Edit tour

Windows Analysis Report
https://hantal.fanlink.tv/o7IZ

Overview

General Information

Sample URL:	https://hantal.fanlink.tv/o7IZ
Analysis ID:	1474107
Infos:

Detection

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Performs DNS queries to domains with low reputation

Detected non-DNS traffic on DNS port

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6396 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2296 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=2532,i,4418894545127293209,8652065228490983004,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2792 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hantal.fanlink.tv/o7IZ" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /record HTTP/1.1Host: fanlink.tvConnection: keep-aliveContent-Length: 19sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-Type: application/jsoncsrf-token: OEDMsza4-jH2WHwju4pkgbvqZA9zXJnOKyBosec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://hantal.fanlink.tvSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://hantal.fanlink.tv/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: connect.sid=s%3A%3Ajw-gv87-E4p7sg9HsYEsAMhVSg-w3L8O.MIliprg5vOwXEvyoBgTvdOq5iNhUlP7K%2FKGXw7mfqv0

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressX-Nerd-Alert: Hacking us? Why not work for us instead? eventbritecareers.comStrict-Transport-Security: max-age=31536000000; includeSubDomainsContent-Type: text/html; charset=utf-8Content-Length: 4416Set-Cookie: connect.sid=s%3A%3AfbcGlpJKEiNn_NC4mMD5M-EDDBn4Zja1.9zZI1IwyFIchX6tVHT%2Fw9L15WL3oMYuIdoVqq%2FLR43M; Domain=.toneden.io; Path=/; Expires=Tue, 23 Jul 2024 09:07:52 GMT; HttpOnly; Secure; SameSite=NoneVary: Accept-EncodingDate: Tue, 16 Jul 2024 09:07:52 GMTConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressX-Nerd-Alert: Hacking us? Why not work for us instead? eventbritecareers.comStrict-Transport-Security: max-age=31536000000; includeSubDomainsContent-Type: text/html; charset=utf-8Content-Length: 4416Set-Cookie: connect.sid=s%3A%3AVm5dkXBmY5VJei5jUjoojI8-QXMPxRdM.vWCNswxc4iPaASEWHBegtHZBGQlyqnhEHgIPa%2FHBfto; Domain=.toneden.io; Path=/; Expires=Tue, 23 Jul 2024 09:07:52 GMT; HttpOnly; Secure; SameSite=NoneVary: Accept-EncodingDate: Tue, 16 Jul 2024 09:07:52 GMTConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 1808Cache-Control: max-age=3600Content-Type: text/html; charset=utf-8Etag: "762bf484ba67404bd1a3b181546ea28d60dfddf18e9dd4795d8d25bcf3c1a890"Last-Modified: Mon, 01 Jul 2024 00:17:27 GMTStrict-Transport-Security: max-age=31556926; includeSubDomains; preloadAccept-Ranges: bytesDate: Tue, 16 Jul 2024 09:07:55 GMTX-Served-By: cache-ewr18159-EWRX-Cache: MISSX-Cache-Hits: 0X-Timer: S1721120875.409596,VS0,VE84Vary: x-fh-requested-host, accept-encodingalt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 1808Cache-Control: max-age=3600Content-Type: text/html; charset=utf-8Etag: "762bf484ba67404bd1a3b181546ea28d60dfddf18e9dd4795d8d25bcf3c1a890"Last-Modified: Mon, 01 Jul 2024 00:17:27 GMTStrict-Transport-Security: max-age=31556926; includeSubDomains; preloadAccept-Ranges: bytesDate: Tue, 16 Jul 2024 09:07:57 GMTX-Served-By: cache-nyc-kteb1890066-NYCX-Cache: MISSX-Cache-Hits: 0X-Timer: S1721120878.695031,VS0,VE99Vary: x-fh-requested-host, accept-encodingalt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 1808Cache-Control: max-age=3600Content-Type: text/html; charset=utf-8Etag: "762bf484ba67404bd1a3b181546ea28d60dfddf18e9dd4795d8d25bcf3c1a890"Last-Modified: Mon, 01 Jul 2024 00:17:27 GMTStrict-Transport-Security: max-age=31556926; includeSubDomains; preloadAccept-Ranges: bytesDate: Tue, 16 Jul 2024 09:07:58 GMTX-Served-By: cache-nyc-kteb1890087-NYCX-Cache: MISSX-Cache-Hits: 0X-Timer: S1721120878.169112,VS0,VE54Vary: x-fh-requested-host, accept-encodingalt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

Source: chromecache_160.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT
Source: chromecache_134.2.dr, chromecache_135.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: chromecache_160.2.dr	String found in binary or memory: https://animate.style/
Source: chromecache_131.2.dr, chromecache_152.2.dr	String found in binary or memory: https://api.hostip.info/get_json.php?ip=$
Source: chromecache_154.2.dr	String found in binary or memory: https://audio-ssl.itunes.apple.com/apple-assets-us-std-000001/AudioPreview118/v4/94/57/95/94579573-f
Source: chromecache_144.2.dr, chromecache_110.2.dr	String found in binary or memory: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Source: chromecache_148.2.dr, chromecache_154.2.dr, chromecache_115.2.dr	String found in binary or memory: https://cdn.evbstatic.com/s3-build/perm_001/bf1c05/django/js/src/eb/fonts/neueplak.js
Source: chromecache_115.2.dr	String found in binary or memory: https://esselungas-sondaggio.web.app
Source: chromecache_154.2.dr	String found in binary or memory: https://fanlink.tv/record
Source: chromecache_132.2.dr, chromecache_153.2.dr, chromecache_114.2.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_132.2.dr, chromecache_153.2.dr, chromecache_114.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: chromecache_115.2.dr	String found in binary or memory: https://hantal.fanlink.tv/o7IZ
Source: chromecache_154.2.dr	String found in binary or memory: https://i.scdn.co/image/c9f6430d6e119bdd3880e6f10396caf285ab5cab
Source: chromecache_154.2.dr	String found in binary or memory: https://itunes.apple.com/us/album/record/1435872457?i=1435872458&uo=4&app=itunes&at=1001lbRT&ct=1513
Source: chromecache_154.2.dr	String found in binary or memory: https://itunes.apple.com/us/album/record/1435872457?i=1435872458&uo=4&app=music&at=1001lbRT&ct=15139
Source: chromecache_112.2.dr, chromecache_117.2.dr	String found in binary or memory: https://itunes.apple.com/us/app/messenger/id454638411
Source: chromecache_131.2.dr, chromecache_152.2.dr	String found in binary or memory: https://md-apache.com
Source: chromecache_154.2.dr	String found in binary or memory: https://open.spotify.com/track/00nFAiaRR2hPjgpfW0WNzh
Source: chromecache_154.2.dr	String found in binary or memory: https://p.scdn.co/mp3-preview/e14d64d2a92c9b278e031699d36516172e208947?cid=9d6fd5c2bb744b3f875a480c1
Source: chromecache_148.2.dr, chromecache_154.2.dr, chromecache_115.2.dr	String found in binary or memory: https://platform.twitter.com/oct.js
Source: chromecache_112.2.dr, chromecache_117.2.dr	String found in binary or memory: https://play.google.com/store/apps/details?id=com.facebook.orca
Source: chromecache_152.2.dr	String found in binary or memory: https://push-visit.xyz
Source: chromecache_115.2.dr	String found in binary or memory: https://s3.amazonaws.com/toneden-misc/meta.png
Source: chromecache_148.2.dr	String found in binary or memory: https://s3.amazonaws.com/toneden-misc/td-thumb.png
Source: chromecache_144.2.dr, chromecache_110.2.dr	String found in binary or memory: https://services.google.com/sitestats/
Source: chromecache_154.2.dr	String found in binary or memory: https://soundcloud.com/dayxnight/record
Source: chromecache_148.2.dr	String found in binary or memory: https://st.toneden.io/prod-assets/images/favicon.ico
Source: chromecache_148.2.dr, chromecache_154.2.dr, chromecache_115.2.dr	String found in binary or memory: https://st.toneden.io/prod-assets/images/favicon.png
Source: chromecache_135.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_144.2.dr, chromecache_134.2.dr, chromecache_135.2.dr, chromecache_110.2.dr	String found in binary or memory: https://tagassistant.google.com/
Source: chromecache_129.2.dr	String found in binary or memory: https://trk.aff-flow.com/click?pid=3091&offer_id=6234
Source: chromecache_115.2.dr, chromecache_129.2.dr	String found in binary or memory: https://use.fontawesome.com/releases/v5.15.4/js/all.js
Source: chromecache_129.2.dr	String found in binary or memory: https://virtualpushplatform.com/ace-push.js
Source: chromecache_134.2.dr, chromecache_135.2.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_134.2.dr, chromecache_135.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_134.2.dr, chromecache_135.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_134.2.dr, chromecache_135.2.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_144.2.dr, chromecache_110.2.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: chromecache_134.2.dr, chromecache_135.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_129.2.dr	String found in binary or memory: https://www.hb6trk.com/K31267/9WDPQ6B/
Source: chromecache_112.2.dr, chromecache_117.2.dr	String found in binary or memory: https://www.internalfb.com/intern/invariant/
Source: chromecache_148.2.dr	String found in binary or memory: https://www.toneden.io
Source: chromecache_148.2.dr	String found in binary or memory: https://www.toneden.io/api/v1/analytics/events
Source: chromecache_148.2.dr	String found in binary or memory: https://www.toneden.io/help/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49731 version: TLS 1.2

Source: classification engine

Classification label: mal76.phis.troj.win@17/106@56/20

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=2532,i,4418894545127293209,8652065228490983004,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hantal.fanlink.tv/o7IZ"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=2532,i,4418894545127293209,8652065228490983004,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://hantal.fanlink.tv/o7IZ	100%	Avira URL Cloud	malware
https://hantal.fanlink.tv/o7IZ	0%	Virustotal		Browse

Source	Detection	Scanner	Link
push-visit.xyz	0%	Virustotal	Browse
d2lnhoexd9f0za.cloudfront.net	0%	Virustotal	Browse
star-mini.c10r.facebook.com	0%	Virustotal	Browse
esselungas-sondaggio.web.app	2%	Virustotal	Browse
cs41.wac.edgecastcdn.net	0%	Virustotal	Browse
www.toneden.io	0%	Virustotal	Browse
fp2e7a.wpc.phicdn.net	0%	Virustotal	Browse
www.google.com	0%	Virustotal	Browse
bg.microsoft.map.fastly.net	0%	Virustotal	Browse
d14na7tzlwj0co.cloudfront.net	0%	Virustotal	Browse
scontent.xx.fbcdn.net	0%	Virustotal	Browse
platform.twitter.map.fastly.net	0%	Virustotal	Browse
a.nel.cloudflare.com	0%	Virustotal	Browse
virtualpushplatform.com	0%	Virustotal	Browse
fanlink.tv	0%	Virustotal	Browse
d3ioixfj5zvobq.cloudfront.net	0%	Virustotal	Browse
hantal.fanlink.tv	1%	Virustotal	Browse
use.fontawesome.com	0%	Virustotal	Browse
static.ads-twitter.com	0%	Virustotal	Browse
st.toneden.io	0%	Virustotal	Browse
sd.toneden.io	0%	Virustotal	Browse
connect.facebook.net	0%	Virustotal	Browse
cdn.evbstatic.com	0%	Virustotal	Browse
www.facebook.com	0%	Virustotal	Browse
platform.twitter.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://ampcid.google.com/v1/publisher:getClientId	0%	URL Reputation	safe
https://fontawesome.com/license/free	0%	URL Reputation	safe
https://fontawesome.com	0%	URL Reputation	safe
https://www.internalfb.com/intern/invariant/	0%	URL Reputation	safe
https://connect.facebook.net/en_US/sdk.js	0%	URL Reputation	safe
https://connect.facebook.net/en_US/fbevents.js	0%	URL Reputation	safe
https://stats.g.doubleclick.net/j/collect	0%	URL Reputation	safe
https://tagassistant.google.com/	0%	URL Reputation	safe
http://opensource.org/licenses/MIT	0%	URL Reputation	safe
https://esselungas-sondaggio.web.app/images/2.jpg	100%	Avira URL Cloud	malware
https://sd.toneden.io/production/v2/toneden.js	0%	Avira URL Cloud	safe
https://st.toneden.io/prod-assets/images/favicon.ico	0%	Avira URL Cloud	safe
https://virtualpushplatform.com/api/v1/visit/log-client-error	0%	Avira URL Cloud	safe
https://esselungas-sondaggio.web.app/images/logo222.png	100%	Avira URL Cloud	malware
https://sd.toneden.io/production/v2/toneden.js	0%	Virustotal		Browse
https://esselungas-sondaggio.web.app/images/comm_pic_2.jpg	100%	Avira URL Cloud	malware
https://st.toneden.io/prod-assets/images/favicon.ico	0%	Virustotal		Browse
https://push-visit.xyz	0%	Avira URL Cloud	safe
https://cdn.evbstatic.com/s3-build/perm_001/bf1c05/django/js/src/eb/fonts/neueplak.js	0%	Avira URL Cloud	safe
https://esselungas-sondaggio.web.app/js/script.js	100%	Avira URL Cloud	malware
https://esselungas-sondaggio.web.app/images/1.jpg	100%	Avira URL Cloud	malware
https://virtualpushplatform.com/api/v1/visit/log-client-error	0%	Virustotal		Browse
https://md-apache.com	0%	Avira URL Cloud	safe
https://www.hb6trk.com/K31267/9WDPQ6B/	100%	Avira URL Cloud	phishing
https://connect.facebook.net/signals/config/1711912442390284?v=2.9.161&r=stable&domain=hantal.fanlink.tv&hme=e67e7d148043b3a377ad0eb1c82669792a67ba5e3bb5734b69e611ae38f939ca&ex_m=68%2C115%2C102%2C106%2C59%2C3%2C95%2C67%2C15%2C92%2C85%2C49%2C52%2C163%2C166%2C178%2C174%2C175%2C177%2C28%2C96%2C51%2C74%2C176%2C158%2C161%2C171%2C172%2C179%2C124%2C39%2C33%2C136%2C14%2C48%2C184%2C183%2C126%2C17%2C38%2C1%2C41%2C63%2C64%2C65%2C69%2C89%2C16%2C13%2C91%2C88%2C87%2C103%2C50%2C105%2C37%2C104%2C29%2C25%2C159%2C162%2C133%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C55%2C60%2C62%2C72%2C97%2C26%2C73%2C8%2C7%2C77%2C46%2C20%2C99%2C98%2C100%2C93%2C9%2C19%2C18%2C82%2C54%2C80%2C32%2C71%2C0%2C90%2C31%2C79%2C84%2C45%2C44%2C83%2C36%2C4%2C86%2C78%2C42%2C34%2C81%2C2%2C35%2C61%2C40%2C101%2C43%2C76%2C66%2C107%2C58%2C57%2C30%2C94%2C56%2C53%2C47%2C75%2C70%2C23%2C108	0%	Avira URL Cloud	safe
https://cdn.evbstatic.com/s3-build/perm_001/bf1c05/django/js/src/eb/fonts/neueplak.js	0%	Virustotal		Browse
https://st.toneden.io/production/javascripts/fan-link.js?v=0e8b5ac8a4	0%	Avira URL Cloud	safe
https://play.google.com/store/apps/details?id=com.facebook.orca	0%	Avira URL Cloud	safe
https://static.ads-twitter.com/oct.js	0%	Avira URL Cloud	safe
https://www.hb6trk.com/K31267/9WDPQ6B/	9%	Virustotal		Browse
https://soundcloud.com/dayxnight/record	0%	Avira URL Cloud	safe
https://esselungas-sondaggio.web.app/md-service-worker.js	100%	Avira URL Cloud	malware
https://md-apache.com	0%	Virustotal		Browse
https://fanlink.tv/record	0%	Avira URL Cloud	safe
https://static.ads-twitter.com/oct.js	0%	Virustotal		Browse
https://esselungas-sondaggio.web.app/images/4.jpg	100%	Avira URL Cloud	malware
https://p.scdn.co/mp3-preview/e14d64d2a92c9b278e031699d36516172e208947?cid=9d6fd5c2bb744b3f875a480c1	0%	Avira URL Cloud	safe
https://esselungas-sondaggio.web.app/css/animate.min.css	100%	Avira URL Cloud	malware
https://sd.toneden.io/production/v2/toneden.loader.js	0%	Avira URL Cloud	safe
https://esselungas-sondaggio.web.app	100%	Avira URL Cloud	malware
https://www.facebook.com/tr/?id=1711912442390284&ev=PageView&dl=https%3A%2F%2Fhantal.fanlink.tv%2Fo7IZ&rl=&if=false&ts=1721120869942&cd[link_id]=3157267&cd[owner]=71396390&sw=1280&sh=1024&v=2.9.161&r=stable&ec=0&o=4126&fbp=fb.1.1721120869939.855889666465226740&cs_est=true&ler=empty&cdl=API_unavailable&it=1721120868422&coo=false&rqm=GET	0%	Avira URL Cloud	safe
https://trk.aff-flow.com/click?pid=3091&offer_id=6234	0%	Avira URL Cloud	safe
https://platform.twitter.com/oct.js	0%	Avira URL Cloud	safe
https://esselungas-sondaggio.web.app/images/3.jpg	100%	Avira URL Cloud	malware
https://s3.amazonaws.com/toneden-misc/td-thumb.png	0%	Avira URL Cloud	safe
https://esselungas-sondaggio.web.app/images/f_secure_1.png	100%	Avira URL Cloud	malware
https://esselungas-sondaggio.web.app/favicon.ico	100%	Avira URL Cloud	malware
https://www.toneden.io/api/v1/analytics/events	0%	Avira URL Cloud	safe
https://www.facebook.com/tr/?id=1711912442390284&ev=ViewContent&dl=https%3A%2F%2Fhantal.fanlink.tv%2Fo7IZ&rl=&if=false&ts=1721120869944&cd[content_type]=product&cd[link_id]=3157267&cd[owner]=71396390&cd[viewer]=&sw=1280&sh=1024&v=2.9.161&r=stable&ec=1&o=4126&fbp=fb.1.1721120869939.855889666465226740&ler=empty&cdl=API_unavailable&it=1721120868422&coo=false&rqm=GET	0%	Avira URL Cloud	safe
https://s3.amazonaws.com/toneden-misc/meta.png	0%	Avira URL Cloud	safe
https://www.toneden.io/help/	0%	Avira URL Cloud	safe
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1711912442390284&ev=ViewContent&dl=https%3A%2F%2Fhantal.fanlink.tv%2Fo7IZ&rl=&if=false&ts=1721120869944&cd[content_type]=product&cd[link_id]=3157267&cd[owner]=71396390&cd[viewer]=&sw=1280&sh=1024&v=2.9.161&r=stable&ec=1&o=4126&fbp=fb.1.1721120869939.855889666465226740&ler=empty&cdl=API_unavailable&it=1721120868422&coo=false&rqm=FGET	0%	Avira URL Cloud	safe
https://esselungas-sondaggio.web.app/js/datehead.js	100%	Avira URL Cloud	malware
https://use.fontawesome.com/releases/v5.15.4/js/all.js	0%	Avira URL Cloud	safe
https://esselungas-sondaggio.web.app/images/prize1.png	100%	Avira URL Cloud	malware
https://st.toneden.io/production/stylesheets/fan-link.css?v=0e8b5ac8a4	0%	Avira URL Cloud	safe
https://esselungas-sondaggio.web.app/images/bg.png	100%	Avira URL Cloud	malware
https://animate.style/	0%	Avira URL Cloud	safe
https://connect.facebook.net/en_US/sdk.js?hash=9b55e92af037d3d9593154a913c9fd79	0%	Avira URL Cloud	safe
https://esselungas-sondaggio.web.app/css/style.css	100%	Avira URL Cloud	malware
https://esselungas-sondaggio.web.app/images/logo111.png	100%	Avira URL Cloud	malware
https://esselungas-sondaggio.web.app/images/5.jpg	100%	Avira URL Cloud	malware
https://esselungas-sondaggio.web.app/images/flaglogo.png	100%	Avira URL Cloud	malware
https://bid.g.doubleclick.net/xbbe/pixel?d=KAE	0%	Avira URL Cloud	safe
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1711912442390284&ev=PageView&dl=https%3A%2F%2Fhantal.fanlink.tv%2Fo7IZ&rl=&if=false&ts=1721120869942&cd[link_id]=3157267&cd[owner]=71396390&sw=1280&sh=1024&v=2.9.161&r=stable&ec=0&o=4126&fbp=fb.1.1721120869939.855889666465226740&cs_est=true&ler=empty&cdl=API_unavailable&it=1721120868422&coo=false&rqm=FGET	0%	Avira URL Cloud	safe
https://api.hostip.info/get_json.php?ip=$	0%	Avira URL Cloud	safe
https://esselungas-sondaggio.web.app/images/product.png	100%	Avira URL Cloud	malware
https://www.google.com/ads/ga-audiences	0%	Avira URL Cloud	safe
https://www.google.%/ads/ga-audiences	0%	Avira URL Cloud	safe
https://www.toneden.io	0%	Avira URL Cloud	safe
https://i.scdn.co/image/c9f6430d6e119bdd3880e6f10396caf285ab5cab	0%	Avira URL Cloud	safe
https://services.google.com/sitestats/	0%	Avira URL Cloud	safe
https://push-visit.xyz/api/v1/visit	0%	Avira URL Cloud	safe
https://st.toneden.io/prod-assets/images/favicon.png	0%	Avira URL Cloud	safe
https://virtualpushplatform.com/ace-push.js	0%	Avira URL Cloud	safe
https://esselungas-sondaggio.web.app/images/f_guarantee.png	100%	Avira URL Cloud	malware
https://esselungas-sondaggio.web.app/images/comm_pic_1.jpg	100%	Avira URL Cloud	malware
https://a.nel.cloudflare.com/report/v4?s=wjGTRKWXNd%2BdjXES8i33SoX4c3KigRIBvGY4DDuk4egLBisc6Xb7m543kLWOC%2Bl1XasMhpHWg8ZNx%2BC7iGmFB7fTxF%2Ba2s0hGhnP%2BBbrOKKmqa2LRCIQ4Qq3ZK%2F8Bi44qXoMYdRIjRx0%2BQ%3D%3D	0%	Avira URL Cloud	safe
https://open.spotify.com/track/00nFAiaRR2hPjgpfW0WNzh	0%	Avira URL Cloud	safe
https://esselungas-sondaggio.web.app/images/loadingBL.gif	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
star-mini.c10r.facebook.com	157.240.253.35	true	false	0%, Virustotal, Browse	unknown
push-visit.xyz	20.50.64.3	true	true	0%, Virustotal, Browse	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	0%, Virustotal, Browse	unknown
esselungas-sondaggio.web.app	199.36.158.100	true	false	2%, Virustotal, Browse	unknown
d2lnhoexd9f0za.cloudfront.net	18.239.94.13	true	false	0%, Virustotal, Browse	unknown
virtualpushplatform.com	172.67.177.88	true	false	0%, Virustotal, Browse	unknown
cs41.wac.edgecastcdn.net	93.184.220.66	true	false	0%, Virustotal, Browse	unknown
www.toneden.io	13.56.96.205	true	false	0%, Virustotal, Browse	unknown
platform.twitter.map.fastly.net	146.75.120.157	true	false	0%, Virustotal, Browse	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	0%, Virustotal, Browse	unknown
bg.microsoft.map.fastly.net	199.232.210.172	true	false	0%, Virustotal, Browse	unknown
scontent.xx.fbcdn.net	157.240.252.13	true	false	0%, Virustotal, Browse	unknown
d14na7tzlwj0co.cloudfront.net	18.238.243.92	true	false	0%, Virustotal, Browse	unknown
www.google.com	172.217.18.4	true	false	0%, Virustotal, Browse	unknown
hantal.fanlink.tv	13.52.31.143	true	false	1%, Virustotal, Browse	unknown
fanlink.tv	13.52.31.143	true	false	0%, Virustotal, Browse	unknown
d3ioixfj5zvobq.cloudfront.net	13.224.189.36	true	false	0%, Virustotal, Browse	unknown
static.ads-twitter.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
www.facebook.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
st.toneden.io	unknown	unknown	false	0%, Virustotal, Browse	unknown
connect.facebook.net	unknown	unknown	false	0%, Virustotal, Browse	unknown
use.fontawesome.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
cdn.evbstatic.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
platform.twitter.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
sd.toneden.io	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://esselungas-sondaggio.web.app/images/2.jpg	false	Avira URL Cloud: malware	unknown
https://sd.toneden.io/production/v2/toneden.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://virtualpushplatform.com/api/v1/visit/log-client-error	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://esselungas-sondaggio.web.app/images/logo222.png	false	Avira URL Cloud: malware	unknown
https://esselungas-sondaggio.web.app/images/comm_pic_2.jpg	false	Avira URL Cloud: malware	unknown
https://cdn.evbstatic.com/s3-build/perm_001/bf1c05/django/js/src/eb/fonts/neueplak.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://esselungas-sondaggio.web.app/js/script.js	false	Avira URL Cloud: malware	unknown
https://esselungas-sondaggio.web.app/images/1.jpg	false	Avira URL Cloud: malware	unknown
https://connect.facebook.net/signals/config/1711912442390284?v=2.9.161&r=stable&domain=hantal.fanlink.tv&hme=e67e7d148043b3a377ad0eb1c82669792a67ba5e3bb5734b69e611ae38f939ca&ex_m=68%2C115%2C102%2C106%2C59%2C3%2C95%2C67%2C15%2C92%2C85%2C49%2C52%2C163%2C166%2C178%2C174%2C175%2C177%2C28%2C96%2C51%2C74%2C176%2C158%2C161%2C171%2C172%2C179%2C124%2C39%2C33%2C136%2C14%2C48%2C184%2C183%2C126%2C17%2C38%2C1%2C41%2C63%2C64%2C65%2C69%2C89%2C16%2C13%2C91%2C88%2C87%2C103%2C50%2C105%2C37%2C104%2C29%2C25%2C159%2C162%2C133%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C55%2C60%2C62%2C72%2C97%2C26%2C73%2C8%2C7%2C77%2C46%2C20%2C99%2C98%2C100%2C93%2C9%2C19%2C18%2C82%2C54%2C80%2C32%2C71%2C0%2C90%2C31%2C79%2C84%2C45%2C44%2C83%2C36%2C4%2C86%2C78%2C42%2C34%2C81%2C2%2C35%2C61%2C40%2C101%2C43%2C76%2C66%2C107%2C58%2C57%2C30%2C94%2C56%2C53%2C47%2C75%2C70%2C23%2C108	false	Avira URL Cloud: safe	unknown
https://st.toneden.io/production/javascripts/fan-link.js?v=0e8b5ac8a4	false	Avira URL Cloud: safe	unknown
https://connect.facebook.net/en_US/sdk.js	false	URL Reputation: safe	unknown
https://static.ads-twitter.com/oct.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://connect.facebook.net/en_US/fbevents.js	false	URL Reputation: safe	unknown
https://esselungas-sondaggio.web.app/md-service-worker.js	false	Avira URL Cloud: malware	unknown
https://fanlink.tv/record	false	Avira URL Cloud: safe	unknown
https://esselungas-sondaggio.web.app/images/4.jpg	false	Avira URL Cloud: malware	unknown
https://hantal.fanlink.tv/o7IZ	true		unknown
https://esselungas-sondaggio.web.app/css/animate.min.css	false	Avira URL Cloud: malware	unknown
https://sd.toneden.io/production/v2/toneden.loader.js	false	Avira URL Cloud: safe	unknown
https://www.facebook.com/tr/?id=1711912442390284&ev=PageView&dl=https%3A%2F%2Fhantal.fanlink.tv%2Fo7IZ&rl=&if=false&ts=1721120869942&cd[link_id]=3157267&cd[owner]=71396390&sw=1280&sh=1024&v=2.9.161&r=stable&ec=0&o=4126&fbp=fb.1.1721120869939.855889666465226740&cs_est=true&ler=empty&cdl=API_unavailable&it=1721120868422&coo=false&rqm=GET	false	Avira URL Cloud: safe	unknown
https://platform.twitter.com/oct.js	false	Avira URL Cloud: safe	unknown
https://esselungas-sondaggio.web.app/images/3.jpg	false	Avira URL Cloud: malware	unknown
https://esselungas-sondaggio.web.app/images/f_secure_1.png	false	Avira URL Cloud: malware	unknown
https://esselungas-sondaggio.web.app/favicon.ico	false	Avira URL Cloud: malware	unknown
https://www.toneden.io/api/v1/analytics/events	false	Avira URL Cloud: safe	unknown
https://www.facebook.com/tr/?id=1711912442390284&ev=ViewContent&dl=https%3A%2F%2Fhantal.fanlink.tv%2Fo7IZ&rl=&if=false&ts=1721120869944&cd[content_type]=product&cd[link_id]=3157267&cd[owner]=71396390&cd[viewer]=&sw=1280&sh=1024&v=2.9.161&r=stable&ec=1&o=4126&fbp=fb.1.1721120869939.855889666465226740&ler=empty&cdl=API_unavailable&it=1721120868422&coo=false&rqm=GET	false	Avira URL Cloud: safe	unknown
https://esselungas-sondaggio.web.app/	true		unknown
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1711912442390284&ev=ViewContent&dl=https%3A%2F%2Fhantal.fanlink.tv%2Fo7IZ&rl=&if=false&ts=1721120869944&cd[content_type]=product&cd[link_id]=3157267&cd[owner]=71396390&cd[viewer]=&sw=1280&sh=1024&v=2.9.161&r=stable&ec=1&o=4126&fbp=fb.1.1721120869939.855889666465226740&ler=empty&cdl=API_unavailable&it=1721120868422&coo=false&rqm=FGET	false	Avira URL Cloud: safe	unknown
https://esselungas-sondaggio.web.app/js/datehead.js	false	Avira URL Cloud: malware	unknown
https://esselungas-sondaggio.web.app/images/prize1.png	false	Avira URL Cloud: malware	unknown
https://st.toneden.io/production/stylesheets/fan-link.css?v=0e8b5ac8a4	false	Avira URL Cloud: safe	unknown
https://esselungas-sondaggio.web.app/images/bg.png	false	Avira URL Cloud: malware	unknown
https://connect.facebook.net/en_US/sdk.js?hash=9b55e92af037d3d9593154a913c9fd79	false	Avira URL Cloud: safe	unknown
https://esselungas-sondaggio.web.app/css/style.css	false	Avira URL Cloud: malware	unknown
https://esselungas-sondaggio.web.app/images/logo111.png	false	Avira URL Cloud: malware	unknown
https://esselungas-sondaggio.web.app/images/5.jpg	false	Avira URL Cloud: malware	unknown
https://esselungas-sondaggio.web.app/images/flaglogo.png	false	Avira URL Cloud: malware	unknown
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1711912442390284&ev=PageView&dl=https%3A%2F%2Fhantal.fanlink.tv%2Fo7IZ&rl=&if=false&ts=1721120869942&cd[link_id]=3157267&cd[owner]=71396390&sw=1280&sh=1024&v=2.9.161&r=stable&ec=0&o=4126&fbp=fb.1.1721120869939.855889666465226740&cs_est=true&ler=empty&cdl=API_unavailable&it=1721120868422&coo=false&rqm=FGET	false	Avira URL Cloud: safe	unknown
https://esselungas-sondaggio.web.app/images/product.png	false	Avira URL Cloud: malware	unknown
https://push-visit.xyz/api/v1/visit	false	Avira URL Cloud: safe	unknown
https://virtualpushplatform.com/ace-push.js	false	Avira URL Cloud: safe	unknown
https://esselungas-sondaggio.web.app/images/f_guarantee.png	false	Avira URL Cloud: malware	unknown
https://esselungas-sondaggio.web.app/images/comm_pic_1.jpg	false	Avira URL Cloud: malware	unknown
https://a.nel.cloudflare.com/report/v4?s=wjGTRKWXNd%2BdjXES8i33SoX4c3KigRIBvGY4DDuk4egLBisc6Xb7m543kLWOC%2Bl1XasMhpHWg8ZNx%2BC7iGmFB7fTxF%2Ba2s0hGhnP%2BBbrOKKmqa2LRCIQ4Qq3ZK%2F8Bi44qXoMYdRIjRx0%2BQ%3D%3D	false	Avira URL Cloud: safe	unknown
https://esselungas-sondaggio.web.app/images/loadingBL.gif	false	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://st.toneden.io/prod-assets/images/favicon.ico	chromecache_148.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://push-visit.xyz	chromecache_152.2.dr	false	Avira URL Cloud: safe	unknown
https://md-apache.com	chromecache_131.2.dr, chromecache_152.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://ampcid.google.com/v1/publisher:getClientId	chromecache_134.2.dr, chromecache_135.2.dr	false	URL Reputation: safe	unknown
https://www.hb6trk.com/K31267/9WDPQ6B/	chromecache_129.2.dr	false	9%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://fontawesome.com/license/free	chromecache_132.2.dr, chromecache_153.2.dr, chromecache_114.2.dr	false	URL Reputation: safe	unknown
https://fontawesome.com	chromecache_132.2.dr, chromecache_153.2.dr, chromecache_114.2.dr	false	URL Reputation: safe	unknown
https://www.internalfb.com/intern/invariant/	chromecache_112.2.dr, chromecache_117.2.dr	false	URL Reputation: safe	unknown
https://play.google.com/store/apps/details?id=com.facebook.orca	chromecache_112.2.dr, chromecache_117.2.dr	false	Avira URL Cloud: safe	unknown
https://soundcloud.com/dayxnight/record	chromecache_154.2.dr	false	Avira URL Cloud: safe	unknown
https://p.scdn.co/mp3-preview/e14d64d2a92c9b278e031699d36516172e208947?cid=9d6fd5c2bb744b3f875a480c1	chromecache_154.2.dr	false	Avira URL Cloud: safe	unknown
https://stats.g.doubleclick.net/j/collect	chromecache_135.2.dr	false	URL Reputation: safe	unknown
https://esselungas-sondaggio.web.app	chromecache_115.2.dr	true	Avira URL Cloud: malware	unknown
https://trk.aff-flow.com/click?pid=3091&offer_id=6234	chromecache_129.2.dr	false	Avira URL Cloud: safe	unknown
https://s3.amazonaws.com/toneden-misc/td-thumb.png	chromecache_148.2.dr	false	Avira URL Cloud: safe	unknown
https://s3.amazonaws.com/toneden-misc/meta.png	chromecache_115.2.dr	false	Avira URL Cloud: safe	unknown
https://www.toneden.io/help/	chromecache_148.2.dr	false	Avira URL Cloud: safe	unknown
https://tagassistant.google.com/	chromecache_144.2.dr, chromecache_134.2.dr, chromecache_135.2.dr, chromecache_110.2.dr	false	URL Reputation: safe	unknown
https://use.fontawesome.com/releases/v5.15.4/js/all.js	chromecache_115.2.dr, chromecache_129.2.dr	false	Avira URL Cloud: safe	unknown
http://opensource.org/licenses/MIT	chromecache_160.2.dr	false	URL Reputation: safe	unknown
https://animate.style/	chromecache_160.2.dr	false	Avira URL Cloud: safe	unknown
https://bid.g.doubleclick.net/xbbe/pixel?d=KAE	chromecache_144.2.dr, chromecache_110.2.dr	false	Avira URL Cloud: safe	unknown
https://api.hostip.info/get_json.php?ip=$	chromecache_131.2.dr, chromecache_152.2.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com/ads/ga-audiences	chromecache_134.2.dr, chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://www.google.%/ads/ga-audiences	chromecache_134.2.dr, chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://www.toneden.io	chromecache_148.2.dr	false	Avira URL Cloud: safe	unknown
https://i.scdn.co/image/c9f6430d6e119bdd3880e6f10396caf285ab5cab	chromecache_154.2.dr	false	Avira URL Cloud: safe	unknown
https://services.google.com/sitestats/	chromecache_144.2.dr, chromecache_110.2.dr	false	Avira URL Cloud: safe	unknown
https://st.toneden.io/prod-assets/images/favicon.png	chromecache_148.2.dr, chromecache_154.2.dr, chromecache_115.2.dr	false	Avira URL Cloud: safe	unknown
https://open.spotify.com/track/00nFAiaRR2hPjgpfW0WNzh	chromecache_154.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
93.184.220.66	cs41.wac.edgecastcdn.net	European Union	15133	EDGECASTUS	false
18.239.94.13	d2lnhoexd9f0za.cloudfront.net	United States	16509	AMAZON-02US	false
108.156.60.90	unknown	United States	16509	AMAZON-02US	false
13.224.189.36	d3ioixfj5zvobq.cloudfront.net	United States	16509	AMAZON-02US	false
18.238.243.39	unknown	United States	16509	AMAZON-02US	false
157.240.0.6	unknown	United States	32934	FACEBOOKUS	false
20.50.64.3	push-visit.xyz	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	true
13.52.31.143	hantal.fanlink.tv	United States	16509	AMAZON-02US	false
13.56.96.205	www.toneden.io	United States	16509	AMAZON-02US	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
157.240.252.13	scontent.xx.fbcdn.net	United States	32934	FACEBOOKUS	false
172.67.177.88	virtualpushplatform.com	United States	13335	CLOUDFLARENETUS	false
18.239.94.44	unknown	United States	16509	AMAZON-02US	false
172.217.18.4	www.google.com	United States	15169	GOOGLEUS	false
199.36.158.100	esselungas-sondaggio.web.app	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
146.75.120.157	platform.twitter.map.fastly.net	Sweden	30051	SCCGOVUS	false
157.240.253.35	star-mini.c10r.facebook.com	United States	32934	FACEBOOKUS	false
18.238.243.92	d14na7tzlwj0co.cloudfront.net	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1474107
Start date and time:	2024-07-16 11:06:46 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://hantal.fanlink.tv/o7IZ
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal76.phis.troj.win@17/106@56/20

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.163, 142.250.184.238, 64.233.166.84, 34.104.35.123, 104.21.27.152, 172.67.142.245, 142.250.185.194, 142.250.185.66, 142.250.185.78, 142.250.185.238, 20.12.23.50, 142.250.186.106, 142.250.186.170, 142.250.185.106, 142.250.185.74, 142.250.184.234, 142.250.185.138, 142.250.185.234, 216.58.206.74, 142.250.185.170, 142.250.185.202, 216.58.206.42, 216.58.212.138, 142.250.186.74, 172.217.16.202, 142.250.74.202, 172.217.18.10, 199.232.210.172, 192.229.221.95, 52.165.164.15, 142.250.80.99
Excluded domains from analysis (whitelisted): fs.microsoft.com, www.googleadservices.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, use.fontawesome.com.cdn.cloudflare.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, wac.apr-8315.edgecastdns.net, clients.l.google.com, wu-b-net.trafficmanager.net, www.google-analytics.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jul 16 08:07:41 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9777434416617914
Encrypted:	false
SSDEEP:	48:8xdgTE91wOHQidAKZdA19ehwiZUklqehyy+3:8ks1w1dy
MD5:	31E19F4800CD6BAC5B4F3E4B52760C2C
SHA1:	17C5BA44D07BABF9BC9733A537B9D67C758ADBB4
SHA-256:	CDC243AB16985AE246BD63BAC6C5554C1D2A98CB085BB117A49AC4B49BE4A975
SHA-512:	8AC729BB48FE0706B6DFBA0D045942028333DDA23B6918BFA7F7BB8A7C0ECEAB72B670A514ADC8253CD5956A0EE8EFDAC009D3F9C0B4F30EA509A099A2AF4D1F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....>.._...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.H....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.H....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.H....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.H..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.H...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............%/.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Source: https://esselungas-sondaggio.web.app/images/2.jpg	Avira URL Cloud: Label: malware
Source: https://esselungas-sondaggio.web.app/images/logo222.png	Avira URL Cloud: Label: malware
Source: https://esselungas-sondaggio.web.app/images/comm_pic_2.jpg	Avira URL Cloud: Label: malware
Source: https://esselungas-sondaggio.web.app/js/script.js	Avira URL Cloud: Label: malware
Source: https://esselungas-sondaggio.web.app/images/1.jpg	Avira URL Cloud: Label: malware
Source: https://www.hb6trk.com/K31267/9WDPQ6B/	Avira URL Cloud: Label: phishing
Source: https://esselungas-sondaggio.web.app/md-service-worker.js	Avira URL Cloud: Label: malware
Source: https://esselungas-sondaggio.web.app/images/4.jpg	Avira URL Cloud: Label: malware
Source: https://esselungas-sondaggio.web.app/css/animate.min.css	Avira URL Cloud: Label: malware
Source: https://esselungas-sondaggio.web.app	Avira URL Cloud: Label: malware
Source: https://esselungas-sondaggio.web.app/images/3.jpg	Avira URL Cloud: Label: malware
Source: https://esselungas-sondaggio.web.app/images/f_secure_1.png	Avira URL Cloud: Label: malware
Source: https://esselungas-sondaggio.web.app/favicon.ico	Avira URL Cloud: Label: malware
Source: https://esselungas-sondaggio.web.app/js/datehead.js	Avira URL Cloud: Label: malware
Source: https://esselungas-sondaggio.web.app/images/prize1.png	Avira URL Cloud: Label: malware
Source: https://esselungas-sondaggio.web.app/images/bg.png	Avira URL Cloud: Label: malware
Source: https://esselungas-sondaggio.web.app/css/style.css	Avira URL Cloud: Label: malware
Source: https://esselungas-sondaggio.web.app/images/logo111.png	Avira URL Cloud: Label: malware
Source: https://esselungas-sondaggio.web.app/images/5.jpg	Avira URL Cloud: Label: malware
Source: https://esselungas-sondaggio.web.app/images/flaglogo.png	Avira URL Cloud: Label: malware
Source: https://esselungas-sondaggio.web.app/images/product.png	Avira URL Cloud: Label: malware
Source: https://esselungas-sondaggio.web.app/images/f_guarantee.png	Avira URL Cloud: Label: malware
Source: https://esselungas-sondaggio.web.app/images/comm_pic_1.jpg	Avira URL Cloud: Label: malware
Source: https://esselungas-sondaggio.web.app/images/loadingBL.gif	Avira URL Cloud: Label: malware

Source: https://esselungas-sondaggio.web.app	LLM: Score: 8 brands: Esselunga Reasons: The URL 'https://esselungas-sondaggio.web.app' is suspicious because it does not match the legitimate domain 'esselunga.it'. The use of 'web.app' domain is unusual for a well-known brand like Esselunga. The page contains social engineering techniques such as urgency (offer expiring today) and a call to action (start the survey) to entice users to click. The presence of a prominent survey offer and the promise of a reward (Tupperware set) are common phishing tactics. Therefore, the site is likely a phishing site. DOM: 10.2.pages.csv
Source: https://esselungas-sondaggio.web.app	LLM: Score: 8 brands: Esselunga Reasons: The URL 'https://esselungas-sondaggio.web.app' is suspicious because it uses a subdomain 'web.app' which is not associated with the legitimate domain 'esselunga.it'. The legitimate domain for Esselunga is 'esselunga.it'. The page uses social engineering techniques by creating a sense of urgency with the offer expiring today and offering a reward for completing a survey. The prominent call-to-action button 'INIZIA IL SONDAGGIO' (Start the Survey) is a common tactic used in phishing sites to lure users into providing personal information. There is no login form or captcha present, which is typical for phishing sites aiming to collect data quickly. The combination of these factors strongly suggests that this is a phishing site. DOM: 10.1.pages.csv

Source: https://esselungas-sondaggio.web.app/	HTTP Parser: No favicon
Source: https://esselungas-sondaggio.web.app/	HTTP Parser: No favicon
Source: https://esselungas-sondaggio.web.app/	HTTP Parser: No favicon
Source: https://esselungas-sondaggio.web.app/	HTTP Parser: No favicon
Source: https://esselungas-sondaggio.web.app/	HTTP Parser: No favicon

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: push-visit.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: push-visit.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: push-visit.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: push-visit.xyz

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: chromecache_112.2.dr, chromecache_117.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/t3hOLs8wlXy/ equals www.facebook.com (Facebook)
Source: chromecache_168.2.dr	String found in binary or memory: (function(a,b,c,d){var e={exports:{}};e.exports;(function(){var f=a.fbq;f.execStart=a.performance&&a.performance.now&&a.performance.now();if(!function(){var b=a.postMessage\|\|function(){};if(!f){b({action:"FB_LOG",logType:"Facebook Pixel Error",logMessage:"Pixel code is not installed correctly on this page"},"");"error"in console&&console.error("Facebook Pixel Error: Pixel code is not installed correctly on this page");return!1}return!0}())return;f.__fbeventsModules\|\|(f.__fbeventsModules={},f.__fbeventsResolvedModules={},f.getFbeventsModules=function(a){f.__fbeventsResolvedModules[a]\|\|(f.__fbeventsResolvedModules[a]=f.__fbeventsModules[a]());return f.__fbeventsResolvedModules[a]},f.fbIsModuleLoaded=function(a){return!!f.__fbeventsModules[a]},f.ensureModuleRegistered=function(b,a){f.fbIsModuleLoaded(b)\|\|(f.__fbeventsModules[b]=a)});f.ensureModuleRegistered("signalsFBEventsGetIwlUrl",function(){return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var b=f.getFbeventsModules("signalsFBEventsGetTier"),c=d();function d(){try{if(a.trustedTypes&&a.trustedTypes.createPolicy){var b=a.trustedTypes;return b.createPolicy("facebook.com/signals/iwl",{createScriptURL:function(a){var b=new URL(a);b=b.hostname.endsWith(".facebook.com")&&b.pathname=="/signals/iwl.js";if(!b)throw new Error("Disallowed script URL");return a}})}}catch(a){}return null}e.exports=function(a,d){d=b(d);d=d==null?"www.facebook.com":"www."+d+".facebook.com";d="https://"+d+"/signals/iwl.js?pixel_id="+a;if(c!=null)return c.createScriptURL(d);else return d}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("signalsFBEventsGetTier",function(){return function(f,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=/^https:\/\/www\.([A-Za-z0-9\.]+)\.facebook\.com\/tr\/?$/,b=["https://www.facebook.com/tr","https://www.facebook.com/tr/"];e.exports=function(c){if(b.indexOf(c)!==-1)return null;var d=a.exec(c);if(d==null)throw new Error("Malformed tier: "+c);return d[1]}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("SignalsFBEvents.plugins.iwlbootstrapper",function(){return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var c=f.getFbeventsModules("SignalsFBEventsIWLBootStrapEvent"),d=f.getFbeventsModules("SignalsFBEventsLogging"),g=f.getFbeventsModules("SignalsFBEventsNetworkConfig"),h=f.getFbeventsModules("SignalsFBEventsPlugin"),i=f.getFbeventsModules("signalsFBEventsGetIwlUrl"),j=f.getFbeventsModules("signalsFBEventsGetTier"),k=d.logUserError,l=/^https:\/\/.\.facebook\.com$/i,m="FACEBOOK_IWL_CONFIG_STORAGE_KEY",n=null;e.exports=new h(function(d,e){try{n=a.sessionStorage?a.sessionStorage:{getItem:function(a){return null},removeItem:function(a){},setItem:function(a,b){}}}catch(a){return}function h(c,d){var e=b.createElement("script");e.async=!0;e.onload=function(){if(!a.FacebookIWL\|\|!a.FacebookIWL.init)return;var b=j(g.ENDPOINT);b!=null&&a.FacebookIWL.set&&a.FacebookIWL.set("tier",b);d()};a.FacebookIWLSessionEnd=func
Source: chromecache_148.2.dr, chromecache_154.2.dr, chromecache_115.2.dr	String found in binary or memory: <!DOCTYPE html><head><script async src="https://platform.twitter.com/oct.js"></script><noscript><img height="1" width="1" style="display:none;" src="https://www.facebook.com/tr?id=1711912442390284&ev=PageView&noscript=1"><img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=288220&fmt=gif"><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5P8FXJ" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript><script type="text/javascript">window.env = 'production'; equals www.facebook.com (Facebook)
Source: chromecache_148.2.dr, chromecache_154.2.dr, chromecache_115.2.dr	String found in binary or memory: <!DOCTYPE html><head><script async src="https://platform.twitter.com/oct.js"></script><noscript><img height="1" width="1" style="display:none;" src="https://www.facebook.com/tr?id=1711912442390284&ev=PageView&noscript=1"><img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=288220&fmt=gif"><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5P8FXJ" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript><script type="text/javascript">window.env = 'production'; equals www.linkedin.com (Linkedin)
Source: chromecache_148.2.dr, chromecache_154.2.dr, chromecache_115.2.dr	String found in binary or memory: <!DOCTYPE html><head><script async src="https://platform.twitter.com/oct.js"></script><noscript><img height="1" width="1" style="display:none;" src="https://www.facebook.com/tr?id=1711912442390284&ev=PageView&noscript=1"><img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=288220&fmt=gif"><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5P8FXJ" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript><script type="text/javascript">window.env = 'production'; equals www.twitter.com (Twitter)
Source: chromecache_154.2.dr	String found in binary or memory: </script><noscript><img height="1" width="1" style="border-style:none;" alt="" src="https://www.facebook.com/tr?id=115007715701008&ev=PageView&noscript=1"></noscript><script type="text/javascript" src="//www.googleadservices.com/pagead/conversion.js"></script><div id="app-component"></div><script src="//st.toneden.io/production/javascripts/fan-link.js?v=0e8b5ac8a4" crossorigin="anonymous"></script></body><script src="//sd.toneden.io/production/v2/toneden.loader.js" async></script> equals www.facebook.com (Facebook)
Source: chromecache_112.2.dr, chromecache_117.2.dr	String found in binary or memory: __d("LiveChatPluginConstants",["$InternalEnum"],(function(a,b,c,d,e,f){"use strict";a="LiveChatEvent/";c="mqtt";d=b("$InternalEnum")({CONNECTED:"Connected",CONNECTING:"Connecting",DISCONNECTED:"Disconnected"});e=250;b=a+"close_timestamps";var g=a+"reset_badging",h=a+"state",i=a+"switch_account",j=a+"typing",k=a+"unread_count",l=a+"update_message_list",m="platform/plugins/connect/guest",n=a+"guest_upgrade_success",o=a+"guest_upgrade_success_incognito",p=a+"navigate_to_welcome_page",q="platform/plugins/connect/access_token";a=a+"start_re_engagement";var r=124,s=187,t=24,u=424,v=288,w=313,x=219,y=40,z=36,A=24,B=18,C=708,D=540,E=244,F=202,G=509,H=430,I=6,J=0,K=1,L=-1,M="messaging_plugin",N=8634e4,O="#8A8D91",P="entrypoint:customer_chat_plugin",Q=0,R=1,S=2,T=3,U="new_message_update",V="initial_fetch",W=5e3,X="https://www.facebook.com/business/help/1661027437357021";f.MQTT=c;f.MQTTGatewayConnectionState=d;f.LOGIN_CHECK_INTERVAL=e;f.CLOSE_TIMESTAMPS=b;f.RESET_BADGING=g;f.STATE_UPDATE=h;f.SWITCH_ACCOUNT=i;f.TYPING_UPDATE=j;f.UNREAD_COUNT_UPDATE=k;f.UPDATE_MESSAGE_LIST=l;f.GUEST_MODE_CONNECT=m;f.GUEST_UPGRADE_SUCCESS=n;f.GUEST_UPGRADE_SUCCESS_INCOGNITO=o;f.NAVIGATE_TO_WELCOME_PAGE=p;f.ACCESS_TOKEN_LOGIN=q;f.START_RE_ENGAGEMENT=a;f.PROMPT_FALLBACK_HEIGHT=r;f.PROMPT_REDESIGN_FALLBACK_HEIGHT=s;f.PROMPT_CONTAINER_PADDING_HEIGHT=t;f.WELCOME_PAGE_GUEST_FALLBACK_HEIGHT=u;f.WELCOME_PAGE_NO_GUEST_FALLBACK_HEIGHT=v;f.WELCOME_PAGE_GUEST_FALLBACK_HEIGHT_WITH_COMPACT=w;f.WELCOME_PAGE_NO_GUEST_FALLBACK_HEIGHT_WITH_COMPACT=x;f.WELCOME_PAGE_ATTRIBUTION_OFFEST_HEIGHT=y;f.WELCOME_PAGE_ATTRIBUTION_OFFSET_HEIGHT_WITH_COMPACT=z;f.MAIN_IFRAME_PADDING_HEIGHT=A;f.MAIN_IFRAME_PADDING_HEIGHT_WITH_COMPACT=B;f.THREAD_PAGE_HEIGHT=C;f.THREAD_PAGE_HEIGHT_COMPACT=D;f.RE_ENGAGEMENT_COLLAPSED_DIALOG_HEIGHT=E;f.RE_ENGAGEMENT_COLLAPSED_DIALOG_HEIGHT_COMPACT=F;f.RE_ENGAGEMENT_EXPANDED_DIALOG_HEIGHT=G;f.RE_ENGAGEMENT_EXPANDED_DIALOG_HEIGHT_COMPACT=H;f.GREETING_TEXT_BOTTOM_SPACING_OFFEST=I;f.LOGGED_IN_CHAT_MODE=J;f.GUEST_CHAT_MODE=K;f.INVALID_CHAT_MODE=L;f.MESSENGING_PLUGIN=M;f.GUEST_SESSION_STORAGE_VALIDITY_MS=N;f.GUEST_SEND_BUTTON_COLOR_EMPTY_INPUT=O;f.LIVE_CHAT_ENTRYPOINT_ATTRIBUTION_TAG=P;f.ITP_CONSISTENCY_UNKNOWN_LOGGED_OUT=Q;f.ITP_CONSISTENCY_CONSISTENT_LOGGED_IN=R;f.ITP_CONSISTENCY_INCONSISTENT=S;f.ITP_CONSISTENCY_CONSISTENT_NO_ITP=T;f.NEW_MESSAGE_UPDATE=U;f.INITIAL_FETCH=V;f.PLUGIN_FADE_DELAY=W;f.HELP_DEX_LINK=X}),66); equals www.facebook.com (Facebook)
Source: chromecache_112.2.dr, chromecache_117.2.dr	String found in binary or memory: window.FB&&window.FB.__buffer&&(window.__buffer=babelHelpers["extends"]({},window.FB.__buffer)); } }).call(global);})();} catch (e) {var i = new Image();i.crossOrigin = 'anonymous';i.dataset.testid = 'fbSDKErrorReport';i.src='https://www.facebook.com/platform/scribe_endpoint.php/?c=jssdk_error&m='+encodeURIComponent('{"error":"LOAD", "extra": {"name":"'+e.name+'","line":"'+(e.lineNumber\|\|e.line)+'","script":"'+(e.fileName\|\|e.sourceURL\|\|e.script\|\|"sdk.js")+'","stack":"'+(e.stackTrace\|\|e.stack)+'","revision":"1014909164","namespace":"FB","message":"'+e.message+'"}}');document.body.appendChild(i);} equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: hantal.fanlink.tv
Source: global traffic	DNS traffic detected: DNS query: platform.twitter.com
Source: global traffic	DNS traffic detected: DNS query: use.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: st.toneden.io
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: static.ads-twitter.com
Source: global traffic	DNS traffic detected: DNS query: sd.toneden.io
Source: global traffic	DNS traffic detected: DNS query: cdn.evbstatic.com
Source: global traffic	DNS traffic detected: DNS query: connect.facebook.net
Source: global traffic	DNS traffic detected: DNS query: www.toneden.io
Source: global traffic	DNS traffic detected: DNS query: fanlink.tv
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: esselungas-sondaggio.web.app
Source: global traffic	DNS traffic detected: DNS query: virtualpushplatform.com
Source: global traffic	DNS traffic detected: DNS query: push-visit.xyz
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 16, 2024 11:07:40.193025112 CEST	53	51540	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:40.208403111 CEST	53	50626	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:41.204406977 CEST	53	58703	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:41.294454098 CEST	49711	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:41.294653893 CEST	56365	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:41.305258989 CEST	53	49711	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:41.305413008 CEST	53	56365	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:42.244015932 CEST	50181	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:42.244240046 CEST	57776	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:42.244725943 CEST	61972	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:42.244885921 CEST	50740	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:42.245331049 CEST	50065	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:42.245609999 CEST	60936	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:42.262674093 CEST	53	50065	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:42.267311096 CEST	53	60936	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:42.339386940 CEST	60335	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:42.339742899 CEST	54593	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:42.347013950 CEST	53	54593	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:42.349466085 CEST	53	60335	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:43.421518087 CEST	58501	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:43.421775103 CEST	55902	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:43.429303885 CEST	53	55902	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:43.429430962 CEST	53	58501	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:44.789151907 CEST	57756	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:44.789443970 CEST	50832	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:44.792927980 CEST	58390	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:44.793055058 CEST	59875	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:44.793901920 CEST	62697	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:44.794212103 CEST	60776	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:44.801871061 CEST	53	60776	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:44.802745104 CEST	53	62697	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:44.804507017 CEST	53	58390	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:44.810237885 CEST	53	57756	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:44.817326069 CEST	53	59875	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:44.827069044 CEST	53	50832	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:45.388478994 CEST	57281	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:45.388776064 CEST	57316	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:45.443339109 CEST	50107	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:45.444103003 CEST	52708	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:45.534601927 CEST	53	52708	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:45.534940958 CEST	53	50107	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:46.739984035 CEST	58515	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:46.740664959 CEST	49691	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:46.747070074 CEST	60249	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:46.747558117 CEST	54441	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:46.917990923 CEST	53	58515	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:46.921159983 CEST	53	49691	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:46.934314966 CEST	53	60249	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:46.936129093 CEST	53	54441	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:47.334408998 CEST	57157	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:47.334650040 CEST	65211	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:47.351294041 CEST	53	57157	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:47.351314068 CEST	53	65211	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:48.290513039 CEST	53	57631	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:49.386940002 CEST	60696	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:49.387079000 CEST	60747	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:49.402856112 CEST	53	60696	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:49.410867929 CEST	53	60747	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:49.489192963 CEST	63635	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:49.491255045 CEST	63655	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:49.496201992 CEST	54951	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:49.496606112 CEST	54832	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:49.499300003 CEST	53	63655	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:49.511172056 CEST	53	63635	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:49.512105942 CEST	53	54832	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:49.512188911 CEST	53	54951	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:51.212894917 CEST	51080	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:51.212995052 CEST	62681	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:51.218941927 CEST	58007	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:51.219366074 CEST	58824	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:51.220458031 CEST	49704	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:51.220698118 CEST	63959	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:51.224101067 CEST	53	62681	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:51.226461887 CEST	53	58824	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:51.227530956 CEST	53	58007	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:51.236066103 CEST	53	51080	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:51.239546061 CEST	53	63959	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:51.241894960 CEST	53	49704	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:51.261599064 CEST	56213	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:51.261879921 CEST	63993	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:51.282771111 CEST	53	56213	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:51.287312031 CEST	53	63993	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:52.038912058 CEST	65157	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:52.039082050 CEST	58954	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:52.051270008 CEST	53	65157	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:52.051712990 CEST	53	58954	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:52.673254013 CEST	60627	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:52.673413992 CEST	51776	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:52.683334112 CEST	53	60627	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:52.684181929 CEST	53	51776	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:52.734112978 CEST	64911	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:52.734325886 CEST	59459	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:52.742384911 CEST	53	64911	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:52.755250931 CEST	53	59459	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:52.997524023 CEST	50978	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:52.997685909 CEST	64170	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:54.902096987 CEST	57186	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:54.902285099 CEST	52877	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:54.914834023 CEST	53	62535	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:54.916583061 CEST	53	52877	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:54.923810959 CEST	53	57186	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:57.426088095 CEST	65487	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:57.430129051 CEST	54514	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:07:57.443802118 CEST	53	54514	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:57.456804037 CEST	53	65487	1.1.1.1	192.168.2.5
Jul 16, 2024 11:07:59.059767008 CEST	53	53143	1.1.1.1	192.168.2.5
Jul 16, 2024 11:08:00.923660994 CEST	60140	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:08:00.924170017 CEST	60730	53	192.168.2.5	1.1.1.1
Jul 16, 2024 11:08:00.931173086 CEST	53	60140	1.1.1.1	192.168.2.5
Jul 16, 2024 11:08:00.932339907 CEST	53	60730	1.1.1.1	192.168.2.5
Jul 16, 2024 11:08:18.294940948 CEST	53	52038	1.1.1.1	192.168.2.5
Jul 16, 2024 11:08:39.617192984 CEST	53	60349	1.1.1.1	192.168.2.5
Jul 16, 2024 11:08:39.617847919 CEST	53	50206	1.1.1.1	192.168.2.5
Jul 16, 2024 11:08:41.166532040 CEST	53	59188	1.1.1.1	192.168.2.5

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jul 16, 2024 11:07:44.817414999 CEST	192.168.2.5	1.1.1.1	c267	(Port unreachable)	Destination Unreachable
Jul 16, 2024 11:07:49.410981894 CEST	192.168.2.5	1.1.1.1	c260	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
2024-07-16 09:07:41 UTC	664	OUT	GET /o7IZ HTTP/1.1 Host: hantal.fanlink.tv Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-16 09:07:42 UTC	538	IN	HTTP/1.1 200 OK X-Powered-By: Express X-Nerd-Alert: Like React.js? Flux? Node? We want you! eventbritecareers.com Strict-Transport-Security: max-age=31536000000; includeSubDomains Content-Type: text/html; charset=utf-8 Content-Length: 9507 Set-Cookie: connect.sid=s%3A%3Ajw-gv87-E4p7sg9HsYEsAMhVSg-w3L8O.MIliprg5vOwXEvyoBgTvdOq5iNhUlP7K%2FKGXw7mfqv0; Domain=.fanlink.tv; Path=/; Expires=Tue, 23 Jul 2024 09:07:42 GMT; HttpOnly; Secure; SameSite=None Vary: Accept-Encoding Date: Tue, 16 Jul 2024 09:07:42 GMT Connection: close
2024-07-16 09:07:42 UTC	9506	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 6c 61 74 66 6f 72 6d 2e 74 77 69 74 74 65 72 2e 63 6f 6d 2f 6f 63 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 69 6d 67 20 68 65 69 67 68 74 3d 22 31 22 20 77 69 64 74 68 3d 22 31 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 74 72 3f 69 64 3d 31 37 31 31 39 31 32 34 34 32 33 39 30 32 38 34 26 61 6d 70 3b 65 76 3d 50 61 67 65 56 69 65 77 26 61 6d 70 3b 6e 6f 73 63 72 69 70 74 3d 31 22 3e 3c 69 6d 67 20 68 65 69 67 68 74 3d 22 31 22 20 77 69 64 74 68 3d 22 31 22 20 Data Ascii: <!DOCTYPE html><head><script async src="https://platform.twitter.com/oct.js"></script><noscript><img height="1" width="1" style="display:none;" src="https://www.facebook.com/tr?id=1711912442390284&ev=PageView&noscript=1"><img height="1" width="1"
2024-07-16 09:07:42 UTC	1	IN	Data Raw: 3e Data Ascii: >

Timestamp	Bytes transferred	Direction	Data
2024-07-16 09:07:43 UTC	593	OUT	GET /production/javascripts/fan-link.js?v=0e8b5ac8a4 HTTP/1.1 Host: st.toneden.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://hantal.fanlink.tv sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://hantal.fanlink.tv/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-16 09:07:43 UTC	659	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Content-Length: 4491816 Connection: close Date: Tue, 16 Jul 2024 09:07:44 GMT Last-Modified: Tue, 25 Jun 2024 18:46:08 GMT ETag: "0c1bc2dd546bb3ae31c221550483a421" x-amz-server-side-encryption: AES256 Content-Encoding: gzip x-amz-version-id: 3bg7yQ2ymW9sv2yY3QDQsun2YbU8Jcoy Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 eab88762658052b4a1e386f8521a38ce.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA2-C1 X-Amz-Cf-Id: Xiiwj_2TW1YCwleEFIN2S-8R1PtFLaL8DAv79YVqI_0qWEHKyB0Bxw== Cache-Control: no-store, max-age=0 Access-Control-Allow-Origin: *
2024-07-16 09:07:43 UTC	3309	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 03 ec bd 69 77 db 48 92 28 fa fd fd 0a 08 77 86 03 dc 4e 66 13 0b c1 45 8d f6 b8 6c b9 e5 3b 96 e5 63 b9 5c 5d ad d1 e8 40 60 92 44 0b 04 38 89 24 6d 49 e0 7f 7f 27 22 91 00 b8 c9 92 4b 76 b9 bb 71 aa 4c 61 49 e4 1a 19 11 19 eb 1f ff ef 81 f6 2a e5 5a 1c 85 2c c9 98 16 25 e3 94 cf 02 11 a5 89 36 8f 59 90 31 2d 63 4c 1b 07 49 3b 8e 92 6b fa f7 8c be 79 fd e2 e8 ed d9 11 15 9f 85 f6 7f ff f8 ff 19 86 e9 ff f9 6e 19 70 ed f2 f2 13 bb 9a 07 e1 f5 e5 2c 1d 2d 62 96 5d 5e fa 77 6e df f3 06 de d0 60 44 10 0e 25 f5 05 d4 29 78 14 0a fd 90 d3 91 21 c8 dd df 86 50 49 ba 32 0f a1 9e c4 e7 86 d7 77 07 03 cb 24 81 ff c7 ff 31 8c 70 1a c5 23 ce 92 7c 14 24 13 c6 d3 45 16 df 9c 31 f1 3a 49 18 3f fe 70 f2 26 bf 66 37 39 67 e3 3c 58 88 f4 55 1a Data Ascii: iwH(wNfEl;c\]@`D8$mI'"KvqLaI*Z,%6Y1-cLI;kynp,-b]^wn`D%)x!PI2w$1p#\|$E1:I?p&f79g<XU
2024-07-16 09:07:44 UTC	16384	IN	Data Raw: 2a 53 3e d0 57 06 cf 73 63 a3 61 ff 0e 39 bb be d7 eb 39 7b 39 2a 18 38 68 86 9c be e3 75 7b 26 fd db bb 43 46 41 02 c5 45 e6 df cd 52 a0 06 c3 64 b5 22 b2 c0 be 0d 21 e8 df de 6d 32 4a 06 d4 db 1b f4 7b bd 9e 69 b6 5a 09 ad 66 f1 59 32 bc 2b f4 11 c3 64 45 d2 35 54 a0 e6 4b 13 05 31 15 3e a3 97 97 91 d5 4f 2e 2f 09 f7 45 ab 25 28 8a 3f 98 62 35 f9 b3 00 98 42 50 4d 15 6f 0c 6e 0e b7 9e e9 2c d1 4d 52 3d 96 ec 8d 44 81 a4 24 66 e6 4a 11 45 0e 1c 4d 59 dc 2c c0 63 ce 53 91 02 41 a6 d3 20 ab 71 6e 34 0c e2 d8 28 8b 13 6e b6 5a 07 0f fa 06 74 78 8a 1b 2e bf 3f e7 17 8a 45 d0 c4 ca 90 bd f4 7d 9f d3 c9 b3 4f c8 54 0c 39 9d 98 87 38 f5 e9 8a f4 ac 81 25 35 82 5b d0 fd 15 70 fd f2 e8 d5 f3 9f df 7c b8 fc f0 fa e4 e8 f2 d5 e9 fb 93 e7 1f 7c 41 5f fd fc e6 cd c6 Data Ascii: S>Wsca99{98hu{&CFAERd"!m2J{iZfY2+dE5TK1>O./E%(?b5BPMon,MR=D$fJEMY,cSA qn4(nZtx.?E}OT98%5[p\|\|A_
2024-07-16 09:07:44 UTC	16384	IN	Data Raw: 11 74 73 bf 90 c8 1b 0c ec 41 13 7d a3 11 12 35 42 a2 46 48 24 52 70 43 7c 74 ca 95 a7 33 bf fb 1a 21 d1 83 85 19 3f 8c 28 09 f0 b8 fb f4 b2 23 60 2e 80 23 80 bf a5 ec 08 f5 5b 60 7c a1 64 47 68 91 81 67 f6 4a 76 84 1c 0a d8 5e 3c 89 ec 08 86 e7 b8 40 c7 41 8d 03 9a f7 2e 05 ee 0a 18 1b 54 27 83 82 08 b4 50 52 9b d4 05 b6 a2 1f c3 2f 30 1c c0 b2 58 53 8a ac 1d a8 02 81 81 90 52 1c e4 46 14 7f 68 03 13 e0 2a 0d 1e 6a a6 c0 72 01 d8 12 18 32 56 0e 36 0c c0 8c f5 50 24 04 0d 78 f0 15 32 68 28 3d 02 de 0e 78 05 a9 7a f1 42 b4 c7 00 fe 0f 22 a4 a0 5d 85 52 8e 83 c0 08 de 02 73 44 bb f0 b6 0f b7 c8 8a f4 90 c3 43 99 54 25 98 42 9e 47 0a ab 90 f1 71 80 63 1c b4 41 1e 32 68 83 a6 cb 01 4d a7 e5 1d 3b c0 9b 21 5b 36 40 fe 13 19 ad 42 95 8f 8c 18 30 ac d0 77 d4 54 Data Ascii: tsA}5BFH$RpC\|t3!?(#`.#[`\|dGhgJv^<@A.T'PR/0XSRFh*jr2V6P$x2h(=xzB"]RsDCT%BGqcA2hM;![6@B0wT
2024-07-16 09:07:44 UTC	1514	IN	Data Raw: fe ae c9 eb 16 9b ed ba 61 87 00 31 d3 98 5e 32 7d 81 f0 cc 90 54 a0 7b 55 8c fe e2 86 e9 18 de 48 27 5c f2 5c 85 66 d8 d2 13 c9 3e e7 fc dd 63 f9 05 ba 24 f2 90 79 58 ea 84 53 f0 2e 99 02 f6 4e 53 e2 2f 69 0e 2b 43 e9 1d 5d f3 5b 07 c8 b0 f9 cc 71 04 d7 2d 9f 4c 91 76 48 ee 59 ca bb bd 02 1b 01 5b 19 bc 9f ba b0 e2 1e cc 24 a5 20 88 d1 d5 ed a7 8e 5b cf 73 23 04 d0 c1 f1 bb d7 dd 2a ec 0b 0e ce 38 c1 9f e9 a0 ee 5d a9 a9 4d 8e 42 db 51 2f 8d 52 96 b1 e9 df 12 94 63 e0 19 12 d2 6c f3 c7 a4 d5 20 06 f0 e5 c7 2c 68 88 c3 a7 0e 85 80 75 1b 03 56 0e a6 8a 60 12 ad 53 95 0c c9 dc cf 26 57 d7 3d 8f da f9 a0 0d a4 c7 0a aa 51 be 8c b4 16 a4 49 b9 d1 55 ea e9 eb 59 7e 56 b0 6d 93 e2 56 01 74 5d f2 87 3d 1e 4f dc c3 99 10 9b 29 36 0c 44 2f 15 15 c3 2e a7 1a c4 d8 Data Ascii: a1^2}T{UH'\\f>c$yXS.NS/i+C][q-LvHY[$ [s#*8]MBQ/Rcl ,huV`S&W=QIUY~VmVt]=O)6D/.
2024-07-16 09:07:44 UTC	16384	IN	Data Raw: 48 15 25 01 64 6e 91 35 4d 6f 07 8b 1a 82 c8 fb 56 35 24 6e 7c 2a 0d fd 33 67 af 68 9f 94 9c 03 4f ef 27 41 34 f4 42 a8 43 e8 5d db 16 e3 2b 7e 7c 18 c7 4d 9a d9 8e 54 56 f6 79 24 64 0b ec 05 a9 7e 7b fa 71 8f 02 92 df d2 f4 22 de e7 3c a1 4d 1b 7b 05 79 34 05 dc c8 d1 a2 3e 30 d4 8b c9 e9 45 aa 85 04 fb 4e ec a8 30 07 a2 86 0b 53 aa 52 dc 9b 3e 1e 9e c8 16 8e 4b 11 e6 2f 8e 95 87 96 b5 f7 69 c8 62 2b 2c cf 3d 7d 3c e7 f3 38 c2 32 8d 32 22 11 67 7a ee 1b 9a 87 54 75 27 83 40 51 0f 0b 47 85 71 60 ca 13 20 0c e7 4d 73 cb bf 3b e3 4d 02 2a 06 ca 26 9f 9d 88 f7 e2 5a 1d 28 d6 53 f6 2e 86 aa 2d 50 09 2a d8 68 26 75 96 65 5a 45 00 e1 88 d2 0b fe 18 f5 dd 21 f4 29 c9 03 7a 76 b8 70 04 70 20 97 41 af 8e 54 01 70 12 49 71 a1 9d 13 80 25 66 ce 8c c7 84 34 28 46 8d Data Ascii: H%dn5MoV5$n\|3ghO'A4BC]+~\|MTVy$d~{q"<M{y4>0EN0SR>K/ib+,=}<822"gzTu'@QGq` Ms;M&Z(S.-P*h&ueZE!)zvpp ATpIq%f4(F
2024-07-16 09:07:44 UTC	1558	IN	Data Raw: 0d ca 7e f2 8c ed cc 78 a3 d2 0b da 85 2b 45 62 e0 b5 23 60 8f 54 88 50 f2 b3 d4 7a f6 e4 03 26 b1 a2 b1 2a 88 62 25 d6 20 34 f4 e2 0b 56 bf 4f db 52 4a 00 d0 ce 9c c2 64 72 03 c5 d8 44 e1 be b6 a9 e2 fc f4 e3 a0 99 25 10 19 9e 05 d8 25 59 49 9a 09 b6 db a4 0f 58 85 7a c6 05 40 51 49 b7 10 db 6b f3 6c 12 a5 6b 5a c3 da a2 dc a4 96 17 87 10 37 26 0b 84 d8 b7 9b 34 b4 54 40 d1 de 8e 95 a0 24 87 8e a6 8d ca 39 f8 9e 36 a1 67 8f 29 89 99 79 8f 6b 53 6d 93 78 e0 48 9a d8 6e 66 59 a8 fe 2a aa f0 09 0f 8c 97 ba 0f 2a 06 b4 82 3c ed 1b c5 ff 1d 74 f9 d9 73 49 1c a3 07 b6 02 57 08 0e 2b 71 10 9f ea 82 ed c1 bf 79 06 4d 94 e0 72 68 19 b2 a5 82 80 74 fc 32 72 97 76 70 6d 1e 8a df 62 69 76 bb 19 a8 45 ed 0b 27 0e 65 0e 87 90 a0 2d 67 e4 70 5a a7 1a 29 92 d7 89 c5 0b Data Ascii: ~x+Eb#`TPz&b% 4VORJdrD%%YIXz@QIklkZ7&4T@$96g)ykSmxHnfY*<tsIW+qyMrht2rvpmbivE'e-gpZ)
2024-07-16 09:07:44 UTC	16384	IN	Data Raw: 19 fd 04 21 27 00 30 a6 69 69 46 9c cc 09 00 9f 32 2b bd 2f 1b 69 5f 1f c2 12 66 48 47 49 16 1f aa d9 35 45 4c 74 e9 3e a2 c8 9c 42 5d 3a 6b 7a 14 13 63 0f 53 25 cb 6a 36 e3 30 cb 58 9c d4 5e b3 53 40 cf 4a ce 16 6d 4a 16 10 5b 98 75 25 d8 07 7b 04 71 c1 1e 03 df 6e 4e 08 0e 3b d6 8e 6d 6c 44 b0 00 4d 98 58 16 8a c0 da 96 93 42 97 7a 5a f2 38 6c 57 b4 75 d1 d0 b3 0f d0 87 ec 02 0e c2 a2 85 82 c9 74 0a 16 b8 ec b4 6e 1e 58 90 5b 63 ce 06 5a 90 d5 c7 9c 23 db 7d c8 1b f3 05 81 16 eb 9c fb 3b 60 29 b2 1b 23 d2 11 ef 4b 96 31 47 c6 78 80 10 c0 62 19 ec 31 a8 49 d9 1c f8 06 98 25 a9 94 05 9d f8 f8 27 3b 6e 1e 83 80 fd 8d 16 03 4b 8a c6 d4 dc 32 18 48 7c 0d 1c d6 e3 ac 84 b5 59 e0 fc 08 6f a8 1b 39 59 9e 82 2c 18 00 a7 59 6d c1 11 e4 22 cb 58 ea 83 f5 a5 7b 15 Data Ascii: !'0iiF2+/i_fHGI5ELt>B]:kzcS%j60X^S@JmJ[u%{qnN;mlDMXBzZ8lWutnX[cZ#};`)#K1Gxb1I%';nK2H\|Yo9Y,Ym"X{
2024-07-16 09:07:44 UTC	16384	IN	Data Raw: fc d6 3a d6 ad 0c 01 e2 05 0a da d1 9f 1a e5 ae 6a 77 ce 9d 67 3a db cf 60 1f ed 76 69 26 68 a3 f2 fa a2 6c b9 26 52 11 64 25 40 e7 49 63 f7 6a 0b 93 7e 74 6d 13 d0 89 85 6c 0e f1 90 0a 76 72 76 df 80 82 16 4a 47 90 53 2a 79 77 a0 78 94 c1 91 95 64 ce b5 f1 dc 6e cc 1e 2a 88 01 d9 38 66 3f a2 ef fc 67 88 a5 ec 11 a4 ac 42 68 17 45 62 fc 8a be 57 50 72 b2 ae 1b 84 96 58 85 71 3f 51 be 8a f2 f3 77 c3 95 5b c7 d4 07 57 90 f0 6e 5e ae 1e 19 ff d8 bf 5d 22 d7 ba 9e 4a 31 a7 dc c2 1d 81 fe 1d 81 fe 1d 95 e2 1d 95 e2 1f 4e a5 f8 5a 77 9f 18 a6 c1 97 8f a2 3e 7c f6 fc 87 e3 cd ea 0a ca a4 d7 8a c0 ae f8 56 b8 44 f3 f7 06 99 d5 15 df 36 46 c3 77 1d f3 15 8f d8 9b ec 7c b7 3e 64 ba 89 32 ee d6 47 7d 45 23 78 05 e1 d9 ad 8f ba 63 08 bb 92 6a ec d6 47 dd 91 e6 5d c9 Data Ascii: :jwg:`vi&hl&Rd%@Icj~tmlvrvJGSywxdn8f?gBhEbWPrXq?Qw[Wn^]"J1NZw>\|VD6Fw\|>d2G}E#xcjG]
2024-07-16 09:07:44 UTC	16384	IN	Data Raw: 7f 3c 98 6e a1 c0 e2 32 7e bf 38 bb 98 2e 7a 36 f6 af fd af bd 83 3e 73 62 ef 3b f3 93 fe d1 d9 e1 c0 ff 12 c4 3d db 43 de 6d 73 cb f6 77 bf 39 bb 98 4e c6 ef 00 dd 7b 7f 71 32 3c 82 a3 ff df e5 d9 c5 70 f8 61 4a 6d 7d 63 c6 a8 53 60 17 5a 55 0a c5 10 b3 f5 6f 6c 6a fc ac 55 5a 1b 34 b2 b0 74 1e 76 99 02 0a 56 2a 15 cc b0 28 e3 82 32 de af 9e 80 02 49 8d 4a 6b 3b 3d 6b 95 01 b1 d1 58 f3 c6 16 6e 6d bc 1e 99 8c 37 6c d6 46 a5 41 ee c5 51 c7 65 40 36 0f cd 90 87 f0 c7 94 19 6f 68 79 c5 9b a2 8a e5 01 ee 38 76 26 a9 52 ca 1b 6b 1a 3f 53 1a 1f 98 49 f1 c7 e1 7e fa 74 7d 64 1a af 3b 1f 8f 4c 13 3b 1f f7 0e ee cf c6 7f 4e 27 57 e3 8b 5f 67 d3 d6 6e e5 a2 f7 ef 22 2d e7 72 ef 60 a3 0f 9c b0 84 8d 0e dc 9e 37 de 7f 5a cd e1 90 82 1a 56 e9 dc 98 b4 44 5b b5 6f aa Data Ascii: <n2~8.z6>sb;=Cmsw9N{q2<paJm}cS`ZUoljUZ4tvV*(2IJk;=kXnm7lFAQe@6ohy8v&Rk?SI~t}d;L;N'W_gn"-r`7ZVD[o
2024-07-16 09:07:44 UTC	16384	IN	Data Raw: ff 7a 38 df fe f6 6d 0b d2 dc bf dc 2a 48 73 f0 db ba f6 cc 9f e7 47 cb 77 07 fb 93 83 77 eb 2a 33 6a b6 bf f9 79 53 20 66 b4 58 9c bd ba f8 fd f7 f5 45 fb 93 83 df d6 31 ab cb a7 f6 db e5 ff 18 cd 5f bd 39 9f 5c 2c 17 7a 36 b9 78 b5 9c 7e bb fc b7 7f 6b b1 a8 f3 a7 9b df fe be fc c7 26 d4 f5 82 50 d7 f9 41 1f a5 7a 7f 60 eb bf c6 b5 29 32 f3 d9 7c 3c 9b bc 2f a9 8f 37 67 bf 00 31 df b4 7d 83 82 b7 b3 1f 4c b6 9d f2 e3 a8 8c aa 2a a8 aa ea a2 0b aa 76 95 7f 5d e8 f8 14 da 37 b2 66 9f 25 1d 15 20 64 ed af 75 8b 00 42 3e 35 24 db 7f 5d fb de 59 f3 a3 cd 72 ad 75 8a aa c6 3b 42 05 a5 bf 77 0b f3 35 46 9b 07 af eb 20 cc 0f c2 fc 20 cc ff 31 84 79 a1 58 1d 36 8d dd e4 7e f3 d3 97 a2 f9 9b 07 dc 26 fc ed a7 8f a0 fe ee f3 13 f5 fb eb ce e6 5c c2 40 d7 07 ba 3e Data Ascii: z8mHsGww3jyS fXE1_9\,z6x~k&PAz`)2\|</7g1}L*v]7f% duB>5$]Yru;Bw5F 1yX6~&\@>

Timestamp	Bytes transferred	Direction	Data
2024-07-16 09:07:43 UTC	576	OUT	GET /production/stylesheets/fan-link.css?v=0e8b5ac8a4 HTTP/1.1 Host: st.toneden.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://hantal.fanlink.tv/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-16 09:07:43 UTC	625	IN	HTTP/1.1 200 OK Content-Type: text/css; charset=utf-8 Content-Length: 70367 Connection: close Date: Tue, 16 Jul 2024 09:07:44 GMT Last-Modified: Tue, 25 Jun 2024 18:46:10 GMT ETag: "31a80b765f33e7625b738778cb8bff67" x-amz-server-side-encryption: AES256 Content-Encoding: gzip x-amz-version-id: RmgZQ0iD8SOubEZkTHWcKZ_vJUpMfkf_ Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA2-C1 X-Amz-Cf-Id: -lASZ4BzJAzOygWVqoXc4fp0Nhwpf6vwjVgIU5Z1gmS0NVIwmVPr6w== Cache-Control: no-store, max-age=0 Vary: Origin
2024-07-16 09:07:43 UTC	14348	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 03 ec bd 8b 8e e4 3a 72 28 f8 2b b9 a7 70 80 ae b9 a9 84 a4 7c ab e0 c1 78 66 af 71 0d 78 7c 2f 3c 6b c0 be b3 67 0d 65 8a 59 25 b7 52 ca 91 94 dd d5 a7 50 ff b2 df b2 5f b6 88 e0 2b f8 90 52 f9 a8 ea ee e3 76 d9 c7 9d 24 45 06 83 11 c1 60 44 30 38 69 9f d8 9e 05 6d 55 b2 8c 95 a3 df bd 04 c1 26 6d 58 72 17 6d e0 ef 81 ff 0c 9e 92 30 63 8f f2 57 93 84 3f cb 7f 17 49 14 4e e6 ab 55 3c 9d c7 eb 59 a4 ca d3 24 92 4d b6 55 d9 d6 69 d3 26 77 f1 12 fe ec 72 ab 77 d9 3c a0 c3 a8 c2 22 89 e6 13 18 29 5a 2e 66 4b 3d 9e 6a c0 07 7e ac d3 2f c9 dd 74 06 7f 0f 41 00 3f f5 30 f8 4b f4 8e ff 2e 92 38 9c 4c d7 71 34 5f ac 16 f1 12 26 81 e5 bc af a6 48 5b 96 dc 4d 57 f0 f7 10 04 f8 5b f7 c6 7f 8a ee f8 8f 22 89 a3 c9 7a 11 2e 57 b3 69 34 c5 fe Data Ascii: :r(+p\|xfqx\|/<kgeY%RP_+Rv$E`D08imU&mXrm0cW?INU<Y$MUi&wrw<")Z.fK=j~/tA?0K.8Lq4_&H[MW["z.Wi4
2024-07-16 09:07:44 UTC	2465	IN	Data Raw: 81 10 33 f2 56 56 14 02 c1 0d 80 4b 65 b0 ed 06 ac 63 30 8c b9 e0 4f 3d d3 a4 ca f8 aa 73 57 c6 65 5e 39 24 69 31 9f c0 fd 8b 4d 25 a7 91 d0 01 d7 80 4c d0 43 e0 3a bd 8e a7 d1 e5 49 9b 8c cf c7 74 d1 a4 db a3 49 fe 2a 0d db 39 9a e0 a5 83 09 60 14 04 74 db 41 d4 f3 87 c0 c9 8d 35 ee db a6 97 8d b4 cb 5a a7 d1 3b 87 fe d4 e0 a8 7e da 10 d9 bf 51 59 7a 21 00 85 f8 90 96 7d b1 2d 8a e1 0a dd f4 f0 3c b2 6b e2 08 4d c2 b7 c2 98 82 ef 93 10 5f 8e 28 14 2d 2e 11 7d e2 53 9e 64 ec 0d 3a 16 06 53 c3 c7 c0 d3 a9 0e 11 36 28 95 3a 99 5a 64 43 a8 ab cf 5d 80 eb 16 62 9e a2 60 5b 15 2f 2a 0c 42 d1 d4 00 88 fa d9 b9 6f 38 22 66 3c fc fc 40 b2 87 09 35 8c 10 f8 96 bf 08 89 7b a2 5d 7c d3 e7 c8 ec ce 05 d6 ec e2 1b 3e 43 66 77 dd 3b 22 57 2e ec 4f 38 34 41 f3 b7 63 5a Data Ascii: 3VVKec0O=sWe^9$i1M%LC:ItI9`tA5Z;~QYz!}-<kM_(-.}Sd:S6(:ZdC]b`[/Bo8"f<@5{]\|>Cfw;"W.O84AcZ
2024-07-16 09:07:44 UTC	16384	IN	Data Raw: cb b6 60 69 9d 6c aa f6 49 c1 80 92 41 d8 44 61 1f 1d 85 0f fb bc 0c b4 8d cc 30 c0 f8 fb 35 10 a3 92 8c 49 cc f0 39 8b c5 6b 2b 78 f2 b0 a8 ea c4 c6 90 5b 0a 4b 6a 0a 30 9d 41 df 4e 13 33 0f 55 fa 7c 7c d8 36 74 0d 5b 0f 34 ce 5d e6 cc 3a 67 42 52 e5 3f eb 1b 33 55 98 8c 2d f1 d3 3e 5a 33 cc e7 4b 35 be 44 e2 90 07 60 50 56 b6 c9 4f 3f 69 e9 ab 8c 65 80 eb 79 f8 33 4f de 8a b7 34 b0 4f 9e bb 75 1e fe 7c 2f 56 73 0e f7 ab cf 99 47 80 f4 2d 26 23 47 e1 44 32 bf a8 2b 71 7c 3a 0b 06 2e 65 bc 40 ac cf 86 82 77 86 60 a0 6b 0d d0 e6 9f 10 49 61 27 c9 d1 e0 5c bd 39 44 10 84 4c a7 94 a5 cd 13 cb e8 d5 69 14 2e 9c 19 12 5e 6b be e7 ac 65 85 60 41 bc 93 6c 09 9f 53 f9 fd 3c 30 5c 42 bc be 6e 4c 7a e6 02 53 cc 03 a6 36 e2 11 48 14 07 52 44 79 7a 93 22 82 4f 35 1c Data Ascii: `ilIADa05I9k+x[Kj0AN3U\|\|6t[4]:gBR?3U->Z3K5D`PVO?iey3O4Ou\|/VsG-&#GD2+q\|:.e@w`kIa'\9DLi.^ke`AlS<0\BnLzS6HRDyz"O5
2024-07-16 09:07:44 UTC	1024	IN	Data Raw: 60 03 03 f4 c3 25 5a c6 e8 b0 72 4c ff 71 2e ed ca 3a ef 56 d0 8b ce e0 61 4f f2 5e d5 2b 1f de 79 d8 40 10 1e 4f 54 0c f1 f2 6e e0 bc 6a 24 9a 8c 72 ca 8b 48 76 5c 97 52 a4 0e 48 21 e7 91 a6 2c 5f 02 f1 a7 6f aa 4f 9f 9d 3d 47 52 b0 43 d7 37 3d f1 08 d3 da 5c 3c f8 ea e6 e1 f8 71 32 9b e0 63 42 fa 38 d5 39 df 9c e9 53 67 57 6d 5d 08 3a 56 44 fa b4 19 8e 59 69 0a ce c7 0d 87 6b a2 30 c4 7a cc f5 80 6e 48 1d 67 2e 8c 91 8e a0 9b 74 d4 08 4b 68 d0 42 aa 60 3d 7e 6a ce 0b 4b 22 a1 19 75 d0 4a 20 6b 88 1f 71 1c 62 1b 0d c7 e1 e5 f8 5e 8e c7 c8 f0 16 38 30 14 40 4e 1f 7f 0d 74 b7 0c 3e 22 9f cd 1c 66 9d 24 e1 eb 6f 4a c6 b2 3c 58 5f 42 20 a8 21 05 18 79 93 f3 a0 d1 91 3e be de a1 dc 67 bc a0 45 42 53 58 ac 21 70 e1 0c f8 71 81 d3 32 e2 84 0f 49 a4 6e ed 25 54 Data Ascii: `%ZrLq.:VaO^+y@OTnj$rHv\RH!,_oO=GRC7=\<q2cB89SgWm]:VDYik0znHg.tKhB`=~jK"uJ kqb^80@Nt>"f$oJ<X_B !y>gEBSX!pq2In%T
2024-07-16 09:07:44 UTC	16384	IN	Data Raw: c9 7f 20 03 3e 63 e8 b8 05 d2 4c 16 ba 5e 4c 27 8d 34 b2 c2 78 43 bd 3d b1 ed 54 74 a2 17 3f 7f a9 d7 2b 05 39 c0 67 ff a0 38 1c eb a6 cb 2b 7e 86 dd 97 e7 11 3d 6a 18 35 ad d3 82 3d a2 33 51 25 42 06 3d 84 73 51 c6 d9 97 df 42 4a 7a a4 d6 a9 6a 55 f7 9e d1 44 9b 4c d3 cf 33 15 cf 22 9f 37 89 1d 40 70 e3 ab 93 f4 f2 94 e1 c9 88 8e 3f ed e2 b6 d6 be bd 52 a9 ef 90 81 d9 00 82 69 0f 64 78 d6 cc 6f f0 f5 2a 16 2a 6f a3 1c 45 c1 1e 9b fa 32 e0 ff b6 cb 63 f0 05 cc 5e b9 55 88 8e 94 92 b5 a0 37 b3 16 04 5f d0 bc 16 4f d7 d3 0a 29 75 73 ea 4e 37 ec f9 84 d4 d8 ab dd b8 19 44 21 92 46 34 ca 86 70 49 b0 80 78 23 f9 ca 87 7c b9 d8 16 4f aa c6 b6 0a 9d 9d 8e bd 73 4e 37 01 48 c6 6f 29 bc 13 52 51 9b fd 11 8d e2 89 4c 8c 4e d2 2a f0 71 85 75 c0 23 92 a0 ba 95 35 df Data Ascii: >cL^L'4xC=Tt?+9g8+~=j5=3Q%B=sQBJzjUDL3"7@p?Ridxo*oE2c^U7_O)usN7D!F4pIx#\|OsN7Ho)RQLNqu#5
2024-07-16 09:07:44 UTC	1024	IN	Data Raw: ce 27 ef 05 51 e7 1b 3e 20 3a d7 af ed 06 c1 0e 08 23 c1 01 75 3e 66 d4 18 62 53 8e 1f 27 37 c7 8f 93 af 02 cf e2 ea 9a 46 00 f9 fa 1a 23 2c 6e af f4 a1 8e b0 2e 8c ff 85 6c 48 7d a8 1a 0b 50 31 eb f9 64 7a c6 da 81 a2 ef cd 6e 28 4b 39 55 3c 8d 47 8c 08 98 04 b5 3c ee dc 83 8a 5a 1e 3f 4e f8 2a e7 62 76 7b bd 58 2e af a7 48 d9 bb e3 c7 09 fc bf b8 e7 39 5d dc a4 ba 20 3f 38 82 c2 a2 33 07 f6 e8 4e c2 cf 0b 3e 6a 76 83 27 7e f3 2e 83 9b d0 32 d6 bc 67 95 4d 51 8a cd 35 78 78 ca 7f 88 2a 61 4f 8c 09 36 f4 9d 29 ee 8e 82 2c a3 cb 69 a2 88 00 30 5a da e2 a5 5d f9 3d 84 c8 f5 ae c3 49 2a c1 3b 54 70 75 35 e1 76 ea a3 c9 40 44 8d 3e f2 23 a2 38 7a 2e 82 97 d8 98 83 ae a4 97 7b 10 b8 f0 15 78 54 b5 68 13 0e ad 4a 64 e5 0d 53 26 db ad b3 bc 54 e2 12 c6 88 ed 25 Data Ascii: 'Q> :#u>fbS'7F#,n.lH}P1dzn(K9U<G<Z?Nbv{X.H9] ?83N>jv'~.2gMQ5xxaO6),i0Z]=I*;Tpu5v@D>#8z.{xThJdS&T%
2024-07-16 09:07:44 UTC	16384	IN	Data Raw: 92 3f 99 43 b6 20 ca c9 40 97 d9 07 d9 23 8e 8f 46 2d 1f 03 d2 08 64 23 0b 30 34 fd 92 4b b5 99 e1 22 8a f5 0d 1a 04 61 d8 16 2d 04 49 6c 3f f3 e1 78 55 c3 95 c5 b2 7e 51 db 4b cc eb 2e 7f e2 8c 75 29 21 c1 5b 28 3f 99 3c 70 82 15 b4 ed 43 d9 18 a3 fa 2e 2b 08 96 3e bf 67 69 10 80 7c 6d 91 a8 9f 9e 4a 70 22 75 5d 7d 58 cd 12 33 df 59 04 8c e0 c7 e3 38 92 91 1b d1 7d b6 a3 bb 97 10 33 42 9b 5d f7 3a 8e 7f 51 de 2c 91 1c 59 0d 19 7a 30 05 c6 59 5e da d7 ad 5d 1d 52 2c 66 06 ba ab 23 86 29 6e ba 5c 4e 35 52 26 8e 3f cc df f1 82 79 e0 b8 58 b5 25 c4 2c 8a 5d c4 8a 7a b1 0f f5 36 2f ad e1 c2 09 30 f0 ce 3f 93 98 53 1d d1 1c ba 5f 42 5e 2b ad 28 bd c6 91 56 de 6d 76 06 81 7a a9 77 3b 5c 92 37 75 05 b9 61 e1 26 61 46 b9 4b ed a6 53 ef 76 81 6d 70 1b e2 cb 74 4c Data Ascii: ?C @#F-d#04K"a-Il?xU~QK.u)![(?<pC.+>gi\|mJp"u]}X3Y8}3B]:Q,Yz0Y^]R,f#)n\N5R&?yX%,]z6/0?S_B^+(Vmvzw;\7ua&aFKSvmptL
2024-07-16 09:07:44 UTC	2354	IN	Data Raw: 73 5e d4 d1 97 a5 2f fe 08 4e cc 33 14 ec c4 17 68 d4 04 12 80 a2 8f 4b f9 07 48 c8 c7 24 b7 aa c6 d3 83 79 d9 56 fc 60 23 af 2a f0 91 7b 75 41 92 16 95 f8 ff 1f 2d 2d cb a1 68 bb 88 14 1d e4 ac e2 b9 48 03 c6 fa 1d 8c 72 3d 53 67 30 29 a4 78 bd c1 ba e8 e9 53 8b 58 10 3a bb 87 83 0b 6d d1 b4 c5 22 05 a5 d5 95 d3 bf 4b b6 20 95 68 16 c2 dc e1 a2 1d 65 c8 7a d2 fb 21 a1 bf ba b8 9c 24 d0 03 dc bc f0 3d 7a b8 ba 71 b7 90 62 c0 8e 75 e2 49 3c 55 c8 81 cb 80 23 49 f0 8c 93 80 29 db 4e 39 30 52 8e 05 f3 5a 9d 0e 06 fb 1c ee 7c f7 54 e7 db 67 da 2a e4 a9 e3 6a e2 2e 87 e1 90 1a 4f 48 06 9a e8 a9 a2 11 11 bf e4 2b 1e ee 48 6a 5f d6 c7 70 8c 72 20 11 02 c5 4f c9 5e 19 e6 21 e9 d0 19 33 32 a7 74 d8 7f 34 45 86 d0 19 aa 4b 57 45 dd 40 a0 af 79 9d 4d 92 29 85 d2 e1 Data Ascii: s^/N3hKH$yV`#{uA--hHr=Sg0)xSX:m"K hez!$=zqbuI<U#I)N90RZ\|Tgj.OH+Hj_pr O^!32t4EKWE@yM)

Timestamp	Bytes transferred	Direction	Data
2024-07-16 09:07:43 UTC	527	OUT	GET /oct.js HTTP/1.1 Host: platform.twitter.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://hantal.fanlink.tv/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-16 09:07:43 UTC	402	IN	HTTP/1.1 301 Moved Permanently Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Date: Tue, 16 Jul 2024 09:07:43 GMT Location: https://static.ads-twitter.com/oct.js P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" Server: ECS (lhd/35AA) Server-Timing: x-cache;desc= ,x-tw-cdn;desc=VZ x-tw-cdn: VZ Content-Length: 0 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-07-16 09:07:44 UTC	529	OUT	GET /oct.js HTTP/1.1 Host: static.ads-twitter.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://hantal.fanlink.tv/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-16 09:07:44 UTC	543	IN	HTTP/1.1 200 OK Connection: close Content-Length: 57671 Last-Modified: Tue, 26 Mar 2024 20:58:07 GMT ETag: "bbbcf811d8437a575d796a4c1e5d4fad" x-amz-server-side-encryption: AES256 Cache-Control: no-cache Content-Type: application/javascript; charset=utf-8 Accept-Ranges: bytes Date: Tue, 16 Jul 2024 09:07:44 GMT X-Served-By: cache-iad-kjyo7100104-IAD, cache-fra-etou8220109-FRA X-Cache: HIT, HIT Vary: Accept-Encoding,Host P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" x-tw-cdn: FT
2024-07-16 09:07:44 UTC	1378	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 7b 36 31 37 33 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 76 61 72 20 72 3b 74 2e 65 78 70 6f 72 74 73 3d 28 72 3d 72 7c 7c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 72 3b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 63 72 79 70 74 6f 26 26 28 72 3d 77 69 6e 64 6f 77 2e 63 72 79 70 74 6f 29 2c 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2e 63 72 79 70 74 6f 26 26 28 72 3d 73 65 6c 66 2e 63 72 79 70 74 6f 29 2c 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2e 63 72 79 70 74 6f 26 26 28 72 3d Data Ascii: !function(){var t={6173:function(t,e,n){var r;t.exports=(r=r\|\|function(t,e){var r;if("undefined"!=typeof window&&window.crypto&&(r=window.crypto),"undefined"!=typeof self&&self.crypto&&(r=self.crypto),"undefined"!=typeof globalThis&&globalThis.crypto&&(r=
2024-07-16 09:07:44 UTC	1378	IN	Data Raw: 74 68 69 73 2e 77 6f 72 64 73 3d 74 7c 7c 5b 5d 2c 74 68 69 73 2e 73 69 67 42 79 74 65 73 3d 6e 75 6c 6c 21 3d 65 3f 65 3a 34 2a 74 2e 6c 65 6e 67 74 68 7d 2c 74 6f 53 74 72 69 6e 67 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 28 74 7c 7c 66 29 2e 73 74 72 69 6e 67 69 66 79 28 74 68 69 73 29 7d 2c 63 6f 6e 63 61 74 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 74 68 69 73 2e 77 6f 72 64 73 2c 6e 3d 74 2e 77 6f 72 64 73 2c 72 3d 74 68 69 73 2e 73 69 67 42 79 74 65 73 2c 69 3d 74 2e 73 69 67 42 79 74 65 73 3b 69 66 28 74 68 69 73 2e 63 6c 61 6d 70 28 29 2c 72 25 34 29 66 6f 72 28 76 61 72 20 6f 3d 30 3b 6f 3c 69 3b 6f 2b 2b 29 7b 76 61 72 20 61 3d 6e 5b 6f 3e 3e 3e 32 5d 3e 3e 3e 32 34 2d 6f 25 34 2a 38 26 32 35 35 3b 65 5b 72 2b 6f Data Ascii: this.words=t\|\|[],this.sigBytes=null!=e?e:4t.length},toString:function(t){return(t\|\|f).stringify(this)},concat:function(t){var e=this.words,n=t.words,r=this.sigBytes,i=t.sigBytes;if(this.clamp(),r%4)for(var o=0;o<i;o++){var a=n[o>>>2]>>>24-o%48&255;e[r+o
2024-07-16 09:07:44 UTC	1378	IN	Data Raw: 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 64 2e 70 61 72 73 65 28 75 6e 65 73 63 61 70 65 28 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 74 29 29 29 7d 7d 2c 70 3d 63 2e 42 75 66 66 65 72 65 64 42 6c 6f 63 6b 41 6c 67 6f 72 69 74 68 6d 3d 75 2e 65 78 74 65 6e 64 28 7b 72 65 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 5f 64 61 74 61 3d 6e 65 77 20 73 2e 69 6e 69 74 2c 74 68 69 73 2e 5f 6e 44 61 74 61 42 79 74 65 73 3d 30 7d 2c 5f 61 70 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 28 74 3d 68 2e 70 61 72 73 65 28 74 29 29 2c 74 68 69 73 2e 5f 64 61 74 61 2e 63 6f 6e 63 61 74 28 74 29 2c 74 68 69 73 2e 5f 6e 44 61 74 61 42 79 74 65 73 2b 3d 74 2e 73 69 67 42 79 74 Data Ascii: ion(t){return d.parse(unescape(encodeURIComponent(t)))}},p=c.BufferedBlockAlgorithm=u.extend({reset:function(){this._data=new s.init,this._nDataBytes=0},_append:function(t){"string"==typeof t&&(t=h.parse(t)),this._data.concat(t),this._nDataBytes+=t.sigByt
2024-07-16 09:07:44 UTC	1378	IN	Data Raw: 72 28 76 61 72 20 72 3d 32 2c 69 3d 30 3b 69 3c 36 34 3b 29 65 28 72 29 26 26 28 69 3c 38 26 26 28 63 5b 69 5d 3d 6e 28 74 2e 70 6f 77 28 72 2c 2e 35 29 29 29 2c 75 5b 69 5d 3d 6e 28 74 2e 70 6f 77 28 72 2c 31 2f 33 29 29 2c 69 2b 2b 29 2c 72 2b 2b 7d 28 29 3b 76 61 72 20 73 3d 5b 5d 2c 6c 3d 61 2e 53 48 41 32 35 36 3d 6f 2e 65 78 74 65 6e 64 28 7b 5f 64 6f 52 65 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 5f 68 61 73 68 3d 6e 65 77 20 69 2e 69 6e 69 74 28 63 2e 73 6c 69 63 65 28 30 29 29 7d 2c 5f 64 6f 50 72 6f 63 65 73 73 42 6c 6f 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 66 6f 72 28 76 61 72 20 6e 3d 74 68 69 73 2e 5f 68 61 73 68 2e 77 6f 72 64 73 2c 72 3d 6e 5b 30 5d 2c 69 3d 6e 5b 31 5d 2c 6f 3d 6e 5b 32 5d 2c 61 3d 6e 5b 33 Data Ascii: r(var r=2,i=0;i<64;)e(r)&&(i<8&&(c[i]=n(t.pow(r,.5))),u[i]=n(t.pow(r,1/3)),i++),r++}();var s=[],l=a.SHA256=o.extend({_doReset:function(){this._hash=new i.init(c.slice(0))},_doProcessBlock:function(t,e){for(var n=this._hash.words,r=n[0],i=n[1],o=n[2],a=n[3
2024-07-16 09:07:44 UTC	1378	IN	Data Raw: 72 20 69 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 74 68 69 73 28 28 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 69 66 28 21 74 7c 7c 76 6f 69 64 20 30 3d 3d 3d 74 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 20 6e 28 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 74 79 70 65 6f 66 20 74 2b 22 20 22 2b 74 2b 22 20 69 73 20 6e 6f 74 20 69 74 65 72 61 62 6c 65 28 63 61 6e 6e 6f 74 20 72 65 61 64 20 70 72 6f 70 65 72 74 79 20 53 79 6d 62 6f 6c 28 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 29 29 22 29 29 3b 76 61 72 20 72 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 74 29 3b 69 66 28 30 3d 3d 3d 72 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 20 65 28 5b 5d 29 3b 76 61 72 20 69 3d 72 2e 6c 65 6e 67 74 Data Ascii: r i=function(t){return new this((function(e,n){if(!t\|\|void 0===t.length)return n(new TypeError(typeof t+" "+t+" is not iterable(cannot read property Symbol(Symbol.iterator))"));var r=Array.prototype.slice.call(t);if(0===r.length)return e([]);var i=r.lengt
2024-07-16 09:07:44 UTC	1378	IN	Data Raw: 76 6f 69 64 20 64 28 74 29 3b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 6e 29 72 65 74 75 72 6e 20 76 6f 69 64 20 70 28 28 72 3d 6e 2c 69 3d 65 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 2e 61 70 70 6c 79 28 69 2c 61 72 67 75 6d 65 6e 74 73 29 7d 29 2c 74 29 7d 74 2e 5f 73 74 61 74 65 3d 31 2c 74 2e 5f 76 61 6c 75 65 3d 65 2c 64 28 74 29 7d 63 61 74 63 68 28 65 29 7b 66 28 74 2c 65 29 7d 76 61 72 20 72 2c 69 7d 66 75 6e 63 74 69 6f 6e 20 66 28 74 2c 65 29 7b 74 2e 5f 73 74 61 74 65 3d 32 2c 74 2e 5f 76 61 6c 75 65 3d 65 2c 64 28 74 29 7d 66 75 6e 63 74 69 6f 6e 20 64 28 74 29 7b 32 3d 3d 3d 74 2e 5f 73 74 61 74 65 26 26 30 3d 3d 3d 74 2e 5f 64 65 66 65 72 72 65 64 73 2e 6c 65 6e 67 74 68 26 26 75 2e 5f 69 6d 6d 65 64 69 61 74 65 46 6e Data Ascii: void d(t);if("function"==typeof n)return void p((r=n,i=e,function(){r.apply(i,arguments)}),t)}t._state=1,t._value=e,d(t)}catch(e){f(t,e)}var r,i}function f(t,e){t._state=2,t._value=e,d(t)}function d(t){2===t._state&&0===t._deferreds.length&&u._immediateFn
2024-07-16 09:07:44 UTC	1378	IN	Data Raw: 74 75 72 6e 20 6e 65 77 20 75 28 28 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 6e 28 74 29 7d 29 29 7d 2c 75 2e 72 61 63 65 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 75 28 28 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 69 66 28 21 61 28 74 29 29 72 65 74 75 72 6e 20 6e 28 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 50 72 6f 6d 69 73 65 2e 72 61 63 65 20 61 63 63 65 70 74 73 20 61 6e 20 61 72 72 61 79 22 29 29 3b 66 6f 72 28 76 61 72 20 72 3d 30 2c 69 3d 74 2e 6c 65 6e 67 74 68 3b 72 3c 69 3b 72 2b 2b 29 75 2e 72 65 73 6f 6c 76 65 28 74 5b 72 5d 29 2e 74 68 65 6e 28 65 2c 6e 29 7d 29 29 7d 2c 75 2e 5f 69 6d 6d 65 64 69 61 74 65 46 6e 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 73 65 74 49 6d 6d 65 64 69 61 74 65 Data Ascii: turn new u((function(e,n){n(t)}))},u.race=function(t){return new u((function(e,n){if(!a(t))return n(new TypeError("Promise.race accepts an array"));for(var r=0,i=t.length;r<i;r++)u.resolve(t[r]).then(e,n)}))},u._immediateFn="function"==typeof setImmediate
2024-07-16 09:07:44 UTC	1378	IN	Data Raw: 68 72 6f 77 22 3d 3d 3d 69 29 74 68 72 6f 77 20 6f 3b 72 65 74 75 72 6e 20 43 28 29 7d 66 6f 72 28 6e 2e 6d 65 74 68 6f 64 3d 69 2c 6e 2e 61 72 67 3d 6f 3b 3b 29 7b 76 61 72 20 61 3d 6e 2e 64 65 6c 65 67 61 74 65 3b 69 66 28 61 29 7b 76 61 72 20 63 3d 67 28 61 2c 6e 29 3b 69 66 28 63 29 7b 69 66 28 63 3d 3d 3d 6c 29 63 6f 6e 74 69 6e 75 65 3b 72 65 74 75 72 6e 20 63 7d 7d 69 66 28 22 6e 65 78 74 22 3d 3d 3d 6e 2e 6d 65 74 68 6f 64 29 6e 2e 73 65 6e 74 3d 6e 2e 5f 73 65 6e 74 3d 6e 2e 61 72 67 3b 65 6c 73 65 20 69 66 28 22 74 68 72 6f 77 22 3d 3d 3d 6e 2e 6d 65 74 68 6f 64 29 7b 69 66 28 22 73 75 73 70 65 6e 64 65 64 53 74 61 72 74 22 3d 3d 3d 72 29 74 68 72 6f 77 20 72 3d 22 63 6f 6d 70 6c 65 74 65 64 22 2c 6e 2e 61 72 67 3b 6e 2e 64 69 73 70 61 74 63 68 Data Ascii: hrow"===i)throw o;return C()}for(n.method=i,n.arg=o;;){var a=n.delegate;if(a){var c=g(a,n);if(c){if(c===l)continue;return c}}if("next"===n.method)n.sent=n._sent=n.arg;else if("throw"===n.method){if("suspendedStart"===r)throw r="completed",n.arg;n.dispatch
2024-07-16 09:07:44 UTC	1378	IN	Data Raw: 29 7d 28 69 2c 6f 2c 72 2c 61 29 7d 29 29 7d 72 65 74 75 72 6e 20 72 3d 72 3f 72 2e 74 68 65 6e 28 61 2c 61 29 3a 61 28 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 67 28 74 2c 65 29 7b 76 61 72 20 6e 3d 74 2e 69 74 65 72 61 74 6f 72 5b 65 2e 6d 65 74 68 6f 64 5d 3b 69 66 28 76 6f 69 64 20 30 3d 3d 3d 6e 29 7b 69 66 28 65 2e 64 65 6c 65 67 61 74 65 3d 6e 75 6c 6c 2c 22 74 68 72 6f 77 22 3d 3d 3d 65 2e 6d 65 74 68 6f 64 29 7b 69 66 28 74 2e 69 74 65 72 61 74 6f 72 2e 72 65 74 75 72 6e 26 26 28 65 2e 6d 65 74 68 6f 64 3d 22 72 65 74 75 72 6e 22 2c 65 2e 61 72 67 3d 76 6f 69 64 20 30 2c 67 28 74 2c 65 29 2c 22 74 68 72 6f 77 22 3d 3d 3d 65 2e 6d 65 74 68 6f 64 29 29 72 65 74 75 72 6e 20 6c 3b 65 2e 6d 65 74 68 6f 64 3d 22 74 68 72 6f 77 22 2c 65 2e 61 72 67 3d 6e 65 Data Ascii: )}(i,o,r,a)}))}return r=r?r.then(a,a):a()}}function g(t,e){var n=t.iterator[e.method];if(void 0===n){if(e.delegate=null,"throw"===e.method){if(t.iterator.return&&(e.method="return",e.arg=void 0,g(t,e),"throw"===e.method))return l;e.method="throw",e.arg=ne
2024-07-16 09:07:44 UTC	1378	IN	Data Raw: 61 74 6f 72 46 75 6e 63 74 69 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 74 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3b 72 65 74 75 72 6e 21 21 65 26 26 28 65 3d 3d 3d 64 7c 7c 22 47 65 6e 65 72 61 74 6f 72 46 75 6e 63 74 69 6f 6e 22 3d 3d 3d 28 65 2e 64 69 73 70 6c 61 79 4e 61 6d 65 7c 7c 65 2e 6e 61 6d 65 29 29 7d 2c 74 2e 6d 61 72 6b 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3f 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 28 74 2c 68 29 3a 28 74 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 68 2c 63 28 74 2c 61 2c 22 47 65 6e 65 72 61 74 6f 72 46 75 6e 63 74 69 6f 6e 22 29 29 2c 74 2e 70 Data Ascii: atorFunction=function(t){var e="function"==typeof t&&t.constructor;return!!e&&(e===d\|\|"GeneratorFunction"===(e.displayName\|\|e.name))},t.mark=function(t){return Object.setPrototypeOf?Object.setPrototypeOf(t,h):(t.__proto__=h,c(t,a,"GeneratorFunction")),t.p

Timestamp	Bytes transferred	Direction	Data
2024-07-16 09:07:45 UTC	538	OUT	GET /en_US/fbevents.js HTTP/1.1 Host: connect.facebook.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://hantal.fanlink.tv/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-16 09:07:45 UTC	1465	IN	HTTP/1.1 200 OK Vary: Accept-Encoding Content-Type: application/x-javascript; charset=utf-8 timing-allow-origin: * reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-security-policy: default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; document-policy: force-load-at-top
2024-07-16 09:07:45 UTC	1705	IN	Data Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 61 74 74 65 72 79 3d 28 73 65 6c 66 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 63 61 6d 65 72 61 3d 28 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63 68 2d 76 69 65 77 70 6f 72 74 2d 68 65 69 67 68 Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-heigh
2024-07-16 09:07:45 UTC	1	IN	Data Raw: 2f Data Ascii: /
2024-07-16 09:07:45 UTC	14632	IN	Data Raw: 2a 2a 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 31 37 2d 70 72 65 73 65 6e 74 2c 20 46 61 63 65 62 6f 6f 6b 2c 20 49 6e 63 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 2a 0a 2a 20 59 6f 75 20 61 72 65 20 68 65 72 65 62 79 20 67 72 61 6e 74 65 64 20 61 20 6e 6f 6e 2d 65 78 63 6c 75 73 69 76 65 2c 20 77 6f 72 6c 64 77 69 64 65 2c 20 72 6f 79 61 6c 74 79 2d 66 72 65 65 20 6c 69 63 65 6e 73 65 20 74 6f 20 75 73 65 2c 0a 2a 20 63 6f 70 79 2c 20 6d 6f 64 69 66 79 2c 20 61 6e 64 20 64 69 73 74 72 69 62 75 74 65 20 74 68 69 73 20 73 6f 66 74 77 61 72 65 20 69 6e 20 73 6f 75 72 63 65 20 63 6f 64 65 20 6f 72 20 62 69 6e 61 72 79 20 66 6f 72 6d 20 66 6f 72 20 75 73 65 0a 2a 20 69 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 77 69 74 Data Ascii: * Copyright (c) 2017-present, Facebook, Inc. All rights reserved. You are hereby granted a non-exclusive, worldwide, royalty-free license to use,* copy, modify, and distribute this software in source code or binary form for use* in connection wit
2024-07-16 09:07:45 UTC	16384	IN	Data Raw: 74 79 70 65 6f 66 20 61 3d 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 22 75 6e 64 65 66 69 6e 65 64 22 3a 69 28 61 29 29 21 3d 3d 22 6f 62 6a 65 63 74 22 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 76 61 72 20 62 3d 61 2e 70 61 72 61 6d 65 74 65 72 5f 74 79 70 65 3b 61 3d 61 2e 73 65 6c 65 63 74 6f 72 3b 62 3d 64 28 62 29 3b 61 3d 61 21 3d 6e 75 6c 6c 26 26 74 79 70 65 6f 66 20 61 3d 3d 3d 22 73 74 72 69 6e 67 22 26 26 61 21 3d 3d 22 22 3f 61 3a 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 62 21 3d 6e 75 6c 6c 26 26 61 21 3d 6e 75 6c 6c 3f 7b 70 61 72 61 6d 65 74 65 72 5f 74 79 70 65 3a 62 2c 73 65 6c 65 63 74 6f 72 3a 61 7d 3a 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 6a 28 61 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 7c 7c 28 74 79 70 65 6f 66 20 61 3d 3d 3d 22 75 6e 64 65 Data Ascii: typeof a==="undefined"?"undefined":i(a))!=="object")return null;var b=a.parameter_type;a=a.selector;b=d(b);a=a!=null&&typeof a==="string"&&a!==""?a:null;return b!=null&&a!=null?{parameter_type:b,selector:a}:null}function j(a){if(a==null\|\|(typeof a==="unde
2024-07-16 09:07:45 UTC	16384	IN	Data Raw: 74 73 46 42 51 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 67 2c 69 2c 6a 2c 6b 29 7b 76 61 72 20 6c 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 6c 2e 65 78 70 6f 72 74 73 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 7c 7c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 31 3b 62 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 62 2b 2b 29 7b 76 61 72 20 63 3d 61 72 67 75 6d 65 6e 74 73 5b 62 5d 3b 66 6f 72 28 76 61 72 20 64 20 69 6e 20 63 29 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 63 2c 64 29 26 26 28 61 5b 64 5d 3d 63 5b 64 5d 29 7d 72 65 74 75 72 6e 20 61 7d 2c 62 3d 66 Data Ascii: tsFBQ",function(){return function(g,i,j,k){var l={exports:{}};l.exports;(function(){var a=Object.assign\|\|function(a){for(var b=1;b<arguments.length;b++){var c=arguments[b];for(var d in c)Object.prototype.hasOwnProperty.call(c,d)&&(a[d]=c[d])}return a},b=f
2024-07-16 09:07:46 UTC	16384	IN	Data Raw: 65 66 22 29 2c 64 3d 66 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 28 22 53 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 54 79 70 65 64 22 29 2c 65 3d 64 2e 63 6f 65 72 63 65 3b 66 75 6e 63 74 69 6f 6e 20 67 28 29 7b 66 6f 72 28 76 61 72 20 61 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 64 3d 41 72 72 61 79 28 61 29 2c 66 3d 30 3b 66 3c 61 3b 66 2b 2b 29 64 5b 66 5d 3d 61 72 67 75 6d 65 6e 74 73 5b 66 5d 3b 76 61 72 20 67 3d 64 5b 30 5d 3b 69 66 28 67 3d 3d 6e 75 6c 6c 7c 7c 28 74 79 70 65 6f 66 20 67 3d 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 22 75 6e 64 65 66 69 6e 65 64 22 3a 69 28 67 29 29 21 3d 3d 22 6f 62 6a 65 63 74 22 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 76 61 72 20 68 3d 67 2e 75 6e 73 61 66 65 50 69 78 65 6c 2c 6a 3d 67 Data Ascii: ef"),d=f.getFbeventsModules("SignalsFBEventsTyped"),e=d.coerce;function g(){for(var a=arguments.length,d=Array(a),f=0;f<a;f++)d[f]=arguments[f];var g=d[0];if(g==null\|\|(typeof g==="undefined"?"undefined":i(g))!=="object")return null;var h=g.unsafePixel,j=g
2024-07-16 09:07:46 UTC	1751	IN	Data Raw: 52 65 73 6f 6c 76 65 64 4d 6f 64 75 6c 65 73 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 3b 69 66 28 74 68 69 73 2e 6d 6f 64 75 6c 65 45 6e 63 6f 64 69 6e 67 73 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 3b 76 61 72 20 66 3d 62 28 67 2e 66 62 71 2e 5f 5f 66 62 65 76 65 6e 74 73 52 65 73 6f 6c 76 65 64 4d 6f 64 75 6c 65 73 2c 64 2e 6f 62 6a 65 63 74 28 29 29 3b 69 66 28 66 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 3b 66 3d 6b 28 69 28 6a 28 66 29 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 63 2e 6d 6f 64 75 6c 65 45 6e 63 6f 64 69 6e 67 73 2e 6d 61 70 21 3d 6e 75 6c 6c 26 26 61 20 69 6e 20 63 2e 6d 6f 64 75 6c 65 45 6e 63 6f 64 69 6e 67 73 2e 6d 61 70 3f 63 2e 6d 6f 64 75 6c 65 45 6e 63 6f 64 69 6e 67 73 2e 6d 61 70 5b 61 5d 3a 6e 75 6c 6c 7d 29 2c 66 Data Ascii: ResolvedModules==null)return;if(this.moduleEncodings==null)return;var f=b(g.fbq.__fbeventsResolvedModules,d.object());if(f==null)return;f=k(i(j(f),function(a){return c.moduleEncodings.map!=null&&a in c.moduleEncodings.map?c.moduleEncodings.map[a]:null}),f
2024-07-16 09:07:46 UTC	14633	IN	Data Raw: 68 46 69 65 6c 64 73 28 7b 66 69 6c 74 65 72 69 6e 67 4d 6f 64 65 3a 62 2e 61 6c 6c 6f 77 4e 75 6c 6c 28 62 2e 73 74 72 69 6e 67 28 29 29 2c 65 76 65 6e 74 4e 61 6d 65 73 3a 62 2e 61 6c 6c 6f 77 4e 75 6c 6c 28 62 2e 61 72 72 61 79 4f 66 28 62 2e 73 74 72 69 6e 67 28 29 29 29 7d 29 29 2c 61 64 64 69 74 69 6f 6e 61 6c 55 73 65 72 44 61 74 61 3a 62 2e 61 6c 6c 6f 77 4e 75 6c 6c 28 62 2e 6f 62 6a 65 63 74 57 69 74 68 46 69 65 6c 64 73 28 7b 73 65 6e 64 46 42 4c 6f 67 69 6e 49 44 3a 62 2e 61 6c 6c 6f 77 4e 75 6c 6c 28 62 5b 22 62 6f 6f 6c 65 61 6e 22 5d 28 29 29 7d 29 29 7d 29 3b 6b 2e 65 78 70 6f 72 74 73 3d 61 7d 29 28 29 3b 72 65 74 75 72 6e 20 6b 2e 65 78 70 6f 72 74 73 7d 28 61 2c 62 2c 63 2c 64 29 7d 29 3b 66 2e 65 6e 73 75 72 65 4d 6f 64 75 6c 65 52 65 Data Ascii: hFields({filteringMode:b.allowNull(b.string()),eventNames:b.allowNull(b.arrayOf(b.string()))})),additionalUserData:b.allowNull(b.objectWithFields({sendFBLoginID:b.allowNull(b["boolean"]())}))});k.exports=a})();return k.exports}(a,b,c,d)});f.ensureModuleRe
2024-07-16 09:07:46 UTC	16384	IN	Data Raw: 76 61 72 20 61 3d 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 7c 7c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 31 3b 62 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 62 2b 2b 29 7b 76 61 72 20 63 3d 61 72 67 75 6d 65 6e 74 73 5b 62 5d 3b 66 6f 72 28 76 61 72 20 64 20 69 6e 20 63 29 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 63 2c 64 29 26 26 28 61 5b 64 5d 3d 63 5b 64 5d 29 7d 72 65 74 75 72 6e 20 61 7d 2c 62 3d 66 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 28 22 53 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 45 76 65 6e 74 73 22 29 3b 62 2e 66 69 72 65 64 3b 76 61 72 20 63 3d 62 2e 73 65 74 45 76 65 6e 74 49 64 3b 66 2e 67 65 74 46 62 65 76 65 6e 74 Data Ascii: var a=Object.assign\|\|function(a){for(var b=1;b<arguments.length;b++){var c=arguments[b];for(var d in c)Object.prototype.hasOwnProperty.call(c,d)&&(a[d]=c[d])}return a},b=f.getFbeventsModules("SignalsFBEventsEvents");b.fired;var c=b.setEventId;f.getFbevent
2024-07-16 09:07:46 UTC	16384	IN	Data Raw: 69 74 68 46 69 65 6c 64 73 28 7b 75 6e 77 61 6e 74 65 64 45 76 65 6e 74 4e 61 6d 65 73 3a 61 2e 61 6c 6c 6f 77 4e 75 6c 6c 28 61 2e 6d 61 70 4f 66 28 61 2e 61 6c 6c 6f 77 4e 75 6c 6c 28 61 2e 6e 75 6d 62 65 72 28 29 29 29 29 7d 29 3b 6b 2e 65 78 70 6f 72 74 73 3d 61 7d 29 28 29 3b 72 65 74 75 72 6e 20 6b 2e 65 78 70 6f 72 74 73 7d 28 61 2c 62 2c 63 2c 64 29 7d 29 3b 66 2e 65 6e 73 75 72 65 4d 6f 64 75 6c 65 52 65 67 69 73 74 65 72 65 64 28 22 53 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 55 6e 77 61 6e 74 65 64 45 76 65 6e 74 73 43 6f 6e 66 69 67 54 79 70 65 64 65 66 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 67 2c 68 2c 69 2c 6a 29 7b 76 61 72 20 6b 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 6b 2e 65 78 70 6f 72 Data Ascii: ithFields({unwantedEventNames:a.allowNull(a.mapOf(a.allowNull(a.number())))});k.exports=a})();return k.exports}(a,b,c,d)});f.ensureModuleRegistered("SignalsFBEventsUnwantedEventsConfigTypedef",function(){return function(g,h,i,j){var k={exports:{}};k.expor

Timestamp	Bytes transferred	Direction	Data
2024-07-16 09:07:45 UTC	577	OUT	GET /s3-build/perm_001/bf1c05/django/js/src/eb/fonts/neueplak.js HTTP/1.1 Host: cdn.evbstatic.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://hantal.fanlink.tv/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-16 09:07:46 UTC	603	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 302598 Connection: close Date: Tue, 16 Jul 2024 09:07:47 GMT Last-Modified: Thu, 21 Mar 2019 00:58:19 GMT ETag: "bf1c0572e601b9755fd9af7a63f0cac2" Cache-Control: private, max-age=604800 Expires: Tue, 17 Sep 2019 00:54:54 GMT x-amz-version-id: null Accept-Ranges: bytes Server: AmazonS3 Vary: Accept-Encoding X-Cache: Miss from cloudfront Via: 1.1 bf57ce1929fb438631e46b2c83b05e2a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: AMS58-P1 X-Amz-Cf-Id: gczdCrWMpeQHuWqjjQGHkOgphdpyaXVnR6gqy4bSmv8YbS07JxXh5g== Vary: Origin
2024-07-16 09:07:46 UTC	15781	IN	Data Raw: 2f 2a 20 65 73 6c 69 6e 74 2d 64 69 73 61 62 6c 65 20 2a 2f 0a 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 2f 2f 20 4e 4f 54 45 3a 20 46 6f 72 20 61 6e 79 6f 6e 65 20 63 75 72 69 6f 75 73 2c 20 77 65 20 62 61 73 65 36 34 20 65 6e 63 6f 64 65 20 74 68 65 20 65 6d 62 65 64 64 61 62 6c 65 20 57 4f 46 46 20 76 65 72 73 69 6f 6e 20 6f 66 20 74 68 65 20 66 6f 6e 74 20 69 6e 20 6f 72 64 65 72 20 74 6f 20 70 72 6f 74 65 63 74 20 69 74 0a 20 20 20 20 2f 2f 20 66 72 6f 6d 20 62 65 69 6e 67 20 64 6f 77 6e 6c 6f 61 64 65 64 20 62 79 20 6f 74 68 65 72 73 2e 20 49 74 27 73 20 61 20 6c 69 63 65 6e 73 65 64 20 66 6f 6e 74 20 61 6e 64 20 70 61 72 74 20 6f 66 20 6f 75 72 20 61 67 72 65 65 6d 65 6e 74 20 69 73 20 74 68 61 74 20 77 65 20 63 61 6e 20 75 73 65 20 69 Data Ascii: /* eslint-disable */(function(){ // NOTE: For anyone curious, we base64 encode the embeddable WOFF version of the font in order to protect it // from being downloaded by others. It's a licensed font and part of our agreement is that we can use i
2024-07-16 09:07:46 UTC	209	IN	Data Raw: 53 74 62 51 45 66 37 4e 79 4f 54 48 54 33 55 4d 39 67 6a 2f 42 72 2b 66 74 62 68 65 72 49 56 6f 52 57 34 6a 2f 55 78 32 58 38 68 37 6a 50 71 4e 4d 62 4a 50 37 44 6e 66 70 59 2f 75 4d 2f 6e 76 2f 41 57 37 32 45 2f 63 67 36 2f 5a 44 49 4c 59 4e 34 33 75 57 67 4e 57 62 61 37 50 48 79 6e 4e 46 74 73 50 30 7a 6d 30 70 32 61 61 4d 56 65 47 6f 76 6b 75 58 6a 6b 33 75 61 6d 76 5a 4f 6a 42 57 36 52 6b 65 37 65 6f 61 31 2f 65 66 33 44 5a 44 2f 53 47 69 4f 59 6a 47 2b 63 32 4a 79 75 37 54 50 5a 53 47 6d 68 5a 6e 49 53 34 65 6e 75 4d 38 68 37 6a 55 62 31 51 5a 4f 5a 39 43 36 2f 64 49 2b 68 32 56 34 61 74 56 39 72 6a 6a 65 34 6e 6c Data Ascii: StbQEf7NyOTHT3UM9gj/Br+ftbherIVoRW4j/Ux2X8h7jPqNMbJP7DnfpY/uM/nv/AW72E/cg6/ZDILYN43uWgNWba7PHynNFtsP0zm0p2aaMVeGovkuXjk3uamvZOjBW6Rke7eoa1/ef3DZD/SGiOYjG+c2Jyu7TPZSGmhZnIS4enuM8h7jUb1QZOZ9C6/dI+h2V4atV9rjje4nl
2024-07-16 09:07:46 UTC	949	IN	Data Raw: 2b 2b 54 61 58 58 75 75 61 6d 58 61 4a 32 31 7a 58 55 47 6d 58 71 34 73 4b 2f 77 75 2f 50 56 51 58 45 38 5a 33 54 45 7a 73 32 44 44 75 48 70 38 70 7a 6b 63 57 76 49 2f 36 5a 55 4b 53 43 2b 30 74 62 70 58 56 43 4a 44 74 36 67 2f 51 52 6f 58 4a 34 4e 41 5a 66 51 6f 62 64 49 74 37 79 7a 4b 52 52 66 59 57 45 2f 73 78 51 75 72 39 36 65 59 44 34 73 36 43 39 74 2b 68 51 58 46 76 41 57 38 74 54 67 4c 7a 4f 6d 6c 6e 71 52 73 57 5a 6d 66 47 33 52 4d 7a 75 46 38 53 50 34 79 42 64 30 58 70 6f 46 55 71 56 53 70 6f 4e 44 45 47 6f 31 61 6c 4e 71 68 34 73 6e 59 72 53 45 51 52 47 56 33 47 42 53 32 38 31 64 6c 5a 6d 4a 6b 32 35 2b 50 67 58 58 5a 63 4d 64 59 76 2f 41 6d 38 31 52 32 75 46 74 63 51 31 70 6e 75 52 2b 4f 74 77 7a 61 55 48 35 6f 63 6b 59 6a 4b 70 49 72 46 64 57 Data Ascii: ++TaXXuuamXaJ21zXUGmXq4sK/wu/PVQXE8Z3TEzs2DDuHp8pzkcWvI/6ZUKSC+0tbpXVCJDt6g/QRoXJ4NAZfQobdIt7yzKRRfYWE/sxQur96eYD4s6C9t+hQXFvAW8tTgLzOmlnqRsWZmfG3RMzuF8SP4yBd0XpoFUqVSpoNDEGo1alNqh4snYrSEQRGV3GBS281dlZmJk25+PgXXZcMdYv/Am81R2uFtcQ1pnuR+OtwzaUH5ockYjKpIrFdW
2024-07-16 09:07:46 UTC	16384	IN	Data Raw: 59 75 6e 54 42 6e 68 45 2b 51 36 51 51 5a 70 62 47 75 6d 36 45 57 49 77 38 45 51 32 76 57 59 49 2b 2f 31 68 51 79 33 61 55 33 76 37 67 44 46 61 47 34 30 61 51 46 39 76 79 70 61 75 42 56 63 6b 58 51 7a 6a 61 71 70 39 75 37 36 2b 61 79 54 2f 54 71 54 57 50 47 4b 4f 52 6e 36 54 48 2b 32 4f 4e 2f 77 61 39 65 73 75 5a 49 64 39 42 44 38 6b 4d 54 43 53 53 39 4e 64 45 51 4e 6a 43 74 2b 31 63 53 50 38 38 4b 4d 65 63 52 7a 49 62 67 50 70 34 6a 67 43 75 68 71 56 79 6d 31 6d 37 48 61 7a 44 6f 30 6a 45 4e 54 6a 59 4a 6a 55 55 79 76 48 67 64 51 74 58 6a 51 58 57 50 48 38 48 59 6b 77 48 43 51 45 73 53 67 6a 54 32 78 65 38 4c 49 68 69 76 34 5a 65 76 74 53 39 75 61 6f 4f 4b 5a 6f 73 78 32 50 36 59 59 6f 36 6e 5a 74 35 4a 33 38 53 46 64 39 2f 64 75 31 54 57 52 4d 30 56 38 Data Ascii: YunTBnhE+Q6QQZpbGum6EWIw8EQ2vWYI+/1hQy3aU3v7gDFaG40aQF9vypauBVckXQzjaqp9u76+ayT/TqTWPGKORn6TH+2ON/wa9esuZId9BD8kMTCSS9NdEQNjCt+1cSP88KMecRzIbgPp4jgCuhqVym1m7HazDo0jENTjYJjUUyvHgdQtXjQXWPH8HYkwHCQEsSgjT2xe8LIhiv4ZevtS9uaoOKZosx2P6YYo6nZt5J38SFd9/du1TWRM0V8
2024-07-16 09:07:46 UTC	1024	IN	Data Raw: 6a 43 45 77 58 73 7a 56 41 52 2b 56 50 52 38 46 49 2f 4c 7a 64 38 75 65 54 35 53 65 30 38 50 79 38 34 69 49 42 2f 38 64 2f 4a 4c 38 2b 37 59 7a 2f 48 35 43 2b 6a 33 4f 2f 54 68 57 6c 76 75 68 41 74 2b 67 4b 6e 49 2f 4a 4a 33 77 78 36 52 57 54 32 50 42 58 72 70 44 54 77 58 56 61 6a 54 44 5a 66 66 6f 6c 59 6f 5a 6e 50 6b 6d 76 63 4d 2f 2b 75 48 68 32 52 2f 58 2f 57 51 57 6e 68 52 2b 44 48 4b 4c 6e 58 43 64 38 4f 2b 67 65 2f 47 2b 59 73 7a 42 76 48 51 76 6e 42 66 76 31 79 34 4e 56 46 68 6f 6e 6c 64 6f 73 49 35 73 59 4c 7a 79 68 58 43 56 55 54 52 6e 76 67 6b 4f 6d 6b 71 58 77 4b 32 62 48 5a 77 61 63 58 72 6c 53 2b 43 32 6b 75 76 66 33 6e 6f 34 38 73 6d 61 6d 2b 6e 79 36 39 38 43 30 74 56 76 6b 41 6f 73 6e 59 54 66 51 78 75 44 48 56 6d 61 75 59 4a 48 36 2f 4e Data Ascii: jCEwXszVAR+VPR8FI/Lzd8ueT5Se08Py84iIB/8d/JL8+7Yz/H5C+j3O/ThWlvuhAt+gKnI/JJ3wx6RWT2PBXrpDTwXVajTDZffolYoZnPkmvcM/+uHh2R/X/WQWnhR+DHKLnXCd8O+ge/G+YszBvHQvnBfv1y4NVFhonldosI5sYLzyhXCVUTRnvgkOmkqXwK2bHZwacXrlS+C2kuvf3no48smam+ny698C0tVvkAosnYTfQxuDHVmauYJH6/N
2024-07-16 09:07:46 UTC	16384	IN	Data Raw: 55 6b 68 79 4d 62 6d 51 45 50 7a 54 7a 63 7a 76 74 36 76 39 53 57 76 44 35 66 4e 33 6b 61 58 78 32 7a 63 7a 37 38 32 38 39 36 5a 39 48 34 67 79 72 79 2f 72 35 69 4b 69 76 7a 65 34 63 36 30 51 32 2b 37 79 2f 53 41 32 58 7a 4c 34 4d 32 6d 33 42 56 6b 71 6e 43 2f 5a 37 53 62 35 6b 6d 30 32 67 34 6a 32 2b 74 51 75 6c 30 62 6a 74 6f 6a 48 33 61 4c 4a 2f 33 4f 2b 35 47 41 6c 59 62 49 78 41 5a 37 4a 62 4e 39 2b 39 45 65 64 6b 2b 48 6d 78 45 75 7a 48 65 30 64 58 54 4e 66 37 75 30 74 7a 4d 30 41 33 32 44 62 36 42 70 59 44 4f 52 69 7a 51 57 56 72 53 55 57 61 32 42 36 6d 6c 73 53 4c 64 39 6e 33 33 6f 65 67 31 31 77 69 6c 68 30 6e 45 2b 74 6a 71 35 7a 75 69 77 4b 69 38 49 6f 4e 6a 71 6d 31 4f 49 4a 4c 6c 2f 46 43 6c 6a 61 45 2b 52 54 59 31 39 33 76 4c 4d 76 6e 64 71 Data Ascii: UkhyMbmQEPzTzczvt6v9SWvD5fN3kaXx2zcz782896Z9H4gyry/r5iKivze4c60Q2+7y/SA2XzL4M2m3BVkqnC/Z7Sb5km02g4j2+tQul0bjtojH3aLJ/3O+5GAlYbIxAZ7JbN9+9Eedk+HmxEuzHe0dXTNf7u0tzM0A32Db6BpYDORizQWVrSUWa2B6mlsSLd9n33oeg11wilh0nE+tjq5zuiwKi8IoNjqm1OIJLl/FCljaE+RTY193vLMvndq
2024-07-16 09:07:46 UTC	1024	IN	Data Raw: 63 64 6b 4c 45 73 65 56 39 67 2f 67 73 49 65 39 72 35 44 32 74 68 4b 76 58 72 2b 65 61 59 2f 48 54 73 4b 48 52 7a 50 39 36 2b 72 33 2f 56 36 39 65 6d 30 41 43 4c 70 58 6f 41 50 31 33 79 31 34 7a 4c 67 44 6c 2b 46 48 78 6c 31 59 37 2f 51 59 39 32 43 6e 59 78 69 76 77 5a 58 4f 50 78 6b 2f 42 35 65 36 77 50 67 63 58 4f 36 2b 77 33 67 64 6f 74 34 32 34 2f 50 77 51 75 39 72 78 68 66 67 78 74 72 4c 6a 44 66 67 76 2b 66 65 59 6e 77 52 58 6c 79 2f 7a 2f 67 53 34 71 38 59 62 2f 5a 65 33 39 70 69 76 41 55 76 39 68 38 79 66 68 36 32 2b 6e 39 68 33 49 66 31 2f 6a 39 71 6a 44 38 58 74 2f 2f 48 75 49 50 34 58 34 79 37 38 4b 64 74 6c 6f 6b 2b 2f 57 46 37 6c 2f 45 61 2f 4c 48 2f 66 2f 53 75 73 33 59 42 62 79 66 6b 71 63 63 64 75 41 70 2f 59 39 78 46 7a 54 38 78 37 6b 48 Data Ascii: cdkLEseV9g/gsIe9r5D2thKvXr+eaY/HTsKHRzP96+r3/V69em0ACLpXoAP13y14zLgDl+FHxl1Y7/QY92CnYxivwZXOPxk/B5e6wPgcXO6+w3gdot424/PwQu9rxhfgxtrLjDfgv+feYnwRXly/z/gS4q8Yb/Ze39pivAUv9h8yfh62+n9h3If1/j9qjD8Xt//HuIP4X4y78Kdtlok+/WF7l/Ea/LH/f/Sus3YBbyfkqccduAp/Y9xFzT8x7kH
2024-07-16 09:07:46 UTC	16384	IN	Data Raw: 31 30 6d 39 64 36 6a 72 2b 44 35 55 4f 78 59 77 33 79 38 4a 32 35 4d 31 43 48 69 41 64 35 4c 31 4e 47 48 32 66 50 76 63 44 62 30 32 53 65 46 75 38 77 56 50 6b 59 69 32 64 67 47 48 46 49 65 4d 38 47 33 6b 64 4c 51 4c 7a 44 78 61 68 37 52 62 53 6b 4b 4b 64 4b 65 34 2f 69 46 69 51 35 46 33 74 42 61 33 4b 4c 33 38 50 62 51 67 70 33 31 6c 35 7a 76 30 4d 37 78 62 39 48 45 76 2b 79 5a 36 42 6b 64 59 6a 71 6d 4d 6c 66 68 41 35 6a 71 62 69 54 32 5a 71 30 44 4d 57 38 2f 6d 78 71 36 4f 72 4c 53 7a 59 4c 46 70 65 47 56 7a 59 38 35 37 52 35 56 36 69 47 55 54 69 4c 4f 71 37 41 53 44 65 4b 43 6b 72 61 74 76 63 32 4d 66 6a 77 5a 64 79 49 79 66 42 53 66 4b 73 57 59 58 68 32 36 57 4b 58 46 62 4f 6a 55 30 33 71 78 44 57 5a 54 69 55 46 6d 64 42 68 38 71 6b 79 74 6e 64 55 79 Data Ascii: 10m9d6jr+D5UOxYw3y8J25M1CHiAd5L1NGH2fPvcDb02SeFu8wVPkYi2dgGHFIeM8G3kdLQLzDxah7RbSkKKdKe4/iFiQ5F3tBa3KL38PbQgp31l5zv0M7xb9HEv+yZ6BkdYjqmMlfhA5jqbiT2Zq0DMW8/mxq6OrLSzYLFpeGVzY857R5V6iGUTiLOq7ASDeKCkratvc2MfjwZdyIyfBSfKsWYXh26WKXFbOjU03qxDWZTiUFmdBh8qkytndUy
2024-07-16 09:07:46 UTC	1024	IN	Data Raw: 36 54 64 71 43 65 52 55 4d 52 5a 69 46 30 43 33 70 54 79 50 6b 51 6a 72 52 66 78 59 37 4a 64 2f 4a 35 2b 57 54 2f 64 77 66 7a 46 6e 66 74 79 78 44 34 71 65 70 34 71 59 46 76 65 4e 32 4e 2f 77 76 49 6e 65 66 4b 2b 7a 48 33 71 32 78 6f 59 65 55 38 52 7a 74 71 38 38 2b 33 56 5a 36 4f 37 33 6f 44 33 67 51 34 4a 33 2b 44 5a 2f 47 39 37 59 4f 2f 77 64 78 76 6c 70 66 70 70 4a 2f 46 33 2b 49 63 76 69 72 66 77 4b 7a 67 75 6b 4c 49 74 66 34 39 64 59 45 75 46 6c 57 66 78 7a 69 62 4d 63 43 51 63 38 64 35 57 55 6a 4c 68 41 30 46 4b 6b 64 43 6d 44 70 55 71 5a 55 67 35 4c 6b 7a 53 53 68 6c 6b 6b 72 61 52 46 58 43 66 6c 34 68 71 42 72 32 56 4a 54 73 6e 4a 30 69 57 58 35 45 4b 38 57 43 70 6d 4b 73 6b 74 75 56 6d 47 56 43 4b 56 4d 43 33 68 62 6c 6c 53 71 56 54 42 4d 71 56 Data Ascii: 6TdqCeRUMRZiF0C3pTyPkQjrRfxY7Jd/J5+WT/dwfzFnftyxD4qep4qYFveN2N/wvInefK+zH3q2xoYeU8Rztq88+3VZ6O73oD3gQ4J3+DZ/G97YO/wdxvlpfppJ/F3+IcvirfwKzgukLItf49dYEuFlWfxzibMcCQc8d5WUjLhA0FKkdCmDpUqZUg5LkzSShlkkraRFXCfl4hqBr2VJTsnJ0iWX5EK8WCpmKsktuVmGVCKVMC3hbllSqVTBMqV
2024-07-16 09:07:46 UTC	16384	IN	Data Raw: 54 75 69 37 52 46 5a 41 49 76 31 76 4a 4d 31 58 6b 65 59 6e 6b 65 59 6e 6b 2b 61 6e 6b 4f 59 48 53 66 4e 54 53 66 4d 62 53 4f 63 6c 30 76 6b 4b 36 65 2b 6b 52 53 78 66 2b 72 47 30 68 78 55 52 54 75 38 68 6e 4e 35 4e 4f 48 30 4a 34 66 54 31 68 4d 31 37 43 4a 75 76 49 39 79 39 4c 36 48 73 44 78 47 2b 33 70 66 77 39 57 62 43 31 35 73 49 58 33 39 59 2b 6b 67 36 44 31 73 6a 55 48 59 54 37 55 6c 30 45 74 5a 75 6f 70 32 4a 5a 74 71 6c 61 61 48 39 69 57 62 61 71 32 6b 68 44 4e 35 47 75 78 53 64 59 67 63 36 39 52 46 44 48 37 32 4e 48 6e 77 48 72 63 31 41 61 30 65 77 76 32 47 53 61 62 48 77 49 4c 4b 6e 61 70 59 79 4d 78 76 4b 78 47 70 52 68 64 58 37 58 76 42 5a 7a 45 6c 37 78 56 4e 4f 72 4f 75 65 42 35 2f 42 61 6b 75 46 6d 4d 43 64 4c 68 50 75 39 4a 45 53 64 30 4a Data Ascii: Tui7RFZAIv1vJM1XkeYnkeYnk+ankOYHSfNTSfMbSOcl0vkK6e+kRSxf+rG0hxURTu8hnN5NOH0J4fT1hM17CJuvI9y9L6HsDxG+3pfw9WbC15sIX39Y+kg6D1sjUHYT7Ul0EtZuop2JZtqlaaH9iWbaq2khDN5GuxSdYgc69RFDH72NHnwHrc1Aa0ewv2GSabHwILKnapYyMxvKxGpRhdX7XvBZzEl7xVNOrOueB5/BakuFmMCdLhPu9JESd0J

Timestamp	Bytes transferred	Direction	Data
2024-07-16 09:07:45 UTC	545	OUT	GET /production/v2/toneden.loader.js HTTP/1.1 Host: sd.toneden.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://hantal.fanlink.tv/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-16 09:07:46 UTC	542	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Content-Length: 645 Connection: close Date: Tue, 16 Jul 2024 09:07:47 GMT Last-Modified: Mon, 13 Feb 2017 00:32:38 GMT ETag: "01cdccc32ce4455a13916531784c396a" Content-Encoding: gzip Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 ff78b299270b99e41cda1a1252610524.cloudfront.net (CloudFront) X-Amz-Cf-Pop: AMS1-P3 X-Amz-Cf-Id: krkT8kHaMlRCheTBXnyj0XlIHRVWuiOkh3W50ji4bATCAjsffZKM7A== Cache-Control: max-age=691200 Vary: Origin
2024-07-16 09:07:46 UTC	645	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 03 7d 53 d1 6e db 20 14 fd 95 84 07 0b 54 46 dc 3d 4d 71 d9 a4 ad 7b d9 a4 4d da fa 66 f9 81 9a 9b 98 ce 01 0b 70 dc 28 f1 bf 0f 1c dc b4 55 b7 17 04 e7 5e 0e dc 7b ce dd 0b bb b8 33 1a 6e 41 ff be fd ce 37 bd ae bd 32 1a 6b 72 9c f7 0b c0 86 1c d5 06 fb d2 54 c4 82 ef ad 5e c4 3d 83 c7 ce 58 ef 8a 7d 20 51 3c 42 fc 98 b0 f5 71 a4 4a ae 0d 6d 8d 90 20 d7 cb eb b1 48 57 75 bc 5a 8b b6 c5 6a 66 a0 8a 5e f6 40 c2 e1 7c 8d 2f f3 4b 60 8c cf 18 3e 28 2d cd c0 06 b8 ef 44 fd e7 9b 33 ba bb 14 50 fc 37 7a 29 cf 53 19 0a 34 16 47 4e 4b 05 1d 78 4e 1d 2f ab 62 b8 f1 ac 05 bd f5 4d 31 5c 5d 11 11 ca 1a 2a aa 4a 51 65 99 63 5d ef 1a 26 ba ae 3d 60 37 81 e1 af 21 c4 f3 22 92 85 2e e8 85 24 ba b4 15 97 61 99 40 93 65 06 c7 f7 0a 37 13 13 c7 Data Ascii: }Sn TF=Mq{Mfp(U^{3nA72krT^=X} Q<BqJm HWuZjf^@\|/K`>(-D3P7z)S4GNKxN/bM1\]*JQec]&=`7!".$a@e7

Timestamp	Bytes transferred	Direction	Data
2024-07-16 09:07:46 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-16 09:07:47 UTC	494	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=25938 Date: Tue, 16 Jul 2024 09:07:46 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-07-16 09:07:47 UTC	368	OUT	GET /production/v2/toneden.loader.js HTTP/1.1 Host: sd.toneden.io Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-16 09:07:48 UTC	542	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Content-Length: 645 Connection: close Date: Tue, 16 Jul 2024 09:07:49 GMT Last-Modified: Mon, 13 Feb 2017 00:32:38 GMT ETag: "01cdccc32ce4455a13916531784c396a" Content-Encoding: gzip Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 3f2f1c546e63f10a66abd1c978af36f6.cloudfront.net (CloudFront) X-Amz-Cf-Pop: AMS1-P3 X-Amz-Cf-Id: SocoPpo8_mhGatxi46R6vCwVNRrhAmVPTA_QXulAQZONhIeQBI6lDA== Cache-Control: max-age=691200 Vary: Origin
2024-07-16 09:07:48 UTC	645	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 03 7d 53 d1 6e db 20 14 fd 95 84 07 0b 54 46 dc 3d 4d 71 d9 a4 ad 7b d9 a4 4d da fa 66 f9 81 9a 9b 98 ce 01 0b 70 dc 28 f1 bf 0f 1c dc b4 55 b7 17 04 e7 5e 0e dc 7b ce dd 0b bb b8 33 1a 6e 41 ff be fd ce 37 bd ae bd 32 1a 6b 72 9c f7 0b c0 86 1c d5 06 fb d2 54 c4 82 ef ad 5e c4 3d 83 c7 ce 58 ef 8a 7d 20 51 3c 42 fc 98 b0 f5 71 a4 4a ae 0d 6d 8d 90 20 d7 cb eb b1 48 57 75 bc 5a 8b b6 c5 6a 66 a0 8a 5e f6 40 c2 e1 7c 8d 2f f3 4b 60 8c cf 18 3e 28 2d cd c0 06 b8 ef 44 fd e7 9b 33 ba bb 14 50 fc 37 7a 29 cf 53 19 0a 34 16 47 4e 4b 05 1d 78 4e 1d 2f ab 62 b8 f1 ac 05 bd f5 4d 31 5c 5d 11 11 ca 1a 2a aa 4a 51 65 99 63 5d ef 1a 26 ba ae 3d 60 37 81 e1 af 21 c4 f3 22 92 85 2e e8 85 24 ba b4 15 97 61 99 40 93 65 06 c7 f7 0a 37 13 13 c7 Data Ascii: }Sn TF=Mq{Mfp(U^{3nA72krT^=X} Q<BqJm HWuZjf^@\|/K`>(-D3P7z)S4GNKxN/bM1\]*JQec]&=`7!".$a@e7

Timestamp	Bytes transferred	Direction	Data
2024-07-16 09:07:48 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-16 09:07:48 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=25934 Date: Tue, 16 Jul 2024 09:07:48 GMT Content-Length: 55 Connection: close X-CID: 2
2024-07-16 09:07:48 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://hantal.fanlink.tv/o7IZ

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Windows Analysis Report
https://hantal.fanlink.tv/o7IZ

Timestamp	Bytes transferred	Direction	Data
2024-07-16 09:07:49 UTC	533	OUT	GET /en_US/sdk.js HTTP/1.1 Host: connect.facebook.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://hantal.fanlink.tv/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-16 09:07:49 UTC	1887	IN	HTTP/1.1 200 OK Vary: Accept-Encoding Access-Control-Expose-Headers: X-FB-Content-MD5 x-fb-content-md5: 0080bbe5cd4a972a780dd1e918706d20 ETag: "a7be900182045306fc4af4d14d3259f8" Content-Type: application/x-javascript; charset=utf-8 timing-allow-origin: * Access-Control-Allow-Origin: * content-md5: AIC75c1Klyp4DdHpGHBtIA== Expires: Tue, 16 Jul 2024 09:21:02 GMT Cache-Control: public,max-age=1200,stale-while-revalidate=3600 reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" document-policy: force-load-at-top permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" cross-origin-resource-policy: cross-origin cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report" cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report" X-Content-Type-Options: nosniff
2024-07-16 09:07:49 UTC	850	IN	Data Raw: 72 65 70 6f 72 74 2d 74 6f 3a 20 7b 22 6d 61 78 5f 61 67 65 22 3a 32 35 39 32 30 30 30 2c 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 62 72 6f 77 73 65 72 5f 72 65 70 6f 72 74 69 6e 67 5c 2f 63 6f 6f 70 5c 2f 3f 6d 69 6e 69 6d 69 7a 65 3d 30 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 6f 6f 70 5f 72 65 70 6f 72 74 22 2c 22 69 6e 63 6c 75 64 65 5f 73 75 62 64 6f 6d 61 69 6e 73 22 3a 74 72 75 65 7d 2c 20 7b 22 6d 61 78 5f 61 67 65 22 3a 38 36 34 30 30 2c 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 62 72 6f 77 73 65 72 5f 72 65 70 6f 72 74 69 6e 67 5c 2f 63 Data Ascii: report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/c
2024-07-16 09:07:49 UTC	1	IN	Data Raw: 2f Data Ascii: /
2024-07-16 09:07:49 UTC	3092	IN	Data Raw: 2a 31 37 32 31 31 32 30 34 36 32 2c 2c 4a 49 54 20 43 6f 6e 73 74 72 75 63 74 69 6f 6e 3a 20 76 31 30 31 34 39 30 39 31 36 34 2c 65 6e 5f 55 53 2a 2f 0a 0a 2f 2a 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 31 37 2d 70 72 65 73 65 6e 74 2c 20 46 61 63 65 62 6f 6f 6b 2c 20 49 6e 63 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 20 2a 0a 20 2a 20 59 6f 75 20 61 72 65 20 68 65 72 65 62 79 20 67 72 61 6e 74 65 64 20 61 20 6e 6f 6e 2d 65 78 63 6c 75 73 69 76 65 2c 20 77 6f 72 6c 64 77 69 64 65 2c 20 72 6f 79 61 6c 74 79 2d 66 72 65 65 20 6c 69 63 65 6e 73 65 20 74 6f 20 75 73 65 2c 0a 20 2a 20 63 6f 70 79 2c 20 6d 6f 64 69 66 79 2c 20 61 6e 64 20 64 69 73 74 72 69 62 75 74 65 20 74 68 69 73 20 73 6f 66 74 77 61 72 65 20 Data Ascii: 1721120462,,JIT Construction: v1014909164,en_US//** * Copyright (c) 2017-present, Facebook, Inc. All rights reserved. * * You are hereby granted a non-exclusive, worldwide, royalty-free license to use, * copy, modify, and distribute this software

Timestamp	Bytes transferred	Direction	Data
2024-07-16 09:07:50 UTC	515	OUT	OPTIONS /record HTTP/1.1 Host: fanlink.tv Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type,csrf-token Origin: https://hantal.fanlink.tv User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://hantal.fanlink.tv/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-16 09:07:50 UTC	481	IN	HTTP/1.1 200 OK X-Powered-By: Express X-Nerd-Alert: Hacking us? Why not work for us instead? eventbritecareers.com Strict-Transport-Security: max-age=31536000000; includeSubDomains Access-Control-Allow-Origin: https://hantal.fanlink.tv Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS access-control-allow-headers: content-type,csrf-token Date: Tue, 16 Jul 2024 09:07:50 GMT Connection: close Transfer-Encoding: chunked
2024-07-16 09:07:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-07-16 09:07:50 UTC	384	OUT	GET /production/javascripts/fan-link.js?v=0e8b5ac8a4 HTTP/1.1 Host: st.toneden.io Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-16 09:07:51 UTC	641	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Content-Length: 4491816 Connection: close Date: Tue, 16 Jul 2024 09:07:51 GMT Last-Modified: Tue, 25 Jun 2024 18:46:08 GMT ETag: "0c1bc2dd546bb3ae31c221550483a421" x-amz-server-side-encryption: AES256 Content-Encoding: gzip x-amz-version-id: 3bg7yQ2ymW9sv2yY3QDQsun2YbU8Jcoy Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 1b575b46b9e4dd6b829accb4ea728b00.cloudfront.net (CloudFront) X-Amz-Cf-Pop: AMS1-P2 X-Amz-Cf-Id: bd19VmES_-RtwEp5Z1a6yIEwKyZ0zzU37Q0Dc0O49XfOlSoTeA-3Kw== Cache-Control: no-store, max-age=0 Vary: Origin
2024-07-16 09:07:51 UTC	8079	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 03 ec bd 69 77 db 48 92 28 fa fd fd 0a 08 77 86 03 dc 4e 66 13 0b c1 45 8d f6 b8 6c b9 e5 3b 96 e5 63 b9 5c 5d ad d1 e8 40 60 92 44 0b 04 38 89 24 6d 49 e0 7f 7f 27 22 91 00 b8 c9 92 4b 76 b9 bb 71 aa 4c 61 49 e4 1a 19 11 19 eb 1f ff ef 81 f6 2a e5 5a 1c 85 2c c9 98 16 25 e3 94 cf 02 11 a5 89 36 8f 59 90 31 2d 63 4c 1b 07 49 3b 8e 92 6b fa f7 8c be 79 fd e2 e8 ed d9 11 15 9f 85 f6 7f ff f8 ff 19 86 e9 ff f9 6e 19 70 ed f2 f2 13 bb 9a 07 e1 f5 e5 2c 1d 2d 62 96 5d 5e fa 77 6e df f3 06 de d0 60 44 10 0e 25 f5 05 d4 29 78 14 0a fd 90 d3 91 21 c8 dd df 86 50 49 ba 32 0f a1 9e c4 e7 86 d7 77 07 03 cb 24 81 ff c7 ff 31 8c 70 1a c5 23 ce 92 7c 14 24 13 c6 d3 45 16 df 9c 31 f1 3a 49 18 3f fe 70 f2 26 bf 66 37 39 67 e3 3c 58 88 f4 55 1a Data Ascii: iwH(wNfEl;c\]@`D8$mI'"KvqLaI*Z,%6Y1-cLI;kynp,-b]^wn`D%)x!PI2w$1p#\|$E1:I?p&f79g<XU
2024-07-16 09:07:51 UTC	16384	IN	Data Raw: 29 c9 2f 51 1c bf 67 21 8b 96 32 4a e5 96 2c 8c c9 39 87 18 49 65 fd 87 02 2c 22 2a 89 5f f9 a2 d5 c2 a7 19 13 67 d0 25 a3 d6 25 08 92 a6 44 77 85 2c 01 c7 b1 d5 a0 6c af 90 3a e0 c8 aa 86 d7 24 72 34 4d b0 86 c3 bd 6d 1e 80 a4 01 24 e8 c6 01 fa db 4a c1 e1 6f 12 fa a9 b3 f8 f3 58 10 10 f3 81 dc e4 0d a4 7c 20 20 c1 ab bd 7d 5e be 18 cb a9 da 1c ca bc 26 e4 58 0b 14 75 5e cd ec 85 72 88 52 ec 14 90 ad 68 6c 20 5f 44 a3 4c f2 47 95 7f 38 98 b0 ad 0c a6 08 1a aa eb b3 f2 d8 0f e2 59 94 29 98 e6 ba 6d 03 b8 3e 57 d2 fb 52 d7 a1 02 e6 48 85 07 3b 97 f7 65 b8 9e 8b 3c 57 6f f4 ff fc 4f 15 c4 47 bf 28 24 f2 92 79 a3 10 9a 5d f6 6a ad 51 e0 09 c1 6e 53 22 39 79 c8 ae 02 03 29 a3 85 82 7b 44 21 53 69 60 57 6a 2d 4a c7 8f 42 53 6f d2 0c 12 e2 18 7d d2 b6 94 46 4b Data Ascii: )/Qg!2J,9Ie,"*_g%%Dw,l:$r4Mm$JoX\| }^&Xu^rRhl _DLG8Y)m>WRH;e<WoOG($y]jQnS"9y){D!Si`Wj-JBSo}FK
2024-07-16 09:07:51 UTC	16384	IN	Data Raw: 28 6b eb 65 de 60 19 c7 d0 f0 18 1e 30 be f3 fe 16 07 8f e5 3e 67 7b 7b 60 e1 4d 70 d2 62 bc 10 0b c4 75 e9 03 14 a2 9e 1b 09 54 6a 01 8a 9b db a8 d8 52 55 82 77 77 86 fd 16 7f 8c 96 71 5b f8 7f 11 8a 7f c4 25 3a a9 9c a0 17 0d 22 de 17 8e 15 3a 39 a4 1c 37 7e 20 fb 1b a8 ce 51 b4 1d a2 ea c9 78 2b 0f b9 dd 4c e8 f5 e9 12 9c b8 a2 f4 4d 6c a6 68 cc fe 9e e2 4e 55 9d f4 c2 13 46 eb 3c 20 77 d2 13 98 24 00 3b 6c a4 7b e0 b8 f5 b5 bb f5 e4 b2 3f 8f d4 d1 3d fe 16 21 0a 11 8a b6 86 48 7c ed 4c a2 c8 95 e2 68 5a 98 12 1b 97 5e 34 28 41 f5 b7 a8 dd 23 52 a8 79 77 22 2b 48 56 1a 49 a9 23 4d 6a 36 f9 46 16 7b 70 d9 19 1f 26 0a 57 83 5e f6 6b 1a b7 38 ba 47 16 f5 59 2e cf 43 d6 b1 47 02 dd ac cd 5e f2 19 b9 ac 1e 4d 9c bb 3c 4f 76 68 52 a9 e4 e0 72 fb fd 68 bc a3 Data Ascii: (ke`0>g{{`MpbuTjRUwwq[%:":97~ Qx+LMlhNUF< w$;l{?=!H\|LhZ^4(A#Ryw"+HVI#Mj6F{p&W^k8GY.CG^M<OvhRrh
2024-07-16 09:07:51 UTC	630	IN	Data Raw: 1d a8 3b 0d ec dd 05 6e 15 e0 4e 20 c8 ae 47 d2 4a 1e 19 80 c1 79 1c a2 2d af 43 35 c1 ef 32 06 14 5a 34 70 50 68 30 d5 c0 d5 ce 6a c6 a8 7e e9 24 4e 92 a7 fd f0 6c 63 01 69 59 1c a0 d4 a8 71 07 49 46 c5 7a d0 dc 8a 3a 6c 60 b1 63 ce ad 96 17 dc 79 c5 88 92 38 f2 3b 2b 4e e4 bc e3 4d 52 7e 80 90 61 7f f8 f6 d2 3b 18 8b 07 28 45 20 84 c7 3c 08 13 8d 7e 19 c6 0f 8a 99 26 e5 5a 44 54 e0 1b 81 58 be 4a 55 5c 79 b9 0c 9b 58 93 2e 05 b2 a6 92 dc b1 f3 03 86 c8 e2 60 4e e0 25 82 15 0e 4a 1a d4 06 20 99 e2 02 4b 90 3a bc 69 2d 0e 8d 4c 5c dc 62 ce d1 db cd 4d 8a 30 08 28 58 53 97 3c 3e 6a a1 96 0c 75 23 b9 60 9a e2 0a d8 a3 0e cb 9d d5 e3 5b a4 d7 ba 6e 79 24 ad b3 43 2f 16 d3 5a 1e 19 79 c9 ad 98 b0 eb bc 09 06 3f 19 22 5b be 5a 0a 50 ce 23 10 25 a1 1d a8 22 c8 Data Ascii: ;nN GJy-C52Z4pPh0j~$NlciYqIFz:l`cy8;+NMR~a;(E <~&ZDTXJU\yX.`N%J K:i-L\bM0(XS<>ju#`[ny$C/Zy?"[ZP#%"
2024-07-16 09:07:51 UTC	1418	IN	Data Raw: d0 94 20 3a 8b 79 4c d9 64 35 e7 2d 32 8f e3 2c 43 e5 20 2b ac 15 67 f1 ed 25 09 8f 0a 4d 9c 4f d2 72 2c 75 c4 fd a9 65 f4 78 12 70 75 55 ed dd 9d e9 ab 93 4a 71 3c 04 03 d0 0f 47 56 9a cd 45 24 35 41 52 7e f0 1f 89 ff 31 99 99 77 c7 f8 02 cd 12 c8 18 1c 2c 88 a4 70 e5 23 22 81 85 38 09 f5 94 02 1d 55 ec 5a 17 9e a4 53 68 dc 4e 8e 3b b6 2d 98 ee 60 91 83 a9 89 2c e9 41 d8 e7 81 6d 78 c1 f7 44 cc 46 e6 26 9b 9a b7 44 43 92 1c 18 1d 65 b5 12 48 a8 43 a1 a8 0b 48 43 42 8a 06 5f b4 1f 6d bb 1e 87 c9 67 8b 2c 15 71 8a 12 b9 8b 73 10 e1 1a 39 22 90 4f 41 95 cb ab 52 cf b9 37 fa 48 e8 45 a1 4d 0f 2c e1 ec 26 59 5b ae 11 72 f6 6f 10 05 54 f2 b6 c0 2b 27 46 31 b9 33 38 e5 08 81 2d 42 b6 95 02 0c 56 74 5d 8c 4b a0 8e 28 0d 1a af 2f 57 98 2c d6 70 4f 52 4b 9a a1 62 Data Ascii: :yLd5-2,C +g%MOr,uexpuUJq<GVE$5AR~1w,p#"8UZShN;-`,AmxDF&DCeHCHCB_mg,qs9"OAR7HEM,&Y[roT+'F138-BVt]K(/W,pORKb
2024-07-16 09:07:51 UTC	16384	IN	Data Raw: 72 75 32 36 52 96 ca be 52 74 49 b3 70 36 59 27 be c0 84 4c 8d cf 4a 23 38 8a 19 de 91 89 a0 10 5c 18 23 13 00 10 44 94 7b 5d 8a a6 16 92 49 d9 99 46 bc 4d 28 81 b2 07 7e 3a b1 27 b1 6b 21 29 05 46 c2 09 a2 45 d6 04 cd 83 5e 06 02 a4 13 1c 67 c8 e1 5b a2 4a be b7 ff e0 3e 32 60 86 34 58 1c 2b af 2e 78 ab ea 6f 73 8c a8 ef 8f 24 79 21 3f 18 24 2f e8 0a f8 6c 91 b1 7b d2 4b c5 b8 9e 22 8b de 0f 25 9b a8 e2 69 a3 44 87 7a 74 85 ec cf a3 9d 61 5a 86 2d dc 53 c3 8b 40 0e a3 b1 d0 69 21 14 41 dd 2e c2 23 1b 4c 00 bd 99 28 cd 52 20 2f 19 f5 09 50 46 91 44 84 63 7e 05 e4 3e 00 6b e8 1d d5 e1 a6 e6 28 31 b1 d8 c8 b4 51 36 c3 01 b2 26 79 d5 b5 cb f1 5f 40 81 22 d1 33 85 5d df 40 96 f6 29 4b fd db 56 62 1f 54 e0 91 3a 29 63 c8 26 52 8f 03 b9 58 f8 a5 85 fe 44 4c ed Data Ascii: ru26RRtIp6Y'LJ#8\#D{]IFM(~:'k!)FE^g[J>2`4X+.xos$y!?$/l{K"%iDztaZ-S@i!A.#L(R /PFDc~>k(1Q6&y_@"3]@)KVbT:)c&RXDL
2024-07-16 09:07:51 UTC	16384	IN	Data Raw: ba 8c 3b 42 48 5a 99 23 54 aa b9 66 82 64 80 f6 93 33 27 17 02 d7 c3 c2 56 16 eb 93 f3 8f c4 06 14 89 d2 42 0b cf 26 27 59 32 0e 81 b2 96 26 46 dc 6a c4 85 ae 80 46 b1 0b 32 81 29 07 f0 80 96 69 73 e6 ba 86 23 d1 5b 79 a8 ed c0 03 cd db 15 72 2f cc 16 54 ac e4 7d 9b c3 63 3a 00 53 8d 76 96 8e 29 53 5b 40 a9 3a e8 cf 8c b8 c3 20 97 c5 c9 22 b3 80 16 8b 56 2e 07 ce 8f 54 9f f2 d4 96 6b 97 a4 63 91 f1 84 e5 4f 74 c1 52 93 58 7e 0a f3 61 2e 6a 7f ce 38 1e 96 8e 65 89 d8 4a 18 4f f2 8f b5 a2 d8 46 ac 2d 83 43 a2 71 e6 37 cc f5 e2 95 74 9e ec 29 5e c9 23 33 31 c0 99 6d 9b e9 00 1c 4f 86 9b 36 aa 74 1f 6f 21 81 60 1e 9c 91 12 d2 85 1a 32 21 03 d8 6a 58 fc 0a 5c ee d2 68 52 c0 c2 f5 90 46 22 75 f1 0a 70 c7 60 cf 60 1e 19 97 6c 0b 04 9d 0e 49 dc 41 51 09 99 e8 18 Data Ascii: ;BHZ#Tfd3'VB&'Y2&FjF2)is#[yr/T}c:Sv)S[@: "V.TkcOtRX~a.j8eJOF-Cq7t)^#31mO6to!`2!jX\hRF"up``lIAQ
2024-07-16 09:07:51 UTC	16384	IN	Data Raw: d5 fc 6c 72 b5 f7 c3 e9 fb 8b c9 d5 d9 e5 45 73 f1 62 ba ff c7 7c 7a f5 7e 7e d1 5c bc dc 1b 8e ef bd 7c 79 f5 e1 dd f4 f2 b4 f9 db 87 f3 5f 2e 67 df 7f bf b7 90 2f 77 4f a8 b3 ab e9 7c 7c 75 39 ff 97 e1 d6 b5 07 f6 8f 98 7e 3c dc 70 72 fa fd f7 0f bc 6e aa 26 97 17 8b ab f9 fb c9 d5 e5 fc e5 cb 97 43 33 a6 7f 19 be ab 77 f3 cb 9a ad f1 2f 43 db 0e 57 2f 3c a0 5f 1f ff fa 8b a4 f4 9c 4c 4f cf 2e a6 ff 31 bf 7c 37 9d 5f 7d 78 71 75 b0 f7 f6 ed 74 71 74 79 f2 9e e2 c1 7f 2c c7 b3 f7 d3 c3 bf e8 8f fb 07 57 ea 64 7a 3a 7e 3f bb 7a b9 bc 3c 3b 69 f4 0f cb f1 bc 19 bf bc 69 fd c1 d5 fe 1f 67 a7 2f a6 df 7f 3f 55 37 0f d9 ef 07 70 fa c3 d9 e9 8b 8b f7 b3 d9 cb 97 2f a7 ff f8 c7 de a5 bc 7f ef 2f 2f 5f d2 9c f5 fe fe 65 18 de 69 7f ef 1f fd 8b 0f a7 1f e5 a5 f3 Data Ascii: lrEsb\|z~~\\|y_.g/wO\|\|u9~<prn&C3w/CW/<_LO.1\|7_}xqutqty,Wdz:~?z<;iig/?U7p///_ei
2024-07-16 09:07:51 UTC	3072	IN	Data Raw: 90 ad ec 94 1d 8e 28 f3 c0 31 9e 57 ef 34 aa f4 d7 65 15 46 15 90 e2 9f d4 cb 81 66 24 d6 87 49 69 69 a2 a2 aa 90 53 19 7b 30 eb 43 0c c4 b2 08 50 03 21 c4 90 40 48 38 0b 23 d1 72 7b 6c 52 ea e0 49 f0 06 e1 dc 85 81 29 56 66 18 52 c0 1d 45 e4 6a 18 1e b4 d2 5b 74 53 16 61 e5 59 d0 62 91 cf 79 41 a0 8a 1d 45 e9 84 64 80 26 e6 27 88 3f 55 36 6d 91 95 a1 01 51 c9 aa 13 ba 53 d9 c7 ac 35 11 4e 31 ac b5 d8 05 08 21 f2 6a dd 06 10 32 88 12 37 97 91 5e e2 b1 3d d2 4d 89 ca d6 79 16 d8 b1 23 4d b4 5f a9 47 92 cc fc c3 91 6e 9f a0 c9 f7 2b 4c ea f6 65 3d b9 a1 bb 62 b0 67 cc 96 3d 5f ad ea 28 43 28 ff c9 90 4f d8 6b 1c 69 2b 83 45 2b 59 b6 72 83 68 65 b0 6e 74 7c f9 6f 14 95 90 b4 e7 58 2f 3e 87 15 0d 12 bc a6 c1 49 ab dc 39 65 96 06 15 d6 31 37 46 6a 26 6e 38 61 Data Ascii: (1W4eFf$IiiS{0CP!@H8#r{lRI)VfREj[tSaYbyAEd&'?U6mQS5N1!j27^=My#M_Gn+Le=bg=_(C(Oki+E+Yrhent\|oX/>I9e17Fj&n8a
2024-07-16 09:07:51 UTC	16384	IN	Data Raw: 2b 2a 1a 23 cf 72 5d a8 01 8b 04 5b 4a d3 1e cb 91 fd 99 3c b3 a7 21 07 99 62 b3 db 21 07 ed 92 66 77 49 b3 bb a4 d9 6f 9e 34 7b 0b fe f1 4b 56 ae ed 13 5e 01 05 da 56 d5 a2 07 87 e0 92 a1 b8 85 45 4b b8 53 85 b6 af 4e eb 44 1e 5f 1a aa d4 c6 ce 6a 04 3b 34 cf 90 7e c4 fc 48 ea a2 d1 8d 49 13 55 24 14 33 11 99 4e 10 7c a1 94 9d 76 7d 02 da 8f 56 15 f4 cc 42 c0 a6 36 dc 12 25 4b 24 10 4b 2d 46 04 1f c9 60 03 8b 81 6f 8d 6b dd 44 e5 4c a4 bc 51 11 e1 32 a3 9e a1 ed 8c 8c 59 9a ce 1d 63 76 59 1a da b2 85 91 3d 8e 28 fe f9 55 31 9e 39 e2 9f 53 23 e3 99 af fa ec 8a 19 9f f0 be fb 02 26 73 b0 a9 68 ee 33 1f fe f5 aa 69 54 b8 8d 87 6b 6a 14 97 a3 de c1 51 ed a4 87 9d f4 b0 93 1e be b9 f4 70 0b 3d 69 71 35 be 7a bf 58 83 17 dc 88 08 75 ef aa 6d 18 1c 64 70 3e 03 Data Ascii: +*#r][J<!b!fwIo4{KV^VEKSND_j;4~HIU$3N\|v}VB6%K$K-F`okDLQ2YcvY=(U19S#&sh3iTkjQp=iq5zXumdp>

Timestamp	Bytes transferred	Direction	Data
2024-07-16 09:07:50 UTC	548	OUT	OPTIONS /api/v1/analytics/events HTTP/1.1 Host: www.toneden.io Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type,csrf-token,ui-version Origin: https://hantal.fanlink.tv User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Referer: https://hantal.fanlink.tv/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-16 09:07:50 UTC	492	IN	HTTP/1.1 200 OK X-Powered-By: Express X-Nerd-Alert: Hacking us? Why not work for us instead? eventbritecareers.com Strict-Transport-Security: max-age=31536000000; includeSubDomains Access-Control-Allow-Origin: https://hantal.fanlink.tv Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS access-control-allow-headers: content-type,csrf-token,ui-version Date: Tue, 16 Jul 2024 09:07:50 GMT Connection: close Transfer-Encoding: chunked
2024-07-16 09:07:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-07-16 09:07:50 UTC	1338	OUT	GET /signals/config/1711912442390284?v=2.9.161&r=stable&domain=hantal.fanlink.tv&hme=e67e7d148043b3a377ad0eb1c82669792a67ba5e3bb5734b69e611ae38f939ca&ex_m=68%2C115%2C102%2C106%2C59%2C3%2C95%2C67%2C15%2C92%2C85%2C49%2C52%2C163%2C166%2C178%2C174%2C175%2C177%2C28%2C96%2C51%2C74%2C176%2C158%2C161%2C171%2C172%2C179%2C124%2C39%2C33%2C136%2C14%2C48%2C184%2C183%2C126%2C17%2C38%2C1%2C41%2C63%2C64%2C65%2C69%2C89%2C16%2C13%2C91%2C88%2C87%2C103%2C50%2C105%2C37%2C104%2C29%2C25%2C159%2C162%2C133%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C55%2C60%2C62%2C72%2C97%2C26%2C73%2C8%2C7%2C77%2C46%2C20%2C99%2C98%2C100%2C93%2C9%2C19%2C18%2C82%2C54%2C80%2C32%2C71%2C0%2C90%2C31%2C79%2C84%2C45%2C44%2C83%2C36%2C4%2C86%2C78%2C42%2C34%2C81%2C2%2C35%2C61%2C40%2C101%2C43%2C76%2C66%2C107%2C58%2C57%2C30%2C94%2C56%2C53%2C47%2C75%2C70%2C23%2C108 HTTP/1.1 Host: connect.facebook.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://hantal.fanlink.tv/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-16 09:07:50 UTC	1465	IN	HTTP/1.1 200 OK Vary: Accept-Encoding Content-Type: application/x-javascript; charset=utf-8 timing-allow-origin: * reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-security-policy: default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; document-policy: force-load-at-top
2024-07-16 09:07:50 UTC	1731	IN	Data Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 61 74 74 65 72 79 3d 28 73 65 6c 66 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 63 61 6d 65 72 61 3d 28 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63 68 2d 76 69 65 77 70 6f 72 74 2d 68 65 69 67 68 Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-heigh
2024-07-16 09:07:50 UTC	1500	IN	Data Raw: 2f 2a 2a 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 31 37 2d 70 72 65 73 65 6e 74 2c 20 46 61 63 65 62 6f 6f 6b 2c 20 49 6e 63 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 2a 0a 2a 20 59 6f 75 20 61 72 65 20 68 65 72 65 62 79 20 67 72 61 6e 74 65 64 20 61 20 6e 6f 6e 2d 65 78 63 6c 75 73 69 76 65 2c 20 77 6f 72 6c 64 77 69 64 65 2c 20 72 6f 79 61 6c 74 79 2d 66 72 65 65 20 6c 69 63 65 6e 73 65 20 74 6f 20 75 73 65 2c 0a 2a 20 63 6f 70 79 2c 20 6d 6f 64 69 66 79 2c 20 61 6e 64 20 64 69 73 74 72 69 62 75 74 65 20 74 68 69 73 20 73 6f 66 74 77 61 72 65 20 69 6e 20 73 6f 75 72 63 65 20 63 6f 64 65 20 6f 72 20 62 69 6e 61 72 79 20 66 6f 72 6d 20 66 6f 72 20 75 73 65 0a 2a 20 69 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 77 69 Data Ascii: /* Copyright (c) 2017-present, Facebook, Inc. All rights reserved. You are hereby granted a non-exclusive, worldwide, royalty-free license to use,* copy, modify, and distribute this software in source code or binary form for use* in connection wi
2024-07-16 09:07:50 UTC	1500	IN	Data Raw: 75 72 6e 21 30 7d 28 29 29 72 65 74 75 72 6e 3b 76 61 72 20 67 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 28 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 3a 22 40 40 69 74 65 72 61 74 6f 72 22 29 3d 3d 3d 22 73 79 6d 62 6f 6c 22 3f 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 61 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 26 26 61 21 3d 3d 28 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 Data Ascii: urn!0}())return;var g=typeof Symbol==="function"&&typeof (typeof Symbol==="function"?Symbol.iterator:"@@iterator")==="symbol"?function(a){return typeof a}:function(a){return a&&typeof Symbol==="function"&&a.constructor===Symbol&&a!==(typeof Symbol==="func
2024-07-16 09:07:50 UTC	1500	IN	Data Raw: 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3f 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 28 61 2c 62 29 3a 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 62 29 7d 66 75 6e 63 74 69 6f 6e 20 6c 28 61 2c 62 29 7b 69 66 28 21 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 62 29 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 43 61 6e 6e 6f 74 20 63 61 6c 6c 20 61 20 63 6c 61 73 73 20 61 73 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 7d 66 2e 5f 5f 66 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 7c 7c 28 66 2e 5f 5f 66 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 3d 7b 7d 2c 66 2e 5f 5f 66 62 65 76 65 6e 74 73 52 65 73 6f 6c 76 65 64 4d 6f 64 75 6c 65 73 3d 7b 7d 2c 66 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 3d Data Ascii: Object.setPrototypeOf?Object.setPrototypeOf(a,b):a.__proto__=b)}function l(a,b){if(!(a instanceof b))throw new TypeError("Cannot call a class as a function")}f.__fbeventsModules\|\|(f.__fbeventsModules={},f.__fbeventsResolvedModules={},f.getFbeventsModules=
2024-07-16 09:07:50 UTC	1500	IN	Data Raw: 61 2e 70 69 78 65 6c 3b 61 3d 61 2e 73 68 6f 75 6c 64 45 78 74 72 61 63 74 55 73 65 72 44 61 74 61 3b 76 61 72 20 6b 3d 61 26 26 69 3d 3d 6e 75 6c 6c 3b 69 3d 63 28 7b 62 75 74 74 6f 6e 3a 65 2c 63 6f 6e 74 61 69 6e 65 72 45 6c 65 6d 65 6e 74 3a 6b 3f 68 3a 69 2c 73 68 6f 75 6c 64 45 78 74 72 61 63 74 55 73 65 72 44 61 74 61 3a 61 7d 29 3b 61 3d 64 28 29 3b 76 61 72 20 6c 3d 69 2e 66 6f 72 6d 46 69 65 6c 64 46 65 61 74 75 72 65 73 3b 69 3d 69 2e 75 73 65 72 44 61 74 61 3b 66 3d 7b 62 75 74 74 6f 6e 46 65 61 74 75 72 65 73 3a 66 2c 62 75 74 74 6f 6e 54 65 78 74 3a 67 2c 66 6f 72 6d 46 65 61 74 75 72 65 73 3a 6b 3f 5b 5d 3a 6c 2c 70 61 67 65 46 65 61 74 75 72 65 73 3a 61 2c 70 61 72 61 6d 65 74 65 72 73 3a 62 2e 74 72 69 67 67 65 72 28 7b 70 69 78 65 6c 3a Data Ascii: a.pixel;a=a.shouldExtractUserData;var k=a&&i==null;i=c({button:e,containerElement:k?h:i,shouldExtractUserData:a});a=d();var l=i.formFieldFeatures;i=i.userData;f={buttonFeatures:f,buttonText:g,formFeatures:k?[]:l,pageFeatures:a,parameters:b.trigger({pixel:
2024-07-16 09:07:50 UTC	1500	IN	Data Raw: 61 28 29 2c 6b 3d 5b 5d 2c 6c 3d 7b 7d 3b 69 66 28 68 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 7b 66 6f 72 6d 46 69 65 6c 64 46 65 61 74 75 72 65 73 3a 6b 2c 75 73 65 72 44 61 74 61 3a 6c 7d 3b 68 3d 68 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 65 29 3b 66 6f 72 28 76 61 72 20 6d 3d 30 3b 6d 3c 68 2e 6c 65 6e 67 74 68 3b 6d 2b 2b 29 7b 76 61 72 20 6e 3d 68 5b 6d 5d 3b 69 66 28 6e 20 69 6e 73 74 61 6e 63 65 6f 66 20 48 54 4d 4c 49 6e 70 75 74 45 6c 65 6d 65 6e 74 7c 7c 6e 20 69 6e 73 74 61 6e 63 65 6f 66 20 48 54 4d 4c 54 65 78 74 41 72 65 61 45 6c 65 6d 65 6e 74 7c 7c 6e 20 69 6e 73 74 61 6e 63 65 6f 66 20 48 54 4d 4c 53 65 6c 65 63 74 45 6c 65 6d 65 6e 74 7c 7c 6e 20 69 6e 73 74 61 6e 63 65 6f 66 20 48 54 4d 4c 42 75 74 74 6f 6e 45 6c 65 6d 65 Data Ascii: a(),k=[],l={};if(h==null)return{formFieldFeatures:k,userData:l};h=h.querySelectorAll(e);for(var m=0;m<h.length;m++){var n=h[m];if(n instanceof HTMLInputElement\|\|n instanceof HTMLTextAreaElement\|\|n instanceof HTMLSelectElement\|\|n instanceof HTMLButtonEleme
2024-07-16 09:07:50 UTC	1500	IN	Data Raw: 6e 74 73 5b 62 5d 3b 66 6f 72 28 76 61 72 20 64 20 69 6e 20 63 29 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 63 2c 64 29 26 26 28 61 5b 64 5d 3d 63 5b 64 5d 29 7d 72 65 74 75 72 6e 20 61 7d 2c 62 3d 66 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 28 22 53 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 55 74 69 6c 73 22 29 2c 63 3d 62 2e 65 61 63 68 2c 64 3d 2f 5b 5e 5c 73 5c 22 5d 2f 2c 65 3d 2f 5b 5e 5c 73 3a 2b 5c 22 5d 2f 3b 66 75 6e 63 74 69 6f 6e 20 67 28 62 2c 63 2c 66 29 7b 69 66 28 66 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 64 2e 74 65 73 74 28 63 29 3f 63 3d 3d 3d 22 40 22 3f 6e 75 6c 6c 3a 7b 73 74 61 72 74 3a 62 2c 75 73 65 72 4f 72 44 6f 6d 61 69 6e 3a 22 75 73 65 72 Data Ascii: nts[b];for(var d in c)Object.prototype.hasOwnProperty.call(c,d)&&(a[d]=c[d])}return a},b=f.getFbeventsModules("SignalsFBEventsUtils"),c=b.each,d=/[^\s\"]/,e=/[^\s:+\"]/;function g(b,c,f){if(f==null)return d.test(c)?c==="@"?null:{start:b,userOrDomain:"user
2024-07-16 09:07:50 UTC	1500	IN	Data Raw: 2e 5f 72 61 74 65 4d 53 3d 63 7d 68 28 62 2c 5b 7b 6b 65 79 3a 22 5f 70 61 73 73 65 73 54 68 72 6f 74 74 6c 65 49 6d 70 6c 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 74 68 69 73 2e 5f 6c 61 73 74 41 72 67 73 3b 69 66 28 61 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 21 30 3b 76 61 72 20 62 3d 44 61 74 65 2e 6e 6f 77 28 29 2c 63 3d 62 2d 74 68 69 73 2e 5f 6c 61 73 74 54 69 6d 65 3b 69 66 28 63 3e 3d 74 68 69 73 2e 5f 72 61 74 65 4d 53 29 72 65 74 75 72 6e 21 30 3b 66 6f 72 28 76 61 72 20 64 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 65 3d 41 72 72 61 79 28 64 29 2c 66 3d 30 3b 66 3c 64 3b 66 2b 2b 29 65 5b 66 5d 3d 61 72 67 75 6d 65 6e 74 73 5b 66 5d 3b 69 66 28 61 2e 6c 65 6e 67 74 68 21 3d 3d 65 2e 6c 65 6e 67 74 68 Data Ascii: ._rateMS=c}h(b,[{key:"_passesThrottleImpl",value:function(){var a=this._lastArgs;if(a==null)return!0;var b=Date.now(),c=b-this._lastTime;if(c>=this._rateMS)return!0;for(var d=arguments.length,e=Array(d),f=0;f<d;f++)e[f]=arguments[f];if(a.length!==e.length
2024-07-16 09:07:50 UTC	1064	IN	Data Raw: 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 28 22 73 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 45 78 74 72 61 63 74 46 72 6f 6d 49 6e 70 75 74 73 22 29 2c 42 3d 6e 65 77 20 74 28 29 2c 43 3d 66 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 28 22 73 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 44 6f 41 75 74 6f 6d 61 74 69 63 4d 61 74 63 68 69 6e 67 22 29 2c 44 3d 31 30 30 3b 66 75 6e 63 74 69 6f 6e 20 45 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 62 21 3d 6e 75 6c 6c 26 26 62 2e 62 75 74 74 6f 6e 53 65 6c 65 63 74 6f 72 3d 3d 3d 22 65 78 74 65 6e 64 65 64 22 7d 66 75 6e 63 74 69 6f 6e 20 46 28 62 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 63 29 7b 69 66 28 62 2e 64 69 73 61 62 6c 65 41 75 74 6f 43 6f 6e 66 69 67 29 72 65 74 75 Data Ascii: .getFbeventsModules("signalsFBEventsExtractFromInputs"),B=new t(),C=f.getFbeventsModules("signalsFBEventsDoAutomaticMatching"),D=100;function E(a,b){return b!=null&&b.buttonSelector==="extended"}function F(b){return function(c){if(b.disableAutoConfig)retu
2024-07-16 09:07:50 UTC	1500	IN	Data Raw: 2e 69 64 2c 22 49 6e 66 65 72 72 65 64 45 76 65 6e 74 73 22 29 3b 69 66 28 21 67 29 72 65 74 75 72 6e 3b 67 3d 61 2e 6f 70 74 49 6e 73 2e 69 73 4f 70 74 65 64 49 6e 28 62 2e 69 64 2c 22 41 75 74 6f 6d 61 74 69 63 4d 61 74 63 68 69 6e 67 22 29 3b 69 66 28 21 67 29 72 65 74 75 72 6e 3b 67 3d 63 3d 3d 6e 75 6c 6c 3b 65 3d 41 28 7b 62 75 74 74 6f 6e 3a 65 2c 63 6f 6e 74 61 69 6e 65 72 45 6c 65 6d 65 6e 74 3a 67 3f 68 3a 63 2c 73 68 6f 75 6c 64 45 78 74 72 61 63 74 55 73 65 72 44 61 74 61 3a 21 30 7d 29 3b 67 3d 65 2e 75 73 65 72 44 61 74 61 3b 67 3d 3d 6e 75 6c 6c 3f 64 2e 74 72 69 67 67 65 72 28 62 29 3a 43 28 61 2c 62 2c 67 2c 66 29 7d 75 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 6b 28 62 2c 61 29 3b 66 75 6e 63 74 69 6f 6e 20 62 28 29 7b 76 61 72 20 61 2c 63 Data Ascii: .id,"InferredEvents");if(!g)return;g=a.optIns.isOptedIn(b.id,"AutomaticMatching");if(!g)return;g=c==null;e=A({button:e,containerElement:g?h:c,shouldExtractUserData:!0});g=e.userData;g==null?d.trigger(b):C(a,b,g,f)}u=function(a){k(b,a);function b(){var a,c

Timestamp	Bytes transferred	Direction	Data
2024-07-16 09:07:50 UTC	757	OUT	POST /record HTTP/1.1 Host: fanlink.tv Connection: keep-alive Content-Length: 19 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-Type: application/json csrf-token: OEDMsza4-jH2WHwju4pkgbvqZA9zXJnOKyBo sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://hantal.fanlink.tv Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://hantal.fanlink.tv/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: connect.sid=s%3A%3Ajw-gv87-E4p7sg9HsYEsAMhVSg-w3L8O.MIliprg5vOwXEvyoBgTvdOq5iNhUlP7K%2FKGXw7mfqv0
2024-07-16 09:07:50 UTC	19	OUT	Data Raw: 7b 22 6c 69 6e 6b 5f 69 64 22 3a 33 31 35 37 32 36 37 7d Data Ascii: {"link_id":3157267}
2024-07-16 09:07:51 UTC	746	IN	HTTP/1.1 200 OK X-Powered-By: Express X-Nerd-Alert: Like React.js? Flux? Node? We want you! eventbritecareers.com Strict-Transport-Security: max-age=31536000000; includeSubDomains Access-Control-Allow-Origin: https://hantal.fanlink.tv Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS Access-Control-Allow-Headers: X-Requested-With Content-Type: application/json; charset=utf-8 Content-Length: 16 Set-Cookie: connect.sid=s%3A%3Ajw-gv87-E4p7sg9HsYEsAMhVSg-w3L8O.MIliprg5vOwXEvyoBgTvdOq5iNhUlP7K%2FKGXw7mfqv0; Domain=.fanlink.tv; Path=/; Expires=Tue, 23 Jul 2024 09:07:51 GMT; HttpOnly; Secure; SameSite=None Vary: Accept-Encoding Date: Tue, 16 Jul 2024 09:07:51 GMT Connection: close
2024-07-16 09:07:51 UTC	15	IN	Data Raw: 7b 22 73 75 63 63 65 73 73 22 3a 74 72 75 65 Data Ascii: {"success":true
2024-07-16 09:07:51 UTC	1	IN	Data Raw: 7d Data Ascii: }

Timestamp	Bytes transferred	Direction	Data
2024-07-16 09:07:50 UTC	705	OUT	POST /api/v1/analytics/events HTTP/1.1 Host: www.toneden.io Connection: keep-alive Content-Length: 103 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/json Accept: application/json csrf-token: OEDMsza4-jH2WHwju4pkgbvqZA9zXJnOKyBo ui-version: 1.231 sec-ch-ua-platform: "Windows" Origin: https://hantal.fanlink.tv Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://hantal.fanlink.tv/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-16 09:07:50 UTC	103	OUT	Data Raw: 7b 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 68 6f 72 74 6c 69 6e 6b 5f 75 73 65 72 5f 69 64 22 3a 22 22 2c 22 73 75 62 6a 65 63 74 22 3a 33 31 35 37 32 36 37 2c 22 73 75 62 6a 65 63 74 5f 6f 77 6e 65 72 22 3a 37 31 33 39 36 33 39 30 2c 22 74 79 70 65 22 3a 22 6c 69 6e 6b 5f 63 6c 69 63 6b 65 64 22 7d Data Ascii: {"referrer":"","shortlink_user_id":"","subject":3157267,"subject_owner":71396390,"type":"link_clicked"}
2024-07-16 09:07:51 UTC	536	IN	HTTP/1.1 200 OK X-Powered-By: Express X-Nerd-Alert: Hacking us? Why not work for us instead? eventbritecareers.com Strict-Transport-Security: max-age=31536000000; includeSubDomains Access-Control-Allow-Origin: https://hantal.fanlink.tv Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS Access-Control-Allow-Headers: X-Requested-With Content-Type: application/json; charset=utf-8 Content-Length: 16 Vary: Accept-Encoding Date: Tue, 16 Jul 2024 09:07:51 GMT Connection: close
2024-07-16 09:07:51 UTC	16	IN	Data Raw: 7b 22 73 75 63 63 65 73 73 22 3a 74 72 75 65 7d Data Ascii: {"success":true}

Timestamp	Bytes transferred	Direction	Data
2024-07-16 09:07:51 UTC	603	OUT	GET /en_US/sdk.js?hash=9b55e92af037d3d9593154a913c9fd79 HTTP/1.1 Host: connect.facebook.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://hantal.fanlink.tv sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://hantal.fanlink.tv/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-16 09:07:51 UTC	1901	IN	HTTP/1.1 200 OK Vary: Accept-Encoding Access-Control-Expose-Headers: X-FB-Content-MD5 x-fb-content-md5: 95237e4f877118ff1c77267c54bb1b98 ETag: "f6fa002aef59bf7ae7e3b5ba09699d7d" Content-Type: application/x-javascript; charset=utf-8 timing-allow-origin: * Access-Control-Allow-Origin: * content-md5: lSN+T4dxGP8cdyZ8VLsbmA== Expires: Wed, 16 Jul 2025 09:07:13 GMT Cache-Control: public,max-age=31536000,stale-while-revalidate=3600,immutable reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" document-policy: force-load-at-top permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" cross-origin-resource-policy: cross-origin cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report" cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report" X-Content-Type-Options: nosniff
2024-07-16 09:07:51 UTC	878	IN	Data Raw: 72 65 70 6f 72 74 2d 74 6f 3a 20 7b 22 6d 61 78 5f 61 67 65 22 3a 32 35 39 32 30 30 30 2c 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 62 72 6f 77 73 65 72 5f 72 65 70 6f 72 74 69 6e 67 5c 2f 63 6f 6f 70 5c 2f 3f 6d 69 6e 69 6d 69 7a 65 3d 30 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 6f 6f 70 5f 72 65 70 6f 72 74 22 2c 22 69 6e 63 6c 75 64 65 5f 73 75 62 64 6f 6d 61 69 6e 73 22 3a 74 72 75 65 7d 2c 20 7b 22 6d 61 78 5f 61 67 65 22 3a 38 36 34 30 30 2c 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 2f 62 72 6f 77 73 65 72 5f 72 65 70 6f 72 74 69 6e 67 5c 2f 63 Data Ascii: report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/c
2024-07-16 09:07:51 UTC	1	IN	Data Raw: 2f Data Ascii: /
2024-07-16 09:07:51 UTC	15018	IN	Data Raw: 2a 31 37 32 31 31 32 30 38 33 33 2c 2c 4a 49 54 20 43 6f 6e 73 74 72 75 63 74 69 6f 6e 3a 20 76 31 30 31 34 39 30 39 31 36 34 2c 65 6e 5f 55 53 2a 2f 0a 0a 2f 2a 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 31 37 2d 70 72 65 73 65 6e 74 2c 20 46 61 63 65 62 6f 6f 6b 2c 20 49 6e 63 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 20 2a 0a 20 2a 20 59 6f 75 20 61 72 65 20 68 65 72 65 62 79 20 67 72 61 6e 74 65 64 20 61 20 6e 6f 6e 2d 65 78 63 6c 75 73 69 76 65 2c 20 77 6f 72 6c 64 77 69 64 65 2c 20 72 6f 79 61 6c 74 79 2d 66 72 65 65 20 6c 69 63 65 6e 73 65 20 74 6f 20 75 73 65 2c 0a 20 2a 20 63 6f 70 79 2c 20 6d 6f 64 69 66 79 2c 20 61 6e 64 20 64 69 73 74 72 69 62 75 74 65 20 74 68 69 73 20 73 6f 66 74 77 61 72 65 20 Data Ascii: 1721120833,,JIT Construction: v1014909164,en_US//** * Copyright (c) 2017-present, Facebook, Inc. All rights reserved. * * You are hereby granted a non-exclusive, worldwide, royalty-free license to use, * copy, modify, and distribute this software
2024-07-16 09:07:51 UTC	16384	IN	Data Raw: 68 61 72 41 74 28 63 29 7d 7d 72 65 74 75 72 6e 20 62 2b 27 22 27 7d 2c 49 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 76 61 72 20 68 2c 69 2c 6a 2c 6b 2c 6d 2c 72 2c 73 2c 74 2c 7a 2c 42 3b 74 72 79 7b 68 3d 62 5b 61 5d 7d 63 61 74 63 68 28 61 29 7b 7d 69 66 28 74 79 70 65 6f 66 20 68 3d 3d 22 6f 62 6a 65 63 74 22 26 26 68 29 7b 69 3d 6e 2e 63 61 6c 6c 28 68 29 3b 69 66 28 69 3d 3d 75 26 26 21 6f 2e 63 61 6c 6c 28 68 2c 22 74 6f 4a 53 4f 4e 22 29 29 69 66 28 68 3e 2d 31 2f 30 26 26 68 3c 31 2f 30 29 7b 69 66 28 43 29 7b 6d 3d 41 28 68 2f 38 36 34 65 35 29 3b 66 6f 72 28 6a 3d 41 28 6d 2f 33 36 35 2e 32 34 32 35 29 2b 31 39 37 30 2d 31 3b 43 28 6a 2b 31 2c 30 29 3c 3d 6d 3b 6a 2b 2b 29 3b 66 6f 72 28 6b 3d 41 28 28 6d 2d 43 Data Ascii: harAt(c)}}return b+'"'},I=function(a,b,c,d,e,f,g){var h,i,j,k,m,r,s,t,z,B;try{h=b[a]}catch(a){}if(typeof h=="object"&&h){i=n.call(h);if(i==u&&!o.call(h,"toJSON"))if(h>-1/0&&h<1/0){if(C){m=A(h/864e5);for(j=A(m/365.2425)+1970-1;C(j+1,0)<=m;j++);for(k=A((m-C
2024-07-16 09:07:51 UTC	16384	IN	Data Raw: 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 66 72 6f 6d 28 23 37 33 38 61 62 61 29 2c 20 74 6f 28 23 32 63 34 39 38 37 29 29 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 30 34 33 62 38 37 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 77 68 69 74 65 20 30 20 31 70 78 20 31 70 78 20 2d 31 70 78 20 69 6e 73 65 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 3a 62 6f 6c 64 20 31 34 70 78 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c 6c 69 70 73 69 73 3b 74 65 78 74 2d 73 68 61 64 6f 77 3a 72 67 62 61 28 30 2c 20 33 30 2c 20 38 34 2c 20 2e 32 39 36 38 37 35 29 20 30 20 2d 31 70 78 20 30 3b 76 65 72 74 69 63 61 Data Ascii: und:linear-gradient(from(#738aba), to(#2c4987));border-bottom:1px solid;border-color:#043b87;box-shadow:white 0 1px 1px -1px inset;color:#fff;font:bold 14px Helvetica, sans-serif;text-overflow:ellipsis;text-shadow:rgba(0, 30, 84, .296875) 0 -1px 0;vertica
2024-07-16 09:07:51 UTC	16384	IN	Data Raw: 6c 48 65 6c 70 65 72 73 2e 69 6e 68 65 72 69 74 73 4c 6f 6f 73 65 28 62 2c 61 29 3b 66 75 6e 63 74 69 6f 6e 20 62 28 62 2c 63 29 7b 76 61 72 20 64 3b 64 3d 61 2e 63 61 6c 6c 28 74 68 69 73 2c 62 21 3d 3d 6e 75 6c 6c 26 26 62 21 3d 3d 76 6f 69 64 20 30 3f 62 3a 22 22 29 7c 7c 74 68 69 73 3b 62 21 3d 3d 6e 75 6c 6c 26 26 62 21 3d 3d 76 6f 69 64 20 30 3f 64 2e 6d 65 73 73 61 67 65 3d 62 3a 64 2e 6d 65 73 73 61 67 65 3d 22 22 3b 64 2e 69 6e 6e 65 72 45 72 72 6f 72 3d 63 3b 72 65 74 75 72 6e 20 64 7d 72 65 74 75 72 6e 20 62 7d 28 62 61 62 65 6c 48 65 6c 70 65 72 73 2e 77 72 61 70 4e 61 74 69 76 65 53 75 70 65 72 28 45 72 72 6f 72 29 29 3b 66 5b 22 64 65 66 61 75 6c 74 22 5d 3d 61 7d 29 2c 36 36 29 3b 0a 5f 5f 64 28 22 6e 6f 72 6d 61 6c 69 7a 65 45 72 72 6f 72 Data Ascii: lHelpers.inheritsLoose(b,a);function b(b,c){var d;d=a.call(this,b!==null&&b!==void 0?b:"")\|\|this;b!==null&&b!==void 0?d.message=b:d.message="";d.innerError=c;return d}return b}(babelHelpers.wrapNativeSuper(Error));f["default"]=a}),66);__d("normalizeError
2024-07-16 09:07:51 UTC	1500	IN	Data Raw: 41 70 70 56 65 72 73 69 6f 6e 3a 78 2c 63 6c 65 61 72 41 70 70 56 65 72 73 69 6f 6e 3a 79 2c 45 76 65 6e 74 4e 61 6d 65 73 3a 68 2c 50 61 72 61 6d 65 74 65 72 4e 61 6d 65 73 3a 6a 7d 29 3b 67 2e 61 73 73 65 72 74 47 65 74 56 61 6c 69 64 41 70 70 49 44 3d 41 3b 67 2e 61 73 73 65 72 74 56 61 6c 69 64 55 73 65 72 50 72 6f 70 65 72 74 69 65 73 3d 42 3b 67 2e 61 73 73 65 72 74 56 61 6c 69 64 45 76 65 6e 74 4e 61 6d 65 3d 43 3b 67 2e 61 73 73 65 72 74 56 61 6c 69 64 41 70 70 56 65 72 73 69 6f 6e 3d 44 3b 67 2e 61 73 73 65 72 74 56 61 6c 69 64 55 73 65 72 49 44 3d 45 3b 67 2e 41 70 70 45 76 65 6e 74 73 3d 61 7d 29 2c 39 38 29 3b 0a 5f 5f 64 28 22 73 64 6b 2e 45 76 65 6e 74 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 22 75 Data Ascii: AppVersion:x,clearAppVersion:y,EventNames:h,ParameterNames:j});g.assertGetValidAppID=A;g.assertValidUserProperties=B;g.assertValidEventName=C;g.assertValidAppVersion=D;g.assertValidUserID=E;g.AppEvents=a}),98);__d("sdk.Event",[],(function(a,b,c,d,e,f){"u
2024-07-16 09:07:51 UTC	14884	IN	Data Raw: 5f 5f 64 28 22 73 64 6b 2e 41 75 74 68 53 74 61 74 65 22 2c 5b 22 73 64 6b 2e 41 75 74 68 55 74 69 6c 73 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 68 3d 69 28 29 3b 66 75 6e 63 74 69 6f 6e 20 69 28 29 7b 76 61 72 20 61 3d 7b 69 67 41 75 74 68 52 65 73 70 6f 6e 73 65 3a 6e 75 6c 6c 2c 66 62 41 75 74 68 52 65 73 70 6f 6e 73 65 3a 6e 75 6c 6c 2c 66 62 4c 6f 67 69 6e 53 74 61 74 75 73 3a 6e 75 6c 6c 2c 69 67 4c 6f 67 69 6e 53 74 61 74 75 73 3a 6e 75 6c 6c 7d 3b 72 65 74 75 72 6e 7b 63 75 72 72 65 6e 74 41 75 74 68 52 65 73 70 6f 6e 73 65 3a 6e 75 6c 6c 2c 73 68 6f 75 6c 64 53 65 63 6f 6e 64 4c 6f 67 69 6e 52 65 71 75 65 73 74 54 69 6d 65 4f 75 74 3a 21 31 2c 6d 69 78 Data Ascii: __d("sdk.AuthState",["sdk.AuthUtils"],(function(a,b,c,d,e,f,g){"use strict";var h=i();function i(){var a={igAuthResponse:null,fbAuthResponse:null,fbLoginStatus:null,igLoginStatus:null};return{currentAuthResponse:null,shouldSecondLoginRequestTimeOut:!1,mix
2024-07-16 09:07:51 UTC	16384	IN	Data Raw: 20 72 28 61 29 7b 71 28 29 3b 76 61 72 20 63 3d 62 28 22 70 65 72 66 6f 72 6d 61 6e 63 65 4e 6f 77 53 69 6e 63 65 41 70 70 53 74 61 72 74 22 29 28 29 2c 64 3d 6f 2e 67 65 74 28 61 29 3b 69 66 28 64 3d 3d 6e 75 6c 6c 29 7b 6f 2e 73 65 74 28 61 2c 7b 64 72 6f 70 70 65 64 3a 30 2c 6c 6f 67 67 65 64 3a 5b 63 5d 2c 6c 61 73 74 41 63 63 65 73 73 65 64 3a 63 7d 29 3b 72 65 74 75 72 6e 20 31 7d 61 3d 64 2e 64 72 6f 70 70 65 64 3b 76 61 72 20 65 3d 64 2e 6c 6f 67 67 65 64 3b 64 2e 6c 61 73 74 41 63 63 65 73 73 65 64 3d 63 3b 77 68 69 6c 65 28 65 5b 30 5d 3c 63 2d 6d 29 65 2e 73 68 69 66 74 28 29 3b 69 66 28 65 2e 6c 65 6e 67 74 68 3c 6c 29 7b 64 2e 64 72 6f 70 70 65 64 3d 30 3b 65 2e 70 75 73 68 28 63 29 3b 72 65 74 75 72 6e 20 61 2b 31 7d 65 6c 73 65 7b 64 2e 64 Data Ascii: r(a){q();var c=b("performanceNowSinceAppStart")(),d=o.get(a);if(d==null){o.set(a,{dropped:0,logged:[c],lastAccessed:c});return 1}a=d.dropped;var e=d.logged;d.lastAccessed=c;while(e[0]<c-m)e.shift();if(e.length<l){d.dropped=0;e.push(c);return a+1}else{d.d
2024-07-16 09:07:51 UTC	16384	IN	Data Raw: 28 70 29 3b 6c 2e 6d 65 74 61 64 61 74 61 3d 45 53 28 22 41 72 72 61 79 22 2c 22 66 72 6f 6d 22 2c 21 31 2c 71 2e 76 61 6c 75 65 73 28 29 29 7d 69 66 28 65 2e 6c 65 6e 67 74 68 3e 30 29 7b 69 66 28 6c 2e 65 76 65 6e 74 73 21 3d 6e 75 6c 6c 29 7b 76 61 72 20 72 3b 28 72 3d 6c 2e 65 76 65 6e 74 73 29 2e 70 75 73 68 2e 61 70 70 6c 79 28 72 2c 65 29 7d 65 6c 73 65 20 6c 2e 65 76 65 6e 74 73 3d 5b 5d 2e 63 6f 6e 63 61 74 28 65 29 3b 69 66 28 6c 2e 65 76 65 6e 74 73 21 3d 6e 75 6c 6c 26 26 6c 2e 65 76 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 79 61 29 7b 76 61 72 20 73 3d 6c 2e 65 76 65 6e 74 73 2e 6c 65 6e 67 74 68 2d 79 61 3b 6c 2e 65 76 65 6e 74 73 2e 73 70 6c 69 63 65 28 30 2c 73 2b 31 2c 22 3c 66 69 72 73 74 20 22 2b 73 2b 22 20 65 76 65 6e 74 73 20 6f 6d 69 74 Data Ascii: (p);l.metadata=ES("Array","from",!1,q.values())}if(e.length>0){if(l.events!=null){var r;(r=l.events).push.apply(r,e)}else l.events=[].concat(e);if(l.events!=null&&l.events.length>ya){var s=l.events.length-ya;l.events.splice(0,s+1,"<first "+s+" events omit

Timestamp	Bytes transferred	Direction	Data
2024-07-16 09:07:51 UTC	570	OUT	GET /production/v2/toneden.js HTTP/1.1 Host: sd.toneden.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://hantal.fanlink.tv sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://hantal.fanlink.tv/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-16 09:07:52 UTC	563	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Content-Length: 144884 Connection: close Date: Tue, 16 Jul 2024 09:07:52 GMT Last-Modified: Mon, 13 Feb 2017 00:32:38 GMT ETag: "da4bf68ea0f8cffa6ea439d7608d52cf" Content-Encoding: gzip Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 eda2686dad6c190a4b0f18db47e39f0a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: AMS1-P3 X-Amz-Cf-Id: -8mmGdSdLPZfYm6JQyJT40TfOHx3qyCWmLc1y9R99rdm8PGfqeKyPQ== Cache-Control: max-age=691200 Access-Control-Allow-Origin: *
2024-07-16 09:07:52 UTC	15345	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 03 e4 bd 7b 77 1b b9 b5 27 fa ff 7c 0a 8a 49 dc 64 44 d1 a2 2c bf 48 b3 15 b7 ed 3e e3 19 b7 9d db ed 9c dc 59 b2 a2 94 c8 a2 54 31 55 c5 a9 2a da 56 64 cd 67 9f df 6f 03 1b 40 3d 48 c9 dd 39 eb 9c bb 6e 7b b5 48 56 e1 b1 b1 b1 b1 df 00 3e c7 67 ab 68 f6 f1 7f 14 59 ba 7a 9f a5 f1 cb 38 fd e5 e5 ff ec 1d 8f 4e 06 c7 83 c5 3a 9d 95 49 96 f6 e2 41 39 48 fb d7 fa bb 93 f7 e2 fe 75 d2 b3 15 86 ab 28 8f 2e e3 32 ce 8b 41 dc bf 71 a5 b2 5e ff ba 59 64 38 8f cf d6 e7 f7 ee cd b2 b4 c8 96 b1 f9 39 8c 56 ab e5 55 cf 3e 1b 44 f9 f9 fa 32 4e cb a2 7f 93 f6 0e fa 93 4f 51 de 49 a6 69 6f 34 ea 0f 22 7c 1e 1e f6 07 05 3e 1f 3d ed 0f d6 7c 7e b8 df 1f 2c f1 e5 60 1f 25 66 f2 e5 41 7f b0 9a f6 f8 e8 a0 3f c0 c7 e8 69 bf 3f 59 f6 ba 16 a2 f7 39 Data Ascii: {w'\|IdD,H>YT1U*Vdgo@=H9n{HV>ghYz8N:IA9Hu(.2Aq^Yd89VU>D2NOQIio4"\|>=\|~,`%fA?i?Y9
2024-07-16 09:07:52 UTC	346	IN	Data Raw: fb 57 4c e0 c6 25 fc af 9e 45 d3 d1 ff bf 26 b2 85 05 93 05 15 3c d2 80 8c a9 e5 3d d2 9d 3d 5b 42 fa 73 45 5a 64 b7 4b 8b 3b 68 d3 d4 91 20 98 4f 35 8b ca 88 ef 18 e9 28 56 43 22 5c d4 f5 e0 c1 42 b9 d8 06 b9 ba 9d 17 d4 59 2c fd 72 41 d8 45 c2 b5 f4 f7 ee 2e 14 c3 bf 0f bb d6 62 e8 76 2b d2 c4 74 81 cd 8c f4 5e b4 8c 9a fd 78 cf 57 65 83 0b 55 08 0d b3 a5 a1 26 0a 9d 62 98 02 ca af 5f 8d 21 1c c4 86 12 8c 90 5c 36 18 93 2a b3 80 80 c1 49 57 49 19 6e 07 6e 54 23 ba 4f 45 7d 1e 7e 22 53 26 c7 30 ba 0b 36 b2 0f b1 4b 87 7b 34 87 f5 12 0c 4c ac 7b df bd 82 ce d9 91 1b 18 c5 aa 82 61 25 99 7f b0 fd 70 51 30 b2 3f f1 c5 a6 a3 19 5e 05 93 30 81 13 b7 c3 dd 3f 5d 49 46 1b 7e 47 01 53 0d b2 59 49 fc 51 37 23 62 ff 7f af fb e2 22 01 27 c9 e4 18 03 97 e4 26 ad d2 Data Ascii: WL%E&<==[BsEZdK;h O5(VC"\BY,rAE.bv+t^xWeU&b_!\6*IWInnT#OE}~"S&06K{4L{a%pQ0?^0?]IF~GSYIQ7#b"'&

Timestamp	Bytes transferred	Direction	Data
2024-07-16 09:07:51 UTC	1161	OUT	GET /signals/config/1711912442390284?v=2.9.161&r=stable&domain=hantal.fanlink.tv&hme=e67e7d148043b3a377ad0eb1c82669792a67ba5e3bb5734b69e611ae38f939ca&ex_m=68%2C115%2C102%2C106%2C59%2C3%2C95%2C67%2C15%2C92%2C85%2C49%2C52%2C163%2C166%2C178%2C174%2C175%2C177%2C28%2C96%2C51%2C74%2C176%2C158%2C161%2C171%2C172%2C179%2C124%2C39%2C33%2C136%2C14%2C48%2C184%2C183%2C126%2C17%2C38%2C1%2C41%2C63%2C64%2C65%2C69%2C89%2C16%2C13%2C91%2C88%2C87%2C103%2C50%2C105%2C37%2C104%2C29%2C25%2C159%2C162%2C133%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C55%2C60%2C62%2C72%2C97%2C26%2C73%2C8%2C7%2C77%2C46%2C20%2C99%2C98%2C100%2C93%2C9%2C19%2C18%2C82%2C54%2C80%2C32%2C71%2C0%2C90%2C31%2C79%2C84%2C45%2C44%2C83%2C36%2C4%2C86%2C78%2C42%2C34%2C81%2C2%2C35%2C61%2C40%2C101%2C43%2C76%2C66%2C107%2C58%2C57%2C30%2C94%2C56%2C53%2C47%2C75%2C70%2C23%2C108 HTTP/1.1 Host: connect.facebook.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-16 09:07:52 UTC	1465	IN	HTTP/1.1 200 OK Vary: Accept-Encoding Content-Type: application/x-javascript; charset=utf-8 timing-allow-origin: * reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-security-policy: default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; document-policy: force-load-at-top
2024-07-16 09:07:52 UTC	1731	IN	Data Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 61 74 74 65 72 79 3d 28 73 65 6c 66 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 63 61 6d 65 72 61 3d 28 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63 68 2d 76 69 65 77 70 6f 72 74 2d 68 65 69 67 68 Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-heigh
2024-07-16 09:07:52 UTC	1500	IN	Data Raw: 2f 2a 2a 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 31 37 2d 70 72 65 73 65 6e 74 2c 20 46 61 63 65 62 6f 6f 6b 2c 20 49 6e 63 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 2a 0a 2a 20 59 6f 75 20 61 72 65 20 68 65 72 65 62 79 20 67 72 61 6e 74 65 64 20 61 20 6e 6f 6e 2d 65 78 63 6c 75 73 69 76 65 2c 20 77 6f 72 6c 64 77 69 64 65 2c 20 72 6f 79 61 6c 74 79 2d 66 72 65 65 20 6c 69 63 65 6e 73 65 20 74 6f 20 75 73 65 2c 0a 2a 20 63 6f 70 79 2c 20 6d 6f 64 69 66 79 2c 20 61 6e 64 20 64 69 73 74 72 69 62 75 74 65 20 74 68 69 73 20 73 6f 66 74 77 61 72 65 20 69 6e 20 73 6f 75 72 63 65 20 63 6f 64 65 20 6f 72 20 62 69 6e 61 72 79 20 66 6f 72 6d 20 66 6f 72 20 75 73 65 0a 2a 20 69 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 77 69 Data Ascii: /* Copyright (c) 2017-present, Facebook, Inc. All rights reserved. You are hereby granted a non-exclusive, worldwide, royalty-free license to use,* copy, modify, and distribute this software in source code or binary form for use* in connection wi
2024-07-16 09:07:52 UTC	1500	IN	Data Raw: 75 72 6e 21 30 7d 28 29 29 72 65 74 75 72 6e 3b 76 61 72 20 67 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 28 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 3a 22 40 40 69 74 65 72 61 74 6f 72 22 29 3d 3d 3d 22 73 79 6d 62 6f 6c 22 3f 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 61 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 26 26 61 21 3d 3d 28 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 Data Ascii: urn!0}())return;var g=typeof Symbol==="function"&&typeof (typeof Symbol==="function"?Symbol.iterator:"@@iterator")==="symbol"?function(a){return typeof a}:function(a){return a&&typeof Symbol==="function"&&a.constructor===Symbol&&a!==(typeof Symbol==="func
2024-07-16 09:07:52 UTC	1500	IN	Data Raw: 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3f 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 28 61 2c 62 29 3a 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 62 29 7d 66 75 6e 63 74 69 6f 6e 20 6c 28 61 2c 62 29 7b 69 66 28 21 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 62 29 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 43 61 6e 6e 6f 74 20 63 61 6c 6c 20 61 20 63 6c 61 73 73 20 61 73 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 7d 66 2e 5f 5f 66 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 7c 7c 28 66 2e 5f 5f 66 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 3d 7b 7d 2c 66 2e 5f 5f 66 62 65 76 65 6e 74 73 52 65 73 6f 6c 76 65 64 4d 6f 64 75 6c 65 73 3d 7b 7d 2c 66 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 3d Data Ascii: Object.setPrototypeOf?Object.setPrototypeOf(a,b):a.__proto__=b)}function l(a,b){if(!(a instanceof b))throw new TypeError("Cannot call a class as a function")}f.__fbeventsModules\|\|(f.__fbeventsModules={},f.__fbeventsResolvedModules={},f.getFbeventsModules=
2024-07-16 09:07:52 UTC	1020	IN	Data Raw: 61 2e 70 69 78 65 6c 3b 61 3d 61 2e 73 68 6f 75 6c 64 45 78 74 72 61 63 74 55 73 65 72 44 61 74 61 3b 76 61 72 20 6b 3d 61 26 26 69 3d 3d 6e 75 6c 6c 3b 69 3d 63 28 7b 62 75 74 74 6f 6e 3a 65 2c 63 6f 6e 74 61 69 6e 65 72 45 6c 65 6d 65 6e 74 3a 6b 3f 68 3a 69 2c 73 68 6f 75 6c 64 45 78 74 72 61 63 74 55 73 65 72 44 61 74 61 3a 61 7d 29 3b 61 3d 64 28 29 3b 76 61 72 20 6c 3d 69 2e 66 6f 72 6d 46 69 65 6c 64 46 65 61 74 75 72 65 73 3b 69 3d 69 2e 75 73 65 72 44 61 74 61 3b 66 3d 7b 62 75 74 74 6f 6e 46 65 61 74 75 72 65 73 3a 66 2c 62 75 74 74 6f 6e 54 65 78 74 3a 67 2c 66 6f 72 6d 46 65 61 74 75 72 65 73 3a 6b 3f 5b 5d 3a 6c 2c 70 61 67 65 46 65 61 74 75 72 65 73 3a 61 2c 70 61 72 61 6d 65 74 65 72 73 3a 62 2e 74 72 69 67 67 65 72 28 7b 70 69 78 65 6c 3a Data Ascii: a.pixel;a=a.shouldExtractUserData;var k=a&&i==null;i=c({button:e,containerElement:k?h:i,shouldExtractUserData:a});a=d();var l=i.formFieldFeatures;i=i.userData;f={buttonFeatures:f,buttonText:g,formFeatures:k?[]:l,pageFeatures:a,parameters:b.trigger({pixel:
2024-07-16 09:07:52 UTC	1500	IN	Data Raw: 65 78 70 6f 72 74 73 7d 28 61 2c 62 2c 63 2c 64 29 7d 29 3b 0a 66 2e 65 6e 73 75 72 65 4d 6f 64 75 6c 65 52 65 67 69 73 74 65 72 65 64 28 22 73 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 45 78 74 72 61 63 74 46 72 6f 6d 49 6e 70 75 74 73 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 67 2c 68 2c 6a 2c 6b 29 7b 76 61 72 20 6c 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 6c 2e 65 78 70 6f 72 74 73 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 61 3d 66 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 28 22 53 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 46 65 61 74 75 72 65 43 6f 75 6e 74 65 72 22 29 2c 62 3d 66 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 28 Data Ascii: exports}(a,b,c,d)});f.ensureModuleRegistered("signalsFBEventsExtractFromInputs",function(){return function(g,h,j,k){var l={exports:{}};l.exports;(function(){"use strict";var a=f.getFbeventsModules("SignalsFBEventsFeatureCounter"),b=f.getFbeventsModules(
2024-07-16 09:07:52 UTC	1500	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 61 28 29 7b 6c 28 74 68 69 73 2c 61 29 2c 74 68 69 73 2e 5f 66 65 61 74 75 72 65 73 3d 7b 7d 7d 68 28 61 2c 5b 7b 6b 65 79 3a 22 69 6e 63 72 65 6d 65 6e 74 41 6e 64 47 65 74 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 5f 66 65 61 74 75 72 65 73 5b 61 5d 3d 3d 6e 75 6c 6c 26 26 28 74 68 69 73 2e 5f 66 65 61 74 75 72 65 73 5b 61 5d 3d 30 29 3b 74 68 69 73 2e 5f 66 65 61 74 75 72 65 73 5b 61 5d 2b 2b 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 66 65 61 74 75 72 65 73 5b 61 5d 7d 7d 5d 29 3b 72 65 74 75 72 6e 20 61 7d 28 29 3b 6b 2e 65 78 70 6f 72 74 73 3d 61 7d 29 28 29 3b 72 65 74 75 72 6e 20 6b 2e 65 78 70 6f 72 74 73 7d 28 61 2c 62 2c 63 2c 64 29 7d 29 3b 0a 66 2e 65 6e Data Ascii: unction(){function a(){l(this,a),this._features={}}h(a,[{key:"incrementAndGet",value:function(a){this._features[a]==null&&(this._features[a]=0);this._features[a]++;return this._features[a]}}]);return a}();k.exports=a})();return k.exports}(a,b,c,d)});f.en
2024-07-16 09:07:52 UTC	1500	IN	Data Raw: 5b 5c 64 5d 2b 28 5c 2e 5b 5c 64 5d 2b 29 3f 2f 67 3b 66 75 6e 63 74 69 6f 6e 20 6c 28 61 29 7b 61 3d 61 3b 77 68 69 6c 65 28 2f 5c 64 5c 2e 5c 64 2f 2e 74 65 73 74 28 61 29 29 61 3d 61 2e 72 65 70 6c 61 63 65 28 6a 2c 22 30 22 29 3b 61 3d 61 2e 72 65 70 6c 61 63 65 28 6a 2c 22 30 22 29 3b 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 61 29 7b 72 65 74 75 72 6e 7b 73 61 66 65 3a 6c 28 69 28 61 29 29 7d 7d 6b 2e 65 78 70 6f 72 74 73 3d 6d 7d 29 28 29 3b 72 65 74 75 72 6e 20 6b 2e 65 78 70 6f 72 74 73 7d 28 61 2c 62 2c 63 2c 64 29 7d 29 3b 0a 66 2e 65 6e 73 75 72 65 4d 6f 64 75 6c 65 52 65 67 69 73 74 65 72 65 64 28 22 53 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 54 68 72 6f 74 74 6c 65 72 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 72 65 74 75 Data Ascii: [\d]+(\.[\d]+)?/g;function l(a){a=a;while(/\d\.\d/.test(a))a=a.replace(j,"0");a=a.replace(j,"0");return a}function m(a){return{safe:l(i(a))}}k.exports=m})();return k.exports}(a,b,c,d)});f.ensureModuleRegistered("SignalsFBEventsThrottler",function(){retu
2024-07-16 09:07:52 UTC	1500	IN	Data Raw: 78 74 72 61 63 74 46 6f 72 6d 2c 70 3d 62 2e 73 69 67 6e 61 6c 73 49 73 49 57 4c 45 6c 65 6d 65 6e 74 2c 71 3d 62 2e 73 69 67 6e 61 6c 73 45 78 74 72 61 63 74 42 75 74 74 6f 6e 46 65 61 74 75 72 65 73 2c 72 3d 62 2e 73 69 67 6e 61 6c 73 47 65 74 54 72 75 6e 63 61 74 65 64 42 75 74 74 6f 6e 54 65 78 74 2c 73 3d 62 2e 73 69 67 6e 61 6c 73 47 65 74 57 72 61 70 70 69 6e 67 42 75 74 74 6f 6e 3b 62 3d 66 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 28 22 53 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 50 6c 75 67 69 6e 22 29 3b 76 61 72 20 74 3d 66 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 28 22 53 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 54 68 72 6f 74 74 6c 65 72 22 29 2c 75 3d 66 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 Data Ascii: xtractForm,p=b.signalsIsIWLElement,q=b.signalsExtractButtonFeatures,r=b.signalsGetTruncatedButtonText,s=b.signalsGetWrappingButton;b=f.getFbeventsModules("SignalsFBEventsPlugin");var t=f.getFbeventsModules("SignalsFBEventsThrottler"),u=f.getFbeventsModule
2024-07-16 09:07:52 UTC	905	IN	Data Raw: 41 75 74 6f 43 6f 6e 66 69 67 29 72 65 74 75 72 6e 3b 76 61 72 20 67 3d 61 2e 6f 70 74 49 6e 73 2e 69 73 4f 70 74 65 64 49 6e 28 62 2e 69 64 2c 22 49 6e 66 65 72 72 65 64 45 76 65 6e 74 73 22 29 3b 69 66 28 21 67 29 72 65 74 75 72 6e 3b 67 3d 61 2e 6f 70 74 49 6e 73 2e 69 73 4f 70 74 65 64 49 6e 28 62 2e 69 64 2c 22 41 75 74 6f 6d 61 74 69 63 4d 61 74 63 68 69 6e 67 22 29 3b 69 66 28 21 67 29 72 65 74 75 72 6e 3b 67 3d 63 3d 3d 6e 75 6c 6c 3b 65 3d 41 28 7b 62 75 74 74 6f 6e 3a 65 2c 63 6f 6e 74 61 69 6e 65 72 45 6c 65 6d 65 6e 74 3a 67 3f 68 3a 63 2c 73 68 6f 75 6c 64 45 78 74 72 61 63 74 55 73 65 72 44 61 74 61 3a 21 30 7d 29 3b 67 3d 65 2e 75 73 65 72 44 61 74 61 3b 67 3d 3d 6e 75 6c 6c 3f 64 2e 74 72 69 67 67 65 72 28 62 29 3a 43 28 61 2c 62 2c 67 2c Data Ascii: AutoConfig)return;var g=a.optIns.isOptedIn(b.id,"InferredEvents");if(!g)return;g=a.optIns.isOptedIn(b.id,"AutomaticMatching");if(!g)return;g=c==null;e=A({button:e,containerElement:g?h:c,shouldExtractUserData:!0});g=e.userData;g==null?d.trigger(b):C(a,b,g,