15aee4e6ed635ab9c09ebebfb97682dcc6bd56919923302d13e1f143afd96343

Analysis

max time kernel
148s
max time network
148s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 07:03 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23bba9016932a5f759c230298c994a65_JaffaCakes118.html
Size

175KB
MD5

23bba9016932a5f759c230298c994a65
SHA1

44e8f5682632d1c7e7aba4e9851c81189cbef137
SHA256

15aee4e6ed635ab9c09ebebfb97682dcc6bd56919923302d13e1f143afd96343
SHA512

eba6945f4b7bc05b382a64965868717824cd397482f87ca5943339be00ce1113c7900c2b0b093775cb31fdc2c747e4a2e531b166f1b9b07cec1fb0b85113ed1a
SSDEEP

1536:SqtH8gd8Wu8pI8Cd8hd8dQgbH//WoS3eGNkFs1YfBCJiZn+aeTH+WK/Lf1/hpnV+:S9CT3e/FJBCJiyB

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3227"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "25134"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8113"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000097be1544708e0914f8872b181ffe70a46af29e75b9c15a2f341216e3b2dc35fa000000000e8000000002000020000000aba5b1883875948459e925ce03d092b0fbc82b572e83460d9027672405a5366e90000000cc64cd33dd2904459c7a31eba496dafb354e5ba5901742fec85782fe9d896e5ec85c66dcf2727c525d65cb7ea6d2292d9fbeb225b6dc571175b25873729796055c67b648a3e1a17119e4a0fa80d13f1c63935fefa31680eb2d58c88fa5ea7cbe57ca675b1efd3a8db2909a96dec568cb54dbe90f1218d53a306a1a877467618feb1ca21f5054cf29c600d50e73776f05400000008e9dab425ba2acbb684ae27091c864dd4231d5b3af51b2eedb74e7e65c8385e22e3cf47941be9fa550ddfaba92fa6f420ce80adc4d25dbb47963cd34a31a61ce	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25134"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8113"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "16394"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8195"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "16853"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d05a76ee15a1da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8195"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "16394"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "16394"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "233"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8726"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "16476"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3227"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "325"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8726"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9149"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8113"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "331"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "331"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8195"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1661C661-0D09-11EF-B837-5AD7C7D11D06} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "16476"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "25134"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "16853"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "325"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8720"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9149"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2440	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2440	iexplore.exe
2440	iexplore.exe
1676	IEXPLORE.EXE
1676	IEXPLORE.EXE
1676	IEXPLORE.EXE
1676	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 1676	2440	iexplore.exe	28
PID 2440 wrote to memory of 1676	2440	iexplore.exe	28
PID 2440 wrote to memory of 1676	2440	iexplore.exe	28
PID 2440 wrote to memory of 1676	2440	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\23bba9016932a5f759c230298c994a65_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1676

Network

DNS

www.konthaiusa.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.konthaiusa.com

IN A

Response
GET

http://fonts.googleapis.com/css?family=Arial

IEXPLORE.EXE

Remote address:

216.58.204.74:80

Request

GET /css?family=Arial HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Wed, 08 May 2024 07:03:37 GMT
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
DNS

www.youtube.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

216.58.212.206

youtube-ui.l.google.com

IN A

172.217.169.78

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

216.58.213.14
DNS

www.facebook.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

163.70.151.35
GET

http://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

IEXPLORE.EXE

Remote address:

216.58.212.206:80

Request

GET /embed/evMR3wn1LGk?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Wed, 08 May 2024 07:03:37 GMT
Location: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

IEXPLORE.EXE

Remote address:

216.58.212.206:80

Request

GET /embed/ygK7kej0BPA?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Wed, 08 May 2024 07:03:37 GMT
Location: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

IEXPLORE.EXE

Remote address:

216.58.212.206:80

Request

GET /embed/QMECDnECjJM?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Wed, 08 May 2024 07:03:37 GMT
Location: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

IEXPLORE.EXE

Remote address:

163.70.151.35:80

Request

GET /plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.facebook.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Content-Type: text/plain
Server: proxygen-bolt
Date: Wed, 08 May 2024 07:03:37 GMT
Connection: keep-alive
Content-Length: 0
GET

http://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

IEXPLORE.EXE

Remote address:

216.58.212.206:80

Request

GET /embed/gS2GhpTPLvQ?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Wed, 08 May 2024 07:03:37 GMT
Location: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

IEXPLORE.EXE

Remote address:

216.58.212.206:80

Request

GET /embed/ywSeSlVcY4w?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Wed, 08 May 2024 07:03:37 GMT
Location: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

IEXPLORE.EXE

Remote address:

163.70.151.35:443

Request

GET /plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.facebook.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: unsafe-none;report-to="coop_report"
Pragma: no-cache
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Strict-Transport-Security: max-age=15552000; preload
Content-Type: text/html; charset="utf-8"
X-FB-Debug: R8v+YPtPIFTKiHo8QKgIlbQ54khFDCNXcFMJNWw4YQ8dkZBfS6rDEnDmQEXuZhlWWwxEWI4IhmHHQzh5BwV9KA==
Date: Wed, 08 May 2024 07:03:38 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=19, rtx=1, c=10, mss=1357, tbw=3221, tp=-1, tpl=-1, uplat=104, ullat=0
Alt-Svc: h3=":443"; ma=86400
Transfer-Encoding: chunked
Connection: keep-alive
GET

https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

IEXPLORE.EXE

Remote address:

216.58.212.206:443

Request

GET /embed/evMR3wn1LGk?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Wed, 08 May 2024 07:03:37 GMT
Strict-Transport-Security: max-age=31536000
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Cross-Origin-Resource-Policy: cross-origin
Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
Set-Cookie: YSC=lXWCbHAaVmU; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_INFO1_LIVE=xe1J5AGVCGA; Domain=.youtube.com; Expires=Mon, 04-Nov-2024 07:03:37 GMT; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgFw%3D%3D; Domain=.youtube.com; Expires=Mon, 04-Nov-2024 07:03:37 GMT; Path=/; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

IEXPLORE.EXE

Remote address:

216.58.212.206:443

Request

GET /embed/ygK7kej0BPA?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Wed, 08 May 2024 07:03:37 GMT
Strict-Transport-Security: max-age=31536000
Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
Cross-Origin-Resource-Policy: cross-origin
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
Set-Cookie: YSC=bPftVk5IaWw; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_INFO1_LIVE=ad42sGi2UoY; Domain=.youtube.com; Expires=Mon, 04-Nov-2024 07:03:37 GMT; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgMw%3D%3D; Domain=.youtube.com; Expires=Mon, 04-Nov-2024 07:03:37 GMT; Path=/; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

IEXPLORE.EXE

Remote address:

216.58.212.206:443

Request

GET /embed/QMECDnECjJM?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Wed, 08 May 2024 07:03:37 GMT
Strict-Transport-Security: max-age=31536000
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
Cross-Origin-Resource-Policy: cross-origin
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
Set-Cookie: YSC=EO1gGHiQGL8; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_INFO1_LIVE=DetNnZ5l2Zk; Domain=.youtube.com; Expires=Mon, 04-Nov-2024 07:03:37 GMT; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgaQ%3D%3D; Domain=.youtube.com; Expires=Mon, 04-Nov-2024 07:03:37 GMT; Path=/; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/s/player/edea0cc6/player_ias.vflset/en_US/base.js

IEXPLORE.EXE

Remote address:

216.58.212.206:443

Request

GET /s/player/edea0cc6/player_ias.vflset/en_US/base.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=lXWCbHAaVmU; VISITOR_INFO1_LIVE=xe1J5AGVCGA; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgFw%3D%3D

Response

HTTP/1.1 200 OK

Content-Encoding: gzip
Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 812686
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 06 May 2024 08:08:47 GMT
Expires: Tue, 06 May 2025 08:08:47 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 02 May 2024 04:16:13 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 168890
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/edea0cc6/player_ias.vflset/en_US/remote.js

IEXPLORE.EXE

Remote address:

216.58.212.206:443

Request

GET /s/player/edea0cc6/player_ias.vflset/en_US/remote.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=lXWCbHAaVmU; VISITOR_INFO1_LIVE=xe1J5AGVCGA; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgFw%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 39277
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 06 May 2024 08:16:43 GMT
Expires: Tue, 06 May 2025 08:16:43 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 02 May 2024 04:16:13 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 168417
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/edea0cc6/player_ias.vflset/en_US/embed.js

IEXPLORE.EXE

Remote address:

216.58.212.206:443

Request

GET /s/player/edea0cc6/player_ias.vflset/en_US/embed.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=lXWCbHAaVmU; VISITOR_INFO1_LIVE=xe1J5AGVCGA; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgFw%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 22301
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 06 May 2024 08:08:47 GMT
Expires: Tue, 06 May 2025 08:08:47 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 02 May 2024 04:16:13 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 168893
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/api/stats/qoe?cpn=BrHl26JtuPK-_Qx9&el=embedded&ns=yt&fexp=v1%2C23983296%2C21348%2C76094%2C54572%2C304051%2C104308%2C16747%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C5884%2C1082%2C2%2C6689%2C2007%2C9072%2C20075%2C6533%2C2544%2C602%2C151%2C1444%2C8969%2C1025%2C1104%2C21%2C1866%2C2321%2C2745%2C101%2C52%2C2605%2C55%2C638%2C8%2C41%2C3%2C288%2C2%2C78%2C2692%2C933%2C8%2C832%2C216%2C235%2C176%2C5%2C38%2C1538%2C1001%2C1479%2C491%2C296%2C232%2C4604%2C43&cl=629828258&seq=1&event=streamingstats&docid=ywSeSlVcY4w&qclc=ChBCckhsMjZKdHVQSy1fUXg5EAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240501.00.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000

IEXPLORE.EXE

Remote address:

216.58.212.206:443

Request

POST /api/stats/qoe?cpn=BrHl26JtuPK-_Qx9&el=embedded&ns=yt&fexp=v1%2C23983296%2C21348%2C76094%2C54572%2C304051%2C104308%2C16747%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C5884%2C1082%2C2%2C6689%2C2007%2C9072%2C20075%2C6533%2C2544%2C602%2C151%2C1444%2C8969%2C1025%2C1104%2C21%2C1866%2C2321%2C2745%2C101%2C52%2C2605%2C55%2C638%2C8%2C41%2C3%2C288%2C2%2C78%2C2692%2C933%2C8%2C832%2C216%2C235%2C176%2C5%2C38%2C1538%2C1001%2C1479%2C491%2C296%2C232%2C4604%2C43&cl=629828258&seq=1&event=streamingstats&docid=ywSeSlVcY4w&qclc=ChBCckhsMjZKdHVQSy1fUXg5EAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240501.00.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000 HTTP/1.1
Accept: */*
X-Goog-Visitor-Id: Cgtnd1dCQmFHQU50QSjJx-yxBjIKCgJHQhIEGgAgWQ%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240501.00.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1715151818234&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C13000%2C0%2C62%2C1280%2C%2C1280%2C626%2C280%2C200&vis=1&wgl=true&ca_type=image
Content-Type: application/x-www-form-urlencoded
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 226
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=lXWCbHAaVmU; VISITOR_INFO1_LIVE=xe1J5AGVCGA; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgFw%3D%3D

Response

HTTP/1.1 204 No Content

Content-Type: text/html; charset=UTF-8
Date: Wed, 08 May 2024 07:03:43 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: Video Stats Server
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/generate_204?TzpC9g

IEXPLORE.EXE

Remote address:

216.58.212.206:443

Request

GET /generate_204?TzpC9g HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=lXWCbHAaVmU; VISITOR_INFO1_LIVE=xe1J5AGVCGA; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgFw%3D%3D

Response

HTTP/1.1 204 No Content

Content-Length: 0
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 08 May 2024 07:03:43 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/generate_204?SHhD8g

IEXPLORE.EXE

Remote address:

216.58.212.206:443

Request

GET /generate_204?SHhD8g HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=lXWCbHAaVmU; VISITOR_INFO1_LIVE=xe1J5AGVCGA; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgFw%3D%3D

Response

HTTP/1.1 204 No Content

Content-Length: 0
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 08 May 2024 07:03:43 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

216.58.212.206:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1715151823066
Content-Type: application/json
X-Goog-Visitor-Id: CgtXQmk0cGVLQXBwcyjJx-yxBjIKCgJHQhIEGgAgVg%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240501.00.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1715151817488&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12792%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 8078
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=lXWCbHAaVmU; VISITOR_INFO1_LIVE=xe1J5AGVCGA; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgFw%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Wed, 08 May 2024 07:03:44 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

216.58.212.206:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1715151824728
Content-Type: application/json
X-Goog-Visitor-Id: Cgtnd1dCQmFHQU50QSjJx-yxBjIKCgJHQhIEGgAgWQ%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240501.00.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1715151817508&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12992%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 7553
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=lXWCbHAaVmU; VISITOR_INFO1_LIVE=xe1J5AGVCGA; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgFw%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Wed, 08 May 2024 07:03:45 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

216.58.212.206:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1715151825586
Content-Type: application/json
X-Goog-Visitor-Id: CgtXQmk0cGVLQXBwcyjJx-yxBjIKCgJHQhIEGgAgVg%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240501.00.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1715151817873&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12792%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 2664
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=lXWCbHAaVmU; VISITOR_INFO1_LIVE=xe1J5AGVCGA; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgFw%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Wed, 08 May 2024 07:03:46 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

IEXPLORE.EXE

Remote address:

216.58.212.206:443

Request

GET /embed/ywSeSlVcY4w?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Wed, 08 May 2024 07:03:37 GMT
Strict-Transport-Security: max-age=31536000
Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
Cross-Origin-Resource-Policy: cross-origin
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
Set-Cookie: YSC=CsFwqN-HXNQ; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_INFO1_LIVE=gwWBBaGANtA; Domain=.youtube.com; Expires=Mon, 04-Nov-2024 07:03:37 GMT; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgWQ%3D%3D; Domain=.youtube.com; Expires=Mon, 04-Nov-2024 07:03:37 GMT; Path=/; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/s/player/edea0cc6/www-embed-player.vflset/www-embed-player.js

IEXPLORE.EXE

Remote address:

216.58.212.206:443

Request

GET /s/player/edea0cc6/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=lXWCbHAaVmU; VISITOR_INFO1_LIVE=xe1J5AGVCGA; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgFw%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 114740
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 06 May 2024 08:08:10 GMT
Expires: Tue, 06 May 2025 08:08:10 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 02 May 2024 04:16:13 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 168927
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/api/stats/qoe?cpn=7a_aImdLZH61dT1T&el=embedded&ns=yt&fexp=v1%2C23853953%2C129343%2C21348%2C76094%2C54572%2C304051%2C60171%2C44136%2C16748%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C6966%2C2%2C6689%2C2007%2C663%2C8409%2C8153%2C11921%2C9078%2C2196%2C8583%2C387%2C1026%2C1103%2C21%2C4187%2C2745%2C100%2C53%2C2605%2C55%2C638%2C5%2C3%2C41%2C3%2C288%2C2%2C78%2C2692%2C933%2C8%2C831%2C452%2C176%2C5%2C39%2C2539%2C1477%2C492%2C528%2C1129%2C3475%2C1027&cl=629828258&seq=1&event=streamingstats&docid=QMECDnECjJM&qclc=ChA3YV9hSW1kTFpINjFkVDFUEAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240501.00.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000

IEXPLORE.EXE

Remote address:

216.58.212.206:443

Request

POST /api/stats/qoe?cpn=7a_aImdLZH61dT1T&el=embedded&ns=yt&fexp=v1%2C23853953%2C129343%2C21348%2C76094%2C54572%2C304051%2C60171%2C44136%2C16748%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C6966%2C2%2C6689%2C2007%2C663%2C8409%2C8153%2C11921%2C9078%2C2196%2C8583%2C387%2C1026%2C1103%2C21%2C4187%2C2745%2C100%2C53%2C2605%2C55%2C638%2C5%2C3%2C41%2C3%2C288%2C2%2C78%2C2692%2C933%2C8%2C831%2C452%2C176%2C5%2C39%2C2539%2C1477%2C492%2C528%2C1129%2C3475%2C1027&cl=629828258&seq=1&event=streamingstats&docid=QMECDnECjJM&qclc=ChA3YV9hSW1kTFpINjFkVDFUEAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240501.00.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000 HTTP/1.1
Accept: */*
X-Goog-Visitor-Id: CgtEZXROblo1bDJaayjJx-yxBjIKCgJHQhIEGgAgaQ%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240501.00.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1715151818520&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12600%2C0%2C62%2C1280%2C%2C1280%2C626%2C280%2C200&vis=1&wgl=true&ca_type=image
Content-Type: application/x-www-form-urlencoded
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 226
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=lXWCbHAaVmU; VISITOR_INFO1_LIVE=xe1J5AGVCGA; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgFw%3D%3D

Response

HTTP/1.1 204 No Content

Content-Type: text/html; charset=UTF-8
Date: Wed, 08 May 2024 07:03:43 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: Video Stats Server
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

216.58.212.206:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1715151822706
Content-Type: application/json
X-Goog-Visitor-Id: CgthZDQyc0dpMlVvWSjJx-yxBjIKCgJHQhIEGgAgMw%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240501.00.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1715151818703&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12392%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 6972
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=lXWCbHAaVmU; VISITOR_INFO1_LIVE=xe1J5AGVCGA; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgFw%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Wed, 08 May 2024 07:03:43 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

216.58.212.206:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1715151824746
Content-Type: application/json
X-Goog-Visitor-Id: CgtEZXROblo1bDJaayjJx-yxBjIKCgJHQhIEGgAgaQ%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240501.00.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1715151817523&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12592%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 8130
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=lXWCbHAaVmU; VISITOR_INFO1_LIVE=xe1J5AGVCGA; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgFw%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Wed, 08 May 2024 07:03:45 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

IEXPLORE.EXE

Remote address:

216.58.212.206:443

Request

GET /embed/gS2GhpTPLvQ?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Wed, 08 May 2024 07:03:37 GMT
Strict-Transport-Security: max-age=31536000
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
Cross-Origin-Resource-Policy: cross-origin
Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
Set-Cookie: YSC=FIROGXI74jk; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_INFO1_LIVE=WBi4peKApps; Domain=.youtube.com; Expires=Mon, 04-Nov-2024 07:03:37 GMT; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgVg%3D%3D; Domain=.youtube.com; Expires=Mon, 04-Nov-2024 07:03:37 GMT; Path=/; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/s/player/edea0cc6/www-player.css

IEXPLORE.EXE

Remote address:

216.58.212.206:443

Request

GET /s/player/edea0cc6/www-player.css HTTP/1.1
Accept: text/css, */*
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=lXWCbHAaVmU; VISITOR_INFO1_LIVE=xe1J5AGVCGA; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgFw%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 58605
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 06 May 2024 08:08:10 GMT
Expires: Tue, 06 May 2025 08:08:10 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 02 May 2024 04:16:13 GMT
Content-Type: text/css
Vary: Accept-Encoding, Origin
Age: 168927
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/api/stats/qoe?cpn=RdehiO3Vke7YQ4_v&el=embedded&ns=yt&fexp=v1%2C23983296%2C21348%2C76094%2C54572%2C304051%2C60172%2C60883%2C6271%2C26443548%2C7111%2C31785%2C4558%2C9954%2C1192%2C26496%2C6966%2C2%2C2871%2C3818%2C2007%2C9072%2C20074%2C9077%2C603%2C1594%2C8970%2C894%2C132%2C1103%2C21%2C910%2C955%2C2322%2C2745%2C100%2C53%2C2605%2C55%2C638%2C8%2C41%2C3%2C288%2C2%2C78%2C638%2C2054%2C933%2C8%2C832%2C451%2C176%2C5%2C38%2C2540%2C1477%2C492%2C528&cl=629828258&seq=1&event=streamingstats&docid=evMR3wn1LGk&qclc=ChBSZGVoaU8zVmtlN1lRNF92EAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240501.00.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000

IEXPLORE.EXE

Remote address:

216.58.212.206:443

Request

POST /api/stats/qoe?cpn=RdehiO3Vke7YQ4_v&el=embedded&ns=yt&fexp=v1%2C23983296%2C21348%2C76094%2C54572%2C304051%2C60172%2C60883%2C6271%2C26443548%2C7111%2C31785%2C4558%2C9954%2C1192%2C26496%2C6966%2C2%2C2871%2C3818%2C2007%2C9072%2C20074%2C9077%2C603%2C1594%2C8970%2C894%2C132%2C1103%2C21%2C910%2C955%2C2322%2C2745%2C100%2C53%2C2605%2C55%2C638%2C8%2C41%2C3%2C288%2C2%2C78%2C638%2C2054%2C933%2C8%2C832%2C451%2C176%2C5%2C38%2C2540%2C1477%2C492%2C528&cl=629828258&seq=1&event=streamingstats&docid=evMR3wn1LGk&qclc=ChBSZGVoaU8zVmtlN1lRNF92EAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240501.00.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000 HTTP/1.1
Accept: */*
X-Goog-Visitor-Id: Cgt4ZTFKNUFHVkNHQSjJx-yxBjIKCgJHQhIEGgAgFw%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240501.00.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1715151818979&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C1532%2C0%2C62%2C1280%2C%2C1280%2C626%2C590%2C250&vis=1&wgl=true&ca_type=image
Content-Type: application/x-www-form-urlencoded
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 226
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=lXWCbHAaVmU; VISITOR_INFO1_LIVE=xe1J5AGVCGA; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgFw%3D%3D

Response

HTTP/1.1 204 No Content

Content-Type: text/html; charset=UTF-8
Date: Wed, 08 May 2024 07:03:43 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: Video Stats Server
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

216.58.212.206:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1715151824750
Content-Type: application/json
X-Goog-Visitor-Id: Cgt4ZTFKNUFHVkNHQSjJx-yxBjIKCgJHQhIEGgAgFw%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240501.00.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1715151817549&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C1524%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C590%2C250&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 8507
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=lXWCbHAaVmU; VISITOR_INFO1_LIVE=xe1J5AGVCGA; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgFw%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Wed, 08 May 2024 07:03:45 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

216.58.212.206:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1715151825553
Content-Type: application/json
X-Goog-Visitor-Id: CgthZDQyc0dpMlVvWSjJx-yxBjIKCgJHQhIEGgAgMw%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240501.00.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1715151817536&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12392%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 2585
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=lXWCbHAaVmU; VISITOR_INFO1_LIVE=xe1J5AGVCGA; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgFw%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Wed, 08 May 2024 07:03:46 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

http://www.google-analytics.com/ga.js

IEXPLORE.EXE

Remote address:

142.250.180.14:80

Request

GET /ga.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google-analytics.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Wed, 08 May 2024 05:20:37 GMT
Expires: Wed, 08 May 2024 07:20:37 GMT
Cache-Control: public, max-age=7200
Age: 6180
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
DNS

static.xx.fbcdn.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.xx.fbcdn.net

IN A

Response

static.xx.fbcdn.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

163.70.151.21
DNS

scontent.xx.fbcdn.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

scontent.xx.fbcdn.net

IN A

Response

scontent.xx.fbcdn.net

IN A

163.70.151.21
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yj/r/fwJTNXSLwj7.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yj/r/fwJTNXSLwj7.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Thu, 08 May 2025 01:56:49 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-ua-compatible: IE=edge
content-md5: xGXN47H3wegwfB3xQzIKRQ==
X-FB-Debug: 7yqi8y7OyBvRDtV2ZUGQgk/iRo2dh1L/532rkhxdFqg15kVUEPnEZkvNtRHaApjJGoHBPXsxyijQ6vl7XK66+g==
Date: Wed, 08 May 2024 07:03:38 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=19, rtx=0, c=14, mss=1357, tbw=3221, tp=-1, tpl=-1, uplat=2, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 120283
GET

https://static.xx.fbcdn.net/rsrc.php/v3/ys/l/0,cross/0HiyKm70rQr.css?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/ys/l/0,cross/0HiyKm70rQr.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: text/css, */*
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Fri, 02 May 2025 18:45:39 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: 9rn5tFqCB13bgclZlKr28w==
X-FB-Debug: F4cWJahSyuooZsUySbVCCxVEhGJlP3AYC5ywyjV72i90iSEndnBEQUfpoBWVolSrQQrD9wBKgEZoUYbySMtHvw==
Date: Wed, 08 May 2024 07:03:38 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=21, rtx=0, c=14, mss=1357, tbw=3220, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 6582
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Thu, 01 May 2025 08:15:36 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: PCil07El4hl7RdWxcVlVHw==
X-FB-Debug: dDU7xM5duxqVRNSY8DsXQ0c5HpBlhzxn2WNlSOAAi1IMAk3aZg5vvTueMBt/LOnZfmfL8DOU5mDEtokB3mGWuw==
Date: Wed, 08 May 2024 07:03:38 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=22, mss=1357, tbw=11774, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 333
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/eQ3e44cCeXh.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yz/r/eQ3e44cCeXh.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Thu, 08 May 2025 01:53:24 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
origin-agent-cluster: ?0
content-md5: /UvaYYFz4TYTsgCAstdYzg==
X-FB-Debug: pA5ljP399Er/OanRj5A420MYe+JAHMxbtlcpBQNJEPe0pBIsYnd6yri3OsKZYn40bztVYSBUrRvR2xIOFaA4yA==
Date: Wed, 08 May 2024 07:03:38 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=21, rtx=0, c=14, mss=1357, tbw=3220, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 20741
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/dXk5exdOVhk.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/y1/r/dXk5exdOVhk.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Thu, 01 May 2025 18:08:37 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: ivkhXUQG4wQzNqI4NjhapA==
X-FB-Debug: v00KXOIvnNUyX2Wz9MWOiEAD5x5YEkUzsvWu4Gqu6ReVfnL02gaQZBu6kl0XRCgT1YxCMzW40Z+d4Z4Hg9xMfw==
Date: Wed, 08 May 2024 07:03:38 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=33, mss=1357, tbw=26034, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 302
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yX/r/qnn7MVQZYOT.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yX/r/qnn7MVQZYOT.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Sun, 04 May 2025 15:37:38 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: 8PCvFKDybF3MIm5mER6XhA==
X-FB-Debug: 5yAsOjDUXtgvubK+RATgcuV+biSRoJCGIa2jvrhYCTriAcJMdv+5TzQ4HB0HHUWozsKmg0ZNmXdo0mw+hSpUVw==
Date: Wed, 08 May 2024 07:03:38 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=14, mss=1357, tbw=3220, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 4910
GET

https://static.xx.fbcdn.net/rsrc.php/v3i7244/yF/l/en_GB/zYzGplAqD4J.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3i7244/yF/l/en_GB/zYzGplAqD4J.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Tue, 06 May 2025 17:29:08 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: 2sOswvYyyrdlWlsD/Pu/6w==
X-FB-Debug: XUSDRQ+GLCW3w6Iau3tBAhrMUkT/CFCUDERR9HKwPGWsfRn6ezn0DFrG5ji0AdbaGQQVaBueQqRP7Pe2lzkcKQ==
Date: Wed, 08 May 2024 07:03:38 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=23, rtx=0, c=21, mss=1357, tbw=10118, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 25864
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yw/r/UXtr_j2Fwe-.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/png
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: 07aG/2AEtDHVAZ5LUajMDQ==
Expires: Sun, 04 May 2025 04:46:51 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
X-FB-Debug: qAqPfnZwtnn5fnnlZklvVzrMT65ylR1PWwrsAMPoGnLuRp8ea9OR5N0oS/gIWqLqQ3nm0i89Z6GKjndVVBhCCQ==
Date: Wed, 08 May 2024 07:03:43 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=23, rtx=1, c=38, mss=1357, tbw=38059, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 573
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/xjg1QNQguf-.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yr/r/xjg1QNQguf-.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Mon, 05 May 2025 17:24:20 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: l/6Eix4LqOT7TVzK9MFiKg==
X-FB-Debug: Us3WXzYe2U3w9MQvBqPwBKNNa6Apzij6kluDvs69MNjGhWb+pdSPIMS+tc4eBHuvbcEH/1Nnt0bsv2fXwobgxQ==
Date: Wed, 08 May 2024 07:03:38 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=21, rtx=0, c=14, mss=1357, tbw=3219, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 6186
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/qwSlV7K_jlE.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yn/r/qwSlV7K_jlE.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Tue, 06 May 2025 22:03:16 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: Y3983G/TpTRI4I7Dgq9t6w==
X-FB-Debug: idNB73V0h+JOlWDRBp/Jwt19qll38SGeJgL9RqXtnzNpBZo/yxFqHeO4w+Z8xjFddX/iaDzHq3zE0jnDB7qLjQ==
Date: Wed, 08 May 2024 07:03:38 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=21, rtx=0, c=14, mss=1357, tbw=3221, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 13751
GET

https://scontent.xx.fbcdn.net/v/t39.30808-1/302682950_408081388117661_761848427710662801_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=103&ccb=1-7&_nc_sid=5f2048&_nc_ohc=9iUzJhQnKLEQ7kNvgEFN8eW&_nc_ht=scontent.xx&edm=AEDRbFQEAAAA&oh=00_AfAGww_5N_VBMqkFGCXy9KkxUBkPqm3GoKh6dN35QXcJDg&oe=66410513

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /v/t39.30808-1/302682950_408081388117661_761848427710662801_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=103&ccb=1-7&_nc_sid=5f2048&_nc_ohc=9iUzJhQnKLEQ7kNvgEFN8eW&_nc_ht=scontent.xx&edm=AEDRbFQEAAAA&oh=00_AfAGww_5N_VBMqkFGCXy9KkxUBkPqm3GoKh6dN35QXcJDg&oe=66410513 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: scontent.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

x-storage-error-category: dfs:none;sc_p:200:WSE_NOT_SET
Last-Modified: Sat, 10 Sep 2022 01:27:37 GMT
X-Needle-Checksum: 2883854034
thrift_fmhk: GBCdvHfAOZJNy8LW9t1cxgC2FfDr4Z0EvFUAAAA=
Content-Type: image/jpeg
content-digest: adler32=740015753
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
Access-Control-Allow-Origin: *
Cache-Control: max-age=1209600, no-transform
Accept-Ranges: bytes
Date: Wed, 08 May 2024 07:03:38 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=14, mss=1357, tbw=3220, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 1967
DNS

googleads.g.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

172.217.169.34
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

172.217.169.34:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Wed, 08 May 2024 07:03:39 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

172.217.169.34:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Wed, 08 May 2024 07:03:39 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

172.217.169.34:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Wed, 08 May 2024 07:03:39 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

172.217.169.34:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Wed, 08 May 2024 07:03:39 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

static.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN A

Response

static.doubleclick.net

IN A

142.250.180.6
GET

https://static.doubleclick.net/instream/ad_status.js

IEXPLORE.EXE

Remote address:

142.250.180.6:443

Request

GET /instream/ad_status.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="ads-doubleclick-media"
Report-To: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
Timing-Allow-Origin: *
Content-Length: 29
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 08 May 2024 06:56:13 GMT
Expires: Wed, 08 May 2024 07:11:13 GMT
Cache-Control: public, max-age=900
Age: 446
Last-Modified: Thu, 12 Dec 2013 23:40:16 GMT
Content-Type: text/javascript
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

172.217.169.34:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Wed, 08 May 2024 07:03:39 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

172.217.169.34:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Wed, 08 May 2024 07:03:39 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

172.217.169.34:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Wed, 08 May 2024 07:03:39 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

172.217.169.34:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Wed, 08 May 2024 07:03:39 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

172.217.169.34:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Wed, 08 May 2024 07:03:39 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

172.217.169.34:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Wed, 08 May 2024 07:03:39 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

jnn-pa.googleapis.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN A

Response

jnn-pa.googleapis.com

IN A

216.58.201.106

jnn-pa.googleapis.com

IN A

216.58.204.74

jnn-pa.googleapis.com

IN A

216.58.212.202

jnn-pa.googleapis.com

IN A

172.217.169.42

jnn-pa.googleapis.com

IN A

142.250.179.234

jnn-pa.googleapis.com

IN A

142.250.180.10

jnn-pa.googleapis.com

IN A

142.250.187.202

jnn-pa.googleapis.com

IN A

142.250.187.234

jnn-pa.googleapis.com

IN A

142.250.178.10

jnn-pa.googleapis.com

IN A

172.217.16.234

jnn-pa.googleapis.com

IN A

142.250.200.10

jnn-pa.googleapis.com

IN A

142.250.200.42
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

IEXPLORE.EXE

Remote address:

216.58.201.106:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 24
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Wed, 08 May 2024 07:03:43 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

IEXPLORE.EXE

Remote address:

216.58.201.106:443

Request

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 919
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Wed, 08 May 2024 07:03:44 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

www.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.178.4
DNS

i.ytimg.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

142.250.179.246

i.ytimg.com

IN A

142.250.180.22

i.ytimg.com

IN A

142.250.187.214

i.ytimg.com

IN A

142.250.187.246

i.ytimg.com

IN A

142.250.178.22

i.ytimg.com

IN A

172.217.16.246

i.ytimg.com

IN A

142.250.200.22

i.ytimg.com

IN A

142.250.200.54

i.ytimg.com

IN A

216.58.201.118

i.ytimg.com

IN A

216.58.204.86

i.ytimg.com

IN A

216.58.213.22

i.ytimg.com

IN A

216.58.212.246

i.ytimg.com

IN A

172.217.169.54
GET

https://www.google.com/js/th/yV2iCa5PT2B2oWfP6PUIKpFTSawA576CFnzCrmIVLE8.js

IEXPLORE.EXE

Remote address:

142.250.178.4:443

Request

GET /js/th/yV2iCa5PT2B2oWfP6PUIKpFTSawA576CFnzCrmIVLE8.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="botguard-scs"
Report-To: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
Content-Length: 23902
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 04 May 2024 18:35:09 GMT
Expires: Sun, 04 May 2025 18:35:09 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 29 Apr 2024 11:30:00 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Age: 304111
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://i.ytimg.com/vi/ygK7kej0BPA/sddefault.jpg

IEXPLORE.EXE

Remote address:

142.250.179.246:443

Request

GET /vi/ygK7kej0BPA/sddefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i.ytimg.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 35419
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 08 May 2024 06:34:09 GMT
Expires: Wed, 08 May 2024 08:34:09 GMT
Cache-Control: public, max-age=7200
Age: 1771
ETag: "0"
Content-Type: image/jpeg
Vary: Origin
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://i.ytimg.com/vi/gS2GhpTPLvQ/sddefault.jpg

IEXPLORE.EXE

Remote address:

142.250.179.246:443

Request

GET /vi/gS2GhpTPLvQ/sddefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i.ytimg.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 36415
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 08 May 2024 06:07:36 GMT
Expires: Wed, 08 May 2024 08:07:36 GMT
Cache-Control: public, max-age=7200
ETag: "1376813903"
Content-Type: image/jpeg
Vary: Origin
Age: 3365
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

IEXPLORE.EXE

Remote address:

216.58.201.106:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 24
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Wed, 08 May 2024 07:03:43 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

IEXPLORE.EXE

Remote address:

216.58.201.106:443

Request

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 834
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Wed, 08 May 2024 07:03:44 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

IEXPLORE.EXE

Remote address:

216.58.201.106:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 24
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Wed, 08 May 2024 07:03:43 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

IEXPLORE.EXE

Remote address:

216.58.201.106:443

Request

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 1110
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Wed, 08 May 2024 07:03:44 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

IEXPLORE.EXE

Remote address:

216.58.201.106:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 24
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Wed, 08 May 2024 07:03:43 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

IEXPLORE.EXE

Remote address:

216.58.201.106:443

Request

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 1107
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Wed, 08 May 2024 07:03:44 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

IEXPLORE.EXE

Remote address:

216.58.201.106:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 24
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Wed, 08 May 2024 07:03:43 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

IEXPLORE.EXE

Remote address:

216.58.201.106:443

Request

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 1230
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Wed, 08 May 2024 07:03:44 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

yt3.ggpht.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

yt3.ggpht.com

IN A

Response

yt3.ggpht.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.178.1
GET

https://yt3.ggpht.com/ytc/AIdro_kKqNeL3cYjYNkFmifDFE3XRspqNa0XYqzqcmi30Ic=s68-c-k-c0x00ffffff-no-rj

IEXPLORE.EXE

Remote address:

142.250.178.1:443

Request

GET /ytc/AIdro_kKqNeL3cYjYNkFmifDFE3XRspqNa0XYqzqcmi30Ic=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: yt3.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="unnamed.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1182
X-XSS-Protection: 0
Date: Wed, 08 May 2024 04:02:08 GMT
Expires: Thu, 09 May 2024 04:02:08 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Type: image/jpeg
Vary: Origin
Age: 10895
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

fe0.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

fe0.google.com

IN A

Response
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

172.217.169.34:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Wed, 08 May 2024 07:05:43 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

172.217.169.34:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Wed, 08 May 2024 07:05:43 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

172.217.169.34:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Wed, 08 May 2024 07:05:43 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

172.217.169.34:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Wed, 08 May 2024 07:05:43 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

172.217.169.34:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Wed, 08 May 2024 07:05:43 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

172.217.169.34:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Wed, 08 May 2024 07:05:43 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

172.217.169.34:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Wed, 08 May 2024 07:05:43 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

172.217.169.34:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Wed, 08 May 2024 07:05:43 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

172.217.169.34:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Wed, 08 May 2024 07:05:43 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

172.217.169.34:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Wed, 08 May 2024 07:05:43 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked

216.58.204.74:80

http://fonts.googleapis.com/css?family=Arial

http

IEXPLORE.EXE

523 B
1.4kB
6
4

HTTP Request

GET http://fonts.googleapis.com/css?family=Arial

HTTP Response

400
216.58.204.74:80

fonts.googleapis.com

IEXPLORE.EXE

190 B
92 B
4
2
216.58.212.206:80

http://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

http

IEXPLORE.EXE

830 B
1.1kB
6
6

HTTP Request

GET http://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

HTTP Response

301

HTTP Request

GET http://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

HTTP Response

301
216.58.212.206:80

http://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

http

IEXPLORE.EXE

510 B
579 B
5
4

HTTP Request

GET http://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

HTTP Response

301
163.70.151.35:80

www.facebook.com

IEXPLORE.EXE

190 B
92 B
4
2
163.70.151.35:80

http://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

http

IEXPLORE.EXE

730 B
1.0kB
6
5

HTTP Request

GET http://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

HTTP Response

301
216.58.212.206:80

http://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

http

IEXPLORE.EXE

562 B
1.0kB
6
5

HTTP Request

GET http://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

HTTP Response

301
216.58.212.206:80

http://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

http

IEXPLORE.EXE

510 B
579 B
5
4

HTTP Request

GET http://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

HTTP Response

301
163.70.151.35:443

https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

tls, http

IEXPLORE.EXE

1.6kB
21.1kB
18
24

HTTP Request

GET https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

HTTP Response

200
216.58.212.206:443

https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

tls, http

IEXPLORE.EXE

2.0kB
52.0kB
31
46

HTTP Request

GET https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

HTTP Response

200
216.58.212.206:443

https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

tls, http

IEXPLORE.EXE

2.1kB
53.8kB
32
47

HTTP Request

GET https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

HTTP Response

200
216.58.212.206:443

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

tls, http

IEXPLORE.EXE

44.6kB
979.4kB
399
743

HTTP Request

GET https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/edea0cc6/player_ias.vflset/en_US/base.js

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/edea0cc6/player_ias.vflset/en_US/remote.js

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/edea0cc6/player_ias.vflset/en_US/embed.js

HTTP Response

200

HTTP Request

POST https://www.youtube.com/api/stats/qoe?cpn=BrHl26JtuPK-_Qx9&el=embedded&ns=yt&fexp=v1%2C23983296%2C21348%2C76094%2C54572%2C304051%2C104308%2C16747%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C5884%2C1082%2C2%2C6689%2C2007%2C9072%2C20075%2C6533%2C2544%2C602%2C151%2C1444%2C8969%2C1025%2C1104%2C21%2C1866%2C2321%2C2745%2C101%2C52%2C2605%2C55%2C638%2C8%2C41%2C3%2C288%2C2%2C78%2C2692%2C933%2C8%2C832%2C216%2C235%2C176%2C5%2C38%2C1538%2C1001%2C1479%2C491%2C296%2C232%2C4604%2C43&cl=629828258&seq=1&event=streamingstats&docid=ywSeSlVcY4w&qclc=ChBCckhsMjZKdHVQSy1fUXg5EAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240501.00.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000

HTTP Response

204

HTTP Request

GET https://www.youtube.com/generate_204?TzpC9g

HTTP Response

204

HTTP Request

GET https://www.youtube.com/generate_204?SHhD8g

HTTP Response

204

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200
216.58.212.206:443

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

tls, http

IEXPLORE.EXE

24.5kB
177.2kB
96
157

HTTP Request

GET https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/edea0cc6/www-embed-player.vflset/www-embed-player.js

HTTP Response

200

HTTP Request

POST https://www.youtube.com/api/stats/qoe?cpn=7a_aImdLZH61dT1T&el=embedded&ns=yt&fexp=v1%2C23853953%2C129343%2C21348%2C76094%2C54572%2C304051%2C60171%2C44136%2C16748%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C6966%2C2%2C6689%2C2007%2C663%2C8409%2C8153%2C11921%2C9078%2C2196%2C8583%2C387%2C1026%2C1103%2C21%2C4187%2C2745%2C100%2C53%2C2605%2C55%2C638%2C5%2C3%2C41%2C3%2C288%2C2%2C78%2C2692%2C933%2C8%2C831%2C452%2C176%2C5%2C39%2C2539%2C1477%2C492%2C528%2C1129%2C3475%2C1027&cl=629828258&seq=1&event=streamingstats&docid=QMECDnECjJM&qclc=ChA3YV9hSW1kTFpINjFkVDFUEAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240501.00.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000

HTTP Response

204

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200
216.58.212.206:443

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

tls, http

IEXPLORE.EXE

19.3kB
118.0kB
70
110

HTTP Request

GET https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/edea0cc6/www-player.css

HTTP Response

200

HTTP Request

POST https://www.youtube.com/api/stats/qoe?cpn=RdehiO3Vke7YQ4_v&el=embedded&ns=yt&fexp=v1%2C23983296%2C21348%2C76094%2C54572%2C304051%2C60172%2C60883%2C6271%2C26443548%2C7111%2C31785%2C4558%2C9954%2C1192%2C26496%2C6966%2C2%2C2871%2C3818%2C2007%2C9072%2C20074%2C9077%2C603%2C1594%2C8970%2C894%2C132%2C1103%2C21%2C910%2C955%2C2322%2C2745%2C100%2C53%2C2605%2C55%2C638%2C8%2C41%2C3%2C288%2C2%2C78%2C638%2C2054%2C933%2C8%2C832%2C451%2C176%2C5%2C38%2C2540%2C1477%2C492%2C528&cl=629828258&seq=1&event=streamingstats&docid=evMR3wn1LGk&qclc=ChBSZGVoaU8zVmtlN1lRNF92EAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240501.00.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000

HTTP Response

204

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200
142.250.180.14:80

www.google-analytics.com

IEXPLORE.EXE

190 B
92 B
4
2
142.250.180.14:80

http://www.google-analytics.com/ga.js

http

IEXPLORE.EXE

910 B
19.7kB
14
17

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
216.58.212.206:443

www.youtube.com

tls

IEXPLORE.EXE

519 B
355 B
6
5
163.70.151.21:443

https://static.xx.fbcdn.net/rsrc.php/v3/yj/r/fwJTNXSLwj7.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

3.5kB
130.1kB
57
102

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yj/r/fwJTNXSLwj7.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
163.70.151.21:443

https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

2.1kB
14.9kB
16
20

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/ys/l/0,cross/0HiyKm70rQr.css?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
163.70.151.21:443

https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/dXk5exdOVhk.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

2.4kB
29.6kB
22
31

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/eQ3e44cCeXh.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/dXk5exdOVhk.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
163.70.151.21:443

https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png

tls, http

IEXPLORE.EXE

3.3kB
42.5kB
29
43

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yX/r/qnn7MVQZYOT.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3i7244/yF/l/en_GB/zYzGplAqD4J.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png

HTTP Response

200
163.70.151.21:443

https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/xjg1QNQguf-.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

1.4kB
12.1kB
13
16

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/xjg1QNQguf-.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
163.70.151.21:443

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/qwSlV7K_jlE.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

1.6kB
19.9kB
17
22

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/qwSlV7K_jlE.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
163.70.151.21:443

scontent.xx.fbcdn.net

tls

IEXPLORE.EXE

712 B
3.7kB
9
9
163.70.151.21:443

https://scontent.xx.fbcdn.net/v/t39.30808-1/302682950_408081388117661_761848427710662801_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=103&ccb=1-7&_nc_sid=5f2048&_nc_ohc=9iUzJhQnKLEQ7kNvgEFN8eW&_nc_ht=scontent.xx&edm=AEDRbFQEAAAA&oh=00_AfAGww_5N_VBMqkFGCXy9KkxUBkPqm3GoKh6dN35QXcJDg&oe=66410513

tls, http

IEXPLORE.EXE

1.6kB
6.5kB
11
12

HTTP Request

GET https://scontent.xx.fbcdn.net/v/t39.30808-1/302682950_408081388117661_761848427710662801_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=103&ccb=1-7&_nc_sid=5f2048&_nc_ohc=9iUzJhQnKLEQ7kNvgEFN8eW&_nc_ht=scontent.xx&edm=AEDRbFQEAAAA&oh=00_AfAGww_5N_VBMqkFGCXy9KkxUBkPqm3GoKh6dN35QXcJDg&oe=66410513

HTTP Response

200
172.217.169.34:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

1.5kB
6.9kB
12
14

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
172.217.169.34:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

1.5kB
6.8kB
11
13

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
142.250.180.6:443

https://static.doubleclick.net/instream/ad_status.js

tls, http

IEXPLORE.EXE

1.1kB
5.7kB
10
9

HTTP Request

GET https://static.doubleclick.net/instream/ad_status.js

HTTP Response

200
142.250.180.6:443

static.doubleclick.net

tls

IEXPLORE.EXE

759 B
5.0kB
10
9
172.217.169.34:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

2.1kB
3.9kB
11
13

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
172.217.169.34:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

957 B
1.5kB
8
7

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
172.217.169.34:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

957 B
1.5kB
8
7

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
172.217.169.34:443

googleads.g.doubleclick.net

tls

IEXPLORE.EXE

531 B
355 B
6
5
216.58.201.106:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

tls, http

IEXPLORE.EXE

3.7kB
51.6kB
30
47

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

HTTP Response

200
142.250.178.4:443

https://www.google.com/js/th/yV2iCa5PT2B2oWfP6PUIKpFTSawA576CFnzCrmIVLE8.js

tls, http

IEXPLORE.EXE

1.5kB
30.7kB
19
27

HTTP Request

GET https://www.google.com/js/th/yV2iCa5PT2B2oWfP6PUIKpFTSawA576CFnzCrmIVLE8.js

HTTP Response

200
142.250.178.4:443

www.google.com

tls

IEXPLORE.EXE

981 B
4.7kB
15
9
142.250.179.246:443

i.ytimg.com

tls

IEXPLORE.EXE

726 B
5.2kB
9
9
142.250.179.246:443

https://i.ytimg.com/vi/gS2GhpTPLvQ/sddefault.jpg

tls, http

IEXPLORE.EXE

3.0kB
83.9kB
40
66

HTTP Request

GET https://i.ytimg.com/vi/ygK7kej0BPA/sddefault.jpg

HTTP Response

200

HTTP Request

GET https://i.ytimg.com/vi/gS2GhpTPLvQ/sddefault.jpg

HTTP Response

200
216.58.201.106:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

tls, http

IEXPLORE.EXE

3.5kB
47.1kB
28
43

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

HTTP Response

200
216.58.201.106:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

tls, http

IEXPLORE.EXE

3.8kB
46.9kB
28
44

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

HTTP Response

200
216.58.201.106:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

tls, http

IEXPLORE.EXE

3.8kB
47.1kB
28
43

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

HTTP Response

200
216.58.201.106:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

tls, http

IEXPLORE.EXE

3.9kB
46.9kB
28
43

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

HTTP Response

200
142.250.178.1:443

yt3.ggpht.com

tls

IEXPLORE.EXE

750 B
9.7kB
10
12
142.250.178.1:443

https://yt3.ggpht.com/ytc/AIdro_kKqNeL3cYjYNkFmifDFE3XRspqNa0XYqzqcmi30Ic=s68-c-k-c0x00ffffff-no-rj

tls, http

IEXPLORE.EXE

1.2kB
11.4kB
11
13

HTTP Request

GET https://yt3.ggpht.com/ytc/AIdro_kKqNeL3cYjYNkFmifDFE3XRspqNa0XYqzqcmi30Ic=s68-c-k-c0x00ffffff-no-rj

HTTP Response

200
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
11
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

753 B
7.7kB
9
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.6kB
9
12
172.217.169.34:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

1.2kB
2.3kB
7
8

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
172.217.169.34:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

1.2kB
2.3kB
7
8

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
172.217.169.34:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

1.2kB
2.2kB
7
8

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
172.217.169.34:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

1.2kB
2.2kB
7
8

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
172.217.169.34:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

1.2kB
2.1kB
7
8

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200

8.8.8.8:53

www.konthaiusa.com

dns

IEXPLORE.EXE

64 B
137 B
1
1

DNS Request

www.konthaiusa.com
8.8.8.8:53

www.youtube.com

dns

IEXPLORE.EXE

61 B
303 B
1
1

DNS Request

www.youtube.com

DNS Response

216.58.212.206

172.217.169.78

142.250.179.238

142.250.180.14

142.250.187.206

142.250.187.238

142.250.178.14

172.217.16.238

142.250.200.14

142.250.200.46

216.58.201.110

216.58.204.78

216.58.213.14
8.8.8.8:53

www.facebook.com

dns

IEXPLORE.EXE

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

163.70.151.35
8.8.8.8:53

static.xx.fbcdn.net

dns

IEXPLORE.EXE

65 B
104 B
1
1

DNS Request

static.xx.fbcdn.net

DNS Response

163.70.151.21
8.8.8.8:53

scontent.xx.fbcdn.net

dns

IEXPLORE.EXE

67 B
83 B
1
1

DNS Request

scontent.xx.fbcdn.net

DNS Response

163.70.151.21
8.8.8.8:53

googleads.g.doubleclick.net

dns

IEXPLORE.EXE

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

172.217.169.34
8.8.8.8:53

static.doubleclick.net

dns

IEXPLORE.EXE

68 B
84 B
1
1

DNS Request

static.doubleclick.net

DNS Response

142.250.180.6
8.8.8.8:53

jnn-pa.googleapis.com

dns

IEXPLORE.EXE

67 B
259 B
1
1

DNS Request

jnn-pa.googleapis.com

DNS Response

216.58.201.106

216.58.204.74

216.58.212.202

172.217.169.42

142.250.179.234

142.250.180.10

142.250.187.202

142.250.187.234

142.250.178.10

172.217.16.234

142.250.200.10

142.250.200.42
8.8.8.8:53

www.google.com

dns

IEXPLORE.EXE

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.178.4
8.8.8.8:53

i.ytimg.com

dns

IEXPLORE.EXE

57 B
265 B
1
1

DNS Request

i.ytimg.com

DNS Response

142.250.179.246

142.250.180.22

142.250.187.214

142.250.187.246

142.250.178.22

172.217.16.246

142.250.200.22

142.250.200.54

216.58.201.118

216.58.204.86

216.58.213.22

216.58.212.246

172.217.169.54
8.8.8.8:53

yt3.ggpht.com

dns

IEXPLORE.EXE

59 B
120 B
1
1

DNS Request

yt3.ggpht.com

DNS Response

142.250.178.1
8.8.8.8:53

fe0.google.com

dns

IEXPLORE.EXE

60 B
110 B
1
1

DNS Request

fe0.google.com

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
2a4e2b9c9043c50036d180a30bc5a8a9

SHA1
26ef6beaea66aa9af64690e328a9d58c2f13b92a

SHA256
fbfad30d09fbbd40dd2cc272b6e0de9ed1a96879e1cdd36ac6dc7deadae97ef0

SHA512
ba4e2dd13fbd76b1efc567b258a273d3afdf5ace07d0862cbcc338a06f25341b309039f1208f7a84dd328d35e30d1c877552ceed7f0b0b764d3f9653e5cb09fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_6E4381F77BE6F6EB436B295D285593C5

Filesize
471B

MD5
798de3279eebbec903e0ee28418b13c7

SHA1
194739d28276f5b009c9b1857e06fd291e7b639d

SHA256
11d006b5b7d830304acd69997fbcb95a361d70d76dd36510155ccc59a439dd80

SHA512
70e21b9d3b15833a2103837349dbbfb8e1cc8f873ea47aa8bd99ab1f0681b3cf1fb0e071e5ce7a89b084babed7e64f2a7bcf53bc3f1056e9ff61f941ecce256f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
ad3a52119afa1aa578e66b8d561a7bb2

SHA1
6684837ed5acf5dcfb129e05e438a315adfca409

SHA256
31f6821c9067c28b562a484440a8797503d423ee2e1f1632bbd5390c53860df1

SHA512
fafa1f2dbb9e3900c3145be9006677cdc863b5381814e3812a1744cda2379c7adc9a1a52d371280cc2cf1c9bdc42f790bf9168c0e95be23ad97cb5acff381c18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd6409992a25f4e26e5c9350f74de9ab

SHA1
791bab7d765c11c0c90e0d30ee5b7ba1b98abddc

SHA256
a6fe338040e939cc9736ff35cb0c890bcf5383a3c7aea319dc9d6df02b4a3999

SHA512
f9945a290fc2b4194223e9dfb95486f1c07b9a0f75468bab7979192931bcd97f58d1092292eedfdd9c01a11d2c6eb5ae41640ef953b8ccdb69a505fc94902678

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17d1126e26a302c647b3827c8b2526df

SHA1
841619638626dea57448d9f40f271d353e3bc113

SHA256
411bf3e807b20a1674484d9c714a71ab29b918579f668ad518d3e92706c2751e

SHA512
950fa324c524bc1c3392d16e201371a6dc244381eb5b2f695bbf99c798573abd22398464ebede30a1bdb6c44a5d9f1e0feb3503936e5d94588ab0d21433ef21f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49f6117dd900035c17681ee53262c87b

SHA1
9cd2a53f51471b3782c7e3e42e97aa59ed8a9325

SHA256
1feb5b23047fd6d35afd411e310b8f521386715c797f6e7133be7a4a4c63ad7f

SHA512
27c06dbbca217bd5224a77dbdc4e92b6310609b7504f22e9fa550a23b2bf15cb30b215dfb142573fe04042cf450e0b0c5cff7205b9bbef3d640f5fd83c13c40b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
839b9208b762dcba5ebffdf216076b2a

SHA1
7c7274330022b2f52ccf7647cb14d08a877ce1f5

SHA256
0a11ebddb62e4c969b9f4aaec1931623e6097d27065ce1afa1d8c1ad9ef152a0

SHA512
5c4c084ba855685930223b7c3bcb1bfb1a9d05e8d20f94f9e351875126a0aeeed0a3181fbe56d8714c005f05d22d5847aae67e5fd614e95d9b4d816a6109bd1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
202f6c1738cb74b81e26ca99d6498e83

SHA1
495defd80d1525faaf8c82f88faa4fee9b52892c

SHA256
24f9330ab51427c729168e23366d282d75116491173c590a967897de972320fe

SHA512
ccd803e493c7e32e993bc121159691fc38c9ff05f4f20f7a445736ca545f7489eb579d1ee6ad51f83862112205619563a8bc20b2eed1df90ce005b1733b9a984

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c2e3bc332dd8634d8f5093aa77788a6

SHA1
0866222feb5387c35a1da5813eed727bc8119630

SHA256
05a4aec33b77d1b2ce2d7f03ed5872d2eef289a6710b15ef5a13dac0a0c4c5db

SHA512
2312b715e5a29131ccfab5c7d2a632533ca08bd265f6799b37115bec7f941f7ea4b0084bac6ce85404c9c15953256eeeaf212460db517f86f4e3c20da073abee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
360bc42e3b55a8241ace2cde7c9a39b6

SHA1
c9c910c6116408a46af50442d1b9b41f1b8af535

SHA256
fbf40fa8138abd025a6a30b1acc028a0edfcacec24941ceaa200c1fa4175bf51

SHA512
53c679235fa647327937a7511b80f846430baf3586975e519ffc9b5b8659e4ede882938ded833b4e1ab3e84ebef8770bfce04299a8618c7d8ae1e3fe1c37af7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
564dc3d0d89c5297b768ac45720b2c25

SHA1
34f8aa4459542987aeb8e0fd7567664f562ef2c2

SHA256
88caefa7a75276de3055e0bf963cbe35d83b9bd8ff19e3192128a89bce44adad

SHA512
d4dc9dc1dc525a55f1454c96e101a986e54be25dbf8c3ae2b6c69258968a719743b93dcceca5e1e3a8319fbdca5fa5e1c2e1143b5d19f496d99b3056b08cab06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cbe9c03e52d7fc57db4463f5cc09a4af

SHA1
34be172dd4329c82653dccb009c080619fbdb497

SHA256
3689caeaec1c1f36499d728899dcb4f6d8823d843d5b3bee0ee5642b4c467f1c

SHA512
6d62c8132ae3d690617ea3b471088249511a8ffcb1437c5a73b9d575c89a04f8c0aa89cb7635ab41c3091e7c1b4235cc995455771baa46a0dac0c55fc18c5a08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
decee8f1e54804bebdad7d96a1ae87ae

SHA1
dd99e679bd79e97413de3df0684366dff22476c6

SHA256
5c130efff56ac4571c41cf0eb6bd2761bb83d2daabb6fe34760e5768f9391e29

SHA512
de38209500b54a91c0d5a83451411180f2302fd5137940e8216b0211f43421ee4d7280e758f5ded2e18f0b33184eb0ea8122c4f52d1452988f4f1373871f1b23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94031bb8a2a67a78e772eddad59c4e3e

SHA1
6b04940363b800659bf3779d926d4b2f8e565d2c

SHA256
0a098818e371cbd4b6da9973bdeb1cdab2cf7642ae722a938163448751a0b0dd

SHA512
5ba7dd6da033481a0d97f7e1e70f1e7d098adaa347e0e9dc22dee5a38b728ec74dd78001e1be05b812414034e611e8ba3d9a66d1d65b918e03b5733930df5356

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba2a03b0a7eff0b5f7689c7d0c464777

SHA1
84438d24064923df54b0db0451c2d076d3642416

SHA256
ef43d3e7621fe5771b503a790a959c5d4530dd861d8390a91a5731978d94b179

SHA512
94caa329d02a3438af2fb205c18f0d0142faffc5ad181887c903472254f2da42a9efb73c788c2f20f5b874e469df4793fb8513338cff7fd80724b4b4b1ba393b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26295a2f566b9af746565d22608a2e53

SHA1
28a85ae283adf8611f65c8437b4a4807556201ce

SHA256
e6d7698a03099ff22a638c27963b77b7bfe23bf31cbca833e7eef85c7924bfef

SHA512
cffbf67f0255fbaca5bb0a7e2fa992f33ecb54c6c624ebadbe8a8a19f40f390459482b3e5dd19fddb48726767b8aed351d780f3d4dada6318b38fba483a12a32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9ee5df105667300b9fc401ea63627b3

SHA1
3f4e1f018741d9c42c670b10f9b9fdeac018f101

SHA256
174f4abb84be4c00198e3fbc6f6b59cd8ec5ebbe3f33f0d855e80a0995bba6db

SHA512
c2388075f83f01b64d9cc67dd0f7b96ba8a23cecce2696bb3dd4c369392f5832e5af52a8b3ae731720294f9c67198abe60dc2c2aa6e6fe7ad76e6f0fca83b08b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a771e031447dc4dc18dee55f485470c6

SHA1
d8bec1af53c8568d82d9a66160f0b6602e3582dd

SHA256
bfd1afc3693784bdffb9e40960c772094b2ee7eff7cc40e93f8b3decc6596260

SHA512
53dd310a8a9891aeaa1ad429a82ea0eb9e13adea3a5d6c39d123986fe37cdd27829886b1089d4bf0f3086b24306442b363be1e9fd37cb6fd583cc5f657b82623

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d66bd46576a651c4d612c550bc05be4b

SHA1
e4ef048d0c5dcfd93fadeca28580967f72c1299a

SHA256
37abfb88b6f3a8af47099675990b802ea1e92045a282aa0555feb9a5a60a4a76

SHA512
975f3d8d996dda52379e0dc92f730876f7d1dfee8f37633c5d7a17253b2609a1aca005f7f9c53374d19e962040bdfa9957ad315ffe62c5133587129d263de25a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd9fcaad89c9e2cba8655d788ab64ba4

SHA1
741735df749dc5723aae85d713f442b2ca39e780

SHA256
9fdbdc24fb3eb7c1b3b79b9448037b28ce65897facf96aee390c88993e08f0bc

SHA512
27f05368075786a5bb3101dda9e1a82687efee60f2f9b073c40cc7a058ba1b0eee2347bd5af3bf7dd77af2254b93fd6fcdbbdaa812b00d69c3652ef0fdbddf3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e40d4261f338c9d119f07c7d5474d9dc

SHA1
0cbff760e5e3cbd66c0f92b12691632569f2a048

SHA256
5f356c51c897a06badefe4c2bbcc6340a11de48f46b9cec12a0f38da1464037d

SHA512
07eb5469822b9cace07ff842653675aa35a0f3835e8bcf4738a834c72f18f0fd631d3aad92704dfe69063153c91c691ebb7ad36f26079cdfa88f25284d4b2513

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c68270c4159c1ed41b807b9e0684d5ca

SHA1
82a200399242df80d060958f19f99c6ba9d4ed94

SHA256
1c45a85f1aa58cff601693abcd08dbacf315a2fdf20287c1f20e8f921374f236

SHA512
5613d7bfab54057136074df259339eb0df4787bb185a56b1bc6f6ef0540cf224d66395c31477cc3e58e41ed98e9055144483372346bcf53c8db7478a05fc3a24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ab35312089e0bba3ceca607f196215c

SHA1
9246e9e766654f1acceb4ae129da500318ae767e

SHA256
7f4234226d39f0eeb6198af18e184bc8eb5ef346392fd584dfd0e3ba007a462f

SHA512
5208c2669fd0fadbd5fbb56caedb999789bbf7dd68515d1da227dbe4536762b6b9f5782ce55d5661c648cd39b8e079e7803ac65c0ad51e55c0cd3f825ffb6204

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
8e9f2c36850fd174ae042acd62134b20

SHA1
069699fd1b62fea8e18271f03131cae49dea0f47

SHA256
f41d4ac9c3168a7e5856d91effe6e9e099e1ccc21c552baa011591c40fbb576e

SHA512
167c3a74d19970d385871fc97fdea83175ae0e59940266949d2cbfefea3d991a65cdb0a5b61cd8119dcd7c3b76d0e7e40275f9adcd54d1f788bbccc7cecb99d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
990B

MD5
c5d97455381cf6b77d509acbbd787228

SHA1
fa4f8f8be1d40e6491cc6c6f404cd85b8caa6a5c

SHA256
93e5e4c3b4af431a8c08fb1ac3063f0d7e1c4608f2b80671218e1f27a7efdde8

SHA512
ba6b4a22b6e655dcc35d86ed5c2f28ecf03248b4f001fa0a106daaf9b7e8ba15440218b84111e4ce17e0217def5577709297aaf47a4957989c14154c481728df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
990B

MD5
6c7c4748af09d1896ecc1fec93742245

SHA1
50ded44e91eccd909a84241955e7da199cfef44d

SHA256
0ca21af89408a91c6b0968f912737b8e4064580e98b4cbb05185c21dc461eb96

SHA512
5355f7ef5d44c5cdc2307ea80102030039722f498445b38d4dde36864d1bdd7e31c4cde39dcf05fcb544b25f31efa1d74e37bf554df50dcf9b5acfb12f1d2d11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
12KB

MD5
d773996a18f92130ac29e26274ae8154

SHA1
c5631279ecc8328ba9cef1077b8243ed4de8f0a4

SHA256
f9100bf38e692a8694868a340a16331068e0f6ae66ca0b45e940663e0eb8a846

SHA512
b0a23ea8e959dd05c539b7e6158dda9a6dd1c992d5e68a91efecf7a0983d9bd44e72b048e04afa770230092b995e4612c6f7a3ce22c2715a7bf60e836a79a33e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
38KB

MD5
8a2b324cfbadf8d334b357975973b80f

SHA1
5e5e6fef3d09abb195c686af0bc9b79679b3084f

SHA256
f96a1cfd75568144c809aa0467d60ee677160e9a02059d58afd2e5cb6a2a4715

SHA512
8738120d5ecc3fce3687622064b32f03e188493cf3fb30020ac63ae37df00bd68e2712c079fc707eb8816ed81b1e576b1db363762b4507563160b5ed8e20e8d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
14KB

MD5
6a36a0ed21c220ca90eca6128eb46e2a

SHA1
e3799b596256a40f2c1fef0eb1f3a832c76e9e31

SHA256
6d69041dd0cc23a313c5477d64efd4bc3776277e7f48ae6e6fd044ef552a48fa

SHA512
fb304763c11b12d78e421d73c1d75019edd15efd27474f5ddb05c26ea222e264cedbbcf5908f96e747f5fc2f1abb70376ae90d05f4b1d5114563e3be94ced4b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
990B

MD5
6512f310a01748b84adff15c23714846

SHA1
0cf7cd973dcd7da097d8273dfcb40fab4c5a2315

SHA256
38c43395744c9b750a9d72dabe5489549e40b3e26a605475dbcf7bf3ed2d8f24

SHA512
f7c94ce33d96445e8b92e62cd6c7272b445db07c3ebb620037867a0d86f07f5be8646b4723548604eafffda886c3f568f5b939152ec15f8397e97da2bdf628ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
990B

MD5
8d2d8ff4ecd85884bc4a60b353dbd142

SHA1
44d076a78f8384d219f6f9f2df9c487408ea901a

SHA256
0fa3892575220a90a323d77513a845bcba94272100e82c08d58d66295b29f1a0

SHA512
2a39c24e257c3b06f1b476ad4a40b51fa16c410b69f3074aabc97ea27447f997dd3904dc8b3ea108fd69338b960f878fa587b69f662ed49fee22c33a3f4ff305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
4KB

MD5
7d8b3aa7ff08760e43f27c2530ea5b85

SHA1
b36a0f4a9c027dceeea2384573193565ed11d3fd

SHA256
6cf70a80a970a2ef3b850e191ecbc1c48713eb03feb98a03d95537657bcbc3b7

SHA512
c76b23b88d7a933bc80d727c61c24f81b28683fbe8dfc93dd2d4aec7627ae3e65b1df568a82c64fa4d412a42bf195e6a0ef3ed725d29aab60958d3fba4de6061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
990B

MD5
297bc1ce19a57505d517b57d4209a84d

SHA1
a14b09fb116f4575eeffd1a75b37701cb49303df

SHA256
eb39cd03dee78a0b9f08009a1ab655cf569bd7af184248dc7d0076d07d04ea9a

SHA512
a9c4188529019d2662cc1e6316b28bddd7178ca2dc67a8deba8a689c089323125224a4abd23c0e9fa767bf27d07136bc3e385c5183bc65e53686b16c888f456e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
990B

MD5
f449b33aeb6fa9afa4561ffab89822d4

SHA1
5794ff873113a24da87913321843648e0e96014b

SHA256
939b9b3c654764fded056d474a67c1fdcd7a69315cc3f4f767d44e335aec76c6

SHA512
b80f152b5fe83629e7d826b4cf899515bc81b996b7e65b5ed989838657c376b7fef6d5dd0b824a57c4c03ec5bf834f52e92caf517ec4177496d4985953e25444

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
990B

MD5
7d8ec93823c1d546f7383e21c64571b0

SHA1
2119e91302f800e4f5c707f2b24b56d3b1fbbbe6

SHA256
fdb4b129c7dece63d66d8b4b21693272021eb6b667ae5477250bad05bbc5c1a3

SHA512
f983c045770ac14644b7b96857f164268175dd3b25824ebb2baadf0544ae8684cdbd4db54a93c88c58a4db119194a9c2bab5607c1ebe2a5c88d96d4299ff2641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
990B

MD5
ace4cf48859ceaad7b19b3bbc4de5a64

SHA1
f744911e041b4fe8bf9c170c7b4a69164ef08a72

SHA256
2b911d2801c24e8480f0523bc3671a529f80c85cb99c13cb901a4802052cf1b5

SHA512
7d38da903d2d357d17febb229e0d8a709dfb4ed2a690ac11d05629b6156a619a99bd87a1b7711d0b5c3b1ccc205af7deccf14634d942a872c8d35936b7d49d25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
990B

MD5
98388473c9fc1cdf23f5ae5c0b52605c

SHA1
d734977dab7676a1ce7564a057fcebbe01112730

SHA256
8d4fddd323ec07b091614ae866a53fb0b0e899f5762a49a50edb6947ea2f92b5

SHA512
ca6776c1d02d65ad651f384e3f493ca24b85e5b7d4f7951a3fe5d08c1cf7b618667c9b44e464c71076f48730d587445f5c58e39b1221b750818ea4b16a8631cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
814B

MD5
ea184e26291f9addc65ba0ddcd5965af

SHA1
543c3ff425e8f28069f5e556a03f95f670166007

SHA256
0267ea18d44e8f35658aca7c602c497b61d48133804fe8badc5f904ea4792137

SHA512
e8edefa545b9aeed44df4796f3a696c96affc624b4b7613fc351850133fbc8770f4afad7b88d3b2f34499ebeba3dd1c2bd960e64b60327b3bb5340e9199f61fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
990B

MD5
4e9d9c4819ea411e8621454e5fd55695

SHA1
0c2c7923e8eee452451e8e0299b67f066bdec614

SHA256
fe68e88d596a30a4e53b504fe6aa53219d8dd912528a1ba6fd2dced1d95e86e1

SHA512
f91d50cd89c4e6699e0f20be8c30285efe1254927eda31c9b0740fb468ebf559ca7b002cc1a65c423a9e4dd666ac1a4b05021abfb7c72db698fbbe6882ebd2ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
990B

MD5
bb0190f49b40489bbc6fd3848c5f78f4

SHA1
b0a0422c14f69b65eeda16d05771270370741b23

SHA256
39c009bfb0e42d1d460658a514cc256fff2b15b487276c09e78d43dd4b73e8f5

SHA512
f1293ea25ffe171dd988d31a8ee22e09a0e6cabb3e1dabe3bb3ed8e8507c584e76eab3cd7724126eb038165326b6da8b85695dab2942ade29532275a07b8620d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
990B

MD5
cd665a003d4a9cec562fa93fb2b536d3

SHA1
bf73f13dde873a6da480a4ccd4b6aad81e4d7f67

SHA256
04c98eeea526ecdabcd01bf43177e35fd5f823e845d8e5886d35ba0fc7c52578

SHA512
9124448da2b956d65fbad2ffc52768aff8e8c00c024efc2a98dc7c9ff313676c448c24cc0e813890cbf201cb9a70fb93749c63e2a40a8cd0af6a74c6c85aa7d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
990B

MD5
9a99f02495231d0dbf10267ef8ff032e

SHA1
b1b6d36286e4249944e62edb7ca213e9111b778d

SHA256
ab9272e4181f898c7a0bc9ae21eb4270c4c6ddabd7fe69407420911f63064ca5

SHA512
726c076e2049359334c5abb85539bd1aaaa9633229559558b3ad0d9a569d2a42aed2de55b42e0c705c69cfaa7baadc93fce1f4dc283b9a9a20704978246409ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
990B

MD5
dc24d822c4d8ee69bc23577f9e3480fb

SHA1
d5dfafab9a5e806c1ec904b81a08bc5b8e6d8c58

SHA256
9f52d4c749089c7525953c22b7bdf2d845ae4f7e46f42b76589b53e96159bca7

SHA512
a89937704a7cd33dd94db6368cebdf7ada84add0d1390a987e324da56d6761800447cdf45fd64eec8d0df5a16901951347038b3f89ca8de221b97710b5d1615b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
990B

MD5
a146a5477f309bc0674237378cfcc6e5

SHA1
e9698a1cf2aa2514cfe36fe0e04e25f58715f283

SHA256
c6fac6d42420d64441fc6e46599a8e60659ddd70515d75b0ae4bcec6bb9d5114

SHA512
6e859ca34112e29b4fe505049cf104a1b94222b6e159ca0245a1b9c93ef4445e0d3cea81ca92b05167520adac2050d416d12bd6fdc9a2f1522a88811c64b8eca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
229B

MD5
180921c01c8614e36b31acf4b3e8aaaf

SHA1
dbd26963377010678050c409a4800cb1882e4a02

SHA256
0a63621336af43f64b6d8d9d895345728cb6df71dbda69d07e6f239b2890033f

SHA512
d1540323ccaa0905f3277b2c6edbcf17f6d06dd8efd745c7cb7332fc16d541b17cffe231260a2ec1e82ba40a1f4b05c520138c6cfe4d137c86161a8e525bf675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
229B

MD5
08e3b829d425c6e402879797ef364ad7

SHA1
b05b7f68d55d4f6724f47942de0dc36a4d971baf

SHA256
4049098b5ae5d34c0f75380adec6c0d2716d0de997a8d99ab82a3552f479d032

SHA512
6f6c0eab38f8e538d6cbd5333ca7285fa8a89e3d188a85524aaf58543a14f95d0470db7aa0464b38bb9c4caea85463850a2dc5a40197e3a977a9fcd2202bcfc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
229B

MD5
188477b898935030926b77c9bdc91221

SHA1
5df7ef44805814c026cf34bce70205d7916f2821

SHA256
f24a1db2aa09eb8385d98236a53561b644e8425cca24f8d1173f679b23faf849

SHA512
35663b7267853b1f97c4286d7996e46801300d97225b4ec41e425893e0c460412b817f3f3cfe2d03cdaf06bff9662874b88e684b214084d295d8873c590a003d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
229B

MD5
e211a880e9b4ff555e8224cb3c7006ab

SHA1
f9b21b1dbae159800b44953e77b887733548e416

SHA256
96478a5262aa57d299b0607838369291140cca3738d1025579458deb622fd139

SHA512
d24026bba6105641c42ab06d7e3bfed6e0422935d14351f25341e66632fe31424b1fcd263e81afe84dabe91e1e99c1102ce681ae1c416ea3a2c3a9ddc230b2bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
229B

MD5
3446b69ca5daf47355d301c1819352a1

SHA1
369d859b4f8ada12a97b8a4a5866912c518923cb

SHA256
374aa9d22b459c8a82fe54150a06c3f64a3a80721befe99b18f1a3294ea83d10

SHA512
397fcc6d6ff973c8b9897063499969d679a05db1952916f4d4cb004ea56f06cbd99324bb630df54caaa269277855cee47c9e3f8e5bb39958b372216f5527b896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
448B

MD5
e116d463877d0f4a29bd52f6a889c03a

SHA1
bfb9d1f48a9654cfd67e0c63b7a863c8b6fa81ae

SHA256
3284b297d4905f3317049f0747f581cf1738031a0dd64cdb2f0bda00f7ec7d1e

SHA512
c28e6ece81ab2f1599256a9334f6870f01385b80cd3f4be43ae19bac91c87f5701011d51295cd2df9263a08ca485077eed845643bf7352e9faa7c5164fa6e9ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
641B

MD5
c7dce8efc18d94b7f988afd4f511ed83

SHA1
749d2c049fdb346fe8ba2da3374ab8d3310c5397

SHA256
f6b78d7bd416d1aa56e8f8ad92e0472d4d01aeb5fa8166f2a2b5837bdbeefb4d

SHA512
5ebc72f3ef44f2532d0c66da472eed83c6c5f228a3d5e2d323b90f601446471c68b4dac46ee28b97290e77fc963b5302d836a1d78de56d33b23ccd72dc02541d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
13KB

MD5
fdf833ed73b33bb0d304a8b4ebb83f48

SHA1
c10c615852e99e62a6c43abe83c7a1dad94ceacc

SHA256
630966bee8a98fd76a9a8123d0a3f8df112166ae31ea7f1541790763d495c783

SHA512
1a108b123f2a99420058a1807493bd902dfc08a8be31812e5d0963aa334010adb7336f958891a396c7416df682cc8ac4850459a1ab7e64e564afbb30971261e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
13KB

MD5
a1233b9c1c365fbd454768c261a1d2b1

SHA1
595272a20a940e0b4a28adbe069549432beceb3c

SHA256
09adf485193eb5a6ef3bc60b4fe4f98a829c53a97c2cf53ed6d61019be8b00b9

SHA512
d6fab650a1c73ecd483567f53eb9c8aaf86b03e1a4402d59dd22a14fbaa619a2bc2bb6d8583c078fd8fb1c42dfb3cce52ec36ebf33c74b01a5eb174e611f1a7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
990B

MD5
e8d4ce874f9913d6f197053243a4d69a

SHA1
d1648936f7838ef77afc52edbebf3fb3d1bfa2b3

SHA256
1b0b3443d23ba7ed98be1f3a9cd18e1b82af1e5bbb4c4eb9b03c9064b4014792

SHA512
615c21fb5c333e616546e4920836f19d65a826e965064b40e8b8a0ec63c3af93f450d8fd5451a84b14c8986fdac70e1a9f83eff56e4b1887910e4790cfc53ade

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
990B

MD5
726e7bf5a563977d646c29859fbcab50

SHA1
960bf9c4da5bd5482aff5259a9350147c2fa9768

SHA256
5edf0d0f616fc2e650e02734b0455aad9bec627e23762a4761fcf8cc61d90b6f

SHA512
1e17f3782fdbf4394611a7ead8566292d42c93237326bda7fc1fe44ecefd777d24f852b8f7a8902c9b99850a5ba34d415f7188c3a53475ef5a337afcd8aa3f58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
990B

MD5
25e1624edf2a6436b6f1e92e5c8d8b51

SHA1
450078f3dcbc788353515d654d6a56e8fd505be5

SHA256
cd6e3b6e763669959b08ebfdfc3ad688489d4553b0971a3548d35302b4f6bd40

SHA512
79ec5ca4f774793d694bcb5f063f35cf6cff8f2e3b2f4f759332587ad60b76090d672e7bda3602df8c409305eb6f79c4fdadf6776ff796f3ff8127a7f372f3cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CE508T\www.youtube[1].xml

Filesize
990B

MD5
3bb6df031aa39e4900c1c797f7ad2a70

SHA1
6f1798632470641c76e1666ae4650073716a9b71

SHA256
0175aa8adb27caf219a168d47db9397b70b761db58cdff28a27a2aac91d72e27

SHA512
485d29bc8634a811c1116b44c68a9d79c733aff7699c9f139fca8d31941c4272937fc0cae018c602b3612236176dab12989ffb02c4f64a74d47922157208b7b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

Filesize
19KB

MD5
de8b7431b74642e830af4d4f4b513ec9

SHA1
f549f1fe8a0b86ef3fbdcb8d508440aff84c385c

SHA256
3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a

SHA512
57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\ad_status[1].js

Filesize
29B

MD5
1fa71744db23d0f8df9cce6719defcb7

SHA1
e4be9b7136697942a036f97cf26ebaf703ad2067

SHA256
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

SHA512
17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\embed[1].js

Filesize
61KB

MD5
ee6c1e2c91384312d0ebf1df4325861f

SHA1
ee558609ed5fec4c297e71873e081471bfbdec10

SHA256
113f71981587732239fcb3db6755eee7fe3006d7397bd8866d0482337b06f5ec

SHA512
7b840079a1946f4c3dc35c117fa946f77385fb6830a9521892a4e01338001045e89cfae434cc610cfedcd3f9709df3e5439242a073ccf2f1d026f9e9be2a8d5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRMHFE1W\base[1].js

Filesize
2.4MB

MD5
24357d162136b2dde3e7ee1cd01e37a8

SHA1
b6c2391bb4efb971fb9169d3ccf68330a36e255b

SHA256
f6d29981d8acb8584ff00b6a55f3ee5d3f105b991b78562c4fff89c36915adc7

SHA512
f9b1fdf5d65b588b292367b0bb16ed946aef4e44a15ae8c681cef821ce8cb83134516fc4633e3ad13848f241f9c9d67cd00d19e4a953a3c6c79865debe01a99b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRMHFE1W\www-embed-player[1].js

Filesize
319KB

MD5
313f662ec66b3cb94106e411fba15e0d

SHA1
39becc293c40b248ce60fafca7413f567d34fa03

SHA256
d2d3f5afdcae3fd0b7ba628ff725ffc86cb50322d0f0900158ea19e2de701d5b

SHA512
ccfe6ca79a8e3718026c27e69b22b1d9968958d956495d0f6dfa549d94fdf84b9f9d656fdab8a5d1e19f9251499eac3f41b9e54f92797789d2e8ddfb02ea77e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\KFOmCnqEu92Fr1Mu4mxM[1].woff

Filesize
19KB

MD5
bafb105baeb22d965c70fe52ba6b49d9

SHA1
934014cc9bbe5883542be756b3146c05844b254f

SHA256
1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed

SHA512
85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab10F4.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1135.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request