24f6275b6b1db10ff8fcc8c97d4d14cb3f935755e05d52cdf2c6c9ee2d17c69e

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
02/06/2024, 21:21 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8f77e7de4c9aa406bf70e8407c8aaed2_JaffaCakes118.html
Size

175KB
MD5

8f77e7de4c9aa406bf70e8407c8aaed2
SHA1

bdf25ccc2216f6e68aa9a7ea14586d43e1e98c06
SHA256

24f6275b6b1db10ff8fcc8c97d4d14cb3f935755e05d52cdf2c6c9ee2d17c69e
SHA512

27f676bc93b998af2d10dfb1d89477a7f65533c2e767bbd913d3f6d7f826bbe0e7f9f082e330fb852c61a8fc7b18f9527ba32a937c4905378b8bd5a6aa9fc694
SSDEEP

1536:Sqtd8hd8Wu8pI8Cd8hd8dQg0H//3oS31GNkFFYfBCJism+aeTH+WK/Lf1/hmnVSV:SCoT31/FwBCJi0m

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8535"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "377"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8535"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19312"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19312"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19312"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9506"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "288"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10599"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "20399"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "20317"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10877"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10756"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "400"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "29414"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "400"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000010d238220c20e1e0b6a46485d4d580ca1037539126332a51b16b90bbe8879c4c000000000e80000000020000200000009e54582f38385ba8ad68b38ff4fbbc18731091a5e20275881570efb466c75faa900000000235b423bb9d83eab8c05a9f451b18f4f783d31af309d0b1fa538258df08a93165473b818059fe71173d3d3179bdbd7107f9e46e06e81c37f1bd8415b1f96609884322372698526b13a5437eb5c6596c2ed29bd07f58e20e35014a8d5293c3f5739f21e411c7480eae094748e0adcba67e5df8ba182b70d0fb7cc03cef6344589805378bc31a210157ec3d05b55c1819400000004516772c1265b4e5d614167dd32dd09cbe2b8864ba459aac2c549b17722ae56ae8d4670dab70fa960e4cb4a69d62defce1e46586cbe4a342a348d793f5225e93	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10599"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10871"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "288"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10599"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "20405"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10877"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "29414"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2256	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2256	iexplore.exe
2256	iexplore.exe
3048	IEXPLORE.EXE
3048	IEXPLORE.EXE
3048	IEXPLORE.EXE
3048	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 3048	2256	iexplore.exe	28
PID 2256 wrote to memory of 3048	2256	iexplore.exe	28
PID 2256 wrote to memory of 3048	2256	iexplore.exe	28
PID 2256 wrote to memory of 3048	2256	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8f77e7de4c9aa406bf70e8407c8aaed2_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2256 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3048

Network

DNS

konthaiusa.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

konthaiusa.com

IN A

Response
DNS

www.konthaiusa.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.konthaiusa.com

IN A

Response
GET

http://fonts.googleapis.com/css?family=Arial

IEXPLORE.EXE

Remote address:

142.250.187.202:80

Request

GET /css?family=Arial HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sun, 02 Jun 2024 21:21:47 GMT
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
DNS

www.youtube.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

216.58.212.206

youtube-ui.l.google.com

IN A

216.58.212.238

youtube-ui.l.google.com

IN A

172.217.169.78
DNS

www.facebook.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

163.70.151.35
GET

http://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.179.238:80

Request

GET /embed/evMR3wn1LGk?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sun, 02 Jun 2024 21:22:38 GMT
Location: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.179.238:80

Request

GET /embed/ygK7kej0BPA?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sun, 02 Jun 2024 21:22:42 GMT
Location: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.179.238:80

Request

GET /embed/QMECDnECjJM?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sun, 02 Jun 2024 21:22:42 GMT
Location: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

IEXPLORE.EXE

Remote address:

163.70.151.35:80

Request

GET /plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.facebook.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Content-Type: text/plain
Server: proxygen-bolt
Date: Sun, 02 Jun 2024 21:22:38 GMT
Connection: keep-alive
Content-Length: 0
GET

https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

IEXPLORE.EXE

Remote address:

163.70.151.35:443

Request

GET /plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.facebook.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: unsafe-none;report-to="coop_report"
Pragma: no-cache
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Strict-Transport-Security: max-age=15552000; preload
Content-Type: text/html; charset="utf-8"
X-FB-Debug: oLtKIOEb97eDXtx+7ZEa8JEhhpv8thYUOvVdbTE502PIHCID2+5Lmq4iE8vfyu0eZNUGBcjgX61loPeubldtZQ==
Date: Sun, 02 Jun 2024 21:22:39 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=18, rtx=1, c=10, mss=1357, tbw=3222, tp=-1, tpl=-1, uplat=122, ullat=0
Alt-Svc: h3=":443"; ma=86400
Transfer-Encoding: chunked
Connection: keep-alive
GET

https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /embed/evMR3wn1LGk?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sun, 02 Jun 2024 21:22:38 GMT
Strict-Transport-Security: max-age=31536000
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
Cross-Origin-Resource-Policy: cross-origin
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
Set-Cookie: YSC=xE2f7gIu7Po; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_INFO1_LIVE=gltzOnNEV_g; Domain=.youtube.com; Expires=Fri, 29-Nov-2024 21:22:38 GMT; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D; Domain=.youtube.com; Expires=Fri, 29-Nov-2024 21:22:38 GMT; Path=/; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/s/player/79e6d03a/www-player.css

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /s/player/79e6d03a/www-player.css HTTP/1.1
Accept: text/css, */*
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 58696
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 29 May 2024 07:48:43 GMT
Expires: Thu, 29 May 2025 07:48:43 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 29 May 2024 04:18:18 GMT
Content-Type: text/css
Vary: Accept-Encoding, Origin
Age: 394435
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/79e6d03a/www-embed-player.vflset/www-embed-player.js

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /s/player/79e6d03a/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 115974
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 29 May 2024 07:48:43 GMT
Expires: Thu, 29 May 2025 07:48:43 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 29 May 2024 04:18:18 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 394435
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/79e6d03a/player_ias.vflset/en_US/embed.js

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /s/player/79e6d03a/player_ias.vflset/en_US/embed.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 22629
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 29 May 2024 08:16:44 GMT
Expires: Thu, 29 May 2025 08:16:44 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 29 May 2024 04:18:18 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 392757
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /embed/QMECDnECjJM?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sun, 02 Jun 2024 21:22:43 GMT
Strict-Transport-Security: max-age=31536000
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Cross-Origin-Resource-Policy: cross-origin
Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/s/player/79e6d03a/www-embed-player.vflset/www-embed-player.js

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /s/player/79e6d03a/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 115974
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 29 May 2024 07:48:43 GMT
Expires: Thu, 29 May 2025 07:48:43 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 29 May 2024 04:18:18 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 394440
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/79e6d03a/www-player.css

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /s/player/79e6d03a/www-player.css HTTP/1.1
Accept: text/css, */*
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 58696
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 29 May 2024 07:48:43 GMT
Expires: Thu, 29 May 2025 07:48:43 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 29 May 2024 04:18:18 GMT
Content-Type: text/css
Vary: Accept-Encoding, Origin
Age: 394440
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/79e6d03a/player_ias.vflset/en_US/base.js

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /s/player/79e6d03a/player_ias.vflset/en_US/base.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Encoding: gzip
Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 821549
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 29 May 2024 07:53:57 GMT
Expires: Thu, 29 May 2025 07:53:57 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 29 May 2024 04:18:18 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 394121
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/api/stats/qoe?cpn=neXIntF0vMUak_A1&el=embedded&ns=yt&fexp=v1%2C24004644%2C76094%2C54572%2C304051%2C60171%2C60884%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C6966%2C2%2C6689%2C2007%2C9072%2C4654%2C24498%2C2196%2C8970%2C1026%2C1103%2C21%2C911%2C3276%2C53%2C204%2C2487%2C102%2C7395%2C8%2C1049%2C453%2C2539%2C1478%2C492%2C1008%2C4076%2C39%2C9%2C46%2C2368%2C713%2C2585%2C2%2C8%2C1357%2C508%2C278%2C1941%2C2838%2C51%2C256%2C1132%2C2372%2C3759&cl=638003856&seq=1&event=streamingstats&docid=evMR3wn1LGk&qclc=ChBuZVhJbnRGMHZNVWFrX0ExEAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240528.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.003:ER&cmt=0.003:0.000,0.003:0.000&error=0.003:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.003:0&bh=0.003:0.000

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

POST /api/stats/qoe?cpn=neXIntF0vMUak_A1&el=embedded&ns=yt&fexp=v1%2C24004644%2C76094%2C54572%2C304051%2C60171%2C60884%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C6966%2C2%2C6689%2C2007%2C9072%2C4654%2C24498%2C2196%2C8970%2C1026%2C1103%2C21%2C911%2C3276%2C53%2C204%2C2487%2C102%2C7395%2C8%2C1049%2C453%2C2539%2C1478%2C492%2C1008%2C4076%2C39%2C9%2C46%2C2368%2C713%2C2585%2C2%2C8%2C1357%2C508%2C278%2C1941%2C2838%2C51%2C256%2C1132%2C2372%2C3759&cl=638003856&seq=1&event=streamingstats&docid=evMR3wn1LGk&qclc=ChBuZVhJbnRGMHZNVWFrX0ExEAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240528.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.003:ER&cmt=0.003:0.000,0.003:0.000&error=0.003:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.003:0&bh=0.003:0.000 HTTP/1.1
Accept: */*
X-Goog-Visitor-Id: CgtnbHR6T25ORVZfZyiexfOyBjIKCgJVUxIEGgAgDQ%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240528.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1717363359071&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C1524%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C590%2C250&vis=1&wgl=true&ca_type=image
Content-Type: application/x-www-form-urlencoded
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 226
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 204 No Content

Content-Type: text/html; charset=UTF-8
Date: Sun, 02 Jun 2024 21:22:41 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: Video Stats Server
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /embed/ygK7kej0BPA?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sun, 02 Jun 2024 21:22:43 GMT
Strict-Transport-Security: max-age=31536000
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
Cross-Origin-Resource-Policy: cross-origin
Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/s/player/79e6d03a/www-player.css

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /s/player/79e6d03a/www-player.css HTTP/1.1
Accept: text/css, */*
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 58696
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 29 May 2024 07:48:43 GMT
Expires: Thu, 29 May 2025 07:48:43 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 29 May 2024 04:18:18 GMT
Content-Type: text/css
Vary: Accept-Encoding, Origin
Age: 394440
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/79e6d03a/player_ias.vflset/en_US/base.js

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /s/player/79e6d03a/player_ias.vflset/en_US/base.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Encoding: gzip
Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 821549
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 29 May 2024 07:53:57 GMT
Expires: Thu, 29 May 2025 07:53:57 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 29 May 2024 04:18:18 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 394126
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1717363368385
Content-Type: application/json
X-Goog-Visitor-Id: CgtnbHR6T25ORVZfZyijxfOyBjIKCgJVUxIEGgAgDQ%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240528.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1717363364065&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12994%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 8864
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sun, 02 Jun 2024 21:22:49 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1717363369095
Content-Type: application/json
X-Goog-Visitor-Id: CgtnbHR6T25ORVZfZyiixfOyBjIKCgJVUxIEGgAgDQ%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240528.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1717363362420&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12594%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 2044
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sun, 02 Jun 2024 21:22:50 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

static.xx.fbcdn.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.xx.fbcdn.net

IN A

Response

static.xx.fbcdn.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

163.70.151.21
DNS

scontent.xx.fbcdn.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

scontent.xx.fbcdn.net

IN A

Response

scontent.xx.fbcdn.net

IN A

163.70.151.21
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y4/r/pGWeTe1I8eG.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/y4/r/pGWeTe1I8eG.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Sun, 01 Jun 2025 00:09:32 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: o+VLZ1+xA3v6Ui5X5i9g/g==
X-FB-Debug: rTAX8oOV3QeFo8/A1QHGsszXcn5PQFnpdWr3NXDyAQIB88O2xT9UQsKeqLr49OqtxWeY6qTyzgqLed1RoMTh/g==
Date: Sun, 02 Jun 2024 21:22:39 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=21, rtx=0, c=14, mss=1357, tbw=3221, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 120246
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yw/r/UXtr_j2Fwe-.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/png
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: 07aG/2AEtDHVAZ5LUajMDQ==
Expires: Sun, 01 Jun 2025 04:46:54 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
origin-agent-cluster: ?0
X-FB-Debug: nYB19cBdXa5ddL8CQEkCJMfScfscumCuISM1+fNIPy97yJZMOD8YXjkiPknBa9jYhZqmqn+rLVYIELgE7fiiKw==
Date: Sun, 02 Jun 2024 21:22:39 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=18, rtx=1, c=82, mss=1357, tbw=126023, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 573
GET

https://scontent.xx.fbcdn.net/v/t39.30808-1/302682950_408081388117661_761848427710662801_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=103&ccb=1-7&_nc_sid=5f2048&_nc_ohc=FMJ7fHjnC6AQ7kNvgEXCBux&_nc_ht=scontent.xx&edm=AEDRbFQEAAAA&oh=00_AYAMmCaGbEUlx9eXddXyXqCC4RQYIIPVe688tipteN9yig&oe=6662A353

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /v/t39.30808-1/302682950_408081388117661_761848427710662801_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=103&ccb=1-7&_nc_sid=5f2048&_nc_ohc=FMJ7fHjnC6AQ7kNvgEXCBux&_nc_ht=scontent.xx&edm=AEDRbFQEAAAA&oh=00_AYAMmCaGbEUlx9eXddXyXqCC4RQYIIPVe688tipteN9yig&oe=6662A353 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: scontent.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Sat, 10 Sep 2022 01:27:37 GMT
X-Needle-Checksum: 2883854034
thrift_fmhk: GBCGm17N5Mq1mXTgwTwx9pe5FfDr4Z0EvFUAHCYEAAAA
Content-Type: image/jpeg
content-digest: adler32=740015753
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
Access-Control-Allow-Origin: *
Cache-Control: max-age=1209600, no-transform
Accept-Ranges: bytes
Date: Sun, 02 Jun 2024 21:22:39 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=19, rtx=0, c=14, mss=1357, tbw=3223, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 1967
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yE/l/0,cross/LG4XKM9M9OM.css?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yE/l/0,cross/LG4XKM9M9OM.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: text/css, */*
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Thu, 22 May 2025 18:42:57 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: DhXdo/8nVDNhqzTW57WzhQ==
X-FB-Debug: lQtdnfDUEbvPZyNrKM0VotCeB7Xxvi1R9rzINhJry/RcZ9uiR2EOHliQqmo+8q/eTw7Hf4xe04nchDhNoNLxaw==
Date: Sun, 02 Jun 2024 21:22:39 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=24, rtx=0, c=14, mss=1357, tbw=3222, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 6031
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/o1ndYS2og_B.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/y1/r/o1ndYS2og_B.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Thu, 29 May 2025 16:43:51 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: +XuRV7TCFgdTr4rntoaKNw==
X-FB-Debug: EsOxk11Eq0wcZYuXeEYe2MrDv1oTCLBIXtpfeOEh/HdmrP6Xa6mqbPz//Nqegmz5YOzsvLmDx00swyS8j+XM1A==
Date: Sun, 02 Jun 2024 21:22:39 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=21, rtx=0, c=14, mss=1357, tbw=3221, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 2348
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Thu, 29 May 2025 08:15:58 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
origin-agent-cluster: ?0
content-md5: PCil07El4hl7RdWxcVlVHw==
X-FB-Debug: dCIlhhVe6+A+GVfQAa64INV3B93k9ODCYRsVw+TeZ9KvZOVOqb2TMWyVnG/+YwGPbl0PP08VjfE4g/F8Rr4XWA==
Date: Sun, 02 Jun 2024 21:22:39 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=23, rtx=0, c=18, mss=1357, tbw=7630, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 333
GET

https://static.xx.fbcdn.net/rsrc.php/v3ij9m4/y9/l/en_GB/HbT8HXdZYIC.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3ij9m4/y9/l/en_GB/HbT8HXdZYIC.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Sat, 31 May 2025 23:12:44 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: ftj7Adajz3Wwd8wLkrkn4g==
X-FB-Debug: UCkhENlDPdMsSe4Gmvdwm/kFd8NEF1b6MgSmFy2aICYA9k8tTvZh4LRcR3uOtaJG8rVR3IzhOAq7IRijxAmNiA==
Date: Sun, 02 Jun 2024 21:22:39 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=19, rtx=0, c=14, mss=1357, tbw=3223, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 29516
GET

https://static.xx.fbcdn.net/rsrc.php/v3issO4/y1/l/en_GB/Ue-M3hwtZyC.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3issO4/y1/l/en_GB/Ue-M3hwtZyC.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Sun, 01 Jun 2025 01:00:37 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: nbyhOWtFkVM+rJ6nXTmEAA==
X-FB-Debug: ySUsWEKrK43qMsthOCtLEjwIVZ8iUZ18OlBh72aoKQ139qhSSPwkeIOWglkEe1phju1ngTeDdJJ/ZZV3d1ecfw==
Date: Sun, 02 Jun 2024 21:22:39 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=14, mss=1357, tbw=3222, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 28499
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yj/r/uvZwAvi7zBh.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yj/r/uvZwAvi7zBh.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Sat, 31 May 2025 19:37:27 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: r2J+aCMfqx/NUgjUpXbKsQ==
X-FB-Debug: g3BfZ/JRfFqHdvfTCUkREeO+K7cstMH0zq8zMqla1csYBf7bHklpQrbiGw1lEvlS7wdvcuFzVH2kfIlO9sHwCw==
Date: Sun, 02 Jun 2024 21:22:39 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=14, mss=1357, tbw=3221, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 12372
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/dXk5exdOVhk.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/y1/r/dXk5exdOVhk.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Fri, 30 May 2025 16:37:06 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-md5: ivkhXUQG4wQzNqI4NjhapA==
X-FB-Debug: fTh23n92ADKggoHmUPGx0kBI7e0fh//DW2X6LIG80YmHxEoK6CiVtnu7pMdufVRmlhn0ZtaSSOB8E6ZWbUgz5g==
Date: Sun, 02 Jun 2024 21:22:39 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=25, rtx=0, c=25, mss=1357, tbw=17684, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 302
DNS

googleads.g.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

216.58.204.66
DNS

static.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN A

Response

static.doubleclick.net

IN A

216.58.213.6
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

216.58.204.66:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Sun, 02 Jun 2024 21:22:40 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

216.58.204.66:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Sun, 02 Jun 2024 21:22:40 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

216.58.204.66:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Sun, 02 Jun 2024 21:22:43 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

216.58.204.66:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Sun, 02 Jun 2024 21:22:43 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

216.58.204.66:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Sun, 02 Jun 2024 21:22:43 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

216.58.204.66:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Sun, 02 Jun 2024 21:22:43 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://static.doubleclick.net/instream/ad_status.js

IEXPLORE.EXE

Remote address:

216.58.213.6:443

Request

GET /instream/ad_status.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="ads-doubleclick-media"
Report-To: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
Timing-Allow-Origin: *
Content-Length: 29
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 02 Jun 2024 21:11:13 GMT
Expires: Sun, 02 Jun 2024 21:26:13 GMT
Cache-Control: public, max-age=900
Age: 687
Last-Modified: Thu, 12 Dec 2013 23:40:16 GMT
Content-Type: text/javascript
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

jnn-pa.googleapis.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN A

Response

jnn-pa.googleapis.com

IN A

142.250.187.202

jnn-pa.googleapis.com

IN A

142.250.187.234

jnn-pa.googleapis.com

IN A

142.250.178.10

jnn-pa.googleapis.com

IN A

172.217.16.234

jnn-pa.googleapis.com

IN A

142.250.200.10

jnn-pa.googleapis.com

IN A

142.250.200.42

jnn-pa.googleapis.com

IN A

216.58.201.106

jnn-pa.googleapis.com

IN A

216.58.204.74

jnn-pa.googleapis.com

IN A

216.58.213.10

jnn-pa.googleapis.com

IN A

172.217.169.74

jnn-pa.googleapis.com

IN A

172.217.169.42

jnn-pa.googleapis.com

IN A

142.250.179.234

jnn-pa.googleapis.com

IN A

142.250.180.10
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

IEXPLORE.EXE

Remote address:

142.250.187.202:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 24
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sun, 02 Jun 2024 21:22:41 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

IEXPLORE.EXE

Remote address:

142.250.187.202:443

Request

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 1159
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sun, 02 Jun 2024 21:22:41 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

IEXPLORE.EXE

Remote address:

142.250.187.202:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 24
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sun, 02 Jun 2024 21:22:46 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

IEXPLORE.EXE

Remote address:

142.250.187.202:443

Request

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 1335
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sun, 02 Jun 2024 21:22:47 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

http://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.179.238:80

Request

GET /embed/gS2GhpTPLvQ?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sun, 02 Jun 2024 21:22:42 GMT
Location: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.179.238:80

Request

GET /embed/ywSeSlVcY4w?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sun, 02 Jun 2024 21:22:42 GMT
Location: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.google-analytics.com/ga.js

IEXPLORE.EXE

Remote address:

216.58.213.14:80

Request

GET /ga.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google-analytics.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Sun, 02 Jun 2024 19:25:54 GMT
Expires: Sun, 02 Jun 2024 21:25:54 GMT
Cache-Control: public, max-age=7200
Age: 7008
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
GET

https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /embed/ywSeSlVcY4w?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sun, 02 Jun 2024 21:22:43 GMT
Strict-Transport-Security: max-age=31536000
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Cross-Origin-Resource-Policy: cross-origin
Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/s/player/79e6d03a/www-embed-player.vflset/www-embed-player.js

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /s/player/79e6d03a/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 115974
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 29 May 2024 07:48:43 GMT
Expires: Thu, 29 May 2025 07:48:43 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 29 May 2024 04:18:18 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 394440
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/79e6d03a/player_ias.vflset/en_US/remote.js

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /s/player/79e6d03a/player_ias.vflset/en_US/remote.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 39345
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 29 May 2024 08:19:12 GMT
Expires: Thu, 29 May 2025 08:19:12 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 29 May 2024 04:18:18 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 392612
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/79e6d03a/player_ias.vflset/en_US/embed.js

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /s/player/79e6d03a/player_ias.vflset/en_US/embed.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 22629
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 29 May 2024 08:16:44 GMT
Expires: Thu, 29 May 2025 08:16:44 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 29 May 2024 04:18:18 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 392760
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/api/stats/qoe?cpn=a-2EnzKq9TdvO8vV&el=embedded&ns=yt&fexp=v1%2C24004644%2C76094%2C54572%2C304051%2C60171%2C60884%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C6966%2C2%2C6689%2C2007%2C9072%2C4654%2C24498%2C2196%2C8970%2C1026%2C1103%2C21%2C911%2C3276%2C53%2C204%2C2487%2C102%2C7395%2C8%2C1049%2C453%2C2539%2C1478%2C492%2C1008%2C4076%2C39%2C9%2C46%2C2368%2C713%2C2585%2C2%2C8%2C1357%2C508%2C278%2C1941%2C2838%2C51%2C256%2C1132%2C2372%2C3759&cl=638003856&seq=1&event=streamingstats&docid=QMECDnECjJM&qclc=ChBhLTJFbnpLcTlUZHZPOHZWEAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240528.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

POST /api/stats/qoe?cpn=a-2EnzKq9TdvO8vV&el=embedded&ns=yt&fexp=v1%2C24004644%2C76094%2C54572%2C304051%2C60171%2C60884%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C6966%2C2%2C6689%2C2007%2C9072%2C4654%2C24498%2C2196%2C8970%2C1026%2C1103%2C21%2C911%2C3276%2C53%2C204%2C2487%2C102%2C7395%2C8%2C1049%2C453%2C2539%2C1478%2C492%2C1008%2C4076%2C39%2C9%2C46%2C2368%2C713%2C2585%2C2%2C8%2C1357%2C508%2C278%2C1941%2C2838%2C51%2C256%2C1132%2C2372%2C3759&cl=638003856&seq=1&event=streamingstats&docid=QMECDnECjJM&qclc=ChBhLTJFbnpLcTlUZHZPOHZWEAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240528.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000 HTTP/1.1
Accept: */*
X-Goog-Visitor-Id: CgtnbHR6T25ORVZfZyiixfOyBjIKCgJVUxIEGgAgDQ%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240528.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1717363362420&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12594%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Content-Type: application/x-www-form-urlencoded
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 226
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 204 No Content

Content-Type: text/html; charset=UTF-8
Date: Sun, 02 Jun 2024 21:22:46 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: Video Stats Server
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/generate_204?MAEAHg

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /generate_204?MAEAHg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 204 No Content

Content-Length: 0
Cross-Origin-Resource-Policy: cross-origin
Date: Sun, 02 Jun 2024 21:22:46 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/79e6d03a/player_ias.vflset/en_US/remote.js

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /s/player/79e6d03a/player_ias.vflset/en_US/remote.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 39345
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 29 May 2024 08:19:12 GMT
Expires: Thu, 29 May 2025 08:19:12 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 29 May 2024 04:18:18 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 392614
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/79e6d03a/player_ias.vflset/en_US/embed.js

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /s/player/79e6d03a/player_ias.vflset/en_US/embed.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 22629
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 29 May 2024 08:16:44 GMT
Expires: Thu, 29 May 2025 08:16:44 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 29 May 2024 04:18:18 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 392762
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/api/stats/qoe?cpn=ie3jU8IdDJQrRgvr&el=embedded&ns=yt&fexp=v1%2C24004644%2C76094%2C54572%2C304051%2C60171%2C60884%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C6966%2C2%2C6689%2C2007%2C9072%2C4654%2C24498%2C2196%2C8970%2C1026%2C1103%2C21%2C911%2C3276%2C53%2C204%2C2487%2C102%2C7395%2C8%2C1049%2C453%2C2539%2C1478%2C492%2C1008%2C4076%2C39%2C9%2C46%2C2368%2C713%2C2585%2C2%2C8%2C1357%2C508%2C278%2C1941%2C2838%2C51%2C256%2C1132%2C2372%2C3759&cl=638003856&seq=1&event=streamingstats&docid=ywSeSlVcY4w&qclc=ChBpZTNqVThJZERKUXJSZ3ZyEAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240528.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

POST /api/stats/qoe?cpn=ie3jU8IdDJQrRgvr&el=embedded&ns=yt&fexp=v1%2C24004644%2C76094%2C54572%2C304051%2C60171%2C60884%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C6966%2C2%2C6689%2C2007%2C9072%2C4654%2C24498%2C2196%2C8970%2C1026%2C1103%2C21%2C911%2C3276%2C53%2C204%2C2487%2C102%2C7395%2C8%2C1049%2C453%2C2539%2C1478%2C492%2C1008%2C4076%2C39%2C9%2C46%2C2368%2C713%2C2585%2C2%2C8%2C1357%2C508%2C278%2C1941%2C2838%2C51%2C256%2C1132%2C2372%2C3759&cl=638003856&seq=1&event=streamingstats&docid=ywSeSlVcY4w&qclc=ChBpZTNqVThJZERKUXJSZ3ZyEAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240528.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000 HTTP/1.1
Accept: */*
X-Goog-Visitor-Id: CgtnbHR6T25ORVZfZyijxfOyBjIKCgJVUxIEGgAgDQ%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240528.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1717363364563&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12994%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Content-Type: application/x-www-form-urlencoded
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 226
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 204 No Content

Content-Type: text/html; charset=UTF-8
Date: Sun, 02 Jun 2024 21:22:47 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: Video Stats Server
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1717363366680
Content-Type: application/json
X-Goog-Visitor-Id: CgtnbHR6T25ORVZfZyiixfOyBjIKCgJVUxIEGgAgDQ%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240528.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1717363361960&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12594%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 7893
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sun, 02 Jun 2024 21:22:47 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1717363368365
Content-Type: application/json
X-Goog-Visitor-Id: CgtnbHR6T25ORVZfZyiixfOyBjIKCgJVUxIEGgAgDQ%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240528.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1717363361898&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12394%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 9951
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sun, 02 Jun 2024 21:22:49 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /embed/gS2GhpTPLvQ?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sun, 02 Jun 2024 21:22:43 GMT
Strict-Transport-Security: max-age=31536000
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1717363361969
Content-Type: application/json
X-Goog-Visitor-Id: CgtnbHR6T25ORVZfZyiexfOyBjIKCgJVUxIEGgAgDQ%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240528.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1717363357804&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C1524%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C590%2C250&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 10439
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sun, 02 Jun 2024 21:22:43 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/generate_204?ZnFbUw

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

GET /generate_204?ZnFbUw HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 204 No Content

Content-Length: 0
Cross-Origin-Resource-Policy: cross-origin
Date: Sun, 02 Jun 2024 21:22:48 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

142.250.179.238:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1717363368376
Content-Type: application/json
X-Goog-Visitor-Id: CgtnbHR6T25ORVZfZyijxfOyBjIKCgJVUxIEGgAgDQ%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240528.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1717363364039&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12794%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 9655
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=xE2f7gIu7Po; VISITOR_INFO1_LIVE=gltzOnNEV_g; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sun, 02 Jun 2024 21:22:49 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

www.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
GET

https://www.google.com/js/th/FuC5FHNNqx6hIMPHBLFutNLSO6Lu9zn3BZWWVNvRnX0.js

IEXPLORE.EXE

Remote address:

142.250.187.196:443

Request

GET /js/th/FuC5FHNNqx6hIMPHBLFutNLSO6Lu9zn3BZWWVNvRnX0.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="botguard-scs"
Report-To: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
Content-Length: 23749
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 30 May 2024 12:56:54 GMT
Expires: Fri, 30 May 2025 12:56:54 GMT
Cache-Control: public, max-age=31536000
Age: 289550
Last-Modified: Tue, 21 May 2024 21:00:00 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

i.ytimg.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

142.250.200.22

i.ytimg.com

IN A

142.250.200.54

i.ytimg.com

IN A

216.58.201.118

i.ytimg.com

IN A

216.58.204.86

i.ytimg.com

IN A

216.58.212.214

i.ytimg.com

IN A

216.58.212.246

i.ytimg.com

IN A

172.217.169.86

i.ytimg.com

IN A

172.217.169.54

i.ytimg.com

IN A

142.250.179.246

i.ytimg.com

IN A

142.250.180.22

i.ytimg.com

IN A

142.250.187.214

i.ytimg.com

IN A

142.250.187.246

i.ytimg.com

IN A

142.250.178.22

i.ytimg.com

IN A

172.217.16.246
GET

https://i.ytimg.com/vi/ygK7kej0BPA/sddefault.jpg

IEXPLORE.EXE

Remote address:

142.250.200.22:443

Request

GET /vi/ygK7kej0BPA/sddefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i.ytimg.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 35419
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 02 Jun 2024 20:55:54 GMT
Expires: Sun, 02 Jun 2024 22:55:54 GMT
Cache-Control: public, max-age=7200
Age: 1610
ETag: "0"
Content-Type: image/jpeg
Vary: Origin
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://i.ytimg.com/vi/gS2GhpTPLvQ/sddefault.jpg

IEXPLORE.EXE

Remote address:

142.250.200.22:443

Request

GET /vi/gS2GhpTPLvQ/sddefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i.ytimg.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 36415
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 02 Jun 2024 20:55:54 GMT
Expires: Sun, 02 Jun 2024 22:55:54 GMT
Cache-Control: public, max-age=7200
Age: 1612
ETag: "1376813903"
Content-Type: image/jpeg
Vary: Origin
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

IEXPLORE.EXE

Remote address:

142.250.187.202:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 24
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sun, 02 Jun 2024 21:22:46 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

IEXPLORE.EXE

Remote address:

142.250.187.202:443

Request

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 1307
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sun, 02 Jun 2024 21:22:47 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

yt3.ggpht.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

yt3.ggpht.com

IN A

Response

yt3.ggpht.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.180.1
GET

https://yt3.ggpht.com/ytc/AIdro_kKqNeL3cYjYNkFmifDFE3XRspqNa0XYqzqcmi30Ic=s68-c-k-c0x00ffffff-no-rj

IEXPLORE.EXE

Remote address:

142.250.180.1:443

Request

GET /ytc/AIdro_kKqNeL3cYjYNkFmifDFE3XRspqNa0XYqzqcmi30Ic=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: yt3.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="unnamed.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1182
X-XSS-Protection: 0
Date: Sun, 02 Jun 2024 21:19:59 GMT
Expires: Mon, 03 Jun 2024 21:19:59 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Type: image/jpeg
Vary: Origin
Age: 166
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

216.58.204.66:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Sun, 02 Jun 2024 21:22:45 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

216.58.204.66:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Sun, 02 Jun 2024 21:22:46 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

216.58.204.66:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Sun, 02 Jun 2024 21:22:46 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

216.58.204.66:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Sun, 02 Jun 2024 21:22:46 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

fe0.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

fe0.google.com

IN A

Response
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

IEXPLORE.EXE

Remote address:

142.250.187.202:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 24
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sun, 02 Jun 2024 21:22:47 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

IEXPLORE.EXE

Remote address:

142.250.187.202:443

Request

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 1327
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sun, 02 Jun 2024 21:22:48 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

IEXPLORE.EXE

Remote address:

142.250.187.202:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 24
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sun, 02 Jun 2024 21:22:47 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

IEXPLORE.EXE

Remote address:

142.250.187.202:443

Request

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 1322
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sun, 02 Jun 2024 21:22:48 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked

142.250.187.202:80

http://fonts.googleapis.com/css?family=Arial

http

IEXPLORE.EXE

523 B
1.4kB
6
4

HTTP Request

GET http://fonts.googleapis.com/css?family=Arial

HTTP Response

400
142.250.187.202:80

fonts.googleapis.com

IEXPLORE.EXE

190 B
92 B
4
2
142.250.179.238:80

http://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

http

IEXPLORE.EXE

928 B
1.5kB
8
7

HTTP Request

GET http://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

HTTP Response

301

HTTP Request

GET http://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

HTTP Response

301
142.250.179.238:80

http://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

http

IEXPLORE.EXE

510 B
579 B
5
4

HTTP Request

GET http://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

HTTP Response

301
163.70.151.35:80

http://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

http

IEXPLORE.EXE

724 B
569 B
6
4

HTTP Request

GET http://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

HTTP Response

301
163.70.151.35:80

www.facebook.com

IEXPLORE.EXE

190 B
92 B
4
2
163.70.151.35:443

https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

tls, http

IEXPLORE.EXE

1.8kB
22.7kB
22
22

HTTP Request

GET https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

HTTP Response

200
142.250.179.238:443

https://www.youtube.com/s/player/79e6d03a/www-player.css

tls, http

IEXPLORE.EXE

12.4kB
491.3kB
197
370

HTTP Request

GET https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/79e6d03a/www-player.css

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/79e6d03a/www-embed-player.vflset/www-embed-player.js

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/79e6d03a/player_ias.vflset/en_US/embed.js

HTTP Response

200

HTTP Request

GET https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/79e6d03a/www-embed-player.vflset/www-embed-player.js

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/79e6d03a/www-player.css

HTTP Response

200
142.250.179.238:443

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

tls, http

IEXPLORE.EXE

74.2kB
1.8MB
978
1350

HTTP Request

GET https://www.youtube.com/s/player/79e6d03a/player_ias.vflset/en_US/base.js

HTTP Response

200

HTTP Request

POST https://www.youtube.com/api/stats/qoe?cpn=neXIntF0vMUak_A1&el=embedded&ns=yt&fexp=v1%2C24004644%2C76094%2C54572%2C304051%2C60171%2C60884%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C6966%2C2%2C6689%2C2007%2C9072%2C4654%2C24498%2C2196%2C8970%2C1026%2C1103%2C21%2C911%2C3276%2C53%2C204%2C2487%2C102%2C7395%2C8%2C1049%2C453%2C2539%2C1478%2C492%2C1008%2C4076%2C39%2C9%2C46%2C2368%2C713%2C2585%2C2%2C8%2C1357%2C508%2C278%2C1941%2C2838%2C51%2C256%2C1132%2C2372%2C3759&cl=638003856&seq=1&event=streamingstats&docid=evMR3wn1LGk&qclc=ChBuZVhJbnRGMHZNVWFrX0ExEAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240528.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.003:ER&cmt=0.003:0.000,0.003:0.000&error=0.003:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.003:0&bh=0.003:0.000

HTTP Response

204

HTTP Request

GET https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/79e6d03a/www-player.css

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/79e6d03a/player_ias.vflset/en_US/base.js

HTTP Response

200

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200
142.250.179.238:443

www.youtube.com

tls

IEXPLORE.EXE

519 B
355 B
6
5
142.250.179.238:443

www.youtube.com

tls

IEXPLORE.EXE

519 B
355 B
6
5
163.70.151.21:443

https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png

tls, http

IEXPLORE.EXE

4.4kB
132.7kB
64
103

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y4/r/pGWeTe1I8eG.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png

HTTP Response

200
163.70.151.21:443

scontent.xx.fbcdn.net

tls

IEXPLORE.EXE

568 B
3.5kB
6
6
163.70.151.21:443

https://scontent.xx.fbcdn.net/v/t39.30808-1/302682950_408081388117661_761848427710662801_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=103&ccb=1-7&_nc_sid=5f2048&_nc_ohc=FMJ7fHjnC6AQ7kNvgEXCBux&_nc_ht=scontent.xx&edm=AEDRbFQEAAAA&oh=00_AYAMmCaGbEUlx9eXddXyXqCC4RQYIIPVe688tipteN9yig&oe=6662A353

tls, http

IEXPLORE.EXE

1.4kB
6.3kB
8
10

HTTP Request

GET https://scontent.xx.fbcdn.net/v/t39.30808-1/302682950_408081388117661_761848427710662801_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=103&ccb=1-7&_nc_sid=5f2048&_nc_ohc=FMJ7fHjnC6AQ7kNvgEXCBux&_nc_ht=scontent.xx&edm=AEDRbFQEAAAA&oh=00_AYAMmCaGbEUlx9eXddXyXqCC4RQYIIPVe688tipteN9yig&oe=6662A353

HTTP Response

200
163.70.151.21:443

https://static.xx.fbcdn.net/rsrc.php/v3/yE/l/0,cross/LG4XKM9M9OM.css?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

1.3kB
11.9kB
10
14

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yE/l/0,cross/LG4XKM9M9OM.css?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
163.70.151.21:443

https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

1.9kB
10.7kB
11
15

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/o1ndYS2og_B.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
163.70.151.21:443

https://static.xx.fbcdn.net/rsrc.php/v3ij9m4/y9/l/en_GB/HbT8HXdZYIC.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

1.7kB
36.1kB
19
31

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3ij9m4/y9/l/en_GB/HbT8HXdZYIC.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
163.70.151.21:443

https://static.xx.fbcdn.net/rsrc.php/v3issO4/y1/l/en_GB/Ue-M3hwtZyC.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

1.7kB
35.1kB
19
31

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3issO4/y1/l/en_GB/Ue-M3hwtZyC.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
163.70.151.21:443

https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/dXk5exdOVhk.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

2.1kB
21.0kB
15
23

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yj/r/uvZwAvi7zBh.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/dXk5exdOVhk.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
216.58.204.66:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

2.2kB
8.9kB
12
17

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
216.58.204.66:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

1.5kB
6.9kB
11
13

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
216.58.213.6:443

https://static.doubleclick.net/instream/ad_status.js

tls, http

IEXPLORE.EXE

1.1kB
5.8kB
9
9

HTTP Request

GET https://static.doubleclick.net/instream/ad_status.js

HTTP Response

200
216.58.213.6:443

static.doubleclick.net

tls

IEXPLORE.EXE

667 B
4.9kB
8
8
142.250.187.202:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

tls, http

IEXPLORE.EXE

7.4kB
97.9kB
51
85

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

HTTP Response

200
142.250.179.238:80

http://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

http

IEXPLORE.EXE

510 B
579 B
5
4

HTTP Request

GET http://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

HTTP Response

301
142.250.179.238:80

http://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

http

IEXPLORE.EXE

510 B
579 B
5
4

HTTP Request

GET http://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

HTTP Response

301
216.58.213.14:80

http://www.google-analytics.com/ga.js

http

IEXPLORE.EXE

720 B
18.2kB
10
15

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
216.58.213.14:80

www.google-analytics.com

IEXPLORE.EXE

98 B
52 B
2
1
142.250.179.238:443

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

tls, http

IEXPLORE.EXE

34.1kB
304.0kB
149
251

HTTP Request

GET https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/79e6d03a/www-embed-player.vflset/www-embed-player.js

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/79e6d03a/player_ias.vflset/en_US/remote.js

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/79e6d03a/player_ias.vflset/en_US/embed.js

HTTP Response

200

HTTP Request

POST https://www.youtube.com/api/stats/qoe?cpn=a-2EnzKq9TdvO8vV&el=embedded&ns=yt&fexp=v1%2C24004644%2C76094%2C54572%2C304051%2C60171%2C60884%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C6966%2C2%2C6689%2C2007%2C9072%2C4654%2C24498%2C2196%2C8970%2C1026%2C1103%2C21%2C911%2C3276%2C53%2C204%2C2487%2C102%2C7395%2C8%2C1049%2C453%2C2539%2C1478%2C492%2C1008%2C4076%2C39%2C9%2C46%2C2368%2C713%2C2585%2C2%2C8%2C1357%2C508%2C278%2C1941%2C2838%2C51%2C256%2C1132%2C2372%2C3759&cl=638003856&seq=1&event=streamingstats&docid=QMECDnECjJM&qclc=ChBhLTJFbnpLcTlUZHZPOHZWEAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240528.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000

HTTP Response

204

HTTP Request

GET https://www.youtube.com/generate_204?MAEAHg

HTTP Response

204

HTTP Request

GET https://www.youtube.com/s/player/79e6d03a/player_ias.vflset/en_US/remote.js

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/79e6d03a/player_ias.vflset/en_US/embed.js

HTTP Response

200

HTTP Request

POST https://www.youtube.com/api/stats/qoe?cpn=ie3jU8IdDJQrRgvr&el=embedded&ns=yt&fexp=v1%2C24004644%2C76094%2C54572%2C304051%2C60171%2C60884%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C6966%2C2%2C6689%2C2007%2C9072%2C4654%2C24498%2C2196%2C8970%2C1026%2C1103%2C21%2C911%2C3276%2C53%2C204%2C2487%2C102%2C7395%2C8%2C1049%2C453%2C2539%2C1478%2C492%2C1008%2C4076%2C39%2C9%2C46%2C2368%2C713%2C2585%2C2%2C8%2C1357%2C508%2C278%2C1941%2C2838%2C51%2C256%2C1132%2C2372%2C3759&cl=638003856&seq=1&event=streamingstats&docid=ywSeSlVcY4w&qclc=ChBpZTNqVThJZERKUXJSZ3ZyEAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240528.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000

HTTP Response

204

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200
142.250.179.238:443

https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

tls, http

IEXPLORE.EXE

1.7kB
45.7kB
23
37

HTTP Request

GET https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

HTTP Response

200
142.250.179.238:443

www.youtube.com

tls

IEXPLORE.EXE

427 B
315 B
4
4
142.250.179.238:443

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

tls, http

IEXPLORE.EXE

24.0kB
3.2kB
26
28

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200

HTTP Request

GET https://www.youtube.com/generate_204?ZnFbUw

HTTP Response

204

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200
142.250.187.196:443

www.google.com

tls

IEXPLORE.EXE

705 B
4.8kB
9
10
142.250.187.196:443

https://www.google.com/js/th/FuC5FHNNqx6hIMPHBLFutNLSO6Lu9zn3BZWWVNvRnX0.js

tls, http

IEXPLORE.EXE

1.5kB
30.5kB
17
26

HTTP Request

GET https://www.google.com/js/th/FuC5FHNNqx6hIMPHBLFutNLSO6Lu9zn3BZWWVNvRnX0.js

HTTP Response

200
142.250.200.22:443

i.ytimg.com

tls

IEXPLORE.EXE

634 B
5.2kB
7
8
142.250.200.22:443

https://i.ytimg.com/vi/gS2GhpTPLvQ/sddefault.jpg

tls, http

IEXPLORE.EXE

2.9kB
83.3kB
38
64

HTTP Request

GET https://i.ytimg.com/vi/ygK7kej0BPA/sddefault.jpg

HTTP Response

200

HTTP Request

GET https://i.ytimg.com/vi/gS2GhpTPLvQ/sddefault.jpg

HTTP Response

200
142.250.187.202:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

tls, http

IEXPLORE.EXE

3.9kB
46.7kB
27
42

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

HTTP Response

200
142.250.180.1:443

yt3.ggpht.com

tls

IEXPLORE.EXE

658 B
9.6kB
8
11
142.250.180.1:443

https://yt3.ggpht.com/ytc/AIdro_kKqNeL3cYjYNkFmifDFE3XRspqNa0XYqzqcmi30Ic=s68-c-k-c0x00ffffff-no-rj

tls, http

IEXPLORE.EXE

1.1kB
11.4kB
9
12

HTTP Request

GET https://yt3.ggpht.com/ytc/AIdro_kKqNeL3cYjYNkFmifDFE3XRspqNa0XYqzqcmi30Ic=s68-c-k-c0x00ffffff-no-rj

HTTP Response

200
216.58.204.66:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

1.6kB
3.0kB
8
10

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
216.58.204.66:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

865 B
1.4kB
6
6

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
216.58.204.66:443

googleads.g.doubleclick.net

tls

IEXPLORE.EXE

439 B
315 B
4
4
142.250.187.202:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

tls, http

IEXPLORE.EXE

3.9kB
47.0kB
26
41

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

HTTP Response

200
142.250.187.202:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

tls, http

IEXPLORE.EXE

3.9kB
47.2kB
26
43

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

HTTP Response

200
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

753 B
7.7kB
9
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.7kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

831 B
7.7kB
10
13

8.8.8.8:53

konthaiusa.com

dns

IEXPLORE.EXE

60 B
133 B
1
1

DNS Request

konthaiusa.com
8.8.8.8:53

www.konthaiusa.com

dns

IEXPLORE.EXE

64 B
137 B
1
1

DNS Request

www.konthaiusa.com
8.8.8.8:53

www.youtube.com

dns

IEXPLORE.EXE

61 B
303 B
1
1

DNS Request

www.youtube.com

DNS Response

142.250.179.238

142.250.180.14

142.250.187.206

142.250.187.238

142.250.178.14

172.217.16.238

142.250.200.14

142.250.200.46

216.58.201.110

216.58.204.78

216.58.212.206

216.58.212.238

172.217.169.78
8.8.8.8:53

www.facebook.com

dns

IEXPLORE.EXE

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

163.70.151.35
8.8.8.8:53

static.xx.fbcdn.net

dns

IEXPLORE.EXE

65 B
104 B
1
1

DNS Request

static.xx.fbcdn.net

DNS Response

163.70.151.21
8.8.8.8:53

scontent.xx.fbcdn.net

dns

IEXPLORE.EXE

67 B
83 B
1
1

DNS Request

scontent.xx.fbcdn.net

DNS Response

163.70.151.21
8.8.8.8:53

googleads.g.doubleclick.net

dns

IEXPLORE.EXE

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

216.58.204.66
8.8.8.8:53

static.doubleclick.net

dns

IEXPLORE.EXE

68 B
84 B
1
1

DNS Request

static.doubleclick.net

DNS Response

216.58.213.6
8.8.8.8:53

jnn-pa.googleapis.com

dns

IEXPLORE.EXE

67 B
275 B
1
1

DNS Request

jnn-pa.googleapis.com

DNS Response

142.250.187.202

142.250.187.234

142.250.178.10

172.217.16.234

142.250.200.10

142.250.200.42

216.58.201.106

216.58.204.74

216.58.213.10

172.217.169.74

172.217.169.42

142.250.179.234

142.250.180.10
8.8.8.8:53

www.google.com

dns

IEXPLORE.EXE

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.187.196
8.8.8.8:53

i.ytimg.com

dns

IEXPLORE.EXE

57 B
281 B
1
1

DNS Request

i.ytimg.com

DNS Response

142.250.200.22

142.250.200.54

216.58.201.118

216.58.204.86

216.58.212.214

216.58.212.246

172.217.169.86

172.217.169.54

142.250.179.246

142.250.180.22

142.250.187.214

142.250.187.246

142.250.178.22

172.217.16.246
8.8.8.8:53

yt3.ggpht.com

dns

IEXPLORE.EXE

59 B
120 B
1
1

DNS Request

yt3.ggpht.com

DNS Response

142.250.180.1
8.8.8.8:53

fe0.google.com

dns

IEXPLORE.EXE

60 B
110 B
1
1

DNS Request

fe0.google.com

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a061dc5cc44bc5602f4322fce7a7c698

SHA1
0131d365f4516fe4c4f373e6d98aad2c0679096e

SHA256
76ed59fa6a59d439e58ae3faf03daab66bf9a3de137a438c56ebca1ca5698997

SHA512
2e9c8cdd2d70b8cb73ccd0f6d828caf656e5c7b23fe50b9042beb4a38615b6900f1da8c6f13013f6d7198908803c26977ee3a906c5d2acc136789b9da4a0941e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7c0aea281bc0e7d745e5d5bcb468fda

SHA1
7ded0ab7471ebadb8d65a702458604bf6f6e5695

SHA256
b37b39bd674a218f56303dd0afb096500edfe44a74c83ca86cb2ebf99c55ff4b

SHA512
ed727171bec77cf34147e1ad3814d34e8b7b4d6c23e539749869bae00088a43ea46152680ba6a3e3c923dc4e7b58a5dc00e32805370f7a9e1a37e7ebc4e482c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15e85f3a5ce2aca920421d8b97a460ec

SHA1
004ad211ed241670956a0098fbe2fa0008a966ae

SHA256
df7ecf8155e4cb9735fb64d16f3d4a1ac52b480107efa95f90d6351c053afe78

SHA512
141f3c2872ae9a0bbc04dd27387552632aabb6edb5b478711695fc621ec211811b667abd19b723f53e4cd0c0001a3fbb5e7c5616b1d0dbf88edee18513882154

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ecbf07fe626b205f7c3b4b1b152ada2

SHA1
dacc4d8966384b6a1bf4af2aa17ac6a8217ed8cc

SHA256
4f4918b3dd9d9f3d661094b3871ef6aab22c74656fa9b3252d48cf187ce4bd98

SHA512
fa0f0c47512f4bcd4370aaf2077cb8dca5362a6deca2f3cad4dc0b8bee8a43859da0f5cae3c4909ad1fbc3168eb648df2ded7f78dcb9e99467c285ba40191c7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
703b80550ed3a1dade68bb1527bf94c5

SHA1
ca471065d4950d837eac4fcdc1744a2d2d8ae38a

SHA256
c80e569d9628ee638fdafb9f93e6bc29e9c6ce98dfd14787e56d5f556720fbb4

SHA512
a395d8ab73f621dc47beb9be6a2933c654a99162cdb6834e593efe0658b7fb90a09808cea15d2ce2a067e064dae9d21341f11b2eacd51e45e00d9dbf1c1ed7fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34e750c457a487ea44e8ff32dc1c81d7

SHA1
4c37d0948d691ae349670a14f00eac825a887a39

SHA256
2ab87158524963bdc141911981f2e42a629b683a3af5ce131d194626a301e3c9

SHA512
49ce82a57cfd957dbd7d64710262a47e868f751de9d1fcbc9e3d1fe88249e2a50febfd3b8851a379c07becebf9b6587867373acfe3ea5f95d43475f23de565dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe15217fa484478401278814d75b4846

SHA1
8c92490a9876c8fd0d9cc3eab29085363e02877d

SHA256
cc0a691d83878e994dadc9b578a026bb0ab32fa4316dbaa2863bea1da40e544d

SHA512
7e1e18e110fdceb5edae9f8f26a5afc0bb2129e8b726258b7321c714b0e6b83bd7c1f6cdc1362c1ef86312730f0a555f5bcc7b2d19961af44ee2d734300203b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68da3cbacd0ad79dd61f367dd014f965

SHA1
00ec2499049ab16adec4dbc13fdb8f9b799e3848

SHA256
c29c3e0106764e0f5b755b383c4b0f9fd0ab2af324cd5ee56ebd049a230c13e6

SHA512
bde23c4d2d6fb759a3c6bc4996f6a583fae8e037ef0c9bc2348a9c85430f5712284ca03b8b1a21a95c93c23e306cb90a14547b54e4c1f5bc71d8af7a079ae47b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b93a48895ad177664cc81192a3768e8

SHA1
2c960157b434688540dd5982049506c738fe81f9

SHA256
0899b47a8faa05f77cfdd0ce2636d4fa66892531c40d26059d8d347dbef9cc58

SHA512
a5bcab4241572042b8ec0f0c15dd1a81add427c496df17836efed238e6ecff7a6d3a616a3ff7cc03b20dd43981de3ef93fbf0678edcb40112aee0d0c88538f83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34e52cd69b1a80bf1d3dd081ffee016c

SHA1
cf709320c31550e97d5ea2f2575d7f3cc9694b58

SHA256
0af48f283ec5517dac7da1aa0d89b5afd2af4f5178d2fc74eeb40a8b35ac4ab1

SHA512
45a7bd301ab2e4a0d92ec7271bddd7d828034a485084997bd483fc70833b4b582ae397fb9145ebfff31ef1e61686ec6eb80ec6978a83d477a93c47a9624934db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e0f1773cd35e671101a83517d7598a2f

SHA1
5d4f38119b24c97aee2adf76118d247dbd388a03

SHA256
60170353b8e9f428e19ca7cf345f54bb088a51d1aeb7895d32aaa9b949b66a29

SHA512
abe40cea0a8ea789a4e28faf40195da2dc3ee25898a74a45f390eef5cc60d685b725cbc888301300dd153ad14d734419ff026be1ab5c53a3f8a0322cc53c7b9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55251f141bb8afff89bb8458a6ad16b5

SHA1
fa1cdcb5be9dbe4314e508d03d7cf41946de3b70

SHA256
80fdd5a75fcb32d5026d18e1a9dbc44c9c285665691dbeb4d47694eda93b5d0f

SHA512
4c95420829862f406694b9c3f9b149b41be936d58d36da70377f59a72e16c1b8643a8dd22d0f938439fc64c9b1f8c3e6ef63b771fa4088d29512003e1b40081b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2512e278f487e7e5ae2423bf64a9131

SHA1
21443a9629fcc284c8f0500a4139c60a140f18c8

SHA256
db40a6f84c12c6eb8424aab6a9ab3cf3de0638d347afd9bce6bf4730a9ddcfb2

SHA512
bbd7b460ba66615e04aec92b6742adfc14f896832606ff3ad47d60de58b47bc4aa66371fda57fd18e894f7b066ed4783c26553216a0af7fef0dcdac7b2f02918

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38884e52829615b3b12768bacea3ef85

SHA1
47685c85e5d0e19e64631e54f0b5c317700842c8

SHA256
8e1b248f45c593edbede0b3610527f642bb21d8121fda315641eb21aa28059d6

SHA512
80df123669c1c2686e2aa9f03cb69b346f7888cce59bb37251283bdd8c7d7cf83fda02c766b5039c2733a1745630f5ae17acfa980d6e192708adc859e2e0ae64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81fe65a95795f13ae42da3f121f99b17

SHA1
9b0bece0c5eb4e692c9998fbc9303b53d7cb08cf

SHA256
2ee4e97607078b11a05540d476cccee36295c76760de33a4cdda2a1e30b6f72d

SHA512
1fe008a89eae68d70ec6e93c4fc3289276fac91ce329bdf7b40cc63bcb80b2e48e9acbee5351170c0991bf5c1391c1c75d1c4fd9dc0c63b1277c4d39c723862a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d51f990f4d759774772db107c13dbae

SHA1
d533e9b40e7baff33d7aa0e6b841f6ae00be04f0

SHA256
7d8a4d9cbbc5baa7dfb5a4dd5266fa0b34a70e8db476db9706aebfdb505a99a9

SHA512
2a8a0b5f11c33e678a4dfb36a795be1b0c6b1a6db9832c732f7906fb5fab2c7ad9462198d70f39703561e41c6d1af6da78d9500091bba8d513a9c825e7dbee70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d05b2f4080b21bb220069a9bd70bbed

SHA1
5ad000f33507f6bfbf05c4443c63f5f951824bf0

SHA256
e10cf67b8aaef90334259fd569463e123eb1f7803820372f8d78ceac988e33cb

SHA512
910e6866816fb766e0bbbff339337deba94a20e38374ea1ae884b69e85800cdf6843a9fb9882a4b9ed7771e5693be16706f8f8e7b2f78324112ad5a782469f48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
939c38fac58f58308c8d2c8e24d20817

SHA1
2ef2d5c835d31e9dd4bf9ae4fd8f9e2f9ab0bf3e

SHA256
931aeb6d4e43f737ec741310cb476a323808eb43f00d78347ae84a33d9be84fb

SHA512
129432ed7414a397e82a67b0f3298cd9a22b7159890fe90a09df9b47e165ff862c1fee44133662d0c2884628dcac698ca50b906bd7aabc713e6edaa16e23e37f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b53d94fd3acc3a6a95d114bca1b0948

SHA1
08bc3c39ca362c8679385780eb01a54c6779de2d

SHA256
1d6cb5595a9f52ca6806d17ccee3b9000c6a127942d965a6c63a99550cf85136

SHA512
e05dc47458b9a6336f0ce09a632aa0cc31a37d7040646237d5351e448cf8e42d3e931d1977394a19d09ff95cb94ed9aa82e76cd5a7f0050e8c7dcecc7598ac36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
980B

MD5
b87db283fd0e0dd9d51e9dddb9541282

SHA1
fd0c598cc3d7ede0e9915d09940d1ca1d35f33c9

SHA256
1fd719720f5b1f3eae99f2f19a5c58d51dbd58fb038fb0d82afc134ff060acd1

SHA512
9a90eca36033090e2a3be8804f766e095b8fe3860484ca85ef7200d899c11e2490bbb7fd18099e27c0f9fdd8f965193a87b4281b2d681bbef287e36a6dc2f972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
16KB

MD5
947f8495cf45836427e8b7e4bde9641e

SHA1
669205cd49c2bf3ba36d0111df485e5ddfa4178f

SHA256
d3920f0bba1b035aa7de0334bd3a63ba4a5fd714f80bdc7920d9e9607fa4bdc8

SHA512
62ad865ad92f99d71d33fa939f9025394f65d359c7abb6dcfde289cb62589e2837b4f81bcc673b7a6f80f9a6a5809e397c3bf84b7771db45b2b8c0c8c31f80e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
31KB

MD5
042e8b887bce54c5f67a0d4450ce8e99

SHA1
88e6bfbda0363db370e817569791610ba539c417

SHA256
b7906325071bb353591803de478d97cbf2b907bd52ac3c8b88f37b238acd2f44

SHA512
2f1275ed8a2b2406b21e62494cefbfcf2d20840cf6918a42d1c180f0fe3e21da9a5c565b961b1488d4aa0d02536afcad9826ab19f102b93cd5e90c770c4bc2fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
45KB

MD5
ef31416a3d8e93a1bc88f77c0b51dfb5

SHA1
6e03717ce69a5e95c4b617d3cf96d0bc1f7a753d

SHA256
8a4f7d22bff5cbd46c0cbfd16263f47e302a2c1773c42521d89f90c8d5f2fb90

SHA512
8db25c761824098865890ed25cd06f33ea67b172848dd3ac7590b91f94246f8c7d98c49e99e300dcd03a5d531d1c0a865dbbe6c85662fc70e48c44044129d413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
14KB

MD5
632565896a61d4c6c6d46c97712b637f

SHA1
509ba521a858d553817826cb381ace06eb5dc2e9

SHA256
d6523d097542d140db593dac27a5b2415df33639b51a53a924802e46fd9918a3

SHA512
6a9db91768adfdabe38686cc68995c7ade7638fc03f569fa7667f6f97c1f196d4346d3f6d358ee82fc8ff9d54572260ed65674c9b45d6fab133cb56eb89cca43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
980B

MD5
a36fe52fc7d2b2ec2795ca674bf61d8e

SHA1
81252ea543f93050eba6ea5956150a21c41fb5ed

SHA256
e2e642a0f69a28f463e6a25d5a6f862ada4fa2b1e640a922355333722a2a8103

SHA512
3d87b328982db0e1aefd778e77208445a59c572a489c4068ecf4ae285a72e0fd91202a974eb7c05bb9d38c1d614bd0b706a2bca17f9eae39277b5e01b90e498c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
980B

MD5
49fa292f7fb0bf0cf0d00e5683bd63f5

SHA1
a5264b29eef291454de92e9e75a58f255442fb83

SHA256
87566fac872ba114ae786ef61f097c3a12f30a7be5ebefb257f79725fd5ba773

SHA512
69c9ea291ccd7449021c9de11612d1ea753290f3fcabdf982a71e72cab19b027e9d65d9777695d458609082969e079f70bf0f9e904e43f987b7fb866a50f0e67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
980B

MD5
2ed0a2926408545a6c287093d9656cbc

SHA1
4105ba2beb05091e626745ed29f3d04ec8cc4f7c

SHA256
44c3d64d41091d929475297c8d93fd21c99c0780e250373e7ecfcb8e13b836a1

SHA512
a22a398db7b71fa610f918611d601de900eff276f495185eba4ff3e83edd198a8b15e8f6021cfc36ae49500cfc522a30aa02c50ff228ac3f60ed25cfa24c03b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
980B

MD5
ef1d037af7e770490b055946bc3c39ec

SHA1
902302e7a8daef4eeb606544d6f9877a8c6f6e5b

SHA256
23088f769d9eb028c7ef41cfea43168055ce4b746ae0b566c93f740f5c2e2c61

SHA512
8985134e36531b37f8ddacdafec0ce14dd6a7c043ac48574654690a96147845e358b4e5ef2a131a3875ab3da5b86f1986b96c1abc7c40ef9e33d480aeead11dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
980B

MD5
c6605c0bc92e9df6774ee061762ee068

SHA1
7fd7e148215a198e45bf8d505edc7dadd73ef150

SHA256
31a232add4e5347d48c7cf41b5156dbb587f765fa0285a2775d7d49ebc90d2f6

SHA512
5bc4205fdc04ef558320dc51a5f0ab052ab0a99929fccaea444c9d21eb565d5c74f4fab48e941a37e915cb02b928d09309e31c4d87b29180e2a4d3a0ba80cfd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
229B

MD5
6fff66fff8051c603aeff9680883a8f1

SHA1
18e17805f0970d5b9f308714030385f5291d5e82

SHA256
0096ea15206ca03937684b4b8b6ee417e06659a23fb24c71cd4db5d3347115e4

SHA512
b0ea26ab0c2f4f21c8cb2d82dd0514cbcfe3968a4404f3d4b172c7a71c10a5f40167e6fd9c57c94a3d9f74ab40898214b8dbd182767b72ec4c5fef43f60dcdd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
980B

MD5
3e693468e3cab8f655e8bf25f6f45eb4

SHA1
995cc7242b8ca01d1ae9d183ee9033b5fcd71a26

SHA256
c8d6b05165e52b9de698056b8bab0b3afed9a21a8dd8cf294937d34619dd2be4

SHA512
95308e2ef39bf9246440964bd9311f93be6bcb883687a13145b96e0ab9eb20acc5976b08d863e5557b258a8cc72c8feba81d3b9602d7b09520b74e1bb6340af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
16KB

MD5
6c0db9374b9830408dd0540b158c1d58

SHA1
fc5b44c47b37361582fdb315a3f1639cd60b7b6a

SHA256
7a3356a34d942cd7cd58719875360bca9460da4f7462b61dda311f95922effb7

SHA512
5bbbacbfb1bfbd933bb6a6d2e970c58878000740106b28938dd7aafec791ed71efc21ad0b83cbfa07e97ec5a3046ea99178a59fe04df87338ac3a5396693630f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
981B

MD5
441d5fa69354b11e5ba452e656842acf

SHA1
df3afe02de7d14f35221f5555b4a7a1efbef9ca5

SHA256
4602453fe1b5dbad56a4a8e35d044da7fe72a55376c89c20bff65e81be809751

SHA512
c9d3e956a6f7ea39dc20b31934c88065bfe0b33725673b308998ef484628910f4a2206dc3e4c3ee512c9bb10e3a2d1aa31c16b8b8bb6641b1b4a5a5e061e8a3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
981B

MD5
f6d9cac296c7a19c3945f172697f0e43

SHA1
6744a6a2af7c304aff54d0d9c377a83f0511a52f

SHA256
252b0c9d5e023a0a5afce958231b061ae66096cdac6c097c1100edbdf45bf64e

SHA512
e76fe7f63401ef4a8186112c5b321cb1cd41c3bf8b61e3220ddf9dd03f10128404a467e7eabfbdc73606b94435896e65d9c891af6618bcd9a2ce743b4b1d98d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
981B

MD5
34304692a915a6c03fab43459a56b6d5

SHA1
3a674df6ba614d30a298d00bfd46a4a9ad5bb3d0

SHA256
62f19dfd1ae3cd3c17bb6e8b046adc2c1bf0aa995ecf70c09d4ab0666a8fcbad

SHA512
d637bc6ae45e4997b6745446fb5a2634860e8bfc0173a11bdc1dc3e424923bf545e6f199c4e7e26634ecefe33406c9eebaa8a7e968a6f1b47ef59c9f82b61e3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
981B

MD5
e0f52be4a02b17f59d61693bc5b83dec

SHA1
a73717728b8ff8e00330891c6493dfb889c3bd61

SHA256
c9916901c499d0763af2d20fc06407c76a542e1a6a675c43045b9218c28a193a

SHA512
09dbca5de6e7f0fd7590c8af0c2b664224a40371132d2f2daf817c51706458acc47ba6daab6e4f2015240371171576ec8a37071dc91114be61f79f3fc586084a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
981B

MD5
1d9ae0eb1599a2b3d40718672faba014

SHA1
d5bfe6f0dacdea01e6972cad1111244cddda549a

SHA256
779abb0e16fd819a651eaa6f00088f6b824f0afe88e8e934cec31e976e8b1a0f

SHA512
5adbce5bdc2754cf850d43d555f07b9a3216ba8496c726a311996b008d0e1a7de6dffd75a36d110ffbecd81f990fbdfbb75ab19fbf92b4380ac5632de59b1610

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
16KB

MD5
365402cd8e96200cf650a671c22a0157

SHA1
fa62140b6cdc9f1e8ad5b37222639644cfc1ecba

SHA256
50eb2c1c1db9692c070a2cf8ec224eaa246f048c5353d841a2cac22adae6f4c5

SHA512
247645c2815ac102c4dac101fea0b99f3d9d10d60fbac51efbe8e6c83b22747575075fbcc5144c82b4ab5e3bf16c15c94d9bd1f54a720983b7d709909b7dd3b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
981B

MD5
3f341106c6d389b05e19fde14e8f6284

SHA1
33eabc66c0479af8b8120f1694a69a9d53dc5486

SHA256
7add0bb4361a679fbd7fd93ed7d62c36890f93f8812e766fe84b226ac42df07c

SHA512
1281d815679d7e0f76a96f9e202821b58e2d4ca6efba52691b7c9fe247582c8770d4fb93b27830d249f0369812566ac5b3d23405f235aaab1ca14da7621dad53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
13KB

MD5
c2c11b14e3572c3c61f0cf3ab912f4b7

SHA1
c8c80f0e7801e6943542927713d055522a998866

SHA256
241622c6ed2471b909e815c9b4879a695b415e2638dc2b00d6525f756a323de6

SHA512
cdaad21c6c628a318e22bf5cd71c36bc5314bbf2dad6c0f7680133d0b1b56ed9ae51d881b80aa467e92d51d64a77b283bdace1c5348fb8054a81dacaff9c6735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
398B

MD5
c65ea2e46e811c29c0fb1942c9245cb2

SHA1
5faad773e36946c386e20edd16b0811d6c09b24f

SHA256
ab959de556223c9dfd85d8c1f349100ca4d2bf42f202c99dc76d45164aea0d1a

SHA512
099490405bb6eff3c85e59675a8a6e7ae9dd55b84787916b9147653f857c972fe61b42ca1b369451c138b397e28f1f5f7da96a799f0fe1375f9241ef43c57299

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
572B

MD5
5eacaff9a19fafeea4e26d18c8212eff

SHA1
fe51f1f46e1c522368e001dcf895780e368d456b

SHA256
b3fe7a7552a8ca004b8e7e5fa574f49299b1ff6fceb3cd8e97d2c60fb59d1000

SHA512
74dbfdad1539acd7f8362ff9ef54629a5d875d4abc45bb68d0934e4f38fae4e3162dad3d0f582321c69c194fcc7cb6eba93d8f58825d07e9272d263c7ca556a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
980B

MD5
aa9269c0cf0b7c45c8c09035614ea79d

SHA1
531a087ab06c3972ea3cfcf84d655dd2fd012b07

SHA256
6a0450d97b7611298ff1b2d303bb25a797becb706e2ec12a6255b7c4a0bbfdf8

SHA512
db5f922166eefd57bb8ac69b8c8888bb7f65f783ec06a9a9c75452b4876163339737a7e4961c710cee99706dcd18c31f3bf17e7cb1d6dc8958f6652d6b1744bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
980B

MD5
f10f3947d01e36699f0968b0ba424f6a

SHA1
0a892d932dcd6b9db21b066c311c4fd7147d3f9a

SHA256
85cf4997f83f705186628b39d8f7437c25b226f22fcc70635da7e29aec81aad3

SHA512
3491928ff37ad675f83649d88415df2c6daefb005c84179cd84a9ac8dbc28948ba476a5036a094b8fde0f304b668d08947476b8e4622fd079689a71ca9473040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
766B

MD5
18bd34f1ba7dc466a425fceaadb1149b

SHA1
75a118ec8c9c0e1b1ab815937300ab8d91719db3

SHA256
f4981c020f21722d597a305322d654bd14f791c73072c412c9af0d529d9e9481

SHA512
7ccb5d2f64632f9aee393949370802013887108c556352b4aaf8cf42399a687f3c6a03fcd33bca5a0d1af54e001a8d7c654a489bc989da0d7a96e3ca6f42c428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
980B

MD5
c6f2f4818106c31e3e53766023b006ce

SHA1
e6985ae9d93ebf11524f0e055cb20b6ae95689ed

SHA256
46cf3390ad6cff02d6614ab0c1ff432cb0c0dcf05a8cd2dfc12196b469f6cfcb

SHA512
2a9a8a2dbbd90f50b0fc7621bd3874290a8a9a7ee0dddbfbc502bb3805bd28ce65ea5082c42445a493ab7589dd6f70fcd71fbfce6a68c0e0aa82ee63dbed109a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
980B

MD5
a3ff523d75dd8d84aa4e1c8208375ce0

SHA1
91509192892bcb0c1d7c2e0e9255c9598b92be94

SHA256
b6455cb3a62fb29965a6ffd1e4a0f930c65f7dacc986b0140acdb1d3b60ed5e1

SHA512
7f7007ae75be7ee7233f573ceccd517a74cddb37393e2bcd5f3269b34e642cd17497318d78658a0955d2d63f65812194694c4dca86e2c4da22ce846120e53e08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
13KB

MD5
8ce23b7662dc68bb18142fdca0a82940

SHA1
e73b38480203ef089b75711b1f2100c1f447e04f

SHA256
c579b136602e5a32b966f2af7bf8038fad8a979c564866ed56c1215ec5d984fd

SHA512
aee9274c55cb2e3a44f8217e2fca95ea4038a0ee747cf96cfe714f6e9982a1da7ec36f5751b9e93fc5cd9390a450b50d5aed213fa9d72904c4b2ca90eca8ec77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
980B

MD5
1484b89ea312b71729927fcc551d338d

SHA1
f7caab55daedb411d9f176ffceb669132fea8a1a

SHA256
df6068009a1b44420543c49ed5aeffa84001e4a375c0688db30b25f9bd395217

SHA512
a3932bc239513aa1bd96bfcfe97c2f26e25df7371346e0db3a3be9543a6e0bff5e6366b520c74b01ea43e709eb076e5a5e811fd7564b51f222d11e31ce586905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EZSL0UAP\www.youtube[1].xml

Filesize
980B

MD5
04ad66abe6b8e6f4eb15e287b76d850f

SHA1
fefc1a2aa99968c3f403b502de316ab86a335429

SHA256
7482f01b1318b4b73c5d64654aba09c38d6b3c3dd14a168b83242d5025bbf18b

SHA512
83317d0d3a55e37e729488d21dbc6692c145be4b8be57e9fa238bb02fc56a8e89d146858d4b8d94c2e85f7245700d09a3a2f293a2460377923a3006ad98b7e50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV51DDG5\ad_status[1].js

Filesize
29B

MD5
1fa71744db23d0f8df9cce6719defcb7

SHA1
e4be9b7136697942a036f97cf26ebaf703ad2067

SHA256
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

SHA512
17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\FuC5FHNNqx6hIMPHBLFutNLSO6Lu9zn3BZWWVNvRnX0[1].js

Filesize
52KB

MD5
362511387771cc02e5d769462fbbd6cf

SHA1
70a77448643daa84347b0eb76ba64ab54a5648d8

SHA256
16e0b914734dab1ea120c3c704b16eb4d2d23ba2eef739f705959654dbd19d7d

SHA512
94874f96004e9bbce4b9c32c8941764a60e138614c348923869dc294601ff6c5026999660a3877708242df7f286c744ff7c6ab37c3e9f759d6fa95e52e29fa55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

Filesize
19KB

MD5
de8b7431b74642e830af4d4f4b513ec9

SHA1
f549f1fe8a0b86ef3fbdcb8d508440aff84c385c

SHA256
3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a

SHA512
57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\KFOmCnqEu92Fr1Mu4mxM[1].woff

Filesize
19KB

MD5
bafb105baeb22d965c70fe52ba6b49d9

SHA1
934014cc9bbe5883542be756b3146c05844b254f

SHA256
1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed

SHA512
85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\base[2].js

Filesize
2.5MB

MD5
9178a954abcce420219864651c7787b2

SHA1
f874d3e998441ba6439cfd7e89514facde08cff4

SHA256
40cc1692dd4d8e1c8ed29593ee222240494b872b734c0e31da4628014da7346d

SHA512
927bf88499cdd64ce32f3780a0cfa88b14fdfbeac6a237454dcc43ee5d56b04754a40dbcba402519637ba1a3b0f948a597260a74ddb0b316698a41559d8e1cd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\embed[1].js

Filesize
62KB

MD5
322e970509e24ab233b6c326a9339623

SHA1
10e2ea809ae638d5f32385d05c569922ab19bc17

SHA256
99cbd012a57f19a3fc1b412866ba13d6b9de2a5bb22449dcbf14ec0a88937000

SHA512
8f8bdc9418feed04e6fc7415e9e57f0934a6b136b1a763e0e39f67efa47e004a8c3385105a1c1dd9fa48ada83ac5a2a93940f20a99d6d16722ae903c93d9817c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\remote[2].js

Filesize
117KB

MD5
9a260ebfcd9283c905736047a6710016

SHA1
abf83fabe75adada9ac80f1ea7478541a7af32ae

SHA256
2bb23e82fc1dd04738a92658823f00ba143cade8c16ab948bf7778fa2707e352

SHA512
ea0664517a12754450d940f5dab26e14cd3b6e30219b65354465f13faf59649b709131836c660096244e3188f425de428ef53c1d21bccffcdb707f39479304d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\www-embed-player[2].js

Filesize
323KB

MD5
d2056f8d081fbfffcab81d61ea45b151

SHA1
710243082f40626f64943ad3b656400f444d7130

SHA256
49fa9b168cc8bbc037cf4498e31c355509e9b438b0d19fcf750b1c5fbd1efcaa

SHA512
530ca2c291c44d3d2b5869b0ae661ac047748a5cab50de280a2c8dbd26b52cdd71a906b3730e8a849debece542eb919462a8407ef2410acf28c57d2b6068cc14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\www-player[1].css

Filesize
367KB

MD5
6e076abc1095221e4e3e21dbd9d1db4f

SHA1
e908cc0f7829aea16b42d8fec6aad567c41f587d

SHA256
c7e69ec7e436426c5edb45bb5fdd943623f987ecfdb86413528b596e5b0888e9

SHA512
3ceb46ea8e5d5abca4a1a053f20b38ac6d6c9ee60594da54122f4ff09422495261dc9356d0ed0c240ba44324c37bde120a90655b2ea40556280df674ab44fe2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCD45.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request