Windows Analysis Report
http://www.facebook.com/groups/191802104561301/media/videos

Overview

General Information

Sample URL:	http://www.facebook.com/groups/191802104561301/media/videos
Analysis ID:	1416065
Infos:

Detection

Score:	20
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Downloads suspicious files via Chrome

Stores files to the Windows start menu directory

Classification

Signatures

Source: https://www.facebook.com/groups/191802104561301/media/videos

HTTP Parser: <input type="password" .../> found

Source: https://www.facebook.com/groups/191802104561301/media/videos	HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/groups/191802104561301/media/videos	HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/groups/191802104561301/media/videos	HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/groups/191802104561301/media/videos	HTTP Parser: No <meta name="author".. found

Source: https://www.facebook.com/groups/191802104561301/media/videos	HTTP Parser: No <meta name="copyright".. found
Source: https://www.facebook.com/groups/191802104561301/media/videos	HTTP Parser: No <meta name="copyright".. found
Source: https://www.facebook.com/groups/191802104561301/media/videos	HTTP Parser: No <meta name="copyright".. found
Source: https://www.facebook.com/groups/191802104561301/media/videos	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49836 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /groups/191802104561301/media/videos HTTP/1.1Host: www.facebook.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yQ/l/0,cross/3AyonyDMJju.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yo/r/noD1oQJiCYY.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3ivDB4/y6/l/en_US/LqVfMHTJ9_oMY3cWsxDsim6o4gQ-2xoQcC3aoXwX7mwI_CM1jY0vDUQEoYJkKWbHxzBQbCw57inkqSJQWbQFzxtGR4v5R_4lLcx1Rdzuzi16yg2P45ax7X-hYGc1wa-Oq19c8UFGgncWcrTOmPobANp9KHpDnYRWx5vjUQhP0HLNJLur35pXyNW5O2eLF_t-hPrgmOFx37sBU74Y3_eJMlvvhSHqcRl8uZh0wwKbKOFmYVL9vR980mk9ZOI-Ip55HfXW__mMMP-5hSGBbNbgFRlCsGN0FHzi95_wmB-51YxoStyBz2gE2pEQn4HVER6qmSdmQUrU48.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3iMvG4/yi/l/en_US/J6PEW1zkdET0dw91vX2QqCV5bVta2J7S4uCHGMZIDGEITtg2YRX4wVhDYvatkvPhoO.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3iQh04/yl/l/en_US/q9mE-dy1BQ8.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3idBq4/yP/l/en_US/AyyGpm6_fQg.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/345408838_554868536720991_4473956762622793907_n.jpg?stp=dst-jpg_p480x480&_nc_cat=111&ccb=1-7&_nc_sid=5f2048&_nc_ohc=Fka_uNor5akAX_5Vx0x&_nc_ht=scontent-iad3-2.xx&oh=00_AfBneEOE2bzNnHCq-ehBwWm6GeZ-CbH_6iWYmm36nrGn5g&oe=6607DB9F HTTP/1.1Host: scontent-iad3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t31.18172-8/14711400_591923380980004_146498289764737937_o.jpg?stp=dst-jpg_fb50_s320x320&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=US-2ZbAgYQ0AX8PS474&_nc_ht=scontent-iad3-1.xx&oh=00_AfDC1FQNbzUTX09-0lc08NGwHIjdbNpDLEXCu4RbW3H_sw&oe=662A8448 HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t31.18172-8/14711400_591923380980004_146498289764737937_o.jpg?stp=dst-jpg_s960x960&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=US-2ZbAgYQ0AX8PS474&_nc_ht=scontent-iad3-1.xx&oh=00_AfBinJfMHk1TYrtMfoEdUzED7UOwvi3Z6zmQwkkYIyjuVA&oe=662A8448 HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/336927474_3319882898322661_4683473465336529276_n.jpg?stp=dst-jpg_p480x480&_nc_cat=105&ccb=1-7&_nc_sid=5f2048&_nc_ohc=FZusoMbXGhIAX98kDRY&_nc_ht=scontent-iad3-2.xx&oh=00_AfC5TzcLvwR8E0KjfoFgi3aCTty4_u8EoD3w1Ox0pdfqcA&oe=6608C786 HTTP/1.1Host: scontent-iad3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/422970684_1757890574713454_756376464245095654_n.jpg?stp=dst-jpg_s720x720&_nc_cat=110&ccb=1-7&_nc_sid=5f2048&_nc_ohc=107UIiOzT7gAX9j_LK6&_nc_ht=scontent-iad3-1.xx&oh=00_AfA8LKV88KVnwDwmya6T7YZvMdgapnppWYhXAjPM03dWLg&oe=66074431 HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/346104329_565262735721643_9219658793372446428_n.jpg?stp=dst-jpg_p480x480&_nc_cat=105&ccb=1-7&_nc_sid=5f2048&_nc_ohc=8dZ_kGEmhDsAX85Ph0z&_nc_ht=scontent-iad3-2.xx&oh=00_AfDxscQOPmDUQooFxIs1EGi5CEM_0K2ynZxX2H8vrjD37A&oe=6607C420 HTTP/1.1Host: scontent-iad3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/365868153_743671090857740_6406375155720795749_n.jpg?stp=dst-jpg_s640x640&_nc_cat=101&ccb=1-7&_nc_sid=5f2048&_nc_ohc=zDOwJGShkAYAX8DcVsw&_nc_ht=scontent-iad3-1.xx&oh=00_AfD8SREs1djMaWBCEsRKckYil_1mEPLUKv1FKPDO24gXKw&oe=660867B5 HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/353948418_116757841451495_7051299819541577410_n.jpg?stp=dst-jpg_s640x640&_nc_cat=108&ccb=1-7&_nc_sid=5f2048&_nc_ohc=0q-qhw2-qZMAX8CfBwF&_nc_ht=scontent-iad3-1.xx&oh=00_AfAbn_4msclyUHq3UB_aqHff34_4jm8NlN-qQ9r7ygS_eg&oe=66079D92 HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/344299204_778385596974975_3925581549886345862_n.jpg?stp=dst-jpg_p480x480&_nc_cat=110&ccb=1-7&_nc_sid=5f2048&_nc_ohc=BRYczwzYVx8AX8OlnWr&_nc_ht=scontent-iad3-1.xx&oh=00_AfDrfzFfvjJJJOWg4dEIsmiTIicKbMynrBaxObxy1-qN6g&oe=6608378A HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/344291496_941761983774142_6714898198585150208_n.jpg?stp=dst-jpg_p480x480&_nc_cat=108&ccb=1-7&_nc_sid=5f2048&_nc_ohc=ps2qWAox_o4AX_5sAkd&_nc_ht=scontent-iad3-1.xx&oh=00_AfDXCbIngEl6nKLekpfKqO62PR1XH9A8fTO3UaT9JUiAyA&oe=66079A1F HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3i-LK4/yC/l/en_US/6Q0E-Aihmb8.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3iEI74/ys/l/en_US/RsYgUPkiI0GIOrr8Repg2I8YKvM40ckJTsYEcTr9k1uxj9xJniev-aE7Zc-ipmmdxVkEXcCWPrroV5wrZTyFmaOOfWxL1rr0Obq.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yu/r/hJhMncL-mDP.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3iWd-4/yc/l/en_US/Yx7PwT2JwaP.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3i03r4/yh/l/en_US/WBgVVoYHjyJBx2ohSxNfK51trd-z_zgkrcS1tiv9hBEZlfzIGzJRT-zkSMvWi-DAk6XYYhi4epUx2joFkVjeqNmCZ_uh8Ri8EqTv4ejvoijb302ZM4-qdc884u1lhyFxJ4dCTEvncaMuwhpc3MgCmCuvkpMttPnMfQyeNxsw_y3zVOBS5r1v89-9txa.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3iN2w4/yH/l/en_US/wjOcH-I6_fe.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3ijbW4/ys/l/en_US/nSQLiQbQffO.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yS/r/YOJay7eN_PK.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3it4v4/y7/l/en_US/Yy3UvLlQ5s2.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/ye/r/mM84SfiWlvq.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yu/r/0dhQxNDfACl.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3iGuT4/y7/l/en_US/XpxuEikPIs6.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yy/r/hLElYKzBG38.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3iRdI4/yf/l/en_US/o66RdpHoPFZ.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3ib-74/yH/l/en_US/lJVPjox8GXT.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/346104329_565262735721643_9219658793372446428_n.jpg?stp=dst-jpg_p480x480&_nc_cat=105&ccb=1-7&_nc_sid=5f2048&_nc_ohc=8dZ_kGEmhDsAX85Ph0z&_nc_ht=scontent-iad3-2.xx&oh=00_AfDxscQOPmDUQooFxIs1EGi5CEM_0K2ynZxX2H8vrjD37A&oe=6607C420 HTTP/1.1Host: scontent-iad3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t31.18172-8/14711400_591923380980004_146498289764737937_o.jpg?stp=dst-jpg_fb50_s320x320&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=US-2ZbAgYQ0AX8PS474&_nc_ht=scontent-iad3-1.xx&oh=00_AfDC1FQNbzUTX09-0lc08NGwHIjdbNpDLEXCu4RbW3H_sw&oe=662A8448 HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t31.18172-8/14711400_591923380980004_146498289764737937_o.jpg?stp=c24.0.50.50a_cp0_dst-jpg_p50x50&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=US-2ZbAgYQ0AX8PS474&_nc_ht=scontent-iad3-1.xx&oh=00_AfBxa19PYuVvdAzvgqt5d38YFDOYSpZaMMH3nqGHT4ws5g&oe=662A8448 HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/336927474_3319882898322661_4683473465336529276_n.jpg?stp=dst-jpg_p480x480&_nc_cat=105&ccb=1-7&_nc_sid=5f2048&_nc_ohc=FZusoMbXGhIAX98kDRY&_nc_ht=scontent-iad3-2.xx&oh=00_AfC5TzcLvwR8E0KjfoFgi3aCTty4_u8EoD3w1Ox0pdfqcA&oe=6608C786 HTTP/1.1Host: scontent-iad3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/365868153_743671090857740_6406375155720795749_n.jpg?stp=dst-jpg_s640x640&_nc_cat=101&ccb=1-7&_nc_sid=5f2048&_nc_ohc=zDOwJGShkAYAX8DcVsw&_nc_ht=scontent-iad3-1.xx&oh=00_AfD8SREs1djMaWBCEsRKckYil_1mEPLUKv1FKPDO24gXKw&oe=660867B5 HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/353948418_116757841451495_7051299819541577410_n.jpg?stp=dst-jpg_s640x640&_nc_cat=108&ccb=1-7&_nc_sid=5f2048&_nc_ohc=0q-qhw2-qZMAX8CfBwF&_nc_ht=scontent-iad3-1.xx&oh=00_AfAbn_4msclyUHq3UB_aqHff34_4jm8NlN-qQ9r7ygS_eg&oe=66079D92 HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/344299204_778385596974975_3925581549886345862_n.jpg?stp=dst-jpg_p480x480&_nc_cat=110&ccb=1-7&_nc_sid=5f2048&_nc_ohc=BRYczwzYVx8AX8OlnWr&_nc_ht=scontent-iad3-1.xx&oh=00_AfDrfzFfvjJJJOWg4dEIsmiTIicKbMynrBaxObxy1-qN6g&oe=6608378A HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/422970684_1757890574713454_756376464245095654_n.jpg?stp=dst-jpg_s720x720&_nc_cat=110&ccb=1-7&_nc_sid=5f2048&_nc_ohc=107UIiOzT7gAX9j_LK6&_nc_ht=scontent-iad3-1.xx&oh=00_AfA8LKV88KVnwDwmya6T7YZvMdgapnppWYhXAjPM03dWLg&oe=66074431 HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t31.18172-8/14711400_591923380980004_146498289764737937_o.jpg?stp=dst-jpg_s960x960&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=US-2ZbAgYQ0AX8PS474&_nc_ht=scontent-iad3-1.xx&oh=00_AfBinJfMHk1TYrtMfoEdUzED7UOwvi3Z6zmQwkkYIyjuVA&oe=662A8448 HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/345408838_554868536720991_4473956762622793907_n.jpg?stp=dst-jpg_p480x480&_nc_cat=111&ccb=1-7&_nc_sid=5f2048&_nc_ohc=Fka_uNor5akAX_5Vx0x&_nc_ht=scontent-iad3-2.xx&oh=00_AfBneEOE2bzNnHCq-ehBwWm6GeZ-CbH_6iWYmm36nrGn5g&oe=6607DB9F HTTP/1.1Host: scontent-iad3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yS/r/YOJay7eN_PK.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yY/r/YT7n1sgH1lv.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3iNTg4/ys/l/en_US/R-iMvr77wdb.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yy/r/hLElYKzBG38.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/344291496_941761983774142_6714898198585150208_n.jpg?stp=dst-jpg_p480x480&_nc_cat=108&ccb=1-7&_nc_sid=5f2048&_nc_ohc=ps2qWAox_o4AX_5sAkd&_nc_ht=scontent-iad3-1.xx&oh=00_AfDXCbIngEl6nKLekpfKqO62PR1XH9A8fTO3UaT9JUiAyA&oe=66079A1F HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t31.18172-8/14711400_591923380980004_146498289764737937_o.jpg?stp=c24.0.50.50a_cp0_dst-jpg_p50x50&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=US-2ZbAgYQ0AX8PS474&_nc_ht=scontent-iad3-1.xx&oh=00_AfBxa19PYuVvdAzvgqt5d38YFDOYSpZaMMH3nqGHT4ws5g&oe=662A8448 HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /hads-ak-prn2/1487645_6012475414660_1439393861_n.png HTTP/1.1Host: scontent.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3imd04/y_/l/en_US/s7gvP_bieRc.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/ys/r/wV1EPAsR05q.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yd/r/ZMDmtP-j05B.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/yT/r/aGT3gskzWBf.ico HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /data/manifest/ HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36viewport-width: 1280sec-ch-ua-platform-version: "10.0.0"dpr: 1sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://www.facebook.com/groups/191802104561301/media/videosAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1280x907; _js_datr=hhsDZgtz2uh6qetmiSjWtBtp; ps_n=0; ps_l=0; fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxuL.AWUlbi7v7_8
Source: global traffic	HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1280x907; _js_datr=hhsDZgtz2uh6qetmiSjWtBtp; ps_n=0; ps_l=0; fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxuL.AWUlbi7v7_8
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/y0/r/eFZD1KABzRA.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/yT/r/aGT3gskzWBf.ico HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /hads-ak-prn2/1487645_6012475414660_1439393861_n.png HTTP/1.1Host: scontent.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=5&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1280x907; ps_n=0; ps_l=0; fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxuL.AWUlbi7v7_8; datr=hhsDZgtz2uh6qetmiSjWtBtp
Source: global traffic	HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=7&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1280x907; ps_n=0; ps_l=0; fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxuL.AWUlbi7v7_8; datr=hhsDZgtz2uh6qetmiSjWtBtp
Source: global traffic	HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=6&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1280x907; ps_n=0; ps_l=0; fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxuL.AWUlbi7v7_8; datr=hhsDZgtz2uh6qetmiSjWtBtp
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/y0/r/eFZD1KABzRA.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=8&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1280x907; ps_n=0; ps_l=0; datr=hhsDZgtz2uh6qetmiSjWtBtp; fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxuO.AWW_vohMhoY
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yd/r/DeNyZD1Vj3q.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yd/r/DeNyZD1Vj3q.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=a&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ps_n=0; ps_l=0; datr=hhsDZgtz2uh6qetmiSjWtBtp; fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxuO.AWW_vohMhoY; wd=1280x958
Source: global traffic	HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=b&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ps_n=0; ps_l=0; datr=hhsDZgtz2uh6qetmiSjWtBtp; fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxuO.AWW_vohMhoY; wd=1280x958
Source: global traffic	HTTP traffic detected: GET /ajax/webstorage/process_keys/?state=1 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ps_n=0; ps_l=0; datr=hhsDZgtz2uh6qetmiSjWtBtp; fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxuO.AWW_vohMhoY; wd=1280x958
Source: global traffic	HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=d&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ps_n=0; ps_l=0; datr=hhsDZgtz2uh6qetmiSjWtBtp; wd=1280x958; fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxvI.AWUm-Vk5k2M
Source: global traffic	HTTP traffic detected: GET /groups/191802104561301/media/videos HTTP/1.1Host: www.facebook.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: chromecache_109.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/A4tfXiHOGrs/ equals www.facebook.com (Facebook)
Source: chromecache_121.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/CCT5pM3qiNk/ equals www.facebook.com (Facebook)
Source: chromecache_109.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/Ga6vBwdwgUx/ equals www.facebook.com (Facebook)
Source: chromecache_121.2.dr, chromecache_116.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/MDzNl_j9yvg/ equals www.facebook.com (Facebook)
Source: chromecache_121.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/OKBVmODmb-W/ equals www.facebook.com (Facebook)
Source: chromecache_139.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/V9vdYColc4k/ equals www.facebook.com (Facebook)
Source: chromecache_121.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/WRsJ32R7YJG/ equals www.facebook.com (Facebook)
Source: chromecache_121.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/aJoeSHn7XcN/ equals www.facebook.com (Facebook)
Source: chromecache_121.2.dr, chromecache_116.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/t3hOLs8wlXy/ equals www.facebook.com (Facebook)
Source: chromecache_107.2.dr	String found in binary or memory: __d("Chromedome",["fbt"],(function(a,b,c,d,e,f,g,h){function i(){if(document.domain==null)return null;var a=document.domain,b=/^intern\./.test(a);if(b)return null;b=/(^\|\.)facebook\.(com\|sg)$/.test(a);if(b)return"facebook";b=/(^\|\.)instagram\.com$/.test(a);if(b)return"instagram";b=/(^\|\.)threads\.net$/.test(a);if(b)return"threads";b=/(^\|\.)messenger\.com$/.test(a);return b?"messenger":null}function j(a){if(a==="instagram")return h._("This is a browser feature intended for developers. If someone told you to copy-paste something here to enable an Instagram feature or \"hack\" someone's account, it is a scam and will give them access to your Instagram account.");return a==="threads"?h._("This is a browser feature intended for developers. If someone told you to copy-paste something here to enable a Threads feature or \"hack\" someone's account, it is a scam and will give them access to your Threads account."):h._("This is a browser feature intended for developers. If someone told you to copy-paste something here to enable a Facebook feature or \"hack\" someone's account, it is a scam and will give them access to your Facebook account.")}function a(a){if(top!==window)return;a=i();if(a==null)return;var b=h._("Stop!");a=j(a);var c=h._("See {url} for more information.",[h._param("url","https://www.facebook.com/selfxss")]);if(window.chrome\|\|window.safari){var d="font-family:helvetica; font-size:20px; ";[[b,d+"font-size:50px; font-weight:bold; color:red; -webkit-text-stroke:1px black;"],[a,d],[c,d],["",""]].map(function(a){window.setTimeout(console.log.bind(console,"\n%c"+a[0].toString(),a[1]))})}else{b=[""," .d8888b. 888 888","d88P Y88b 888 888","Y88b. 888 888",' "Y888b. 888888 .d88b. 88888b. 888',' "Y88b. 888 d88""88b 888 "88b 888',' "888 888 888 888 888 888 Y8P',"Y88b d88P Y88b. Y88..88P 888 d88P",' "Y8888P" "Y888 "Y88P" 88888P" 888'," 888"," 888"," 888"];d=(""+a.toString()).match(/.{35}.+?\s+\|.+$/g);if(d!=null){a=Math.floor(Math.max(0,(b.length-d.length)/2));for(var e=0;e<b.length\|\|e<d.length;e++){var f=b[e];b[e]=f+new Array(45-f.length).join(" ")+(d[e-a]\|\|"")}}console.log("\n\n\n"+b.join("\n")+"\n\n"+c.toString()+"\n");return}}g.start=a}),98); equals www.facebook.com (Facebook)
Source: chromecache_121.2.dr	String found in binary or memory: __d("CometCookieConsent2023Q1OtherCompanies.react",["CometCookieConsentModalStringsUpdated","CometCookieConsentSectionAccordion.react","CometCookieConsentUtils.react","CometListCellText.react","TetraText.react","react"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h\|\|d("react");function a(){return i.jsxs("div",{className:"x1nb4dca x1q0q8m5 xso031l xx6bls6",children:[i.jsx("div",{className:"x9orja2",children:i.jsx(c("TetraText.react"),{type:"headlineEmphasized2",children:d("CometCookieConsentModalStringsUpdated").COOKIES_FROM_OTHER_COMPANIES_SECTION_HEADER})}),i.jsx("div",{className:"x1cnzs8",children:i.jsx(c("TetraText.react"),{type:"body3",children:d("CometCookieConsentModalStringsUpdated").getCookiesFromOtherCompaniesSubHeader(p)})}),i.jsx("div",{className:"x1cnzs8",children:i.jsx(c("CometCookieConsentSectionAccordion.react"),{content:k,sectionTitle:j})}),i.jsx("div",{children:i.jsx(c("CometCookieConsentSectionAccordion.react"),{content:m,sectionTitle:l})}),i.jsx("div",{children:i.jsx(c("CometCookieConsentSectionAccordion.react"),{content:o,sectionTitle:n})})]})}a.displayName=a.name+" [from "+f.id+"]";var j=i.jsx(c("CometListCellText.react"),{headline:i.jsx(c("TetraText.react"),{type:"headlineEmphasized3",children:d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES})}),k=i.jsxs("div",{style:{marginLeft:10},children:[i.jsx("div",{style:{paddingBottom:10,paddingTop:10},children:i.jsx(c("TetraText.react"),{type:"body3",children:d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES_INTRO})}),i.jsx(d("CometCookieConsentUtils.react").CometConsentListBullets,{list:[d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES_ITEM_1,d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES_ITEM_2,d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES_ITEM_3]})]}),l=i.jsx(c("CometListCellText.react"),{headline:i.jsx(c("TetraText.react"),{type:"headlineEmphasized3",children:d("CometCookieConsentModalStringsUpdated").IF_ALLOW_THESE_COOKIES})}),m=i.jsx("div",{style:{marginLeft:10},children:i.jsx(d("CometCookieConsentUtils.react").CometConsentListBullets,{list:[d("CometCookieConsentModalStringsUpdated").IF_ALLOW_THESE_COOKIES_ITEM_1,d("CometCookieConsentModalStringsUpdated").IF_ALLOW_THESE_COOKIES_ITEM_2,d("CometCookieConsentModalStringsUpdated").IF_ALLOW_THESE_COOKIES_ITEM_3]})}),n=i.jsx(c("CometListCellText.react"),{headline:i.jsx(c("TetraText.react"),{type:"headlineEmphasized3",children:d("CometCookieConsentModalStringsUpdated").IF_DONT_ALLOW_THESE_COOKIES})}),o=i.jsx("div",{style:{marginLeft:10},children:i.jsx(d("CometCookieConsentUtils.react").CometConsentListBullets,{list:[d("CometCookieConsentModalStringsUpdated").IF_DONT_ALLOW_THESE_COOKIES_ITEM_1,d("CometCookieConsentModalStringsUpdated").IF_DONT_ALLOW_THESE_COOKIES_ITEM_2]})}),p="https://www.facebook.com/privacy/policies/cookies/?annotations[0]=explanation%2F3_companies_list";g.CometCookieConsent2023Q1OtherCompanies=a}),98); equals www.f
Source: chromecache_157.2.dr	String found in binary or memory: __d("CometLegalFooter.react",["fbt","ix","BaseMiddot.react","CometErrorBoundary.react","CometLazyPopoverTrigger.react","CometLink.react","CometPressable.react","FBCookieSettingsLoggedOutConfig","JSResourceForInteraction","ServerTime","TetraIcon.react","TetraText.react","XHealthPolicyCometControllerRouteBuilder","XPrivacyPolicyCometControllerRouteBuilder","fbicon","gkx","react","useCurrentRoute"],(function(a,b,c,d,e,f,g,h,i){"use strict";var j,k=j\|\|d("react"),l=c("JSResourceForInteraction")("CometLegalFooterMoreMenu.react").__setRef("CometLegalFooter.react");function m(){try{var a;return(a=new Date(d("ServerTime").getMillis()))==null?void 0:a.getFullYear()}catch(a){return null}}function a(a){var b=a.isHelpCenter;b=b===void 0?!1:b;var e=a.isPage;e=e===void 0?!1:e;var f=a.onClick;a=d("FBCookieSettingsLoggedOutConfig").should_show_cookie_settings;var g=c("useCurrentRoute")(),j=m(),n=c("XPrivacyPolicyCometControllerRouteBuilder").buildUri({entry_point:"comet_dropdown"}),o=c("XHealthPolicyCometControllerRouteBuilder").buildUri({});e=[{href:"https://www.facebook.com/legal/terms/information_about_page_insights_data",label:h._("Information about Page Insights Data"),render:e&&c("gkx")("22806")},{href:n.toString(),label:h._("Privacy"),testid:"CometDropdownPrivacy"},{href:o.toString(),label:h._("Consumer Health Privacy"),render:c("gkx")("2828"),testid:"CometDropdownHealthPrivacy"},{href:"/terms?ref=pf",label:"Impressum/Terms/NetzDG/UrhDaG",render:c("gkx")("22807")&&!c("gkx")("22808")},{href:"/terms?ref=pf",label:h._("Imprint\/Terms"),render:c("gkx")("22808")},{href:"/legal/germany/",label:"UrhDaG/MStV",render:c("gkx")("22808")},{href:"/policies?ref=pf",label:h._("Terms"),render:!c("gkx")("22807")&&!c("gkx")("22808"),testid:"CometDropdownTerms"},{href:"/business/",label:h._("Advertising")},{href:"/help/568137493302217",label:k.jsxs(k.Fragment,{children:[h._("Ad Choices")," ",k.jsx(c("CometErrorBoundary.react"),{children:k.jsx("span",{className:"x1n2onr6 x1qiirwl",children:k.jsx(c("TetraIcon.react"),{color:"secondary",icon:d("fbicon")._(i("871692"),12)})})})]})},{href:"/policies/cookies/",label:h._("Cookies"),testid:"CometDropdownCookies"},{href:"/privacy/cookie_settings/",label:h._("Cookie Settings"),render:a}].filter(function(a){return a.render==null\|\|a.render===!0});var p=[];if((g==null?void 0:(n=g.rootView.props)==null?void 0:n.seoCrawlingPool)&&(g==null?void 0:(o=g.rootView.props)==null?void 0:o.seoCrawlingPool.url)){Array.from(Array((g==null?void 0:(a=g.rootView.props)==null?void 0:a.seoCrawlingPool.multiple_links)\|\|0)).forEach(function(a,b){p.push(k.jsxs("li",{className:"xt0psk2",children:[k.jsx(c("CometLink.react"),{color:"secondary",href:g==null?void 0:(a=g.rootView.props)==null?void 0:a.seoCrawlingPool.url,onClick:f,weight:"normal",children:g==null?void 0:(a=g.rootView.props)==null?void 0:a.seoCrawlingPool.link_string}),k.jsx(c("BaseMiddot.react"),{})]},b))})}if((g==null?void 0:(n=g.rootView.props)==null?void 0:n.seoGrowthAutomationCrawlingPool)&&(g
Source: chromecache_143.2.dr	String found in binary or memory: __d("FBReelsURLUtils",["ConstUriUtils","XCometFBReelControllerRouteBuilder","gkx"],(function(a,b,c,d,e,f,g){"use strict";function h(a,b,d,e,f,g){b=(b=b)!=null?b:"UNKNOWN";var h="group_other",i=void 0;if(Boolean(e)){switch(d){case"group":case"group_mall":h="group";i=f==null?void 0:f;break;case"groups_tab":h="groups_tab";break;default:break}b=h}e={group_id:i,s:b,stack_idx:g==null?void 0:g,video_id:a==null?void 0:a};return c("XCometFBReelControllerRouteBuilder").buildURL(e)}function a(a,b,c,e,f,g){a=h(a,b,c,e,f,g);if(i()){f=(b=d("ConstUriUtils").getUri(a))==null?void 0:(c=b.getQualifiedUri())==null?void 0:(e=c.setDomain("www.facebook.com"))==null?void 0:e.toString();if(f!=null)return f}return a}function b(a){return["fb_shorts_video_deep_dive","fb_shorts_profile_video_deep_dive"].includes(a)}function i(){return c("gkx")("22564")\|\|c("gkx")("24206")}g.getReelsURL=h;g.getReelsAbsoluteURL=a;g.isReelsRenderLocationVDD=b;g.isBizSurface=i}),98); equals www.facebook.com (Facebook)
Source: chromecache_121.2.dr	String found in binary or memory: __d("FacebookCookieConsentCustomization",["fbt","ix","JSResourceForInteraction","XCookiesPolicyControllerRouteBuilder","isBaseline4EnabledForLoggedOut","isCNILEnabledForLoggedOut","lazyLoadComponent"],(function(a,b,c,d,e,f,g,h,i){"use strict";var j=c("lazyLoadComponent")(c("JSResourceForInteraction")("FacebookCometCookieConsentDialogDataSettings.react").__setRef("FacebookCookieConsentCustomization"));a=function(){var a,b,d,e=null;c("isBaseline4EnabledForLoggedOut")()\|\|c("isCNILEnabledForLoggedOut")()?(b=i("1954651"),d=i("1954649"),e=h._("More options")):(b=i("856481"),d=i("856481"),e=h._("Manage Data Settings"));a=(a=(a=c("XCookiesPolicyControllerRouteBuilder").buildUri({}).getQualifiedUri())==null?void 0:(a=a.setDomain("www.facebook.com"))==null?void 0:a.toString())!=null?a:"";return{essentialCookiesOnly:!1,faviconDark:d,faviconLight:b,policyUrl:a,productName:"FACEBOOK",secondaryAction:{label:e,viewReference:j}}};b=a;g["default"]=b}),98); equals www.facebook.com (Facebook)
Source: chromecache_153.2.dr	String found in binary or memory: __d("GroupsCometMemberCountAndPrivacy.react",["BaseMiddot.react","CometLink.react","CometRelay","CometRow.react","CometRowItem.react","CurrentEnvironment","GroupsCometMemberCountAndPrivacy_group.graphql","GroupsCometPrivacyText.react","XCometGroupMembersControllerRouteBuilder","promiseDone","react","requireDeferred","useGroupsCometMemberCount","useMinifiedProductAttribution","usePreviousSurfaceForGroupLogging"],(function(a,b,c,d,e,f,g){"use strict";var h,i,j=i\|\|(i=d("react")),k=i.useRef,l=c("requireDeferred")("GroupClickActionFalcoEvent").__setRef("GroupsCometMemberCountAndPrivacy.react"),m="www.facebook.com";function a(a){a=a.group$key;var e=d("CometRelay").useFragment(h!==void 0?h:h=b("GroupsCometMemberCountAndPrivacy_group.graphql"),a);a=c("CurrentEnvironment").messengerdotcom?(a=c("XCometGroupMembersControllerRouteBuilder").buildUri({idorvanity:e.id}).setDomain(m))==null?void 0:(a=a.setProtocol("https"))==null?void 0:a.toString():c("XCometGroupMembersControllerRouteBuilder").buildUri({idorvanity:e.id}).toString();var f=c("useGroupsCometMemberCount")({group$key:e}),g=c("useMinifiedProductAttribution")(),i=c("usePreviousSurfaceForGroupLogging")(),n=k(i);i=function(){c("promiseDone")(l.load().then(function(a){return a.log(function(){var a;return{attribution_id:"[]",attribution_id_v2:(a=g)!=null?a:"[]",current_surface:"group_mall",group_id:(a=e.id)!=null?a:"",previous_surface:n.current,unit_name:"group_ngn_members"}})}))};return j.jsxs(c("CometRow.react"),{align:"start",paddingHorizontal:0,paddingTop:0,spacing:4,verticalAlign:"center",wrap:"forward",children:[j.jsx(c("CometRowItem.react"),{children:j.jsx(c("GroupsCometPrivacyText.react"),{group$key:e})}),f!=null&&j.jsx(c("CometRowItem.react"),{children:j.jsx(c("BaseMiddot.react"),{})}),f!=null&&j.jsx(c("CometRowItem.react"),{children:j.jsx(c("CometLink.react"),{color:"secondary",href:a,onClick:i,children:f})})]})}a.displayName=a.name+" [from "+f.id+"]";g["default"]=a}),98); equals www.facebook.com (Facebook)

Source: unknown

DNS traffic detected: queries for: www.facebook.com

Source: unknown

HTTP traffic detected: POST /ajax/qm/?__a=1&__user=0&__comet_req=15&jazoest=2938 HTTP/1.1Host: www.facebook.comConnection: keep-aliveContent-Length: 129sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36viewport-width: 1280Content-Type: application/x-www-form-urlencodedsec-ch-ua-platform-version: "10.0.0"dpr: 1sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/groups/191802104561301/media/videosAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=01Dv0PiRi9JaZer5e..BmAxuK..AAA.0.0.BmAxuK.AWUHV5Izz6Y; expires=Mon, 24-Jun-2024 19:01:30 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: ps_n=0; expires=Wed, 30-Apr-2025 19:01:31 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly; SameSite=NoneSet-Cookie: ps_l=0; expires=Wed, 30-Apr-2025 19:01:31 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly; SameSite=LaxSet-Cookie: fr=0vx1zAI1Sg7RP6W3L..BmAxuL..AAA.0.0.BmAxuL.AWXkSW8gBUQ; expires=Mon, 24-Jun-2024 19:01:31 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: ps_l=0; expires=Wed, 30-Apr-2025 19:01:31 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly; SameSite=LaxSet-Cookie: ps_n=0; expires=Wed, 30-Apr-2025 19:01:31 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly; SameSite=NoneSet-Cookie: fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxuL.AWUlbi7v7_8; expires=Mon, 24-Jun-2024 19:01:31 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: datr=hhsDZgtz2uh6qetmiSjWtBtp; expires=Wed, 30-Apr-2025 19:01:34 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly; SameSite=NoneSet-Cookie: _js_datr=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=-1711479693; path=/; domain=.facebook.com; httponlySet-Cookie: fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxuO.AWW_vohMhoY; expires=Mon, 24-Jun-2024 19:01:34 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxvI.AWUm-Vk5k2M; expires=Mon, 24-Jun-2024 19:02:32 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}

Source: chromecache_134.2.dr	String found in binary or memory: https://fburl.com/comet_preloading
Source: chromecache_134.2.dr	String found in binary or memory: https://fburl.com/dialog-provider).
Source: chromecache_134.2.dr	String found in binary or memory: https://fburl.com/wiki/m19zmtlh
Source: chromecache_154.2.dr	String found in binary or memory: https://fburl.com/wiki/xrzohrqb
Source: chromecache_121.2.dr	String found in binary or memory: https://optout.aboutads.info/
Source: chromecache_126.2.dr	String found in binary or memory: https://scontent.xx.fbcdn.net/hads-ak-prn2/1487645_6012475414660_1439393861_n.png
Source: chromecache_121.2.dr	String found in binary or memory: https://support.google.com/chrome/answer/95647
Source: chromecache_109.2.dr	String found in binary or memory: https://www.internalfb.com/intern/invariant/
Source: chromecache_121.2.dr	String found in binary or memory: https://www.youronlinechoices.com/
Source: chromecache_121.2.dr	String found in binary or memory: https://youradchoices.ca/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49836 version: TLS 1.2

System Summary

Downloads suspicious files via Chrome

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File dump: C:\Users\user\Desktop\Facebook.lnk

Jump to dropped file

Source: classification engine

Classification label: sus20.win@17/104@30/9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Desktop\Facebook.lnk

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 --field-trial-handle=2356,i,12125854858765299221,15088975027911277017,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.facebook.com/groups/191802104561301/media/videos"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 --field-trial-handle=2356,i,12125854858765299221,15088975027911277017,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Facebook.lnk.0.dr	LNK file: ..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Facebook.lnk0.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Facebook.lnk1.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Facebook.lnk			Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
31.13.66.35	star-mini.c10r.facebook.com	Ireland	32934	FACEBOOKUS	false
31.13.66.19	scontent-iad3-1.xx.fbcdn.net	Ireland	32934	FACEBOOKUS	false
142.251.167.105	www.google.com	United States	15169	GOOGLEUS	false
157.240.229.35	unknown	United States	32934	FACEBOOKUS	false
157.240.229.1	scontent.xx.fbcdn.net	United States	32934	FACEBOOKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.4
192.168.2.5
127.0.0.1

Contacted Domains

Name	IP	Active
star-mini.c10r.facebook.com	31.13.66.35	true
scontent.xx.fbcdn.net	157.240.229.1	true
video.xx.fbcdn.net	157.240.229.2	true
www.google.com	142.251.167.105	true
scontent-iad3-1.xx.fbcdn.net	31.13.66.19	true
scontent-iad3-2.xx.fbcdn.net	157.240.229.1	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
www.facebook.com	unknown	unknown
static.xx.fbcdn.net	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://scontent-iad3-2.xx.fbcdn.net/v/t15.5256-10/336927474_3319882898322661_4683473465336529276_n.jpg?stp=dst-jpg_p480x480&_nc_cat=105&ccb=1-7&_nc_sid=5f2048&_nc_ohc=FZusoMbXGhIAX98kDRY&_nc_ht=scontent-iad3-2.xx&oh=00_AfC5TzcLvwR8E0KjfoFgi3aCTty4_u8EoD3w1Ox0pdfqcA&oe=6608C786	false	high
https://www.facebook.com/ajax/qm/?__a=1&__user=0&__comet_req=15&jazoest=2938	false	high
http://www.facebook.com/groups/191802104561301/media/videos	false	high
https://static.xx.fbcdn.net/rsrc.php/v3/ye/r/mM84SfiWlvq.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://static.xx.fbcdn.net/rsrc.php/v3ijbW4/ys/l/en_US/nSQLiQbQffO.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/hJhMncL-mDP.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=d&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709	false	high
https://static.xx.fbcdn.net/rsrc.php/v3iN2w4/yH/l/en_US/wjOcH-I6_fe.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=8&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709	false	high
https://scontent-iad3-2.xx.fbcdn.net/v/t15.5256-10/346104329_565262735721643_9219658793372446428_n.jpg?stp=dst-jpg_p480x480&_nc_cat=105&ccb=1-7&_nc_sid=5f2048&_nc_ohc=8dZ_kGEmhDsAX85Ph0z&_nc_ht=scontent-iad3-2.xx&oh=00_AfDxscQOPmDUQooFxIs1EGi5CEM_0K2ynZxX2H8vrjD37A&oe=6607C420	false	high
https://static.xx.fbcdn.net/rsrc.php/v3/yd/r/DeNyZD1Vj3q.png	false	high
https://static.xx.fbcdn.net/rsrc.php/v3iQh04/yl/l/en_US/q9mE-dy1BQ8.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://static.xx.fbcdn.net/rsrc.php/v3/yd/r/ZMDmtP-j05B.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://scontent-iad3-1.xx.fbcdn.net/v/t31.18172-8/14711400_591923380980004_146498289764737937_o.jpg?stp=c24.0.50.50a_cp0_dst-jpg_p50x50&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=US-2ZbAgYQ0AX8PS474&_nc_ht=scontent-iad3-1.xx&oh=00_AfBxa19PYuVvdAzvgqt5d38YFDOYSpZaMMH3nqGHT4ws5g&oe=662A8448	false	high
https://static.xx.fbcdn.net/rsrc.php/v3imd04/y_/l/en_US/s7gvP_bieRc.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://static.xx.fbcdn.net/rsrc.php/v3iRdI4/yf/l/en_US/o66RdpHoPFZ.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://static.xx.fbcdn.net/rsrc.php/v3/ys/r/wV1EPAsR05q.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://scontent-iad3-1.xx.fbcdn.net/v/t15.5256-10/422970684_1757890574713454_756376464245095654_n.jpg?stp=dst-jpg_s720x720&_nc_cat=110&ccb=1-7&_nc_sid=5f2048&_nc_ohc=107UIiOzT7gAX9j_LK6&_nc_ht=scontent-iad3-1.xx&oh=00_AfA8LKV88KVnwDwmya6T7YZvMdgapnppWYhXAjPM03dWLg&oe=66074431	false	high
https://static.xx.fbcdn.net/rsrc.php/v3it4v4/y7/l/en_US/Yy3UvLlQ5s2.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://static.xx.fbcdn.net/rsrc.php/v3ib-74/yH/l/en_US/lJVPjox8GXT.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://www.facebook.com/ajax/webstorage/process_keys/?state=1	false	high
https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/0dhQxNDfACl.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://static.xx.fbcdn.net/rsrc.php/v3iMvG4/yi/l/en_US/J6PEW1zkdET0dw91vX2QqCV5bVta2J7S4uCHGMZIDGEITtg2YRX4wVhDYvatkvPhoO.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://static.xx.fbcdn.net/rsrc.php/v3idBq4/yP/l/en_US/AyyGpm6_fQg.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=9&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709	false	high
https://static.xx.fbcdn.net/rsrc.php/v3i03r4/yh/l/en_US/WBgVVoYHjyJBx2ohSxNfK51trd-z_zgkrcS1tiv9hBEZlfzIGzJRT-zkSMvWi-DAk6XYYhi4epUx2joFkVjeqNmCZ_uh8Ri8EqTv4ejvoijb302ZM4-qdc884u1lhyFxJ4dCTEvncaMuwhpc3MgCmCuvkpMttPnMfQyeNxsw_y3zVOBS5r1v89-9txa.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://scontent-iad3-1.xx.fbcdn.net/v/t31.18172-8/14711400_591923380980004_146498289764737937_o.jpg?stp=dst-jpg_s960x960&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=US-2ZbAgYQ0AX8PS474&_nc_ht=scontent-iad3-1.xx&oh=00_AfBinJfMHk1TYrtMfoEdUzED7UOwvi3Z6zmQwkkYIyjuVA&oe=662A8448	false	high
https://scontent-iad3-1.xx.fbcdn.net/v/t15.5256-10/344291496_941761983774142_6714898198585150208_n.jpg?stp=dst-jpg_p480x480&_nc_cat=108&ccb=1-7&_nc_sid=5f2048&_nc_ohc=ps2qWAox_o4AX_5sAkd&_nc_ht=scontent-iad3-1.xx&oh=00_AfDXCbIngEl6nKLekpfKqO62PR1XH9A8fTO3UaT9JUiAyA&oe=66079A1F	false	high
https://scontent-iad3-1.xx.fbcdn.net/v/t31.18172-8/14711400_591923380980004_146498289764737937_o.jpg?stp=dst-jpg_fb50_s320x320&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=US-2ZbAgYQ0AX8PS474&_nc_ht=scontent-iad3-1.xx&oh=00_AfDC1FQNbzUTX09-0lc08NGwHIjdbNpDLEXCu4RbW3H_sw&oe=662A8448	false	high
https://scontent-iad3-1.xx.fbcdn.net/v/t15.5256-10/353948418_116757841451495_7051299819541577410_n.jpg?stp=dst-jpg_s640x640&_nc_cat=108&ccb=1-7&_nc_sid=5f2048&_nc_ohc=0q-qhw2-qZMAX8CfBwF&_nc_ht=scontent-iad3-1.xx&oh=00_AfAbn_4msclyUHq3UB_aqHff34_4jm8NlN-qQ9r7ygS_eg&oe=66079D92	false	high
https://scontent-iad3-1.xx.fbcdn.net/v/t15.5256-10/344299204_778385596974975_3925581549886345862_n.jpg?stp=dst-jpg_p480x480&_nc_cat=110&ccb=1-7&_nc_sid=5f2048&_nc_ohc=BRYczwzYVx8AX8OlnWr&_nc_ht=scontent-iad3-1.xx&oh=00_AfDrfzFfvjJJJOWg4dEIsmiTIicKbMynrBaxObxy1-qN6g&oe=6608378A	false	high
https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/YOJay7eN_PK.png	false	high
https://www.facebook.com/data/manifest/	false	high
https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=7&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709	false	high
https://www.facebook.com/groups/191802104561301/media/videos	false	high
https://static.xx.fbcdn.net/rsrc.php/v3iWd-4/yc/l/en_US/Yx7PwT2JwaP.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://static.xx.fbcdn.net/rsrc.php/v3/yY/r/YT7n1sgH1lv.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://static.xx.fbcdn.net/rsrc.php/yT/r/aGT3gskzWBf.ico	false	high
https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=6&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709	false	high
https://static.xx.fbcdn.net/rsrc.php/v3/yQ/l/0,cross/3AyonyDMJju.css?_nc_x=Ij3Wp8lg5Kz	false	high
https://scontent-iad3-1.xx.fbcdn.net/v/t15.5256-10/365868153_743671090857740_6406375155720795749_n.jpg?stp=dst-jpg_s640x640&_nc_cat=101&ccb=1-7&_nc_sid=5f2048&_nc_ohc=zDOwJGShkAYAX8DcVsw&_nc_ht=scontent-iad3-1.xx&oh=00_AfD8SREs1djMaWBCEsRKckYil_1mEPLUKv1FKPDO24gXKw&oe=660867B5	false	high
https://scontent.xx.fbcdn.net/hads-ak-prn2/1487645_6012475414660_1439393861_n.png	false	high
https://www.facebook.com/ajax/bulk-route-definitions/	false	high
https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=a&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709	false	high
https://static.xx.fbcdn.net/rsrc.php/v3ivDB4/y6/l/en_US/LqVfMHTJ9_oMY3cWsxDsim6o4gQ-2xoQcC3aoXwX7mwI_CM1jY0vDUQEoYJkKWbHxzBQbCw57inkqSJQWbQFzxtGR4v5R_4lLcx1Rdzuzi16yg2P45ax7X-hYGc1wa-Oq19c8UFGgncWcrTOmPobANp9KHpDnYRWx5vjUQhP0HLNJLur35pXyNW5O2eLF_t-hPrgmOFx37sBU74Y3_eJMlvvhSHqcRl8uZh0wwKbKOFmYVL9vR980mk9ZOI-Ip55HfXW__mMMP-5hSGBbNbgFRlCsGN0FHzi95_wmB-51YxoStyBz2gE2pEQn4HVER6qmSdmQUrU48.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://scontent-iad3-2.xx.fbcdn.net/v/t15.5256-10/345408838_554868536720991_4473956762622793907_n.jpg?stp=dst-jpg_p480x480&_nc_cat=111&ccb=1-7&_nc_sid=5f2048&_nc_ohc=Fka_uNor5akAX_5Vx0x&_nc_ht=scontent-iad3-2.xx&oh=00_AfBneEOE2bzNnHCq-ehBwWm6GeZ-CbH_6iWYmm36nrGn5g&oe=6607DB9F	false	high
https://static.xx.fbcdn.net/rsrc.php/v3i-LK4/yC/l/en_US/6Q0E-Aihmb8.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://static.xx.fbcdn.net/rsrc.php/v3iEI74/ys/l/en_US/RsYgUPkiI0GIOrr8Repg2I8YKvM40ckJTsYEcTr9k1uxj9xJniev-aE7Zc-ipmmdxVkEXcCWPrroV5wrZTyFmaOOfWxL1rr0Obq.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=b&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709	false	high
https://static.xx.fbcdn.net/rsrc.php/v3iNTg4/ys/l/en_US/R-iMvr77wdb.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=5&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709	false	high
https://static.xx.fbcdn.net/rsrc.php/v3/yy/r/hLElYKzBG38.png	false	high
https://static.xx.fbcdn.net/rsrc.php/v3/y0/r/eFZD1KABzRA.png	false	high
https://static.xx.fbcdn.net/rsrc.php/v3/yo/r/noD1oQJiCYY.js?_nc_x=Ij3Wp8lg5Kz	false	high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Facebook.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Mar 26 15:01:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	BA9B701918FF2D269B72E8A8E81CA3BC	6122921D21EA5C8EB3AA6DDAEC7781E479F46843	6C134A2CB6D27FE4BD8CAC767F7635E0A9D30D41225C40BF023431F42EAABBC4
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Facebook.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Mar 26 15:01:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	73631D6CEBD1A8DFEDCA4E9945BA53FD	85573BEE7E10B81763D89E7E81A2B247D7C9A2F5	320C9332D147AE6523655AD68F6BA2E0911ED3962DF5CFA1869EBB2C6E97444D
C:\Users\user\Desktop\Facebook.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 08:54:44 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	6EF52A82036C94A8094F81B68B4A06C3	3D77CCB4BE7C107A32E79443D1176DB76ADA7056	7BF2AF653754A1D82F6961744D781BE5A888D7E8060DE03458C870F2B805AD11
Chrome Cache Entry: 102	ASCII text, with very long lines (6237)	3D1888E45B904425E77E316B1B743E77	31CE172DB582184EAB1C6542F17BA3FF778C6FA6	659CF5CDE9E67CE8D52F3F8A77E771E2FF7571090BD0716E29ADBB4555C1DAE2
Chrome Cache Entry: 103	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x480, components 3	181DF41D29472826F91831523DB40AFA	C8FE82E373E560F48AB681EBBA8CC219084C8269	B4DE57D6088ECA923E56D58A6EF2D03248EE3544E3D4289A2089319383A209A4
Chrome Cache Entry: 104	PNG image data, 189 x 177, 8-bit colormap, non-interlaced	2C4B8038DE92E58C7815F89BC771431C	C961C06831F5411E1C7BF9068AA02FC08E53C5B2	5E75CAB6C1CE0FA52C3B086A864E4BC9AAFC0403DDEEA6B85645B1BD3F2F5B84
Chrome Cache Entry: 105	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 423x640, components 3	01359B148970B2FE0B4431B587809726	4054C2D08A298814F59A3FD761856EF39E20CCBC	4432B02088BF6F37574D4C9C6E5754C5134ACBF9F43CDC4AAF682B510E96C01A
Chrome Cache Entry: 106	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3	16D53FD8BB6894D2A4BF2C35C5DFD3F2	E9C0FE03D17693274A083294274F74C45ED45A81	6FDB5E29DF944800890E66CA68D12F2365E99BB7CFCB8F0D3C933126E21B4B79
Chrome Cache Entry: 107	ASCII text, with very long lines (7990)	727333433DBF3DCC646E87C98285AA3E	BE03D9B4C221029B8FB2FA6568361A590F92755A	2FEB5F7F28A21F9D80E530A24734133E26A85FF45A22E063EFD5A4DFBFFA664A
Chrome Cache Entry: 108	ASCII text, with very long lines (12336)	A7CC09E5573FAF6432CC5E9B3B5F90D0	EBDEA1B9564AE2DF223620A9F4B7A8004253742B	1AF0138925E9B50F3298FFD4BF31BFF31E8FBBEACDB7D858C0936C0143E4AA70
Chrome Cache Entry: 109	ASCII text, with very long lines (19300)	41DBB4DAB09708BC4C337435D9A07094	3D7F8AFC89C231738FCED42A4D372750455E869B	D9C9993B92744BF5EC761F893831D0FC522FACA1516A2D3B88FD6DD1E36ABC61
Chrome Cache Entry: 110	PNG image data, 10 x 10, 8-bit/color RGB, non-interlaced	8DC258A49B60FAE051E9A7CE11AD05CF	DAFEF280663F4205FC7F0E47799E9945E6A68D6D	C8CAED93847AFFC154CB3D424E34FC146E7340BB29ABEBD5EBA7063E3DCA0604
Chrome Cache Entry: 111	PNG image data, 189 x 177, 8-bit colormap, non-interlaced	2C4B8038DE92E58C7815F89BC771431C	C961C06831F5411E1C7BF9068AA02FC08E53C5B2	5E75CAB6C1CE0FA52C3B086A864E4BC9AAFC0403DDEEA6B85645B1BD3F2F5B84
Chrome Cache Entry: 112	ASCII text, with very long lines (6382)	A60E5F639DF4508B98A358C8FEC57A04	010688599F5BB0568E4DD1E3CB0D2F6292458E44	7C40BB22CA2E52EB989F57224CFF72C7EA3BED2E78AF170E78DB62F2626D6BFD
Chrome Cache Entry: 113	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x480, components 3	1B15A1CB525C09BE163F289E09A0DBA9	624D846E444E0469D7E3891391F6006BEFFE4291	C34CFEF62D23CAE12ECE03C1299A785F4DFE051A3A7E23E334CB9A90BB93CF3E
Chrome Cache Entry: 114	ASCII text, with very long lines (10908)	09A2D7FFA2D899FD2F33F9B4A62D8338	02A917762C22D88092525927F1C50EDF008F2877	77B09A687BC9A4CDB10D019D758D819C7EFE0B5C22C6377FC9D408784B4BDC66
Chrome Cache Entry: 115	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	3E764F0F737767B30A692FAB1DE3CE49	58FA0755A8EE455819769EE0E77C23829BF488DD	88AE5454A7C32C630703440849D35C58F570D8EECC23C071DBE68D63CE6A40D7
Chrome Cache Entry: 116	ASCII text, with very long lines (18915)	A20A57297296210AE55C26306436FCE5	AF8363C369F8FD23868093CE0FF02C8D88C229C0	2DE52103B1FEEB037AF1757A1D10CB77A335258410AFF50F3CC4B93589357FDB
Chrome Cache Entry: 117	ASCII text, with very long lines (7068)	51FCF92CFBCF0956825A26CDE9BF1596	E0D16B9B13E8DCDDFD525D4A8630CD57224B5CE1	B37F7238AC9A1D56031FAC9897B29BE6CF9E20B0AD81F5E98C6677D8C7DF7667
Chrome Cache Entry: 118	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x480, components 3	345FFE23713612E87ED18C098FC0136F	0F1A6D5DBD8F31F1BF85368BCC21CFD7B8182D55	F80B484399794E024DDEF2A14E3ED8292E99C537C0357582526DA33AC10E6D95
Chrome Cache Entry: 119	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x162, components 3	EC054182B433F7A7270B78F2F272704F	6206F3C1921F5754A0216052AFB0DA22BE6F22FE	B0D9454B2E138E3D70542BCF96734753F6D04B45566D907AFC93E6031C113085
Chrome Cache Entry: 120	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x480, components 3	A5DC67D18D9159788201FEB70DC91752	CA69F334AD23F104A53420B01AE2FB2B2326B9E0	D2E418FA5810E485BD07DAD69F3306205EFA850ACD2607EFF2CC3CB48C3A62E8
Chrome Cache Entry: 121	ASCII text, with very long lines (4260)	2000AA819611399B4CCCB41AD764FDAD	3ECABF0A6DA88583713C2A1AD1ACC840760EA18C	A3347D8D46535832E740EF72B3FBB4C32B32508EE374F8449D9B3FE8E09C3F90
Chrome Cache Entry: 122	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 450x720, components 3	7B580FCAA8CC77422965802F58307411	A7F3B9395EC9884D7F8AB0E8525CB2E8B072BB25	4F1B09A5E4910D1AE5B5EF8C400625E0B577E93105B232DEB4546AC11F800B14
Chrome Cache Entry: 123	ASCII text, with very long lines (45939)	627BD647764A64CECA5645A20A91C1D5	08E218C20BCE6553A2E27B9C39338DC382245F6E	639B84B1B1EEFCB52D35DB969B81EADC2C44C7643A99DFD1C3EA01A684E336B7
Chrome Cache Entry: 124	ASCII text, with no line terminators	F71C4EFD36879E28A721AAF93B559B3F	2AA52C4FD618680148F935B280F96496EFD7E153	F39FC3D962FAE023EBB725DFDBA524226C593C6EB2BC2C1F23C454D63CC10EC2
Chrome Cache Entry: 125	PNG image data, 192 x 192, 8-bit colormap, non-interlaced	6452ED75C53E1A8E90A664DF18959A90	AC01FC2F40F0E4808E22A9C569F3775F0F15A5E2	C7BAC3E7016DFC7EB5787579BAC6B975B433FC1A9C279DAFC35649D4782F2061
Chrome Cache Entry: 126	ASCII text, with very long lines (23916)	60D4046B5DDBC71418F27CAFC87B5772	4E0B249A3E53B12ACE5E3A076045332BD1BE2B30	E27F48624DFE5FB5617C3789091E163EFF8006BB72EBC7EAB1E5CFD0AA87ABB5
Chrome Cache Entry: 127	PNG image data, 512 x 512, 8-bit colormap, non-interlaced	CBDC35F79D06D68AC46FA2F266AE7753	DBEC2B97222CD8E60EC3FBA4EF020BABC838135A	E673F8818103A583C9A98EE38AA7892D58969EC2A8387DEAA46EF6D94E8A3796
Chrome Cache Entry: 128	PNG image data, 33 x 584, 8-bit colormap, non-interlaced	E76EB2F1514E829762E5E34A0C7564DE	87B9FFD749D8AE749D0CE2F819801A266A82C834	A22160F1FE319BF0547FBD24F801444A01B397092D52062F6F6AC3DD574CAF7F
Chrome Cache Entry: 129	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 423x640, components 3	01359B148970B2FE0B4431B587809726	4054C2D08A298814F59A3FD761856EF39E20CCBC	4432B02088BF6F37574D4C9C6E5754C5134ACBF9F43CDC4AAF682B510E96C01A
Chrome Cache Entry: 130	PNG image data, 192 x 192, 8-bit colormap, non-interlaced	6452ED75C53E1A8E90A664DF18959A90	AC01FC2F40F0E4808E22A9C569F3775F0F15A5E2	C7BAC3E7016DFC7EB5787579BAC6B975B433FC1A9C279DAFC35649D4782F2061
Chrome Cache Entry: 131	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x480, components 3	B06DA401652A2AD7A88FF27991F3EF9A	6FDE1F115037CE2631A5B40B3A0003F2E77B5D57	F54F46907FD21FDE9940773AB3B170FAAEEEA307B67AB8E63120CA0E673A7247
Chrome Cache Entry: 132	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x162, components 3	EC054182B433F7A7270B78F2F272704F	6206F3C1921F5754A0216052AFB0DA22BE6F22FE	B0D9454B2E138E3D70542BCF96734753F6D04B45566D907AFC93E6031C113085
Chrome Cache Entry: 133	PNG image data, 10 x 10, 8-bit/color RGB, non-interlaced	8DC258A49B60FAE051E9A7CE11AD05CF	DAFEF280663F4205FC7F0E47799E9945E6A68D6D	C8CAED93847AFFC154CB3D424E34FC146E7340BB29ABEBD5EBA7063E3DCA0604
Chrome Cache Entry: 134	ASCII text, with very long lines (19762)	85AF7E79C538022B33FEAF50796A186F	9BA6ED8487E565570DE6044DADDE7CF783F21012	4EBB34ED52AEEA06BAB7756E6ADC29DB02A1562477661A1510D96DB6EF0869C5
Chrome Cache Entry: 135	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x480, components 3	345FFE23713612E87ED18C098FC0136F	0F1A6D5DBD8F31F1BF85368BCC21CFD7B8182D55	F80B484399794E024DDEF2A14E3ED8292E99C537C0357582526DA33AC10E6D95
Chrome Cache Entry: 136	PNG image data, 512 x 512, 8-bit colormap, non-interlaced	CBDC35F79D06D68AC46FA2F266AE7753	DBEC2B97222CD8E60EC3FBA4EF020BABC838135A	E673F8818103A583C9A98EE38AA7892D58969EC2A8387DEAA46EF6D94E8A3796
Chrome Cache Entry: 137	ASCII text, with very long lines (2096)	2D1ACDFFB0D4F6BFDF0D1106211A4CFF	B15EF7DFE6CA6C02FDBD1242F1BF50DBFFE4C643	2899207B3BB04433C3181B98E98309F9F2120735A322926ACA926D4A88E11103
Chrome Cache Entry: 138	C source, ASCII text, with very long lines (8652)	0A3FE4E2865E89C528B4FEB04144853D	7E172C21909A193457C1F6F731118B07FA1D2CDC	CDB034FD65BF6818BA6FEBFBC6B1343855D6E09730B5D7FD456ADF500E1945A4
Chrome Cache Entry: 139	ASCII text, with very long lines (5046)	F281B1F127350253E11901BEB1C0F730	5A7E8C99A9370A47D051283139624393E3BFE4AD	4CD878AFC9DA0F75FA166FA63EF5FA6CC6EB629CA9F39D3B05870C1F6C598D30
Chrome Cache Entry: 140	ASCII text, with very long lines (32301)	6077ACC6959C11491A9BE1371FAB2AEB	8F0FC94731470F25A10D159B0773241A5EB98B90	C4D4BF58693BBEC82F3AA345FDD974F1B295F70B41ABDF9191147EEB1731ADBA
Chrome Cache Entry: 141	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 960x486, components 3	107403A2C945B771587870EE767737CE	B2AB1A5EEBE46D6444BF0E91E731B561CA2F2AC9	1E3F9AFCAE0ABCF177130B481A74E6FBD4E8434E40250650303735F065E84082
Chrome Cache Entry: 142	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x480, components 3	181DF41D29472826F91831523DB40AFA	C8FE82E373E560F48AB681EBBA8CC219084C8269	B4DE57D6088ECA923E56D58A6EF2D03248EE3544E3D4289A2089319383A209A4
Chrome Cache Entry: 143	ASCII text, with very long lines (3367)	41ABCD7840B1E46275C05B8705DABB55	CC90931B81C6F5C33D2E7D81091D5DE2FBB9408B	BD2A8C6CE1DF55251A440EBF5D97F79D7AFCF5D4A2DF1BEF166109E00A701D65
Chrome Cache Entry: 144	PNG image data, 33 x 584, 8-bit colormap, non-interlaced	E76EB2F1514E829762E5E34A0C7564DE	87B9FFD749D8AE749D0CE2F819801A266A82C834	A22160F1FE319BF0547FBD24F801444A01B397092D52062F6F6AC3DD574CAF7F
Chrome Cache Entry: 145	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	3E764F0F737767B30A692FAB1DE3CE49	58FA0755A8EE455819769EE0E77C23829BF488DD	88AE5454A7C32C630703440849D35C58F570D8EECC23C071DBE68D63CE6A40D7
Chrome Cache Entry: 146	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 960x486, components 3	107403A2C945B771587870EE767737CE	B2AB1A5EEBE46D6444BF0E91E731B561CA2F2AC9	1E3F9AFCAE0ABCF177130B481A74E6FBD4E8434E40250650303735F065E84082
Chrome Cache Entry: 147	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 423x640, components 3	4D673BC6E4F920E0A84F50C1FE530A28	BC128E45EBD16FB2C5B82915BFC40F151FC6EBB9	DA8C161915D855F7D9D1E3EAE5FFDF6C48FDEE5AF244A72124C8B5EF7871E48B
Chrome Cache Entry: 148	ASCII text, with very long lines (17302)	D9CCC27569FE2620910D658430F61B15	97F39FF612FFCC66679FB534B6C85691E7F8BED8	C91849ADE9130F3E93C33E07C61DCF1E7D020E0667A7BDFBFBF2BE54B68D0B3D
Chrome Cache Entry: 149	ASCII text, with very long lines (29912)	D5DAFF7CD5AAA9DD009E76F657D9B0E9	626C273FE4BB616B458F53895408837FC864E81F	770C453086164975C543EEC0F2723E3A207FFE5568AD69A02220F60B9E19BC76
Chrome Cache Entry: 150	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 423x640, components 3	4D673BC6E4F920E0A84F50C1FE530A28	BC128E45EBD16FB2C5B82915BFC40F151FC6EBB9	DA8C161915D855F7D9D1E3EAE5FFDF6C48FDEE5AF244A72124C8B5EF7871E48B
Chrome Cache Entry: 151	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3	16D53FD8BB6894D2A4BF2C35C5DFD3F2	E9C0FE03D17693274A083294274F74C45ED45A81	6FDB5E29DF944800890E66CA68D12F2365E99BB7CFCB8F0D3C933126E21B4B79
Chrome Cache Entry: 152	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 450x720, components 3	7B580FCAA8CC77422965802F58307411	A7F3B9395EC9884D7F8AB0E8525CB2E8B072BB25	4F1B09A5E4910D1AE5B5EF8C400625E0B577E93105B232DEB4546AC11F800B14
Chrome Cache Entry: 153	ASCII text, with very long lines (49230)	17D86C159B81B9C8EC84FD26948112C3	6AA7C2370C8ED2CB683053043F2B07014FD0FFE8	F465BA8C3432FB5D047244473DEBBF348DDDF12DEA64AE8C24736342F7D28FC2
Chrome Cache Entry: 154	ASCII text, with very long lines (10333)	34753DA31081BC94B2BAA307667F1B9F	B1BAA35A02565B58CE5B79043AF303292E24B337	55C28B9B27A0E99E0A9F94941D6EF96B280ECAE17510EEC4C6B8300B90379C5C
Chrome Cache Entry: 155	ASCII text, with very long lines (22510)	1C139E6A5C4E192B80B1D808DBC7CA2F	08550253300A98B0E4CE222B1977F1A2B0436C17	A0C46A520AA9CDA24B3F2AB3BF6AFABE301937E562C35843FA79BD4E5D869CEF
Chrome Cache Entry: 156	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x480, components 3	A5DC67D18D9159788201FEB70DC91752	CA69F334AD23F104A53420B01AE2FB2B2326B9E0	D2E418FA5810E485BD07DAD69F3306205EFA850ACD2607EFF2CC3CB48C3A62E8
Chrome Cache Entry: 157	ASCII text, with very long lines (4563)	3E33F8F6548506554259BD6D17B4176A	D0B75C9E256122CEB88F5206F67EB6D498CC383C	45BE886EBC2B5A07BBFFA97E3FB335A85260584A3B77F7B4A8A84C500C802B8E
Chrome Cache Entry: 158	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x480, components 3	1B15A1CB525C09BE163F289E09A0DBA9	624D846E444E0469D7E3891391F6006BEFFE4291	C34CFEF62D23CAE12ECE03C1299A785F4DFE051A3A7E23E334CB9A90BB93CF3E
Chrome Cache Entry: 159	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x480, components 3	B06DA401652A2AD7A88FF27991F3EF9A	6FDE1F115037CE2631A5B40B3A0003F2E77B5D57	F54F46907FD21FDE9940773AB3B170FAAEEEA307B67AB8E63120CA0E673A7247
Chrome Cache Entry: 160	ASCII text, with very long lines (1130)	B0E4EB3E6843299A50E900013F47B2A1	BC727E2EC0EB9AF294A79D3B977FA6E97011811E	ED0E61C954B57634F1C6C0050A56FBE1E268FD2DF256B15AB5B7BB7D43F4B6B0

Source: https://www.facebook.com/groups/191802104561301/media/videos

HTTP Parser: <input type="password" .../> found

Source: https://www.facebook.com/groups/191802104561301/media/videos	HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/groups/191802104561301/media/videos	HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/groups/191802104561301/media/videos	HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/groups/191802104561301/media/videos	HTTP Parser: No <meta name="author".. found

Source: https://www.facebook.com/groups/191802104561301/media/videos	HTTP Parser: No <meta name="copyright".. found
Source: https://www.facebook.com/groups/191802104561301/media/videos	HTTP Parser: No <meta name="copyright".. found
Source: https://www.facebook.com/groups/191802104561301/media/videos	HTTP Parser: No <meta name="copyright".. found
Source: https://www.facebook.com/groups/191802104561301/media/videos	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49836 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /groups/191802104561301/media/videos HTTP/1.1Host: www.facebook.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yQ/l/0,cross/3AyonyDMJju.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yo/r/noD1oQJiCYY.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3ivDB4/y6/l/en_US/LqVfMHTJ9_oMY3cWsxDsim6o4gQ-2xoQcC3aoXwX7mwI_CM1jY0vDUQEoYJkKWbHxzBQbCw57inkqSJQWbQFzxtGR4v5R_4lLcx1Rdzuzi16yg2P45ax7X-hYGc1wa-Oq19c8UFGgncWcrTOmPobANp9KHpDnYRWx5vjUQhP0HLNJLur35pXyNW5O2eLF_t-hPrgmOFx37sBU74Y3_eJMlvvhSHqcRl8uZh0wwKbKOFmYVL9vR980mk9ZOI-Ip55HfXW__mMMP-5hSGBbNbgFRlCsGN0FHzi95_wmB-51YxoStyBz2gE2pEQn4HVER6qmSdmQUrU48.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3iMvG4/yi/l/en_US/J6PEW1zkdET0dw91vX2QqCV5bVta2J7S4uCHGMZIDGEITtg2YRX4wVhDYvatkvPhoO.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3iQh04/yl/l/en_US/q9mE-dy1BQ8.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3idBq4/yP/l/en_US/AyyGpm6_fQg.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/345408838_554868536720991_4473956762622793907_n.jpg?stp=dst-jpg_p480x480&_nc_cat=111&ccb=1-7&_nc_sid=5f2048&_nc_ohc=Fka_uNor5akAX_5Vx0x&_nc_ht=scontent-iad3-2.xx&oh=00_AfBneEOE2bzNnHCq-ehBwWm6GeZ-CbH_6iWYmm36nrGn5g&oe=6607DB9F HTTP/1.1Host: scontent-iad3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t31.18172-8/14711400_591923380980004_146498289764737937_o.jpg?stp=dst-jpg_fb50_s320x320&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=US-2ZbAgYQ0AX8PS474&_nc_ht=scontent-iad3-1.xx&oh=00_AfDC1FQNbzUTX09-0lc08NGwHIjdbNpDLEXCu4RbW3H_sw&oe=662A8448 HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t31.18172-8/14711400_591923380980004_146498289764737937_o.jpg?stp=dst-jpg_s960x960&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=US-2ZbAgYQ0AX8PS474&_nc_ht=scontent-iad3-1.xx&oh=00_AfBinJfMHk1TYrtMfoEdUzED7UOwvi3Z6zmQwkkYIyjuVA&oe=662A8448 HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/336927474_3319882898322661_4683473465336529276_n.jpg?stp=dst-jpg_p480x480&_nc_cat=105&ccb=1-7&_nc_sid=5f2048&_nc_ohc=FZusoMbXGhIAX98kDRY&_nc_ht=scontent-iad3-2.xx&oh=00_AfC5TzcLvwR8E0KjfoFgi3aCTty4_u8EoD3w1Ox0pdfqcA&oe=6608C786 HTTP/1.1Host: scontent-iad3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/422970684_1757890574713454_756376464245095654_n.jpg?stp=dst-jpg_s720x720&_nc_cat=110&ccb=1-7&_nc_sid=5f2048&_nc_ohc=107UIiOzT7gAX9j_LK6&_nc_ht=scontent-iad3-1.xx&oh=00_AfA8LKV88KVnwDwmya6T7YZvMdgapnppWYhXAjPM03dWLg&oe=66074431 HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/346104329_565262735721643_9219658793372446428_n.jpg?stp=dst-jpg_p480x480&_nc_cat=105&ccb=1-7&_nc_sid=5f2048&_nc_ohc=8dZ_kGEmhDsAX85Ph0z&_nc_ht=scontent-iad3-2.xx&oh=00_AfDxscQOPmDUQooFxIs1EGi5CEM_0K2ynZxX2H8vrjD37A&oe=6607C420 HTTP/1.1Host: scontent-iad3-2.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/365868153_743671090857740_6406375155720795749_n.jpg?stp=dst-jpg_s640x640&_nc_cat=101&ccb=1-7&_nc_sid=5f2048&_nc_ohc=zDOwJGShkAYAX8DcVsw&_nc_ht=scontent-iad3-1.xx&oh=00_AfD8SREs1djMaWBCEsRKckYil_1mEPLUKv1FKPDO24gXKw&oe=660867B5 HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/353948418_116757841451495_7051299819541577410_n.jpg?stp=dst-jpg_s640x640&_nc_cat=108&ccb=1-7&_nc_sid=5f2048&_nc_ohc=0q-qhw2-qZMAX8CfBwF&_nc_ht=scontent-iad3-1.xx&oh=00_AfAbn_4msclyUHq3UB_aqHff34_4jm8NlN-qQ9r7ygS_eg&oe=66079D92 HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/344299204_778385596974975_3925581549886345862_n.jpg?stp=dst-jpg_p480x480&_nc_cat=110&ccb=1-7&_nc_sid=5f2048&_nc_ohc=BRYczwzYVx8AX8OlnWr&_nc_ht=scontent-iad3-1.xx&oh=00_AfDrfzFfvjJJJOWg4dEIsmiTIicKbMynrBaxObxy1-qN6g&oe=6608378A HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/344291496_941761983774142_6714898198585150208_n.jpg?stp=dst-jpg_p480x480&_nc_cat=108&ccb=1-7&_nc_sid=5f2048&_nc_ohc=ps2qWAox_o4AX_5sAkd&_nc_ht=scontent-iad3-1.xx&oh=00_AfDXCbIngEl6nKLekpfKqO62PR1XH9A8fTO3UaT9JUiAyA&oe=66079A1F HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3i-LK4/yC/l/en_US/6Q0E-Aihmb8.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3iEI74/ys/l/en_US/RsYgUPkiI0GIOrr8Repg2I8YKvM40ckJTsYEcTr9k1uxj9xJniev-aE7Zc-ipmmdxVkEXcCWPrroV5wrZTyFmaOOfWxL1rr0Obq.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yu/r/hJhMncL-mDP.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3iWd-4/yc/l/en_US/Yx7PwT2JwaP.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3i03r4/yh/l/en_US/WBgVVoYHjyJBx2ohSxNfK51trd-z_zgkrcS1tiv9hBEZlfzIGzJRT-zkSMvWi-DAk6XYYhi4epUx2joFkVjeqNmCZ_uh8Ri8EqTv4ejvoijb302ZM4-qdc884u1lhyFxJ4dCTEvncaMuwhpc3MgCmCuvkpMttPnMfQyeNxsw_y3zVOBS5r1v89-9txa.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3iN2w4/yH/l/en_US/wjOcH-I6_fe.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3ijbW4/ys/l/en_US/nSQLiQbQffO.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yS/r/YOJay7eN_PK.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3it4v4/y7/l/en_US/Yy3UvLlQ5s2.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/ye/r/mM84SfiWlvq.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yu/r/0dhQxNDfACl.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3iGuT4/y7/l/en_US/XpxuEikPIs6.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yy/r/hLElYKzBG38.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3iRdI4/yf/l/en_US/o66RdpHoPFZ.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3ib-74/yH/l/en_US/lJVPjox8GXT.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/346104329_565262735721643_9219658793372446428_n.jpg?stp=dst-jpg_p480x480&_nc_cat=105&ccb=1-7&_nc_sid=5f2048&_nc_ohc=8dZ_kGEmhDsAX85Ph0z&_nc_ht=scontent-iad3-2.xx&oh=00_AfDxscQOPmDUQooFxIs1EGi5CEM_0K2ynZxX2H8vrjD37A&oe=6607C420 HTTP/1.1Host: scontent-iad3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t31.18172-8/14711400_591923380980004_146498289764737937_o.jpg?stp=dst-jpg_fb50_s320x320&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=US-2ZbAgYQ0AX8PS474&_nc_ht=scontent-iad3-1.xx&oh=00_AfDC1FQNbzUTX09-0lc08NGwHIjdbNpDLEXCu4RbW3H_sw&oe=662A8448 HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t31.18172-8/14711400_591923380980004_146498289764737937_o.jpg?stp=c24.0.50.50a_cp0_dst-jpg_p50x50&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=US-2ZbAgYQ0AX8PS474&_nc_ht=scontent-iad3-1.xx&oh=00_AfBxa19PYuVvdAzvgqt5d38YFDOYSpZaMMH3nqGHT4ws5g&oe=662A8448 HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/336927474_3319882898322661_4683473465336529276_n.jpg?stp=dst-jpg_p480x480&_nc_cat=105&ccb=1-7&_nc_sid=5f2048&_nc_ohc=FZusoMbXGhIAX98kDRY&_nc_ht=scontent-iad3-2.xx&oh=00_AfC5TzcLvwR8E0KjfoFgi3aCTty4_u8EoD3w1Ox0pdfqcA&oe=6608C786 HTTP/1.1Host: scontent-iad3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/365868153_743671090857740_6406375155720795749_n.jpg?stp=dst-jpg_s640x640&_nc_cat=101&ccb=1-7&_nc_sid=5f2048&_nc_ohc=zDOwJGShkAYAX8DcVsw&_nc_ht=scontent-iad3-1.xx&oh=00_AfD8SREs1djMaWBCEsRKckYil_1mEPLUKv1FKPDO24gXKw&oe=660867B5 HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/353948418_116757841451495_7051299819541577410_n.jpg?stp=dst-jpg_s640x640&_nc_cat=108&ccb=1-7&_nc_sid=5f2048&_nc_ohc=0q-qhw2-qZMAX8CfBwF&_nc_ht=scontent-iad3-1.xx&oh=00_AfAbn_4msclyUHq3UB_aqHff34_4jm8NlN-qQ9r7ygS_eg&oe=66079D92 HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/344299204_778385596974975_3925581549886345862_n.jpg?stp=dst-jpg_p480x480&_nc_cat=110&ccb=1-7&_nc_sid=5f2048&_nc_ohc=BRYczwzYVx8AX8OlnWr&_nc_ht=scontent-iad3-1.xx&oh=00_AfDrfzFfvjJJJOWg4dEIsmiTIicKbMynrBaxObxy1-qN6g&oe=6608378A HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/422970684_1757890574713454_756376464245095654_n.jpg?stp=dst-jpg_s720x720&_nc_cat=110&ccb=1-7&_nc_sid=5f2048&_nc_ohc=107UIiOzT7gAX9j_LK6&_nc_ht=scontent-iad3-1.xx&oh=00_AfA8LKV88KVnwDwmya6T7YZvMdgapnppWYhXAjPM03dWLg&oe=66074431 HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t31.18172-8/14711400_591923380980004_146498289764737937_o.jpg?stp=dst-jpg_s960x960&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=US-2ZbAgYQ0AX8PS474&_nc_ht=scontent-iad3-1.xx&oh=00_AfBinJfMHk1TYrtMfoEdUzED7UOwvi3Z6zmQwkkYIyjuVA&oe=662A8448 HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/345408838_554868536720991_4473956762622793907_n.jpg?stp=dst-jpg_p480x480&_nc_cat=111&ccb=1-7&_nc_sid=5f2048&_nc_ohc=Fka_uNor5akAX_5Vx0x&_nc_ht=scontent-iad3-2.xx&oh=00_AfBneEOE2bzNnHCq-ehBwWm6GeZ-CbH_6iWYmm36nrGn5g&oe=6607DB9F HTTP/1.1Host: scontent-iad3-2.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yS/r/YOJay7eN_PK.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yY/r/YT7n1sgH1lv.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3iNTg4/ys/l/en_US/R-iMvr77wdb.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yy/r/hLElYKzBG38.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t15.5256-10/344291496_941761983774142_6714898198585150208_n.jpg?stp=dst-jpg_p480x480&_nc_cat=108&ccb=1-7&_nc_sid=5f2048&_nc_ohc=ps2qWAox_o4AX_5sAkd&_nc_ht=scontent-iad3-1.xx&oh=00_AfDXCbIngEl6nKLekpfKqO62PR1XH9A8fTO3UaT9JUiAyA&oe=66079A1F HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t31.18172-8/14711400_591923380980004_146498289764737937_o.jpg?stp=c24.0.50.50a_cp0_dst-jpg_p50x50&_nc_cat=102&ccb=1-7&_nc_sid=5f2048&_nc_ohc=US-2ZbAgYQ0AX8PS474&_nc_ht=scontent-iad3-1.xx&oh=00_AfBxa19PYuVvdAzvgqt5d38YFDOYSpZaMMH3nqGHT4ws5g&oe=662A8448 HTTP/1.1Host: scontent-iad3-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /hads-ak-prn2/1487645_6012475414660_1439393861_n.png HTTP/1.1Host: scontent.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3imd04/y_/l/en_US/s7gvP_bieRc.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/ys/r/wV1EPAsR05q.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yd/r/ZMDmtP-j05B.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/yT/r/aGT3gskzWBf.ico HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /data/manifest/ HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36viewport-width: 1280sec-ch-ua-platform-version: "10.0.0"dpr: 1sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://www.facebook.com/groups/191802104561301/media/videosAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1280x907; _js_datr=hhsDZgtz2uh6qetmiSjWtBtp; ps_n=0; ps_l=0; fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxuL.AWUlbi7v7_8
Source: global traffic	HTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1280x907; _js_datr=hhsDZgtz2uh6qetmiSjWtBtp; ps_n=0; ps_l=0; fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxuL.AWUlbi7v7_8
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/y0/r/eFZD1KABzRA.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/yT/r/aGT3gskzWBf.ico HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /hads-ak-prn2/1487645_6012475414660_1439393861_n.png HTTP/1.1Host: scontent.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=5&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1280x907; ps_n=0; ps_l=0; fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxuL.AWUlbi7v7_8; datr=hhsDZgtz2uh6qetmiSjWtBtp
Source: global traffic	HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=7&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1280x907; ps_n=0; ps_l=0; fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxuL.AWUlbi7v7_8; datr=hhsDZgtz2uh6qetmiSjWtBtp
Source: global traffic	HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=6&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1280x907; ps_n=0; ps_l=0; fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxuL.AWUlbi7v7_8; datr=hhsDZgtz2uh6qetmiSjWtBtp
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/y0/r/eFZD1KABzRA.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=8&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1280x907; ps_n=0; ps_l=0; datr=hhsDZgtz2uh6qetmiSjWtBtp; fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxuO.AWW_vohMhoY
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yd/r/DeNyZD1Vj3q.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yd/r/DeNyZD1Vj3q.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=a&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ps_n=0; ps_l=0; datr=hhsDZgtz2uh6qetmiSjWtBtp; fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxuO.AWW_vohMhoY; wd=1280x958
Source: global traffic	HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=b&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ps_n=0; ps_l=0; datr=hhsDZgtz2uh6qetmiSjWtBtp; fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxuO.AWW_vohMhoY; wd=1280x958
Source: global traffic	HTTP traffic detected: GET /ajax/webstorage/process_keys/?state=1 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ps_n=0; ps_l=0; datr=hhsDZgtz2uh6qetmiSjWtBtp; fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxuO.AWW_vohMhoY; wd=1280x958
Source: global traffic	HTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19808.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7350749279338979754&__req=d&__rev=1012316366&__s=i7sowy%3Au30xf7%3Al6ruuz&__spin_b=trunk&__spin_r=1012316366&__spin_t=1711479686&__user=0&dpr=1&jazoest=2938&lsd=AVok8aD-Nvk&ph=C3&qpl_active_flow_ids=431626709 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ps_n=0; ps_l=0; datr=hhsDZgtz2uh6qetmiSjWtBtp; wd=1280x958; fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxvI.AWUm-Vk5k2M
Source: global traffic	HTTP traffic detected: GET /groups/191802104561301/media/videos HTTP/1.1Host: www.facebook.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: chromecache_109.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/A4tfXiHOGrs/ equals www.facebook.com (Facebook)
Source: chromecache_121.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/CCT5pM3qiNk/ equals www.facebook.com (Facebook)
Source: chromecache_109.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/Ga6vBwdwgUx/ equals www.facebook.com (Facebook)
Source: chromecache_121.2.dr, chromecache_116.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/MDzNl_j9yvg/ equals www.facebook.com (Facebook)
Source: chromecache_121.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/OKBVmODmb-W/ equals www.facebook.com (Facebook)
Source: chromecache_139.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/V9vdYColc4k/ equals www.facebook.com (Facebook)
Source: chromecache_121.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/WRsJ32R7YJG/ equals www.facebook.com (Facebook)
Source: chromecache_121.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/aJoeSHn7XcN/ equals www.facebook.com (Facebook)
Source: chromecache_121.2.dr, chromecache_116.2.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/t3hOLs8wlXy/ equals www.facebook.com (Facebook)
Source: chromecache_107.2.dr	String found in binary or memory: __d("Chromedome",["fbt"],(function(a,b,c,d,e,f,g,h){function i(){if(document.domain==null)return null;var a=document.domain,b=/^intern\./.test(a);if(b)return null;b=/(^\|\.)facebook\.(com\|sg)$/.test(a);if(b)return"facebook";b=/(^\|\.)instagram\.com$/.test(a);if(b)return"instagram";b=/(^\|\.)threads\.net$/.test(a);if(b)return"threads";b=/(^\|\.)messenger\.com$/.test(a);return b?"messenger":null}function j(a){if(a==="instagram")return h._("This is a browser feature intended for developers. If someone told you to copy-paste something here to enable an Instagram feature or \"hack\" someone's account, it is a scam and will give them access to your Instagram account.");return a==="threads"?h._("This is a browser feature intended for developers. If someone told you to copy-paste something here to enable a Threads feature or \"hack\" someone's account, it is a scam and will give them access to your Threads account."):h._("This is a browser feature intended for developers. If someone told you to copy-paste something here to enable a Facebook feature or \"hack\" someone's account, it is a scam and will give them access to your Facebook account.")}function a(a){if(top!==window)return;a=i();if(a==null)return;var b=h._("Stop!");a=j(a);var c=h._("See {url} for more information.",[h._param("url","https://www.facebook.com/selfxss")]);if(window.chrome\|\|window.safari){var d="font-family:helvetica; font-size:20px; ";[[b,d+"font-size:50px; font-weight:bold; color:red; -webkit-text-stroke:1px black;"],[a,d],[c,d],["",""]].map(function(a){window.setTimeout(console.log.bind(console,"\n%c"+a[0].toString(),a[1]))})}else{b=[""," .d8888b. 888 888","d88P Y88b 888 888","Y88b. 888 888",' "Y888b. 888888 .d88b. 88888b. 888',' "Y88b. 888 d88""88b 888 "88b 888',' "888 888 888 888 888 888 Y8P',"Y88b d88P Y88b. Y88..88P 888 d88P",' "Y8888P" "Y888 "Y88P" 88888P" 888'," 888"," 888"," 888"];d=(""+a.toString()).match(/.{35}.+?\s+\|.+$/g);if(d!=null){a=Math.floor(Math.max(0,(b.length-d.length)/2));for(var e=0;e<b.length\|\|e<d.length;e++){var f=b[e];b[e]=f+new Array(45-f.length).join(" ")+(d[e-a]\|\|"")}}console.log("\n\n\n"+b.join("\n")+"\n\n"+c.toString()+"\n");return}}g.start=a}),98); equals www.facebook.com (Facebook)
Source: chromecache_121.2.dr	String found in binary or memory: __d("CometCookieConsent2023Q1OtherCompanies.react",["CometCookieConsentModalStringsUpdated","CometCookieConsentSectionAccordion.react","CometCookieConsentUtils.react","CometListCellText.react","TetraText.react","react"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h\|\|d("react");function a(){return i.jsxs("div",{className:"x1nb4dca x1q0q8m5 xso031l xx6bls6",children:[i.jsx("div",{className:"x9orja2",children:i.jsx(c("TetraText.react"),{type:"headlineEmphasized2",children:d("CometCookieConsentModalStringsUpdated").COOKIES_FROM_OTHER_COMPANIES_SECTION_HEADER})}),i.jsx("div",{className:"x1cnzs8",children:i.jsx(c("TetraText.react"),{type:"body3",children:d("CometCookieConsentModalStringsUpdated").getCookiesFromOtherCompaniesSubHeader(p)})}),i.jsx("div",{className:"x1cnzs8",children:i.jsx(c("CometCookieConsentSectionAccordion.react"),{content:k,sectionTitle:j})}),i.jsx("div",{children:i.jsx(c("CometCookieConsentSectionAccordion.react"),{content:m,sectionTitle:l})}),i.jsx("div",{children:i.jsx(c("CometCookieConsentSectionAccordion.react"),{content:o,sectionTitle:n})})]})}a.displayName=a.name+" [from "+f.id+"]";var j=i.jsx(c("CometListCellText.react"),{headline:i.jsx(c("TetraText.react"),{type:"headlineEmphasized3",children:d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES})}),k=i.jsxs("div",{style:{marginLeft:10},children:[i.jsx("div",{style:{paddingBottom:10,paddingTop:10},children:i.jsx(c("TetraText.react"),{type:"body3",children:d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES_INTRO})}),i.jsx(d("CometCookieConsentUtils.react").CometConsentListBullets,{list:[d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES_ITEM_1,d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES_ITEM_2,d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES_ITEM_3]})]}),l=i.jsx(c("CometListCellText.react"),{headline:i.jsx(c("TetraText.react"),{type:"headlineEmphasized3",children:d("CometCookieConsentModalStringsUpdated").IF_ALLOW_THESE_COOKIES})}),m=i.jsx("div",{style:{marginLeft:10},children:i.jsx(d("CometCookieConsentUtils.react").CometConsentListBullets,{list:[d("CometCookieConsentModalStringsUpdated").IF_ALLOW_THESE_COOKIES_ITEM_1,d("CometCookieConsentModalStringsUpdated").IF_ALLOW_THESE_COOKIES_ITEM_2,d("CometCookieConsentModalStringsUpdated").IF_ALLOW_THESE_COOKIES_ITEM_3]})}),n=i.jsx(c("CometListCellText.react"),{headline:i.jsx(c("TetraText.react"),{type:"headlineEmphasized3",children:d("CometCookieConsentModalStringsUpdated").IF_DONT_ALLOW_THESE_COOKIES})}),o=i.jsx("div",{style:{marginLeft:10},children:i.jsx(d("CometCookieConsentUtils.react").CometConsentListBullets,{list:[d("CometCookieConsentModalStringsUpdated").IF_DONT_ALLOW_THESE_COOKIES_ITEM_1,d("CometCookieConsentModalStringsUpdated").IF_DONT_ALLOW_THESE_COOKIES_ITEM_2]})}),p="https://www.facebook.com/privacy/policies/cookies/?annotations[0]=explanation%2F3_companies_list";g.CometCookieConsent2023Q1OtherCompanies=a}),98); equals www.f
Source: chromecache_157.2.dr	String found in binary or memory: __d("CometLegalFooter.react",["fbt","ix","BaseMiddot.react","CometErrorBoundary.react","CometLazyPopoverTrigger.react","CometLink.react","CometPressable.react","FBCookieSettingsLoggedOutConfig","JSResourceForInteraction","ServerTime","TetraIcon.react","TetraText.react","XHealthPolicyCometControllerRouteBuilder","XPrivacyPolicyCometControllerRouteBuilder","fbicon","gkx","react","useCurrentRoute"],(function(a,b,c,d,e,f,g,h,i){"use strict";var j,k=j\|\|d("react"),l=c("JSResourceForInteraction")("CometLegalFooterMoreMenu.react").__setRef("CometLegalFooter.react");function m(){try{var a;return(a=new Date(d("ServerTime").getMillis()))==null?void 0:a.getFullYear()}catch(a){return null}}function a(a){var b=a.isHelpCenter;b=b===void 0?!1:b;var e=a.isPage;e=e===void 0?!1:e;var f=a.onClick;a=d("FBCookieSettingsLoggedOutConfig").should_show_cookie_settings;var g=c("useCurrentRoute")(),j=m(),n=c("XPrivacyPolicyCometControllerRouteBuilder").buildUri({entry_point:"comet_dropdown"}),o=c("XHealthPolicyCometControllerRouteBuilder").buildUri({});e=[{href:"https://www.facebook.com/legal/terms/information_about_page_insights_data",label:h._("Information about Page Insights Data"),render:e&&c("gkx")("22806")},{href:n.toString(),label:h._("Privacy"),testid:"CometDropdownPrivacy"},{href:o.toString(),label:h._("Consumer Health Privacy"),render:c("gkx")("2828"),testid:"CometDropdownHealthPrivacy"},{href:"/terms?ref=pf",label:"Impressum/Terms/NetzDG/UrhDaG",render:c("gkx")("22807")&&!c("gkx")("22808")},{href:"/terms?ref=pf",label:h._("Imprint\/Terms"),render:c("gkx")("22808")},{href:"/legal/germany/",label:"UrhDaG/MStV",render:c("gkx")("22808")},{href:"/policies?ref=pf",label:h._("Terms"),render:!c("gkx")("22807")&&!c("gkx")("22808"),testid:"CometDropdownTerms"},{href:"/business/",label:h._("Advertising")},{href:"/help/568137493302217",label:k.jsxs(k.Fragment,{children:[h._("Ad Choices")," ",k.jsx(c("CometErrorBoundary.react"),{children:k.jsx("span",{className:"x1n2onr6 x1qiirwl",children:k.jsx(c("TetraIcon.react"),{color:"secondary",icon:d("fbicon")._(i("871692"),12)})})})]})},{href:"/policies/cookies/",label:h._("Cookies"),testid:"CometDropdownCookies"},{href:"/privacy/cookie_settings/",label:h._("Cookie Settings"),render:a}].filter(function(a){return a.render==null\|\|a.render===!0});var p=[];if((g==null?void 0:(n=g.rootView.props)==null?void 0:n.seoCrawlingPool)&&(g==null?void 0:(o=g.rootView.props)==null?void 0:o.seoCrawlingPool.url)){Array.from(Array((g==null?void 0:(a=g.rootView.props)==null?void 0:a.seoCrawlingPool.multiple_links)\|\|0)).forEach(function(a,b){p.push(k.jsxs("li",{className:"xt0psk2",children:[k.jsx(c("CometLink.react"),{color:"secondary",href:g==null?void 0:(a=g.rootView.props)==null?void 0:a.seoCrawlingPool.url,onClick:f,weight:"normal",children:g==null?void 0:(a=g.rootView.props)==null?void 0:a.seoCrawlingPool.link_string}),k.jsx(c("BaseMiddot.react"),{})]},b))})}if((g==null?void 0:(n=g.rootView.props)==null?void 0:n.seoGrowthAutomationCrawlingPool)&&(g
Source: chromecache_143.2.dr	String found in binary or memory: __d("FBReelsURLUtils",["ConstUriUtils","XCometFBReelControllerRouteBuilder","gkx"],(function(a,b,c,d,e,f,g){"use strict";function h(a,b,d,e,f,g){b=(b=b)!=null?b:"UNKNOWN";var h="group_other",i=void 0;if(Boolean(e)){switch(d){case"group":case"group_mall":h="group";i=f==null?void 0:f;break;case"groups_tab":h="groups_tab";break;default:break}b=h}e={group_id:i,s:b,stack_idx:g==null?void 0:g,video_id:a==null?void 0:a};return c("XCometFBReelControllerRouteBuilder").buildURL(e)}function a(a,b,c,e,f,g){a=h(a,b,c,e,f,g);if(i()){f=(b=d("ConstUriUtils").getUri(a))==null?void 0:(c=b.getQualifiedUri())==null?void 0:(e=c.setDomain("www.facebook.com"))==null?void 0:e.toString();if(f!=null)return f}return a}function b(a){return["fb_shorts_video_deep_dive","fb_shorts_profile_video_deep_dive"].includes(a)}function i(){return c("gkx")("22564")\|\|c("gkx")("24206")}g.getReelsURL=h;g.getReelsAbsoluteURL=a;g.isReelsRenderLocationVDD=b;g.isBizSurface=i}),98); equals www.facebook.com (Facebook)
Source: chromecache_121.2.dr	String found in binary or memory: __d("FacebookCookieConsentCustomization",["fbt","ix","JSResourceForInteraction","XCookiesPolicyControllerRouteBuilder","isBaseline4EnabledForLoggedOut","isCNILEnabledForLoggedOut","lazyLoadComponent"],(function(a,b,c,d,e,f,g,h,i){"use strict";var j=c("lazyLoadComponent")(c("JSResourceForInteraction")("FacebookCometCookieConsentDialogDataSettings.react").__setRef("FacebookCookieConsentCustomization"));a=function(){var a,b,d,e=null;c("isBaseline4EnabledForLoggedOut")()\|\|c("isCNILEnabledForLoggedOut")()?(b=i("1954651"),d=i("1954649"),e=h._("More options")):(b=i("856481"),d=i("856481"),e=h._("Manage Data Settings"));a=(a=(a=c("XCookiesPolicyControllerRouteBuilder").buildUri({}).getQualifiedUri())==null?void 0:(a=a.setDomain("www.facebook.com"))==null?void 0:a.toString())!=null?a:"";return{essentialCookiesOnly:!1,faviconDark:d,faviconLight:b,policyUrl:a,productName:"FACEBOOK",secondaryAction:{label:e,viewReference:j}}};b=a;g["default"]=b}),98); equals www.facebook.com (Facebook)
Source: chromecache_153.2.dr	String found in binary or memory: __d("GroupsCometMemberCountAndPrivacy.react",["BaseMiddot.react","CometLink.react","CometRelay","CometRow.react","CometRowItem.react","CurrentEnvironment","GroupsCometMemberCountAndPrivacy_group.graphql","GroupsCometPrivacyText.react","XCometGroupMembersControllerRouteBuilder","promiseDone","react","requireDeferred","useGroupsCometMemberCount","useMinifiedProductAttribution","usePreviousSurfaceForGroupLogging"],(function(a,b,c,d,e,f,g){"use strict";var h,i,j=i\|\|(i=d("react")),k=i.useRef,l=c("requireDeferred")("GroupClickActionFalcoEvent").__setRef("GroupsCometMemberCountAndPrivacy.react"),m="www.facebook.com";function a(a){a=a.group$key;var e=d("CometRelay").useFragment(h!==void 0?h:h=b("GroupsCometMemberCountAndPrivacy_group.graphql"),a);a=c("CurrentEnvironment").messengerdotcom?(a=c("XCometGroupMembersControllerRouteBuilder").buildUri({idorvanity:e.id}).setDomain(m))==null?void 0:(a=a.setProtocol("https"))==null?void 0:a.toString():c("XCometGroupMembersControllerRouteBuilder").buildUri({idorvanity:e.id}).toString();var f=c("useGroupsCometMemberCount")({group$key:e}),g=c("useMinifiedProductAttribution")(),i=c("usePreviousSurfaceForGroupLogging")(),n=k(i);i=function(){c("promiseDone")(l.load().then(function(a){return a.log(function(){var a;return{attribution_id:"[]",attribution_id_v2:(a=g)!=null?a:"[]",current_surface:"group_mall",group_id:(a=e.id)!=null?a:"",previous_surface:n.current,unit_name:"group_ngn_members"}})}))};return j.jsxs(c("CometRow.react"),{align:"start",paddingHorizontal:0,paddingTop:0,spacing:4,verticalAlign:"center",wrap:"forward",children:[j.jsx(c("CometRowItem.react"),{children:j.jsx(c("GroupsCometPrivacyText.react"),{group$key:e})}),f!=null&&j.jsx(c("CometRowItem.react"),{children:j.jsx(c("BaseMiddot.react"),{})}),f!=null&&j.jsx(c("CometRowItem.react"),{children:j.jsx(c("CometLink.react"),{color:"secondary",href:a,onClick:i,children:f})})]})}a.displayName=a.name+" [from "+f.id+"]";g["default"]=a}),98); equals www.facebook.com (Facebook)

Source: unknown

DNS traffic detected: queries for: www.facebook.com

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=01Dv0PiRi9JaZer5e..BmAxuK..AAA.0.0.BmAxuK.AWUHV5Izz6Y; expires=Mon, 24-Jun-2024 19:01:30 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: ps_n=0; expires=Wed, 30-Apr-2025 19:01:31 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly; SameSite=NoneSet-Cookie: ps_l=0; expires=Wed, 30-Apr-2025 19:01:31 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly; SameSite=LaxSet-Cookie: fr=0vx1zAI1Sg7RP6W3L..BmAxuL..AAA.0.0.BmAxuL.AWXkSW8gBUQ; expires=Mon, 24-Jun-2024 19:01:31 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: ps_l=0; expires=Wed, 30-Apr-2025 19:01:31 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly; SameSite=LaxSet-Cookie: ps_n=0; expires=Wed, 30-Apr-2025 19:01:31 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly; SameSite=NoneSet-Cookie: fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxuL.AWUlbi7v7_8; expires=Mon, 24-Jun-2024 19:01:31 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: datr=hhsDZgtz2uh6qetmiSjWtBtp; expires=Wed, 30-Apr-2025 19:01:34 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly; SameSite=NoneSet-Cookie: _js_datr=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=-1711479693; path=/; domain=.facebook.com; httponlySet-Cookie: fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxuO.AWW_vohMhoY; expires=Mon, 24-Jun-2024 19:01:34 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=09f2KbxfdO7GCXcCs..BmAxuL..AAA.0.0.BmAxvI.AWUm-Vk5k2M; expires=Mon, 24-Jun-2024 19:02:32 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}

Source: chromecache_134.2.dr	String found in binary or memory: https://fburl.com/comet_preloading
Source: chromecache_134.2.dr	String found in binary or memory: https://fburl.com/dialog-provider).
Source: chromecache_134.2.dr	String found in binary or memory: https://fburl.com/wiki/m19zmtlh
Source: chromecache_154.2.dr	String found in binary or memory: https://fburl.com/wiki/xrzohrqb
Source: chromecache_121.2.dr	String found in binary or memory: https://optout.aboutads.info/
Source: chromecache_126.2.dr	String found in binary or memory: https://scontent.xx.fbcdn.net/hads-ak-prn2/1487645_6012475414660_1439393861_n.png
Source: chromecache_121.2.dr	String found in binary or memory: https://support.google.com/chrome/answer/95647
Source: chromecache_109.2.dr	String found in binary or memory: https://www.internalfb.com/intern/invariant/
Source: chromecache_121.2.dr	String found in binary or memory: https://www.youronlinechoices.com/
Source: chromecache_121.2.dr	String found in binary or memory: https://youradchoices.ca/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49836 version: TLS 1.2

System Summary

Downloads suspicious files via Chrome

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File dump: C:\Users\user\Desktop\Facebook.lnk

Jump to dropped file

Source: classification engine

Classification label: sus20.win@17/104@30/9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Desktop\Facebook.lnk

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 --field-trial-handle=2356,i,12125854858765299221,15088975027911277017,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.facebook.com/groups/191802104561301/media/videos"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 --field-trial-handle=2356,i,12125854858765299221,15088975027911277017,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Facebook.lnk.0.dr	LNK file: ..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Facebook.lnk0.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Facebook.lnk1.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Facebook.lnk			Jump to behavior

ID:	1416065
Product:	CloudBasic
Start time:	20:00:31
Start date:	26.03.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://www.facebook.com/groups/191802104561301/media/videos

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://www.facebook.com/groups/191802104561301/media/videos

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://www.facebook.com/groups/191802104561301/media/videos