5683e262ba0b54b3a91957f6097aa4fe5fa194c288b5f954385d515b00a32982

Analysis

max time kernel
146s
max time network
153s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 19:00 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d2a195b706c355f22363fe485ed155c8_JaffaCakes118.html
Size

175KB
MD5

d2a195b706c355f22363fe485ed155c8
SHA1

d62d85b0b6dc0f216eef06f1d5c7e167b3b12886
SHA256

5683e262ba0b54b3a91957f6097aa4fe5fa194c288b5f954385d515b00a32982
SHA512

7a52f7f1f037db40c9a1a2824ee030a8a878b566dd8e0f055bc3f04980ab2960dcfb70378bbe971d73c00da24af1302782ed67347e9623573280d52ad202493c
SSDEEP

1536:Sqt58gd8Wu8pI8Cd8hd8dQgbH//WoS3SGNkFRYfBCJiZu+aeTH+WK/Lf1/hpnVSV:SHCT3S/FkBCJiJB

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "331"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "18504"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "233"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8916"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8102"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18875"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8795"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19489"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8910"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "377"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9889"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "331"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8795"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{84FF6E91-6D4B-11EF-A429-7A64CBF9805C} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "233"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "325"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9895"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18504"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9895"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19483"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "331"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8910"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19401"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "27902"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2776	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2776	iexplore.exe
2776	iexplore.exe
2212	IEXPLORE.EXE
2212	IEXPLORE.EXE
2212	IEXPLORE.EXE
2212	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 2212	2776	iexplore.exe	30
PID 2776 wrote to memory of 2212	2776	iexplore.exe	30
PID 2776 wrote to memory of 2212	2776	iexplore.exe	30
PID 2776 wrote to memory of 2212	2776	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d2a195b706c355f22363fe485ed155c8_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2776 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2212

Network

DNS

www.konthaiusa.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.konthaiusa.com

IN A

Response
DNS

www.konthaiusa.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.konthaiusa.com

IN A
GET

http://fonts.googleapis.com/css?family=Arial

IEXPLORE.EXE

Remote address:

142.250.27.95:80

Request

GET /css?family=Arial HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 07 Sep 2024 19:01:03 GMT
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
DNS

www.youtube.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

142.250.27.190

youtube-ui.l.google.com

IN A

142.250.102.93

youtube-ui.l.google.com

IN A

142.250.27.91

youtube-ui.l.google.com

IN A

142.250.102.91

youtube-ui.l.google.com

IN A

142.250.27.93

youtube-ui.l.google.com

IN A

142.250.102.136

youtube-ui.l.google.com

IN A

142.250.102.190

youtube-ui.l.google.com

IN A

142.250.27.136
DNS

www.facebook.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.243.35
GET

http://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.27.190:80

Request

GET /embed/ygK7kej0BPA?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 07 Sep 2024 19:01:03 GMT
Location: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

IEXPLORE.EXE

Remote address:

157.240.243.35:80

Request

GET /plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.facebook.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Content-Type: text/plain
Server: proxygen-bolt
Date: Sat, 07 Sep 2024 19:01:03 GMT
Connection: keep-alive
Content-Length: 0
GET

http://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.27.190:80

Request

GET /embed/evMR3wn1LGk?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 07 Sep 2024 19:01:03 GMT
Location: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.27.190:80

Request

GET /embed/QMECDnECjJM?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 07 Sep 2024 19:01:03 GMT
Location: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.27.190:80

Request

GET /embed/gS2GhpTPLvQ?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 07 Sep 2024 19:01:03 GMT
Location: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.27.190:80

Request

GET /embed/ywSeSlVcY4w?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 07 Sep 2024 19:01:03 GMT
Location: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

https://www.youtube.com/s/player/5f8f5b0f/player_ias.vflset/en_US/remote.js

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

GET /s/player/5f8f5b0f/player_ias.vflset/en_US/remote.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=xB_y6bUFrvs; VISITOR_INFO1_LIVE=iQI4qmj_te0; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgIQ%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 39255
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 03 Sep 2024 18:29:50 GMT
Expires: Wed, 03 Sep 2025 18:29:50 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 03 Sep 2024 04:14:15 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 347484
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1725735675744
Content-Type: application/json
X-Goog-Visitor-Id: CgtWRU1jTTV1bWNxZyj0xfK2BjIKCgJHQhIEGgAgOQ%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240902.00.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1725735669194&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C1524%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C590%2C250&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 9443
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=xB_y6bUFrvs; VISITOR_INFO1_LIVE=iQI4qmj_te0; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgIQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 07 Sep 2024 19:01:20 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

GET /embed/QMECDnECjJM?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 07 Sep 2024 19:01:08 GMT
Strict-Transport-Security: max-age=31536000
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
Cross-Origin-Resource-Policy: cross-origin
Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Content-Security-Policy: require-trusted-types-for 'script'
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
Set-Cookie: YSC=j-Ex3tYTEF8; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_INFO1_LIVE=YKqXk1-hcWE; Domain=.youtube.com; Expires=Thu, 06-Mar-2025 19:01:08 GMT; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgDA%3D%3D; Domain=.youtube.com; Expires=Thu, 06-Mar-2025 19:01:08 GMT; Path=/; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

GET /embed/ygK7kej0BPA?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 07 Sep 2024 19:01:09 GMT
Strict-Transport-Security: max-age=31536000
Cross-Origin-Resource-Policy: cross-origin
Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
Set-Cookie: YSC=gqs77gNA4QQ; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_INFO1_LIVE=sZJDfkgVuFo; Domain=.youtube.com; Expires=Thu, 06-Mar-2025 19:01:09 GMT; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgDA%3D%3D; Domain=.youtube.com; Expires=Thu, 06-Mar-2025 19:01:09 GMT; Path=/; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1725735675745
Content-Type: application/json
X-Goog-Visitor-Id: CgtZS3FYazEtaGNXRSj0xfK2BjIKCgJHQhIEGgAgDA%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240902.00.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1725735669179&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12594%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 8268
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=xB_y6bUFrvs; VISITOR_INFO1_LIVE=iQI4qmj_te0; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgIQ%3D%3D
GET

http://www.google-analytics.com/ga.js

IEXPLORE.EXE

Remote address:

142.250.27.113:80

Request

GET /ga.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google-analytics.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Sat, 07 Sep 2024 17:07:20 GMT
Expires: Sat, 07 Sep 2024 19:07:20 GMT
Cache-Control: public, max-age=7200
Age: 6826
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
GET

https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

GET /embed/gS2GhpTPLvQ?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 07 Sep 2024 19:01:09 GMT
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: require-trusted-types-for 'script'
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
Content-Security-Policy-Report-Only: base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';report-uri /cspreport/common;script-src 'nonce-5fpee5hZ8nkEfF2TwDVf-w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';style-src https: 'unsafe-inline'
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
Set-Cookie: YSC=am8Mk-0dqgw; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_INFO1_LIVE=ERy_CGNJVk8; Domain=.youtube.com; Expires=Thu, 06-Mar-2025 19:01:09 GMT; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgNg%3D%3D; Domain=.youtube.com; Expires=Thu, 06-Mar-2025 19:01:09 GMT; Path=/; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/s/player/5f8f5b0f/www-embed-player.vflset/www-embed-player.js

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

GET /s/player/5f8f5b0f/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=am8Mk-0dqgw; VISITOR_INFO1_LIVE=ERy_CGNJVk8; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgNg%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 117679
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 03 Sep 2024 07:40:58 GMT
Expires: Wed, 03 Sep 2025 07:40:58 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 03 Sep 2024 04:14:15 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 386516
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

GET /embed/evMR3wn1LGk?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 07 Sep 2024 19:01:09 GMT
Strict-Transport-Security: max-age=31536000
Cross-Origin-Resource-Policy: cross-origin
Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
Content-Security-Policy: require-trusted-types-for 'script'
Content-Security-Policy-Report-Only: base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';report-uri /cspreport/common;script-src 'nonce-CQlNaVcucijoBYB_Fz3DPQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';style-src https: 'unsafe-inline'
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
Set-Cookie: YSC=E-tq1tc5_BE; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_INFO1_LIVE=VEMcM5umcqg; Domain=.youtube.com; Expires=Thu, 06-Mar-2025 19:01:09 GMT; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgOQ%3D%3D; Domain=.youtube.com; Expires=Thu, 06-Mar-2025 19:01:09 GMT; Path=/; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

GET /embed/ywSeSlVcY4w?wmode=Opaque HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 07 Sep 2024 19:01:09 GMT
Strict-Transport-Security: max-age=31536000
Cross-Origin-Resource-Policy: cross-origin
Content-Security-Policy: require-trusted-types-for 'script'
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
Set-Cookie: YSC=xB_y6bUFrvs; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_INFO1_LIVE=iQI4qmj_te0; Domain=.youtube.com; Expires=Thu, 06-Mar-2025 19:01:09 GMT; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgIQ%3D%3D; Domain=.youtube.com; Expires=Thu, 06-Mar-2025 19:01:09 GMT; Path=/; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/s/player/5f8f5b0f/www-embed-player.vflset/www-embed-player.js

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

GET /s/player/5f8f5b0f/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=am8Mk-0dqgw; VISITOR_INFO1_LIVE=ERy_CGNJVk8; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgNg%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 117679
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 03 Sep 2024 07:40:58 GMT
Expires: Wed, 03 Sep 2025 07:40:58 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 03 Sep 2024 04:14:15 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 386537
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/5f8f5b0f/player_ias.vflset/en_US/embed.js

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

GET /s/player/5f8f5b0f/player_ias.vflset/en_US/embed.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=am8Mk-0dqgw; VISITOR_INFO1_LIVE=ERy_CGNJVk8; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgNg%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 23517
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 03 Sep 2024 08:06:37 GMT
Expires: Wed, 03 Sep 2025 08:06:37 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 03 Sep 2024 04:14:15 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 385000
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

IEXPLORE.EXE

Remote address:

157.240.243.35:443

Request

GET /plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.facebook.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7411978243904104195", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7411978243904104195"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none;report-to="coop_report"
Pragma: no-cache
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Strict-Transport-Security: max-age=15552000; preload
Content-Type: text/html; charset="utf-8"
X-FB-Debug: OhMfCf6AHvAkpB5HLeJ6XPZnqGR+TTFb+6ECm74i8/frjK3in3Iufeo2hhIppSTQrPLG3vuMb2i9jrGLCKWv5w==
x-fb-server-load: 29
Date: Sat, 07 Sep 2024 19:01:05 GMT
X-FB-Connection-Quality: GOOD; q=0.7, rtt=51, rtx=2, c=2, mss=1357, tbw=3221, tp=-1, tpl=-1, uplat=133, ullat=0
Alt-Svc: h3=":443"; ma=86400
Transfer-Encoding: chunked
Connection: keep-alive
DNS

static.xx.fbcdn.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.xx.fbcdn.net

IN A

Response

static.xx.fbcdn.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

157.240.243.2
GET

https://static.xx.fbcdn.net/rsrc.php/v3/ya/r/dvL-mSr_f6M.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

157.240.243.2:443

Request

GET /rsrc.php/v3/ya/r/dvL-mSr_f6M.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Sat, 06 Sep 2025 22:08:54 GMT
Cache-Control: public,max-age=31536000,immutable
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
origin-agent-cluster: ?1
content-md5: /vvRGpkPlHsisg6WDqz3Yw==
X-FB-Debug: kAU/1R45qKnl9IPQGio8sQ9vReTuVnmAi7d11mKZy9dHzevdFR025vtZEhPYQN8ehTLwhkEysbZcpzckOIcNnw==
x-fb-server-load: 35
Date: Sat, 07 Sep 2024 19:01:06 GMT
X-FB-Connection-Quality: GOOD; q=0.7, rtt=51, rtx=0, c=14, mss=1357, tbw=3222, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 119385
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yx/l/0,cross/MEtExguyptz.css?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

157.240.243.2:443

Request

GET /rsrc.php/v3/yx/l/0,cross/MEtExguyptz.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: text/css, */*
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Sun, 07 Sep 2025 16:47:59 GMT
Cache-Control: public,max-age=31536000,immutable
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
origin-agent-cluster: ?1
content-md5: TrG038E61eomy8gCWsSSrg==
X-FB-Debug: Mdn6miukVQN5PYYYY6tQMLImj8yKoLBiPhUWfCzwoTCqVNaqxwv9ER4+iNsJ9uMFrPn4jbUS50x4ZpurxYrZXQ==
x-fb-server-load: 49
Date: Sat, 07 Sep 2024 19:01:06 GMT
X-FB-Connection-Quality: GOOD; q=0.7, rtt=56, rtx=0, c=14, mss=1357, tbw=3222, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 6024
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yK/r/yhMLxgtMNUo.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

157.240.243.2:443

Request

GET /rsrc.php/v3/yK/r/yhMLxgtMNUo.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Sat, 06 Sep 2025 03:53:13 GMT
Cache-Control: public,max-age=31536000,immutable
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
origin-agent-cluster: ?1
content-md5: EtTkQSIVUyPfzhwR1EO1DQ==
X-FB-Debug: m65UVoxoWcTlufpqcqShUJMpKs7qE6Lo9UtbJd15j8omB1igIUqKe0OVTqg23EBSwi1CrYwfmUDPSEDI5+np8Q==
x-fb-server-load: 30
Date: Sat, 07 Sep 2024 19:02:18 GMT
X-FB-Connection-Quality: GOOD; q=0.7, rtt=56, rtx=15, c=4, mss=1357, tbw=11297, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: close
Content-Length: 69188
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/o1ndYS2og_B.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

157.240.243.2:443

Request

GET /rsrc.php/v3/y1/r/o1ndYS2og_B.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Wed, 03 Sep 2025 15:10:00 GMT
Cache-Control: public,max-age=31536000,immutable
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
origin-agent-cluster: ?1
content-md5: +XuRV7TCFgdTr4rntoaKNw==
X-FB-Debug: /5IUQgOcrESrDDzspEbGkdTIZEYUXFaeFHgr/6H67PBZOrv9UCITlJibzRu/6drFPPgfxgfyrfH4sqTsCUtUQw==
x-fb-server-load: 37
Date: Sat, 07 Sep 2024 19:01:06 GMT
X-FB-Connection-Quality: GOOD; q=0.7, rtt=52, rtx=0, c=14, mss=1357, tbw=3223, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 2348
GET

https://static.xx.fbcdn.net/rsrc.php/v3issO4/yA/l/en_GB/pLoSlJD7y1F.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

157.240.243.2:443

Request

GET /rsrc.php/v3issO4/yA/l/en_GB/pLoSlJD7y1F.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Fri, 29 Aug 2025 10:28:23 GMT
Cache-Control: public,max-age=31536000,immutable
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
origin-agent-cluster: ?1
content-md5: BXtkWzgo8lyqF1Lj4XfyGg==
X-FB-Debug: Hm/eDC1pzLn1n9Lidu+MExI3hKKaBvHS3lvajhAmDtgDSE8Lg5XHpJU3aMRN9LoF1FdbWEbqvaIfpeZxTwDQIQ==
x-fb-server-load: 64
Date: Sat, 07 Sep 2024 19:01:06 GMT
X-FB-Connection-Quality: GOOD; q=0.7, rtt=51, rtx=0, c=14, mss=1357, tbw=3221, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 28907
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/dXk5exdOVhk.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

157.240.243.2:443

Request

GET /rsrc.php/v3/y1/r/dXk5exdOVhk.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Thu, 28 Aug 2025 04:38:36 GMT
Cache-Control: public,max-age=31536000,immutable
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
x-ua-compatible: IE=edge
origin-agent-cluster: ?1
content-md5: ivkhXUQG4wQzNqI4NjhapA==
X-FB-Debug: B8DJ1x9uNCFT6/Hyle1ypOXwhZyRuVg/Iul6Nk8prKlMAa223ZZ93R6nt4nY5dDth0grQjGtMzbAqqxo7NHcrw==
x-fb-server-load: 29
Date: Sat, 07 Sep 2024 19:01:07 GMT
X-FB-Connection-Quality: GOOD; q=0.7, rtt=107, rtx=8, c=19, mss=1357, tbw=34283, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 302
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yV/r/Glud--w-qOK.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

157.240.243.2:443

Request

GET /rsrc.php/v3/yV/r/Glud--w-qOK.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Sat, 06 Sep 2025 20:40:36 GMT
Cache-Control: public,max-age=31536000,immutable
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
origin-agent-cluster: ?1
content-md5: amwV/kzpjA3lcdYoUHwzSg==
X-FB-Debug: Twqc3ieCW4UkwZ7COZh0VwD0RPnx9oReXTQYivnUpZEdnaq6hBM/NLF9/kJiQv5O8lzdeZAGtEarn2s1OuExhg==
x-fb-server-load: 37
Date: Sat, 07 Sep 2024 19:01:06 GMT
X-FB-Connection-Quality: GOOD; q=0.7, rtt=51, rtx=0, c=14, mss=1357, tbw=3221, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 11620
GET

https://static.xx.fbcdn.net/rsrc.php/v3ij9m4/yS/l/en_GB/FsgTKAP125G.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

157.240.243.2:443

Request

GET /rsrc.php/v3ij9m4/yS/l/en_GB/FsgTKAP125G.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Sat, 06 Sep 2025 22:44:34 GMT
Cache-Control: public,max-age=31536000,immutable
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
origin-agent-cluster: ?1
content-md5: mnQpnT09BfD+pmb7WOI7Ng==
X-FB-Debug: 3oCZUm6pX4s2lMWLYF1ifE0GIVOFxYx1QmxA/5bvTJFiE0c1wXgX9JAcgEj5hZHjFNgnYe6QWkO/JPQ0gcC6Jg==
x-fb-server-load: 34
Date: Sat, 07 Sep 2024 19:01:06 GMT
X-FB-Connection-Quality: GOOD; q=0.7, rtt=54, rtx=0, c=14, mss=1357, tbw=3221, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 28985
DNS

scontent.xx.fbcdn.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

scontent.xx.fbcdn.net

IN A

Response

scontent.xx.fbcdn.net

IN A

157.240.243.2
GET

https://scontent.xx.fbcdn.net/v/t39.30808-1/302682950_408081388117661_761848427710662801_n.jpg?stp=cp0_dst-jpg_s50x50&_nc_cat=103&ccb=1-7&_nc_sid=6738e8&_nc_ohc=AzK9QtI-96cQ7kNvgEszH3r&_nc_ht=scontent.xx&edm=AEDRbFQEAAAA&_nc_gid=A39VDMeKP91wJ99O8U9YKH3&oh=00_AYBwxUm8scKLZ1lH8qXwi4-UXC6aFUe-WViNu0gWd0JgNQ&oe=66E284D3

IEXPLORE.EXE

Remote address:

157.240.243.2:443

Request

GET /v/t39.30808-1/302682950_408081388117661_761848427710662801_n.jpg?stp=cp0_dst-jpg_s50x50&_nc_cat=103&ccb=1-7&_nc_sid=6738e8&_nc_ohc=AzK9QtI-96cQ7kNvgEszH3r&_nc_ht=scontent.xx&edm=AEDRbFQEAAAA&_nc_gid=A39VDMeKP91wJ99O8U9YKH3&oh=00_AYBwxUm8scKLZ1lH8qXwi4-UXC6aFUe-WViNu0gWd0JgNQ&oe=66E284D3 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: scontent.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

x-additional-error-detail:
Last-Modified: Sat, 10 Sep 2022 01:27:37 GMT
X-Needle-Checksum: 2883854034
Content-Type: image/jpeg
content-digest: adler32=740015753
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
Access-Control-Allow-Origin: *
Cache-Control: max-age=1209600, no-transform
Accept-Ranges: bytes
Date: Sat, 07 Sep 2024 19:01:14 GMT
X-FB-Connection-Quality: MODERATE; q=0.3, rtt=238, rtx=7, c=6, mss=1357, tbw=3222, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 1967
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yG/r/WvbRbK9sYiL.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

157.240.243.2:443

Request

GET /rsrc.php/v3/yG/r/WvbRbK9sYiL.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Sun, 07 Sep 2025 15:30:35 GMT
Cache-Control: public,max-age=31536000,immutable
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
origin-agent-cluster: ?1
content-md5: w5wNVKIM4DoYG1rk2koWTQ==
X-FB-Debug: bC3XItto8rJnPPYSzKHZMECU44APc3gdxEgFb0Hov30zk5qOYZyCEEwdYi5+D46yHaIYuiRX5qg/3Kwc+FBSjQ==
x-fb-server-load: 60
Date: Sat, 07 Sep 2024 19:01:10 GMT
X-FB-Connection-Quality: GOOD; q=0.7, rtt=52, rtx=0, c=11, mss=1357, tbw=137, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 1830
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

IEXPLORE.EXE

Remote address:

157.240.243.2:443

Request

GET /rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
Expires: Thu, 28 Aug 2025 05:55:55 GMT
Cache-Control: public,max-age=31536000,immutable
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
origin-agent-cluster: ?1
content-md5: PCil07El4hl7RdWxcVlVHw==
X-FB-Debug: KodlMuUAJ96ijvNi9qgCyHNV99zIp596rdSwRbrwemDMkvickD7gtanJKhx9JQQ54qMrsbcd4rSsoi4CP1RJWA==
x-fb-server-load: 29
Date: Sat, 07 Sep 2024 19:01:10 GMT
X-FB-Connection-Quality: GOOD; q=0.7, rtt=51, rtx=0, c=11, mss=1357, tbw=137, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 333
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.27.94
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.27.94
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.27.94
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.27.94:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 07 Sep 2024 18:17:24 GMT
Expires: Sat, 07 Sep 2024 19:07:24 GMT
Cache-Control: public, max-age=3000
Age: 2624
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/wr2/oQ6nyr8F0m0.crl

IEXPLORE.EXE

Remote address:

142.250.27.94:80

Request

GET /wr2/oQ6nyr8F0m0.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 12062
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 07 Sep 2024 18:58:58 GMT
Expires: Sat, 07 Sep 2024 19:48:58 GMT
Cache-Control: public, max-age=3000
Last-Modified: Sat, 07 Sep 2024 18:45:38 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
Age: 147
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.27.94:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 07 Sep 2024 18:17:24 GMT
Expires: Sat, 07 Sep 2024 19:07:24 GMT
Cache-Control: public, max-age=3000
Age: 2624
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.27.94:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 07 Sep 2024 18:17:24 GMT
Expires: Sat, 07 Sep 2024 19:07:24 GMT
Cache-Control: public, max-age=3000
Age: 2624
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.27.94:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 07 Sep 2024 18:17:24 GMT
Expires: Sat, 07 Sep 2024 19:07:24 GMT
Cache-Control: public, max-age=3000
Age: 2624
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.27.94
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.27.94
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.27.94
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.27.94
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEEY%2BBbWicZDJCutGRyts3so%3D

IEXPLORE.EXE

Remote address:

142.250.27.94:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEEY%2BBbWicZDJCutGRyts3so%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 07 Sep 2024 18:13:00 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2888
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDBBI61buTJSxBPkvvajAV6

IEXPLORE.EXE

Remote address:

142.250.27.94:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDBBI61buTJSxBPkvvajAV6 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 07 Sep 2024 18:53:01 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 490
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEGs31zQSL0RFCna%2BsoPon%2Bg%3D

IEXPLORE.EXE

Remote address:

142.250.27.94:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEGs31zQSL0RFCna%2BsoPon%2Bg%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 07 Sep 2024 18:07:36 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 3217
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEAF7KWhM60m3EI1Tk9fdsmI%3D

IEXPLORE.EXE

Remote address:

142.250.27.94:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEAF7KWhM60m3EI1Tk9fdsmI%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 07 Sep 2024 18:46:40 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 875
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEEY%2BBbWicZDJCutGRyts3so%3D

IEXPLORE.EXE

Remote address:

142.250.27.94:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEEY%2BBbWicZDJCutGRyts3so%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 07 Sep 2024 18:13:00 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2888
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC%2BxJ6Dr%2Fai6QonM%2F7HQx1J

IEXPLORE.EXE

Remote address:

142.250.27.94:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC%2BxJ6Dr%2Fai6QonM%2F7HQx1J HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 07 Sep 2024 18:28:56 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1936
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEC3QjsHQh0OQEJO7ScqSTgQ%3D

IEXPLORE.EXE

Remote address:

142.250.27.94:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEC3QjsHQh0OQEJO7ScqSTgQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 07 Sep 2024 18:51:55 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 558
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEAF7KWhM60m3EI1Tk9fdsmI%3D

IEXPLORE.EXE

Remote address:

142.250.27.94:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEAF7KWhM60m3EI1Tk9fdsmI%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 07 Sep 2024 18:46:40 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 875
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEEY%2BBbWicZDJCutGRyts3so%3D

IEXPLORE.EXE

Remote address:

142.250.27.94:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEEY%2BBbWicZDJCutGRyts3so%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 07 Sep 2024 18:13:00 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2888
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDBBI61buTJSxBPkvvajAV6

IEXPLORE.EXE

Remote address:

142.250.27.94:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDBBI61buTJSxBPkvvajAV6 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 07 Sep 2024 18:53:01 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 490
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEC3QjsHQh0OQEJO7ScqSTgQ%3D

IEXPLORE.EXE

Remote address:

142.250.27.94:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEC3QjsHQh0OQEJO7ScqSTgQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 07 Sep 2024 18:51:55 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 558
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEBFwHbrJaxWDCjHK4%2BG0Wcs%3D

IEXPLORE.EXE

Remote address:

142.250.27.94:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEBFwHbrJaxWDCjHK4%2BG0Wcs%3D HTTP/1.1
Cache-Control: max-age = 14400
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 07 Sep 2024 18:20:41 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2434
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEEY%2BBbWicZDJCutGRyts3so%3D

IEXPLORE.EXE

Remote address:

142.250.27.94:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEEY%2BBbWicZDJCutGRyts3so%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 07 Sep 2024 18:13:00 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2890
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC%2BxJ6Dr%2Fai6QonM%2F7HQx1J

IEXPLORE.EXE

Remote address:

142.250.27.94:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC%2BxJ6Dr%2Fai6QonM%2F7HQx1J HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 07 Sep 2024 18:28:56 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1936
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEBFwHbrJaxWDCjHK4%2BG0Wcs%3D

IEXPLORE.EXE

Remote address:

142.250.27.94:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEBFwHbrJaxWDCjHK4%2BG0Wcs%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 07 Sep 2024 18:20:41 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2434
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQD1kD0PUGhH%2FBI3nnbRqNoX

IEXPLORE.EXE

Remote address:

142.250.27.94:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQD1kD0PUGhH%2FBI3nnbRqNoX HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 07 Sep 2024 18:05:26 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 3352
GET

https://www.youtube.com/s/player/5f8f5b0f/www-player.css

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

GET /s/player/5f8f5b0f/www-player.css HTTP/1.1
Accept: text/css, */*
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=j-Ex3tYTEF8; VISITOR_INFO1_LIVE=YKqXk1-hcWE; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgDA%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 59924
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 03 Sep 2024 07:40:58 GMT
Expires: Wed, 03 Sep 2025 07:40:58 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 03 Sep 2024 04:14:15 GMT
Content-Type: text/css
Vary: Accept-Encoding, Origin
Age: 386411
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/5f8f5b0f/www-embed-player.vflset/www-embed-player.js

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

GET /s/player/5f8f5b0f/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=E-tq1tc5_BE; VISITOR_INFO1_LIVE=VEMcM5umcqg; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgOQ%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 117679
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 03 Sep 2024 07:40:58 GMT
Expires: Wed, 03 Sep 2025 07:40:58 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 03 Sep 2024 04:14:15 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 386412
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/5f8f5b0f/www-player.css

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

GET /s/player/5f8f5b0f/www-player.css HTTP/1.1
Accept: text/css, */*
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=xB_y6bUFrvs; VISITOR_INFO1_LIVE=iQI4qmj_te0; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgIQ%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 59924
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 03 Sep 2024 07:40:58 GMT
Expires: Wed, 03 Sep 2025 07:40:58 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 03 Sep 2024 04:14:15 GMT
Content-Type: text/css
Vary: Accept-Encoding, Origin
Age: 386412
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/api/stats/qoe?cpn=ctn1MqEtYazatLm1&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C104308%2C23018%2C26443548%2C7111%2C24166%2C12177%2C9954%2C1192%2C33462%2C2%2C17768%2C29151%2C12193%2C1103%2C6953%2C11044%2C501%2C1970%2C7546%2C12725%2C5076%2C22962%2C1059%2C2%2C2126%2C1336%2C4205%2C1823%2C3186%2C2912%2C4794%2C15%2C1020%2C1739%2C328%2C13%2C3827%2C4%2C404%2C648%2C1121%2C603%2C5553%2C5749%2C328%2C1170%2C1453%2C3857%2C74%2C4960%2C3053%2C6064&cl=670364317&seq=1&event=streamingstats&docid=evMR3wn1LGk&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240902.00.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000&qclc=ChBjdG4xTXFFdFlhemF0TG0xEAE

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

POST /api/stats/qoe?cpn=ctn1MqEtYazatLm1&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C104308%2C23018%2C26443548%2C7111%2C24166%2C12177%2C9954%2C1192%2C33462%2C2%2C17768%2C29151%2C12193%2C1103%2C6953%2C11044%2C501%2C1970%2C7546%2C12725%2C5076%2C22962%2C1059%2C2%2C2126%2C1336%2C4205%2C1823%2C3186%2C2912%2C4794%2C15%2C1020%2C1739%2C328%2C13%2C3827%2C4%2C404%2C648%2C1121%2C603%2C5553%2C5749%2C328%2C1170%2C1453%2C3857%2C74%2C4960%2C3053%2C6064&cl=670364317&seq=1&event=streamingstats&docid=evMR3wn1LGk&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240902.00.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000&qclc=ChBjdG4xTXFFdFlhemF0TG0xEAE HTTP/1.1
Accept: */*
X-Goog-Visitor-Id: CgtWRU1jTTV1bWNxZyj0xfK2BjIKCgJHQhIEGgAgOQ%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240902.00.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1725735670665&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C1524%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C590%2C250&vis=1&wgl=true&ca_type=image
Content-Type: application/x-www-form-urlencoded
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 226
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=xB_y6bUFrvs; VISITOR_INFO1_LIVE=iQI4qmj_te0; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgIQ%3D%3D

Response

HTTP/1.1 204 No Content

Content-Type: text/html; charset=UTF-8
Date: Sat, 07 Sep 2024 19:01:15 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: Video Stats Server
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/generate_204?-knBKw

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

GET /generate_204?-knBKw HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=xB_y6bUFrvs; VISITOR_INFO1_LIVE=iQI4qmj_te0; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgIQ%3D%3D

Response

HTTP/1.1 204 No Content

Content-Length: 0
Cross-Origin-Resource-Policy: cross-origin
Date: Sat, 07 Sep 2024 19:01:16 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1725735675566
Content-Type: application/json
X-Goog-Visitor-Id: CgtzWkpEZmtnVnVGbyj1xfK2BjIKCgJHQhIEGgAgDA%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240902.00.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1725735669209&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12394%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 9247
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=xB_y6bUFrvs; VISITOR_INFO1_LIVE=iQI4qmj_te0; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgIQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 07 Sep 2024 19:01:17 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/s/player/5f8f5b0f/player_ias.vflset/en_US/base.js

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

GET /s/player/5f8f5b0f/player_ias.vflset/en_US/base.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=E-tq1tc5_BE; VISITOR_INFO1_LIVE=VEMcM5umcqg; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgOQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Encoding: gzip
Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 772448
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 03 Sep 2024 08:06:38 GMT
Expires: Wed, 03 Sep 2025 08:06:38 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 03 Sep 2024 04:14:15 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 384872
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/5f8f5b0f/player_ias.vflset/en_US/embed.js

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

GET /s/player/5f8f5b0f/player_ias.vflset/en_US/embed.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=xB_y6bUFrvs; VISITOR_INFO1_LIVE=iQI4qmj_te0; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgIQ%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 23517
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 03 Sep 2024 08:06:37 GMT
Expires: Wed, 03 Sep 2025 08:06:37 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 03 Sep 2024 04:14:15 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 384876
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/api/stats/qoe?cpn=qBu2ZP7KZA9qaTEH&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C127326%2C26443548%2C7111%2C24166%2C12177%2C9954%2C1192%2C33462%2C2%2C17768%2C29151%2C12193%2C1103%2C6953%2C11044%2C501%2C1970%2C7546%2C17801%2C24021%2C2%2C2126%2C1336%2C4205%2C1823%2C3186%2C2912%2C4794%2C15%2C1020%2C1739%2C328%2C3818%2C22%2C4%2C404%2C649%2C1120%2C7164%2C5069%2C1171%2C5383%2C4960%2C3053&cl=670364317&seq=1&event=streamingstats&docid=QMECDnECjJM&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240902.00.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000&qclc=ChBxQnUyWlA3S1pBOXFhVEVIEAE

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

POST /api/stats/qoe?cpn=qBu2ZP7KZA9qaTEH&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C127326%2C26443548%2C7111%2C24166%2C12177%2C9954%2C1192%2C33462%2C2%2C17768%2C29151%2C12193%2C1103%2C6953%2C11044%2C501%2C1970%2C7546%2C17801%2C24021%2C2%2C2126%2C1336%2C4205%2C1823%2C3186%2C2912%2C4794%2C15%2C1020%2C1739%2C328%2C3818%2C22%2C4%2C404%2C649%2C1120%2C7164%2C5069%2C1171%2C5383%2C4960%2C3053&cl=670364317&seq=1&event=streamingstats&docid=QMECDnECjJM&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240902.00.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000&qclc=ChBxQnUyWlA3S1pBOXFhVEVIEAE HTTP/1.1
Accept: */*
X-Goog-Visitor-Id: CgtZS3FYazEtaGNXRSj0xfK2BjIKCgJHQhIEGgAgDA%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240902.00.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1725735670456&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12594%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Content-Type: application/x-www-form-urlencoded
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 226
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=xB_y6bUFrvs; VISITOR_INFO1_LIVE=iQI4qmj_te0; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgIQ%3D%3D

Response

HTTP/1.1 204 No Content

Content-Type: text/html; charset=UTF-8
Date: Sat, 07 Sep 2024 19:01:21 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: Video Stats Server
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1725735681067
Content-Type: application/json
X-Goog-Visitor-Id: CgtZS3FYazEtaGNXRSj0xfK2BjIKCgJHQhIEGgAgDA%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240902.00.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1725735670456&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12594%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 1973
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=xB_y6bUFrvs; VISITOR_INFO1_LIVE=iQI4qmj_te0; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgIQ%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 07 Sep 2024 19:01:22 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1725735731040
Content-Type: application/json
X-Goog-Visitor-Id: CgtzWkpEZmtnVnVGbyj1xfK2BjIKCgJHQhIEGgAgDA%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240902.00.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1725735670964&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12394%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 1248
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=am8Mk-0dqgw; VISITOR_INFO1_LIVE=ERy_CGNJVk8; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgNg%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 07 Sep 2024 19:02:12 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/s/player/5f8f5b0f/www-player.css

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

GET /s/player/5f8f5b0f/www-player.css HTTP/1.1
Accept: text/css, */*
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=am8Mk-0dqgw; VISITOR_INFO1_LIVE=ERy_CGNJVk8; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgNg%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 59924
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 03 Sep 2024 07:40:58 GMT
Expires: Wed, 03 Sep 2025 07:40:58 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 03 Sep 2024 04:14:15 GMT
Content-Type: text/css
Vary: Accept-Encoding, Origin
Age: 386515
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/5f8f5b0f/player_ias.vflset/en_US/embed.js

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

GET /s/player/5f8f5b0f/player_ias.vflset/en_US/embed.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=am8Mk-0dqgw; VISITOR_INFO1_LIVE=ERy_CGNJVk8; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgNg%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 23517
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 03 Sep 2024 08:06:37 GMT
Expires: Wed, 03 Sep 2025 08:06:37 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 03 Sep 2024 04:14:15 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 384979
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

googleads.g.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.27.155

googleads.g.doubleclick.net

IN A

142.250.27.157

googleads.g.doubleclick.net

IN A

142.250.27.154

googleads.g.doubleclick.net

IN A

142.250.27.156
DNS

static.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN A

Response

static.doubleclick.net

IN A

142.250.27.148

static.doubleclick.net

IN A

142.250.27.149
DNS

static.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN A
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

142.250.27.155:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Sat, 07 Sep 2024 19:01:12 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

142.250.27.155:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Sat, 07 Sep 2024 19:01:12 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

142.250.27.155:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Sat, 07 Sep 2024 19:01:12 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

142.250.27.155:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Sat, 07 Sep 2024 19:01:12 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

142.250.27.155:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Sat, 07 Sep 2024 19:01:12 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

142.250.27.155:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Sat, 07 Sep 2024 19:01:12 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

jnn-pa.googleapis.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN A

Response

jnn-pa.googleapis.com

IN A

142.250.102.95

jnn-pa.googleapis.com

IN A

142.250.27.95
GET

https://static.doubleclick.net/instream/ad_status.js

IEXPLORE.EXE

Remote address:

142.250.27.148:443

Request

GET /instream/ad_status.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="ads-doubleclick-media"
Report-To: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
Timing-Allow-Origin: *
Content-Length: 29
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 07 Sep 2024 18:52:29 GMT
Expires: Sat, 07 Sep 2024 19:07:29 GMT
Cache-Control: public, max-age=900
Age: 524
Last-Modified: Thu, 12 Dec 2013 23:40:16 GMT
Content-Type: text/javascript
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

IEXPLORE.EXE

Remote address:

142.250.102.95:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 24
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 07 Sep 2024 19:01:14 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

IEXPLORE.EXE

Remote address:

142.250.102.95:443

Request

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 927
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 07 Sep 2024 19:01:15 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

IEXPLORE.EXE

Remote address:

142.250.102.95:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 24
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 07 Sep 2024 19:01:19 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

IEXPLORE.EXE

Remote address:

142.250.102.95:443

Request

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 1336
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 07 Sep 2024 19:01:20 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

IEXPLORE.EXE

Remote address:

142.250.102.95:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 24
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 07 Sep 2024 19:01:15 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

IEXPLORE.EXE

Remote address:

142.250.102.95:443

Request

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 887
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 07 Sep 2024 19:01:15 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

www.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.27.105

www.google.com

IN A

142.250.27.147

www.google.com

IN A

142.250.27.103

www.google.com

IN A

142.250.27.104

www.google.com

IN A

142.250.27.106

www.google.com

IN A

142.250.27.99
DNS

i.ytimg.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

142.250.27.119

i.ytimg.com

IN A

142.250.102.119
DNS

yt3.ggpht.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

yt3.ggpht.com

IN A

Response

yt3.ggpht.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.102.132
GET

https://www.google.com/js/th/_MtEdLRde-f5_qWpN1PloitzgIfC0LddkeZZHK-tyIk.js

IEXPLORE.EXE

Remote address:

142.250.27.105:443

Request

GET /js/th/_MtEdLRde-f5_qWpN1PloitzgIfC0LddkeZZHK-tyIk.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="botguard-scs"
Report-To: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
Content-Length: 24686
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 02 Sep 2024 14:01:30 GMT
Expires: Tue, 02 Sep 2025 14:01:30 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 26 Aug 2024 15:30:00 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Age: 449985
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://i.ytimg.com/vi/ygK7kej0BPA/sddefault.jpg

IEXPLORE.EXE

Remote address:

142.250.27.119:443

Request

GET /vi/ygK7kej0BPA/sddefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i.ytimg.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 35419
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 07 Sep 2024 18:58:17 GMT
Expires: Sat, 07 Sep 2024 20:58:17 GMT
Cache-Control: public, max-age=7200
ETag: "0"
Content-Type: image/jpeg
Vary: Origin
Age: 178
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

95.100.245.144
GET

http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

Remote address:

95.100.245.144:80

Request

GET /pkiops/crl/MicCodSigPCA2011_2011-07-08.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 03 Jun 2024 21:25:24 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.microsoft.com

Response

HTTP/1.1 200 OK

Content-Length: 1078
Content-Type: application/octet-stream
Content-MD5: cyz+t2uRxNE5eKALjGZu1w==
Last-Modified: Sun, 18 Aug 2024 00:23:49 GMT
ETag: 0x8DCBF1C07FCB4BF
x-ms-request-id: e6150cee-901e-0017-5408-f1fee1000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 07 Sep 2024 19:01:36 GMT
Connection: keep-alive
TLS_version: UNKNOWN
ms-cv: CASMicrosoftCV55cce3c4.0
ms-cv-esi: CASMicrosoftCV55cce3c4.0
X-RTag: RT
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

95.100.245.144
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

95.100.245.144
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png

IEXPLORE.EXE

Remote address:

157.240.243.2:443

Request

GET /rsrc.php/v3/yw/r/UXtr_j2Fwe-.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.xx.fbcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/png
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: 07aG/2AEtDHVAZ5LUajMDQ==
Expires: Thu, 28 Aug 2025 03:42:23 GMT
Cache-Control: public,max-age=31536000,immutable
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
origin-agent-cluster: ?1
X-FB-Debug: xMd6z3Vd6u5BBy8d+nnslVou5DQuEhN1+rBSJNbND5bZFEYP/Kc8lBc+rN0gUo28TxFGAwsEf17c8ogTUs79Hw==
x-fb-server-load: 57
Date: Sat, 07 Sep 2024 19:02:18 GMT
X-FB-Connection-Quality: GOOD; q=0.7, rtt=53, rtx=0, c=11, mss=1357, tbw=137, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 573
GET

https://www.youtube.com/s/player/5f8f5b0f/player_ias.vflset/en_US/base.js

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

GET /s/player/5f8f5b0f/player_ias.vflset/en_US/base.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=am8Mk-0dqgw; VISITOR_INFO1_LIVE=ERy_CGNJVk8; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgNg%3D%3D

Response

HTTP/1.1 200 OK

Content-Encoding: gzip
Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 772448
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 03 Sep 2024 08:06:38 GMT
Expires: Wed, 03 Sep 2025 08:06:38 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 03 Sep 2024 04:14:15 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 384976
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/5f8f5b0f/player_ias.vflset/en_US/remote.js

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

GET /s/player/5f8f5b0f/player_ias.vflset/en_US/remote.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=am8Mk-0dqgw; VISITOR_INFO1_LIVE=ERy_CGNJVk8; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgNg%3D%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 39255
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 03 Sep 2024 18:29:50 GMT
Expires: Wed, 03 Sep 2025 18:29:50 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 03 Sep 2024 04:14:15 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 347586
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/generate_204?b76Y5g

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

GET /generate_204?b76Y5g HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=am8Mk-0dqgw; VISITOR_INFO1_LIVE=ERy_CGNJVk8; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgNg%3D%3D

Response

HTTP/1.1 204 No Content

Content-Length: 0
Cross-Origin-Resource-Policy: cross-origin
Date: Sat, 07 Sep 2024 19:02:57 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1725735778985
Content-Type: application/json
X-Goog-Visitor-Id: CgtFUnlfQ0dOSlZrOCj1xfK2BjIKCgJHQhIEGgAgNg%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240902.00.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1725735774152&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12794%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 9814
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=am8Mk-0dqgw; VISITOR_INFO1_LIVE=ERy_CGNJVk8; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgNg%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 07 Sep 2024 19:03:00 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/s/player/5f8f5b0f/player_ias.vflset/en_US/base.js

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

GET /s/player/5f8f5b0f/player_ias.vflset/en_US/base.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=am8Mk-0dqgw; VISITOR_INFO1_LIVE=ERy_CGNJVk8; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgNg%3D%3D

Response

HTTP/1.1 200 OK

Content-Encoding: gzip
Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 772448
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 03 Sep 2024 08:06:38 GMT
Expires: Wed, 03 Sep 2025 08:06:38 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 03 Sep 2024 04:14:15 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 384997
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/api/stats/qoe?cpn=3-UxYMuLiDn5KATN&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C60172%2C67154%2C26443548%2C7111%2C24166%2C12177%2C9954%2C1192%2C33462%2C2%2C17768%2C29151%2C12193%2C1103%2C6953%2C10955%2C89%2C501%2C1970%2C7546%2C17801%2C24021%2C2%2C2126%2C1336%2C1518%2C2686%2C1%2C1823%2C3186%2C2912%2C4794%2C14%2C1021%2C1740%2C327%2C13%2C3827%2C4%2C404%2C649%2C1120%2C603%2C2685%2C2816%2C265%2C795%2C5069%2C1170%2C4140%2C1245%2C1180%2C3779%2C3053&cl=670364317&seq=1&event=streamingstats&docid=ywSeSlVcY4w&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240902.00.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.002:ER&cmt=0.002:0.000,0.002:0.000&error=0.002:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.002:0&bh=0.002:0.000&qclc=ChAzLVV4WU11TGlEbjVLQVROEAE

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

POST /api/stats/qoe?cpn=3-UxYMuLiDn5KATN&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C60172%2C67154%2C26443548%2C7111%2C24166%2C12177%2C9954%2C1192%2C33462%2C2%2C17768%2C29151%2C12193%2C1103%2C6953%2C10955%2C89%2C501%2C1970%2C7546%2C17801%2C24021%2C2%2C2126%2C1336%2C1518%2C2686%2C1%2C1823%2C3186%2C2912%2C4794%2C14%2C1021%2C1740%2C327%2C13%2C3827%2C4%2C404%2C649%2C1120%2C603%2C2685%2C2816%2C265%2C795%2C5069%2C1170%2C4140%2C1245%2C1180%2C3779%2C3053&cl=670364317&seq=1&event=streamingstats&docid=ywSeSlVcY4w&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240902.00.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.002:ER&cmt=0.002:0.000,0.002:0.000&error=0.002:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.002:0&bh=0.002:0.000&qclc=ChAzLVV4WU11TGlEbjVLQVROEAE HTTP/1.1
Accept: */*
X-Goog-Visitor-Id: CgtpUUk0cW1qX3RlMCj1xfK2BjIKCgJHQhIEGgAgIQ%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240902.00.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1725735795061&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12994%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Content-Type: application/x-www-form-urlencoded
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 226
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=am8Mk-0dqgw; VISITOR_INFO1_LIVE=ERy_CGNJVk8; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgNg%3D%3D

Response

HTTP/1.1 204 No Content

Content-Type: text/html; charset=UTF-8
Date: Sat, 07 Sep 2024 19:03:17 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: Video Stats Server
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1725735797883
Content-Type: application/json
X-Goog-Visitor-Id: CgtpUUk0cW1qX3RlMCj1xfK2BjIKCgJHQhIEGgAgIQ%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240902.00.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1725735794948&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12994%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 7460
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=am8Mk-0dqgw; VISITOR_INFO1_LIVE=ERy_CGNJVk8; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgNg%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 07 Sep 2024 19:03:20 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

IEXPLORE.EXE

Remote address:

142.250.27.190:443

Request

POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1725735800959
Content-Type: application/json
X-Goog-Visitor-Id: CgtpUUk0cW1qX3RlMCj1xfK2BjIKCgJHQhIEGgAgIQ%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240902.00.00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1725735795061&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C12994%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C280%2C200&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 2797
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=am8Mk-0dqgw; VISITOR_INFO1_LIVE=ERy_CGNJVk8; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgNg%3D%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 07 Sep 2024 19:03:22 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

142.250.27.155:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Sat, 07 Sep 2024 19:02:59 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

142.250.27.155:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Sat, 07 Sep 2024 19:03:00 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

142.250.27.155:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Sat, 07 Sep 2024 19:03:14 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

142.250.27.155:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Sat, 07 Sep 2024 19:03:14 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

142.250.27.155:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Sat, 07 Sep 2024 19:03:15 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

142.250.27.155:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Sat, 07 Sep 2024 19:03:16 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

142.250.27.155:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Sat, 07 Sep 2024 19:03:16 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

142.250.27.155:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Sat, 07 Sep 2024 19:03:14 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

142.250.27.155:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Sat, 07 Sep 2024 19:03:14 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

142.250.27.155:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

IEXPLORE.EXE

Remote address:

142.250.102.95:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 24
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 07 Sep 2024 19:02:57 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

IEXPLORE.EXE

Remote address:

142.250.102.95:443

Request

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 892
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 07 Sep 2024 19:02:58 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

IEXPLORE.EXE

Remote address:

142.250.102.95:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 24
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 07 Sep 2024 19:03:19 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

IEXPLORE.EXE

Remote address:

142.250.102.95:443

Request

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 954
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 07 Sep 2024 19:03:19 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://i.ytimg.com/vi/gS2GhpTPLvQ/sddefault.jpg

IEXPLORE.EXE

Remote address:

142.250.27.119:443

Request

GET /vi/gS2GhpTPLvQ/sddefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i.ytimg.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 36415
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 07 Sep 2024 19:02:57 GMT
Expires: Sat, 07 Sep 2024 21:02:57 GMT
Cache-Control: public, max-age=7200
ETag: "1376813903"
Content-Type: image/jpeg
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

142.250.27.95:80

http://fonts.googleapis.com/css?family=Arial

http

IEXPLORE.EXE

523 B
1.4kB
6
4

HTTP Request

GET http://fonts.googleapis.com/css?family=Arial

HTTP Response

400
142.250.27.95:80

fonts.googleapis.com

IEXPLORE.EXE

190 B
92 B
4
2
142.250.27.190:80

http://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

http

IEXPLORE.EXE

602 B
631 B
7
5

HTTP Request

GET http://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

HTTP Response

301
157.240.243.35:80

http://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

http

IEXPLORE.EXE

1.2kB
621 B
7
5

HTTP Request

GET http://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

HTTP Response

301
157.240.243.35:80

www.facebook.com

IEXPLORE.EXE

190 B
92 B
4
2
142.250.27.190:80

http://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

http

IEXPLORE.EXE

602 B
631 B
7
5

HTTP Request

GET http://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

HTTP Response

301
142.250.27.190:80

http://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

http

IEXPLORE.EXE

602 B
631 B
7
5

HTTP Request

GET http://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

HTTP Response

301
142.250.27.190:80

http://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

http

IEXPLORE.EXE

556 B
579 B
6
4

HTTP Request

GET http://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

HTTP Response

301
142.250.27.190:80

http://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

http

IEXPLORE.EXE

602 B
631 B
7
5

HTTP Request

GET http://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

HTTP Response

301
142.250.27.190:443

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

tls, http

IEXPLORE.EXE

16.4kB
50.3kB
44
53

HTTP Request

GET https://www.youtube.com/s/player/5f8f5b0f/player_ias.vflset/en_US/remote.js

HTTP Response

200

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200
142.250.27.190:443

https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

tls, http

IEXPLORE.EXE

3.6kB
97.3kB
50
81

HTTP Request

GET https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

HTTP Response

200

HTTP Request

GET https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

HTTP Response

200
142.250.27.190:443

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

tls, http

IEXPLORE.EXE

10.2kB
7.9kB
37
32

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
142.250.27.113:80

www.google-analytics.com

IEXPLORE.EXE

290 B
92 B
6
2
142.250.27.113:80

http://www.google-analytics.com/ga.js

http

IEXPLORE.EXE

864 B
18.3kB
13
16

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
142.250.27.190:443

https://www.youtube.com/s/player/5f8f5b0f/www-embed-player.vflset/www-embed-player.js

tls, http

IEXPLORE.EXE

5.2kB
177.8kB
84
135

HTTP Request

GET https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/5f8f5b0f/www-embed-player.vflset/www-embed-player.js

HTTP Response

200
142.250.27.190:443

https://www.youtube.com/s/player/5f8f5b0f/player_ias.vflset/en_US/embed.js

tls, http

IEXPLORE.EXE

7.9kB
247.1kB
115
189

HTTP Request

GET https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

HTTP Response

200

HTTP Request

GET https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/5f8f5b0f/www-embed-player.vflset/www-embed-player.js

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/5f8f5b0f/player_ias.vflset/en_US/embed.js

HTTP Response

200
157.240.243.35:443

https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

tls, http

IEXPLORE.EXE

2.2kB
25.4kB
21
24

HTTP Request

GET https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

HTTP Response

200
157.240.243.2:443

https://static.xx.fbcdn.net/rsrc.php/v3/ya/r/dvL-mSr_f6M.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

5.7kB
129.2kB
82
100

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/ya/r/dvL-mSr_f6M.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
157.240.243.2:443

https://static.xx.fbcdn.net/rsrc.php/v3/yK/r/yhMLxgtMNUo.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

5.5kB
85.9kB
61
74

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yx/l/0,cross/MEtExguyptz.css?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yK/r/yhMLxgtMNUo.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
157.240.243.2:443

https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/o1ndYS2og_B.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

2.6kB
8.2kB
14
13

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/o1ndYS2og_B.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
157.240.243.2:443

https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/dXk5exdOVhk.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

3.6kB
38.2kB
34
37

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3issO4/yA/l/en_GB/pLoSlJD7y1F.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/dXk5exdOVhk.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
157.240.243.2:443

https://static.xx.fbcdn.net/rsrc.php/v3/yV/r/Glud--w-qOK.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

2.7kB
17.8kB
17
20

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yV/r/Glud--w-qOK.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
157.240.243.2:443

https://static.xx.fbcdn.net/rsrc.php/v3ij9m4/yS/l/en_GB/FsgTKAP125G.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

3.6kB
35.7kB
32
33

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3ij9m4/yS/l/en_GB/FsgTKAP125G.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
157.240.243.2:443

scontent.xx.fbcdn.net

tls

IEXPLORE.EXE

671 B
420 B
9
6
157.240.243.2:443

https://scontent.xx.fbcdn.net/v/t39.30808-1/302682950_408081388117661_761848427710662801_n.jpg?stp=cp0_dst-jpg_s50x50&_nc_cat=103&ccb=1-7&_nc_sid=6738e8&_nc_ohc=AzK9QtI-96cQ7kNvgEszH3r&_nc_ht=scontent.xx&edm=AEDRbFQEAAAA&_nc_gid=A39VDMeKP91wJ99O8U9YKH3&oh=00_AYBwxUm8scKLZ1lH8qXwi4-UXC6aFUe-WViNu0gWd0JgNQ&oe=66E284D3

tls, http

IEXPLORE.EXE

1.7kB
6.4kB
13
12

HTTP Request

GET https://scontent.xx.fbcdn.net/v/t39.30808-1/302682950_408081388117661_761848427710662801_n.jpg?stp=cp0_dst-jpg_s50x50&_nc_cat=103&ccb=1-7&_nc_sid=6738e8&_nc_ohc=AzK9QtI-96cQ7kNvgEszH3r&_nc_ht=scontent.xx&edm=AEDRbFQEAAAA&_nc_gid=A39VDMeKP91wJ99O8U9YKH3&oh=00_AYBwxUm8scKLZ1lH8qXwi4-UXC6aFUe-WViNu0gWd0JgNQ&oe=66E284D3

HTTP Response

200
157.240.243.2:443

https://static.xx.fbcdn.net/rsrc.php/v3/yG/r/WvbRbK9sYiL.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

1.4kB
4.5kB
12
11

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yG/r/WvbRbK9sYiL.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
157.240.243.2:443

https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

tls, http

IEXPLORE.EXE

1.3kB
3.0kB
11
10

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200
142.250.27.94:80

http://c.pki.goog/wr2/oQ6nyr8F0m0.crl

http

IEXPLORE.EXE

747 B
14.9kB
11
14

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200

HTTP Request

GET http://c.pki.goog/wr2/oQ6nyr8F0m0.crl

HTTP Response

200
142.250.27.94:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.27.94:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.27.94:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.27.94:80

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEAF7KWhM60m3EI1Tk9fdsmI%3D

http

IEXPLORE.EXE

2.5kB
3.2kB
15
9

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEEY%2BBbWicZDJCutGRyts3so%3D

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDBBI61buTJSxBPkvvajAV6

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEGs31zQSL0RFCna%2BsoPon%2Bg%3D

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEAF7KWhM60m3EI1Tk9fdsmI%3D

HTTP Response

200
142.250.27.94:80

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEAF7KWhM60m3EI1Tk9fdsmI%3D

http

IEXPLORE.EXE

2.0kB
3.2kB
13
8

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEEY%2BBbWicZDJCutGRyts3so%3D

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC%2BxJ6Dr%2Fai6QonM%2F7HQx1J

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEC3QjsHQh0OQEJO7ScqSTgQ%3D

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEAF7KWhM60m3EI1Tk9fdsmI%3D

HTTP Response

200
142.250.27.94:80

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEBFwHbrJaxWDCjHK4%2BG0Wcs%3D

http

IEXPLORE.EXE

2.0kB
3.2kB
13
8

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEEY%2BBbWicZDJCutGRyts3so%3D

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDBBI61buTJSxBPkvvajAV6

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEC3QjsHQh0OQEJO7ScqSTgQ%3D

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEBFwHbrJaxWDCjHK4%2BG0Wcs%3D

HTTP Response

200
142.250.27.94:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQD1kD0PUGhH%2FBI3nnbRqNoX

http

IEXPLORE.EXE

1.8kB
3.9kB
13
7

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEEY%2BBbWicZDJCutGRyts3so%3D

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC%2BxJ6Dr%2Fai6QonM%2F7HQx1J

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEBFwHbrJaxWDCjHK4%2BG0Wcs%3D

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQD1kD0PUGhH%2FBI3nnbRqNoX

HTTP Response

200
142.250.27.190:443

https://www.youtube.com/s/player/5f8f5b0f/www-player.css

tls, http

IEXPLORE.EXE

2.4kB
70.8kB
33
55

HTTP Request

GET https://www.youtube.com/s/player/5f8f5b0f/www-player.css

HTTP Response

200
142.250.27.190:443

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

tls, http

IEXPLORE.EXE

18.5kB
197.3kB
95
159

HTTP Request

GET https://www.youtube.com/s/player/5f8f5b0f/www-embed-player.vflset/www-embed-player.js

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/5f8f5b0f/www-player.css

HTTP Response

200

HTTP Request

POST https://www.youtube.com/api/stats/qoe?cpn=ctn1MqEtYazatLm1&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C104308%2C23018%2C26443548%2C7111%2C24166%2C12177%2C9954%2C1192%2C33462%2C2%2C17768%2C29151%2C12193%2C1103%2C6953%2C11044%2C501%2C1970%2C7546%2C12725%2C5076%2C22962%2C1059%2C2%2C2126%2C1336%2C4205%2C1823%2C3186%2C2912%2C4794%2C15%2C1020%2C1739%2C328%2C13%2C3827%2C4%2C404%2C648%2C1121%2C603%2C5553%2C5749%2C328%2C1170%2C1453%2C3857%2C74%2C4960%2C3053%2C6064&cl=670364317&seq=1&event=streamingstats&docid=evMR3wn1LGk&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240902.00.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000&qclc=ChBjdG4xTXFFdFlhemF0TG0xEAE

HTTP Response

204

HTTP Request

GET https://www.youtube.com/generate_204?-knBKw

HTTP Response

204

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200
142.250.27.190:443

https://www.youtube.com/s/player/5f8f5b0f/player_ias.vflset/en_US/embed.js

tls, http

IEXPLORE.EXE

31.0kB
937.6kB
426
689

HTTP Request

GET https://www.youtube.com/s/player/5f8f5b0f/player_ias.vflset/en_US/base.js

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/5f8f5b0f/player_ias.vflset/en_US/embed.js

HTTP Response

200

HTTP Request

POST https://www.youtube.com/api/stats/qoe?cpn=qBu2ZP7KZA9qaTEH&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C127326%2C26443548%2C7111%2C24166%2C12177%2C9954%2C1192%2C33462%2C2%2C17768%2C29151%2C12193%2C1103%2C6953%2C11044%2C501%2C1970%2C7546%2C17801%2C24021%2C2%2C2126%2C1336%2C4205%2C1823%2C3186%2C2912%2C4794%2C15%2C1020%2C1739%2C328%2C3818%2C22%2C4%2C404%2C649%2C1120%2C7164%2C5069%2C1171%2C5383%2C4960%2C3053&cl=670364317&seq=1&event=streamingstats&docid=QMECDnECjJM&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240902.00.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.001:0&bh=0.001:0.000&qclc=ChBxQnUyWlA3S1pBOXFhVEVIEAE

HTTP Response

204

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/5f8f5b0f/www-player.css

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/5f8f5b0f/player_ias.vflset/en_US/embed.js

HTTP Response

200
142.250.27.155:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

1.5kB
6.7kB
11
12

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
142.250.27.155:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

1.8kB
7.2kB
12
12

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
142.250.27.155:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

1.5kB
5.8kB
11
11

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
142.250.27.155:443

googleads.g.doubleclick.net

tls

IEXPLORE.EXE

878 B
4.7kB
10
9
142.250.27.155:443

googleads.g.doubleclick.net

tls

IEXPLORE.EXE

982 B
4.9kB
11
11
142.250.27.155:443

googleads.g.doubleclick.net

tls

IEXPLORE.EXE

994 B
4.8kB
10
9
142.250.27.148:443

https://static.doubleclick.net/instream/ad_status.js

tls, http

IEXPLORE.EXE

1.1kB
5.5kB
10
9

HTTP Request

GET https://static.doubleclick.net/instream/ad_status.js

HTTP Response

200
142.250.27.148:443

static.doubleclick.net

tls

IEXPLORE.EXE

759 B
4.8kB
10
9
142.250.102.95:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

tls, http

IEXPLORE.EXE

5.2kB
55.8kB
33
48

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

HTTP Response

200
142.250.102.95:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

tls, http

IEXPLORE.EXE

5.3kB
67.0kB
44
58

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

HTTP Response

200
142.250.102.95:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

tls, http

IEXPLORE.EXE

3.9kB
53.4kB
32
49

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

HTTP Response

200
142.250.27.105:443

https://www.google.com/js/th/_MtEdLRde-f5_qWpN1PloitzgIfC0LddkeZZHK-tyIk.js

tls, http

IEXPLORE.EXE

1.6kB
34.1kB
20
29

HTTP Request

GET https://www.google.com/js/th/_MtEdLRde-f5_qWpN1PloitzgIfC0LddkeZZHK-tyIk.js

HTTP Response

200
142.250.27.105:443

www.google.com

tls

IEXPLORE.EXE

929 B
4.4kB
14
7
142.250.27.119:443

i.ytimg.com

tls

IEXPLORE.EXE

772 B
5.0kB
10
9
142.250.27.119:443

https://i.ytimg.com/vi/ygK7kej0BPA/sddefault.jpg

tls, http

IEXPLORE.EXE

1.9kB
44.4kB
25
37

HTTP Request

GET https://i.ytimg.com/vi/ygK7kej0BPA/sddefault.jpg

HTTP Response

200
142.250.102.132:443

yt3.ggpht.com

tls

IEXPLORE.EXE

1.3kB
11.5kB
13
13
142.250.102.132:443

yt3.ggpht.com

tls

IEXPLORE.EXE

1.1kB
9.8kB
15
14
95.100.245.144:80

http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

http

393 B
1.7kB
4
4

HTTP Request

GET http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

HTTP Response

200
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

753 B
7.9kB
9
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.8kB
9
12
157.240.243.2:443

https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png

tls, http

IEXPLORE.EXE

1.1kB
3.0kB
7
8

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png

HTTP Response

200
142.250.27.190:443

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

tls, http

IEXPLORE.EXE

91.8kB
1.7MB
983
1237

HTTP Request

GET https://www.youtube.com/s/player/5f8f5b0f/player_ias.vflset/en_US/base.js

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/5f8f5b0f/player_ias.vflset/en_US/remote.js

HTTP Response

200

HTTP Request

GET https://www.youtube.com/generate_204?b76Y5g

HTTP Response

204

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/5f8f5b0f/player_ias.vflset/en_US/base.js

HTTP Response

200

HTTP Request

POST https://www.youtube.com/api/stats/qoe?cpn=3-UxYMuLiDn5KATN&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C60172%2C67154%2C26443548%2C7111%2C24166%2C12177%2C9954%2C1192%2C33462%2C2%2C17768%2C29151%2C12193%2C1103%2C6953%2C10955%2C89%2C501%2C1970%2C7546%2C17801%2C24021%2C2%2C2126%2C1336%2C1518%2C2686%2C1%2C1823%2C3186%2C2912%2C4794%2C14%2C1021%2C1740%2C327%2C13%2C3827%2C4%2C404%2C649%2C1120%2C603%2C2685%2C2816%2C265%2C795%2C5069%2C1170%2C4140%2C1245%2C1180%2C3779%2C3053&cl=670364317&seq=1&event=streamingstats&docid=ywSeSlVcY4w&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240902.00.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.002:ER&cmt=0.002:0.000,0.002:0.000&error=0.002:auth::0.000:0;a6s.0;r.Video_unavailable&vis=0.002:0&bh=0.002:0.000&qclc=ChAzLVV4WU11TGlEbjVLQVROEAE

HTTP Response

204

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

HTTP Response

200
142.250.27.155:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

3.7kB
11.2kB
18
17

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
142.250.27.155:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

2.2kB
6.5kB
14
11

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
142.250.102.95:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

tls, http

IEXPLORE.EXE

8.0kB
101.9kB
62
86

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

HTTP Response

200
142.250.27.119:443

https://i.ytimg.com/vi/gS2GhpTPLvQ/sddefault.jpg

tls, http

IEXPLORE.EXE

2.1kB
44.6kB
28
37

HTTP Request

GET https://i.ytimg.com/vi/gS2GhpTPLvQ/sddefault.jpg

HTTP Response

200
142.250.27.119:443

i.ytimg.com

tls

IEXPLORE.EXE

660 B
4.9kB
7
7
142.250.27.155:443

googleads.g.doubleclick.net

tls

IEXPLORE.EXE

756 B
4.8kB
9
9
142.250.27.155:443

googleads.g.doubleclick.net

tls

IEXPLORE.EXE

724 B
4.8kB
9
9
142.250.27.155:443

googleads.g.doubleclick.net

tls

IEXPLORE.EXE

724 B
4.8kB
9
9

8.8.8.8:53

www.konthaiusa.com

dns

IEXPLORE.EXE

128 B
137 B
2
1

DNS Request

www.konthaiusa.com

DNS Request

www.konthaiusa.com
8.8.8.8:53

www.youtube.com

dns

IEXPLORE.EXE

61 B
223 B
1
1

DNS Request

www.youtube.com

DNS Response

142.250.27.190

142.250.102.93

142.250.27.91

142.250.102.91

142.250.27.93

142.250.102.136

142.250.102.190

142.250.27.136
8.8.8.8:53

www.facebook.com

dns

IEXPLORE.EXE

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.243.35
8.8.8.8:53

static.xx.fbcdn.net

dns

IEXPLORE.EXE

65 B
104 B
1
1

DNS Request

static.xx.fbcdn.net

DNS Response

157.240.243.2
8.8.8.8:53

scontent.xx.fbcdn.net

dns

IEXPLORE.EXE

67 B
83 B
1
1

DNS Request

scontent.xx.fbcdn.net

DNS Response

157.240.243.2
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.27.94
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.27.94
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.27.94
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.27.94
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.27.94
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.27.94
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.27.94
8.8.8.8:53

googleads.g.doubleclick.net

dns

IEXPLORE.EXE

73 B
137 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

142.250.27.155

142.250.27.157

142.250.27.154

142.250.27.156
8.8.8.8:53

static.doubleclick.net

dns

IEXPLORE.EXE

136 B
100 B
2
1

DNS Request

static.doubleclick.net

DNS Request

static.doubleclick.net

DNS Response

142.250.27.148

142.250.27.149
8.8.8.8:53

jnn-pa.googleapis.com

dns

IEXPLORE.EXE

67 B
99 B
1
1

DNS Request

jnn-pa.googleapis.com

DNS Response

142.250.102.95

142.250.27.95
8.8.8.8:53

www.google.com

dns

IEXPLORE.EXE

60 B
156 B
1
1

DNS Request

www.google.com

DNS Response

142.250.27.105

142.250.27.147

142.250.27.103

142.250.27.104

142.250.27.106

142.250.27.99
8.8.8.8:53

i.ytimg.com

dns

IEXPLORE.EXE

57 B
89 B
1
1

DNS Request

i.ytimg.com

DNS Response

142.250.27.119

142.250.102.119
8.8.8.8:53

yt3.ggpht.com

dns

IEXPLORE.EXE

59 B
120 B
1
1

DNS Request

yt3.ggpht.com

DNS Response

142.250.102.132
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

95.100.245.144
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

95.100.245.144
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

95.100.245.144

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
01f23bd962db38ef939178cf799db083

SHA1
b82994318e4c04aa6ef8ff5ffc0b15689a1fa352

SHA256
d37002e6bb828a050fb36daf011d08987a2f7b223b16607b364a98921908de0b

SHA512
b0db8fb296f458fc81ba78b160f84ba16ea32fff00a6738cbe75614102297901122f739a0650383641ea5c3fd4fe0ba7ce80252e424748c1de47c8f7fca14d9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6db60457bedef9cc76244f33897c3c41

SHA1
1fa324623b4359e63b09cb905e9d15d9b1c060d7

SHA256
44e3e6ab6fd457fc9b1f73b598f4c2f203ba4adad23960e4894fea75126a9c78

SHA512
9b08451d9370ffda3175a1faeeea9206636b28cb3652b1e0ceae4254cf5ce1dae9b509d1356350bc19fb6210ac1c683b519a323b079f9e7ab95cd99324435303

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae58ed8215905755a6a54ce1031291d8

SHA1
ff2cb986c87f25188c26871bf4091a24a4b661fa

SHA256
a5ad1a2280a3c4a46514e99aeeeebdfecd260bbe6ea8effecb20f1566f580652

SHA512
5b3d13707b3c01e5121ce5cdc7e306613446ec170b022a16137e7d541f780f5327ccbcc366ed367211fc77afb1fb475404dbb21f0e7b099c8f5ef4d4a8a992c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3bc73fc7204a3de6629cc38a9932e982

SHA1
b26d0091081ed19bcf0a23518eff0ad974dd9ed0

SHA256
0fcec1435da8ac47d35b92c1aec6b95d4ab465cd4d0419d28a1e9497ce8dde07

SHA512
50e61a328501c360dd4c3f9e22b15c85bcbbd615757370630f2edbbbd4b34b71314bb6bac6d9e242c7da78bea97477c9154a63454f289fd3996d3e49f21929ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c922677e1884ad1d9ee269c41bec65d

SHA1
73d1f840038240a23a930fd5c368abdccfc8cede

SHA256
6254ef8f798e30cf16a97524c8d8dde5ca81fc04aa335737681387b98ca915a3

SHA512
413c5fa7f6b6d46846b76e165b9a99cb0dd83573bedbbda8c16a43c50a8f1b9784837e61a10ea678ed35c6af76f2a578b0f5979f0b3ce74a46cd1238ed5792c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7b0e593c4775c56eaf40082be775576

SHA1
84763791cfd67b5050fd3395b70bed97a435f279

SHA256
8f66107e6260625fecc5536964aa30425733bae57d113fdd61343d9b96235edd

SHA512
cd1c1138dc6936a0cc60962c444b6a9e478b095cc3a90ded75e217d95101dc16bd8999232c2104daa3226a603bb71f2c8e7d8c05e76cf958503277cf0dca3e41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
097921d7328c4127637eda0579a7fc20

SHA1
04d8efbf22e5078325733c724cc14abe617e0881

SHA256
fdecd220ffd24423c721428485aee9b1752c02dbda8d85e46f8624fdec6733e0

SHA512
58bcbf418360a2aec90fafd78ce82e546297eb8fb8928eb086e561ad8c7655838f2c41f9cb1aa957a477bf2c41a7768037218b76b1e7680478a06f8635587221

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e8f6f601cf520c7f2e1e2760b949d186

SHA1
5b01f38a857a973dd3825ca196add5795cb894f1

SHA256
4c369477f57bf8e054bffb21ae3cafa6a87aaf5e538c8609ae6a5991c8ffd29c

SHA512
aa38460bc9479129f3601c295012df65cce33e2b91b88cbeca03dc386967225d2bfcaa9bc8a0125079c194962c28623b5d3a5ef47402af738b0409763b8e955c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4e80b459e14203e4928cb50e6dcd52f

SHA1
d936373b92327d76140f9bc220974bb3f288ca46

SHA256
2ee14f638c1bc0d04df123e60ed6a8aa796d1eb99f31f763b6f7305b04ede122

SHA512
5f7b1b3940800219a51a9164ca9517e3833f3079f078458d49d5c2ef940958ea18bbf2d48fb7deb2f4d2de538fa1d94c969df19ed337469c04bf35fbba82949c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b996f2556335ed34850b1ff3e24790e7

SHA1
eb5881a4a72ef9c638a55eb2a29cc262f446efe9

SHA256
39fd6899a42d8585cc187aa394cdb0fa7822e3900afae2bfb830bd29ca68ffd9

SHA512
533df4950ca32aee8fe72d0edea1b682b138cf95bfcb93ca6fadfbe836bca2f1f5d879633e0cba6d92b46f70204ce71a3ad3e7a51bc3c6fb6276c4f22b95fc62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac41e7de094bf747cccf89767426a8a6

SHA1
224d9f1c163a3352aa269146c747f3e2ccc82a80

SHA256
52c1045896f341bf82e6db9287c8a8359a5e10458a92de3b117c381c6a6d55eb

SHA512
0f6031c8250fccec8df14935477788330891ee4a50b64c06875dd8cf63d8c124799e6f48b0d1766c642d175c346319a13f2945c125b0f0044437d752ab25de76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88223cf8a9c720ae4b2b998f0bfe1fd0

SHA1
345095c04a41ac20397df24a32bc9139d02e2577

SHA256
92f678732ac2cfb42b932f80c6a02db3fe65cf296623627c91372d7bad3e109b

SHA512
d7646635ff0e5537eb29ea0c0e714252616eeb1196e6df92b8aa263151040223f370df2f7e36f53402bafafc511f511c80ee1fc889070294d33d7c610c0d6810

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c4d99203e246c2ee4a54bac4f5847dd7

SHA1
67c1505d440200f7130712d6db656a3be8bc121a

SHA256
32663f2dc325ad6f8a7d3741340619894781bc58c95bec4d4b54e16fc870ba91

SHA512
a0a1f182066d3d27b53f37aa96a9aaab0860cb32e9057a05edd1614796cec9a303c2b26544c989aa21f0b2a15cd7b69b78a0633185d5fa3395d21e6be17f7eb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3V6GMKJ0\www.youtube[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3V6GMKJ0\www.youtube[1].xml

Filesize
13KB

MD5
95095179819e29a5c8c36fb0da9fae6a

SHA1
752e1f96704b2c3806c94a94322934f6b14af37b

SHA256
c62239f89c9b3e3fa9808da0c1c09457f508680e3b3558ac2a027c7ae23ed94f

SHA512
39ee399a8ee5af5dac78d347f510176f3f3b3cf66846794e00924ef04c3f2b592208f16cd6b4d4152e0132fefe91ea5997445d29be3c900ca1f4eab87342bec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3V6GMKJ0\www.youtube[1].xml

Filesize
13KB

MD5
3cf056af85e10befc8fb7c265b3eb409

SHA1
40601ae7b3c8577a336128c73cdb37418a767418

SHA256
91189b6f88f9a7b14ad8f85251c926555a46dfeffe94bac6cc2794c085198d20

SHA512
2c77347433058ce026d2ac340ca1468881a59a456a60a09600b97eb0d9fb7457b3a664a55766a617e3cb7f1db4fe5b0c02a3999033ae45818596a4f39cee55c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3V6GMKJ0\www.youtube[1].xml

Filesize
13KB

MD5
068bb82e7aa6453e3305512ac5c21c89

SHA1
905ffb74bfb9c467d0192967cca86dbca6eabba7

SHA256
824ef8fc2e2c83dd544c7ed5bcf11034198702aec947eb80e238b14171f6b672

SHA512
9cdfbfbd736d2abaf27eca6080c8809ba4417db9d1d48e8a879797a2922f81bfb6268dd27d4da1e67d123d2207c9e08a649d12ef6834e4642484fe1e5fa91c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3V6GMKJ0\www.youtube[1].xml

Filesize
990B

MD5
f7c2c4b94dc9f9f0fd380bc65cf51f69

SHA1
e12f87e23798f3816ba32938622b3673b7139726

SHA256
fa7a0f8af1dfd52d5939e31a6bc47fe8e09267b2482e6d7ab1afa0e1b6db218d

SHA512
13a24aa73e82c208076b9399552d4023c190c532085287274d5d2f3bd00916b1ba5f002e56eeaafd74d71eeda9a6f3eca88be4d5831761cb8bcde668b09a3cf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3V6GMKJ0\www.youtube[1].xml

Filesize
990B

MD5
71222e2390d311f4f81ad86c3457a1c8

SHA1
a2d9a620a02e6efda739161b57ef0fcb2af10f64

SHA256
3b0444ea4f93bee79f01c033e01f735780c6b0422c3ed2725422bd2e3ec88c05

SHA512
cdd3f3bbeed68147943ab892acc15e0fbd455b3b79a89aada5165ab3bb7b8795bf4a8f155fa2a06ce0e4fd3f6b4bcb3a4de1ad471ee55725778f6406373013b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3V6GMKJ0\www.youtube[1].xml

Filesize
990B

MD5
11dab707b1a5907c5dd7f5ae639b95f3

SHA1
fb5675f02944876d47989aa8f8ccd25a4323d52d

SHA256
4ecfe2e86fa4e6ccd7858e44a75f1b11b8db76c9c9c5d89349c51c25c93b4531

SHA512
9ca4ec6a61d80fd6c097cee7a3b6f4eac3af90fa91d4f0633e4795baf774b21bd966c753d9abef1a46fb0a96c3cf2542b5530c45f5e644d212b7b583fdb8bfe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3V6GMKJ0\www.youtube[1].xml

Filesize
12KB

MD5
6cb755f4e787836e3b2946a3d338ee1d

SHA1
e4e8bf1bc1a9922d574d3393a32bf07a75422442

SHA256
67c72b978f9c81b99b564a535f0ad960ee5fdae2ce4cf9cf3db900c49fcdf056

SHA512
221f298d9aebdb681b206eef99b0f6ae7ef3f3039590f28765acec7eba5314a8555941069a590bec7ed673a7e188df0fba564bf06f301e7a09cf1bf6203cef27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3V6GMKJ0\www.youtube[1].xml

Filesize
990B

MD5
0178258b4c0f6e8a83eed6684a09df52

SHA1
a148926ca0fd37774d4ecf7a11e1705d3cff11fa

SHA256
0a498ba2b4e286b436185e99eebe56fb6801dd1f27115c78743ab07b6af2fa98

SHA512
616edd0ae14ea770fd36fb2594430dec6b10fe45c0b2dc0cb1624fc309fd877438d32cc1f8b248e870a28079f130a780cc7299bbb89ea63f6265261c981bf6a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3V6GMKJ0\www.youtube[1].xml

Filesize
990B

MD5
258f0d66e1aba5f83fcc42132a34241f

SHA1
0fe1ee0baa8735dc6e5dfb122f7bdccce190f67c

SHA256
9b37b4947b91ba9994e95d8c2251b25a001c523db990e89b9509f2864e10badb

SHA512
b16d0281c981e38eec3bb8786d3e74b90c7924cf2bbeed26b51d98d4b2bdc5a8b7600850b0c68d08443cc5b91b2a45f11dd855c90eb9ee721faa1e0df721dccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3V6GMKJ0\www.youtube[1].xml

Filesize
229B

MD5
0662460246740a190f7b64bbc66fa008

SHA1
5776937b0dc660cc8eab9ed949c95ed0a77ed2c2

SHA256
f82a015fdbe32d48529a3dcdff5ef16dce9c7d23f1636411a08499ca94b062d3

SHA512
cda06befad09626c46de045887934e813d76b6ca463df8b0c50f1fb863215cb0eeb0d57debabebd8068e7018f720ffb0a1fb37d7324f85f6772ba1be472c9537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3V6GMKJ0\www.youtube[1].xml

Filesize
229B

MD5
6308b9d7f6cc4036a50af3e3443ce7b6

SHA1
397579f3cb0111bf5158747fd05b8755e2ce60a9

SHA256
16b65126d5346a09db4fb39cb0c52c72e0ecfbd6b88d7147fba85640e996ecbd

SHA512
147956f78a2867c9ca614d9c6cc89f39438aff3c7e6bd0c7a5179a5c5b3e9270e8905448512b55b5d05431d3aa310732b5bff9e15aa6f989e6a3789a741f0282

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3V6GMKJ0\www.youtube[1].xml

Filesize
229B

MD5
d837671b74f241a066e496291fb6c591

SHA1
ba62be048c9661835b841f2dd9668aecbd5e42ac

SHA256
e8601f9a05e94457e57a407636c2eab3c2c3e00b896a6371574e07b18329979a

SHA512
85827848792cbf3578df3b6332d9de97e43640015d9ff16a3406cf4a7e1e68da278cd0f7d6ce5487ce0305ccf556901c273a3c3c18951f3702fa8410581dc8bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3V6GMKJ0\www.youtube[1].xml

Filesize
641B

MD5
d0f67d2335d13e25001a05fb0d60d4fb

SHA1
425db0e6cb995f7718238770aa17f3452dcb2dc1

SHA256
2bb06f69f2a213bf9086b530e39eaa3199e2f725afff678b9c94d2fc552f314e

SHA512
c0222906037fe70005967be0eff215f956d02e3ff62da9b453c1c2cacc596dc5f434bb3ac27552859571fac5207c66690fe3bea25e106fdf53a09ad482d300fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3V6GMKJ0\www.youtube[1].xml

Filesize
15KB

MD5
35ba1fc6409b7d57b2de60956cb933d8

SHA1
9f922d90c4f8949e034f6263a6428907b27f7eff

SHA256
afa959eb31b91cfefe4c7ad54dd99c4d68b89886b738d8399175fc4c8a16a6a1

SHA512
e638d1f4e427d81cce276b6119f1103affaffdc11069d03ac2e8413dab680333119fd6d0927a7a34fdd4148b7d5243a1744f2c2be58341502fe87c6d58397e95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3V6GMKJ0\www.youtube[1].xml

Filesize
34KB

MD5
44a6ed29fdcc12f82c4dcea1ff6fdb6d

SHA1
6d617d2aed4d2caa0301cc1115a9c0cf5ddcc240

SHA256
5edfc3add2e10809db4b3fc0a0207f99b1031971197998d79a2478d56d68c6fa

SHA512
86f783e1d312815d743dafdae0428fc2886aa7ade0ed9f525e0e3320bd117ff8c6d61639fab571cd9f535a6b6f3bde79287d93d1493644cf2807cd9e367e3eb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3V6GMKJ0\www.youtube[1].xml

Filesize
28KB

MD5
d8fe078e03d33feb948c0154e6a581e2

SHA1
c2bc5f7a6f041f0eaffc22e55b1c978db71206c1

SHA256
81a78db2e2d419b18a81db481f7bf2c4aa4f72ae0fee98fe88c3d9a8ad005ac8

SHA512
54f32c65c8e43c143cb6f6e08a7c2cda6b663d26de1a846d5d2846477ce4e66e48b505d6391e25df0d3271552a1a44be99b27d71023c6fbceff28215beaa5b4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3V6GMKJ0\www.youtube[1].xml

Filesize
814B

MD5
7bbcd1fb1cd5f725a6d6b13ebfb0f9ed

SHA1
d42f16f15c9f44aafbca804c196947c8024ef9d8

SHA256
fe8f49884457c589703977294afc5bd4997662529c504a0d846110e46e449b0a

SHA512
eaffb33c9eb8d91864ba41a180345223875210772ff307bf5b085dc2ab56581fb88537498aca492e9bbce3bb3656514844af936e426bddd4fb1d8d830e0fc480

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3V6GMKJ0\www.youtube[1].xml

Filesize
13KB

MD5
13b74bc8054ff13bb8e64cd376b532f6

SHA1
8f28341b92557022c3a8eea5b940252c836ee2f4

SHA256
5d1d1fb0d9bd07c0532fbb02f969f01b1c9062ac9f6c5c9597f7c1980ef55387

SHA512
bfb04fd45144c7c4399959f24225bbe1eb89db673dc33158e2f2c314f43ac8496bd902b7b45942275997953bee23d9dd0b468f65ea7916aa8180aac4e512d43a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3V6GMKJ0\www.youtube[1].xml

Filesize
13KB

MD5
5d48a3ebc3e7aebd1379a701b4375709

SHA1
45138ac210d8d833042ad3f3c8cc51363d045d8b

SHA256
4401aaf6f9fc6d373f45470af9731c712051e34c651754bc8fafdd933529cc9a

SHA512
5f5d192d73cea79a8f185aa9557ee9e607d8797e862ab6bd8739f97237f282640fdbd6cd5a7c5e3eff3f21e75e2aae077ff1675903d1dc05318016d1dbe860e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8B420DKQ\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

Filesize
19KB

MD5
de8b7431b74642e830af4d4f4b513ec9

SHA1
f549f1fe8a0b86ef3fbdcb8d508440aff84c385c

SHA256
3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a

SHA512
57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8B420DKQ\KFOmCnqEu92Fr1Mu4mxM[1].woff

Filesize
19KB

MD5
bafb105baeb22d965c70fe52ba6b49d9

SHA1
934014cc9bbe5883542be756b3146c05844b254f

SHA256
1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed

SHA512
85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8B420DKQ\base[1].js

Filesize
2.3MB

MD5
17a10142895c6a363ba136ac006a4820

SHA1
de51c34792249b9eaa8528607dfbcf8be4c9d420

SHA256
8e35664ab4258ee9241565c530d5643ceda21a4d378eea70d3d55e40abeac376

SHA512
1670197191c76954dfb19386beea94399dd3cf5cb50a7beb23c0b5ab35aaa33c02d9fcd320b03e6e54578dd921e82ab4d3774a0af3f6cff702e6afbc87cfa270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8B420DKQ\www-embed-player[1].js

Filesize
328KB

MD5
f1bba28df89db5ae5aeb200874be7960

SHA1
693cb2caa3149a71891a71e8ee4661b7e0b7c953

SHA256
5986f6d4c2f53e79f5b0fb625f68dc573370755cfbaafa7426a4378b8f0478b5

SHA512
069af34d9649eb5e81bfc66613b761f97b3cdb3e13a79189ee83f0e18ed935b16794a57ec18340b6400c5611f27fe43bc6770411bf62294ff9896d5a99ceb5ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8B420DKQ\www-player[1].css

Filesize
378KB

MD5
b5728d6046b8b1e06fcd4516d9538013

SHA1
11c4ba6fabf067699c3466bf7067aa6c26bf8c34

SHA256
85b09e486828aaeee2aa44babe113e29db15009297959e9105342a762186646c

SHA512
fd6653bf535b651152d353d655bb9cfd4fadf7bd95815eab9314e966306583e0f7f1f3559088c89d24b31a8aaf3a95af74ad1f5e8eb553892fd690ac81e8aff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\ad_status[1].js

Filesize
29B

MD5
1fa71744db23d0f8df9cce6719defcb7

SHA1
e4be9b7136697942a036f97cf26ebaf703ad2067

SHA256
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

SHA512
17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\embed[1].js

Filesize
66KB

MD5
a58451d3e6fbe9efc9e07683f45e6ddc

SHA1
eb8975653e30dd0e72620268780ad0ee8c69fb7f

SHA256
ed6638894dea99b332480b83eaa3fe1a4a4cf51d1985cf44ab9baeb28685ef54

SHA512
b6a43b84d3efe8b3c84ea6cf529fe995cd20730fecc96516ec416e77f69d1244c38a0ff272bec72bb2e7020125c64f65320ac61065f6e2d5c4d875d5c87df349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\remote[1].js

Filesize
118KB

MD5
1f3261531691ba9e991472f8185af864

SHA1
f31c7f6bb080f561e38680d8a394eaf27bc9e3db

SHA256
d4d3fe54a276a54efa2148db8fc9985d04e8b2d258bbc6fa4f25977a95f2de0d

SHA512
4e8cef53a9d499f91e9004303423d7c91c8c961e6c3dfc75a9ff3b907348d25b536a625d7e9ca7e88a711b98e46f85c57ff2c14acac1cc57e75b707313e537be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW44N8OS\_MtEdLRde-f5_qWpN1PloitzgIfC0LddkeZZHK-tyIk[1].js

Filesize
54KB

MD5
5f22be8264380007ce1ee2b46a0fc3b4

SHA1
bff3b56f1c261beb78c691557040c53750821266

SHA256
fccb4474b45d7be7f9fea5a93753e5a22b738087c2d0b75d91e6591cafadc889

SHA512
c07328c5254351fae5b79ab9c41ebdf01ebd5b219f7a622c5b3b4c6bbcc468c845620e41f97d414595a7ea1d2b4cc144f27ad09b055a7921f1c1107e92497278

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC370.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC392.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response