hxxps://t[.]me/grimemp

Analysis

max time kernel
149s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02/09/2024, 19:06 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://t.me/grimemp

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133697776004940765"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2568	chrome.exe
2568	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2568 wrote to memory of 2208	2568	chrome.exe	78
PID 2568 wrote to memory of 2208	2568	chrome.exe	78
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 4916	2568	chrome.exe	79
PID 2568 wrote to memory of 1452	2568	chrome.exe	80
PID 2568 wrote to memory of 1452	2568	chrome.exe	80
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81
PID 2568 wrote to memory of 2084	2568	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://t.me/grimemp
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7d6ccc40,0x7ffd7d6ccc4c,0x7ffd7d6ccc58
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,5436230847371062677,1118192208026078658,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1816 /prefetch:2
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,5436230847371062677,1118192208026078658,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,5436230847371062677,1118192208026078658,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2176 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,5436230847371062677,1118192208026078658,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,5436230847371062677,1118192208026078658,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3124,i,5436230847371062677,1118192208026078658,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3208,i,5436230847371062677,1118192208026078658,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3284 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3148,i,5436230847371062677,1118192208026078658,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4496,i,5436230847371062677,1118192208026078658,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4836,i,5436230847371062677,1118192208026078658,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=740,i,5436230847371062677,1118192208026078658,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2288

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3408

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4728

Network

DNS

t.me

chrome.exe

Remote address:

8.8.8.8:53

Request

t.me

IN A

Response

t.me

IN A

149.154.167.99
DNS

telegram.org

chrome.exe

Remote address:

8.8.8.8:53

Request

telegram.org

IN A

Response

telegram.org

IN A

149.154.167.99
DNS

8.8.8.8.in-addr.arpa

chrome.exe

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

152.35.111.34.in-addr.arpa

chrome.exe

Remote address:

8.8.8.8:53

Request

152.35.111.34.in-addr.arpa

IN PTR

Response

152.35.111.34.in-addr.arpa

IN PTR

1523511134bcgoogleusercontentcom
DNS

oauth.tg.dev

chrome.exe

Remote address:

8.8.8.8:53

Request

oauth.tg.dev

IN A

Response

oauth.tg.dev

IN A

149.154.167.99
DNS

14.179.89.13.in-addr.arpa

chrome.exe

Remote address:

8.8.8.8:53

Request

14.179.89.13.in-addr.arpa

IN PTR

Response
GET

https://t.me/grimemp

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /grimemp HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:38 GMT
content-type: text/html; charset=utf-8
content-length: 4179
set-cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955; expires=Tue, 03 Sep 2024 19:06:38 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
x-frame-options: ALLOW-FROM https://web.telegram.org
content-security-policy: frame-ancestors https://web.telegram.org
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/s/grimemp

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /s/grimemp HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://t.me/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: text/html; charset=utf-8
content-length: 9122
pragma: no-cache
cache-control: no-store
x-frame-options: SAMEORIGIN
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/i/emoji/5803441315949582570.json

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /i/emoji/5803441315949582570.json HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 702
etag: "1dd15d1b263cea387915f77d42685fb1dc3c9e7e"
cache-control: max-age=84600, public
expires: Tue, 03 Sep 2024 18:36:50 GMT
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/i/emoji/5805447666972234574.json

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /i/emoji/5805447666972234574.json HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 709
etag: "41f12c3808210c22d1cd684c5f0ef5ff14084234"
cache-control: max-age=84600, public
expires: Tue, 03 Sep 2024 18:36:50 GMT
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/i/emoji/5803102430145026247.json

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /i/emoji/5803102430145026247.json HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 766
etag: "fbd7b24321b64a5d1e1a51e95fb7127d988b4124"
cache-control: max-age=84600, public
expires: Tue, 03 Sep 2024 18:36:50 GMT
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/i/emoji/5805646669986927966.json

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /i/emoji/5805646669986927966.json HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 700
etag: "d9fae578c911453712fdb89ad8a8c79eb4b7034f"
cache-control: max-age=84600, public
expires: Tue, 03 Sep 2024 18:36:50 GMT
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/i/emoji/5805485539993850647.json

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /i/emoji/5805485539993850647.json HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 712
etag: "3b880363e34b13f6e51078154b926e5889369dc1"
cache-control: max-age=84600, public
expires: Tue, 03 Sep 2024 18:36:50 GMT
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/i/emoji/5821148534103086571.json

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /i/emoji/5821148534103086571.json HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 720
etag: "f8d4b71c660c24a67d51e6017e2799ba735340dc"
cache-control: max-age=84600, public
expires: Tue, 03 Sep 2024 18:36:50 GMT
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/i/emoji/5215174853895660531.json

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /i/emoji/5215174853895660531.json HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 747
etag: "41995f60ea9c7d7a7cc678ee06d678e039a0c433"
cache-control: max-age=84600, public
expires: Tue, 03 Sep 2024 18:36:50 GMT
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/i/emoji/5213403875670765022.json

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /i/emoji/5213403875670765022.json HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 882
etag: "543e5a35d2a7cd88317d4383fecd126a18edaa60"
cache-control: max-age=84600, public
expires: Tue, 03 Sep 2024 18:36:50 GMT
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/i/emoji/5215218645382211332.json

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /i/emoji/5215218645382211332.json HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 744
etag: "dcc6bc9376a0adec58ff807b6c2a411a8c1aaa24"
cache-control: max-age=84600, public
expires: Tue, 03 Sep 2024 18:36:50 GMT
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/i/emoji/5217623212887644550.json

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /i/emoji/5217623212887644550.json HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 874
etag: "c95d2bbea7bf2ea47e88116bfaf46d7cab243fb7"
cache-control: max-age=84600, public
expires: Tue, 03 Sep 2024 18:36:50 GMT
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/i/emoji/5215444784000277441.json

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /i/emoji/5215444784000277441.json HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 765
etag: "cf315f5116306e3a70ba9f7bcbfba232d994f71e"
cache-control: max-age=84600, public
expires: Tue, 03 Sep 2024 18:36:50 GMT
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/i/emoji/5215239948420003628.json

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /i/emoji/5215239948420003628.json HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 878
etag: "cbdf875dc0960a0d376c8231c5cdf506661a6f71"
cache-control: max-age=84600, public
expires: Tue, 03 Sep 2024 18:36:50 GMT
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/i/emoji/5212920133504212456.json

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /i/emoji/5212920133504212456.json HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 742
etag: "ef2c0fc2c37650490c04181b653d01c4b662476d"
cache-control: max-age=84600, public
expires: Tue, 03 Sep 2024 18:36:50 GMT
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/i/emoji/5215713717672484003.json

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /i/emoji/5215713717672484003.json HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 798
etag: "14cc96135deac9462569ea6c003abf607753da09"
cache-control: max-age=84600, public
expires: Tue, 03 Sep 2024 18:36:50 GMT
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/i/emoji/5217465999904743610.json

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /i/emoji/5217465999904743610.json HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 735
etag: "972913f6f126027996ed09e30af82c14d9a08a5b"
cache-control: max-age=84600, public
expires: Tue, 03 Sep 2024 18:36:50 GMT
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/i/emoji/5217841878262618606.json

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /i/emoji/5217841878262618606.json HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 780
etag: "1fb83430374afa170345f3b0095ab717c2faa698"
cache-control: max-age=84600, public
expires: Tue, 03 Sep 2024 18:36:50 GMT
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/i/emoji/5920168682989819312.json

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /i/emoji/5920168682989819312.json HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 803
etag: "8bd00815b88623db15c82ed49a41b8b4d9efdd97"
cache-control: max-age=84600, public
expires: Tue, 03 Sep 2024 18:36:50 GMT
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/i/emoji/5269302926567810640.json

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /i/emoji/5269302926567810640.json HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 767
etag: "78b522b7ee410e9d64b50d63715d0a2341472302"
cache-control: max-age=84600, public
expires: Tue, 03 Sep 2024 18:36:50 GMT
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/i/emoji/5274099962655816924.json

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /i/emoji/5274099962655816924.json HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 802
etag: "dc09b9e889b66a9800acdcaa1ffd7d454c63c8e3"
cache-control: max-age=84600, public
expires: Tue, 03 Sep 2024 18:36:50 GMT
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/i/emoji/5922643816807928817.json

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /i/emoji/5922643816807928817.json HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 747
etag: "c5d3a4023c2e803834e9814574e1e851bbbfd5c3"
cache-control: max-age=84600, public
expires: Tue, 03 Sep 2024 18:36:50 GMT
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/i/emoji/6012639457721717840.json

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /i/emoji/6012639457721717840.json HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 670
etag: "5bb784187a9a24e90fe492dbd59d3f074ecf01b5"
cache-control: max-age=84600, public
expires: Tue, 03 Sep 2024 18:36:50 GMT
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/i/emoji/5447644880824181073.json

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /i/emoji/5447644880824181073.json HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 867
etag: "eaca6f7bcf73fffe5c11ba4d726f134042192811"
cache-control: max-age=84600, public
expires: Tue, 03 Sep 2024 18:36:50 GMT
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/i/emoji/5217822164362739968.json

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /i/emoji/5217822164362739968.json HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 796
etag: "bb3c3c91b74e0a3f14c48880fbf7f086ba1aa27d"
cache-control: max-age=84600, public
expires: Tue, 03 Sep 2024 18:36:50 GMT
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/i/emoji/5215706742645599766.json

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /i/emoji/5215706742645599766.json HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 826
etag: "9aaa83eb74abd4deb0af5deb426c8b995aee55c6"
cache-control: max-age=84600, public
expires: Tue, 03 Sep 2024 18:36:50 GMT
content-encoding: gzip
strict-transport-security: max-age=35768000
POST

https://t.me/v/

chrome.exe

Remote address:

149.154.167.99:443

Request

POST /v/ HTTP/2.0
host: t.me
content-length: 92
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept: */*
content-type: application/x-www-form-urlencoded; charset=UTF-8
x-requested-with: XMLHttpRequest
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
origin: https://t.me
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/json; charset=utf-8
content-length: 24
pragma: no-cache
cache-control: no-store
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/js/tgsticker-worker.js?14

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /js/tgsticker-worker.js?14 HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: same-origin
sec-fetch-dest: worker
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:51 GMT
content-type: application/javascript
last-modified: Wed, 29 Jun 2022 21:52:44 GMT
etag: W/"62bcc9ac-1731"
expires: Fri, 06 Sep 2024 19:06:51 GMT
cache-control: max-age=345600
strict-transport-security: max-age=35768000
content-encoding: gzip
GET

https://t.me/js/rlottie-wasm.js

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /js/rlottie-wasm.js HTTP/2.0
host: t.me
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://t.me/js/tgsticker-worker.js?14
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:53 GMT
content-type: application/javascript
last-modified: Tue, 14 Jul 2020 22:03:36 GMT
etag: W/"5f0e2bb8-188f9"
expires: Fri, 06 Sep 2024 19:06:53 GMT
cache-control: max-age=345600
strict-transport-security: max-age=35768000
content-encoding: gzip
GET

https://t.me/js/pako-inflate.min.js

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /js/pako-inflate.min.js HTTP/2.0
host: t.me
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://t.me/js/tgsticker-worker.js?14
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:53 GMT
content-type: application/javascript
last-modified: Fri, 04 Oct 2019 11:37:17 GMT
etag: W/"5d972eed-589a"
expires: Fri, 06 Sep 2024 19:06:53 GMT
cache-control: max-age=345600
strict-transport-security: max-age=35768000
content-encoding: gzip
GET

https://t.me/js/rlottie-wasm.wasm

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /js/rlottie-wasm.wasm HTTP/2.0
host: t.me
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/js/tgsticker-worker.js?14
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:53 GMT
content-type: application/wasm
last-modified: Tue, 14 Jul 2020 22:03:36 GMT
etag: W/"5f0e2bb8-5f508"
expires: Fri, 06 Sep 2024 19:06:53 GMT
cache-control: max-age=345600
strict-transport-security: max-age=35768000
content-encoding: gzip
POST

https://t.me/v/

chrome.exe

Remote address:

149.154.167.99:443

Request

POST /v/ HTTP/2.0
host: t.me
content-length: 96
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept: */*
content-type: application/x-www-form-urlencoded; charset=UTF-8
x-requested-with: XMLHttpRequest
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
origin: https://t.me
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:07:00 GMT
content-type: application/json; charset=utf-8
content-length: 24
pragma: no-cache
cache-control: no-store
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/grimemp/23

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /grimemp/23 HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://t.me/s/grimemp
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:07:12 GMT
content-type: text/html; charset=utf-8
content-length: 9309
pragma: no-cache
cache-control: no-store
x-frame-options: ALLOW-FROM https://web.telegram.org
content-security-policy: frame-ancestors https://web.telegram.org
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/grimemp/23?embed=1&mode=tme

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /grimemp/23?embed=1&mode=tme HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://t.me/grimemp/23
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:07:13 GMT
content-type: text/html; charset=utf-8
content-length: 2889
set-cookie: stel_on=1; expires=Mon, 01 Sep 2025 06:46:12 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
content-encoding: gzip
strict-transport-security: max-age=35768000
POST

https://t.me/grimemp/23?embed=1&mode=tme

chrome.exe

Remote address:

149.154.167.99:443

Request

POST /grimemp/23?embed=1&mode=tme HTTP/2.0
host: t.me
content-length: 5
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: application/x-www-form-urlencoded
accept: */*
origin: https://t.me
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/grimemp/23?embed=1&mode=tme
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955
cookie: stel_on=1
cookie: stel_dt=0

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:07:16 GMT
content-type: application/json; charset=utf-8
content-length: 24
pragma: no-cache
cache-control: no-store
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://t.me/v/?views=eyJjIjotMjI0MjI1NzQyNCwicCI6MjMsInQiOjE3MjUzMDQwMzMsImgiOiIyYjg5Nzc5YWQxNTUwOWM1ZmMifQ

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /v/?views=eyJjIjotMjI0MjI1NzQyNCwicCI6MjMsInQiOjE3MjUzMDQwMzMsImgiOiIyYjg5Nzc5YWQxNTUwOWM1ZmMifQ HTTP/2.0
host: t.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
x-requested-with: XMLHttpRequest
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://t.me/grimemp/23?embed=1&mode=tme
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: stel_ssid=efa32ef7e4d6e233a1_11737768548593899955
cookie: stel_on=1
cookie: stel_dt=0

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:07:16 GMT
content-type: application/json; charset=utf-8
content-length: 24
pragma: no-cache
cache-control: no-store
content-encoding: gzip
strict-transport-security: max-age=35768000
GET

https://telegram.org/css/font-roboto.css?1

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /css/font-roboto.css?1 HTTP/2.0
host: telegram.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://t.me/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:38 GMT
content-type: text/css
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: W/"63512b7d-1816"
expires: Fri, 06 Sep 2024 19:06:38 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
GET

https://telegram.org/css/bootstrap.min.css?3

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /css/bootstrap.min.css?3 HTTP/2.0
host: telegram.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://t.me/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:38 GMT
content-type: text/css
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
etag: W/"5a05e7c6-a61b"
expires: Fri, 06 Sep 2024 19:06:38 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
GET

https://telegram.org/css/telegram.css?240

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /css/telegram.css?240 HTTP/2.0
host: telegram.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://t.me/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:38 GMT
content-type: text/css
last-modified: Fri, 02 Aug 2024 00:39:02 GMT
etag: W/"66ac2aa6-1c1e5"
expires: Fri, 06 Sep 2024 19:06:38 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
GET

https://telegram.org/js/tgwallpaper.min.js?3

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /js/tgwallpaper.min.js?3 HTTP/2.0
host: telegram.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://t.me/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:38 GMT
content-type: application/javascript
last-modified: Thu, 03 Mar 2022 19:57:25 GMT
etag: W/"62211da5-ba3"
expires: Fri, 06 Sep 2024 19:06:38 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
GET

https://telegram.org/img/tgme/pattern.svg?1

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /img/tgme/pattern.svg?1 HTTP/2.0
host: telegram.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://telegram.org/css/telegram.css?240
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:38 GMT
content-type: image/svg+xml
last-modified: Thu, 05 Jan 2023 17:52:04 GMT
etag: W/"63b70e44-3891a"
expires: Fri, 06 Sep 2024 19:06:38 GMT
cache-control: max-age=345600
access-control-allow-origin: *
content-encoding: gzip
GET

https://telegram.org/css/widget-frame.css?67

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /css/widget-frame.css?67 HTTP/2.0
host: telegram.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://t.me/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: text/css
last-modified: Tue, 02 Apr 2024 16:47:47 GMT
etag: W/"660c36b3-145c6"
expires: Fri, 06 Sep 2024 19:06:50 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
GET

https://telegram.org/css/telegram-web.css?37

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /css/telegram-web.css?37 HTTP/2.0
host: telegram.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://t.me/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: text/css
last-modified: Thu, 05 Jan 2023 17:52:04 GMT
etag: W/"63b70e44-6b31"
expires: Fri, 06 Sep 2024 19:06:50 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
GET

https://telegram.org/js/jquery.min.js

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /js/jquery.min.js HTTP/2.0
host: telegram.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://t.me/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/javascript
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
etag: W/"5a05e7c6-1762a"
expires: Fri, 06 Sep 2024 19:06:50 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
GET

https://telegram.org/js/jquery-ui.min.js

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /js/jquery-ui.min.js HTTP/2.0
host: telegram.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://t.me/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/javascript
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
etag: W/"5a05e7c6-181a9"
expires: Fri, 06 Sep 2024 19:06:50 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
GET

https://telegram.org/js/tgsticker.js?31

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /js/tgsticker.js?31 HTTP/2.0
host: telegram.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://t.me/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/javascript
last-modified: Wed, 29 Mar 2023 11:31:32 GMT
etag: W/"64242194-601c"
expires: Fri, 06 Sep 2024 19:06:50 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
GET

https://telegram.org/js/widget-frame.js?62

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /js/widget-frame.js?62 HTTP/2.0
host: telegram.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://t.me/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/javascript
last-modified: Thu, 20 Apr 2023 18:46:51 GMT
etag: W/"6441889b-16f16"
expires: Fri, 06 Sep 2024 19:06:50 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
GET

https://telegram.org/js/telegram-web.js?14

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /js/telegram-web.js?14 HTTP/2.0
host: telegram.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://t.me/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/javascript
last-modified: Fri, 18 Mar 2022 10:32:52 GMT
etag: W/"62345fd4-2e63"
expires: Fri, 06 Sep 2024 19:06:50 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
GET

https://telegram.org/img/emoji/40/F09F9FA0.png

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /img/emoji/40/F09F9FA0.png HTTP/2.0
host: telegram.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://t.me/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: image/png
content-length: 1325
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
etag: "5dbb76a2-52d"
expires: Fri, 06 Sep 2024 19:06:50 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
GET

https://telegram.org/js/telegram-widget.js?22

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /js/telegram-widget.js?22 HTTP/2.0
host: telegram.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://t.me/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:07:12 GMT
content-type: application/javascript
last-modified: Mon, 03 Apr 2023 11:46:12 GMT
etag: W/"642abc84-4ff5"
expires: Fri, 06 Sep 2024 19:07:12 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
GET

https://cdn4.cdn-telegram.org/file/owSkCaLKq7smxVVFo-DjIQunEeWfXQYjQQHymsdbfCS4vS7shDqhqCagaIIWgRVfOIyu-Z_B6VzqdgIlOPRqzYKvSqC0HUFeWk-qUh5mBnlHAMjCgxl8pVwsd-8EYaJhWKJS0mXh8JOII8puIUV3yoXEbjdlfPPtzbcYWncNCYTWMe7zLJ9zJtGQW3dr3aIX3f_9m7i0SHsgA25k8l_HG3fiTJDAwCSaWnENSnRDa0rQLO32D_D9-hPWmOeJKnti63RZEVDvr_PoJcVraLWkXx08514rd-KVujGWg3ijEKVNrbr5VuJPx9CfsHFZH_bQfAFVfy270CXDQDrKe0ovfA.jpg

chrome.exe

Remote address:

34.111.35.152:443

Request

GET /file/owSkCaLKq7smxVVFo-DjIQunEeWfXQYjQQHymsdbfCS4vS7shDqhqCagaIIWgRVfOIyu-Z_B6VzqdgIlOPRqzYKvSqC0HUFeWk-qUh5mBnlHAMjCgxl8pVwsd-8EYaJhWKJS0mXh8JOII8puIUV3yoXEbjdlfPPtzbcYWncNCYTWMe7zLJ9zJtGQW3dr3aIX3f_9m7i0SHsgA25k8l_HG3fiTJDAwCSaWnENSnRDa0rQLO32D_D9-hPWmOeJKnti63RZEVDvr_PoJcVraLWkXx08514rd-KVujGWg3ijEKVNrbr5VuJPx9CfsHFZH_bQfAFVfy270CXDQDrKe0ovfA.jpg HTTP/2.0
host: cdn4.cdn-telegram.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://t.me/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://cdn4.cdn-telegram.org/file/OSSdB0VWC2NYpN0B0Jj0NYDTcYW95z4-s9KeKoQm9j78lHVmR-WQwm44vBfH5VDrAQExCp4NL70Lb1lK4R3nuEYwdm9pzEB1fwm7iP7WaZ2qw_sSBGv9_Rt01rjKhmZ5KpWpSfzylbYXPHcB87kPd9zQt2cHLS3lkKMCMZJCCo-iU7pjOnkLrbsiq8T2v4vLWkfpsHIDi7ZbTJ6cnI4Yzh8wpYSGyVgk--zIjUeUtDP76CsetGWLvNo9PLHEafoj7KLaTG1-kzW9BcYWh7exYldZZJS0PvPdqi46C5nZ-mHoNr8pHvnB1yVc-iA_-hYA5UaFdfxzADf5dcKvf6qB7g.jpg

chrome.exe

Remote address:

34.111.35.152:443

Request

GET /file/OSSdB0VWC2NYpN0B0Jj0NYDTcYW95z4-s9KeKoQm9j78lHVmR-WQwm44vBfH5VDrAQExCp4NL70Lb1lK4R3nuEYwdm9pzEB1fwm7iP7WaZ2qw_sSBGv9_Rt01rjKhmZ5KpWpSfzylbYXPHcB87kPd9zQt2cHLS3lkKMCMZJCCo-iU7pjOnkLrbsiq8T2v4vLWkfpsHIDi7ZbTJ6cnI4Yzh8wpYSGyVgk--zIjUeUtDP76CsetGWLvNo9PLHEafoj7KLaTG1-kzW9BcYWh7exYldZZJS0PvPdqi46C5nZ-mHoNr8pHvnB1yVc-iA_-hYA5UaFdfxzADf5dcKvf6qB7g.jpg HTTP/2.0
host: cdn4.cdn-telegram.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://t.me/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

42.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.169.217.172.in-addr.arpa

IN PTR

Response

42.169.217.172.in-addr.arpa

IN PTR

lhr48s08-in-f101e100net
DNS

content-autofill.googleapis.com

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

142.250.179.234

content-autofill.googleapis.com

IN A

216.58.213.10

content-autofill.googleapis.com

IN A

142.250.180.10

content-autofill.googleapis.com

IN A

142.250.187.202

content-autofill.googleapis.com

IN A

142.250.178.10

content-autofill.googleapis.com

IN A

142.250.200.10

content-autofill.googleapis.com

IN A

172.217.169.10

content-autofill.googleapis.com

IN A

216.58.201.106

content-autofill.googleapis.com

IN A

216.58.204.74

content-autofill.googleapis.com

IN A

142.250.187.234

content-autofill.googleapis.com

IN A

216.58.212.234

content-autofill.googleapis.com

IN A

142.250.200.42

content-autofill.googleapis.com

IN A

172.217.16.234
DNS

nexusrules.officeapps.live.com

Remote address:

8.8.8.8:53

Request

nexusrules.officeapps.live.com

IN A

Response

nexusrules.officeapps.live.com

IN CNAME

prod.nexusrules.live.com.akadns.net

prod.nexusrules.live.com.akadns.net

IN A

52.111.229.43
GET

https://telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 HTTP/2.0
host: telegram.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://t.me
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://telegram.org/css/font-roboto.css?1
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:38 GMT
content-type: application/octet-stream
content-length: 11040
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-2b20"
expires: Fri, 06 Sep 2024 19:06:38 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
GET

https://telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/2.0
host: telegram.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://t.me
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://telegram.org/css/font-roboto.css?1
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:38 GMT
content-type: application/octet-stream
content-length: 11028
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-2b14"
expires: Fri, 06 Sep 2024 19:06:38 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
GET

https://telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /fonts/Roboto/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 HTTP/2.0
host: telegram.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://t.me
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://telegram.org/css/font-roboto.css?1
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:06:50 GMT
content-type: application/octet-stream
content-length: 11072
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-2b40"
expires: Fri, 06 Sep 2024 19:06:50 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQkTW3CPzV21OxIFDT0fUzwhEW-3p4DRZgI=?alt=proto

chrome.exe

Remote address:

142.250.179.234:443

Request

GET /v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQkTW3CPzV21OxIFDT0fUzwhEW-3p4DRZgI=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CL6HywE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://oauth.tg.dev/js/telegram-widget.js?22

chrome.exe

Remote address:

149.154.167.99:443

Request

GET /js/telegram-widget.js?22 HTTP/2.0
host: oauth.tg.dev
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://t.me/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.18.0
date: Mon, 02 Sep 2024 19:07:16 GMT
content-type: application/javascript
last-modified: Mon, 03 Apr 2023 11:46:12 GMT
etag: W/"642abc84-4ff5"
expires: Fri, 06 Sep 2024 19:07:16 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip

149.154.167.99:443

https://t.me/v/?views=eyJjIjotMjI0MjI1NzQyNCwicCI6MjMsInQiOjE3MjUzMDQwMzMsImgiOiIyYjg5Nzc5YWQxNTUwOWM1ZmMifQ

tls, http2

chrome.exe

12.2kB
267.7kB
169
262

HTTP Request

GET https://t.me/grimemp

HTTP Response

200

HTTP Request

GET https://t.me/s/grimemp

HTTP Response

200

HTTP Request

GET https://t.me/i/emoji/5803441315949582570.json

HTTP Request

GET https://t.me/i/emoji/5805447666972234574.json

HTTP Request

GET https://t.me/i/emoji/5803102430145026247.json

HTTP Request

GET https://t.me/i/emoji/5805646669986927966.json

HTTP Request

GET https://t.me/i/emoji/5805485539993850647.json

HTTP Request

GET https://t.me/i/emoji/5821148534103086571.json

HTTP Request

GET https://t.me/i/emoji/5215174853895660531.json

HTTP Request

GET https://t.me/i/emoji/5213403875670765022.json

HTTP Request

GET https://t.me/i/emoji/5215218645382211332.json

HTTP Request

GET https://t.me/i/emoji/5217623212887644550.json

HTTP Request

GET https://t.me/i/emoji/5215444784000277441.json

HTTP Request

GET https://t.me/i/emoji/5215239948420003628.json

HTTP Request

GET https://t.me/i/emoji/5212920133504212456.json

HTTP Request

GET https://t.me/i/emoji/5215713717672484003.json

HTTP Request

GET https://t.me/i/emoji/5217465999904743610.json

HTTP Request

GET https://t.me/i/emoji/5217841878262618606.json

HTTP Request

GET https://t.me/i/emoji/5920168682989819312.json

HTTP Request

GET https://t.me/i/emoji/5269302926567810640.json

HTTP Request

GET https://t.me/i/emoji/5274099962655816924.json

HTTP Request

GET https://t.me/i/emoji/5922643816807928817.json

HTTP Request

GET https://t.me/i/emoji/6012639457721717840.json

HTTP Request

GET https://t.me/i/emoji/5447644880824181073.json

HTTP Request

GET https://t.me/i/emoji/5217822164362739968.json

HTTP Request

GET https://t.me/i/emoji/5215706742645599766.json

HTTP Request

POST https://t.me/v/

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://t.me/js/tgsticker-worker.js?14

HTTP Response

200

HTTP Request

GET https://t.me/js/rlottie-wasm.js

HTTP Response

200

HTTP Request

GET https://t.me/js/pako-inflate.min.js

HTTP Request

GET https://t.me/js/rlottie-wasm.wasm

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://t.me/v/

HTTP Response

200

HTTP Request

GET https://t.me/grimemp/23

HTTP Response

200

HTTP Request

GET https://t.me/grimemp/23?embed=1&mode=tme

HTTP Response

200

HTTP Request

POST https://t.me/grimemp/23?embed=1&mode=tme

HTTP Request

GET https://t.me/v/?views=eyJjIjotMjI0MjI1NzQyNCwicCI6MjMsInQiOjE3MjUzMDQwMzMsImgiOiIyYjg5Nzc5YWQxNTUwOWM1ZmMifQ

HTTP Response

200

HTTP Response

200
149.154.167.99:443

telegram.org

tls, http2

chrome.exe

1.1kB
6.8kB
12
12
149.154.167.99:443

telegram.org

tls, http2

chrome.exe

1.2kB
6.8kB
12
12
149.154.167.99:443

telegram.org

tls, http2

chrome.exe

1.2kB
6.8kB
12
12
149.154.167.99:443

https://telegram.org/js/telegram-widget.js?22

tls, http2

chrome.exe

11.3kB
286.4kB
199
249

HTTP Request

GET https://telegram.org/css/font-roboto.css?1

HTTP Request

GET https://telegram.org/css/bootstrap.min.css?3

HTTP Request

GET https://telegram.org/css/telegram.css?240

HTTP Request

GET https://telegram.org/js/tgwallpaper.min.js?3

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://telegram.org/img/tgme/pattern.svg?1

HTTP Response

200

HTTP Request

GET https://telegram.org/css/widget-frame.css?67

HTTP Request

GET https://telegram.org/css/telegram-web.css?37

HTTP Request

GET https://telegram.org/js/jquery.min.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://telegram.org/js/jquery-ui.min.js

HTTP Request

GET https://telegram.org/js/tgsticker.js?31

HTTP Request

GET https://telegram.org/js/widget-frame.js?62

HTTP Request

GET https://telegram.org/js/telegram-web.js?14

HTTP Request

GET https://telegram.org/img/emoji/40/F09F9FA0.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://telegram.org/js/telegram-widget.js?22

HTTP Response

200
34.111.35.152:443

https://cdn4.cdn-telegram.org/file/OSSdB0VWC2NYpN0B0Jj0NYDTcYW95z4-s9KeKoQm9j78lHVmR-WQwm44vBfH5VDrAQExCp4NL70Lb1lK4R3nuEYwdm9pzEB1fwm7iP7WaZ2qw_sSBGv9_Rt01rjKhmZ5KpWpSfzylbYXPHcB87kPd9zQt2cHLS3lkKMCMZJCCo-iU7pjOnkLrbsiq8T2v4vLWkfpsHIDi7ZbTJ6cnI4Yzh8wpYSGyVgk--zIjUeUtDP76CsetGWLvNo9PLHEafoj7KLaTG1-kzW9BcYWh7exYldZZJS0PvPdqi46C5nZ-mHoNr8pHvnB1yVc-iA_-hYA5UaFdfxzADf5dcKvf6qB7g.jpg

tls, http2

chrome.exe

3.5kB
52.4kB
36
54

HTTP Request

GET https://cdn4.cdn-telegram.org/file/owSkCaLKq7smxVVFo-DjIQunEeWfXQYjQQHymsdbfCS4vS7shDqhqCagaIIWgRVfOIyu-Z_B6VzqdgIlOPRqzYKvSqC0HUFeWk-qUh5mBnlHAMjCgxl8pVwsd-8EYaJhWKJS0mXh8JOII8puIUV3yoXEbjdlfPPtzbcYWncNCYTWMe7zLJ9zJtGQW3dr3aIX3f_9m7i0SHsgA25k8l_HG3fiTJDAwCSaWnENSnRDa0rQLO32D_D9-hPWmOeJKnti63RZEVDvr_PoJcVraLWkXx08514rd-KVujGWg3ijEKVNrbr5VuJPx9CfsHFZH_bQfAFVfy270CXDQDrKe0ovfA.jpg

HTTP Request

GET https://cdn4.cdn-telegram.org/file/OSSdB0VWC2NYpN0B0Jj0NYDTcYW95z4-s9KeKoQm9j78lHVmR-WQwm44vBfH5VDrAQExCp4NL70Lb1lK4R3nuEYwdm9pzEB1fwm7iP7WaZ2qw_sSBGv9_Rt01rjKhmZ5KpWpSfzylbYXPHcB87kPd9zQt2cHLS3lkKMCMZJCCo-iU7pjOnkLrbsiq8T2v4vLWkfpsHIDi7ZbTJ6cnI4Yzh8wpYSGyVgk--zIjUeUtDP76CsetGWLvNo9PLHEafoj7KLaTG1-kzW9BcYWh7exYldZZJS0PvPdqi46C5nZ-mHoNr8pHvnB1yVc-iA_-hYA5UaFdfxzADf5dcKvf6qB7g.jpg
149.154.167.99:443

https://telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

tls, http2

chrome.exe

2.9kB
42.1kB
33
46

HTTP Request

GET https://telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

HTTP Request

GET https://telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

HTTP Response

200
142.250.179.234:443

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQkTW3CPzV21OxIFDT0fUzwhEW-3p4DRZgI=?alt=proto

tls, http2

chrome.exe

1.9kB
6.8kB
15
16

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQkTW3CPzV21OxIFDT0fUzwhEW-3p4DRZgI=?alt=proto
149.154.167.99:443

https://oauth.tg.dev/js/telegram-widget.js?22

tls, http2

chrome.exe

1.8kB
13.4kB
16
20

HTTP Request

GET https://oauth.tg.dev/js/telegram-widget.js?22

HTTP Response

200

8.8.8.8:53

t.me

dns

chrome.exe

375 B
573 B
6
6

DNS Request

t.me

DNS Response

149.154.167.99

DNS Request

telegram.org

DNS Response

149.154.167.99

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

152.35.111.34.in-addr.arpa

DNS Request

oauth.tg.dev

DNS Response

149.154.167.99

DNS Request

14.179.89.13.in-addr.arpa
8.8.8.8:53

42.169.217.172.in-addr.arpa

dns

226 B
538 B
3
3

DNS Request

42.169.217.172.in-addr.arpa

DNS Request

content-autofill.googleapis.com

DNS Response

142.250.179.234

216.58.213.10

142.250.180.10

142.250.187.202

142.250.178.10

142.250.200.10

172.217.169.10

216.58.201.106

216.58.204.74

142.250.187.234

216.58.212.234

142.250.200.42

172.217.16.234

DNS Request

nexusrules.officeapps.live.com

DNS Response

52.111.229.43
224.0.0.251:5353

chrome.exe

204 B
3
34.111.35.152:443

cdn4.cdn-telegram.org

https

chrome.exe

21.5kB
578.5kB
147
504
34.111.35.152:443

cdn4.cdn-telegram.org

https

chrome.exe

6.5kB
68.4kB
43
65

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4ac54a245af8fcfdef048fb194612c3f

SHA1
befdcff06ba9b22f16f4550bfdf70a9d63febe58

SHA256
4c9c1bab6fcb276466711d0e598a5f27068290999767f14ad54d2961f77e54e1

SHA512
1975306b7db64bc1abe1ca5fc69f10ee4742fdc68cc208bec36e989cf60c5e898aca75795fe69d95a2d66c6db5d1ddfb86df716627821ec54d7ae5ea7e5641a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
30KB

MD5
348c832a4560adebb39e32b91f392e20

SHA1
5f8743e97e3d0c418d90998072416705f17eb720

SHA256
32339f355b5b9b8693f9f6370dca7b05fe6042e3b2d94546afa05d569dd6b66b

SHA512
c225d7794c5c01872bb1af8a0c6af443f54e07f40cb8c03ed79c77a092ab35e03cbf29e2672cd070e93c998f54fe7776f4ff4e948dfd67af8d77039af6638cb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
151KB

MD5
c798737fd303ec814cf40d8076bd5d5f

SHA1
0d18fd05f16c17652468175fcc41423a3d99170c

SHA256
a8e7368f03b24867920b42fe31331acf8bde1626336affcee9bd6a9d7daf0692

SHA512
31ad0a4e439b706ce0da3a541bad7ed5e5340d086bac526b7872ecfeb722edd9767d99baf72307ae6f79649e3be90542e9034b618dd75db7fc46c19eca72da35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
a58bd1016ee1cfa53f77277b617ebb3a

SHA1
ae3a75d5f42c65c2b8ae313504883ac9a0dd1586

SHA256
fcf50fbc9cbf8c3024721c32f098e38f0780aeacefa95b4ecbb6b540d6bd8d37

SHA512
6d58b930852cf6b1a06bda04b452fc145de1df1795067bfded86606c937f0921baaeb0f05619d335f6d56f71d81b7391763a73bfd952539e6013d304801f0412

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
bf6fdb07818733a5230c6ff1975fbc1e

SHA1
5de0b97c35699d6ba432cdcaf6c2b8a3e3943bbe

SHA256
7dc88d9072b883ee07bf49747d3f00086b5f0d49983d38d5b74af6df8339fbc7

SHA512
0d9f8a24dd9a363c17c42afc5608077fab668530c90380ad9e82f9e7824fd2836f77ea7bf81a71c0e891f80c54055bfcbc70383b0dcfc10b96307f175964993f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
224ed0d3b1e3eee3b21a154008086780

SHA1
73a93d0c8336718bd9b9154fc5f881a0bb8462c1

SHA256
fc1f4420a6a80beef0679e63240230e8103ab1e12f9d3bf908602f6fa7d78a62

SHA512
5cb83aea03a6930ab7e10b1baaee3b15eb0bf6d2fc13d91dca800d2f993294549fb6297052edaff39b293008ae3d3503864fea60a92facedaf792ebde11ed276

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
90fa20623df308878aea68aed4dd93fa

SHA1
18c4ab3cd4a808182e0720c1833d20dcc23d79cb

SHA256
4815558dd11879be75d0aac55a6095db9276478f3b07b37f572bf1282406c3d7

SHA512
329d271732cbf5b72160828cb77f7d78d6e5dde38ad9ef9356688351ae160fe5e936e043e06a84969d14d49be3053fbbeb6bd33bf8f98292e394087ce4114506

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
76ddd0bc69251b91b86f7c002d707662

SHA1
e3f69187a75f53b8bc0eea92d6bef767b3e7bb6b

SHA256
66ea263c47d152b47df6c1b5c163ea3ba0547ef128cf8c3302c9b202232e8aec

SHA512
e8e9950dc4eea693a6a604a9498ad7cd1c00c0ca220873ebc01c3fa4f029bcfb308afe2e07f1d563575978234e9c46427496019168d30cda05288b8b98f7ea87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
42ef3aff8b1737eed2fd70cb01dd17a0

SHA1
5b7ca1e2aab9c1fb02eff36e42e0a16656ba045f

SHA256
9e8699d53bbc79d3a50faa8e63fa1502d86161805a50e709eb09364d65b5c5ef

SHA512
ceaef7a3efef5eaca1dd2fa4b124ed8c921f69df3fbe2381099ef33eb9c93cec66fb7705d8fc8b87b9186bfffe0e60ef0cd5165a0e039d5b291af603b63963c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5e75d13f96373886f71ce6617167724e

SHA1
12525398821902ed529c47c8930f7b4890e3d2bd

SHA256
9d4f9e3708ebdf86a77da073ad46d9d8d2f7e3f0a2fdbfa867941f8a998d8733

SHA512
d54e1a5283b7530e15d4fb2770845702cfc2bd02bf2986f2f63e6d1060f4ce80d2e03f8796660973eb854ad11751737958e509bd96b94377bd8bb9af5fd674f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e73549daba44923e7559e8ffe05dcde7

SHA1
859422d51ef2887caf385caa27f82c70ca8dae4a

SHA256
7e8ffb37d0ad775f94b0cbdb0a063d688c871a1db060f4ee270bccc27db2313a

SHA512
26202308f30d699f3c4c3fc68e8a194e5ce2eb622a5add40d1df216316bda10140638d23c04d4a422ff82e7215c6ada1587a92ff5de7ff624b90e637437d3d24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8184346289f70438b4f87b5806a6f9d0

SHA1
cc616513c0248afea946cb2b1561f00a9801405f

SHA256
f67508ad22d31e945096ab099ca205beac2c0e7bfe5a812179d3223224d4a75d

SHA512
574e911c70a74b70c93496761d13215fd151cdf1c7fcca8ce12cd822672f83deb576fac6ec6af406e6822b5accd63c08017a861c25b55e6e1292419510cba018

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
40c459d8c5ea05d9caa8a7f6ba11cc2d

SHA1
66f90d6de7491598c995d80381a328e260adbb4a

SHA256
79248e873a01469402c0ba0fb902cd493e90ff65daab9996b576de9a7fa57071

SHA512
7624b0a5b3ef22a3de12eb55d8c1da9952f5a63fd110ffa6bca91205788c52da4a337893134b5b7b8c5069817648f85a0b6d325672d11106e5291cbd4356df2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c0705c4c7e65c3d470985b838dab374e

SHA1
33c8b23498ffcffd743764c156e33c052c3bf08d

SHA256
5ea98c1fb4ff3ac6741122b1cdc624c6357a35be230710743f79c78902421dc4

SHA512
10ec114801c16d7d1a0564b3a7248eb7e9c9510ac822481907fe34eaaf15128b225dd4310399ca109966123086d970cbb4e5fc21af5084a3e4ed5677886eda82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9d78a055d5b50efac05613576cab9997

SHA1
0ee94bf1ca5cfc491f2e6b4466de003874c9cc47

SHA256
d8e4aea03a0a1b8774c84c1fda2d85402b7f37f03f77d1e84db99b9bf4231cfd

SHA512
bf59133d31976452916bec8eb2cc9095f8f29a643fbd314f67a41500037b2388cc35e864be8162df1720f0fecc762331f5c051d7d712d653491c37f5febe6a49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b6f69e65a15401257ed58965e7317089

SHA1
f9f72cdebd0296fcbf9d179f215a2869657970f2

SHA256
9eaf73432f7296a624d065e340a63f22c990ad7062f2f37bc35c9db21d2e0405

SHA512
95f3088c2391132688cd3504e09d9639320d0b1e76417d1fc75917e34b2f8ff11a83a5a5f70c7256c0aa32159e1a75837c76f3776c56c07c5387cbd67f0e3a7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6530ead8f840881999fac8529ea974e1

SHA1
ede734a5ff91b07cf2a9b0df271875ecb7bcd79c

SHA256
b8353b7f3c1fbe56da4ef463677f1b47941a1350a64a452f84d7794e4f9ff21a

SHA512
4316c099087346562adbf888ffa5d23fec5e144df5ffa1cb28699f7f1a29b9c3b188e70ebf51bfdc3f6e72347b3a50e165ee762c7129ef530ae7928bd8c721fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
759d35a720442068c2444bec102cc40a

SHA1
28bf6afba66747a5353808b57cba952ebfefae5c

SHA256
441b0dec5827c6e4877867e786da560a0bd327b4b2224d915a7185dcef25f185

SHA512
edcbc8a5e94ecae67c76fc629cf7d1188fad31010f5d548d5cf73ef664b62023c155c68083f36cf97ce598caece10ff9987195f47c28ff8d2c3265551aed9278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8e54e271dc35be33e545b6aa526614a3

SHA1
66d7c4aeea8aa4d41e4e9ad85e7492f76b402dd1

SHA256
5f3895eb98d8f693a7db1d1225eb8ac9f8e93c6b99701773b19beb18408eef66

SHA512
2aa52a18a0668bd08fac16fe1db668a6f3cf73d8cc0232b7acc920cbef4db90acd82aedaee12484998ca81f099522cc1a0e84e340ad34401ad8449b3fb260ece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c91227eaab4b4b49620b9e1e0a58559

SHA1
fb496ac585e6f3d7391afd0c661f2dc0e65bf067

SHA256
7cbf5efe2c106f8ccde10a5a14e3e8896a0d4bbf1d64dc9b89df57378921c528

SHA512
7282e23bb15ccf40f0bd3d5de2deb2d42b2312dcd7975df7e84265df04c3cf84641846b1c98988929df23e218384268d75dd4598986b606b0ac15a72776a1931

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
d76ad220de4644f149b9a27473ef7704

SHA1
d45a40a8f4b82439d93aa3d31aad0960d7c1905b

SHA256
9381e89257e4dd05fce69c621452d5fc7e3807edf87bb2e1d7ac6df508ae4f31

SHA512
03ab0f9865498fa3ebcefa58b41ad76d84f8623fd9dbd6c38d4a448e9cdc88411021ce8a4ec9e67e8eff020137d8a9fb256893456ee3ebb9056bd74caac08ec1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
e3b2ceb4d9d4f795b354c08dbce54885

SHA1
32a89df2db39aaeb7e2ac9f86fe9e723002e8198

SHA256
9f15502454f943f13d47bb3cb8dfd8cb86860496d7c7065bb6f6f2aa5cf1138b

SHA512
826ec7b906e62be59c1107ce12cd93818acedc2ac779210b3af2931b0aa2ec465611f83deee4cf69585836f04b98db4ffb2c1b3d93cac1c8c97603369639e2e6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request