 54 9d e4 10 aa 5b a0 10 af 6c 24 58 51 09 a5 de 94 33 32 e1 f1 ca d9 19 b6 2e 4d d1 1a 71 71 bb 5c 1f e3 39 9f 13 13 79 bc 72 36 6c 84 f1 c1 bc 50 8b aa 22 ce 90 7a d3 47 4b 16 2e 8f 3c 96 ec fb 68 c4 7a 60 82 f3 08 96 0c bc Data Ascii: Q>ra}_V=i 6<1,+%q!X&-S&Z}OmB04M)?&1$.E."3-7L`,5{^t`+s\|bvU/T[l$XQ32.Mqq\9yr6lP"zGK.<hz`
2025-01-12 00:05:47 UTC	1109	IN	Data Raw: cf 59 26 28 75 3a 46 a9 86 a5 42 a6 54 64 2e 96 d8 34 5a 6b db 8d 8c 4f 44 55 99 46 f5 61 84 af 1d fa c2 86 23 f3 8b c6 1a 2e 46 14 94 dc 87 75 28 33 70 5c 91 07 50 5e 56 d5 b9 ea a2 c6 58 49 45 39 ac 2d 4e 52 74 55 8a 8e 56 69 bb 81 f1 a9 af be a8 be ac c8 03 87 32 03 b1 76 8b d1 30 4a 6f 7c bc 43 bc c3 2a 7b 70 f4 7e 41 4f 36 27 c7 b2 d6 65 81 6a 65 a2 2f 2d d4 35 3e 41 05 3d 89 a3 f7 ab ca 1e ee 90 f8 c5 88 31 1a 46 f9 e3 b0 ee 5a 3f 3d 9a cb 3f aa c8 f7 54 99 2a 2f e4 f5 ad af 95 af 5f 0f 2a f5 5f df f8 54 99 52 e4 7b a3 b9 fc a3 c3 77 c5 cb 00 31 9a 83 8a e7 cf 9d fd d2 96 b1 bc ef de 07 fa 14 0b 52 6f 9a 64 db d5 84 46 88 5c 4b 9b 0b ca 65 41 9e ca fb ee 7d 67 bf b4 e5 5d 9f 50 1b 63 f1 50 f5 c0 c7 23 6f 7e 7b 18 e5 5e 45 9e 06 72 5a 4e 8a 1b 55 74 Data Ascii: Y&(u:FBTd.4ZkODUFa#.Fu(3p\P^VXIE9-NRtUVi2v0Jo\|C{p~AO6'eje/-5>A=1FZ?=?T/_*_TR{w1RodF\KeA}g]PcP#o~{^ErZNUt

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:05:46 UTC	603	OUT	GET /telegram-13/logo.png HTTP/1.1 Host: image.sanxiang-sh.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.telegramwg.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:05:47 UTC	946	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:05:47 GMT Content-Type: image/jpeg Content-Length: 3393 Connection: close ETag: "941d950538f7ca436158c908c7dec967" Last-Modified: Thu, 05 Dec 2024 09:31:42 GMT Vary: Accept-Encoding Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 7059 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nY0o3VTTLJ4FUj63VZA81wE2E%2FXxxYfutXGDP8HPqhS88VnY4lfKvKYoQxt6l0EbtyzDrJfIJ9ZF3XqPRNM3rWhkBiXPCBt%2FVi%2B5WO0adcRCYwgAGtCgP0PrXLtuJRqYXc9Qh85Qumk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9008e5991a775e7a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1626&min_rtt=1625&rtt_var=611&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2873&recv_bytes=1181&delivery_rate=1788120&cwnd=221&unsent_bytes=0&cid=b45e460942848fc7&ts=151&x=0"
2025-01-12 00:05:47 UTC	423	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 96 00 00 00 96 08 03 00 00 00 0b df 81 d0 00 00 02 d9 50 4c 54 45 00 00 00 27 a5 e6 26 a6 e5 27 a6 e6 25 a4 e3 22 9f db 25 a2 e0 27 a6 e6 27 a5 e6 2a ab ee 26 a5 e5 29 aa ed 23 a1 de 24 a2 e0 28 a9 eb 24 a2 e0 27 a7 e8 23 a0 dc 23 a2 de 22 9f db 28 a8 ea 24 a3 e1 25 a4 e3 25 a3 e3 22 9e da 29 a9 eb 22 9f da 25 a4 e4 28 a9 eb 23 a0 dc 23 a1 dd 29 ab ee 24 a2 de 28 a8 e9 25 a3 e1 23 a1 de 28 a9 ea 23 a0 dc 2a ab ee 27 a6 e6 22 a0 db 23 a0 dc 29 aa ed 28 a9 ea 22 a0 dc 27 a6 e7 24 a2 e0 29 aa ec 23 a1 dd 26 a6 e6 26 a4 e3 29 aa ed 25 a4 e3 24 a2 e0 2a ab ee 27 a6 e7 29 ab ed 22 9f db 28 a9 eb 24 a1 df 28 a9 eb 23 9f db 28 a8 ea 23 a0 dc 26 a5 e5 22 a0 dc 2a ab ee 22 9f da 29 aa ec 23 a0 dc 29 aa ec 24 Data Ascii: PNGIHDRPLTE'&'%"%''&)#$($'##"($%%")"%(##)$(%#(#'"#)("'$)#&&)%$')"($(#(#&"")#)$
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: 9f db 2a ab ef 2a ab ef 29 a9 ea 25 a4 e2 29 aa ed ff ff ff 23 a1 de 28 a9 ea 23 a0 dc 24 a1 df 28 a8 e9 28 a7 e8 25 a3 e1 29 aa ec 26 a5 e5 27 a6 e6 25 a4 e2 23 9f db 27 a7 e7 26 a4 e3 28 a8 ea 24 a2 e0 29 aa ed 22 9f da 27 a6 e5 25 a3 e0 27 a6 e7 2a ab ee 27 a5 e5 2a ab ed fc fe ff fe fe ff d5 ee fa f9 fd fe f7 fc fe e9 f6 fc f2 fa fe e3 f3 fc 50 b7 eb 31 a9 e5 f0 f9 fd af de f5 94 d2 f1 43 b1 e9 4c b4 e7 47 b2 e7 2a a7 e5 29 a6 e3 28 a4 e1 f4 fb fe eb f7 fd c7 e8 f8 c3 e6 f8 c0 e5 f7 b9 e3 f7 a7 db f5 a1 d8 f4 7d c9 ee 67 c1 ed 39 ae e9 2a a8 e8 35 ab e6 3e ae e5 2c a6 e1 fb fd ff e6 f5 fc cc ea f9 b5 e1 f6 9b d6 f3 6b c1 ec 5d ba e8 55 b8 e8 31 ab e8 dd f1 fb ab dc f5 97 d5 f3 81 ca ef 78 c7 ef 6e c3 ed 35 ac e8 2d a8 e6 2d a7 e4 35 aa e3 d0 ec f9 a4 Data Ascii: *)%)#(#$((%)&'%#'&($)"'%''P1CLG)(}g9*5>,k]U1xn5--5
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: 41 18 d4 0e 12 0b 3d f2 00 1a 24 55 16 f5 2d f3 9b 63 61 56 49 3c 93 cd d0 34 4c 56 ce 7b be 70 54 bc 31 86 45 43 61 59 7b 24 9e a9 36 78 28 26 2b e4 b3 ed bb 2c 1c ff e6 da 5e 7a 06 e5 0b ec 93 78 c6 3b e1 69 3f 5d 11 bb e9 a7 c3 c0 f5 3f 45 4c 71 da 83 f2 69 4d 34 1e d1 23 78 42 57 c2 9e 76 ef cc 22 0e 6b 1e 3f 4d fb 97 0a 7b e8 a7 31 b5 c3 28 5d 36 7b 2c 19 d4 07 b8 ce ed 28 c4 da 69 fa f0 a4 f0 0e b6 69 5c ef e0 a3 aa 4c 66 db d9 12 f7 e9 cd 3a 92 f6 ab d0 86 75 13 15 d8 55 e1 9a 04 99 aa 2c e1 df 33 1a 06 71 32 46 52 99 d4 86 bb d8 84 43 2a 5c c3 30 45 94 21 ec b1 ae 68 11 a7 4d c7 72 3c 13 4b 59 8b ee dd 57 02 57 17 08 09 6c fe a8 73 91 41 dc 0c 11 d6 9e c9 99 4f 74 a8 98 73 02 97 18 c6 f1 82 b4 d9 76 ba bd a9 46 dc 74 9a b4 fd 5f 72 c3 15 28 be 76 Data Ascii: A=$U-caVI<4LV{pT1ECaY{$6x(&+,^zx;i?]?ELqiM4#xBWv"k?M{1(]6{,(ii\Lf:uU,3q2FRC*\0E!hMr<KYWWlsAOtsvFt_r(v
2025-01-12 00:05:47 UTC	232	IN	Data Raw: 92 e1 66 e2 2e ac a9 5a 6e 31 b4 11 fb a8 a6 66 ef 4d a1 a5 d9 70 f0 4c 49 52 a8 d0 da d8 ca 9e a9 48 37 12 74 d1 f3 29 04 33 bc 18 3a 1a 07 26 22 3b 0a b9 ba 06 9d 09 f6 8a 68 b0 c1 6a 27 00 09 5f 4a 93 dc 2a d7 52 44 20 03 2b 77 29 22 f2 7e 87 62 84 81 1c 51 1d 9a a8 fb 51 15 f7 22 90 85 e3 c2 44 3f 3b 40 66 61 0b 40 9e 3c 0d 96 a8 f5 a8 3c b0 27 40 87 3c 2b bd 76 c3 72 ab 27 03 45 42 fc 94 3f 1a 37 75 3a 98 c3 a9 2c 02 6d 93 e8 29 74 1b 2e 33 b2 70 bd 95 80 0d 51 89 36 eb 30 45 57 32 3d 86 eb c5 6e 86 81 25 49 b5 8f ba 6f 1a 67 2a 99 be 7e 8c 54 0d 38 c0 b2 36 52 23 4b 5f 79 79 6a bc ce 49 73 6f a5 5b 91 3a d2 26 5d 32 bd 00 eb 13 09 6b 92 46 df c2 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: f.Zn1fMpLIRH7t)3:&";hj'_JRD +w)"~bQQ"D?;@fa@<<'@<+vr'EB?7u:,m)t.3pQ60EW2=n%Iog~T86R#K_yyjIso[:&]2kFIENDB`

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:05:46 UTC	601	OUT	GET /telegram-13/d2.gif HTTP/1.1 Host: image.sanxiang-sh.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.telegramwg.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:05:47 UTC	953	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:05:47 GMT Content-Type: image/jpeg Content-Length: 2202471 Connection: close ETag: "9f6cb1e0d2a29541764755e05b484de7" Last-Modified: Thu, 05 Dec 2024 09:31:40 GMT Vary: Accept-Encoding Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 7059 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BK2PSGseITf9MbPlSkRsDOBo3ZLL0SCsvMvc%2FXGXa5PLbrA3cnpu8eHsGbsRyljYiyx1i0X5w8zHz7vSmW4jKEtWJxpNmP58rn6Gd%2BsvQ5R8S61%2B08IunoXyrGDoGu0W7AVkIHg%2FQTQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9008e59928486a4e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1595&min_rtt=1589&rtt_var=609&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2873&recv_bytes=1179&delivery_rate=1777236&cwnd=216&unsent_bytes=0&cid=a6829a8ffc1f8bd2&ts=147&x=0"
2025-01-12 00:05:47 UTC	416	IN	Data Raw: 47 49 46 38 39 61 00 02 00 02 80 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 05 02 00 ff 00 2c 00 00 00 00 00 02 00 02 87 88 7e 68 ff 5d 1f fe d8 20 bc a8 71 3e 39 2d 00 00 00 80 76 62 ff d5 27 fa 90 16 ff fa ca cf 35 02 9c 92 7c 33 2b 07 ff 8c 00 4e 4d 4d ff ff ff 35 2f 20 a7 f6 ff fc ee 21 7d 09 09 80 80 80 63 5b 4a 35 30 21 ff 8b 00 3d 38 2c 32 1d 04 fb 90 15 ff b4 84 33 33 33 f9 90 15 3d 38 2d ff d4 26 87 7d 67 fa 97 17 cc cb cb fb a0 19 85 7b 65 81 78 62 fa 93 16 fb 9c 18 fe c0 20 47 41 33 0b 08 02 fe c5 22 ff d0 25 fd ba 1f 83 79 64 6e 66 53 fd b6 1d 42 3c 2f 51 4b 3c 12 0d 01 19 14 03 24 1e 04 79 70 5c fd af 1b fc 8f 13 fe e4 21 5a 54 45 f4 54 18 69 61 4f 4c 46 38 fc a5 19 db 3e 08 ff cc 24 ff d8 24 56 Data Ascii: GIF89a!NETSCAPE2.0!,~h] q>9-vb'5\|3+NMM5/ !}c[J50!=8,2333=8-&}g{exb GA3"%ydnfSB</QK<$yp\!ZTETiaOLF8>$$V
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: ff fd f1 69 5b 2b c8 b6 80 87 73 2a b1 93 1a 52 51 50 f4 cd 29 bb 6d 10 e3 d9 a8 d3 3a 03 58 4e 2b fa d1 2c ff 9e 09 db 59 0a f3 ad 1d c2 ac 69 ff e9 95 de bb 2a ce bd 88 fb d9 35 ef e7 b6 c2 35 14 cf 34 00 76 66 2b bf f9 ff fe f6 c7 d8 45 11 ec c5 27 ff e8 7b c2 31 01 cb 76 0e c8 e9 ad d8 bc 54 f4 ed bc f5 ce 32 7a 52 15 fd cb 1d ff f8 d6 7c 7b 7b a3 88 18 81 6c 13 eb de 58 fb dd 4b cf 3e 16 2d 2d 2d ad f3 ef 4f 3e 1c ff e3 63 8d 75 15 e9 e9 e9 c0 c0 c0 c9 b0 62 60 54 2b bd 9f 28 b1 97 2d d4 b8 55 34 2f 1e ff 64 27 89 23 01 f7 f9 f9 73 73 73 ff da 30 bb ee ce ff ef ab 5c 45 17 96 5d 13 97 7e 16 ff f9 e5 d2 c3 8e d6 e5 8c 42 37 1c d4 b4 2d 96 2d 04 ff 92 5d 14 14 14 1d 1d 1d da cd 99 67 46 19 d0 ae 26 f3 86 02 d5 c8 95 2a 18 03 ff 6e 32 91 7e 3e 67 1b 01 Data Ascii: i[+sRQP)m:XN+,Yi554vf+E'{1vT2zR\|{{lXK>---O>cub`T+(-U4/d'#sss0\E]~B7--]gF&*n2~>g
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: 40 73 e5 6f 7f d5 f3 1e a3 90 40 22 01 62 e5 49 29 00 96 b9 00 87 c0 d2 61 8f 81 28 44 14 08 56 87 c1 08 66 ee 4c 14 14 56 c5 26 05 41 2b 30 2a 09 47 48 42 12 10 c5 b9 04 79 d0 2a 83 12 a1 b9 ff 0e 58 42 c1 55 30 85 28 4c 5c 13 a4 e7 42 ea 99 e9 05 4d 68 02 12 24 a5 2e 26 42 b0 7f 00 38 02 15 16 c0 c5 2e 7a 21 09 52 e8 e0 0f a5 b2 37 d9 60 d1 5b 24 2c e2 fa 90 c8 46 45 95 00 09 2d 6c a2 1c 21 88 3c 00 24 61 8b 5d cc 23 17 bd 30 b5 e5 8c 31 2a 3b c2 40 1d 47 a8 46 e5 1d b1 8d 48 24 81 03 e7 c8 c8 f9 f5 cf 0b 7a 8c 24 17 a9 60 37 3f fe b1 29 4f 92 c2 ce 88 58 c8 ae dd 0f 91 a0 04 40 e2 1e d8 c8 52 9e 8c 69 47 90 a4 2a bd 00 b0 1c 5d 72 29 d3 28 23 01 74 00 b6 4e 2a 4f 83 a1 44 24 08 14 17 47 53 42 50 88 49 50 a5 30 93 00 40 01 11 ef 95 43 91 a5 0c 70 39 33 Data Ascii: @so@"bI)a(DVfLV&A+0GHByXBU0(L\BMh$.&B8.z!R7`[$,FE-l!<$a]#01;@GFH$z$`7?)OX@RiG]r)(#tN*OD$GSBPIP0@Cp93
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: 68 7b 44 59 61 e8 ba 57 0e e6 17 78 6e ca 66 7f fe d1 44 7c db 94 28 4e 57 1b 83 17 61 ca 01 70 b9 44 33 cc 07 7c 00 28 56 8d b7 4d 34 47 6a b7 71 80 e4 d5 68 0b 48 7e 9d b4 7f 0f 08 4a 9b 37 4f b1 06 00 81 67 1b 41 86 77 b9 b4 35 0d b8 30 ff d7 81 a1 84 7e 54 75 76 0f d6 7a f3 a5 1c f6 85 48 a4 37 58 2c 28 56 d0 07 00 42 f7 7d 33 98 1c 11 c7 40 0c 98 82 2a 98 83 62 25 80 65 95 28 32 f0 59 11 16 7e 36 a8 81 e6 24 7f 46 c8 40 11 38 4c d1 27 83 b2 c5 56 35 06 85 e6 b4 82 53 e8 81 df 15 6b 29 c7 71 c3 45 7d 48 34 84 44 d8 30 52 f8 85 0b e4 82 40 b7 7a 3e 28 5b 7b f3 71 0b 84 82 69 e8 35 6c a8 83 df 45 73 5a 17 6c c3 a5 1c 15 90 44 5c b8 52 6b 98 87 ed 83 84 92 14 82 23 08 23 3f 68 1c f3 ff 46 5a 76 78 87 35 13 7c 86 88 3a 55 a8 4a 89 12 83 69 07 5a 1e c7 3e Data Ascii: h{DYaWxnfD\|(NWapD3\|(VM4GjqhH~J7OgAw50~TuvzH7X,(VB}3@*b%e(2Y~6$F@8L'V5Sk)qE}H4D0R@z>([{qi5lEsZlD\Rk##?hFZvx5\|:UJiZ>
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: 3b 01 a3 13 0b b5 bb 13 b7 ec 78 04 5e 80 47 54 f0 45 56 8b 4b 75 5a 1b 25 da 46 ae b2 38 7f ab a3 01 f3 13 58 32 b1 b2 11 03 50 8b 04 45 00 b7 88 4b 7b 00 96 1c 18 e5 40 53 90 32 4d 42 14 47 c3 b9 b3 41 2d b8 23 05 51 3b ba 08 f9 a2 93 7b 54 70 a4 03 81 1b 9f e0 d4 ba ae 2b b9 62 32 05 b2 0b ba a4 4a bb 49 37 a8 be 82 bb 52 20 04 98 bb 75 4c e1 95 17 fb bb b5 e1 b9 b7 93 3b 30 24 ba c6 bb 5f 2e 30 82 fa 94 4e 2c 94 ba cd ff db 58 51 f1 1b 5c 29 bd 83 62 9f b1 7b 26 87 9b bd 3d 57 04 7a 96 02 03 6b 60 a8 2b 04 36 29 21 5c 11 1f 9b 6b be 92 63 9f 64 62 26 a0 9b b3 ec eb 52 70 74 2f 0c f4 3e 3f 73 b9 bb 1b 21 9f f3 0f cf b1 b6 bf eb b9 e8 ab 03 c2 cb 03 52 14 35 00 1c c0 bc 55 31 68 e2 b7 71 92 c0 2f 52 b1 62 61 09 7f f0 0d b9 90 07 77 a0 bf 26 02 c1 b7 23 Data Ascii: ;x^GTEVKuZ%F8X2PEK{@S2MBGA-#Q;{Tp+b2JI7R uL;0$_.0N,XQ\)b{&=Wzk`+6)!\kcdb&Rpt/>?s!R5U1hq/Rbaw&#
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: 02 03 cf 1a f5 be c3 fe 9e d2 98 a0 f0 18 9f f1 9e ce eb 0e ef f0 4c 3e ef d5 6e ce 2b 3e eb 1a 5f f2 1a 1f e9 1d ef f0 33 6e ce 1a 40 1d 39 6d d5 5d 00 ea 71 ff a0 08 8a a0 07 36 6f f3 71 90 f3 3a df ee 3a 9f f3 37 af 07 34 4f f3 bc 30 f4 c8 50 f4 c4 70 f4 c4 e0 06 4a bf f4 80 d0 f4 4e 0f 08 6f 10 f5 52 1f f5 8c 50 f5 56 9f 09 58 8f f5 6a b0 f5 6a 10 09 5e 9f 00 60 af 08 a0 8e f2 29 0f f0 37 10 f1 9d 51 d2 10 5d d5 31 ff e9 bc 00 f6 70 1f f7 72 3f f7 74 5f f7 76 7f f7 78 9f f7 7a bf f7 76 cf 0b a0 9e ea 65 2f d8 93 c0 04 84 5f f8 86 7f f8 88 9f f8 8a bf f8 87 cf 07 9e fd f8 90 ff 07 ff 50 00 93 5f f9 94 7f f9 96 9f f9 98 bf f9 99 1f 18 25 5d f1 29 8d ec 9f ae 08 7c 5f fa a6 7f fa a8 9f fa 75 8f 0c a0 5e 06 a0 f0 fa b0 1f fb b2 0f 0a a8 50 fb b6 7f fb b8 Data Ascii: L>n+>_3n@9m]q6oq::74O0PpJNoRPVXjj^`)7Q]1pr?t_vxzve/_P_%])\|_u^P
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: d0 86 b5 73 84 23 24 c8 90 6b 5d 6f 6a 38 7b 88 ce 24 b6 42 c1 74 d0 83 aa 71 57 fe e6 d3 1c 13 c2 ed 45 8e f1 45 0f 9b 42 40 bc 01 f1 21 15 4c e0 05 17 a2 8d 4a dc d0 8b b4 73 84 02 64 b1 21 18 96 4a 80 bd fb d7 e3 84 b4 b3 19 5e c5 88 c7 13 9a 6a e0 c3 97 25 d4 31 08 66 59 22 5d ea d3 c4 a5 5d c9 31 a6 b0 d6 19 97 e2 bb 34 46 04 81 09 14 a4 43 b4 f1 45 46 82 51 0b ce d8 9e 19 99 c2 29 3c 91 e2 7d 0c 51 01 1b 75 f5 46 e3 b9 07 06 7c 09 02 14 24 30 4a 09 e4 a0 2c 2a 72 0c 85 f8 a8 b4 49 39 86 15 d6 6a 23 45 da 07 b0 ff c4 50 7e 8b 6c 64 2e 67 c7 8f 75 ac 2a 96 12 d1 62 01 88 a0 c9 8a 71 b2 72 19 e3 8b 28 49 39 4a 53 c2 24 4a 8e 99 d2 2a 43 86 2c c7 28 ff 6b 59 bf 9c 08 11 86 41 0a 4b 7a 6f 21 65 bc 9a f5 20 82 4b 5d ea 52 0b bd 2c 15 36 9f b2 b3 9e 15 d3 Data Ascii: s#$k]oj8{$BtqWEEB@!LJsd!J^j%1fY"]]14FCEFQ)<}QuF\|$0J,rI9j#EP~ld.gubqr(I9JS$J*C,(kYAKzo!e K]R,6
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: 63 88 83 7a 20 43 93 3f c3 82 2d 45 fb ba e8 bb a1 fc 93 bd ad e9 bf 5b a1 b9 87 08 40 12 89 3c 95 48 22 a9 30 c0 b9 0a bf 97 98 b1 05 a4 0d 51 4b 0b 52 e3 96 93 c1 8b 76 5b 3f 86 48 b5 f1 59 b5 0c d4 c0 d6 9b a9 13 b3 21 10 fc 91 6d 19 41 41 29 41 87 38 41 ee 53 0d fc e1 b5 70 83 09 3b 43 8a 12 92 c1 c9 18 36 a4 28 36 ba a1 3a 88 c0 22 85 69 88 06 ba 40 20 b4 2e c1 13 32 e8 0b 00 22 7c 20 ff 47 e0 b7 4d 89 38 b1 c9 80 63 9b 88 26 74 42 b1 58 1e 94 4b ba 3a b3 0c 3c bb 42 c9 40 37 a4 50 37 7d c9 14 ab d0 c1 99 c3 24 78 53 35 32 2c c3 9d c3 2e 8e 0b 80 da da 37 3b 89 38 5b d9 99 08 84 08 3a ac c3 b0 58 30 3c 9c 2b f9 a0 8f 3e 9c 0c 86 43 0a 87 53 98 12 24 82 09 5c 96 05 82 3f f2 01 31 45 b4 ae 11 e3 40 9a 82 44 08 6a 43 87 20 82 76 83 c3 2e 64 42 4c 64 10 Data Ascii: cz C?-E[@<H"0QKRv[?HY!mAA)A8ASp;C6(6:"i@ .2"\| GM8c&tBXK:<B@7P7}$xS52,.7;8[:X0<+>CS$\?1E@DjC v.dBLd
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: 4d c8 1f 71 40 d3 1f e0 5b c9 95 5c 2c 58 c3 ca 45 8d 85 04 a1 c2 bd 52 82 d0 d2 9a e0 d2 a1 ed ca 9a 18 83 fc 91 84 46 fa 01 ff 25 38 5d d4 4d dd b4 65 dd 5e 51 b0 67 75 c8 de fc 35 72 4b 5c 9c 78 55 9a c8 dd cc c9 02 2f ea dd df 05 5e d4 dd 01 a5 25 9f e1 35 8d 85 44 00 38 85 89 ba b4 27 82 78 54 a4 88 d4 a1 0d 4d c7 c0 56 b5 01 02 ec 1d 9f 4d ad de f7 0d 2b 7d bd 21 ed 3d 8d b6 65 8c 1c 95 42 55 a5 0b 56 dd da 77 a5 89 78 55 9b c6 25 1f b2 85 df c4 b4 58 31 c0 d8 2a 90 04 49 18 85 06 6e 84 07 6e 04 2d 90 60 30 a0 60 30 30 83 0b 36 03 3a d0 60 3a 98 80 0e a6 83 f2 84 a0 7f a5 df d2 e0 de 2a a5 4b 82 9d c9 9a a8 c9 a1 4d 58 9a 58 58 b5 d9 5d 07 22 e0 02 06 b2 1d b8 d8 8c 65 e0 51 80 e0 09 b6 e0 0b d6 e0 0e 06 e2 20 16 e2 21 26 e2 22 ee 60 33 00 dc 11 2e Data Ascii: Mq@[\,XERF%8]Me^Qgu5rK\xU/^%5D8'xTMVM+}!=eBUVwxU%X1Inn-`0`006:`:KMXXX]"eQ !&"`3.
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: 28 ec b4 78 78 c4 ce f8 99 a7 79 7a c7 f7 8d a7 70 5f 41 11 a2 1e 00 70 28 6d 33 1f f9 5a 07 77 94 27 7a 53 30 85 e8 4e 01 60 97 0d d8 1e 00 d9 de 18 29 af f9 a8 97 fa 2f 92 59 9c b7 dc 0a 3f 47 cf b0 eb 01 80 87 18 f8 eb 46 0f fa 33 b7 04 a2 27 fb 33 18 fb 20 2f ed 69 00 07 e8 68 e1 99 78 e1 a2 41 81 2d 9f fa b9 47 53 47 90 84 42 58 e0 bb ef 86 6e 28 04 be ef 86 33 d0 88 7f bd 79 ab e7 78 90 85 10 d0 ae 09 41 e8 eb 91 b6 00 a0 0f fb 33 cf 05 5d 37 79 b2 cf e7 5c 80 fc 94 3e 6d 0b 78 87 e7 e0 6f ff c6 62 b9 a7 7b a9 1f 85 bd e7 fb 2c 30 fd 2c 10 07 43 50 7d ec 34 82 94 d0 80 d7 c7 01 1c d0 00 d9 d7 00 c2 ef b6 26 66 0c ff e6 9e 09 74 f8 6b 7d b6 fc c7 af f5 5c c7 85 06 28 78 ca 17 f8 33 c7 05 49 ef f5 a6 b6 80 05 a8 0d fe 3e 5a e6 69 01 d0 0f 7d 2e bf fb Data Ascii: (xxyzp_Ap(m3Zw'zS0N`)/Y?GF3'3 /ihxA-GSGBXn(3yxA3]7y\>mxob{,0,CP}4&ftk}\(x3I>Zi}.

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:05:46 UTC	601	OUT	GET /telegram-13/d7.gif HTTP/1.1 Host: image.sanxiang-sh.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.telegramwg.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:05:47 UTC	949	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:05:47 GMT Content-Type: image/jpeg Content-Length: 3327196 Connection: close ETag: "3ca4222d4871d2c299e44dbbd14ebb46" Last-Modified: Thu, 05 Dec 2024 09:31:43 GMT Vary: Accept-Encoding Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 7059 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cPLlorw35cseO%2FXnSwxFx%2BWHEjkaeSRDA5MTrUwBiSFGCGptQXd85VLeYIza7nmuFPzSwl%2FCYhN8SsHupEX44rqBSnTtwDOfYGuxifeVpmil81R4HFDuXPhH6XNTZ8oYBjW65YiNL8I%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9008e5992b107d0b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1819&min_rtt=1813&rtt_var=692&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2872&recv_bytes=1179&delivery_rate=1567364&cwnd=227&unsent_bytes=0&cid=e12ca3453a0a67c1&ts=158&x=0"
2025-01-12 00:05:47 UTC	420	IN	Data Raw: 47 49 46 38 39 61 00 02 00 02 80 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 02 00 ff 00 2c 00 00 00 00 00 02 00 02 87 00 9b ff cf 35 02 00 32 52 fe d8 20 00 00 03 00 80 d2 ff 5d 1f ff d5 27 fa 90 16 00 58 8f fc ee 21 ff ff ff 00 00 00 00 58 90 05 56 54 56 be ff 7d 09 09 ff b4 84 00 57 8f fa 8f 15 fa 90 15 00 57 8e fa 93 16 ff d5 26 fb 91 15 00 84 d9 00 97 f9 00 98 fc 00 81 d5 00 9a fe ff cf 25 00 90 ed ff d3 26 00 8d e9 00 93 f4 ff d7 25 00 89 e2 fb 96 17 fe d5 26 fe c7 23 00 92 f0 fc a3 1a fe e3 22 00 6a ad 00 87 df fb 9e 19 ff cc 24 00 6d b3 fd ae 1c fe bd 20 00 8b e5 fc ed 21 fe c4 22 00 86 dc fe c1 21 fb 99 17 00 5d 98 fe e0 23 ff ca 23 fc a6 1a 00 80 d3 fc a9 1b fd b1 1d 10 0d 03 00 43 6d fc 90 14 00 Data Ascii: GIF89a!NETSCAPE2.0!,52R ]'X!XVTV}WW&%&%&#"j$m !"!]##Cm
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: 4d 12 ff de 51 ff e2 6a 43 b6 ff f3 ad 1d 0d 5d 89 28 ac ff 80 6a 13 6f 5c 11 ff f8 da ff d9 25 0b 07 03 f9 c0 22 ff 67 2a b2 94 1a 36 b1 ff ff f4 c8 ff e8 86 00 06 08 e0 6c 0e ff e0 5d 1b a6 ff e7 4a 15 ff 84 4c 9b 1d 0a da c3 36 ff ed a2 f6 ce 27 06 9e ff 90 78 16 ff da 25 00 0f 11 ff fe f8 fd e8 21 d8 52 08 06 03 02 ff e5 77 ff 90 12 fc e9 21 04 4f 4d f6 b7 20 22 66 80 86 0e 0a a8 8d 1a 90 14 0b e4 7b 12 d4 7f 1a 03 3c 3b ff ac 7b ff f2 bb ea 90 16 01 2e 33 ff fb e7 ff d7 30 21 3f 4b 01 25 26 78 64 12 cf 3e 16 03 46 45 d9 b5 21 00 59 8f 4c ba ff 00 54 90 89 72 15 b0 ae 47 c8 a7 1e d5 49 06 4c 7d 6f 83 98 59 be 71 15 9d a5 4f b8 2f 0c 3c 12 05 02 59 8d 32 70 7a ae 29 09 ed 99 18 aa 64 0f cb bb 3c 5b 84 69 90 9f 54 98 7f 18 66 89 65 f5 8e 16 65 54 10 bf Data Ascii: MQjC](jo\%"g*6l]JL6'x%!Rw!OM "f{<;{.30!?K%&xd>FE!YLTrGIL}oYqO/<Y2pz)d<[iTfeeT
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: 6c fc 9b cc 89 6a b5 02 0e cc 4c 04 f2 53 5e 06 50 c0 40 7a 51 0e 6a 19 28 a1 d5 50 60 3d c7 91 60 81 f4 da 40 0d 5e a0 bf 0c 3a c6 7f 71 6a c0 0a 78 e0 be 0d b0 80 80 b8 fb 00 0c ff 55 28 31 a8 91 40 85 56 8b df ed 5e a8 b3 21 90 a1 7b 99 b2 91 0d 0d b3 aa 23 44 21 7b 00 60 21 01 39 c0 3c 24 d2 cb 6b 50 8b a0 17 69 e6 c0 25 6e 2d 04 4b 08 5d 14 a7 e8 17 a3 b9 a8 01 2f 60 c1 02 37 00 c6 f3 b5 6e 8c f4 0a e1 bb b0 88 47 8b 7d c0 8c 74 9b 61 a6 3e 44 3a 36 be 05 87 6e b2 22 1f 01 00 42 02 06 b0 8f f4 82 9b eb 20 79 31 11 6c 0e 6e b3 c3 9b 13 99 80 38 43 aa 65 55 4d 38 22 bd ca 78 3e 0e 88 91 92 e8 d2 80 dd 50 a9 33 11 b4 10 93 af 0b 81 11 d4 e8 26 07 79 32 2c c5 13 93 15 dd 47 2f 25 da 51 7d ac 64 17 0a 59 a9 33 5f f2 2d 93 97 db 40 06 f0 17 a7 fd dd d2 2a Data Ascii: ljLS^P@zQj(P`=`@^:qjxU(1@V^!{#D!{`!9<$kPi%n-K]/`7nG}ta>D:6n"B y1ln8CeUM8"x>P3&y2,G/%Q}dY3_-@*
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: e9 6c aa 1a 3c 12 3b 40 f3 a8 a1 9f e2 01 47 7a ec 57 2f bc d7 2e 32 f5 3a 4e 27 68 92 b7 42 c4 37 24 e0 27 2a aa 92 04 63 24 77 ca b5 78 5a 37 7a 41 27 7d 9c 07 35 58 86 37 f1 17 64 da f7 5b 3c a7 62 0c 27 2a aa 26 04 a5 47 44 9c 23 7b d2 67 74 05 40 7e b7 e7 7e 05 60 81 34 73 7a 41 36 7f 7c 67 7f 2e 92 5b 88 d2 4e be 37 3d 01 18 3d 03 98 71 5c 37 84 5a c6 65 19 00 76 3a 13 07 38 17 64 0b b8 33 28 d0 80 4f 32 5f 5c f2 29 2b e0 7c af d3 78 7c f3 83 b7 57 80 2c 38 80 41 58 73 d3 f3 71 a8 b7 7d 5c a3 70 95 77 28 54 22 81 63 c4 7f 93 65 84 79 f4 35 34 d8 85 31 65 7d 10 e3 08 d8 27 64 92 13 05 f9 53 24 54 38 22 27 98 82 48 a4 71 ee 02 83 d2 67 6e 58 18 7a 1b e8 58 08 c4 84 c1 ff f7 5e 7e 77 26 5d f2 29 47 c0 85 d3 23 83 05 d0 81 70 48 54 5f a3 84 d2 47 88 05 Data Ascii: l<;@GzW/.2:N'hB7$'c$wxZ7zA'}5X7d[<b'&GD#{gt@~~`4szA6\|g.[N7==q\7Zev:8d3(O2_\)+\|x\|W,8AXsq}\pw(T"cey541e}'dS$T8"'HqgnXzX^~w&])G#pHT_G
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: 33 8b 1f a0 83 a7 aa 17 54 d5 00 9f 8a 44 d8 98 b3 69 e9 b7 9d 03 b8 75 3a b3 c8 c8 03 e7 6a 18 83 75 a5 61 f5 b0 3d 26 b2 84 b9 a9 80 2b 5e df da 8d 7d ea 22 92 7a 18 83 f5 02 90 45 88 40 5b 99 c4 4a b7 84 a9 71 43 0a 87 76 4b 24 87 e1 b2 56 fb 3e ec ea 5d 28 8b 8c d1 09 b8 0e 1a b5 7a 76 b8 43 72 18 43 52 0b 8d 8b 44 d6 aa ae cf 59 9e a3 5b b1 ed 7a b9 f0 09 18 83 c5 a6 90 65 78 bb 6b 90 f8 39 ba 26 4b 56 09 ff 79 ba 2b 92 b8 6e 31 24 4c f0 bb ce e3 a0 b2 5b 99 02 eb bd ee 87 be e5 35 04 3a f8 80 76 41 55 65 00 b9 13 08 37 7c db 9a 21 79 b0 d2 e9 b9 13 83 bf df c6 01 40 5a bf 43 52 96 61 25 bd 17 e7 bd 05 b8 bf 98 49 73 eb fb 6f 1a db 22 79 a1 b4 f7 05 bf b4 53 b0 02 4c 98 34 47 bc 4b e9 82 b5 cb 9b 3a 98 17 43 72 bf c6 15 92 85 eb bd 49 ea bd 00 20 b9 Data Ascii: 3TDiu:jua=&+^}"zE@[JqCvK$V>](zvCrCRDY[zexk9&KVy+n1$L[5:vAUe7\|!y@ZCRa%Iso"ySL4GK:CrI
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: 05 3f f1 07 20 09 08 ef 26 42 90 7c 16 23 d5 d2 59 03 ff 4d 50 32 92 da 3e ad e7 b0 13 cd 44 c2 0b b9 70 e1 14 bf f2 50 9e 0b bc c0 2d 30 c2 05 ac ff 30 18 12 cf f2 05 ef 0c c8 60 ec 55 72 04 0f 27 b9 1c 26 9d 68 ed 14 20 55 0b fa ce 4a 21 99 5f 1a 80 c8 54 22 0a bd b0 0d 30 6e f3 50 2f e3 2f ef 2a 4f 12 f3 33 af 18 35 1f f5 eb 4e 09 bf f0 ee 63 62 75 5a 26 49 d2 19 c3 67 bb 14 84 a5 67 a2 3d 2f 7d 47 26 c3 90 f2 5a ff f6 2e 9e 05 ce e0 f5 9b 12 25 32 2f 20 91 91 f5 70 ef ed 59 70 0c e2 2e cd 19 0a ea e3 89 cb 8d 8d 13 54 c5 ec 78 64 6e bc 34 04 7d 0e 23 da 30 e9 b0 be f7 92 2f e1 bf a0 f3 30 02 25 ee 80 f7 af a1 f7 93 1f ec 16 2e 09 7f 2f 26 4d d0 52 39 29 9d 72 bd b1 66 1f 23 8c 5c 67 95 3b 37 19 60 db 2a c2 0b 64 de f9 b4 0f e3 db 30 f5 27 42 28 c3 70 Data Ascii: ? &B\|#YMP2>DpP-00`Ur'&h UJ!_T"0nP//O35NcbuZ&Igg=/}G&Z.%2/ pYp.Txdn4}#0/0%./&MR9)rf#\g;7`d0'B(p
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: 80 01 91 f6 0a 0f f6 50 00 6b b8 5e 95 98 60 2f e4 44 e1 29 0d a8 e0 84 9e 72 04 e4 0c 01 56 07 e2 c2 1a 7c e8 41 33 98 2d 6b e6 f8 17 f4 7c c0 c2 14 3e ad 1b 5c 64 8f 24 7e 21 0d 6d dc e3 7f 33 44 e3 02 26 21 11 18 e8 10 60 08 9c 62 0f 41 58 a7 17 90 0e 31 43 a8 45 f7 92 e8 1c 11 62 24 7c 97 91 81 8f 66 53 01 30 74 30 8e 1e 7c 05 d2 30 80 01 e8 05 0e 8c 09 83 82 17 1f e9 9e 33 a4 d1 92 55 88 88 07 dc 88 80 09 f0 f0 90 54 04 82 ee 0e 84 03 22 2a 66 82 35 d9 e3 73 46 56 12 c5 98 0e 8a 86 fc a4 02 a7 b1 c9 2d 4e 32 61 ca 78 da 33 6c d9 1e 41 58 12 8d aa 60 e3 26 e1 18 4b 0f ae 81 0b 7d 6c 8b 11 b4 87 14 57 72 24 95 91 69 00 65 3c 66 14 11 9c ff 12 38 70 90 22 31 11 39 81 4d 9e 70 97 e1 b2 44 2e bf e9 1a 3d f8 12 8d 7a c8 e4 26 3b a9 4d 39 86 12 41 47 c0 20 Data Ascii: Pk^`/D)rV\|A3-k\|>\d$~!m3D&!`bAX1CEb$\|fS0t0\|03UT"*f5sFV-N2ax3lAX`&K}lWr$ie<f8p"19MpD.=z&;M9AG
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: 2b a9 23 2a 57 1b 8a f0 03 00 0d e0 3d f5 73 3f 38 68 80 11 24 c1 12 34 c1 13 2c 41 d9 91 c0 fb 4b a0 ce 32 a0 ac 8b 08 36 2b b7 37 9b 3e 32 71 19 02 74 3e 29 a0 a9 36 90 88 c9 61 2d b1 f2 1c b5 41 c1 21 34 41 38 70 36 8d 80 36 93 a8 01 ba 4b 25 64 0a 90 0e 58 2a 8b 22 c2 29 a4 c2 14 34 9f 09 54 a0 ab d3 a1 81 7a 88 c0 d3 35 fc 9a be 49 79 9a 58 98 be 03 50 05 86 ea 82 8c 7b 88 ff af 32 20 b6 fb a7 20 ac 80 2a 94 c3 cf 9b 0e 93 e0 93 08 d1 40 8e 60 1d 00 58 b9 bd 99 c3 3f ac 42 d9 01 82 96 13 32 1d 8a 39 88 30 81 22 b3 34 1a 9c 3e 5d 19 c3 32 84 b2 9f 4b c0 4d aa 32 1f aa a2 63 02 c4 3f 9c 8d a2 00 80 cb 62 ba 24 1a 19 09 5b c2 36 c9 c4 52 a4 c2 0a e0 20 01 78 2f 1d b2 00 0e a3 39 9b 2b 43 83 71 99 40 28 c3 03 00 2c 73 0a b5 87 98 37 37 2a b0 38 62 20 53 Data Ascii: +#W=s?8h$4,AK26+7>2qt>)6a-A!4A8p66K%dX")4Tz5IyXP{2 @`X?B290"4>]2KM2c?b$[6R x/9+Cq@(,s778b S
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: 50 5c c2 81 82 40 e8 5a d4 2c 5d 14 92 82 12 8d 86 15 9b 88 13 38 5a 66 40 53 bf b5 dd db cd 89 79 85 1e 89 a8 34 ff 5d 1b bc 88 48 dd a4 fc 01 4b 08 da 85 68 5c cf ec ce b3 70 83 4d a0 d5 30 c8 83 cc 85 de cc 95 83 b3 25 54 36 88 88 fd ea d9 ba b4 03 28 28 de 86 78 83 e0 ad cb 84 98 24 57 d0 83 a2 95 08 10 00 5c e8 11 85 35 c5 dd f6 ed db f4 ad 1c b7 7c 88 d3 fb c2 a8 fc cb 1f a0 d9 87 c0 52 cf 4c 0b 86 9d 55 2f b0 82 e8 15 60 03 28 02 ea 7d d2 3e 80 88 25 0b dd 06 ed 5e 88 38 5e d5 f5 2f 8e 85 9e 09 58 07 f7 b5 e0 be 4d 29 03 4a 38 88 70 ce 6b 9c 08 40 10 cf 06 76 08 ba f4 4b b4 60 04 5a 7d de 01 1e e0 3c 28 54 eb 7d 08 05 76 99 ba 74 bd ab f0 50 d4 fc d5 be da 38 1d a2 80 0b e6 61 94 cd 60 e8 a9 da 86 b8 da 45 fc 60 ed 15 e1 87 20 e1 aa cc 5f 8a 28 86 Data Ascii: P\@Z,]8Zf@Sy4]HKh\pM0%T6((x$W\5\|RLU/`(}>%^8^/XM)J8pk@vK`Z}<(T}vtP8a`E` _(
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: a3 21 b7 73 6c 85 19 ef a6 d5 8f 07 79 03 58 72 b3 3e 73 e8 bd e3 0a 8d 84 10 47 f9 e9 6b 4d 73 62 79 51 e3 b8 97 67 69 4f 70 23 81 81 88 98 ce 4c 73 07 ee 42 05 ef 9c c7 5c 67 17 ea 91 87 5e d6 0e 7a b7 26 c3 e7 8e 44 78 9d 88 1b 70 79 a5 5f 69 08 7f fa 3b 27 98 3e 18 6d 4d b6 7a 01 06 ea e2 c6 e8 e8 7d f7 00 e0 86 10 0f e7 32 f4 52 5f 1a d6 88 78 66 44 37 7b 7f 66 7a 56 4c 55 5d 6b 48 5f 29 04 5f 46 e1 b7 1f 60 ac b7 e8 76 27 60 0a bd 7b b7 ce fb 02 84 b7 89 30 71 a4 09 fc b3 77 a3 18 2c 72 c4 57 fc c5 67 7c b8 df 79 b3 86 7c 16 9e 7c e8 ab 7c e7 2b cc 34 da f6 87 48 fa cd f7 e7 70 47 80 fa 3e 00 82 76 33 ff d0 6f 58 e1 1e 7d 01 76 7c 8b d6 fa d5 4e 7d 8e 64 6f 76 34 27 c1 ba ae 06 97 7d 69 3e 75 04 c0 ab 85 c0 fd 4b b3 94 42 58 85 80 a7 d5 74 ef fd 01 Data Ascii: !slyXr>sGkMsbyQgiOp#LsB\g^z&Dxpy_i;'>mMz}2R_xfD7{fzVLU]kH_)_F`v'`{0qw,rWg\|y\|\|\|+4HpG>v3oX}v\|N}dov4'}i>uKBXt

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:05:46 UTC	601	OUT	GET /telegram-13/d3.gif HTTP/1.1 Host: image.sanxiang-sh.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.telegramwg.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:05:47 UTC	947	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:05:47 GMT Content-Type: image/jpeg Content-Length: 2254846 Connection: close ETag: "999ccb074c15d6377f97302832038c14" Last-Modified: Thu, 05 Dec 2024 09:31:42 GMT Vary: Accept-Encoding Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 7059 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vbqV4c6rMdvylyUd8aPtAHvD7351JRCAid71b910m33RZ1KVq5%2FH5QzU6RAz6DnNzXKqWxTiCjyd5B1ZM6ln7qBjQUEimm67E0aws3jtN2AgvAnKwZfLHq9H1Y9S2tM%2FOvwK34i2wwY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9008e5991ce01795-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1496&min_rtt=1489&rtt_var=573&sent=3&recv=5&lost=0&retrans=0&sent_bytes=2872&recv_bytes=1179&delivery_rate=1886304&cwnd=172&unsent_bytes=0&cid=f49da4cf5510c311&ts=125&x=0"
2025-01-12 00:05:47 UTC	422	IN	Data Raw: 47 49 46 38 39 61 00 02 00 02 80 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 02 00 ff 00 2c 00 00 00 00 00 02 00 02 87 fe d8 21 ff ff ff fc ee 21 03 b4 ff 72 89 12 a6 c8 36 00 00 00 ff 5d 1f cf 35 01 fa 90 16 7d 09 09 ff a9 8f 02 b3 ff 01 b4 ff ff b4 84 cf f2 5c fe d8 20 fb 8f 15 fe d7 20 71 89 11 ff d9 20 01 b6 ff f9 90 15 f2 52 17 fe d4 20 fd 5a 1d ff d8 20 e9 49 10 db 3e 08 fe d0 1f fa 95 16 fb 99 17 ee 4e 13 d2 37 02 f9 57 1b fc eb 20 fb a2 18 f6 55 19 72 88 10 d2 3f 03 fc b4 1b fc ce 1f fe c7 1d d4 39 04 fe db 20 fc af 1a cf 33 00 fb 92 15 fc aa 19 dc 5c 09 fe e2 20 d7 3c 06 fe fd f3 e5 46 0e e1 71 0d fe de 20 f3 af 18 d8 54 07 fd bd 1c d4 48 05 00 b3 ff e1 44 0c e7 86 11 fd b9 1b a3 c5 33 fb 9e 17 fe Data Ascii: GIF89a!NETSCAPE2.0!,!!r6]5}\ q R Z I>N7W Ur?9 3\ <Fq THD3
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: a9 24 0f 84 91 12 86 0e 09 ff e4 63 4d 44 09 0e 0c 01 ff 98 76 ff e2 58 ff 7c 47 df bd 1c c2 35 14 cb 3a 15 e9 4e 1a d1 3f 17 c0 e3 4f a9 cc 38 ff 6d 33 ff ee 9c ee d5 2f ff 85 4f ff 70 3b 10 b5 f3 43 bc c6 a5 c7 35 c8 eb 55 fd c0 1c 80 c6 8f f8 d5 21 fe 8f 12 35 ba d2 ff a2 86 d9 43 17 d4 c0 1c f3 b0 19 e9 f2 cd a0 a3 16 81 0a 08 ff f3 b9 ff f8 d5 27 27 27 e1 d4 3a af 94 17 63 c2 a9 6f 5e 0d 97 9e 15 ff 72 38 f0 f9 d6 ab a9 1a d6 e6 a1 e1 c8 1d a6 cc 6e fc e7 20 10 0e 02 8d c8 84 ff a5 73 fa c8 1d 5d 5d 5d b4 ae 18 d8 4e 06 53 c0 b8 d4 d2 45 ff ae 7d dc 62 0a c8 b9 1a 10 10 10 ab cb 42 90 99 14 bc d6 68 c5 d0 52 e2 ef b6 ff 75 40 21 b8 e2 8e 79 12 ff d5 24 80 80 80 74 c4 9a f6 8a 14 ff f9 dc ff 9e 6a f0 d0 1f d0 d0 d0 ff ef a3 f0 7a 10 bf b5 19 c7 35 03 Data Ascii: $cMDvX\|G5:N?O8m3/Op;C5U!5C''':co^r8n s]]]NSE}bBhRu@!y$tjz5
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: 18 a0 06 05 d8 05 03 3e e0 7d d7 73 51 04 1b 28 16 1d 99 4c 21 df 0b 0d 15 4a 77 c1 16 ca 6c 17 1b 8c e1 fa f6 91 30 9c 31 41 84 24 34 4b 0a 17 07 11 d1 c1 cc 85 40 94 59 2f ff 64 48 c4 00 d0 80 7a 0f 40 43 c8 e4 c7 9f ee e5 d0 2b 3b 94 8c 43 42 67 a1 22 b0 30 88 58 5c 17 3b 8a 48 c4 23 3e eb 7d 91 68 9d 85 d0 f4 c4 d8 bd e8 84 9c 72 91 17 7e 98 c5 36 ae 6b 88 5c 94 a1 17 3f a8 2d 9e 7d c9 89 65 dc 0a 8b 70 88 90 28 2a a6 08 b7 c3 5d 2f 7a 61 06 37 46 2e 8e 44 44 05 b4 6c 55 00 20 60 6f 44 68 cc e3 55 fc 38 9f 36 89 28 09 c6 9b 9c 19 ca c1 89 f3 a9 8f 06 bf e8 85 21 b7 f6 0b 44 ca 10 89 cb 12 e3 97 24 19 16 13 12 c4 45 46 80 5c df 76 71 8f 2e 14 f1 17 bb 18 e5 0b 3d 69 ca 01 1a 10 11 ea ba 21 03 59 f9 15 08 0a c4 45 80 9c 9c f9 10 89 8a 5c ea 52 63 66 e0 Data Ascii: >}sQ(L!Jwl01A$4K@Y/dHz@C+;CBg"0X\;H#>}hr~6k\?-}ep(*]/za7F.DDlU `oDhU86(!D$EF\vq.=i!YE\Rcf
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: ba b8 86 35 d4 77 0d 5d 7c 9f db 64 b0 79 1d 70 7e 04 c8 7a e9 d7 11 73 d7 3f 91 f0 04 d1 b7 25 98 37 7f f5 17 81 3f b7 7b df a7 0b e8 70 81 ff e7 6d 72 c0 79 e3 47 80 c9 67 80 07 a8 11 f2 41 79 b9 53 38 77 57 24 d3 d7 73 12 b8 82 40 d7 06 19 f8 82 ff f6 0c 9c 37 80 1e a8 7a 20 18 82 18 d1 1d b0 77 3c 4f 83 77 9d 90 0b 5c c7 82 42 e8 73 30 58 84 dc e6 0a b8 07 03 35 a8 7a 38 98 11 ed e1 7c ed f7 05 27 a8 23 0f 38 84 56 f8 75 46 68 84 b8 27 04 4b c8 84 4d 68 11 ed c1 7e 32 d3 83 0e 38 0b 2a 78 85 68 98 71 67 90 85 45 78 72 9b a7 84 5d f8 85 16 d1 1d 74 27 39 0c b8 25 4b 90 0a 67 98 86 7c b8 6f 55 c0 86 30 88 78 9c c7 85 71 28 87 13 d1 1e 24 c8 35 4c 30 7b 6d d7 09 9a ff 20 01 7d 18 89 19 07 88 2f 18 80 b8 37 04 5d 08 73 86 18 11 f2 51 6a cb 02 04 52 18 25 Data Ascii: 5w]\|dyp~zs?%7?{pmryGgAyS8wW$s@7z w<Ow\Bs0X5z8\|'#8VuFh'KMh~28*xhqgExr]t'9%Kg\|oU0xq($5L0{m }/7]sQjR%
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: bc 60 a9 56 88 b2 06 c0 a1 fa 26 b5 e1 2a b7 7c ca 06 59 7b 0b 76 6b b3 38 ab b7 15 da b7 fb c6 9f 03 b4 0c d8 36 09 b4 ca 8e a2 d3 0c e2 78 b2 bd 2a a4 fb 06 b4 41 19 b7 90 6b b5 c8 3a b3 b7 00 0c 59 0a 02 0d 8b b9 39 6b 9f 18 b7 08 f4 8a 6d ff e8 81 eb c8 8e 56 63 0a 25 db 87 e9 29 a7 a4 a7 71 8e 4b 94 e2 da ba 58 7a 0a 74 ab ac 59 9a 01 5d 6b bb 5e ea 73 66 aa 41 68 7a 6d 12 70 af 25 1a 22 a4 0b ad 00 ff c0 ad fb 88 ba fa a6 ba 08 c0 ba cc 1b b3 cf cb 06 47 90 a5 22 d0 03 79 4b bd cf 19 b1 fa b6 a8 1b f4 b1 85 d8 bd f2 c1 b4 e0 0b 00 64 90 a9 91 89 71 69 a0 98 cb 9b be 58 7a 07 cf eb 00 6c 70 0a d1 bb 01 5d 5a a1 2b 00 05 1c 30 03 17 40 bb 8a f9 a5 19 d7 04 45 8b 6d 41 90 bf a2 2b 1f 9d d0 af e2 e8 b4 cb e8 0a 50 5b 6d 29 70 a7 44 89 be 06 bc a7 82 90 Data Ascii: `V&\|Y{vk86xAk:Y9kmVc%)qKXztY]k^sfAhzmp%"G"yKdqiXzlp]Z+0@EmA+P[m)pD
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: cf 9c 8d 6d 3f 8e cd 41 2e e4 00 8f 00 1c b0 a7 c1 5e f0 20 9f d4 6a a0 07 85 c0 ee a1 fa be b7 cb 79 f2 7a a6 d8 76 df 1f 48 f1 35 d8 d9 d7 ff 06 e6 02 1d e8 42 9e 02 8a f9 a9 58 3a f0 21 0f f2 6a 20 06 25 0f b3 19 30 e5 d0 29 e3 b9 57 d9 e9 f3 09 1c 8c ef f9 be 84 80 7d 6d a8 8e cd a0 ad ea 23 9e 96 c4 ba 05 3d 0f f2 7c 90 05 75 90 09 c6 5e ac 22 b0 01 9a be 9a 8d 69 7d 34 9e 3e 16 5e 6d 18 90 a4 5c ee 81 2b 8d 6d bd dd ef aa 7e 05 ab a9 ed 8a 6d 07 0c 9e f5 22 cf f5 85 b0 05 a7 0d b9 5b 2a e7 f2 b9 03 f1 8d 7b 1a dc c9 d7 76 ef 39 de f6 1e 88 01 16 ef d2 19 2f e4 f1 b9 c3 ae 2e cc 8e 0e e9 78 5f f0 d0 a0 06 59 40 eb b6 5e f9 ad 0b 02 97 2b 9f 36 d0 f0 7f c7 ec 1a 14 08 d8 6d b6 d2 b8 df 04 28 04 d8 76 cd 35 af ea 00 b0 f1 85 be 01 a0 9f c6 bb ce eb 87 Data Ascii: m?A.^ jyzvH5BX:!j %0)W}m#=\|u^"i}4>^m\+m~m"[*{v9/.x_Y@^+6m(v5
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: 14 58 c2 17 d6 a9 4f 59 a1 e0 63 f2 d7 42 22 16 e8 69 e9 73 49 0c b1 12 bd ba c4 83 80 38 84 e2 61 f4 b2 37 ac e8 e0 84 33 da 5d 86 34 34 b6 22 76 51 39 42 78 20 bb 2c a7 95 26 98 cf 24 5d 00 61 14 d5 48 98 be 48 10 2b 26 9c 92 70 b2 82 39 bf 79 d1 8e 93 91 40 cb d6 f3 b6 31 6e e5 0d e4 19 60 fa d6 38 c8 c1 20 b0 25 51 e0 0a 1c 1d 84 48 be 05 b1 2a 43 bc 63 24 b1 12 27 db e8 4e 35 65 6c cd 07 b7 45 48 ac 19 c0 93 12 32 24 c3 e4 d2 01 2b da 86 8a 58 f9 13 fe 24 b9 ca 90 1c d1 7d 12 40 ce 1f 5b 53 c3 4d 72 d2 66 9e c4 e5 27 0f e8 3e ca 50 b2 2f 59 8c 4a d0 b8 c8 4a 56 82 71 3d 31 bb a4 19 cb a3 47 bd 5c cc 96 14 cb 65 2e 73 a4 17 60 6e ff 45 08 95 84 25 10 57 48 4c 56 32 b3 2f f6 53 0d 13 4f 42 cb 5c 3d 13 9a d1 94 a6 7c 74 48 99 2b 3a 25 85 7e 0a 9a d0 b8 Data Ascii: XOYcB"isI8a73]44"vQ9Bx ,&$]aHH+&p9y@1n`8 %QH*Cc$'N5elEH2$+X$}@[SMrf'>P/YJJVq=1G\e.s`nE%WHLV2/SOB\=\|tH+:%~
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: b3 bf 8e a0 be ce 79 3e c2 13 0c 24 2b 38 73 e2 be f7 52 3c 01 14 40 20 18 83 f5 9a 00 77 c3 28 9e 58 40 12 d1 8e 1d 40 8d ad 98 c0 c2 91 3f 02 83 a5 7c cb c0 90 d8 40 ae a8 a7 72 da 8d 44 0b 41 5b 7a b1 24 d0 02 13 34 41 26 58 2f ca 6b c1 99 78 41 33 b9 3c 5a b8 02 d1 eb 00 8d ab 24 1d 00 39 20 f9 33 bd ea c1 1d 54 8e 0c f2 0b 6d 38 bc dc 10 42 73 f2 3f 02 f0 02 dc 43 c2 ff ef 8b 04 2d 40 af a0 7b 37 cc 7b c2 e1 3b 01 25 90 16 91 10 bc e0 38 3d e5 f0 34 ae f2 c2 8f b9 be c9 39 b2 ad 0b c2 45 7b a6 11 74 af 34 5c c3 00 54 42 16 8c 26 73 c8 87 39 7c c2 13 70 82 58 a8 a2 97 d9 34 ca d0 bb 3f 94 0b d9 fa 91 5d d3 8b 6d 50 33 45 e3 0d 35 1b c3 41 42 c4 44 54 c3 45 6c 3c 72 80 87 52 a0 07 7a 30 87 59 fc 03 7b c8 02 49 c4 45 04 90 82 6c 68 3d ab eb 8b 1e d3 8a Data Ascii: y>$+8sR<@ w(X@@?\|@rDA[z$4A&X/kxA3<Z$9 3Tm8Bs?C-@{7{;%8=49E{t4\TB&s9\|pX4?]mP3E5ABDTEl<rRz0Y{IElh=
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: 0f 29 5d 16 3a 5d e5 99 07 7d b4 da 87 25 8c 51 7c 26 ee a8 81 42 ed dc da e5 dc e3 7c 4f 4c 88 08 b6 6d 0b ff d2 e5 44 08 60 5c 0b 92 00 f0 54 34 d9 db 54 de e0 81 66 ab 5b 1c 8a 57 8a b5 dd e7 ed db 53 55 ce e6 84 88 0b 30 0d df 25 31 c7 8d 3e ed dd 1f 58 8a 89 af 2c 5e 10 f4 8d 66 73 dd 1b 8a 58 b0 d8 00 e8 55 df ce cd d6 b2 38 dc d2 c0 de 46 49 5d 0b 9c 07 ee d5 1f e0 a5 00 af 1c b8 e2 65 33 df 28 5e 73 6a 8e 19 d8 d5 f5 25 60 af 2d 5b d2 04 04 46 65 55 8c 70 01 1b b8 c1 55 ea aa 64 65 21 ac d2 00 d6 0d 5f 5b ed 8d 56 4b 51 5b 6a 8e 1a 28 e0 0f e6 5b 45 20 5a d1 d4 5d b3 c8 80 a6 6d 0b 29 18 18 0d c0 ab f9 d5 42 70 eb a2 1c d4 5f ab 95 bd f2 7d 5d ed 03 60 a7 dd 5b 10 e6 61 8b c5 dd e4 dc d8 b2 10 5d b6 90 82 07 36 46 0a a0 80 16 f6 10 e0 cd 2b b8 bd Data Ascii: )]:]}%Q\|&B\|OLmD`\T4Tf[WSU0%1>X,^fsXU8FI]e3(^sj%`-[FeUpUde!_[VKQ[j([E Z]m)Bp_}]`[a]6F+
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: a8 81 0b 20 f1 cf 46 f9 18 6f 0b 8e 6f f0 96 7f 79 98 f7 79 dd be f9 02 6f 6e 33 9f 08 97 ff f9 a3 1f 91 a0 17 fa 8d 17 71 8f 67 76 a4 87 fa ed 50 7a fa 1e fa ff fe cb c0 8c 7a e7 38 81 1d d8 01 5a e0 97 1c c8 01 5a a0 05 ae cf 46 6d 14 f8 19 98 fa f2 ce f9 f7 be fa a7 17 f8 1d c8 01 29 b0 01 68 49 83 4d c8 06 2b 98 82 58 88 05 35 dd 8a 41 90 03 3c c0 25 73 a0 07 7b b0 87 7c 50 83 2c a8 03 cd 4c 7b eb 2e e7 19 88 ee ab ef f9 5c dc 3c 1b 70 02 25 c0 86 80 e1 fb fc a8 02 39 40 ac 5c 6a 83 6a c0 06 25 b0 01 5c 50 4b 66 89 81 c5 b7 ec b5 df ec 12 d8 80 c8 7f c1 10 88 7b 27 b8 82 91 09 69 fd 20 03 c0 ef fc ff 68 7a 86 2a f0 88 29 c0 81 7b 29 7d 12 d9 01 d4 7f 35 b6 70 fc af 5e ca 88 5c cb 13 88 7b 1f b8 82 4d 28 58 79 01 03 a4 0a 05 a4 72 05 32 10 89 14 a8 17 Data Ascii: Fooyyon3qgvPzz8ZZFm)hIM+X5A<%s{\|P,L{.\<p%9@\jj%\PKf{'i hz*){)}5p^\{M(Xyr2

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:05:47 UTC	596	OUT	GET /tg-07/top.png HTTP/1.1 Host: image.sanxiang-sh.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.telegramwg.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:05:47 UTC	952	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:05:47 GMT Content-Type: image/jpeg Content-Length: 1191 Connection: close ETag: "f52e5279825d383bc2faca909667ea76" Last-Modified: Mon, 02 Dec 2024 10:00:27 GMT Vary: Accept-Encoding Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 7059 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6l2Bw1djKylf%2FnOR20kOo2ODKXIyaWeRLmXEcMXIZ0zTIBWhuZXr98yuMFWlmTHauzepEkt2rSqBExqtYxUhFi%2F8zDbJzVyyQcGQ%2FFy%2FUI1WMBY%2BbV6AStm3hoOn0ZZk0QEx%2BDBpA7A%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9008e5994fdb159f-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1687&min_rtt=1679&rtt_var=646&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2872&recv_bytes=1174&delivery_rate=1671436&cwnd=175&unsent_bytes=0&cid=c154befab1e2cb90&ts=150&x=0"
2025-01-12 00:05:47 UTC	417	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 40 00 00 00 40 08 06 00 00 00 aa 69 71 de 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 04 61 49 44 41 54 78 5e ed 9b 5b 68 1c 55 18 c7 ff ff d9 24 ad 97 84 34 b3 05 b5 0f 8a 0a 16 44 df bc b4 99 b1 88 16 ad 48 51 2b 5a 10 91 56 c4 56 10 ec 4e eb 8b 0a 05 45 b4 64 27 f1 c1 ea 83 97 50 15 2c 56 94 4a a8 2d 58 4a 67 d2 8a 2f 12 42 d0 fa 50 5f d4 aa ec 34 b5 11 6c 42 76 3e d9 dd 6e d9 6c b7 ce ec 64 2e ee ee cc e3 9e 6f cf f9 7e bf 39 73 ce 99 cb 21 3a fc 60 23 7e fd f9 99 e5 d2 3d bb 8e e0 2d 42 dc 0c 91 cb 5b d1 13 c9 53 02 99 02 95 09 7b 68 e0 ab 46 0c 17 09 d0 0d e7 3e 00 9f 00 50 5b 11 fa 92 39 8b 7c 4f a5 6b c3 d1 a1 fe 9f 6b 63 16 08 d0 0c e7 55 02 2f b7 15 78 0d 8c 88 fc 23 c8 6c 1c 37 97 ed af Data Ascii: PNGIHDR@@iqsRGBaIDATx^[hU$4DHQ+ZVVNEd'P,VJ-XJg/BP_4lBv>nld.o~9s!:`#~=-B[S{hF>P[9\|OkkcU/x#l7
2025-01-12 00:05:47 UTC	774	IN	Data Raw: 29 db cc ee f1 d3 40 52 31 7a ce 19 03 f1 80 57 fb c1 04 14 33 37 d8 23 fd 27 bd 2a 4f b2 5c 37 4e bf 08 c8 9b 5e 39 08 f0 a1 9d 57 37 37 d5 03 00 3c 63 e5 d5 f7 bc 2a 4f b2 5c cb 39 07 48 dc ef 99 43 d0 95 a0 40 7e 84 e0 0f cf 06 62 0f a0 42 c8 8d 20 af f6 d3 74 a0 4b c0 4f c5 2d 13 13 b4 07 b4 0c a0 57 a2 a9 80 f4 6e 30 bd 1d 4e 9f 07 24 f9 40 44 20 33 04 f7 0a 70 1d 81 7b bd c6 ac b0 cb 13 9d 06 45 70 d2 55 7a 56 1d 1b ea fd b3 fc 40 66 db f4 1a b0 78 10 e4 92 b0 41 2f 59 5f 52 b3 40 3d 7c 35 c1 d8 25 24 21 40 20 27 5c 2e b9 ab 7a e6 eb cf 4e ac 12 e2 16 50 82 9f 3b d7 33 f8 dd db 7d ce 7f 75 f3 d8 24 c4 29 a0 21 fc 4e 51 b4 19 67 94 e0 7e 2b af ee ab 95 12 8b 84 b8 04 34 3e f3 42 dd 70 3e 02 f8 04 04 45 00 8f 5b a6 fa 79 ac 12 e2 10 e0 09 5f 25 4e 42 Data Ascii: )@R1zW37#'O\7N^9W77<cO\9HC@~bB tKO-Wn0N$@D 3p{EpUzV@fxA/Y_R@=\|5%$!@ '\.zNP;3}u$)!NQg~+4>Bp>E[y_%NB

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://www.telegramwg.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Users\user\Downloads\39c03c9a-ff65-46e3-9f75-ab0f5a6b5d6f.tmp

C:\Users\user\Downloads\8a5cd1c2-a8cd-4bb5-b9b4-362d991696f5.tmp

C:\Users\user\Downloads\Unconfirmed 134623.crdownload

C:\Users\user\Downloads\Unconfirmed 593715.crdownload

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Windows Analysis Report
http://www.telegramwg.com/

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:05:47 UTC	587	OUT	POST /v6/collect?dt=4 HTTP/1.1 Host: collect-v6.51.la Connection: keep-alive Content-Length: 485 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.telegramwg.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.telegramwg.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:05:47 UTC	485	OUT	Data Raw: 1f 8b 08 00 59 07 83 67 00 03 a5 52 4d 73 d2 50 14 fd 2b 4c 96 0e af 3c 92 bc 90 74 e7 ca 45 97 e2 8c ba 23 bc 04 9d 52 a8 90 34 0b c7 99 40 51 29 b5 93 71 06 2d d3 a2 14 6d 87 3a 55 70 c6 8f 22 36 f2 63 ca 7b 21 2b ff 82 b9 a1 2c ec b6 bb 3b e7 9e 7b ce 79 ef de a7 c2 63 2a ac 26 04 69 6d 4d 7b 58 b6 a4 4c d6 b8 7f fb c9 03 51 48 26 84 8a 15 75 d2 19 49 51 64 2c c9 44 54 70 04 5a 00 0a 96 51 34 0a 95 dc 06 1b 76 02 ff 75 02 25 b2 77 82 c9 38 fc f8 9e 77 27 0b 2c c9 2e 26 ec 78 10 1c 34 82 3f c7 c1 ef 06 6b f5 e6 db 7e 72 3e fc c4 0e 3f 84 9d 1e db f3 66 7e 97 1f 7e 0f cf 3a fc 4d 13 fc d6 1d 90 ce fe 27 1d d6 dd f9 e8 9c d7 4f 67 e3 dd b9 ef 2f 7d 67 e3 2f fc ed cb 60 a7 c9 bb 9f ff 5e bc e2 8d 1e f3 f6 d9 f4 2c 74 7b 97 6e 8d 0d 77 d8 f3 68 a2 1d b4 4f Data Ascii: YgRMsP+L<tE#R4@Q)q-m:Up"6c{!+,;{yc*&imM{XLQH&uIQd,DTpZQ4vu%w8w',.&x4?k~r>?f~~:M'Og/}g/`^,t{nwhO
2025-01-12 00:05:48 UTC	412	IN	HTTP/1.1 200 Date: Sun, 12 Jan 2025 00:05:48 GMT Content-Length: 0 Connection: close Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Access-Control-Allow-Origin: https://www.telegramwg.com Access-Control-Allow-Credentials: true via: LA-BRA-saopaulo-EDGE2-CACHE7[1146],LA-BRA-saopaulo-EDGE2-CACHE7[ovl,1144] X-CCDN-REQ-ID-46B1: e2b2b3f7c50f2e471a062ae4e524766d

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:05:47 UTC	607	OUT	GET /tg-07/Telegram%20150.png HTTP/1.1 Host: image.sanxiang-sh.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.telegramwg.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:05:47 UTC	943	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:05:47 GMT Content-Type: image/jpeg Content-Length: 6676 Connection: close ETag: "0b51d2a6328d9284bc3e3d156d047d30" Last-Modified: Mon, 02 Dec 2024 10:00:25 GMT Vary: Accept-Encoding Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 1975 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pGrz1kYNS2CbOq1ufq2aUeoWkgl7IngjrUb7vzSaXGcxSEiFlhctwOYs6xUXsdieaCBP3EvklyBOKA4F0HbOmYCO7OUhTY%2BAPRqAEXrNhGOo9kykMfwPfifcIKP6Tox4Re9K1Hvi%2FME%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9008e59a7ea2176c-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1461&min_rtt=1461&rtt_var=730&sent=5&recv=7&lost=0&retrans=1&sent_bytes=4286&recv_bytes=1185&delivery_rate=458542&cwnd=252&unsent_bytes=0&cid=dfa715d034e858e1&ts=155&x=0"
2025-01-12 00:05:47 UTC	426	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 96 00 00 00 96 08 06 00 00 00 3c 01 71 e2 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 19 c6 49 44 41 54 78 9c ed 9d 7b 74 5c f5 75 ef 3f fb 37 67 46 a3 b1 5e 96 65 59 b6 e5 97 24 db b2 65 04 18 ea bc 1c 30 24 a5 14 d2 16 12 ea 90 f0 30 86 a6 a4 69 80 9b 4b 58 94 9b 95 55 e7 de 9b 9b c5 72 28 25 e5 de 84 e6 81 21 18 6c 35 97 e6 a6 2c 20 34 01 97 10 e2 45 28 01 83 6d d9 92 85 b0 85 2c 4b b2 2c eb 31 1a cd cc 39 fb fe 71 2c b0 2d 59 cf 79 9c 91 e6 b3 d6 f9 c3 a3 99 33 db 33 df f9 fd f6 6f ff f6 de 3f 61 06 b1 a2 ae d3 0a 88 09 3a 10 12 21 04 12 52 87 52 11 96 2a 5a 09 94 03 a5 0a c5 06 4a 54 28 40 09 02 16 10 3c 75 9b 08 10 07 22 28 3d 08 5d 40 27 42 3b aa ad 60 0e 09 34 03 ed Data Ascii: PNGIHDR<qpHYs+IDATx{t\u?7gF^eY$e0$0iKXUr(%!l5, 4E(m,K,19q,-Yy33o?a:!RR*ZJT(@<u"(=]@'B;`4
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: 62 07 51 aa 11 3e 2f c8 55 fa a1 90 02 e9 b6 6f 82 44 81 3e a0 15 78 c1 51 9e 12 91 7a 8c 1d d9 ff b9 cc 1c c9 32 4a 58 17 3d a2 44 8a ba 43 18 2d 77 e0 62 41 37 81 5c c2 87 8e f5 74 21 0e bc 81 e8 a3 38 ec c2 27 2d d1 dc d9 7d 8d 57 65 ce d7 95 31 96 56 ff df ce 90 b1 65 2d c2 06 e0 2f 80 0b 48 9f bf 94 2a e2 c0 3b c0 33 c0 4b 2a e6 f5 fd d7 cd ce 88 a9 d2 f3 c2 aa a9 6b b7 10 eb 62 45 6f 02 2e c1 5d d1 65 da 54 37 55 e2 b8 0e ff cb 8a 6e b7 a2 d6 ab 6f df 50 14 4d b7 51 a3 e1 59 61 d5 3e de 66 e2 39 d6 0a 44 6e 07 ae c0 15 d4 74 1f a1 c6 c2 c1 15 d8 2e 8c 3e 12 f0 f9 de 7c f3 5a 6f c6 c6 3c 27 ac 9a 1d 9d 96 63 a4 54 e0 76 e0 56 d2 1b 22 f0 2a 71 a0 1b d8 e1 20 0f f8 d0 d6 bd 1b e7 78 6a 04 f3 8c b0 6a ea 4e 1a 25 be 00 65 83 0a f7 08 d4 a6 db a6 0c a1 Data Ascii: bQ>/UoD>xQz2JX=DC-wbA7\t!8'-}We1Ve-/H;3KkbEo.]eT7UnoPMQYa>f9Dnt.>\|Zo<'cTvV"*q xjjN%e
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: 0f ee 77 1b ee 7e c0 30 61 19 31 21 55 36 8f f4 b7 2c 89 23 e8 13 e6 04 0d 2b 0a 2d ae 58 14 e4 8a 45 39 84 ac d1 e7 3a bf 81 d5 b3 2d fe 74 71 90 83 dd 7d 68 8a 6c 1d 05 4b 94 cd 8e a3 4f 02 67 1c 6c 30 5c 3c ca 0a 60 7d 8a 0c 9b 51 08 30 3b 47 a8 2a f4 b3 76 ae 9f 4f 96 e5 b0 ba d8 22 e8 1b bf f3 94 e3 13 ca 67 f9 08 5a c2 40 3c fd d2 52 b8 18 d5 5a ce 2a be 18 26 2c 55 fd bc 4a d6 b7 4a 24 3e 81 c5 f9 16 eb e6 06 58 3b d7 4f 6d b1 9f a5 05 d6 a4 2b 59 82 96 90 eb 83 b0 07 84 05 18 0c 5f 60 34 61 ad 79 f2 58 5e 4c 9c ab 52 6a d6 34 46 80 ea d9 7e ae 5d 96 cb 45 73 fd 2c 0c f9 28 08 24 68 75 e7 ad 15 e2 a7 57 6d 6f 2f de 7f 43 69 d7 d0 03 67 08 2b 2a ce 25 e2 1e cd 96 65 92 58 06 f2 fd 86 f3 e7 f8 f9 5c 45 2e 17 96 04 28 0c 08 fe 04 c6 0a 06 6d f5 c4 34 Data Ascii: w~0a1!U6,#+-XE9:-tq}hlKOgl0\<`}Q0;GvO"gZ@<RZ&,UJJ$>X;Om+Y_`4ayX^LRj4F~]Es,($huWmo/Cig+*%eX\E.(m4
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: c0 65 49 12 15 40 4b 5f 9c 41 27 23 44 05 50 60 e1 e6 d1 78 02 b7 bc dc e2 23 f3 02 7c a2 2c c8 c5 a5 01 e6 e6 fa d2 b2 b6 88 39 ca ef da 06 a9 3b 14 e6 b7 47 23 23 96 5a 09 50 55 e8 e7 ce f3 f2 b9 74 61 30 a9 7e 5e 6b bf 4d d4 ce 18 61 05 2c 3c 90 e3 ee 13 f7 0b fa 74 79 90 8b 4b 73 a8 29 f6 27 6d bb 65 3c f4 c6 94 c7 ea fb 78 e6 bd 30 ef f5 c6 39 d7 40 b1 28 cf e2 de 0b 0b f9 c8 bc 40 d2 17 0f ef f7 db c3 a6 60 0f 63 d2 2e ac a5 f9 16 9b 57 e5 f1 89 b2 20 25 41 43 d0 4a ad ff 74 36 7b bb 62 3c fc 4e 0f bb db 06 47 2d 08 5d 94 e7 e3 7f ac 2b 62 dd bc 9c 94 2c 20 de ef 8f 13 f5 6c b6 cc 70 d2 92 2a 93 e3 13 aa 0a 2d 6e 5c 31 8b ab 97 84 92 b2 82 9a 08 0a b4 85 6d 7e d1 1c e6 f1 fa 3e 3a 47 49 a4 b3 8c 70 41 49 80 fb d6 16 52 53 ec 4f c9 8f c0 56 78 bf cf Data Ascii: eI@K_A'#DP`x#\|,9;G##ZPUta0~^kMa,<tyKs)'me<x09@(@`c.W %ACJt6{b<NG-]+b, lp*-n\1m~>:GIpAIRSOVx
2025-01-12 00:05:47 UTC	1369	IN	Data Raw: 07 ad 2a f2 ce d0 3f 3e 10 96 13 f7 b7 22 bc 83 3b a4 cd 48 3a 06 6c fe b5 a9 9f 7b 7f d7 c5 cf df ed c7 49 a3 ba 1a ba bd bb a8 18 81 38 ca 41 47 a4 79 e8 81 0f 84 d5 78 eb 7c 47 e1 39 dc 7d c3 19 4b d4 56 0e 9c 88 f2 3f 7f 7f 82 2d af 9d e0 bd de 78 5a f6 ea ea 4f 44 33 49 58 7d 2a 3c d7 74 c3 a2 0f 56 41 67 24 71 fb 55 5f 8c bb d3 61 71 ca 4d f3 18 bd 31 9b ba c6 5e f6 1c 1f 64 f3 aa 02 2e 5d 90 9b b2 08 bd ad 4a 63 77 0c 4d f7 7c 3c 7e 3a 11 79 f1 f4 07 ce f8 a4 f6 df b4 b4 0f f4 85 d4 da e4 5d 1c 85 7d 5d 51 fe d7 eb 5d 7c ef ad ee 71 95 88 25 82 ce 01 87 ae c1 4c 72 dc 75 57 e3 8d 4b da 4f 7f 64 f8 99 d0 c2 53 e2 70 e7 48 7f 9b a9 9c 88 38 3c 75 b0 97 a6 9e 18 d7 55 e5 f1 a9 f2 10 b9 49 6c 94 7b a4 2f ce 40 4c 33 65 8f d0 11 91 ed 67 3f 38 82 78 a4 Data Ascii: ?>";H:l{I8AGyx\|G9}KV?-xZOD3IX}<tVAg$qU_aqM1^d.]JcwM\|<~:y]}]Q]\|q%LruWKOdSpH8<uUIl{/@L3eg?8x
2025-01-12 00:05:47 UTC	774	IN	Data Raw: f0 1d 23 4e d2 44 05 29 3a 4f ae a6 6e af 35 38 10 f8 73 55 b9 0f 37 42 9f 25 f5 ec 01 b6 8a a3 75 89 0a 29 8c 46 ca 4e 26 da f0 d2 4b e6 c8 e1 45 1f 47 f9 26 70 39 d9 8d eb 54 e1 00 af 08 fa 2d 7a d8 d5 78 e7 f2 94 cc 1a 29 3f f2 aa 62 db a1 d5 a0 77 09 fa 45 b2 7e 57 b2 89 80 d4 a9 c8 43 4d 9b 2a 87 f5 b0 4a 26 29 1f 35 54 a4 de a0 df 40 d9 8f 72 0f d9 64 c1 64 d1 0e 3c 28 aa db 44 34 a9 fe d4 48 a4 f5 90 be aa 47 1b 6a 15 ee 07 2e 01 42 e9 b4 65 1a 11 01 5e 53 f4 1b 4d 9b 57 8c 5a 06 9f 4c d2 7e fa e3 b2 47 eb 4b 0c be 7b 80 6b 80 2a b2 a9 37 93 c5 01 0e 2b fc c2 c1 b9 bf 79 f3 ca b4 1e 06 91 76 61 01 54 6e 6b 0c 81 6e 40 b9 0d b8 82 ac ef 35 51 c2 c0 af 14 7e ea 88 79 be 39 54 d1 37 52 33 b4 54 e2 09 61 01 2c f9 e9 3e e3 8f fb cb 15 ae 04 bd 1b 64 45 Data Ascii: #ND):On58sU7B%u)FN&KEG&p9T-zx)?bwE~WCMJ&)5T@rdd<(D4HGj.Be^SMWZL~GK{k7+yvaTnkn@5Q~y9T7R3Ta,>dE

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:05:49 UTC	363	OUT	GET /telegram-13/d3.gif HTTP/1.1 Host: image.sanxiang-sh.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:05:49 UTC	956	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:05:49 GMT Content-Type: image/jpeg Content-Length: 2254846 Connection: close ETag: "999ccb074c15d6377f97302832038c14" Last-Modified: Thu, 05 Dec 2024 09:31:42 GMT Vary: Accept-Encoding Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 7061 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AW%2BDZVdoXrpYVK6M%2FB66KU2ARtytT8VklPbMYVYsRvn%2FSQRg95MM%2BulVJoNdoHFpN3VY%2Fg7kGz7A5PkFmXSchf4ykqx6S8zF3dkr6KJO2F5we9bcq0xKSr%2B%2FLAS4YRnZrh5Il6C3NCI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9008e5aabb5342af-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1755&min_rtt=1749&rtt_var=668&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2871&recv_bytes=941&delivery_rate=1624026&cwnd=166&unsent_bytes=0&cid=3367664584a92d46&ts=171&x=0"
2025-01-12 00:05:49 UTC	413	IN	Data Raw: 47 49 46 38 39 61 00 02 00 02 80 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 02 00 ff 00 2c 00 00 00 00 00 02 00 02 87 fe d8 21 ff ff ff fc ee 21 03 b4 ff 72 89 12 a6 c8 36 00 00 00 ff 5d 1f cf 35 01 fa 90 16 7d 09 09 ff a9 8f 02 b3 ff 01 b4 ff ff b4 84 cf f2 5c fe d8 20 fb 8f 15 fe d7 20 71 89 11 ff d9 20 01 b6 ff f9 90 15 f2 52 17 fe d4 20 fd 5a 1d ff d8 20 e9 49 10 db 3e 08 fe d0 1f fa 95 16 fb 99 17 ee 4e 13 d2 37 02 f9 57 1b fc eb 20 fb a2 18 f6 55 19 72 88 10 d2 3f 03 fc b4 1b fc ce 1f fe c7 1d d4 39 04 fe db 20 fc af 1a cf 33 00 fb 92 15 fc aa 19 dc 5c 09 fe e2 20 d7 3c 06 fe fd f3 e5 46 0e e1 71 0d fe de 20 f3 af 18 d8 54 07 fd bd 1c d4 48 05 00 b3 ff e1 44 0c e7 86 11 fd b9 1b a3 c5 33 fb 9e 17 fe Data Ascii: GIF89a!NETSCAPE2.0!,!!r6]5}\ q R Z I>N7W Ur?9 3\ <Fq THD3
2025-01-12 00:05:49 UTC	1369	IN	Data Raw: ff 87 59 1f 1b 04 af d2 3e a9 24 0f 84 91 12 86 0e 09 ff e4 63 4d 44 09 0e 0c 01 ff 98 76 ff e2 58 ff 7c 47 df bd 1c c2 35 14 cb 3a 15 e9 4e 1a d1 3f 17 c0 e3 4f a9 cc 38 ff 6d 33 ff ee 9c ee d5 2f ff 85 4f ff 70 3b 10 b5 f3 43 bc c6 a5 c7 35 c8 eb 55 fd c0 1c 80 c6 8f f8 d5 21 fe 8f 12 35 ba d2 ff a2 86 d9 43 17 d4 c0 1c f3 b0 19 e9 f2 cd a0 a3 16 81 0a 08 ff f3 b9 ff f8 d5 27 27 27 e1 d4 3a af 94 17 63 c2 a9 6f 5e 0d 97 9e 15 ff 72 38 f0 f9 d6 ab a9 1a d6 e6 a1 e1 c8 1d a6 cc 6e fc e7 20 10 0e 02 8d c8 84 ff a5 73 fa c8 1d 5d 5d 5d b4 ae 18 d8 4e 06 53 c0 b8 d4 d2 45 ff ae 7d dc 62 0a c8 b9 1a 10 10 10 ab cb 42 90 99 14 bc d6 68 c5 d0 52 e2 ef b6 ff 75 40 21 b8 e2 8e 79 12 ff d5 24 80 80 80 74 c4 9a f6 8a 14 ff f9 dc ff 9e 6a f0 d0 1f d0 d0 d0 ff ef a3 Data Ascii: Y>$cMDvX\|G5:N?O8m3/Op;C5U!5C''':co^r8n s]]]NSE}bBhRu@!y$tj
2025-01-12 00:05:49 UTC	1369	IN	Data Raw: 8e 92 40 3a ff 59 b0 6f aa 18 a0 06 05 d8 05 03 3e e0 7d d7 73 51 04 1b 28 16 1d 99 4c 21 df 0b 0d 15 4a 77 c1 16 ca 6c 17 1b 8c e1 fa f6 91 30 9c 31 41 84 24 34 4b 0a 17 07 11 d1 c1 cc 85 40 94 59 2f ff 64 48 c4 00 d0 80 7a 0f 40 43 c8 e4 c7 9f ee e5 d0 2b 3b 94 8c 43 42 67 a1 22 b0 30 88 58 5c 17 3b 8a 48 c4 23 3e eb 7d 91 68 9d 85 d0 f4 c4 d8 bd e8 84 9c 72 91 17 7e 98 c5 36 ae 6b 88 5c 94 a1 17 3f a8 2d 9e 7d c9 89 65 dc 0a 8b 70 88 90 28 2a a6 08 b7 c3 5d 2f 7a 61 06 37 46 2e 8e 44 44 05 b4 6c 55 00 20 60 6f 44 68 cc e3 55 fc 38 9f 36 89 28 09 c6 9b 9c 19 ca c1 89 f3 a9 8f 06 bf e8 85 21 b7 f6 0b 44 ca 10 89 cb 12 e3 97 24 19 16 13 12 c4 45 46 80 5c df 76 71 8f 2e 14 f1 17 bb 18 e5 0b 3d 69 ca 01 1a 10 11 ea ba 21 03 59 f9 15 08 0a c4 45 80 9c 9c f9 Data Ascii: @:Yo>}sQ(L!Jwl01A$4K@Y/dHz@C+;CBg"0X\;H#>}hr~6k\?-}ep(*]/za7F.DDlU `oDhU86(!D$EF\vq.=i!YE
2025-01-12 00:05:49 UTC	1369	IN	Data Raw: 7e f5 af 4f 7f a0 83 01 f8 ba b8 86 35 d4 77 0d 5d 7c 9f db 64 b0 79 1d 70 7e 04 c8 7a e9 d7 11 73 d7 3f 91 f0 04 d1 b7 25 98 37 7f f5 17 81 3f b7 7b df a7 0b e8 70 81 ff e7 6d 72 c0 79 e3 47 80 c9 67 80 07 a8 11 f2 41 79 b9 53 38 77 57 24 d3 d7 73 12 b8 82 40 d7 06 19 f8 82 ff f6 0c 9c 37 80 1e a8 7a 20 18 82 18 d1 1d b0 77 3c 4f 83 77 9d 90 0b 5c c7 82 42 e8 73 30 58 84 dc e6 0a b8 07 03 35 a8 7a 38 98 11 ed e1 7c ed f7 05 27 a8 23 0f 38 84 56 f8 75 46 68 84 b8 27 04 4b c8 84 4d 68 11 ed c1 7e 32 d3 83 0e 38 0b 2a 78 85 68 98 71 67 90 85 45 78 72 9b a7 84 5d f8 85 16 d1 1d 74 27 39 0c b8 25 4b 90 0a 67 98 86 7c b8 6f 55 c0 86 30 88 78 9c c7 85 71 28 87 13 d1 1e 24 c8 35 4c 30 7b 6d d7 09 9a ff 20 01 7d 18 89 19 07 88 2f 18 80 b8 37 04 5d 08 73 86 18 11 Data Ascii: ~O5w]\|dyp~zs?%7?{pmryGgAyS8wW$s@7z w<Ow\Bs0X5z8\|'#8VuFh'KMh~28*xhqgExr]t'9%Kg\|oU0xq($5L0{m }/7]s
2025-01-12 00:05:49 UTC	1369	IN	Data Raw: dc 79 6d 4f 49 97 b5 aa 23 bc 60 a9 56 88 b2 06 c0 a1 fa 26 b5 e1 2a b7 7c ca 06 59 7b 0b 76 6b b3 38 ab b7 15 da b7 fb c6 9f 03 b4 0c d8 36 09 b4 ca 8e a2 d3 0c e2 78 b2 bd 2a a4 fb 06 b4 41 19 b7 90 6b b5 c8 3a b3 b7 00 0c 59 0a 02 0d 8b b9 39 6b 9f 18 b7 08 f4 8a 6d ff e8 81 eb c8 8e 56 63 0a 25 db 87 e9 29 a7 a4 a7 71 8e 4b 94 e2 da ba 58 7a 0a 74 ab ac 59 9a 01 5d 6b bb 5e ea 73 66 aa 41 68 7a 6d 12 70 af 25 1a 22 a4 0b ad 00 ff c0 ad fb 88 ba fa a6 ba 08 c0 ba cc 1b b3 cf cb 06 47 90 a5 22 d0 03 79 4b bd cf 19 b1 fa b6 a8 1b f4 b1 85 d8 bd f2 c1 b4 e0 0b 00 64 90 a9 91 89 71 69 a0 98 cb 9b be 58 7a 07 cf eb 00 6c 70 0a d1 bb 01 5d 5a a1 2b 00 05 1c 30 03 17 40 bb 8a f9 a5 19 d7 04 45 8b 6d 41 90 bf a2 2b 1f 9d d0 af e2 e8 b4 cb e8 0a 50 5b 6d 29 70 Data Ascii: ymOI#`V&\|Y{vk86xAk:Y9kmVc%)qKXztY]k^sfAhzmp%"G"yKdqiXzlp]Z+0@EmA+P[m)p
2025-01-12 00:05:49 UTC	1369	IN	Data Raw: 73 ba 7b bf d7 96 d9 be ab cf 9c 8d 6d 3f 8e cd 41 2e e4 00 8f 00 1c b0 a7 c1 5e f0 20 9f d4 6a a0 07 85 c0 ee a1 fa be b7 cb 79 f2 7a a6 d8 76 df 1f 48 f1 35 d8 d9 d7 ff 06 e6 02 1d e8 42 9e 02 8a f9 a9 58 3a f0 21 0f f2 6a 20 06 25 0f b3 19 30 e5 d0 29 e3 b9 57 d9 e9 f3 09 1c 8c ef f9 be 84 80 7d 6d a8 8e cd a0 ad ea 23 9e 96 c4 ba 05 3d 0f f2 7c 90 05 75 90 09 c6 5e ac 22 b0 01 9a be 9a 8d 69 7d 34 9e 3e 16 5e 6d 18 90 a4 5c ee 81 2b 8d 6d bd dd ef aa 7e 05 ab a9 ed 8a 6d 07 0c 9e f5 22 cf f5 85 b0 05 a7 0d b9 5b 2a e7 f2 b9 03 f1 8d 7b 1a dc c9 d7 76 ef 39 de f6 1e 88 01 16 ef d2 19 2f e4 f1 b9 c3 ae 2e cc 8e 0e e9 78 5f f0 d0 a0 06 59 40 eb b6 5e f9 ad 0b 02 97 2b 9f 36 d0 f0 7f c7 ec 1a 14 08 d8 6d b6 d2 b8 df 04 28 04 d8 76 cd 35 af ea 00 b0 f1 85 Data Ascii: s{m?A.^ jyzvH5BX:!j %0)W}m#=\|u^"i}4>^m\+m~m"[*{v9/.x_Y@^+6m(v5
2025-01-12 00:05:49 UTC	1369	IN	Data Raw: 97 70 38 4e 84 37 dc 8d 5e 14 58 c2 17 d6 a9 4f 59 a1 e0 63 f2 d7 42 22 16 e8 69 e9 73 49 0c b1 12 bd ba c4 83 80 38 84 e2 61 f4 b2 37 ac e8 e0 84 33 da 5d 86 34 34 b6 22 76 51 39 42 78 20 bb 2c a7 95 26 98 cf 24 5d 00 61 14 d5 48 98 be 48 10 2b 26 9c 92 70 b2 82 39 bf 79 d1 8e 93 91 40 cb d6 f3 b6 31 6e e5 0d e4 19 60 fa d6 38 c8 c1 20 b0 25 51 e0 0a 1c 1d 84 48 be 05 b1 2a 43 bc 63 24 b1 12 27 db e8 4e 35 65 6c cd 07 b7 45 48 ac 19 c0 93 12 32 24 c3 e4 d2 01 2b da 86 8a 58 f9 13 fe 24 b9 ca 90 1c d1 7d 12 40 ce 1f 5b 53 c3 4d 72 d2 66 9e c4 e5 27 0f e8 3e ca 50 b2 2f 59 8c 4a d0 b8 c8 4a 56 82 71 3d 31 bb a4 19 cb a3 47 bd 5c cc 96 14 cb 65 2e 73 a4 17 60 6e ff 45 08 95 84 25 10 57 48 4c 56 32 b3 2f f6 53 0d 13 4f 42 cb 5c 3d 13 9a d1 94 a6 7c 74 48 99 Data Ascii: p8N7^XOYcB"isI8a73]44"vQ9Bx ,&$]aHH+&p9y@1n`8 %QH*Cc$'N5elEH2$+X$}@[SMrf'>P/YJJVq=1G\e.s`nE%WHLV2/SOB\=\|tH
2025-01-12 00:05:49 UTC	1369	IN	Data Raw: 70 be 29 61 3e a3 89 ad e9 b3 bf 8e a0 be ce 79 3e c2 13 0c 24 2b 38 73 e2 be f7 52 3c 01 14 40 20 18 83 f5 9a 00 77 c3 28 9e 58 40 12 d1 8e 1d 40 8d ad 98 c0 c2 91 3f 02 83 a5 7c cb c0 90 d8 40 ae a8 a7 72 da 8d 44 0b 41 5b 7a b1 24 d0 02 13 34 41 26 58 2f ca 6b c1 99 78 41 33 b9 3c 5a b8 02 d1 eb 00 8d ab 24 1d 00 39 20 f9 33 bd ea c1 1d 54 8e 0c f2 0b 6d 38 bc dc 10 42 73 f2 3f 02 f0 02 dc 43 c2 ff ef 8b 04 2d 40 af a0 7b 37 cc 7b c2 e1 3b 01 25 90 16 91 10 bc e0 38 3d e5 f0 34 ae f2 c2 8f b9 be c9 39 b2 ad 0b c2 45 7b a6 11 74 af 34 5c c3 00 54 42 16 8c 26 73 c8 87 39 7c c2 13 70 82 58 a8 a2 97 d9 34 ca d0 bb 3f 94 0b d9 fa 91 5d d3 8b 6d 50 33 45 e3 0d 35 1b c3 41 42 c4 44 54 c3 45 6c 3c 72 80 87 52 a0 07 7a 30 87 59 fc 03 7b c8 02 49 c4 45 04 90 82 Data Ascii: p)a>y>$+8sR<@ w(X@@?\|@rDA[z$4A&X/kxA3<Z$9 3Tm8Bs?C-@{7{;%8=49E{t4\TB&s9\|pX4?]mP3E5ABDTEl<rRz0Y{IE
2025-01-12 00:05:49 UTC	1369	IN	Data Raw: 7d a5 50 81 bd 0c 1b f0 51 0f 29 5d 16 3a 5d e5 99 07 7d b4 da 87 25 8c 51 7c 26 ee a8 81 42 ed dc da e5 dc e3 7c 4f 4c 88 08 b6 6d 0b ff d2 e5 44 08 60 5c 0b 92 00 f0 54 34 d9 db 54 de e0 81 66 ab 5b 1c 8a 57 8a b5 dd e7 ed db 53 55 ce e6 84 88 0b 30 0d df 25 31 c7 8d 3e ed dd 1f 58 8a 89 af 2c 5e 10 f4 8d 66 73 dd 1b 8a 58 b0 d8 00 e8 55 df ce cd d6 b2 38 dc d2 c0 de 46 49 5d 0b 9c 07 ee d5 1f e0 a5 00 af 1c b8 e2 65 33 df 28 5e 73 6a 8e 19 d8 d5 f5 25 60 af 2d 5b d2 04 04 46 65 55 8c 70 01 1b b8 c1 55 ea aa 64 65 21 ac d2 00 d6 0d 5f 5b ed 8d 56 4b 51 5b 6a 8e 1a 28 e0 0f e6 5b 45 20 5a d1 d4 5d b3 c8 80 a6 6d 0b 29 18 18 0d c0 ab f9 d5 42 70 eb a2 1c d4 5f ab 95 bd f2 7d 5d ed 03 60 a7 dd 5b 10 e6 61 8b c5 dd e4 dc d8 b2 10 5d b6 90 82 07 36 46 0a a0 Data Ascii: }PQ)]:]}%Q\|&B\|OLmD`\T4Tf[WSU0%1>X,^fsXU8FI]e3(^sj%`-[FeUpUde!_[VKQ[j([E Z]m)Bp_}]`[a]6F
2025-01-12 00:05:49 UTC	1369	IN	Data Raw: f7 f8 1e 30 f9 90 57 d0 19 a8 81 0b 20 f1 cf 46 f9 18 6f 0b 8e 6f f0 96 7f 79 98 f7 79 dd be f9 02 6f 6e 33 9f 08 97 ff f9 a3 1f 91 a0 17 fa 8d 17 71 8f 67 76 a4 87 fa ed 50 7a fa 1e fa ff fe cb c0 8c 7a e7 38 81 1d d8 01 5a e0 97 1c c8 01 5a a0 05 ae cf 46 6d 14 f8 19 98 fa f2 ce f9 f7 be fa a7 17 f8 1d c8 01 29 b0 01 68 49 83 4d c8 06 2b 98 82 58 88 05 35 dd 8a 41 90 03 3c c0 25 73 a0 07 7b b0 87 7c 50 83 2c a8 03 cd 4c 7b eb 2e e7 19 88 ee ab ef f9 5c dc 3c 1b 70 02 25 c0 86 80 e1 fb fc a8 02 39 40 ac 5c 6a 83 6a c0 06 25 b0 01 5c 50 4b 66 89 81 c5 b7 ec b5 df ec 12 d8 80 c8 7f c1 10 88 7b 27 b8 82 91 09 69 fd 20 03 c0 ef fc ff 68 7a 86 2a f0 88 29 c0 81 7b 29 7d 12 d9 01 d4 7f 35 b6 70 fc af 5e ca 88 5c cb 13 88 7b 1f b8 82 4d 28 58 79 01 03 a4 0a 05 Data Ascii: 0W Fooyyon3qgvPzz8ZZFm)hIM+X5A<%s{\|P,L{.\<p%9@\jj%\PKf{'i hz*){)}5p^\{M(Xy

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:05:49 UTC	355	OUT	GET /v6/collect?dt=4 HTTP/1.1 Host: collect-v6.51.la Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:05:50 UTC	315	IN	HTTP/1.1 220 Date: Sun, 12 Jan 2025 00:05:50 GMT Content-Length: 0 Connection: close Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers via: EU-GER-frankfurt-EDGE5-CACHE3[206],EU-GER-frankfurt-EDGE5-CACHE3[ovl,205] X-CCDN-REQ-ID-46B1: 9e836201e28caa8af707f5d5ed3ef361

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:05:50 UTC	603	OUT	GET /telegram-favicon.ico HTTP/1.1 Host: image.sanxiang-sh.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.telegramwg.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:05:50 UTC	948	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:05:50 GMT Content-Type: image/jpeg Content-Length: 4286 Connection: close ETag: "975b4112a366cca6b9bf2c84e268268c" Last-Modified: Fri, 06 Dec 2024 07:06:32 GMT Vary: Accept-Encoding Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 5118 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2aZSnnw9d4a2BepSzo9SEBD5j9adNB0skhfcjr3rrvwBPc2YEoHCYz98Sxgik2UGZftmIO0UBfACewZjXn4%2BTIQGpWHWkItiNJZ2LE%2BlgybB%2Bl%2BR8NDBmXaNha2nFMKWxu1omn4Jv5A%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9008e5b03bfd4313-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1563&min_rtt=1555&rtt_var=599&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2872&recv_bytes=1181&delivery_rate=1802469&cwnd=252&unsent_bytes=0&cid=9bc2e6a7043faa85&ts=182&x=0"
2025-01-12 00:05:50 UTC	421	IN	Data Raw: 00 00 01 00 01 00 20 20 00 00 01 00 20 00 a8 10 00 00 16 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d5 aa 2b 06 d4 9e 2b 47 d3 9a 27 95 d3 9c 28 bf d2 9b 29 d9 d2 9a 28 f3 d3 9b 29 f3 d1 9b 28 d9 d2 9b 28 bf d3 9a 27 95 d4 9a 28 47 d5 aa 2b 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d5 9f 2b 18 d3 9c 29 96 d3 9c 28 f1 d2 9b 28 ff d2 9b 28 ff d2 9b 28 ff d2 9b 28 ff d2 9b 28 ff d2 Data Ascii: ( @ ++G'()()(('(G++)((((((
2025-01-12 00:05:50 UTC	1369	IN	Data Raw: 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d5 9f 2b 18 d5 9c 29 c7 d4 9c 29 ff d4 9c 29 ff d4 9c 29 ff d4 9c 29 ff d4 9d 29 ff d4 9c 29 ff d4 9d 29 ff d4 9d 29 ff d4 9c 29 ff d4 9d 29 ff d4 9c 29 ff d4 9c 29 ff d4 9d 29 ff d4 9c 29 ff d4 9d 29 ff d4 9d 29 ff d4 9c 29 ff d4 9d 29 ff d5 9c 29 c7 d5 9f 2b 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 a1 2c 2e d5 9d 2b e3 d5 9d 2a ff d4 9c 29 ff d5 9d 2a ff d4 9c 29 ff d4 9c 29 ff d5 9d 2a ff d4 9c 29 ff d5 9d 2a ff d5 9d 2a ff d4 9c 29 ff d5 9d 2a ff d4 9c 29 ff d4 9c 29 ff d4 9d 29 ff d4 9c 29 ff d4 9d 29 ff d4 9d 29 ff d5 9d 29 ff d4 9d 29 ff d5 9d Data Ascii: +))))))))))))))))))))+,.+)))))))))))))
2025-01-12 00:05:50 UTC	1369	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff e3 b6 5a ff dc a2 2e ff dc a3 2f ff dc a3 2f ff dc a3 2e ff dc a3 2f ff dc a3 2e ff dc a3 2e ff dc a3 2f bf de a3 2f d9 dd a3 2e ff dd a3 2e ff dd a3 2f ff dd a3 2e ff dd a3 2f ff e3 b3 53 ff ed d1 96 ff f7 ea d1 ff fe fc f9 ff fe fd fc ff f4 e1 bc ff e1 b0 4c ff dd a3 2f ff dd a3 2f ff ec cc 8c ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ea c6 7e ff dc a3 2e ff dd a3 2f ff dd a3 2f ff dc a3 2e ff dd a3 2f ff dc a3 2e ff dc a3 2e ff de a3 2f d9 de a5 30 f3 de a4 2f ff de a4 2f ff dd a3 2f ff de a4 2f ff e8 c2 76 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fb f7 ff ed ce 90 ff de a5 32 ff de a4 30 Data Ascii: Z.//./..//.././SL//~.//./../0////v20
2025-01-12 00:05:50 UTC	1127	IN	Data Raw: a9 34 ff e4 a9 34 ff e5 a9 34 ff e4 a9 34 ff e4 a9 34 ff e5 a9 34 ff e4 a9 34 ff e5 a9 34 ff e5 a9 34 ff e5 aa 34 ff e5 a9 34 ff e5 aa 34 ff e5 aa 34 ff e5 a9 34 ff e5 aa 34 ff e5 a9 34 ff e5 a9 34 ff e5 a9 34 ff e5 a9 34 ff e5 a9 34 ff e5 a9 34 ff e5 a9 34 ff e5 a9 34 ff e6 ab 35 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff b6 49 07 e7 aa 36 c7 e6 aa 35 ff e6 aa 35 ff e6 aa 35 ff e5 aa 34 ff e6 aa 35 ff e5 aa 34 ff e5 aa 34 ff e6 aa 34 ff e5 aa 34 ff e6 aa 34 ff e6 aa 34 ff e6 aa 35 ff e6 aa 34 ff e6 aa 35 ff e6 aa 35 ff e6 aa 34 ff e6 aa 35 ff e6 aa 34 ff e6 aa 34 ff e6 aa 35 ff e6 aa 34 ff e6 aa 35 ff e6 aa 35 ff e5 aa 34 ff e7 aa 36 c7 ff b6 49 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ea aa 35 18 e7 ac 37 e3 e6 aa 35 ff Data Ascii: 444444444444444444444445I65554544444454554544545546I575

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:05:51 UTC	365	OUT	GET /telegram-favicon.ico HTTP/1.1 Host: image.sanxiang-sh.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:05:51 UTC	949	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:05:51 GMT Content-Type: image/jpeg Content-Length: 4286 Connection: close ETag: "975b4112a366cca6b9bf2c84e268268c" Last-Modified: Fri, 06 Dec 2024 07:06:32 GMT Vary: Accept-Encoding Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 5119 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tvt9QcLGvj7%2FBh59bgHxRBWSX%2BnTQ6TOcpO6h%2FHDLAIzox7pIhlbNWan9psd0XWmP3mw7g6oG17mMN4vfer5Nn%2BjRtR%2BbU1iY1Pn5JNmjdCQ%2FZXwGC57va94HcTXtnzJXAYYfW6vXhQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9008e5b79dd80ca0-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1677&min_rtt=1677&rtt_var=838&sent=7&recv=8&lost=0&retrans=1&sent_bytes=4284&recv_bytes=943&delivery_rate=94759&cwnd=239&unsent_bytes=0&cid=c035f7e0f656cd03&ts=211&x=0"
2025-01-12 00:05:51 UTC	420	IN	Data Raw: 00 00 01 00 01 00 20 20 00 00 01 00 20 00 a8 10 00 00 16 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d5 aa 2b 06 d4 9e 2b 47 d3 9a 27 95 d3 9c 28 bf d2 9b 29 d9 d2 9a 28 f3 d3 9b 29 f3 d1 9b 28 d9 d2 9b 28 bf d3 9a 27 95 d4 9a 28 47 d5 aa 2b 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d5 9f 2b 18 d3 9c 29 96 d3 9c 28 f1 d2 9b 28 ff d2 9b 28 ff d2 9b 28 ff d2 9b 28 ff d2 9b 28 ff d2 Data Ascii: ( @ ++G'()()(('(G++)((((((
2025-01-12 00:05:51 UTC	1369	IN	Data Raw: 49 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d5 9f 2b 18 d5 9c 29 c7 d4 9c 29 ff d4 9c 29 ff d4 9c 29 ff d4 9c 29 ff d4 9d 29 ff d4 9c 29 ff d4 9d 29 ff d4 9d 29 ff d4 9c 29 ff d4 9d 29 ff d4 9c 29 ff d4 9c 29 ff d4 9d 29 ff d4 9c 29 ff d4 9d 29 ff d4 9d 29 ff d4 9c 29 ff d4 9d 29 ff d5 9c 29 c7 d5 9f 2b 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 a1 2c 2e d5 9d 2b e3 d5 9d 2a ff d4 9c 29 ff d5 9d 2a ff d4 9c 29 ff d4 9c 29 ff d5 9d 2a ff d4 9c 29 ff d5 9d 2a ff d5 9d 2a ff d4 9c 29 ff d5 9d 2a ff d4 9c 29 ff d4 9c 29 ff d4 9d 29 ff d4 9c 29 ff d4 9d 29 ff d4 9d 29 ff d5 9d 29 ff d4 9d 29 ff d5 Data Ascii: I+))))))))))))))))))))+,.+)))))))))))))
2025-01-12 00:05:51 UTC	1369	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff e3 b6 5a ff dc a2 2e ff dc a3 2f ff dc a3 2f ff dc a3 2e ff dc a3 2f ff dc a3 2e ff dc a3 2e ff dc a3 2f bf de a3 2f d9 dd a3 2e ff dd a3 2e ff dd a3 2f ff dd a3 2e ff dd a3 2f ff e3 b3 53 ff ed d1 96 ff f7 ea d1 ff fe fc f9 ff fe fd fc ff f4 e1 bc ff e1 b0 4c ff dd a3 2f ff dd a3 2f ff ec cc 8c ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ea c6 7e ff dc a3 2e ff dd a3 2f ff dd a3 2f ff dc a3 2e ff dd a3 2f ff dc a3 2e ff dc a3 2e ff de a3 2f d9 de a5 30 f3 de a4 2f ff de a4 2f ff dd a3 2f ff de a4 2f ff e8 c2 76 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fb f7 ff ed ce 90 ff de a5 32 ff de a4 Data Ascii: Z.//./..//.././SL//~.//./../0////v2
2025-01-12 00:05:51 UTC	1128	IN	Data Raw: e5 a9 34 ff e4 a9 34 ff e5 a9 34 ff e4 a9 34 ff e4 a9 34 ff e5 a9 34 ff e4 a9 34 ff e5 a9 34 ff e5 a9 34 ff e5 aa 34 ff e5 a9 34 ff e5 aa 34 ff e5 aa 34 ff e5 a9 34 ff e5 aa 34 ff e5 a9 34 ff e5 a9 34 ff e5 a9 34 ff e5 a9 34 ff e5 a9 34 ff e5 a9 34 ff e5 a9 34 ff e5 a9 34 ff e6 ab 35 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff b6 49 07 e7 aa 36 c7 e6 aa 35 ff e6 aa 35 ff e6 aa 35 ff e5 aa 34 ff e6 aa 35 ff e5 aa 34 ff e5 aa 34 ff e6 aa 34 ff e5 aa 34 ff e6 aa 34 ff e6 aa 34 ff e6 aa 35 ff e6 aa 34 ff e6 aa 35 ff e6 aa 35 ff e6 aa 34 ff e6 aa 35 ff e6 aa 34 ff e6 aa 34 ff e6 aa 35 ff e6 aa 34 ff e6 aa 35 ff e6 aa 35 ff e5 aa 34 ff e7 aa 36 c7 ff b6 49 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ea aa 35 18 e7 ac 37 e3 e6 aa 35 Data Ascii: 444444444444444444444445I65554544444454554544545546I575

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:06:16 UTC	733	OUT	GET /upload/tsetup-x64.5.7.2.exe HTTP/1.1 Host: www.sanxiang-sh.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://www.telegramwg.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:06:17 UTC	922	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:06:16 GMT Content-Type: application/octet-stream Content-Length: 46122872 Connection: close Last-Modified: Fri, 15 Nov 2024 09:56:56 GMT ETag: "67371ae8-2bfc778" Cache-Control: max-age=14400 CF-Cache-Status: REVALIDATED Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zKaeTrHqE2nQJRfctGOO%2BPPDmgtrb9BhDfeFvzi2Oo%2B%2BeUdeh9ZerkKV6tf2HXRaEQoihWkHbcb%2FRDuaJcbA4wx6WEND2nSO6gETDdaSw5aghgTFGggkO8Jbg%2F6v%2F0h5yqfL0xkO"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9008e652bb1d2361-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1806&min_rtt=1801&rtt_var=687&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=1311&delivery_rate=1580942&cwnd=241&unsent_bytes=0&cid=f7f36273702d5887&ts=445&x=0"
2025-01-12 00:06:17 UTC	447	IN	Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZP@!L!This program must be run under Win32$7
2025-01-12 00:06:17 UTC	1369	IN	Data Raw: 00 00 60 0c 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f4 22 0c 00 54 02 00 00 00 30 0c 00 a4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e4 39 0b 00 00 10 00 00 00 3a 0b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 88 16 00 00 00 50 0b 00 00 18 00 00 00 3e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a4 37 00 00 00 70 0b 00 00 38 00 00 00 56 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 e8 6d 00 00 00 b0 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 dc 0f 00 00 00 20 0c 00 00 10 00 00 00 8e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 Data Ascii: `"T0.text9: `.itextP> `.data7p8V@.bssm.idata @
2025-01-12 00:06:17 UTC	1369	IN	Data Raw: 13 06 54 43 6c 61 73 73 88 1f 40 00 02 00 00 00 2c 13 40 00 01 07 48 52 45 53 55 4c 54 04 00 00 00 80 ff ff ff 7f 02 00 44 13 40 00 0e 05 54 47 55 49 44 10 00 00 00 00 00 00 00 00 04 00 00 00 e4 10 40 00 00 00 00 00 02 02 44 31 02 00 cc 10 40 00 04 00 00 00 02 02 44 32 02 00 cc 10 40 00 06 00 00 00 02 02 44 33 02 00 00 00 00 00 08 00 00 00 02 02 44 34 02 00 02 00 05 00 0b f4 ca 40 00 0c 26 6f 70 5f 45 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 0b 18 7c 4b 00 0e 26 6f 70 5f 49 6e 65 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 09 18 7c 4b 00 05 45 6d 70 74 79 00 00 40 13 40 00 00 02 00 09 18 7c 4b 00 Data Ascii: TClass@,@HRESULTD@TGUID@D1@D2@D3D4@&op_Equality@@@Left@@Right\|K&op_Inequality@@@Left@@Right\|KEmpty@@\|K
2025-01-12 00:06:17 UTC	1369	IN	Data Raw: 00 fe ff 5e 1f 40 00 4d 00 ff ff 00 00 07 54 4f 62 6a 65 63 74 26 00 b8 5c 40 00 06 43 72 65 61 74 65 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 24 00 e8 5c 40 00 04 46 72 65 65 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 18 7c 4b 00 09 44 69 73 70 6f 73 65 4f 66 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 3e 00 f4 5c 40 00 0c 49 6e 69 74 49 6e 73 74 61 6e 63 65 03 00 88 1f 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 00 11 40 00 01 00 08 49 6e 73 74 61 6e 63 65 02 00 02 00 2f 00 4c 5d 40 00 0f 43 6c 65 61 6e 75 70 49 6e 73 74 61 6e 63 65 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 18 7c 4b 00 09 43 6c 61 Data Ascii: ^@MTObject&\@Create@Self$\@Free@Self)\|KDisposeOf@Self>\@InitInstance@Self@Instance/L]@CleanupInstance@Self)\|KCla
2025-01-12 00:06:17 UTC	1369	IN	Data Raw: 01 00 01 01 02 00 02 00 5b 00 0c 60 40 00 11 53 61 66 65 43 61 6c 6c 45 78 63 65 70 74 69 6f 6e 03 00 28 13 40 00 08 00 03 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 08 88 1f 40 00 01 00 0c 45 78 63 65 70 74 4f 62 6a 65 63 74 02 00 00 00 11 40 00 02 00 0a 45 78 63 65 70 74 41 64 64 72 02 00 02 00 31 00 2c 60 40 00 11 41 66 74 65 72 43 6f 6e 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 30 60 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 39 00 34 60 40 00 08 44 69 73 70 61 74 63 68 03 00 00 00 00 00 08 00 02 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 01 00 00 00 00 01 00 07 4d 65 73 73 61 67 65 02 00 02 00 3f Data Ascii: [`@SafeCallException(@@Self@ExceptObject@ExceptAddr1,`@AfterConstruction@Self10`@BeforeDestruction@Self94`@Dispatch@SelfMessage?
2025-01-12 00:06:17 UTC	1369	IN	Data Raw: 00 07 0f 48 50 50 47 45 4e 41 74 74 72 69 62 75 74 65 80 22 40 00 20 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 00 00 54 23 40 00 14 08 50 4d 6f 6e 69 74 6f 72 54 24 40 00 02 00 68 23 40 00 14 17 54 4d 6f 6e 69 74 6f 72 2e 50 57 61 69 74 69 6e 67 54 68 72 65 61 64 88 23 40 00 02 00 00 8c 23 40 00 0e 17 54 4d 6f 6e 69 74 6f 72 2e 54 57 61 69 74 69 6e 67 54 68 72 65 61 64 0c 00 00 00 00 00 00 00 00 03 00 00 00 64 23 40 00 00 00 00 00 02 04 4e 65 78 74 02 00 e4 10 40 00 04 00 00 00 02 06 54 68 72 65 61 64 02 00 00 11 40 00 08 00 00 00 02 09 57 61 69 74 45 76 65 6e 74 02 00 02 00 00 00 00 00 00 f4 23 40 00 0e 12 54 4d 6f 6e 69 74 6f 72 2e 54 53 70 69 6e 4c 6f 63 6b 04 00 00 00 00 00 00 00 00 01 00 00 00 9c 10 40 00 00 00 00 00 00 05 46 4c 6f Data Ascii: HPPGENAttribute"@ @SystemT#@PMonitorT$@h#@TMonitor.PWaitingThread#@#@TMonitor.TWaitingThreadd#@Next@Thread@WaitEvent#@TMonitor.TSpinLock@FLo
2025-01-12 00:06:17 UTC	1369	IN	Data Raw: 31 00 ec c5 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 d8 28 40 00 00 00 04 53 65 6c 66 02 00 02 00 2b 00 00 c6 40 00 0b 4e 65 77 49 6e 73 74 61 6e 63 65 03 00 88 1f 40 00 08 00 01 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 dc 28 40 00 07 11 54 49 6e 74 65 72 66 61 63 65 64 4f 62 6a 65 63 74 f4 27 40 00 88 1f 40 00 00 00 06 53 79 73 74 65 6d 00 00 01 00 02 0f 29 40 00 02 00 02 00 00 00 9c 10 40 00 d4 c5 40 00 00 00 00 00 01 00 00 00 00 00 00 80 00 00 00 80 ff ff 08 52 65 66 43 6f 75 6e 74 00 00 38 29 40 00 14 0c 50 53 68 6f 72 74 53 74 72 69 6e 67 e4 11 40 00 02 00 50 29 40 00 0a 0a 55 54 46 38 53 74 72 69 6e 67 e9 fd 02 00 64 29 40 00 0a 0d 52 61 77 42 79 74 65 53 74 72 69 6e 67 ff ff 02 00 00 7c 29 40 Data Ascii: 1@BeforeDestruction(@Self+@NewInstance@Self(@TInterfacedObject'@@System)@@@RefCount8)@PShortString@P)@UTF8Stringd)@RawByteString\|)@
2025-01-12 00:06:17 UTC	1369	IN	Data Raw: 73 02 00 00 00 00 00 02 00 00 00 02 06 56 57 6f 72 64 73 02 00 00 00 00 00 02 00 00 00 02 06 56 42 79 74 65 73 02 00 00 00 00 00 00 00 00 00 02 07 52 61 77 44 61 74 61 02 00 02 00 00 00 00 18 2e 40 00 03 09 54 54 79 70 65 4b 69 6e 64 01 00 00 00 00 16 00 00 00 14 2e 40 00 09 74 6b 55 6e 6b 6e 6f 77 6e 09 74 6b 49 6e 74 65 67 65 72 06 74 6b 43 68 61 72 0d 74 6b 45 6e 75 6d 65 72 61 74 69 6f 6e 07 74 6b 46 6c 6f 61 74 08 74 6b 53 74 72 69 6e 67 05 74 6b 53 65 74 07 74 6b 43 6c 61 73 73 08 74 6b 4d 65 74 68 6f 64 07 74 6b 57 43 68 61 72 09 74 6b 4c 53 74 72 69 6e 67 09 74 6b 57 53 74 72 69 6e 67 09 74 6b 56 61 72 69 61 6e 74 07 74 6b 41 72 72 61 79 08 74 6b 52 65 63 6f 72 64 0b 74 6b 49 6e 74 65 72 66 61 63 65 07 74 6b 49 6e 74 36 34 0a 74 6b 44 79 6e 41 72 Data Ascii: sVWordsVBytesRawData.@TTypeKind.@tkUnknowntkIntegertkChartkEnumerationtkFloattkStringtkSettkClasstkMethodtkWChartkLStringtkWStringtkVarianttkArraytkRecordtkInterfacetkInt64tkDynAr
2025-01-12 00:06:17 UTC	1369	IN	Data Raw: 63 38 33 40 00 02 00 00 00 00 3c 33 40 00 0e 0d 54 52 65 73 53 74 72 69 6e 67 52 65 63 08 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 02 06 4d 6f 64 75 6c 65 02 00 70 11 40 00 04 00 00 00 02 0a 49 64 65 6e 74 69 66 69 65 72 02 00 02 00 00 00 88 33 40 00 03 0d 54 46 6c 6f 61 74 53 70 65 63 69 61 6c 01 00 00 00 00 08 00 00 00 84 33 40 00 06 66 73 5a 65 72 6f 07 66 73 4e 5a 65 72 6f 0a 66 73 44 65 6e 6f 72 6d 61 6c 0b 66 73 4e 44 65 6e 6f 72 6d 61 6c 0a 66 73 50 6f 73 69 74 69 76 65 0a 66 73 4e 65 67 61 74 69 76 65 05 66 73 49 6e 66 06 66 73 4e 49 6e 66 05 66 73 4e 61 4e 06 53 79 73 74 65 6d 02 00 00 34 40 00 0e 0e 54 45 78 74 65 6e 64 65 64 38 30 52 65 63 0a 00 00 00 00 00 00 00 00 01 00 00 00 9c 11 40 00 00 00 00 00 00 0b 61 45 78 74 65 6e Data Ascii: c83@<3@TResStringRecModulep@Identifier3@TFloatSpecial3@fsZerofsNZerofsDenormalfsNDenormalfsPositivefsNegativefsInffsNInffsNaNSystem4@TExtended80Rec@aExten
2025-01-12 00:06:17 UTC	1369	IN	Data Raw: 00 54 68 65 20 75 6e 65 78 70 65 63 74 65 64 20 73 6d 61 6c 6c 20 62 6c 6f 63 6b 20 6c 65 61 6b 73 20 61 72 65 3a 0d 0a 00 54 68 65 20 73 69 7a 65 73 20 6f 66 20 75 6e 65 78 70 65 63 74 65 64 20 6c 65 61 6b 65 64 20 6d 65 64 69 75 6d 20 61 6e 64 20 6c 61 72 67 65 20 62 6c 6f 63 6b 73 20 61 72 65 3a 20 00 00 00 00 20 62 79 74 65 73 3a 20 00 00 00 00 55 6e 6b 6e 6f 77 6e 00 41 6e 73 69 53 74 72 69 6e 67 00 00 55 6e 69 63 6f 64 65 53 74 72 69 6e 67 00 00 00 0d 0a 00 00 55 6e 65 78 70 65 63 74 65 64 20 4d 65 6d 6f 72 79 20 4c 65 61 6b 00 00 8b 08 89 0a 8b 48 04 8b 40 08 89 4a 04 89 42 08 c3 8d 40 00 8b 08 89 0a 8b 48 04 89 4a 04 8b 48 08 89 4a 08 8b 48 0c 8b 40 10 89 4a 0c 89 42 10 c3 8d 40 00 8b 08 89 0a 8b 48 04 89 4a 04 8b 48 08 89 4a 08 8b 48 0c 89 4a 0c Data Ascii: The unexpected small block leaks are:The sizes of unexpected leaked medium and large blocks are: bytes: UnknownAnsiStringUnicodeStringUnexpected Memory LeakH@JB@HJHJH@JB@HJHJHJ

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:06:45 UTC	733	OUT	GET /upload/tsetup-x64.5.7.2.exe HTTP/1.1 Host: www.sanxiang-sh.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://www.telegramwg.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:06:45 UTC	915	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:06:45 GMT Content-Type: application/octet-stream Content-Length: 46122872 Connection: close Last-Modified: Fri, 15 Nov 2024 09:56:56 GMT ETag: "67371ae8-2bfc778" Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 29 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hQbH4FNrrrwd5fPR6aCwccV5XRiVhMHt8Hhp5VkKlwghm01S2nCEimXnP9CL5XlXjO5Gf0RCABdwrYB2DWJMsR5EppxtfkikNAeQzYB9BoJHaZl28af7t8%2BObUQi5aLENcOWe2cU"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9008e707988c4210-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1747&min_rtt=1742&rtt_var=665&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1311&delivery_rate=1632196&cwnd=246&unsent_bytes=0&cid=d6cc75c475807e74&ts=10759&x=0"
2025-01-12 00:06:45 UTC	454	IN	Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZP@!L!This program must be run under Win32$7
2025-01-12 00:06:45 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f4 22 0c 00 54 02 00 00 00 30 0c 00 a4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e4 39 0b 00 00 10 00 00 00 3a 0b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 88 16 00 00 00 50 0b 00 00 18 00 00 00 3e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a4 37 00 00 00 70 0b 00 00 38 00 00 00 56 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 e8 6d 00 00 00 b0 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 dc 0f 00 00 00 20 0c 00 00 10 00 00 00 8e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 Data Ascii: "T0.text9: `.itextP> `.data7p8V@.bssm.idata @.dida
2025-01-12 00:06:45 UTC	1369	IN	Data Raw: 73 88 1f 40 00 02 00 00 00 2c 13 40 00 01 07 48 52 45 53 55 4c 54 04 00 00 00 80 ff ff ff 7f 02 00 44 13 40 00 0e 05 54 47 55 49 44 10 00 00 00 00 00 00 00 00 04 00 00 00 e4 10 40 00 00 00 00 00 02 02 44 31 02 00 cc 10 40 00 04 00 00 00 02 02 44 32 02 00 cc 10 40 00 06 00 00 00 02 02 44 33 02 00 00 00 00 00 08 00 00 00 02 02 44 34 02 00 02 00 05 00 0b f4 ca 40 00 0c 26 6f 70 5f 45 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 0b 18 7c 4b 00 0e 26 6f 70 5f 49 6e 65 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 09 18 7c 4b 00 05 45 6d 70 74 79 00 00 40 13 40 00 00 02 00 09 18 7c 4b 00 06 43 72 65 61 74 65 Data Ascii: s@,@HRESULTD@TGUID@D1@D2@D3D4@&op_Equality@@@Left@@Right\|K&op_Inequality@@@Left@@Right\|KEmpty@@\|KCreate
2025-01-12 00:06:45 UTC	1369	IN	Data Raw: 4d 00 ff ff 00 00 07 54 4f 62 6a 65 63 74 26 00 b8 5c 40 00 06 43 72 65 61 74 65 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 24 00 e8 5c 40 00 04 46 72 65 65 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 18 7c 4b 00 09 44 69 73 70 6f 73 65 4f 66 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 3e 00 f4 5c 40 00 0c 49 6e 69 74 49 6e 73 74 61 6e 63 65 03 00 88 1f 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 00 11 40 00 01 00 08 49 6e 73 74 61 6e 63 65 02 00 02 00 2f 00 4c 5d 40 00 0f 43 6c 65 61 6e 75 70 49 6e 73 74 61 6e 63 65 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 18 7c 4b 00 09 43 6c 61 73 73 54 79 70 65 03 Data Ascii: MTObject&\@Create@Self$\@Free@Self)\|KDisposeOf@Self>\@InitInstance@Self@Instance/L]@CleanupInstance@Self)\|KClassType
2025-01-12 00:06:45 UTC	1369	IN	Data Raw: 00 5b 00 0c 60 40 00 11 53 61 66 65 43 61 6c 6c 45 78 63 65 70 74 69 6f 6e 03 00 28 13 40 00 08 00 03 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 08 88 1f 40 00 01 00 0c 45 78 63 65 70 74 4f 62 6a 65 63 74 02 00 00 00 11 40 00 02 00 0a 45 78 63 65 70 74 41 64 64 72 02 00 02 00 31 00 2c 60 40 00 11 41 66 74 65 72 43 6f 6e 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 30 60 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 39 00 34 60 40 00 08 44 69 73 70 61 74 63 68 03 00 00 00 00 00 08 00 02 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 01 00 00 00 00 01 00 07 4d 65 73 73 61 67 65 02 00 02 00 3f 00 28 60 40 00 0e 44 Data Ascii: [`@SafeCallException(@@Self@ExceptObject@ExceptAddr1,`@AfterConstruction@Self10`@BeforeDestruction@Self94`@Dispatch@SelfMessage?(`@D
2025-01-12 00:06:45 UTC	1369	IN	Data Raw: 45 4e 41 74 74 72 69 62 75 74 65 80 22 40 00 20 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 00 00 54 23 40 00 14 08 50 4d 6f 6e 69 74 6f 72 54 24 40 00 02 00 68 23 40 00 14 17 54 4d 6f 6e 69 74 6f 72 2e 50 57 61 69 74 69 6e 67 54 68 72 65 61 64 88 23 40 00 02 00 00 8c 23 40 00 0e 17 54 4d 6f 6e 69 74 6f 72 2e 54 57 61 69 74 69 6e 67 54 68 72 65 61 64 0c 00 00 00 00 00 00 00 00 03 00 00 00 64 23 40 00 00 00 00 00 02 04 4e 65 78 74 02 00 e4 10 40 00 04 00 00 00 02 06 54 68 72 65 61 64 02 00 00 11 40 00 08 00 00 00 02 09 57 61 69 74 45 76 65 6e 74 02 00 02 00 00 00 00 00 00 f4 23 40 00 0e 12 54 4d 6f 6e 69 74 6f 72 2e 54 53 70 69 6e 4c 6f 63 6b 04 00 00 00 00 00 00 00 00 01 00 00 00 9c 10 40 00 00 00 00 00 00 05 46 4c 6f 63 6b 02 00 02 00 02 Data Ascii: ENAttribute"@ @SystemT#@PMonitorT$@h#@TMonitor.PWaitingThread#@#@TMonitor.TWaitingThreadd#@Next@Thread@WaitEvent#@TMonitor.TSpinLock@FLock
2025-01-12 00:06:45 UTC	1369	IN	Data Raw: 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 d8 28 40 00 00 00 04 53 65 6c 66 02 00 02 00 2b 00 00 c6 40 00 0b 4e 65 77 49 6e 73 74 61 6e 63 65 03 00 88 1f 40 00 08 00 01 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 dc 28 40 00 07 11 54 49 6e 74 65 72 66 61 63 65 64 4f 62 6a 65 63 74 f4 27 40 00 88 1f 40 00 00 00 06 53 79 73 74 65 6d 00 00 01 00 02 0f 29 40 00 02 00 02 00 00 00 9c 10 40 00 d4 c5 40 00 00 00 00 00 01 00 00 00 00 00 00 80 00 00 00 80 ff ff 08 52 65 66 43 6f 75 6e 74 00 00 38 29 40 00 14 0c 50 53 68 6f 72 74 53 74 72 69 6e 67 e4 11 40 00 02 00 50 29 40 00 0a 0a 55 54 46 38 53 74 72 69 6e 67 e9 fd 02 00 64 29 40 00 0a 0d 52 61 77 42 79 74 65 53 74 72 69 6e 67 ff ff 02 00 00 7c 29 40 00 14 05 50 42 79 74 Data Ascii: BeforeDestruction(@Self+@NewInstance@Self(@TInterfacedObject'@@System)@@@RefCount8)@PShortString@P)@UTF8Stringd)@RawByteString\|)@PByt
2025-01-12 00:06:45 UTC	1369	IN	Data Raw: 02 00 00 00 02 06 56 57 6f 72 64 73 02 00 00 00 00 00 02 00 00 00 02 06 56 42 79 74 65 73 02 00 00 00 00 00 00 00 00 00 02 07 52 61 77 44 61 74 61 02 00 02 00 00 00 00 18 2e 40 00 03 09 54 54 79 70 65 4b 69 6e 64 01 00 00 00 00 16 00 00 00 14 2e 40 00 09 74 6b 55 6e 6b 6e 6f 77 6e 09 74 6b 49 6e 74 65 67 65 72 06 74 6b 43 68 61 72 0d 74 6b 45 6e 75 6d 65 72 61 74 69 6f 6e 07 74 6b 46 6c 6f 61 74 08 74 6b 53 74 72 69 6e 67 05 74 6b 53 65 74 07 74 6b 43 6c 61 73 73 08 74 6b 4d 65 74 68 6f 64 07 74 6b 57 43 68 61 72 09 74 6b 4c 53 74 72 69 6e 67 09 74 6b 57 53 74 72 69 6e 67 09 74 6b 56 61 72 69 61 6e 74 07 74 6b 41 72 72 61 79 08 74 6b 52 65 63 6f 72 64 0b 74 6b 49 6e 74 65 72 66 61 63 65 07 74 6b 49 6e 74 36 34 0a 74 6b 44 79 6e 41 72 72 61 79 09 74 6b 55 Data Ascii: VWordsVBytesRawData.@TTypeKind.@tkUnknowntkIntegertkChartkEnumerationtkFloattkStringtkSettkClasstkMethodtkWChartkLStringtkWStringtkVarianttkArraytkRecordtkInterfacetkInt64tkDynArraytkU
2025-01-12 00:06:45 UTC	1369	IN	Data Raw: 00 00 00 3c 33 40 00 0e 0d 54 52 65 73 53 74 72 69 6e 67 52 65 63 08 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 02 06 4d 6f 64 75 6c 65 02 00 70 11 40 00 04 00 00 00 02 0a 49 64 65 6e 74 69 66 69 65 72 02 00 02 00 00 00 88 33 40 00 03 0d 54 46 6c 6f 61 74 53 70 65 63 69 61 6c 01 00 00 00 00 08 00 00 00 84 33 40 00 06 66 73 5a 65 72 6f 07 66 73 4e 5a 65 72 6f 0a 66 73 44 65 6e 6f 72 6d 61 6c 0b 66 73 4e 44 65 6e 6f 72 6d 61 6c 0a 66 73 50 6f 73 69 74 69 76 65 0a 66 73 4e 65 67 61 74 69 76 65 05 66 73 49 6e 66 06 66 73 4e 49 6e 66 05 66 73 4e 61 4e 06 53 79 73 74 65 6d 02 00 00 34 40 00 0e 0e 54 45 78 74 65 6e 64 65 64 38 30 52 65 63 0a 00 00 00 00 00 00 00 00 01 00 00 00 9c 11 40 00 00 00 00 00 00 0b 61 45 78 74 65 6e 64 65 64 38 30 02 00 Data Ascii: <3@TResStringRecModulep@Identifier3@TFloatSpecial3@fsZerofsNZerofsDenormalfsNDenormalfsPositivefsNegativefsInffsNInffsNaNSystem4@TExtended80Rec@aExtended80
2025-01-12 00:06:45 UTC	1369	IN	Data Raw: 65 78 70 65 63 74 65 64 20 73 6d 61 6c 6c 20 62 6c 6f 63 6b 20 6c 65 61 6b 73 20 61 72 65 3a 0d 0a 00 54 68 65 20 73 69 7a 65 73 20 6f 66 20 75 6e 65 78 70 65 63 74 65 64 20 6c 65 61 6b 65 64 20 6d 65 64 69 75 6d 20 61 6e 64 20 6c 61 72 67 65 20 62 6c 6f 63 6b 73 20 61 72 65 3a 20 00 00 00 00 20 62 79 74 65 73 3a 20 00 00 00 00 55 6e 6b 6e 6f 77 6e 00 41 6e 73 69 53 74 72 69 6e 67 00 00 55 6e 69 63 6f 64 65 53 74 72 69 6e 67 00 00 00 0d 0a 00 00 55 6e 65 78 70 65 63 74 65 64 20 4d 65 6d 6f 72 79 20 4c 65 61 6b 00 00 8b 08 89 0a 8b 48 04 8b 40 08 89 4a 04 89 42 08 c3 8d 40 00 8b 08 89 0a 8b 48 04 89 4a 04 8b 48 08 89 4a 08 8b 48 0c 8b 40 10 89 4a 0c 89 42 10 c3 8d 40 00 8b 08 89 0a 8b 48 04 89 4a 04 8b 48 08 89 4a 08 8b 48 0c 89 4a 0c 8b 48 10 89 4a 10 8b Data Ascii: expected small block leaks are:The sizes of unexpected leaked medium and large blocks are: bytes: UnknownAnsiStringUnicodeStringUnexpected Memory LeakH@JB@HJHJH@JB@HJHJHJHJ

Target ID:	0
Start time:	19:05:32
Start date:	11/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	19:05:36
Start date:	11/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1916,i,13595971360626531261,10883008088770361023,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false