6d2202ac2670cbfbb9cba0b13928e1b1c871d6f21f93331c8fa9b49905f33d3e

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 11:42 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8c0867c2641ab4a36fe477fec5eb637_JaffaCakes118.html
Size

175KB
MD5

c8c0867c2641ab4a36fe477fec5eb637
SHA1

ad0c9a7ca706ff2d327a29e39d49e944f696a51b
SHA256

6d2202ac2670cbfbb9cba0b13928e1b1c871d6f21f93331c8fa9b49905f33d3e
SHA512

67d6a1edeb6c1e28065907598047f13d8b8602b9f9bbf045ca6240f5bd8f65ce8efe0d415043acf58fc73ba161aae34cbe84ef78c6822e7ddb7ed09a6d57daca
SSDEEP

1536:SqtO8gd8Wu8pI8Cd8hd8dQgbH//WoS3JGNkF6YfBCJiZP+aeTH+WK/Lf1/hpnVSV:SaCT3J/F7BCJi2B

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "400"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D1CAA4D1-65FB-11EF-A87C-F67F0CB12BFA} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19225"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "15699"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "28472"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9859"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "15699"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19106"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "7993"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "400"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "400"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "288"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "28472"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9947"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "7911"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "7911"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "288"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "7987"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c00000000020000000000106600000001000020000000e1d712551b1ac944469edfff888a5a7ca4a55683db6173ffb5dd36c053466443000000000e80000000020000200000003a6b391ebd418d8e111e6023b3977f5dd274f97b56b9c899fb56fd93ea52774c90000000c10e4663372ec218fafb6158d8172ad1e27242c8e32e87844052a163f1210123ba8439a546a2ab6e3567f5c45527492a0188fb26f7a69bc048cb7e0d6a992e203fd7969f04088d5b3555c9c6f1419bdccc7a230b0b754733333a5e2bf391dd3b80ea4a2a8303a66701f6082f5b8f739f25c05279c7eaa36326e6256ab2770b61ec41562cc49e359420f6818ef7ace88b40000000fad2015d2b95efe3a663597aa255db22f1c754c40f27b5c482817fad6caef0d7b67edfe58ecb7005b192c2507fc406e43685c1b5d9864be676e17218a2221b8a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19313"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c0000000002000000000010660000000100002000000096322e6615878a3828be72afbd97331124674f4f26c3f66048952988b919944a000000000e80000000020000200000003a2a2dee6c4678d38ccffa265c3e987f38f23084b4468ddbe23efdd306589e4020000000a0c20af9deb02bbbc94722b9a8ec07df555bb19641b76020a82bc10b358422264000000011983504137b955d1b7d80976c0decdba2d5b2f1bafa6cc420294399446d3e696d9cc9fd37a1ea4edeaa069045ccb82963954ab7ca257eef93fc4d866bfc05b0	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30690faa08fada01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19307"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19106"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "7999"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9947"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19313"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "28472"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3048	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3048	iexplore.exe
3048	iexplore.exe
2768	IEXPLORE.EXE
2768	IEXPLORE.EXE
2768	IEXPLORE.EXE
2768	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2768	3048	iexplore.exe	31
PID 3048 wrote to memory of 2768	3048	iexplore.exe	31
PID 3048 wrote to memory of 2768	3048	iexplore.exe	31
PID 3048 wrote to memory of 2768	3048	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c8c0867c2641ab4a36fe477fec5eb637_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2768

Network

DNS

www.konthaiusa.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.konthaiusa.com

IN A

Response
GET

http://fonts.googleapis.com/css?family=Arial

IEXPLORE.EXE

Remote address:

216.58.204.74:80

Request

GET /css?family=Arial HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 29 Aug 2024 11:42:52 GMT
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
DNS

www.youtube.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

216.58.212.206

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

172.217.169.14

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

216.58.212.238

youtube-ui.l.google.com

IN A

172.217.169.46

youtube-ui.l.google.com

IN A

172.217.169.78
DNS

www.facebook.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.221.35
DNS

ocsp.digicert.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.digicert.com

IN A

Response

ocsp.digicert.com

IN CNAME

ocsp.edge.digicert.com

ocsp.edge.digicert.com

IN CNAME

fp2e7a.wpc.2be4.phicdn.net

fp2e7a.wpc.2be4.phicdn.net

IN CNAME

fp2e7a.wpc.phicdn.net

fp2e7a.wpc.phicdn.net

IN A

192.229.221.95
GET

http://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.200.14:80

Request

GET /embed/ygK7kej0BPA?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 29 Aug 2024 11:42:52 GMT
Location: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.200.14:80

Request

GET /embed/ywSeSlVcY4w?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 29 Aug 2024 11:42:52 GMT
Location: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.200.14:80

Request

GET /embed/evMR3wn1LGk?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 29 Aug 2024 11:42:52 GMT
Location: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.200.14:80

Request

GET /embed/QMECDnECjJM?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 29 Aug 2024 11:42:52 GMT
Location: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.200.14:80

Request

GET /embed/gS2GhpTPLvQ?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 29 Aug 2024 11:42:52 GMT
Location: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

IEXPLORE.EXE

Remote address:

157.240.221.35:80

Request

GET /plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.facebook.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Content-Type: text/plain
Server: proxygen-bolt
Date: Thu, 29 Aug 2024 11:42:52 GMT
Connection: keep-alive
Content-Length: 0
GET

https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

IEXPLORE.EXE

Remote address:

157.240.221.35:443

Request

GET /plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.facebook.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7408525554240480449", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7408525554240480449"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none;report-to="coop_report"
Pragma: no-cache
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Strict-Transport-Security: max-age=15552000; preload
Content-Type: text/html; charset="utf-8"
X-FB-Debug: rWfPVfHMXYnJZWwMopE/rmfthOEAfYGTQoV7bbxQKXJXwsYtI8ZF0ldNuR4YLIs68QYXbAHZ/HLvg+bnBGEW9w==
x-fb-server-load: 30
Date: Thu, 29 Aug 2024 11:42:53 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=48, rtx=1, c=10, mss=1357, tbw=3221, tp=-1, tpl=-1, uplat=128, ullat=0
Alt-Svc: h3=":443"; ma=86400
Transfer-Encoding: chunked
Connection: keep-alive
GET

https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /embed/gS2GhpTPLvQ?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 29 Aug 2024 11:42:53 GMT
Strict-Transport-Security: max-age=31536000
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
Cross-Origin-Resource-Policy: cross-origin
Content-Security-Policy: require-trusted-types-for 'script'
Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
Set-Cookie: YSC=oXo_uiGm18U; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_INFO1_LIVE=WaHvQ5GSGAA; Domain=.youtube.com; Expires=Tue, 25-Feb-2025 11:42:53 GMT; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgTA%3D%3D; Domain=.youtube.com; Expires=Tue, 25-Feb-2025 11:42:53 GMT; Path=/; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /embed/QMECDnECjJM?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 29 Aug 2024 11:42:53 GMT
Strict-Transport-Security: max-age=31536000
Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
Content-Security-Policy: require-trusted-types-for 'script'
Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
Cross-Origin-Resource-Policy: cross-origin
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
Set-Cookie: YSC=yKF5iiY0Tug; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_INFO1_LIVE=C1rUDy19fV8; Domain=.youtube.com; Expires=Tue, 25-Feb-2025 11:42:53 GMT; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgPQ%3D%3D; Domain=.youtube.com; Expires=Tue, 25-Feb-2025 11:42:53 GMT; Path=/; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1724931777857
Content-Type: application/json
X-Goog-Visitor-Id: CgtqamJYd0pleFJLTSi9vcG2BjIKCgJHQhIEGgAgOg%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240826.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1724931773228&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12402%2C0%2C62%2C1280%2C%2C1280%2C626%2C280%2C200&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 7555
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=WJrzRfp6aYc; VISITOR_INFO1_LIVE=jjbXwJexRKM; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgPQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Thu, 29 Aug 2024 11:42:59 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1724931780118
Content-Type: application/json
X-Goog-Visitor-Id: CgtXYUh2UTVHU0dBQSi9vcG2BjIKCgJHQhIEGgAgTA%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240826.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1724931773205&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12794%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 9215
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=WJrzRfp6aYc; VISITOR_INFO1_LIVE=jjbXwJexRKM; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgPQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Thu, 29 Aug 2024 11:43:01 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /embed/evMR3wn1LGk?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 29 Aug 2024 11:42:53 GMT
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: require-trusted-types-for 'script'
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
Cross-Origin-Resource-Policy: cross-origin
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
Set-Cookie: YSC=_30PiUqfkiM; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_INFO1_LIVE=q3-5-1ZwZd0; Domain=.youtube.com; Expires=Tue, 25-Feb-2025 11:42:53 GMT; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgQw%3D%3D; Domain=.youtube.com; Expires=Tue, 25-Feb-2025 11:42:53 GMT; Path=/; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/s/player/3abab6ef/player_ias.vflset/en_US/base.js

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /s/player/3abab6ef/player_ias.vflset/en_US/base.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=WJrzRfp6aYc; VISITOR_INFO1_LIVE=jjbXwJexRKM; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgPQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Encoding: gzip
Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 771625
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 29 Aug 2024 02:43:41 GMT
Expires: Fri, 29 Aug 2025 02:43:41 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 27 Aug 2024 04:16:51 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 32353
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/api/stats/qoe?cpn=B5PxACj8KSTnqaQk&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C60172%2C67154%2C26443548%2C7111%2C24166%2C12177%2C9954%2C1192%2C8253%2C25209%2C2%2C2870%2C14898%2C29151%2C2197%2C9996%2C1103%2C6953%2C11044%2C502%2C1969%2C7546%2C17801%2C12945%2C812%2C10264%2C2%2C2126%2C1336%2C1870%2C2335%2C1823%2C3186%2C2912%2C4794%2C5%2C7%2C3%2C1020%2C1739%2C328%2C14%2C3826%2C5%2C403%2C648%2C934%2C791%2C11629%2C1170%2C134%2C279%2C5088&cl=667805124&seq=1&event=streamingstats&docid=evMR3wn1LGk&qclc=ChBCNVB4QUNqOEtTVG5xYVFrEAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240826.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.002:ER&cmt=0.002:0.000,0.002:0.000&error=0.002:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.002:0&bh=0.002:0.000

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

POST /api/stats/qoe?cpn=B5PxACj8KSTnqaQk&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C60172%2C67154%2C26443548%2C7111%2C24166%2C12177%2C9954%2C1192%2C8253%2C25209%2C2%2C2870%2C14898%2C29151%2C2197%2C9996%2C1103%2C6953%2C11044%2C502%2C1969%2C7546%2C17801%2C12945%2C812%2C10264%2C2%2C2126%2C1336%2C1870%2C2335%2C1823%2C3186%2C2912%2C4794%2C5%2C7%2C3%2C1020%2C1739%2C328%2C14%2C3826%2C5%2C403%2C648%2C934%2C791%2C11629%2C1170%2C134%2C279%2C5088&cl=667805124&seq=1&event=streamingstats&docid=evMR3wn1LGk&qclc=ChBCNVB4QUNqOEtTVG5xYVFrEAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240826.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.002:ER&cmt=0.002:0.000,0.002:0.000&error=0.002:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.002:0&bh=0.002:0.000 HTTP/1.1
Accept: */*
X-Goog-Visitor-Id: CgtxMy01LTFad1pkMCi9vcG2BjIKCgJHQhIEGgAgQw%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240826.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1724931773929&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C1524%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C590%2C250&vis=1&wgl=true&ca_type=image
Content-Type: application/x-www-form-urlencoded
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 226
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=WJrzRfp6aYc; VISITOR_INFO1_LIVE=jjbXwJexRKM; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgPQ%3D%3D

Response

HTTP/1.1 204 No Content

Content-Type: text/html; charset=UTF-8
Date: Thu, 29 Aug 2024 11:42:59 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: Video Stats Server
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /embed/ygK7kej0BPA?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 29 Aug 2024 11:42:53 GMT
Strict-Transport-Security: max-age=31536000
Cross-Origin-Resource-Policy: cross-origin
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
Content-Security-Policy-Report-Only: base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';report-uri /cspreport/common;script-src 'nonce-gAbvVqSfA20vedMx9hoEhQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';style-src https: 'unsafe-inline'
Content-Security-Policy: require-trusted-types-for 'script'
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
Set-Cookie: YSC=WJrzRfp6aYc; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_INFO1_LIVE=jjbXwJexRKM; Domain=.youtube.com; Expires=Tue, 25-Feb-2025 11:42:53 GMT; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgOg%3D%3D; Domain=.youtube.com; Expires=Tue, 25-Feb-2025 11:42:53 GMT; Path=/; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1724931777846
Content-Type: application/json
X-Goog-Visitor-Id: CgtxMy01LTFad1pkMCi9vcG2BjIKCgJHQhIEGgAgQw%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240826.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1724931773191&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C1532%2C0%2C62%2C1280%2C%2C1280%2C626%2C590%2C250&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 7561
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=WJrzRfp6aYc; VISITOR_INFO1_LIVE=jjbXwJexRKM; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgPQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Thu, 29 Aug 2024 11:42:59 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1724931780135
Content-Type: application/json
X-Goog-Visitor-Id: CgtDMXJVRHkxOWZWOCi9vcG2BjIKCgJHQhIEGgAgPQ%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240826.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1724931773249&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12594%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 9014
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=WJrzRfp6aYc; VISITOR_INFO1_LIVE=jjbXwJexRKM; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgPQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Thu, 29 Aug 2024 11:43:01 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1724931781028
Content-Type: application/json
X-Goog-Visitor-Id: CgtqamJYd0pleFJLTSi9vcG2BjIKCgJHQhIEGgAgOg%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240826.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1724931774363&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12394%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 2563
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=WJrzRfp6aYc; VISITOR_INFO1_LIVE=jjbXwJexRKM; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgPQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Thu, 29 Aug 2024 11:43:02 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /embed/ywSeSlVcY4w?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 29 Aug 2024 11:42:53 GMT
Strict-Transport-Security: max-age=31536000
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
Cross-Origin-Resource-Policy: cross-origin
Content-Security-Policy: require-trusted-types-for 'script'
Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
Content-Security-Policy-Report-Only: base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';report-uri /cspreport/common;script-src 'nonce-MtdPo2bAVnHzQA5mqLjQNg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';style-src https: 'unsafe-inline'
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
Set-Cookie: YSC=zr68iav4F-0; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_INFO1_LIVE=qXVrCcZXZAQ; Domain=.youtube.com; Expires=Tue, 25-Feb-2025 11:42:53 GMT; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgPA%3D%3D; Domain=.youtube.com; Expires=Tue, 25-Feb-2025 11:42:53 GMT; Path=/; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/s/player/3abab6ef/www-player.css

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /s/player/3abab6ef/www-player.css HTTP/1.1
Accept: text/css, */*
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=zr68iav4F-0; VISITOR_INFO1_LIVE=qXVrCcZXZAQ; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgPA%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 59801
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 28 Aug 2024 20:51:53 GMT
Expires: Thu, 28 Aug 2025 20:51:53 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 27 Aug 2024 04:16:51 GMT
Content-Type: text/css
Vary: Accept-Encoding, Origin
Age: 53461
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/3abab6ef/player_ias.vflset/en_US/embed.js

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /s/player/3abab6ef/player_ias.vflset/en_US/embed.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=WJrzRfp6aYc; VISITOR_INFO1_LIVE=jjbXwJexRKM; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgPQ%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 23561
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 28 Aug 2024 16:03:38 GMT
Expires: Thu, 28 Aug 2025 16:03:38 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 27 Aug 2024 04:16:51 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 70759
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/3abab6ef/player_ias.vflset/en_US/remote.js

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /s/player/3abab6ef/player_ias.vflset/en_US/remote.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=WJrzRfp6aYc; VISITOR_INFO1_LIVE=jjbXwJexRKM; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgPQ%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 39276
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 29 Aug 2024 09:14:16 GMT
Expires: Fri, 29 Aug 2025 09:14:16 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 27 Aug 2024 04:16:51 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 8922
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/api/stats/qoe?cpn=8_OhLPFJ0qhnveEQ&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C127326%2C26443548%2C7111%2C24166%2C12177%2C9954%2C1192%2C8253%2C25209%2C2%2C17768%2C29151%2C2197%2C8639%2C1357%2C1103%2C6953%2C11044%2C502%2C1969%2C7546%2C17801%2C4164%2C8781%2C5698%2C5378%2C2%2C2126%2C1336%2C1517%2C2687%2C1%2C1823%2C3186%2C2912%2C4794%2C5%2C7%2C2%2C1021%2C1740%2C59%2C268%2C13%2C3804%2C23%2C4%2C404%2C648%2C1120%2C605%2C11629%2C1170%2C133%2C280&cl=667805124&seq=1&event=streamingstats&docid=QMECDnECjJM&qclc=ChA4X09oTFBGSjBxaG52ZUVREAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240826.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

POST /api/stats/qoe?cpn=8_OhLPFJ0qhnveEQ&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C127326%2C26443548%2C7111%2C24166%2C12177%2C9954%2C1192%2C8253%2C25209%2C2%2C17768%2C29151%2C2197%2C8639%2C1357%2C1103%2C6953%2C11044%2C502%2C1969%2C7546%2C17801%2C4164%2C8781%2C5698%2C5378%2C2%2C2126%2C1336%2C1517%2C2687%2C1%2C1823%2C3186%2C2912%2C4794%2C5%2C7%2C2%2C1021%2C1740%2C59%2C268%2C13%2C3804%2C23%2C4%2C404%2C648%2C1120%2C605%2C11629%2C1170%2C133%2C280&cl=667805124&seq=1&event=streamingstats&docid=QMECDnECjJM&qclc=ChA4X09oTFBGSjBxaG52ZUVREAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240826.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000 HTTP/1.1
Accept: */*
X-Goog-Visitor-Id: CgtDMXJVRHkxOWZWOCi9vcG2BjIKCgJHQhIEGgAgPQ%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240826.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1724931775894&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12602%2C0%2C62%2C1280%2C%2C1280%2C626%2C280%2C200&vis=1&wgl=true&ca_type=image
Content-Type: application/x-www-form-urlencoded
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 226
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=WJrzRfp6aYc; VISITOR_INFO1_LIVE=jjbXwJexRKM; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgPQ%3D%3D

Response

HTTP/1.1 204 No Content

Content-Type: text/html; charset=UTF-8
Date: Thu, 29 Aug 2024 11:42:59 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: Video Stats Server
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://www.google-analytics.com/ga.js

IEXPLORE.EXE

Remote address:

216.58.201.110:80

Request

GET /ga.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google-analytics.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Thu, 29 Aug 2024 11:41:01 GMT
Expires: Thu, 29 Aug 2024 13:41:01 GMT
Cache-Control: public, max-age=7200
Age: 112
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 29 Aug 2024 11:25:33 GMT
Expires: Thu, 29 Aug 2024 12:15:33 GMT
Cache-Control: public, max-age=3000
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
Age: 1040
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 29 Aug 2024 11:25:33 GMT
Expires: Thu, 29 Aug 2024 12:15:33 GMT
Cache-Control: public, max-age=3000
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
Age: 1040
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 29 Aug 2024 11:25:33 GMT
Expires: Thu, 29 Aug 2024 12:15:33 GMT
Cache-Control: public, max-age=3000
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
Age: 1040
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 29 Aug 2024 11:25:33 GMT
Expires: Thu, 29 Aug 2024 12:15:33 GMT
Cache-Control: public, max-age=3000
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
Age: 1040
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 29 Aug 2024 11:25:33 GMT
Expires: Thu, 29 Aug 2024 12:15:33 GMT
Cache-Control: public, max-age=3000
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
Age: 1040
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHGN%2BKTRSIp4CcztJxB9gYQ%3D

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHGN%2BKTRSIp4CcztJxB9gYQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Thu, 29 Aug 2024 11:05:34 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2239
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDAezvzBOn2FxIghPLaMkP6

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDAezvzBOn2FxIghPLaMkP6 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Thu, 29 Aug 2024 10:48:25 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 3269
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCjHbN8Q48ByBJsBZfEZOeO

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCjHbN8Q48ByBJsBZfEZOeO HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Thu, 29 Aug 2024 11:16:22 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1594
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHM9QmVn2rE0CqmPuQDOLLc%3D

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHM9QmVn2rE0CqmPuQDOLLc%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Thu, 29 Aug 2024 11:31:04 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 713
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHGN%2BKTRSIp4CcztJxB9gYQ%3D

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHGN%2BKTRSIp4CcztJxB9gYQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Thu, 29 Aug 2024 11:05:34 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2239
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDAezvzBOn2FxIghPLaMkP6

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDAezvzBOn2FxIghPLaMkP6 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Thu, 29 Aug 2024 10:48:25 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 3269
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCAK7VcV80VuQoo1MUTK%2FRa

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCAK7VcV80VuQoo1MUTK%2FRa HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Thu, 29 Aug 2024 11:35:19 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 456
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEGSmfK2o2tshCmPh6FdfeUg%3D

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEGSmfK2o2tshCmPh6FdfeUg%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Thu, 29 Aug 2024 11:11:24 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1892
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHGN%2BKTRSIp4CcztJxB9gYQ%3D

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHGN%2BKTRSIp4CcztJxB9gYQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Thu, 29 Aug 2024 11:05:34 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2239
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHvQOfnMl3BnEBjGqYCOwmQ%3D

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHvQOfnMl3BnEBjGqYCOwmQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Thu, 29 Aug 2024 11:12:50 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1805
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACECwirpsBitH3EpQ2KzZtJ4U%3D

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACECwirpsBitH3EpQ2KzZtJ4U%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Thu, 29 Aug 2024 11:33:34 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 562
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHM9QmVn2rE0CqmPuQDOLLc%3D

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHM9QmVn2rE0CqmPuQDOLLc%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Thu, 29 Aug 2024 11:31:04 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 713
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHGN%2BKTRSIp4CcztJxB9gYQ%3D

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHGN%2BKTRSIp4CcztJxB9gYQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Thu, 29 Aug 2024 11:05:34 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2239
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCAK7VcV80VuQoo1MUTK%2FRa

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCAK7VcV80VuQoo1MUTK%2FRa HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Thu, 29 Aug 2024 11:35:19 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 456
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACECwirpsBitH3EpQ2KzZtJ4U%3D

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACECwirpsBitH3EpQ2KzZtJ4U%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Thu, 29 Aug 2024 11:33:34 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 562
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHGN%2BKTRSIp4CcztJxB9gYQ%3D

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHGN%2BKTRSIp4CcztJxB9gYQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Thu, 29 Aug 2024 11:05:34 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2239
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHvQOfnMl3BnEBjGqYCOwmQ%3D

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHvQOfnMl3BnEBjGqYCOwmQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Thu, 29 Aug 2024 11:12:50 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1805
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEGSmfK2o2tshCmPh6FdfeUg%3D

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEGSmfK2o2tshCmPh6FdfeUg%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Thu, 29 Aug 2024 11:11:24 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1892
GET

https://www.youtube.com/s/player/3abab6ef/www-embed-player.vflset/www-embed-player.js

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /s/player/3abab6ef/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=WJrzRfp6aYc; VISITOR_INFO1_LIVE=jjbXwJexRKM; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgPQ%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 117635
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 29 Aug 2024 02:52:48 GMT
Expires: Fri, 29 Aug 2025 02:52:48 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 27 Aug 2024 04:16:51 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 31806
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/3abab6ef/player_ias.vflset/en_US/embed.js

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /s/player/3abab6ef/player_ias.vflset/en_US/embed.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=WJrzRfp6aYc; VISITOR_INFO1_LIVE=jjbXwJexRKM; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgPQ%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 23561
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 28 Aug 2024 16:03:38 GMT
Expires: Thu, 28 Aug 2025 16:03:38 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 27 Aug 2024 04:16:51 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 70758
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/3abab6ef/player_ias.vflset/en_US/remote.js

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /s/player/3abab6ef/player_ias.vflset/en_US/remote.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=WJrzRfp6aYc; VISITOR_INFO1_LIVE=jjbXwJexRKM; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgPQ%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 39276
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 29 Aug 2024 09:14:16 GMT
Expires: Fri, 29 Aug 2025 09:14:16 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 27 Aug 2024 04:16:51 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 8920
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/api/stats/qoe?cpn=cjJnu0m_cGZetlta&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C127326%2C26443548%2C7111%2C24166%2C12177%2C9954%2C1192%2C33462%2C2%2C17768%2C29151%2C2197%2C9996%2C1103%2C6953%2C11044%2C502%2C1969%2C7546%2C12724%2C5077%2C12945%2C5698%2C4319%2C1059%2C2%2C2126%2C1336%2C4205%2C1823%2C3186%2C2912%2C4795%2C3%2C9%2C1%2C1021%2C1739%2C328%2C13%2C142%2C3686%2C4%2C403%2C648%2C8523%2C4831%2C1171%2C132%2C280%2C3855%2C6076&cl=667805124&seq=1&event=streamingstats&docid=ywSeSlVcY4w&qclc=ChBjakpudTBtX2NHWmV0bHRhEAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240826.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

POST /api/stats/qoe?cpn=cjJnu0m_cGZetlta&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C127326%2C26443548%2C7111%2C24166%2C12177%2C9954%2C1192%2C33462%2C2%2C17768%2C29151%2C2197%2C9996%2C1103%2C6953%2C11044%2C502%2C1969%2C7546%2C12724%2C5077%2C12945%2C5698%2C4319%2C1059%2C2%2C2126%2C1336%2C4205%2C1823%2C3186%2C2912%2C4795%2C3%2C9%2C1%2C1021%2C1739%2C328%2C13%2C142%2C3686%2C4%2C403%2C648%2C8523%2C4831%2C1171%2C132%2C280%2C3855%2C6076&cl=667805124&seq=1&event=streamingstats&docid=ywSeSlVcY4w&qclc=ChBjakpudTBtX2NHWmV0bHRhEAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240826.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000 HTTP/1.1
Accept: */*
X-Goog-Visitor-Id: CgtxWFZyQ2NaWFpBUSi9vcG2BjIKCgJHQhIEGgAgPA%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240826.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1724931773726&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C13002%2C0%2C62%2C1280%2C%2C1280%2C626%2C280%2C200&vis=1&wgl=true&ca_type=image
Content-Type: application/x-www-form-urlencoded
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 226
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=WJrzRfp6aYc; VISITOR_INFO1_LIVE=jjbXwJexRKM; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgPQ%3D%3D

Response

HTTP/1.1 204 No Content

Content-Type: text/html; charset=UTF-8
Date: Thu, 29 Aug 2024 11:42:59 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: Video Stats Server
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/generate_204?aKv0oQ

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /generate_204?aKv0oQ HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=WJrzRfp6aYc; VISITOR_INFO1_LIVE=jjbXwJexRKM; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgPQ%3D%3D

Response

HTTP/1.1 204 No Content

Content-Length: 0
Cross-Origin-Resource-Policy: cross-origin
Date: Thu, 29 Aug 2024 11:42:59 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/generate_204?HugfCw

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /generate_204?HugfCw HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=WJrzRfp6aYc; VISITOR_INFO1_LIVE=jjbXwJexRKM; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgPQ%3D%3D

Response

HTTP/1.1 204 No Content

Content-Length: 0
Cross-Origin-Resource-Policy: cross-origin
Date: Thu, 29 Aug 2024 11:42:59 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1724931780098
Content-Type: application/json
X-Goog-Visitor-Id: CgtxWFZyQ2NaWFpBUSi9vcG2BjIKCgJHQhIEGgAgPA%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240826.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1724931773151&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12994%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 9299
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=WJrzRfp6aYc; VISITOR_INFO1_LIVE=jjbXwJexRKM; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgPQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Thu, 29 Aug 2024 11:43:01 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1724931780996
Content-Type: application/json
X-Goog-Visitor-Id: CgtxMy01LTFad1pkMCi9vcG2BjIKCgJHQhIEGgAgQw%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240826.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1724931773929&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C1524%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C590%2C250&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 2774
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=WJrzRfp6aYc; VISITOR_INFO1_LIVE=jjbXwJexRKM; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgPQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Thu, 29 Aug 2024 11:43:02 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

static.xx.fbcdn.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.xx.fbcdn.net

IN A

Response

static.xx.fbcdn.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

157.240.221.16
DNS

scontent.xx.fbcdn.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

scontent.xx.fbcdn.net

IN A

Response

scontent.xx.fbcdn.net

IN A

157.240.221.16
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/Zi20d5DVxmM.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

157.240.221.16:443

Request

GET /rsrc.php/v3/y1/r/Zi20d5DVxmM.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Thu, 28 Aug 2025 04:05:03 GMT
Cache-Control: public,max-age=31536000,immutable
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
x-ua-compatible: IE=edge
origin-agent-cluster: ?1
content-md5: 2HuG+Bpzr7yjdxCt3Tr5Hw==
X-FB-Debug: AZMTvURfdGqH19SUKLw6cv03Dae6GMlrLUmTWUoE8VobwKCnAgOQo1gjUTb6O3h+fQ8zC79L9xoYL/FAYZTpcA==
x-fb-server-load: 18
Date: Thu, 29 Aug 2024 11:42:54 GMT
X-FB-Connection-Quality: GOOD; q=0.7, rtt=50, rtx=0, c=14, mss=1357, tbw=3223, tp=-1, tpl=-1, uplat=2, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 118461
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yf/r/Dpom1HQzAgH.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

157.240.221.16:443

Request

GET /rsrc.php/v3/yf/r/Dpom1HQzAgH.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Wed, 27 Aug 2025 22:00:26 GMT
Cache-Control: public,max-age=31536000,immutable
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
origin-agent-cluster: ?1
content-md5: GqRmoa57XS7r4stkN2brSA==
X-FB-Debug: AqKR6Db250UhYoPCJZVScy52D/CRmvJihQzOsEu6X/GJ9Pv74VhFmvpillWN6HV5F7yFdZnnB7hgOX57copz1Q==
x-fb-server-load: 23
Date: Thu, 29 Aug 2024 11:42:59 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=49, rtx=0, c=105, mss=1357, tbw=124272, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 69016
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yx/l/0,cross/MEtExguyptz.css?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

157.240.221.16:443

Request

GET /rsrc.php/v3/yx/l/0,cross/MEtExguyptz.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: text/css, */*
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Wed, 20 Aug 2025 18:08:11 GMT
Cache-Control: public,max-age=31536000,immutable
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
x-ua-compatible: IE=edge
origin-agent-cluster: ?1
content-md5: TrG038E61eomy8gCWsSSrg==
X-FB-Debug: oo2wndlacy6nO41sdqX5sO/66lPIfcK8KASRZlaQde4bE/ZElKs4H3jthiJZgzL92dlKTreb1cXv2cNjBgiv/A==
x-fb-server-load: 30
Date: Thu, 29 Aug 2024 11:42:54 GMT
X-FB-Connection-Quality: GOOD; q=0.7, rtt=50, rtx=0, c=14, mss=1357, tbw=3221, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 6024
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/dXk5exdOVhk.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

157.240.221.16:443

Request

GET /rsrc.php/v3/y1/r/dXk5exdOVhk.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Fri, 22 Aug 2025 08:52:58 GMT
Cache-Control: public,max-age=31536000,immutable
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
origin-agent-cluster: ?1
content-md5: ivkhXUQG4wQzNqI4NjhapA==
X-FB-Debug: 9xbDLzSKU31RjCTi/QsUjAB4E0AhCKOJJ34+0965mrwIuu0Nh5nV1i+9+1E7JWWAYAEGmX5LjIoedLSRvvwN6Q==
x-fb-server-load: 32
Date: Thu, 29 Aug 2024 11:42:54 GMT
X-FB-Connection-Quality: GOOD; q=0.7, rtt=50, rtx=0, c=21, mss=1357, tbw=11388, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 302
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/o1ndYS2og_B.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

157.240.221.16:443

Request

GET /rsrc.php/v3/y1/r/o1ndYS2og_B.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Fri, 22 Aug 2025 19:59:14 GMT
Cache-Control: public,max-age=31536000,immutable
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
origin-agent-cluster: ?1
content-md5: +XuRV7TCFgdTr4rntoaKNw==
X-FB-Debug: 2XVBc2hYui0uWIIGapZ/W7VdBwB1Ub3gOJwGhrly/AMTF9zsp8kLwXsHSZIVtCbV2UwN7M44dGiWWCq3Q4ioMA==
x-fb-server-load: 36
Date: Thu, 29 Aug 2024 11:42:54 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=49, rtx=0, c=14, mss=1357, tbw=3223, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 2348
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

157.240.221.16:443

Request

GET /rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Sat, 23 Aug 2025 14:26:47 GMT
Cache-Control: public,max-age=31536000,immutable
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
origin-agent-cluster: ?1
content-md5: PCil07El4hl7RdWxcVlVHw==
X-FB-Debug: UFq4fkNt/Kk02lDaDaMnSFFp7J8UlNuQXo2pYLzC1LSWNyyPn1PDDqHof9qSXvSbwFSuFpY290w/I3TgXKZCRQ==
x-fb-server-load: 35
Date: Thu, 29 Aug 2024 11:42:54 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=49, rtx=0, c=19, mss=1357, tbw=7709, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 333
GET

https://static.xx.fbcdn.net/rsrc.php/v3issO4/yA/l/en_GB/pLoSlJD7y1F.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

157.240.221.16:443

Request

GET /rsrc.php/v3issO4/yA/l/en_GB/pLoSlJD7y1F.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Fri, 29 Aug 2025 09:58:51 GMT
Cache-Control: public,max-age=31536000,immutable
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
origin-agent-cluster: ?1
content-md5: BXtkWzgo8lyqF1Lj4XfyGg==
X-FB-Debug: nkjp8S5fcbjC4GeyA/MkPRn7SJngcZc2Bj/Cht7NzoWxSGlOONicqX3fuw0ry9guSqHTJKGIW4etpAV+xlW++w==
x-fb-server-load: 12
Date: Thu, 29 Aug 2024 11:42:54 GMT
X-FB-Connection-Quality: GOOD; q=0.7, rtt=50, rtx=0, c=14, mss=1357, tbw=3221, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 28907
GET

https://static.xx.fbcdn.net/rsrc.php/v3ij9m4/yU/l/en_GB/Mw5y7Z3v-mj.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

157.240.221.16:443

Request

GET /rsrc.php/v3ij9m4/yU/l/en_GB/Mw5y7Z3v-mj.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Fri, 29 Aug 2025 10:03:51 GMT
Cache-Control: public,max-age=31536000,immutable
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
origin-agent-cluster: ?1
content-md5: mfGbPGQiyo1NK3XzFc9zTw==
X-FB-Debug: 0igUyyLDPiYVFkZYaA0XVerug0xxQUTDMsxfXDof/PsCOw69hOyd/qe0Tm//HgRU4PYxga872eT7LRM3XYIWGw==
x-fb-server-load: 23
Date: Thu, 29 Aug 2024 11:42:54 GMT
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=49, rtx=0, c=14, mss=1357, tbw=3222, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 28905
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yV/r/Glud--w-qOK.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

157.240.221.16:443

Request

GET /rsrc.php/v3/yV/r/Glud--w-qOK.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Sat, 23 Aug 2025 20:54:16 GMT
Cache-Control: public,max-age=31536000,immutable
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
origin-agent-cluster: ?1
content-md5: amwV/kzpjA3lcdYoUHwzSg==
X-FB-Debug: N4Zx5687Wb0/kSV9x9S0UXAs6xzLespjyhntc9dsTKXeNv1fuQz8s0/yKStdSBEdI1kHEzeS4qtqfHN9BGZZRg==
x-fb-server-load: 17
Date: Thu, 29 Aug 2024 11:42:54 GMT
X-FB-Connection-Quality: GOOD; q=0.7, rtt=52, rtx=0, c=14, mss=1357, tbw=3223, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 11620
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yc/r/POPhtNuypTE.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

157.240.221.16:443

Request

GET /rsrc.php/v3/yc/r/POPhtNuypTE.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Wed, 27 Aug 2025 17:07:36 GMT
Cache-Control: public,max-age=31536000,immutable
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
origin-agent-cluster: ?1
content-md5: nM9afkc803Tnh1KGf/zIwA==
X-FB-Debug: 7TF+vhD7MgFPwpegXYoVVsO8Oxaj4Evg66odSB4CEA7v+rKU8MgHehxTNC9rlpnHnzQcfsSCx6p+7FiDjcTq7g==
x-fb-server-load: 47
Date: Thu, 29 Aug 2024 11:42:54 GMT
X-FB-Connection-Quality: GOOD; q=0.7, rtt=50, rtx=0, c=25, mss=1357, tbw=17006, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 1822
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png

IEXPLORE.EXE

Remote address:

157.240.221.16:443

Request

GET /rsrc.php/v3/yw/r/UXtr_j2Fwe-.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/png
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: 07aG/2AEtDHVAZ5LUajMDQ==
Expires: Sun, 17 Aug 2025 04:31:20 GMT
Cache-Control: public,max-age=31536000,immutable
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
origin-agent-cluster: ?1
X-FB-Debug: iqEEVnAvAfcJs0yg7OiT9aRFvThp/Noef1v0ABa7p1cGgm797HC7ImJQD+ORXLuW2OpdXH/W1NNrDEnJYGhz4Q==
x-fb-server-load: 32
Date: Thu, 29 Aug 2024 11:42:59 GMT
X-FB-Connection-Quality: GOOD; q=0.7, rtt=76, rtx=0, c=30, mss=1357, tbw=20896, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 573
GET

https://scontent.xx.fbcdn.net/v/t39.30808-1/302682950_408081388117661_761848427710662801_n.jpg?stp=cp0_dst-jpg_s50x50&_nc_cat=103&ccb=1-7&_nc_sid=6738e8&_nc_ohc=NMwjXrgSoV4Q7kNvgEVyxB_&_nc_ht=scontent.xx&edm=AEDRbFQEAAAA&oh=00_AYAlXr2k0wRggJppl6uUs-Ll39h1xnfMbSQH6ujGWtrknA&oe=66D636D3

IEXPLORE.EXE

Remote address:

157.240.221.16:443

Request

GET /v/t39.30808-1/302682950_408081388117661_761848427710662801_n.jpg?stp=cp0_dst-jpg_s50x50&_nc_cat=103&ccb=1-7&_nc_sid=6738e8&_nc_ohc=NMwjXrgSoV4Q7kNvgEVyxB_&_nc_ht=scontent.xx&edm=AEDRbFQEAAAA&oh=00_AYAlXr2k0wRggJppl6uUs-Ll39h1xnfMbSQH6ujGWtrknA&oe=66D636D3 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: scontent.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

x-additional-error-detail:
Last-Modified: Sat, 10 Sep 2022 01:27:37 GMT
X-Needle-Checksum: 2883854034
Content-Type: image/jpeg
content-digest: adler32=740015753
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
Access-Control-Allow-Origin: *
Cache-Control: max-age=1209600, no-transform
Accept-Ranges: bytes
Date: Thu, 29 Aug 2024 11:42:54 GMT
X-FB-Connection-Quality: GOOD; q=0.7, rtt=51, rtx=0, c=14, mss=1357, tbw=3222, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 1967
DNS

googleads.g.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.180.2
DNS

static.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN A

Response

static.doubleclick.net

IN A

142.250.178.6
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

142.250.180.2:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Thu, 29 Aug 2024 11:42:55 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

142.250.180.2:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Thu, 29 Aug 2024 11:42:55 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

142.250.180.2:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Thu, 29 Aug 2024 11:42:55 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

142.250.180.2:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Thu, 29 Aug 2024 11:42:55 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://static.doubleclick.net/instream/ad_status.js

IEXPLORE.EXE

Remote address:

142.250.178.6:443

Request

GET /instream/ad_status.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="ads-doubleclick-media"
Report-To: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
Timing-Allow-Origin: *
Content-Length: 29
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 29 Aug 2024 11:32:34 GMT
Expires: Thu, 29 Aug 2024 11:47:34 GMT
Cache-Control: public, max-age=900
Age: 621
Last-Modified: Thu, 12 Dec 2013 23:40:16 GMT
Content-Type: text/javascript
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

jnn-pa.googleapis.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN A

Response

jnn-pa.googleapis.com

IN A

142.250.178.10

jnn-pa.googleapis.com

IN A

142.250.179.234

jnn-pa.googleapis.com

IN A

172.217.169.74

jnn-pa.googleapis.com

IN A

142.250.187.234

jnn-pa.googleapis.com

IN A

216.58.201.106

jnn-pa.googleapis.com

IN A

142.250.200.10

jnn-pa.googleapis.com

IN A

142.250.180.10

jnn-pa.googleapis.com

IN A

216.58.204.74

jnn-pa.googleapis.com

IN A

216.58.212.202

jnn-pa.googleapis.com

IN A

142.250.187.202

jnn-pa.googleapis.com

IN A

172.217.16.234

jnn-pa.googleapis.com

IN A

172.217.169.10

jnn-pa.googleapis.com

IN A

216.58.213.10

jnn-pa.googleapis.com

IN A

216.58.212.234

jnn-pa.googleapis.com

IN A

142.250.200.42

jnn-pa.googleapis.com

IN A

172.217.169.42
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

IEXPLORE.EXE

Remote address:

142.250.178.10:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 24
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Thu, 29 Aug 2024 11:42:59 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

IEXPLORE.EXE

Remote address:

142.250.178.10:443

Request

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 1192
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Thu, 29 Aug 2024 11:43:00 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

IEXPLORE.EXE

Remote address:

142.250.178.10:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 24
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Thu, 29 Aug 2024 11:42:59 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

IEXPLORE.EXE

Remote address:

142.250.178.10:443

Request

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 1192
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Thu, 29 Aug 2024 11:43:00 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

www.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.179.228
DNS

i.ytimg.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

216.58.213.22

i.ytimg.com

IN A

142.250.178.22

i.ytimg.com

IN A

142.250.187.214

i.ytimg.com

IN A

142.250.179.246

i.ytimg.com

IN A

142.250.200.54

i.ytimg.com

IN A

216.58.201.118

i.ytimg.com

IN A

216.58.212.214

i.ytimg.com

IN A

172.217.169.86

i.ytimg.com

IN A

172.217.16.246

i.ytimg.com

IN A

142.250.180.22

i.ytimg.com

IN A

142.250.200.22

i.ytimg.com

IN A

216.58.212.246

i.ytimg.com

IN A

216.58.204.86

i.ytimg.com

IN A

172.217.169.22

i.ytimg.com

IN A

172.217.169.54

i.ytimg.com

IN A

142.250.187.246
GET

https://www.google.com/js/th/4-NlEi-7NY8SQPLCpX1INlyCg7Vzxjxgly2SzKIOrZg.js

IEXPLORE.EXE

Remote address:

142.250.179.228:443

Request

GET /js/th/4-NlEi-7NY8SQPLCpX1INlyCg7Vzxjxgly2SzKIOrZg.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="botguard-scs"
Report-To: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
Content-Length: 24787
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 28 Aug 2024 10:00:59 GMT
Expires: Thu, 28 Aug 2025 10:00:59 GMT
Cache-Control: public, max-age=31536000
Age: 92518
Last-Modified: Tue, 13 Aug 2024 10:30:00 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://i.ytimg.com/vi/ygK7kej0BPA/sddefault.jpg

IEXPLORE.EXE

Remote address:

216.58.213.22:443

Request

GET /vi/ygK7kej0BPA/sddefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i.ytimg.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 35419
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 29 Aug 2024 10:14:59 GMT
Expires: Thu, 29 Aug 2024 12:14:59 GMT
Cache-Control: public, max-age=7200
Age: 5278
ETag: "0"
Content-Type: image/jpeg
Vary: Origin
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://i.ytimg.com/vi/gS2GhpTPLvQ/sddefault.jpg

IEXPLORE.EXE

Remote address:

216.58.213.22:443

Request

GET /vi/gS2GhpTPLvQ/sddefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i.ytimg.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 36415
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 29 Aug 2024 11:42:54 GMT
Expires: Thu, 29 Aug 2024 13:42:54 GMT
Cache-Control: public, max-age=7200
Age: 4
ETag: "1376813903"
Content-Type: image/jpeg
Vary: Origin
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

yt3.ggpht.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

yt3.ggpht.com

IN A

Response

yt3.ggpht.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.180.1
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

142.250.180.2:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Thu, 29 Aug 2024 11:42:57 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

142.250.180.2:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Thu, 29 Aug 2024 11:42:57 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

142.250.180.2:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Thu, 29 Aug 2024 11:42:57 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://yt3.ggpht.com/ytc/AIdro_kKqNeL3cYjYNkFmifDFE3XRspqNa0XYqzqcmi30Ic=s68-c-k-c0x00ffffff-no-rj

IEXPLORE.EXE

Remote address:

142.250.180.1:443

Request

GET /ytc/AIdro_kKqNeL3cYjYNkFmifDFE3XRspqNa0XYqzqcmi30Ic=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: yt3.ggpht.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="unnamed.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1182
X-XSS-Protection: 0
Date: Thu, 29 Aug 2024 11:42:37 GMT
Expires: Fri, 30 Aug 2024 11:42:37 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 20
ETag: "v0"
Content-Type: image/jpeg
Vary: Origin
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

142.250.180.2:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Thu, 29 Aug 2024 11:42:57 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

142.250.180.2:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Thu, 29 Aug 2024 11:42:57 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

142.250.180.2:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Thu, 29 Aug 2024 11:42:57 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

IEXPLORE.EXE

Remote address:

142.250.178.10:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 24
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Thu, 29 Aug 2024 11:42:59 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

IEXPLORE.EXE

Remote address:

142.250.178.10:443

Request

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 939
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Thu, 29 Aug 2024 11:43:00 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

IEXPLORE.EXE

Remote address:

142.250.178.10:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 24
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Thu, 29 Aug 2024 11:42:59 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

IEXPLORE.EXE

Remote address:

142.250.178.10:443

Request

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 1068
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Thu, 29 Aug 2024 11:43:00 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

IEXPLORE.EXE

Remote address:

142.250.178.10:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 24
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Thu, 29 Aug 2024 11:42:59 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

IEXPLORE.EXE

Remote address:

142.250.178.10:443

Request

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 1215
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Thu, 29 Aug 2024 11:43:00 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

crl.microsoft.com

Remote address:

8.8.8.8:53

Request

crl.microsoft.com

IN A

Response

crl.microsoft.com

IN CNAME

crl.www.ms.akadns.net

crl.www.ms.akadns.net

IN CNAME

a1363.dscg.akamai.net

a1363.dscg.akamai.net

IN A

2.19.252.143

a1363.dscg.akamai.net

IN A

2.19.252.157
GET

http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

Remote address:

2.19.252.143:80

Request

GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 01 May 2024 09:28:59 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com

Response

HTTP/1.1 200 OK

Content-Length: 1036
Content-Type: application/octet-stream
Content-MD5: 5xIscz+eN7ugykyYXOEdbQ==
Last-Modified: Thu, 11 Jul 2024 01:45:51 GMT
ETag: 0x8DCA14B323B2CC0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 08d1499d-801e-001b-7338-d369e9000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 29 Aug 2024 11:43:24 GMT
Connection: keep-alive
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

95.100.245.144
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

95.100.245.144
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

142.250.180.2:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Thu, 29 Aug 2024 11:44:59 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

142.250.180.2:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Thu, 29 Aug 2024 11:45:00 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

142.250.180.2:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Thu, 29 Aug 2024 11:45:00 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

142.250.180.2:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Thu, 29 Aug 2024 11:45:00 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

142.250.180.2:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Thu, 29 Aug 2024 11:45:00 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

142.250.180.2:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Thu, 29 Aug 2024 11:45:00 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

142.250.180.2:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Thu, 29 Aug 2024 11:45:00 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

142.250.180.2:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Thu, 29 Aug 2024 11:44:59 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

142.250.180.2:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Thu, 29 Aug 2024 11:45:00 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

142.250.180.2:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Thu, 29 Aug 2024 11:45:00 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked

216.58.204.74:80

http://fonts.googleapis.com/css?family=Arial

http

IEXPLORE.EXE

523 B
1.4kB
6
4

HTTP Request

GET http://fonts.googleapis.com/css?family=Arial

HTTP Response

400
216.58.204.74:80

fonts.googleapis.com

IEXPLORE.EXE

190 B
132 B
4
3
142.250.200.14:80

http://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

http

IEXPLORE.EXE

556 B
579 B
6
4

HTTP Request

GET http://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

HTTP Response

301
142.250.200.14:80

http://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

http

IEXPLORE.EXE

510 B
579 B
5
4

HTTP Request

GET http://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

HTTP Response

301
142.250.200.14:80

http://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

http

IEXPLORE.EXE

510 B
579 B
5
4

HTTP Request

GET http://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

HTTP Response

301
142.250.200.14:80

http://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

http

IEXPLORE.EXE

510 B
579 B
5
4

HTTP Request

GET http://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

HTTP Response

301
142.250.200.14:80

http://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

http

IEXPLORE.EXE

510 B
579 B
5
4

HTTP Request

GET http://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

HTTP Response

301
157.240.221.35:80

www.facebook.com

IEXPLORE.EXE

190 B
92 B
4
2
157.240.221.35:80

http://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

http

IEXPLORE.EXE

776 B
1.0kB
7
5

HTTP Request

GET http://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

HTTP Response

301
157.240.221.35:443

https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

tls, http

IEXPLORE.EXE

1.6kB
22.5kB
18
24

HTTP Request

GET https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

HTTP Response

200
142.250.200.14:443

https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

tls, http

IEXPLORE.EXE

1.9kB
52.7kB
29
45

HTTP Request

GET https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

HTTP Response

200
142.250.200.14:443

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

tls, http

IEXPLORE.EXE

21.4kB
52.8kB
44
62

HTTP Request

GET https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

HTTP Response

200

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200
142.250.200.14:443

https://www.youtube.com/api/stats/qoe?cpn=B5PxACj8KSTnqaQk&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C60172%2C67154%2C26443548%2C7111%2C24166%2C12177%2C9954%2C1192%2C8253%2C25209%2C2%2C2870%2C14898%2C29151%2C2197%2C9996%2C1103%2C6953%2C11044%2C502%2C1969%2C7546%2C17801%2C12945%2C812%2C10264%2C2%2C2126%2C1336%2C1870%2C2335%2C1823%2C3186%2C2912%2C4794%2C5%2C7%2C3%2C1020%2C1739%2C328%2C14%2C3826%2C5%2C403%2C648%2C934%2C791%2C11629%2C1170%2C134%2C279%2C5088&cl=667805124&seq=1&event=streamingstats&docid=evMR3wn1LGk&qclc=ChBCNVB4QUNqOEtTVG5xYVFrEAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240826.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.002:ER&cmt=0.002:0.000,0.002:0.000&error=0.002:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.002:0&bh=0.002:0.000

tls, http

IEXPLORE.EXE

18.3kB
865.3kB
332
636

HTTP Request

GET https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/3abab6ef/player_ias.vflset/en_US/base.js

HTTP Response

200

HTTP Request

POST https://www.youtube.com/api/stats/qoe?cpn=B5PxACj8KSTnqaQk&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C60172%2C67154%2C26443548%2C7111%2C24166%2C12177%2C9954%2C1192%2C8253%2C25209%2C2%2C2870%2C14898%2C29151%2C2197%2C9996%2C1103%2C6953%2C11044%2C502%2C1969%2C7546%2C17801%2C12945%2C812%2C10264%2C2%2C2126%2C1336%2C1870%2C2335%2C1823%2C3186%2C2912%2C4794%2C5%2C7%2C3%2C1020%2C1739%2C328%2C14%2C3826%2C5%2C403%2C648%2C934%2C791%2C11629%2C1170%2C134%2C279%2C5088&cl=667805124&seq=1&event=streamingstats&docid=evMR3wn1LGk&qclc=ChBCNVB4QUNqOEtTVG5xYVFrEAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240826.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.002:ER&cmt=0.002:0.000,0.002:0.000&error=0.002:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.002:0&bh=0.002:0.000

HTTP Response

204
142.250.200.14:443

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

tls, http

IEXPLORE.EXE

24.9kB
56.0kB
48
67

HTTP Request

GET https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

HTTP Response

200

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200
142.250.200.14:443

https://www.youtube.com/api/stats/qoe?cpn=8_OhLPFJ0qhnveEQ&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C127326%2C26443548%2C7111%2C24166%2C12177%2C9954%2C1192%2C8253%2C25209%2C2%2C17768%2C29151%2C2197%2C8639%2C1357%2C1103%2C6953%2C11044%2C502%2C1969%2C7546%2C17801%2C4164%2C8781%2C5698%2C5378%2C2%2C2126%2C1336%2C1517%2C2687%2C1%2C1823%2C3186%2C2912%2C4794%2C5%2C7%2C2%2C1021%2C1740%2C59%2C268%2C13%2C3804%2C23%2C4%2C404%2C648%2C1120%2C605%2C11629%2C1170%2C133%2C280&cl=667805124&seq=1&event=streamingstats&docid=QMECDnECjJM&qclc=ChA4X09oTFBGSjBxaG52ZUVREAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240826.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000

tls, http

IEXPLORE.EXE

7.8kB
184.2kB
83
144

HTTP Request

GET https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/3abab6ef/www-player.css

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/3abab6ef/player_ias.vflset/en_US/embed.js

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/3abab6ef/player_ias.vflset/en_US/remote.js

HTTP Response

200

HTTP Request

POST https://www.youtube.com/api/stats/qoe?cpn=8_OhLPFJ0qhnveEQ&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C127326%2C26443548%2C7111%2C24166%2C12177%2C9954%2C1192%2C8253%2C25209%2C2%2C17768%2C29151%2C2197%2C8639%2C1357%2C1103%2C6953%2C11044%2C502%2C1969%2C7546%2C17801%2C4164%2C8781%2C5698%2C5378%2C2%2C2126%2C1336%2C1517%2C2687%2C1%2C1823%2C3186%2C2912%2C4794%2C5%2C7%2C2%2C1021%2C1740%2C59%2C268%2C13%2C3804%2C23%2C4%2C404%2C648%2C1120%2C605%2C11629%2C1170%2C133%2C280&cl=667805124&seq=1&event=streamingstats&docid=QMECDnECjJM&qclc=ChA4X09oTFBGSjBxaG52ZUVREAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240826.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000

HTTP Response

204
216.58.201.110:80

http://www.google-analytics.com/ga.js

http

IEXPLORE.EXE

858 B
18.3kB
13
16

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
216.58.201.110:80

www.google-analytics.com

IEXPLORE.EXE

190 B
92 B
4
2
142.250.178.3:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHM9QmVn2rE0CqmPuQDOLLc%3D

http

IEXPLORE.EXE

1.6kB
6.1kB
14
10

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHGN%2BKTRSIp4CcztJxB9gYQ%3D

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDAezvzBOn2FxIghPLaMkP6

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCjHbN8Q48ByBJsBZfEZOeO

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHM9QmVn2rE0CqmPuQDOLLc%3D

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEGSmfK2o2tshCmPh6FdfeUg%3D

http

IEXPLORE.EXE

1.5kB
4.6kB
12
8

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHGN%2BKTRSIp4CcztJxB9gYQ%3D

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDAezvzBOn2FxIghPLaMkP6

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCAK7VcV80VuQoo1MUTK%2FRa

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEGSmfK2o2tshCmPh6FdfeUg%3D

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHM9QmVn2rE0CqmPuQDOLLc%3D

http

IEXPLORE.EXE

1.5kB
4.6kB
13
9

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHGN%2BKTRSIp4CcztJxB9gYQ%3D

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHvQOfnMl3BnEBjGqYCOwmQ%3D

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACECwirpsBitH3EpQ2KzZtJ4U%3D

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHM9QmVn2rE0CqmPuQDOLLc%3D

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACECwirpsBitH3EpQ2KzZtJ4U%3D

http

IEXPLORE.EXE

1.2kB
3.9kB
11
7

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHGN%2BKTRSIp4CcztJxB9gYQ%3D

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCAK7VcV80VuQoo1MUTK%2FRa

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACECwirpsBitH3EpQ2KzZtJ4U%3D

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEGSmfK2o2tshCmPh6FdfeUg%3D

http

IEXPLORE.EXE

1.2kB
4.6kB
10
8

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHGN%2BKTRSIp4CcztJxB9gYQ%3D

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEHvQOfnMl3BnEBjGqYCOwmQ%3D

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEGSmfK2o2tshCmPh6FdfeUg%3D

HTTP Response

200
142.250.200.14:443

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

tls, http

IEXPLORE.EXE

23.3kB
195.7kB
102
166

HTTP Request

GET https://www.youtube.com/s/player/3abab6ef/www-embed-player.vflset/www-embed-player.js

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/3abab6ef/player_ias.vflset/en_US/embed.js

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/3abab6ef/player_ias.vflset/en_US/remote.js

HTTP Response

200

HTTP Request

POST https://www.youtube.com/api/stats/qoe?cpn=cjJnu0m_cGZetlta&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C127326%2C26443548%2C7111%2C24166%2C12177%2C9954%2C1192%2C33462%2C2%2C17768%2C29151%2C2197%2C9996%2C1103%2C6953%2C11044%2C502%2C1969%2C7546%2C12724%2C5077%2C12945%2C5698%2C4319%2C1059%2C2%2C2126%2C1336%2C4205%2C1823%2C3186%2C2912%2C4795%2C3%2C9%2C1%2C1021%2C1739%2C328%2C13%2C142%2C3686%2C4%2C403%2C648%2C8523%2C4831%2C1171%2C132%2C280%2C3855%2C6076&cl=667805124&seq=1&event=streamingstats&docid=ywSeSlVcY4w&qclc=ChBjakpudTBtX2NHWmV0bHRhEAE&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240826.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000

HTTP Response

204

HTTP Request

GET https://www.youtube.com/generate_204?aKv0oQ

HTTP Response

204

HTTP Request

GET https://www.youtube.com/generate_204?HugfCw

HTTP Response

204

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200
157.240.221.16:443

https://static.xx.fbcdn.net/rsrc.php/v3/yf/r/Dpom1HQzAgH.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

5.3kB
201.9kB
84
154

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/Zi20d5DVxmM.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yf/r/Dpom1HQzAgH.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
157.240.221.16:443

https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/dXk5exdOVhk.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

2.1kB
14.6kB
15
18

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yx/l/0,cross/MEtExguyptz.css?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/dXk5exdOVhk.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
157.240.221.16:443

https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

2.1kB
11.3kB
15
17

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/o1ndYS2og_B.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
157.240.221.16:443

https://static.xx.fbcdn.net/rsrc.php/v3issO4/yA/l/en_GB/pLoSlJD7y1F.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

1.9kB
35.6kB
22
33

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3issO4/yA/l/en_GB/pLoSlJD7y1F.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
157.240.221.16:443

https://static.xx.fbcdn.net/rsrc.php/v3ij9m4/yU/l/en_GB/Mw5y7Z3v-mj.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

1.9kB
35.6kB
22
33

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3ij9m4/yU/l/en_GB/Mw5y7Z3v-mj.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
157.240.221.16:443

https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png

tls, http

IEXPLORE.EXE

2.9kB
24.7kB
21
28

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yV/r/Glud--w-qOK.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yc/r/POPhtNuypTE.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png

HTTP Response

200
157.240.221.16:443

https://scontent.xx.fbcdn.net/v/t39.30808-1/302682950_408081388117661_761848427710662801_n.jpg?stp=cp0_dst-jpg_s50x50&_nc_cat=103&ccb=1-7&_nc_sid=6738e8&_nc_ohc=NMwjXrgSoV4Q7kNvgEVyxB_&_nc_ht=scontent.xx&edm=AEDRbFQEAAAA&oh=00_AYAlXr2k0wRggJppl6uUs-Ll39h1xnfMbSQH6ujGWtrknA&oe=66D636D3

tls, http

IEXPLORE.EXE

1.6kB
6.4kB
11
12

HTTP Request

GET https://scontent.xx.fbcdn.net/v/t39.30808-1/302682950_408081388117661_761848427710662801_n.jpg?stp=cp0_dst-jpg_s50x50&_nc_cat=103&ccb=1-7&_nc_sid=6738e8&_nc_ohc=NMwjXrgSoV4Q7kNvgEVyxB_&_nc_ht=scontent.xx&edm=AEDRbFQEAAAA&oh=00_AYAlXr2k0wRggJppl6uUs-Ll39h1xnfMbSQH6ujGWtrknA&oe=66D636D3

HTTP Response

200
157.240.221.16:443

scontent.xx.fbcdn.net

tls

IEXPLORE.EXE

706 B
3.6kB
9
8
142.250.180.2:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

1.5kB
6.6kB
11
13

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
142.250.180.2:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

1.5kB
6.7kB
12
15

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
142.250.178.6:443

static.doubleclick.net

tls

IEXPLORE.EXE

759 B
4.8kB
10
9
142.250.178.6:443

https://static.doubleclick.net/instream/ad_status.js

tls, http

IEXPLORE.EXE

1.1kB
5.6kB
10
10

HTTP Request

GET https://static.doubleclick.net/instream/ad_status.js

HTTP Response

200
142.250.178.10:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

tls, http

IEXPLORE.EXE

4.0kB
53.2kB
31
47

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

HTTP Response

200
142.250.178.10:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

tls, http

IEXPLORE.EXE

3.9kB
48.2kB
29
44

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

HTTP Response

200
142.250.179.228:443

www.google.com

tls

IEXPLORE.EXE

935 B
4.5kB
14
8
142.250.179.228:443

https://www.google.com/js/th/4-NlEi-7NY8SQPLCpX1INlyCg7Vzxjxgly2SzKIOrZg.js

tls, http

IEXPLORE.EXE

2.0kB
31.5kB
20
28

HTTP Request

GET https://www.google.com/js/th/4-NlEi-7NY8SQPLCpX1INlyCg7Vzxjxgly2SzKIOrZg.js

HTTP Response

200
216.58.213.22:443

https://i.ytimg.com/vi/gS2GhpTPLvQ/sddefault.jpg

tls, http

IEXPLORE.EXE

2.9kB
83.2kB
39
66

HTTP Request

GET https://i.ytimg.com/vi/ygK7kej0BPA/sddefault.jpg

HTTP Response

200

HTTP Request

GET https://i.ytimg.com/vi/gS2GhpTPLvQ/sddefault.jpg

HTTP Response

200
216.58.213.22:443

i.ytimg.com

tls

IEXPLORE.EXE

726 B
5.1kB
9
9
142.250.180.2:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

1.7kB
3.0kB
10
11

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
142.250.180.1:443

yt3.ggpht.com

tls

IEXPLORE.EXE

796 B
9.8kB
11
12
142.250.180.1:443

https://yt3.ggpht.com/ytc/AIdro_kKqNeL3cYjYNkFmifDFE3XRspqNa0XYqzqcmi30Ic=s68-c-k-c0x00ffffff-no-rj

tls, http

IEXPLORE.EXE

1.2kB
11.5kB
11
13

HTTP Request

GET https://yt3.ggpht.com/ytc/AIdro_kKqNeL3cYjYNkFmifDFE3XRspqNa0XYqzqcmi30Ic=s68-c-k-c0x00ffffff-no-rj

HTTP Response

200
142.250.180.2:443

googleads.g.doubleclick.net

tls

IEXPLORE.EXE

583 B
355 B
7
5
142.250.180.2:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

1.3kB
2.2kB
9
10

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
142.250.180.2:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

957 B
1.6kB
8
7

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
142.250.178.10:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

tls, http

IEXPLORE.EXE

3.7kB
48.1kB
29
45

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

HTTP Response

200
142.250.178.10:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

tls, http

IEXPLORE.EXE

3.8kB
48.4kB
29
44

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

HTTP Response

200
142.250.178.10:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

tls, http

IEXPLORE.EXE

3.9kB
48.6kB
29
45

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

HTTP Response

200
2.19.252.143:80

http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

http

399 B
1.7kB
4
4

HTTP Request

GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

HTTP Response

200
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

753 B
7.9kB
9
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

831 B
7.9kB
10
13
142.250.180.2:443

googleads.g.doubleclick.net

IEXPLORE.EXE

152 B
3
142.250.180.2:443

googleads.g.doubleclick.net

tls

IEXPLORE.EXE

539 B
311 B
6
4
142.250.180.2:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

4.1kB
8.0kB
19
23

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
142.250.180.2:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

2.4kB
3.9kB
11
11

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
142.250.180.2:443

googleads.g.doubleclick.net

tls

IEXPLORE.EXE

741 B
367 B
6
5
142.250.180.2:443

googleads.g.doubleclick.net

tls

IEXPLORE.EXE

539 B
311 B
6
4
142.250.180.2:443

googleads.g.doubleclick.net

tls

IEXPLORE.EXE

439 B
315 B
4
4

8.8.8.8:53

www.konthaiusa.com

dns

IEXPLORE.EXE

64 B
137 B
1
1

DNS Request

www.konthaiusa.com
8.8.8.8:53

www.youtube.com

dns

IEXPLORE.EXE

61 B
335 B
1
1

DNS Request

www.youtube.com

DNS Response

142.250.200.14

216.58.204.78

142.250.187.206

216.58.212.206

142.250.187.238

172.217.16.238

142.250.179.238

216.58.201.110

142.250.200.46

172.217.169.14

142.250.180.14

142.250.178.14

216.58.212.238

172.217.169.46

172.217.169.78
8.8.8.8:53

www.facebook.com

dns

IEXPLORE.EXE

125 B
275 B
2
2

DNS Request

www.facebook.com

DNS Response

157.240.221.35

DNS Request

ocsp.digicert.com

DNS Response

192.229.221.95
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

static.xx.fbcdn.net

dns

IEXPLORE.EXE

65 B
104 B
1
1

DNS Request

static.xx.fbcdn.net

DNS Response

157.240.221.16
8.8.8.8:53

scontent.xx.fbcdn.net

dns

IEXPLORE.EXE

67 B
83 B
1
1

DNS Request

scontent.xx.fbcdn.net

DNS Response

157.240.221.16
8.8.8.8:53

googleads.g.doubleclick.net

dns

IEXPLORE.EXE

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

142.250.180.2
8.8.8.8:53

static.doubleclick.net

dns

IEXPLORE.EXE

68 B
84 B
1
1

DNS Request

static.doubleclick.net

DNS Response

142.250.178.6
8.8.8.8:53

jnn-pa.googleapis.com

dns

IEXPLORE.EXE

67 B
323 B
1
1

DNS Request

jnn-pa.googleapis.com

DNS Response

142.250.178.10

142.250.179.234

172.217.169.74

142.250.187.234

216.58.201.106

142.250.200.10

142.250.180.10

216.58.204.74

216.58.212.202

142.250.187.202

172.217.16.234

172.217.169.10

216.58.213.10

216.58.212.234

142.250.200.42

172.217.169.42
8.8.8.8:53

www.google.com

dns

IEXPLORE.EXE

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.179.228
8.8.8.8:53

i.ytimg.com

dns

IEXPLORE.EXE

57 B
313 B
1
1

DNS Request

i.ytimg.com

DNS Response

216.58.213.22

142.250.178.22

142.250.187.214

142.250.179.246

142.250.200.54

216.58.201.118

216.58.212.214

172.217.169.86

172.217.16.246

142.250.180.22

142.250.200.22

216.58.212.246

216.58.204.86

172.217.169.22

172.217.169.54

142.250.187.246
8.8.8.8:53

yt3.ggpht.com

dns

IEXPLORE.EXE

59 B
120 B
1
1

DNS Request

yt3.ggpht.com

DNS Response

142.250.180.1
8.8.8.8:53

crl.microsoft.com

dns

63 B
162 B
1
1

DNS Request

crl.microsoft.com

DNS Response

2.19.252.143

2.19.252.157
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

95.100.245.144
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

95.100.245.144

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
a3bdb32709251db49fdfbbbe843d295c

SHA1
adbfbf7cf2af52bbc13074c49db627b9969ed2d0

SHA256
500646807d620dd3f80559b423d09513fdb1025d5a4b27ef4be7c3096dddf807

SHA512
e14f2f84db249857d4dff278a973d7c26272b5d96d8a428c0ad4d74bc89f9be9b73d4cb340b8915fc6d2194f216e52e9c201acc2a319bb6fdd5f767970abedd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_68D058512F3515153DEB95A1F4E72552

Filesize
471B

MD5
7a9f33162ea62d51399d84b88fb12968

SHA1
4c06bc90f4fd1ae49c86b3c50b319c0b6e14dc64

SHA256
6d6db88a354e29339a870a6464e061b12ce3b750141d8e4ffe051eaafbccf00f

SHA512
18cc1ca45b5fd3eaa9b96bb03a0e9a26a1adb48463fec5792e6c266ed77b0c0dd681467279529d2b895b2f70ffd66a4eb6b1f287d70e65eee8e5eb78dc16f7bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
2c232e5528b248f82cf8fe421235aa28

SHA1
eb09a08da1a944391c38a7300d958e51913dd710

SHA256
bd9154b3d18c2cfd94216e837c15f68b32e2448790774e6504dd393ffda51097

SHA512
5c6f3cf3fa13147e163f717f0063e722353cfea369ee8eecf1e478d01e9f11710b100222782a3ad4b8b638656c9e91d90089984d5419b958c7686978cd5a03fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
9da6061437db893113417d2ab712bcc7

SHA1
13b8cf0a0c9d4215a61fb2b5cf7bcb703a89c274

SHA256
e7848fcec29bf0a9c60623585d693a59a7b8236289a4febefcb53aa3314eee28

SHA512
cb210ca1240099679aa5d6b16c98a2d5ebeafa8ae3062ec6268687a4d4205b8e09bcd82dd76992adb670301e73486784224752645c2376f9bee0e043034a611f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
c95ae7e612fc00608f8b6ea04067d950

SHA1
032c6d7528067c5b353ef1f98321ea61443a3d33

SHA256
4df6fbf64ad52eeb229b236409176b13db299f422cc19a17f8bd7a17dc3bfc36

SHA512
6c6efeaf88f1559980497dbb72da209a691022b2494040b7cfc971b09f3ad3e76d3169fe7402266487ce8e0a952425f60602f580bdf30af1d5666ff887837b79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
4256a23b86fd82eba75029a08649a326

SHA1
872f22bf168fae27c9b70652ca2a2470eb2f92d0

SHA256
0a5a5051e565fd462873c87be6fd8e25b54464c5bcf1a602d9faefd44a89ccbc

SHA512
9fef7a080478604ba2331fbb35f8b2392d727213ef1127e99ef57156bfcdb0bbfbdd2891c40fa0702cecc7bc2e40d3118bd1111271369fe07b8397327aab8054

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
dd60f51b4dde1ae7ae1b0120591192ba

SHA1
f2293262567a533ab91b6d79fd3d7f0419f6316b

SHA256
fa12669b9f1cb2d918239ed6dad16aee8fce199df691a8a3afa66a14afa37271

SHA512
b2d3d71265783d8a2097fb89accedc42bb518d77ab4647fdc5dcca920d2687278f11df115a2101eb7ac3d46e4c6e057a95476412c9878a92483aa7448d1a5e9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
9dc89f3284243bc54d80eaa2486f3358

SHA1
ed983efa3159c1b1826b750bdae065547c940e10

SHA256
1114df6c1e817f66257339016d6e60b7e37ff4e893bc7cf86e4663b092c99d64

SHA512
98648ac51906e238196ccbeea11f5279901abd87fe6cefcf39b0d8b29dc71aed8c8ee009b54a8f5defbb6a6d943818739ebe115aa7f6731a411d2e863370a749

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
e745b01803411277d8de1711027016c9

SHA1
4e8e12a9d19e09ee4a0bf028fe483bc9345bfba0

SHA256
4dfbbb11c53418191d2e1f79fc8072710002228f9dd9c6911ab4afe9a9767057

SHA512
705e1e41a21db7d6be72a0042af871e5778cb7c94a4a7f38fc5459307f474724ff1ea9a2d46209248947be1e081182b434e0c5acc09cd615c75fc732f2b00198

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
54caf628cc19705489b47f78ef4bfdd3

SHA1
6a0fe4fdca859f8cd32d63510a0e32e5b145289a

SHA256
7034a71f0c40462d56272059bded47283d75685d69ce50b2d19dca516b1317fa

SHA512
91052b20062204f9c8d1960e83b2a79589768078df2ff48bda5b4360c44ca95259a844ce340ae33c7f17636f4e716bd75f2ff1f0dc0380b08e223b10c2978e66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
8a6e6a6422fd3d5cc347bb494541bb13

SHA1
12860ede14ceaf9d5bfcb59fc371e47cf264c5aa

SHA256
1fd4b5c36fca5b48459263752d4531231f04c3ea1d8e6140620f289cbc29d83d

SHA512
cce35d59bc97524901b82a0e03196d99966a9ce3f2d3f097a7f9aa07bd888bacdad5a732c9c902e15b85c20d78dad2c384095d6190315580a212a054fe7dee84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
5e47c54df8443e198d53217d618c0f12

SHA1
27d2a4eb5e34b954221140fa98657273b86a8c82

SHA256
3685b713a6b1f77791a8f3e9bf7bf4910413ca3c97ce43791e6c9ef47b902872

SHA512
71ff27fae7498ac9bbfd227607d8f85b7804ede364cc61937a79a5db0ea1d18f3df6068dd3a45e92e3877638bc5f10d79a77da27b14071871ccd8601a58bb105

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
4c5d700ea4dbc167bd2ce915cb1f332e

SHA1
0ab7873af6013c4eaa8c3607f60c587ba42e3b71

SHA256
e1412cd2aac631c1576fb184cdb999eaee89c4a81397e3fb33be374429bc37e7

SHA512
b143b52b64733be17bbcade269ba5da24e67c1812ed281bc81cf3ff7446ee9089a39daa4a4254ed7d3d20ebe9c3178be59f0c99ca091fd2d85948a070364d785

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
e541a02911e8b78b75f6713d81ca79b6

SHA1
9645be5608c41a2c28011328f7485a219c2d5aaa

SHA256
a4305a22428af3f695d7f68d76897f93b604b5123ec523fc791a4f10a66d27c7

SHA512
5c2cb7ee2d9ef646806de94c8aa05c73828e7b42f4e9a09d7dd44a6ceb790d508d042727e4d45628ce63abf2b40aba09d1ef8b053870b1e8f6f7a8d613a2e27e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
7676bcd7ae11a128a49cd82626a69642

SHA1
da84978a10fce6a8dc1bf1919d6bdb8b5509300a

SHA256
b391c47e8fbb8511119436bb41cbe3601f57a217851af9bf3d4c7978bb414b5e

SHA512
29f5f11530b8f3dd0692c4d1a450be56c142ab1a0ac3cf2882e3b1567cb2f4346936fbff7bb00cb0d2f7f7b8d720b1a9414f0b23c8474a236487f7791ac51621

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d0904ead218d8049723ba25fec668293

SHA1
ec3d74acba44a7808b119e6732fe07cf6afb5867

SHA256
31b28b3ac28f72292001a5b378320806900d081313fdc920fd0507ce8bb1295d

SHA512
7aba5f977c9062e80b7a5fc7c350b37681d636c5a661acb96937d3affce78025303688fe5c28f9a3e5ded7ec96c0987b286137db9895de0a3c4faf602da3b346

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
23cf6b6f730afb4786a4c1f7b7c189a5

SHA1
3b6f2ef2d2b1218fcde04e203d9a188340caaa20

SHA256
46b31550b80475480ab332185be1d1b7e44454bb1b7bbe117369a90904fd1136

SHA512
52a74eb3307c3fcbbe391f72f003602d63720cbd1f0b2cadc90fae88d1ca201ce0ecc105c2c2aae09af0dd61a9153101cd60a5ec16794ea1de6b3229438ae94a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
7a2dd52e52cebfd9e59d034891543849

SHA1
5865c088e0b28d61e23681a0e3eaa2c056a2e377

SHA256
fc0962e34749a8279eab7e0a8859930b9b5065880976883ea5f14d2382ae4561

SHA512
7d7d87b428dc9563ed018ca71a27128a06252050ce74dfa1e2de5403f7fea739691ca800227d2a0fecd65f850675d236c127de13570651f69f35e7b62aa18cd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
15a360aacdb34ab208d3c638f1e3c29d

SHA1
b7e8e468320aed3e3bb8b11f40f859426e09fea8

SHA256
c59d6fded19f5e9ab7860116b414df84f7871a18f51921f057e90f56cd9de3c9

SHA512
ac231feac3f7b6ce25d46a4f014a3d65a6ffd923da52220bcb90eb07e645af5d81b8658257c80caf8c788015c73dd59c2ef219bd4ae9179e29d0a5fec82d52d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
da3df239633376fde9bf6e76031167e7

SHA1
7620c10c56b5f0089e9b8aa4ddb97290d8ffadef

SHA256
5cd9410b60e6b184f92970f07adb570fd9fdd1e4f048f33ccecf6e1173e49d38

SHA512
ea65f14c45960ee2ada83e03e237d7afff99ae695adc3c94284969bfab66dc26b173702dddebc08ff237e2fc7dde6ff65fa22949bac1aab906e99c5597a1a9a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
474b9499f2a3f8cfc7021dec653d2532

SHA1
48f360ef054f927a884c2956f45e74521731ada6

SHA256
2ac5104eed9a0476fdfbb9a65f3a3351eae0b0ecc4fc12da21a97871b7ae426e

SHA512
04d35e299c82e4c797bd83f60373d2263cd1117d7b0609418940d1d9fafca1bfcbea838b21bf4c32b6efca29ecfa76cc51f6fa71b66ff21c848db6fd852af881

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
182f702dda9f0067019badd34e345c84

SHA1
96cf75257c95386d28be33dea9494e7060f6b9b9

SHA256
4606720f6148088348a55f768e3dda1f5cecdc002964e2fc2e55aee7fc3c1453

SHA512
51374359727428dffa5e1b2ab2d898035cce9eeacc735e4637856a6e04b344b8226d03b0c35294346f6fe47a781fbf6d8ff0ed1518c0001d64aeeb7347ae579a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
8ade8f7880f45e9f846b150e0cf8686a

SHA1
00fbacc34d5f1429885f86db849c1bc8428b5211

SHA256
5f2e163c8b1f9f1bdfdfb5c1b0bcfa039bf74dbb65a2dce4e07db05c17aa0677

SHA512
17ac9f59c149589b7172bf0c3d213c6754e31cb45f19bcd0fc18381efe7aa856a19dffb5fb6dc447f9ea4d784a71b2c921a29057bf2d18f038ff50d1eab8d89e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
a7f193a91c3b8f1cce3606e2f2dc1d1c

SHA1
cb4586b7fea172ed6828d3d879027093359e372c

SHA256
fb6262415fa86f372fc8fd66177f5c34c185fc38098c0c13586785b7055b0072

SHA512
f5f3582ffcdc2fd970ecfed2571395df35d1e9e359d89bd58dc0cf3ef1a38442517384c06a728fa79417c984912a2a3289f1d09e8321c90866ee35327fd19b6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
770b793a66fe7b2321a626cf6c98e087

SHA1
461f526cf23b8a94df551e3a6e271cd7e69ef3f6

SHA256
89a1a56e31228d624dbb480c532f28e93b756970d94a7829b5db1c5b71882fbd

SHA512
24274bc0c1a7d4a7429ec4263fd3430ad98506a8931b97cb1b8fc84b66b8e18d200f22a2049c114dd56a2b6affff800867ae4be5ed4a876302241ded09d51142

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
1e9ebce28fe86a3526f34f1ac2a0179f

SHA1
5907bcb6554e2a6761aad925d4320e6ad35cb511

SHA256
cf10838b3004b34d79528fce81a4ffe96ebdd44aa0172304616372a0afab6b0a

SHA512
8a80d8ef2a4750602d3e1dcc5d142c02d68e7783686cefe9970bfc5105dde2a2f387d4a57619782903a994923249115bcfb6c2b9141056e7f6dd16c99939d5e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
990B

MD5
af7923a3009912e9328260a98dd73748

SHA1
e69b0cee9d9bc89979ab5cf04baf4ab314c51e70

SHA256
ede9b295dc7ef7f1ae70ee99d15395f78760cf12efa2228b0a77e5fd7d199b8a

SHA512
366e95924d5fc6a7aa0ad8f024abb37805733b75ff6d36f72fb67abff25c67cca237689c26ee0845fbed14c15270f8b138da04face9518fb170ddf71ea86c863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
990B

MD5
f29d4416a22fa604b44a308b87425966

SHA1
d04adf43e5f5dafa9fd46d65a95fd29819f328ac

SHA256
66d453ce15e96352609d783dc6152d164811032a511f9b226753c7cbd89430b3

SHA512
3a7317012bd9876d9d31d5f8333b730fd922e2a954e1e21ba75969116a15e34e3c08f13464025ebb42f50ad3c738beb2fe4fb7a0f8baa224d3ff7bd7b21de6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
990B

MD5
6a71fda596ab216f5610babaac3f85a5

SHA1
68f2828dbfa7e686f9df080ecbe37b513444c4d0

SHA256
4170a7c107baa473b8a44e3883af363df0c1bf30779bed4bf65addb3be25f30e

SHA512
bd1b5e817710e047715b8d3380018f0635281ad39468661482eec4794ac6136c48b0c19cf44d400f8773ed1b98be0c6e2d9341932e844d68035a2ad7d4b8c46d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
990B

MD5
e15fe2d61759153ac26e08b23490b49f

SHA1
b884af28bfb4a1df198f1f5aa45c209bdb853728

SHA256
b370e9910d76f588ebb506ade1e112211883749cd0751a478f2f5ab4f71e1f64

SHA512
c75a9a12dbf3a152ed553db43149599da4fd05d382c74be7b787e1b052fdd13e68a400d6c7cb54ba420a2754dc7a0f2d11e9a8e3f0beecdda0943c7f8b11bbb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
990B

MD5
3c9d3d06c1699deebc5e5f1970b326ca

SHA1
aa46b44404583304d6ec0c59ee03e674498d6015

SHA256
4618bb8f45568151b71e3a52017b15135372ae30467e597e4ba52b65db667f23

SHA512
76fc676205b503133e5d55749f5b5c930c2cee080b2f0ed2fc9c37e53d8ee2006494119c1ef33b88d59669f6179dcddb27a83abb9c4fb3b198fc143609435ee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
990B

MD5
e2e00e674ffd5adf0e33caf67fefc566

SHA1
bba3421e1eb999178abf86fe0383b5c65631664a

SHA256
57f3bfcc8c79d91a0c7ccc72ffb61daa5345a7c35388233792efbbd5fbd272af

SHA512
0143a598da15136d85239974961a060de1cf56846f1200e95267ba5fe185a1ef86a1b18953b51a3c77345cf7bc422cd99932b7646993f1c05beb797cd121a144

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
990B

MD5
a024a5d770b06fc20fb5e9f0e2080f9a

SHA1
111ec45b183a19129d6c2ef3b9665fb9a736e3b1

SHA256
af821bad759d6ba3d1c40d7fc75982c46d504217e7e5c539dbbcb834f67d3287

SHA512
d2409d0c3c07e0038c793b3b80b624b40909b94f539d24e37472216257e4167101f5a377019e5f70fa3de599a422473d877b555e3e5751de78f75247f8f8b097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
990B

MD5
8c2b8658befcc3b44d5b452ea4ab7f27

SHA1
c02041a3d850cb196116c2dd8cf1cc2a70cce75a

SHA256
70a22bfc03120c57cf70ad7b32164701757472f36794ee61bd54abd00b6b767c

SHA512
6b67adeccfb295c15a04df2fcf1d44faf7c19aa8c156fcac3fb0e2acfaf88bb9676f96d601fde64bd3a29c592991de08c00e6944a139e90e1eefef3467104bc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
990B

MD5
f6c6a19457114717c8fd2bac69bcdf56

SHA1
2ef7b7b8966d74e6e1ec8ba3a9c6b3d402959876

SHA256
6af6ceaad8ae3d8ac2b3fd7f9eb7ba90e4bdca0d3d6dfa4245d0ce09d0ac01da

SHA512
371e41d8a76f6bcfc2992fbd35efc938c3d5a118d1cbf47918802fc8789348208a400a5843ff20deca4bed7b476cd87a2e55940e7a5e3a319d7380d42cfc1f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
990B

MD5
1696fea3bafcd1ac4d3251ca5a9977e5

SHA1
d52fb286612b8dabddf71f2d7831f0b414f9e48f

SHA256
4855525ebeb22c6dfb687c2e31279f5603bb01c2a052880df5d0c2974e215238

SHA512
b79fa54cff8a4151472133f169b98aa2069301374b0320dc67edff875fba698e15e199bc4e76799ad4b3164716dacb2378277208222a69a39a51c039dc5c7367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
990B

MD5
034d0a22a3eebe465c2e548beb0c91b6

SHA1
46821725dbba90f1f2d1564364dd0a97eea45199

SHA256
2846615a28e3b40214002a0df77405a91a4e1e4e8932bbf4015e0ad98bbb5e00

SHA512
f249b021b80d4a0673b909504f5ee0b39abca33bea11a6722d7f992cbcd9e78e980f8cf41d5b8db7d8dc7bd83f11add013d47cd19d29cf890823d63b3d9ee777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
229B

MD5
fa11e85420954b4cd7eb65f881401246

SHA1
fbd9459a71f3391cdde344343c465a01502592dc

SHA256
2cb1f8bcd0ee5bae915a0ef6b76ab960929f5f07d43bd897c7130f8c52a85912

SHA512
e9d55fc75210d4eca2bc3676b50453f985e613dcebd83339b15a3a8151ef7764a402c348ffec9a225978e48a0770befd4371d0da2a77aa1e05273645c6f41cf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
229B

MD5
64acd7aeaf8d4288c536b3330ac4f9a3

SHA1
d923eb07a49fb63d5dce6d14c9ae137f062dcee2

SHA256
5edef2d7ee45b9c20a8b4e4fa19ff4c9da70e91961e42563eb01d2fbdf7d7f0f

SHA512
46e4cbafbd7d94d9cc0e93364ae272c06b2d6c2d2d37c721cf76b4e60614d1c4d487e11c13d4453c6e9f4ae20dea8db806efb0af3acf66f60d4c5dc5ed2ca27c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
229B

MD5
a225414fc21dfa3afb73860e68fd07c4

SHA1
e6c9c3336978d32d3a038095b94bf571af78890a

SHA256
b21402e24b5080270b7a2752be165658b57d7951f51e3fdac4a1f9d95b144606

SHA512
f5978f01a2bd4df12d96ce247e7a51d90a960da0c5d7acfa0f815cf37058abe248480369d3c4fb6ce0feed8ab675b206beff512ccd94c63849a374892ae50f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
229B

MD5
7af51172a40562fc2163d38a15bda6ff

SHA1
87c6b463a7232bc837535b6dedb673a818b4b2e7

SHA256
bba3a5510cc893c3043bb00440627da9f44bd6b3ccee51c800731dee49436e60

SHA512
210106efb4204ef40e55c31511cec41ae5ef48fab7b71f76a5e547874e31d69b62a74b22f992aeb49025326e767bd65a613549cb3fd82333a59383b9245ad117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
24KB

MD5
0797d718653352164b096b592d3ff28b

SHA1
182f3b30839579469e2cf2de77ce481db18589f0

SHA256
0814e0f963e5a063f4c6dbc73d12c796b87347bd454a15b03f2f5041047aea96

SHA512
2b5e9db99d7b20c1a54f31f36e2e974a63efadb86bfc66c3aeeaf1efbf3f59cebe64e805f6aa6dc3142395f2cc3e1340fb59ebac34fa84302479df4fa4832a6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
578B

MD5
91a572d9e81abd51036f3b7850059f19

SHA1
62193a68ef851263839783d95e2caeb8c2df7ad2

SHA256
718ff9a96a643514b3d89e5b136325647897b54314f5cc9d89d6a87ee8c7dbd6

SHA512
41cc759c8a9c4e4e2a4a64ed3e6fb3283b98411c2ab718034614f54d62454fb21632fef6149e8dfa68a1ef392723463504374eeb303d1ff5fcac11a174148f97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
990B

MD5
43332d9e053db807e731be9fd4c6b961

SHA1
8e1b7ed6b13ad28ba8a6491a7bb3f5410664446c

SHA256
28e94335bda3677937fee5541d2951653d8b6792914cde8e159a759e3a26b766

SHA512
0d777ab30ba11cc769e74617ebd63b1c0b09d6f86a43c5f9b6b070d9977aba364ba1a37348626d898c5e94cbb337a65513be4b113780a79df6090a99303eb14a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
990B

MD5
e0eb00f5cf8b32e5f6bba4e31aedcb97

SHA1
162f0ab2dcb146d6f7a702f6e966beaa1830fb3c

SHA256
0e1df097bd291a7364049139fc8ccacdac39a1db1b3efc9e2ebd90601c75b52b

SHA512
e916914a12022927e146f88db3576fe2ddb93dfa62bed22f2e802eba140065d206cecbb8602c8a69ae5eaeb3ef52941a87cc2b6ba1d4129477b206296c9fea3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
814B

MD5
070ab3450e093191645fed544e77e5a7

SHA1
9eada82d01bd0aa194420a339fa1370261de5140

SHA256
60f6d98286c497fadbfcf8489ac47d1fc94d6ea809642ebf8c9538f0087ab92e

SHA512
2a59a5b9b52fba6eface744580c857e181670cc438748fef8744273fbbac72595c9d76e86e6d0cc6b2332af97a7b23cdbf85da0c41a7a2376bdc5a5643e203d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
990B

MD5
02f9fc8f0a2f1eaf7588668713fad1ba

SHA1
17b98c4f88ef0b74668e5cb2b887a7c3da58441a

SHA256
8d6c5bb20ad954017a556f8b94ee65739d9ab6b6e0d934da2614af1559a469d7

SHA512
ea24cb5adbb0ba10a15c52987199fe17a2774ffc52bb108d6435b3721aeab211ffc5c451d76f2b20213885b169432b1ed88cbb89cb0689a9bca7592f0e4c187a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
990B

MD5
cb622ddd05cf6fca0ee2c2707b37d293

SHA1
1a4f72b511464f321c70c4ea43cbac4a24490149

SHA256
11adc9473949666349525912b98695682f6ee8cfb0cd0b422f147b6f27937352

SHA512
6f31ebdc5c3faa37ce0d7dcd1e902da9e3d7f893df9d28e65462366feb701ec1d6109ad6e4673f7604710e8add681cec69ba12a3ed98ee61d6e6eeffe3978bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
814B

MD5
37ce990776f10cec42476de79ec70318

SHA1
3a13cb3808b097cd85d082ecf04e5154beaa0bf2

SHA256
8d6f4f1a9cbc0eec4be2a9bfc47fbf64336dff3b828f780ae3c5e543c219ae73

SHA512
e98dc11b2c5334878a4ab242de18bed79ecb08d8311081233d0be5f8f17d4e13fadbf91affa38a5c7ea7e16c7dab25c67c567f46d66c1b71d1833241c2e285bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
15KB

MD5
d8bd704ecccdae132d2c34120b5fb026

SHA1
27ce25f7a4fd62c62ec16419a860379b36ca5103

SHA256
b06ed531840d1d39fc3bfba6f13d15057d08c4b40c567d7c34d8417232818c9a

SHA512
dfa9e2a58d3c85227cf54e11febbc6368eaee0deccf274fff225f3cee6f0cf40632a294b1c05dc058406256b7451f9df68b54cbd3dbb562b5517fd6f3b5e8a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
814B

MD5
b3684dd7fa9c69eae4442a55c09b2278

SHA1
18ff12c87c2c189e5359f6fd394155bb02186828

SHA256
08384e3f60ca2abf67a503e6db4fc8c8c4cf2e6250ad6e8de96a51c2f00b47fe

SHA512
85c3c5f01fcfb7fcce5dedec47e384cbdb4832f08d8477385c2793ceb91659e8b265dc9d10bead6119dae51926895f817ad594c770daa7c3b84a3859e6bc7121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
29KB

MD5
bd26d51b3b2cdc96163ad7e957443091

SHA1
ec1446611b77b0fff698fda27777900f442134af

SHA256
e57eb256aaa8a27f0a6ee6df2ad9494af0f6ed6a081fb9243fcd9c675b8a2325

SHA512
c26c50d377b6ab880fd6a34e2cb2c65248faa45e1285bfb60304f052dbbb8273c5d44dc5c579be2c1aa3d8adef03b2a78a41050245894f4903d5d6de704b944e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
814B

MD5
9be21c0bb5bb8050031794fe38bb1851

SHA1
22c74faab89c0edf272b0a6ce4df1a3446018bba

SHA256
71fcc340737dc2dc4f429f39e03e87ae4eabcc371f291e6b4593813fcbaa29b6

SHA512
a0440716e971591bed7dcb1461b7cf690e5366fb9ab5fa01cac72ea7357c62dd6203e2ae851984f3184c254ff243bf024b9e12d4ebb91ac51b8532a822d1567c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AYNZRAR6\www.youtube[1].xml

Filesize
43KB

MD5
d83d4e221ef25cab5788967efe9ae14d

SHA1
72c4753dcb97b7412d47a7a96414b91bb9ad88ed

SHA256
29a0da811f1a795840fc7be21751e9d47cf7fa9f39caeec44af99c418acc87bf

SHA512
477c592852e004ecef5dd201b726fd22ee1a44ac4bee79381f4d6e5683dd1f14eb395ad2419a8b2ba39e09318f9f9e83739e18d1a2f3a36019d008c43aa0a361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LF9I1AK\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

Filesize
19KB

MD5
de8b7431b74642e830af4d4f4b513ec9

SHA1
f549f1fe8a0b86ef3fbdcb8d508440aff84c385c

SHA256
3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a

SHA512
57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LF9I1AK\KFOmCnqEu92Fr1Mu4mxM[1].woff

Filesize
19KB

MD5
bafb105baeb22d965c70fe52ba6b49d9

SHA1
934014cc9bbe5883542be756b3146c05844b254f

SHA256
1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed

SHA512
85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4UQ4J2DQ\base[1].js

Filesize
2.3MB

MD5
f1609182e6afe46c1021d37bc5ebfdab

SHA1
6de10bf9f03b86633e9ee3909881149aa915c423

SHA256
480748a2014453d4628fe41a2c81bfd9b3e0bbbdeff8df31c9701138551b4860

SHA512
ecabf5496abf104101fd4cdd1fc66cd892ef27b0f697e7ecd04f4f16593785e220d34117a925df0b5e4dca85327f717295c4b5b95993821dfad64af955220511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4UQ4J2DQ\www-embed-player[1].js

Filesize
328KB

MD5
eff8a05b54f33d1f32b739067b43bb43

SHA1
f1e40e0e4e5226abae4ef85854fc12c850e387e1

SHA256
1dfe73858eb7a2290d60ae2f0be3fb0552f656918046f8d4f37147567523f68e

SHA512
8fc247a8b47891dd8d6a5c9087108e5632c7c5e3438529be1ad4af4cae6c2abc5424921a1ac843f9b88380a0f47fd7fb17d28b8e466a2813fcca9476b51fd884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\69P6875H\ad_status[1].js

Filesize
29B

MD5
1fa71744db23d0f8df9cce6719defcb7

SHA1
e4be9b7136697942a036f97cf26ebaf703ad2067

SHA256
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

SHA512
17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\69P6875H\embed[2].js

Filesize
66KB

MD5
b862bf5490b2845b2d04b5cfe00e19bf

SHA1
03229098e0e04ae9576060bcd0ef1e567214d2a7

SHA256
762a9cc80cb32b80e2621cf18f6887b0f1a460995a8f822af6692f8fb1fc65e7

SHA512
5c4652f549b6af9908fbc14020d6ed89c2c5ae8f27e331bed5eb80889f2b466ed68242b17e43e46a9249f674671de1ac580d4b66d66228080498c22ac6a69e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\69P6875H\remote[2].js

Filesize
118KB

MD5
070f2f7d61543a4ee67d6c252075034d

SHA1
a2e0d1d08c18736dfc19c16e147ccea13361efc2

SHA256
924d0f1f7dec14081ddff34a8799e8ec9ef32963d38fb04e0f1e07ee4e3423da

SHA512
5abe05872c423717a8367b9187b0caaf5ecac1179329af2fc3a35256b0f6f8e97c8b7f92be0e440d63f1bb99ed0e4445793179e61896736a74a77d8ec77104c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEC06.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEC28.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request