b511eb4e5acaa08cd2d4bd667d82a263e9e2cc566f7c20c206c877be9ab812ae

Analysis

max time kernel
127s
max time network
128s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
11/01/2025, 06:44 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_f9dd7a0c43856dcfee3e769502e32de8.html
Size

59KB
MD5

f9dd7a0c43856dcfee3e769502e32de8
SHA1

cce5fcdc5113ebdc31789acbb84c58074d28ed0c
SHA256

b511eb4e5acaa08cd2d4bd667d82a263e9e2cc566f7c20c206c877be9ab812ae
SHA512

e8073d1cea25702a87986b3be7850487b33f613aa19d0ba5d0c4eed4959fbd91aa033b50a81401349f71a0b6ccb0dadd2eef0ef7a3e0d573cd28ef415a6b3344
SSDEEP

768:uR1hYGAcTt7G4zt2/6KNqLE+dATCdUK7aCukpqB:uR17AcZ7G4zLE+dZdUIukpqB

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 62 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf00000000020000000000106600000001000020000000be5a554c98002a6272604040d0f92eb33498efe88f5b6bcc913b97f8f1deeaba000000000e8000000002000020000000b2dc1fec226325237bb11ba649b4e259717d03846dd9046e68516d8e34f431aa90000000c1dbb757d7205e83dee0240bd1415fe3f683b26e5b439c9782b5d0f0c8941f08790d5972f9253ed47d1d2189182908672cb31ccf8a09df7950c49b163acd5432f1930af862e36ffa9d7c1763ab536bbacba7dae09b24f8e6c0cae96f039bcd91e00ca468bfa5bc07bb6283832222af007e384f1c2ae8dfaa9e2f894efb74ccb394bc921bacaad9a41800edbe7b4296d940000000f5064398205588166e423c7e38f40ef36525ff285c92f5b14a4521a842eed389f93df177516502ff4eb49542e6257f085a1309366481bf31e6d5cd5a1fcbc11d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10979"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10979"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10979"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8557E621-CFE7-11EF-B7A5-FED808322145} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442739743"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50e4e75df463db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf000000000200000000001066000000010000200000006e07d78f6a6aa3a3d6c15647cb79d8f0ccb268f7c09ce8c85a7cf54c551dba52000000000e8000000002000020000000aa01a7f3d2e24d128508b39f262e3f056b690f9e2026fec1eaa2630d5d9a954320000000b5d3604a6cb0505ca004468c253cdcf81b54040d4a05ab9d26e8f716c327edc540000000283d0c01de7e339d177457a6dda7460e1ed8c1496ee8c72f2188236665f7f6acd6f55e4672e5931452c4602911b3103e2a4b5ce3b851191061b1c67274f311a0	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2268	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2268	iexplore.exe
2268	iexplore.exe
2052	IEXPLORE.EXE
2052	IEXPLORE.EXE
2052	IEXPLORE.EXE
2052	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2052	2268	iexplore.exe	30
PID 2268 wrote to memory of 2052	2268	iexplore.exe	30
PID 2268 wrote to memory of 2052	2268	iexplore.exe	30
PID 2268 wrote to memory of 2052	2268	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f9dd7a0c43856dcfee3e769502e32de8.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2268 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2052

Network

DNS

ajax.googleapis.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

216.58.201.106
DNS

img.youtube.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

img.youtube.com

IN A

Response

img.youtube.com

IN CNAME

ytimg.l.google.com

ytimg.l.google.com

IN A

142.250.180.14

ytimg.l.google.com

IN A

142.250.178.14

ytimg.l.google.com

IN A

216.58.204.78

ytimg.l.google.com

IN A

142.250.179.238

ytimg.l.google.com

IN A

172.217.16.238

ytimg.l.google.com

IN A

142.250.200.14

ytimg.l.google.com

IN A

142.250.187.238

ytimg.l.google.com

IN A

216.58.201.110

ytimg.l.google.com

IN A

142.250.200.46

ytimg.l.google.com

IN A

142.250.187.206

ytimg.l.google.com

IN A

216.58.212.206

ytimg.l.google.com

IN A

216.58.213.14

ytimg.l.google.com

IN A

216.58.212.238
GET

https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js

IEXPLORE.EXE

Remote address:

216.58.201.106:443

Request

GET /ajax/libs/jquery/1.7.2/jquery.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ajax.googleapis.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 33845
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 05 Jan 2025 02:49:49 GMT
Expires: Mon, 05 Jan 2026 02:49:49 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 532492
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/X7rhovBK_eA/mqdefault.jpg

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /vi/X7rhovBK_eA/mqdefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 12888
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:44:41 GMT
Expires: Sat, 11 Jan 2025 08:44:41 GMT
Cache-Control: public, max-age=7200
ETag: "1529404461"
Content-Type: image/jpeg
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/6CaerbjE_aE/mqdefault.jpg

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /vi/6CaerbjE_aE/mqdefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Type: image/jpeg
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 18645
Date: Sat, 11 Jan 2025 06:44:41 GMT
Expires: Sat, 11 Jan 2025 08:44:41 GMT
Cache-Control: public, max-age=7200
ETag: "1655440742"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/BLEYCyrLpkI/mqdefault.jpg

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /vi/BLEYCyrLpkI/mqdefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 18561
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:44:41 GMT
Expires: Sat, 11 Jan 2025 08:44:41 GMT
Cache-Control: public, max-age=7200
ETag: "1655486663"
Content-Type: image/jpeg
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/GihybX7JyG4/mqdefault.jpg

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /vi/GihybX7JyG4/mqdefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 16912
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 05:30:51 GMT
Expires: Sat, 11 Jan 2025 07:30:51 GMT
Cache-Control: public, max-age=7200
Age: 4430
ETag: "1509023583"
Content-Type: image/jpeg
Vary: Origin
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/L6v7us25uY8/mqdefault.jpg

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /vi/L6v7us25uY8/mqdefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 7169
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:44:41 GMT
Expires: Sat, 11 Jan 2025 08:44:41 GMT
Cache-Control: public, max-age=7200
ETag: "0"
Content-Type: image/jpeg
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/8dWT6bn9cts/mqdefault.jpg

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /vi/8dWT6bn9cts/mqdefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Type: image/jpeg
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 9867
Date: Sat, 11 Jan 2025 06:44:41 GMT
Expires: Sat, 11 Jan 2025 08:44:41 GMT
Cache-Control: public, max-age=7200
ETag: "0"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/SUcnJrqKcSI/mqdefault.jpg

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /vi/SUcnJrqKcSI/mqdefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Vary: Origin
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Type: image/jpeg
Date: Sat, 11 Jan 2025 06:44:41 GMT
Expires: Sat, 11 Jan 2025 06:45:11 GMT
Cache-Control: public, max-age=30
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 1097
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/RjoJAHcGcP0/mqdefault.jpg

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /vi/RjoJAHcGcP0/mqdefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Vary: Origin
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Type: image/jpeg
Date: Sat, 11 Jan 2025 06:44:41 GMT
Expires: Sat, 11 Jan 2025 06:45:11 GMT
Cache-Control: public, max-age=30
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 1097
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/O2ae_cd2cfg/mqdefault.jpg

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /vi/O2ae_cd2cfg/mqdefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 20016
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:44:41 GMT
Expires: Sat, 11 Jan 2025 08:44:41 GMT
Cache-Control: public, max-age=7200
ETag: "1652964280"
Content-Type: image/jpeg
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/ZUbfskQ-GAY/mqdefault.jpg

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /vi/ZUbfskQ-GAY/mqdefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 7902
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:24:13 GMT
Expires: Sat, 11 Jan 2025 08:24:13 GMT
Cache-Control: public, max-age=7200
Age: 1228
ETag: "1685781438"
Content-Type: image/jpeg
Vary: Origin
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/eHU_ip_bI9g/mqdefault.jpg

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /vi/eHU_ip_bI9g/mqdefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Type: image/jpeg
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 20203
Date: Sat, 11 Jan 2025 06:44:41 GMT
Expires: Sat, 11 Jan 2025 08:44:41 GMT
Cache-Control: public, max-age=7200
ETag: "1540971201"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/RysEc8aUcdM/mqdefault.jpg

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /vi/RysEc8aUcdM/mqdefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Vary: Origin
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Type: image/jpeg
Date: Sat, 11 Jan 2025 06:44:41 GMT
Expires: Sat, 11 Jan 2025 06:45:11 GMT
Cache-Control: public, max-age=30
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 1097
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/uRrdormtnww/mqdefault.jpg

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /vi/uRrdormtnww/mqdefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Vary: Origin
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Type: image/jpeg
Date: Sat, 11 Jan 2025 06:44:41 GMT
Expires: Sat, 11 Jan 2025 06:45:11 GMT
Cache-Control: public, max-age=30
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 1097
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/d5E2AQKuCyU/mqdefault.jpg

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /vi/d5E2AQKuCyU/mqdefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 20581
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:44:41 GMT
Expires: Sat, 11 Jan 2025 08:44:41 GMT
Cache-Control: public, max-age=7200
ETag: "1691413812"
Content-Type: image/jpeg
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/1Z4lgcNUVF8/mqdefault.jpg

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /vi/1Z4lgcNUVF8/mqdefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Type: image/jpeg
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 11734
Date: Sat, 11 Jan 2025 06:44:41 GMT
Expires: Sat, 11 Jan 2025 08:44:41 GMT
Cache-Control: public, max-age=7200
ETag: "1645743950"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/eVHu5-n69qQ/mqdefault.jpg

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /vi/eVHu5-n69qQ/mqdefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 9579
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:44:41 GMT
Expires: Sat, 11 Jan 2025 08:44:41 GMT
Cache-Control: public, max-age=7200
ETag: "1529404488"
Content-Type: image/jpeg
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/5BeAXSWbNeI/mqdefault.jpg

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /vi/5BeAXSWbNeI/mqdefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 17749
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:44:41 GMT
Expires: Sat, 11 Jan 2025 08:44:41 GMT
Cache-Control: public, max-age=7200
ETag: "1665684375"
Content-Type: image/jpeg
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/ZQq79KFowEA/mqdefault.jpg

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /vi/ZQq79KFowEA/mqdefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 6152
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:44:41 GMT
Expires: Sat, 11 Jan 2025 08:44:41 GMT
Cache-Control: public, max-age=7200
ETag: "0"
Content-Type: image/jpeg
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/KYYeBL9kJNg/mqdefault.jpg

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /vi/KYYeBL9kJNg/mqdefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Type: image/jpeg
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 9724
Date: Sat, 11 Jan 2025 06:44:41 GMT
Expires: Sat, 11 Jan 2025 08:44:41 GMT
Cache-Control: public, max-age=7200
ETag: "1692525439"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/a2C90l7YlT8/mqdefault.jpg

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /vi/a2C90l7YlT8/mqdefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 9703
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:44:41 GMT
Expires: Sat, 11 Jan 2025 08:44:41 GMT
Cache-Control: public, max-age=7200
ETag: "0"
Content-Type: image/jpeg
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/ldiaiDt1w9g/mqdefault.jpg

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /vi/ldiaiDt1w9g/mqdefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 6108
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:44:41 GMT
Expires: Sat, 11 Jan 2025 08:44:41 GMT
Cache-Control: public, max-age=7200
ETag: "1713618671"
Content-Type: image/jpeg
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/n402mogx9UA/mqdefault.jpg

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /vi/n402mogx9UA/mqdefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Vary: Origin
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Type: image/jpeg
Date: Sat, 11 Jan 2025 06:44:41 GMT
Expires: Sat, 11 Jan 2025 06:45:11 GMT
Cache-Control: public, max-age=30
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 1097
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/7J-1pMESTI0/mqdefault.jpg

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /vi/7J-1pMESTI0/mqdefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 12676
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:44:41 GMT
Expires: Sat, 11 Jan 2025 08:44:41 GMT
Cache-Control: public, max-age=7200
ETag: "1529404536"
Content-Type: image/jpeg
Vary: Origin
Age: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://img.youtube.com/vi/1gwJCJ1TD50/mqdefault.jpg

IEXPLORE.EXE

Remote address:

142.250.180.14:443

Request

GET /vi/1gwJCJ1TD50/mqdefault.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Vary: Origin
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Type: image/jpeg
Date: Sat, 11 Jan 2025 06:44:41 GMT
Expires: Sat, 11 Jan 2025 06:45:11 GMT
Cache-Control: public, max-age=30
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 1097
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

c.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:37:32 GMT
Expires: Sat, 11 Jan 2025 07:27:32 GMT
Cache-Control: public, max-age=3000
Age: 429
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/gsr1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/gsr1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 1739
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:16:32 GMT
Expires: Sat, 11 Jan 2025 07:06:32 GMT
Cache-Control: public, max-age=3000
Age: 1689
Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:37:32 GMT
Expires: Sat, 11 Jan 2025 07:27:32 GMT
Cache-Control: public, max-age=3000
Age: 429
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/gsr1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/gsr1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 1739
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:16:32 GMT
Expires: Sat, 11 Jan 2025 07:06:32 GMT
Cache-Control: public, max-age=3000
Age: 1689
Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:37:32 GMT
Expires: Sat, 11 Jan 2025 07:27:32 GMT
Cache-Control: public, max-age=3000
Age: 429
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r4.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r4.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 436
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:10:54 GMT
Expires: Sat, 11 Jan 2025 07:00:54 GMT
Cache-Control: public, max-age=3000
Age: 2027
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:37:32 GMT
Expires: Sat, 11 Jan 2025 07:27:32 GMT
Cache-Control: public, max-age=3000
Age: 429
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:37:32 GMT
Expires: Sat, 11 Jan 2025 07:27:32 GMT
Cache-Control: public, max-age=3000
Age: 429
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r4.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r4.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 436
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:10:54 GMT
Expires: Sat, 11 Jan 2025 07:00:54 GMT
Cache-Control: public, max-age=3000
Age: 2027
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:37:32 GMT
Expires: Sat, 11 Jan 2025 07:27:32 GMT
Cache-Control: public, max-age=3000
Age: 429
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:37:32 GMT
Expires: Sat, 11 Jan 2025 07:27:32 GMT
Cache-Control: public, max-age=3000
Age: 429
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:37:32 GMT
Expires: Sat, 11 Jan 2025 07:27:32 GMT
Cache-Control: public, max-age=3000
Age: 429
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:37:32 GMT
Expires: Sat, 11 Jan 2025 07:27:32 GMT
Cache-Control: public, max-age=3000
Age: 429
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r1.crl

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:37:32 GMT
Expires: Sat, 11 Jan 2025 07:27:32 GMT
Cache-Control: public, max-age=3000
Age: 429
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

o.pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 11 Jan 2025 06:15:54 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1727
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQD4ZvdMc2VaVBBsza0qVaGi

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQD4ZvdMc2VaVBBsza0qVaGi HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 11 Jan 2025 06:37:41 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 420
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 11 Jan 2025 06:15:54 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1727
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQD4ZvdMc2VaVBBsza0qVaGi

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQD4ZvdMc2VaVBBsza0qVaGi HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 11 Jan 2025 06:37:41 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 420
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 11 Jan 2025 06:15:54 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1727
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED%2BqlTn3J439Eh%2BkaOauLws%3D

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED%2BqlTn3J439Eh%2BkaOauLws%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 11 Jan 2025 06:26:12 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1111
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC43tOywHj%2BZRL%2FyfPgB5LY

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC43tOywHj%2BZRL%2FyfPgB5LY HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 11 Jan 2025 06:44:09 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 32
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED%2BqlTn3J439Eh%2BkaOauLws%3D

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED%2BqlTn3J439Eh%2BkaOauLws%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 11 Jan 2025 06:26:12 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1112
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 11 Jan 2025 06:15:54 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1727
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC1tnto7KpsAhA%2BCjutvD67

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC1tnto7KpsAhA%2BCjutvD67 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 11 Jan 2025 05:56:18 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2906
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC43tOywHj%2BZRL%2FyfPgB5LY

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC43tOywHj%2BZRL%2FyfPgB5LY HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 11 Jan 2025 06:44:09 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 32
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC43tOywHj%2BZRL%2FyfPgB5LY

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC43tOywHj%2BZRL%2FyfPgB5LY HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 11 Jan 2025 06:44:09 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 32
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC1tnto7KpsAhA%2BCjutvD67

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC1tnto7KpsAhA%2BCjutvD67 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 11 Jan 2025 05:56:18 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2906
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC43tOywHj%2BZRL%2FyfPgB5LY

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC43tOywHj%2BZRL%2FyfPgB5LY HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 11 Jan 2025 06:44:09 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 32
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 11 Jan 2025 06:15:54 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1727
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 11 Jan 2025 06:15:54 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1727
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 11 Jan 2025 06:15:54 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1727
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0

IEXPLORE.EXE

Remote address:

142.250.178.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 11 Jan 2025 06:15:54 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1727
DNS

iclickcdn.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

iclickcdn.com

IN A

Response

iclickcdn.com

IN A

104.26.12.118

iclickcdn.com

IN A

104.26.13.118

iclickcdn.com

IN A

172.67.75.9
DNS

www.youtube.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

172.217.169.78

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

172.217.169.14

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

172.217.169.46

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

216.58.212.206
GET

https://iclickcdn.com/tag.min.js

IEXPLORE.EXE

Remote address:

104.26.12.118:443

Request

GET /tag.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: iclickcdn.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 11 Jan 2025 06:44:41 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 988c6ba9dcba9aa55b1b36b92903ed46
Cache-Control: max-age=86400
Last-Modified: Fri, 10 Jan 2025 12:29:57 GMT
Accept-Ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
Access-Control-Max-Age: 86400
Pragma: no-cache
Expires: Sat, 11 Jan 2025 12:40:12 GMT
Timing-Allow-Origin: *
CF-Cache-Status: HIT
Age: 65069
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BGQR8Xc8Hy%2Fel6bsfsDg16n0HtfrT3NCR9QaaG5mdLs50%2FZt%2FsSUSCqZ6Hg7HGhW0P7h83jBumPoZVnGL7biYjqH5tSeSyUVPCkx9Suwsohl92txHEeu4yQ1YHuMMsY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 9002f0920f3c4164-LHR
Content-Encoding: gzip
server-timing: cfL4;desc="?proto=TCP&rtt=66419&min_rtt=47736&rtt_var=44090&sent=5&recv=6&lost=0&retrans=0&sent_bytes=3137&recv_bytes=573&delivery_rate=70566&cwnd=253&unsent_bytes=0&cid=88e9e66f32bbf558&ts=249&x=0"
GET

https://www.youtube.com/s/player/3ede36f2/www-embed-player.vflset/www-embed-player.js

IEXPLORE.EXE

Remote address:

216.58.201.110:443

Request

GET /s/player/3ede36f2/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/biCoKj6Jy64?feature=oembed
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=Nt7w85vx7bo; VISITOR_INFO1_LIVE=wq6wjIbcYws; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgOg%3D%3D; __Secure-ROLLOUT_TOKEN=CMm87fXT4bvV3wEQ35-W3ojtigMY35-W3ojtigM%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 118631
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 10 Jan 2025 08:33:14 GMT
Expires: Sat, 10 Jan 2026 08:33:14 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 08 Jan 2025 05:15:48 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 79888
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/3ede36f2/player_ias.vflset/en_US/embed.js

IEXPLORE.EXE

Remote address:

216.58.201.110:443

Request

GET /s/player/3ede36f2/player_ias.vflset/en_US/embed.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/biCoKj6Jy64?feature=oembed
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=Nt7w85vx7bo; VISITOR_INFO1_LIVE=wq6wjIbcYws; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgOg%3D%3D; __Secure-ROLLOUT_TOKEN=CMm87fXT4bvV3wEQ35-W3ojtigMY35-W3ojtigM%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 10934
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 08 Jan 2025 08:48:14 GMT
Expires: Thu, 08 Jan 2026 08:48:14 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 08 Jan 2025 05:15:48 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 251790
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/embed/biCoKj6Jy64?feature=oembed

IEXPLORE.EXE

Remote address:

216.58.201.110:443

Request

GET /embed/biCoKj6Jy64?feature=oembed HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 11 Jan 2025 06:44:41 GMT
Strict-Transport-Security: max-age=31536000
Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
Cross-Origin-Resource-Policy: cross-origin
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube_main"
Content-Security-Policy: require-trusted-types-for 'script'
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
Set-Cookie: YSC=Nt7w85vx7bo; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_INFO1_LIVE=wq6wjIbcYws; Domain=.youtube.com; Expires=Thu, 10-Jul-2025 06:44:41 GMT; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgOg%3D%3D; Domain=.youtube.com; Expires=Thu, 10-Jul-2025 06:44:41 GMT; Path=/; Secure; HttpOnly; SameSite=none
Set-Cookie: __Secure-ROLLOUT_TOKEN=CMm87fXT4bvV3wEQ35-W3ojtigMY35-W3ojtigM%3D; Domain=youtube.com; Expires=Thu, 10-Jul-2025 06:44:41 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.youtube.com/s/player/3ede36f2/www-player.css

IEXPLORE.EXE

Remote address:

216.58.201.110:443

Request

GET /s/player/3ede36f2/www-player.css HTTP/1.1
Accept: text/css, */*
Referer: https://www.youtube.com/embed/biCoKj6Jy64?feature=oembed
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=Nt7w85vx7bo; VISITOR_INFO1_LIVE=wq6wjIbcYws; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgOg%3D%3D; __Secure-ROLLOUT_TOKEN=CMm87fXT4bvV3wEQ35-W3ojtigMY35-W3ojtigM%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 62099
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 10 Jan 2025 03:43:58 GMT
Expires: Sat, 10 Jan 2026 03:43:58 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 08 Jan 2025 05:15:48 GMT
Content-Type: text/css
Vary: Accept-Encoding, Origin
Age: 97244
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.youtube.com/s/player/3ede36f2/player_ias.vflset/en_US/base.js

IEXPLORE.EXE

Remote address:

216.58.201.110:443

Request

GET /s/player/3ede36f2/player_ias.vflset/en_US/base.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/biCoKj6Jy64?feature=oembed
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.youtube.com
Connection: Keep-Alive
Cookie: YSC=Nt7w85vx7bo; VISITOR_INFO1_LIVE=wq6wjIbcYws; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgOg%3D%3D; __Secure-ROLLOUT_TOKEN=CMm87fXT4bvV3wEQ35-W3ojtigMY35-W3ojtigM%3D

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 815781
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 10 Jan 2025 14:00:22 GMT
Expires: Sat, 10 Jan 2026 14:00:22 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 08 Jan 2025 05:15:48 GMT
Content-Type: text/javascript
Vary: Accept-Encoding, Origin
Age: 60260
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/api/stats/qoe?cpn=26c9U-PEk5KPsaTb&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C127326%2C26443548%2C7111%2C36343%2C9954%2C34656%2C2871%2C44048%2C796%2C11397%2C19100%2C27818%2C18053%2C591%2C7505%2C5541%2C1823%2C3186%2C7706%2C6942%2C408%2C20473%2C8%2C10631%2C9243%2C1581%2C1690%2C14%2C3943%2C2%2C120%2C366%2C1684%2C4903%2C3025%2C2980%2C4941%2C981%2C4263%2C681%2C6266%2C2049%2C1258%2C3476%2C2706%2C2261%2C4285%2C3479%2C604%2C1431%2C251%2C2208%2C3840%2C916%2C31%2C2344%2C969%2C436%2C4208%2C3807%2C1892&cl=713071505&seq=1&event=streamingstats&docid=biCoKj6Jy64&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20250107.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailablesr.This_video_is_unavailable&vis=0.001:0&bh=0.001:0.000&qclc=ChAyNmM5VS1QRWs1S1BzYVRiEAE

IEXPLORE.EXE

Remote address:

216.58.201.110:443

Request

POST /api/stats/qoe?cpn=26c9U-PEk5KPsaTb&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C127326%2C26443548%2C7111%2C36343%2C9954%2C34656%2C2871%2C44048%2C796%2C11397%2C19100%2C27818%2C18053%2C591%2C7505%2C5541%2C1823%2C3186%2C7706%2C6942%2C408%2C20473%2C8%2C10631%2C9243%2C1581%2C1690%2C14%2C3943%2C2%2C120%2C366%2C1684%2C4903%2C3025%2C2980%2C4941%2C981%2C4263%2C681%2C6266%2C2049%2C1258%2C3476%2C2706%2C2261%2C4285%2C3479%2C604%2C1431%2C251%2C2208%2C3840%2C916%2C31%2C2344%2C969%2C436%2C4208%2C3807%2C1892&cl=713071505&seq=1&event=streamingstats&docid=biCoKj6Jy64&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20250107.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailablesr.This_video_is_unavailable&vis=0.001:0&bh=0.001:0.000&qclc=ChAyNmM5VS1QRWs1S1BzYVRiEAE HTTP/1.1
Accept: */*
X-Goog-Visitor-Id: Cgt3cTZ3akliY1l3cyjZpoi8BjIKCgJHQhIEGgAgOg%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20250107.01.00
X-YouTube-Device: cbr=IE&cbrver=11.0&ceng=Trident&cengver=7.0&cos=Windows&cosver=6.1&cplatform=DESKTOP
X-YouTube-Page-CL: 713071505
X-YouTube-Page-Label: youtube.player.web_20250107_01_RC00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1736577882116&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C976%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1060%2C596&vis=1&wgl=true&ca_type=image
Content-Type: application/x-www-form-urlencoded
Referer: https://www.youtube.com/embed/biCoKj6Jy64?feature=oembed
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 226
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=Nt7w85vx7bo; VISITOR_INFO1_LIVE=wq6wjIbcYws; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgOg%3D%3D; __Secure-ROLLOUT_TOKEN=CMm87fXT4bvV3wEQ35-W3ojtigMY35-W3ojtigM%3D

Response

HTTP/1.1 204 No Content

Content-Type: text/html; charset=UTF-8
Date: Sat, 11 Jan 2025 06:44:44 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: Video Stats Server
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.youtube.com/youtubei/v1/log_event?alt=json

IEXPLORE.EXE

Remote address:

216.58.201.110:443

Request

POST /youtubei/v1/log_event?alt=json HTTP/1.1
Accept: */*
X-Goog-Request-Time: 1736577885640
Content-Type: application/json
X-Goog-Visitor-Id: Cgt3cTZ3akliY1l3cyjZpoi8BjIKCgJHQhIEGgAgOg%3D%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20250107.01.00
X-YouTube-Device: cbr=IE&cbrver=11.0&ceng=Trident&cengver=7.0&cos=Windows&cosver=6.1&cplatform=DESKTOP
X-YouTube-Page-CL: 713071505
X-YouTube-Page-Label: youtube.player.web_20250107_01_RC00
X-YouTube-Utc-Offset: 0
X-YouTube-Ad-Signals: dt=1736577881546&flash=0&frm=2&u_tz&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&bc=1&bih=-12245933&biw=-12245933&brdim=8%2C976%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1060%2C596&vis=1&wgl=true&ca_type=image
Referer: https://www.youtube.com/embed/biCoKj6Jy64?feature=oembed
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.youtube.com
Content-Length: 10547
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: YSC=Nt7w85vx7bo; VISITOR_INFO1_LIVE=wq6wjIbcYws; VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgOg%3D%3D; __Secure-ROLLOUT_TOKEN=CMm87fXT4bvV3wEQ35-W3ojtigMY35-W3ojtigM%3D

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 11 Jan 2025 06:44:46 GMT
Server: scaffolding on HTTPServer2
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

googleads.g.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

216.58.212.226
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

216.58.212.226:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/biCoKj6Jy64?feature=oembed
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Sat, 11 Jan 2025 06:44:44 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

216.58.212.226:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/biCoKj6Jy64?feature=oembed
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Sat, 11 Jan 2025 06:44:44 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

static.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN A

Response

static.doubleclick.net

IN A

142.250.187.230
GET

https://static.doubleclick.net/instream/ad_status.js

IEXPLORE.EXE

Remote address:

142.250.187.230:443

Request

GET /instream/ad_status.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.youtube.com/embed/biCoKj6Jy64?feature=oembed
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="ads-doubleclick-media"
Report-To: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
Timing-Allow-Origin: *
Content-Length: 29
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 11 Jan 2025 06:32:08 GMT
Expires: Sat, 11 Jan 2025 06:47:08 GMT
Cache-Control: public, max-age=900
Age: 756
Last-Modified: Thu, 12 Dec 2013 23:40:16 GMT
Content-Type: text/javascript
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

jnn-pa.googleapis.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN A

Response

jnn-pa.googleapis.com

IN A

216.58.201.106

jnn-pa.googleapis.com

IN A

142.250.200.42

jnn-pa.googleapis.com

IN A

142.250.187.202

jnn-pa.googleapis.com

IN A

172.217.16.234

jnn-pa.googleapis.com

IN A

216.58.212.202

jnn-pa.googleapis.com

IN A

142.250.200.10

jnn-pa.googleapis.com

IN A

172.217.169.74

jnn-pa.googleapis.com

IN A

142.250.187.234

jnn-pa.googleapis.com

IN A

172.217.169.42

jnn-pa.googleapis.com

IN A

142.250.179.234

jnn-pa.googleapis.com

IN A

142.250.180.10

jnn-pa.googleapis.com

IN A

142.250.178.10

jnn-pa.googleapis.com

IN A

216.58.204.74
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

IEXPLORE.EXE

Remote address:

216.58.201.106:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/biCoKj6Jy64?feature=oembed
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 24
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 11 Jan 2025 06:44:44 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

IEXPLORE.EXE

Remote address:

216.58.201.106:443

Request

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Accept: */*
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/embed/biCoKj6Jy64?feature=oembed
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: jnn-pa.googleapis.com
Content-Length: 1019
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json+protobuf; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Content-Encoding: gzip
Date: Sat, 11 Jan 2025 06:44:44 GMT
Server: ESF
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.192.26.94
GET

http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

Remote address:

23.192.26.94:80

Request

GET /pkiops/crl/MicCodSigPCA2011_2011-07-08.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 18 Aug 2024 00:23:49 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.microsoft.com

Response

HTTP/1.1 200 OK

Content-Length: 1078
Content-Type: application/octet-stream
Content-MD5: PjrtHAukbJio72s77Ag5mA==
Last-Modified: Thu, 31 Oct 2024 23:26:09 GMT
ETag: 0x8DCFA0366D6C4CA
x-ms-request-id: f5fbb683-601e-004e-7937-2c7962000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
X-EdgeConnect-Origin-MEX-Latency: 220
Date: Sat, 11 Jan 2025 06:45:11 GMT
Connection: keep-alive
TLS_version: UNKNOWN
ms-cv: CASMicrosoftCV137c1fdb.0
ms-cv-esi: CASMicrosoftCV137c1fdb.0
X-RTag: RT
DNS

crl.microsoft.com

Remote address:

8.8.8.8:53

Request

crl.microsoft.com

IN A

Response

crl.microsoft.com

IN CNAME

crl.www.ms.akadns.net

crl.www.ms.akadns.net

IN CNAME

a1363.dscg.akamai.net

a1363.dscg.akamai.net

IN A

2.19.117.22

a1363.dscg.akamai.net

IN A

2.19.117.18
GET

http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

Remote address:

2.19.117.22:80

Request

GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 26 Sep 2024 02:21:11 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com

Response

HTTP/1.1 200 OK

Content-Length: 1036
Content-Type: application/octet-stream
Content-MD5: +oTkvMkqpdtzWrUHEQQM3g==
Last-Modified: Thu, 12 Dec 2024 00:06:56 GMT
ETag: 0x8DD1A40E476D877
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 34cf8d72-601e-004e-4135-4c7962000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 11 Jan 2025 06:45:11 GMT
Connection: keep-alive
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

72.247.166.29
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

72.247.166.29
GET

https://googleads.g.doubleclick.net/pagead/id

IEXPLORE.EXE

Remote address:

216.58.212.226:443

Request

GET /pagead/id HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/biCoKj6Jy64?feature=oembed
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Access-Control-Allow-Credentials: true
Date: Sat, 11 Jan 2025 06:46:44 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

IEXPLORE.EXE

Remote address:

216.58.212.226:443

Request

GET /pagead/id?slf_rd=1 HTTP/1.1
Accept: */*
Referer: https://www.youtube.com/embed/biCoKj6Jy64?feature=oembed
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=UTF-8
Date: Sat, 11 Jan 2025 06:46:44 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked

216.58.201.106:443

ajax.googleapis.com

tls

IEXPLORE.EXE

756 B
4.9kB
10
9
216.58.201.106:443

https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js

tls, http

IEXPLORE.EXE

1.8kB
41.6kB
25
36

HTTP Request

GET https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js

HTTP Response

200
142.250.180.14:443

https://img.youtube.com/vi/BLEYCyrLpkI/mqdefault.jpg

tls, http

IEXPLORE.EXE

2.7kB
61.9kB
32
53

HTTP Request

GET https://img.youtube.com/vi/X7rhovBK_eA/mqdefault.jpg

HTTP Response

200

HTTP Request

GET https://img.youtube.com/vi/6CaerbjE_aE/mqdefault.jpg

HTTP Response

200

HTTP Request

GET https://img.youtube.com/vi/BLEYCyrLpkI/mqdefault.jpg

HTTP Response

200
142.250.180.14:443

https://img.youtube.com/vi/8dWT6bn9cts/mqdefault.jpg

tls, http

IEXPLORE.EXE

2.4kB
44.8kB
26
39

HTTP Request

GET https://img.youtube.com/vi/GihybX7JyG4/mqdefault.jpg

HTTP Response

200

HTTP Request

GET https://img.youtube.com/vi/L6v7us25uY8/mqdefault.jpg

HTTP Response

200

HTTP Request

GET https://img.youtube.com/vi/8dWT6bn9cts/mqdefault.jpg

HTTP Response

200
142.250.180.14:443

https://img.youtube.com/vi/O2ae_cd2cfg/mqdefault.jpg

tls, http

IEXPLORE.EXE

2.2kB
32.1kB
22
32

HTTP Request

GET https://img.youtube.com/vi/SUcnJrqKcSI/mqdefault.jpg

HTTP Response

404

HTTP Request

GET https://img.youtube.com/vi/RjoJAHcGcP0/mqdefault.jpg

HTTP Response

404

HTTP Request

GET https://img.youtube.com/vi/O2ae_cd2cfg/mqdefault.jpg

HTTP Response

200
142.250.180.14:443

https://img.youtube.com/vi/RysEc8aUcdM/mqdefault.jpg

tls, http

IEXPLORE.EXE

2.4kB
39.7kB
25
37

HTTP Request

GET https://img.youtube.com/vi/ZUbfskQ-GAY/mqdefault.jpg

HTTP Response

200

HTTP Request

GET https://img.youtube.com/vi/eHU_ip_bI9g/mqdefault.jpg

HTTP Response

200

HTTP Request

GET https://img.youtube.com/vi/RysEc8aUcdM/mqdefault.jpg

HTTP Response

404
142.250.180.14:443

https://img.youtube.com/vi/1Z4lgcNUVF8/mqdefault.jpg

tls, http

IEXPLORE.EXE

2.4kB
44.1kB
26
40

HTTP Request

GET https://img.youtube.com/vi/uRrdormtnww/mqdefault.jpg

HTTP Response

404

HTTP Request

GET https://img.youtube.com/vi/d5E2AQKuCyU/mqdefault.jpg

HTTP Response

200

HTTP Request

GET https://img.youtube.com/vi/1Z4lgcNUVF8/mqdefault.jpg

HTTP Response

200
142.250.180.14:443

https://img.youtube.com/vi/ZQq79KFowEA/mqdefault.jpg

tls, http

IEXPLORE.EXE

2.5kB
44.5kB
27
41

HTTP Request

GET https://img.youtube.com/vi/eVHu5-n69qQ/mqdefault.jpg

HTTP Response

200

HTTP Request

GET https://img.youtube.com/vi/5BeAXSWbNeI/mqdefault.jpg

HTTP Response

200

HTTP Request

GET https://img.youtube.com/vi/ZQq79KFowEA/mqdefault.jpg

HTTP Response

200
142.250.180.14:443

https://img.youtube.com/vi/ldiaiDt1w9g/mqdefault.jpg

tls, http

IEXPLORE.EXE

2.3kB
36.1kB
23
35

HTTP Request

GET https://img.youtube.com/vi/KYYeBL9kJNg/mqdefault.jpg

HTTP Response

200

HTTP Request

GET https://img.youtube.com/vi/a2C90l7YlT8/mqdefault.jpg

HTTP Response

200

HTTP Request

GET https://img.youtube.com/vi/ldiaiDt1w9g/mqdefault.jpg

HTTP Response

200
142.250.180.14:443

https://img.youtube.com/vi/1gwJCJ1TD50/mqdefault.jpg

tls, http

IEXPLORE.EXE

2.2kB
24.5kB
20
28

HTTP Request

GET https://img.youtube.com/vi/n402mogx9UA/mqdefault.jpg

HTTP Response

404

HTTP Request

GET https://img.youtube.com/vi/7J-1pMESTI0/mqdefault.jpg

HTTP Response

200

HTTP Request

GET https://img.youtube.com/vi/1gwJCJ1TD50/mqdefault.jpg

HTTP Response

404
142.250.178.3:80

http://c.pki.goog/r/gsr1.crl

http

IEXPLORE.EXE

554 B
4.3kB
7
6

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200

HTTP Request

GET http://c.pki.goog/r/gsr1.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/gsr1.crl

http

IEXPLORE.EXE

554 B
4.3kB
7
6

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200

HTTP Request

GET http://c.pki.goog/r/gsr1.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r4.crl

http

IEXPLORE.EXE

552 B
2.9kB
7
5

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200

HTTP Request

GET http://c.pki.goog/r/r4.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r4.crl

http

IEXPLORE.EXE

552 B
2.9kB
7
5

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200

HTTP Request

GET http://c.pki.goog/r/r4.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r1.crl

http

IEXPLORE.EXE

348 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQD4ZvdMc2VaVBBsza0qVaGi

http

IEXPLORE.EXE

780 B
1.6kB
7
4

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQD4ZvdMc2VaVBBsza0qVaGi

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQD4ZvdMc2VaVBBsza0qVaGi

http

IEXPLORE.EXE

884 B
3.1kB
9
6

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQD4ZvdMc2VaVBBsza0qVaGi

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED%2BqlTn3J439Eh%2BkaOauLws%3D

http

IEXPLORE.EXE

838 B
2.4kB
8
5

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED%2BqlTn3J439Eh%2BkaOauLws%3D

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED%2BqlTn3J439Eh%2BkaOauLws%3D

http

IEXPLORE.EXE

842 B
2.3kB
8
5

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC43tOywHj%2BZRL%2FyfPgB5LY

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACED%2BqlTn3J439Eh%2BkaOauLws%3D

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC1tnto7KpsAhA%2BCjutvD67

http

IEXPLORE.EXE

782 B
1.6kB
7
4

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC1tnto7KpsAhA%2BCjutvD67

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC43tOywHj%2BZRL%2FyfPgB5LY

http

IEXPLORE.EXE

466 B
843 B
5
3

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC43tOywHj%2BZRL%2FyfPgB5LY

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC1tnto7KpsAhA%2BCjutvD67

http

IEXPLORE.EXE

786 B
1.6kB
7
4

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC43tOywHj%2BZRL%2FyfPgB5LY

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC1tnto7KpsAhA%2BCjutvD67

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC43tOywHj%2BZRL%2FyfPgB5LY

http

IEXPLORE.EXE

466 B
843 B
5
3

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQC43tOywHj%2BZRL%2FyfPgB5LY

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0

http

IEXPLORE.EXE

514 B
1.6kB
6
4

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0

http

IEXPLORE.EXE

514 B
1.6kB
6
4

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0

http

IEXPLORE.EXE

462 B
845 B
5
3

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0

http

IEXPLORE.EXE

462 B
845 B
5
3

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDREXAZkIcRFgn9FoWvtnQ0

HTTP Response

200
104.26.12.118:443

https://iclickcdn.com/tag.min.js

tls, http

IEXPLORE.EXE

1.5kB
34.7kB
21
33

HTTP Request

GET https://iclickcdn.com/tag.min.js

HTTP Response

200
104.26.12.118:443

iclickcdn.com

tls

IEXPLORE.EXE

750 B
3.6kB
10
9
216.58.201.110:443

https://www.youtube.com/s/player/3ede36f2/player_ias.vflset/en_US/embed.js

tls, http

IEXPLORE.EXE

4.3kB
144.9kB
62
109

HTTP Request

GET https://www.youtube.com/s/player/3ede36f2/www-embed-player.vflset/www-embed-player.js

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/3ede36f2/player_ias.vflset/en_US/embed.js

HTTP Response

200
216.58.201.110:443

https://www.youtube.com/youtubei/v1/log_event?alt=json

tls, http

IEXPLORE.EXE

33.4kB
982.0kB
386
729

HTTP Request

GET https://www.youtube.com/embed/biCoKj6Jy64?feature=oembed

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/3ede36f2/www-player.css

HTTP Response

200

HTTP Request

GET https://www.youtube.com/s/player/3ede36f2/player_ias.vflset/en_US/base.js

HTTP Response

200

HTTP Request

POST https://www.youtube.com/api/stats/qoe?cpn=26c9U-PEk5KPsaTb&el=embedded&ns=yt&fexp=v1%2C24004644%2C434717%2C127326%2C26443548%2C7111%2C36343%2C9954%2C34656%2C2871%2C44048%2C796%2C11397%2C19100%2C27818%2C18053%2C591%2C7505%2C5541%2C1823%2C3186%2C7706%2C6942%2C408%2C20473%2C8%2C10631%2C9243%2C1581%2C1690%2C14%2C3943%2C2%2C120%2C366%2C1684%2C4903%2C3025%2C2980%2C4941%2C981%2C4263%2C681%2C6266%2C2049%2C1258%2C3476%2C2706%2C2261%2C4285%2C3479%2C604%2C1431%2C251%2C2208%2C3840%2C916%2C31%2C2344%2C969%2C436%2C4208%2C3807%2C1892&cl=713071505&seq=1&event=streamingstats&docid=biCoKj6Jy64&cbr=IE&cbrver=11.0&c=WEB_EMBEDDED_PLAYER&cver=1.20250107.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=6.1&cplatform=DESKTOP&vps=0.000:N,0.001:ER&cmt=0.001:0.000,0.001:0.000&error=0.001:auth::0.000:0;a6s.0;r.Video_unavailablesr.This_video_is_unavailable&vis=0.001:0&bh=0.001:0.000&qclc=ChAyNmM5VS1QRWs1S1BzYVRiEAE

HTTP Response

204

HTTP Request

POST https://www.youtube.com/youtubei/v1/log_event?alt=json

HTTP Response

200
216.58.201.110:443

www.youtube.com

tls

IEXPLORE.EXE

784 B
7.1kB
10
10
216.58.212.226:443

googleads.g.doubleclick.net

tls

IEXPLORE.EXE

764 B
4.8kB
10
9
216.58.212.226:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

1.5kB
6.8kB
11
13

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
142.250.187.230:443

static.doubleclick.net

tls

IEXPLORE.EXE

713 B
4.8kB
9
9
142.250.187.230:443

https://static.doubleclick.net/instream/ad_status.js

tls, http

IEXPLORE.EXE

1.1kB
6.3kB
10
10

HTTP Request

GET https://static.doubleclick.net/instream/ad_status.js

HTTP Response

200
216.58.201.106:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

tls, http

IEXPLORE.EXE

3.9kB
53.9kB
32
49

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Response

200

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

HTTP Response

200
23.192.26.94:80

http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

http

393 B
1.8kB
4
4

HTTP Request

GET http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

HTTP Response

200
2.19.117.22:80

http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

http

399 B
1.7kB
4
4

HTTP Request

GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

HTTP Response

200
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.8kB
9
12
216.58.212.226:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http

IEXPLORE.EXE

1.4kB
6.5kB
9
12

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Response

302

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

HTTP Response

200
216.58.212.226:443

googleads.g.doubleclick.net

tls

IEXPLORE.EXE

652 B
4.7kB
7
7

8.8.8.8:53

ajax.googleapis.com

dns

IEXPLORE.EXE

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

216.58.201.106
8.8.8.8:53

img.youtube.com

dns

IEXPLORE.EXE

61 B
298 B
1
1

DNS Request

img.youtube.com

DNS Response

142.250.180.14

142.250.178.14

216.58.204.78

142.250.179.238

172.217.16.238

142.250.200.14

142.250.187.238

216.58.201.110

142.250.200.46

142.250.187.206

216.58.212.206

216.58.213.14

216.58.212.238
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

c.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

o.pki.goog

dns

IEXPLORE.EXE

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

142.250.178.3
8.8.8.8:53

iclickcdn.com

dns

IEXPLORE.EXE

59 B
107 B
1
1

DNS Request

iclickcdn.com

DNS Response

104.26.12.118

104.26.13.118

172.67.75.9
8.8.8.8:53

www.youtube.com

dns

IEXPLORE.EXE

61 B
319 B
1
1

DNS Request

www.youtube.com

DNS Response

216.58.201.110

142.250.200.14

142.250.200.46

216.58.204.78

172.217.169.78

142.250.187.206

172.217.169.14

142.250.178.14

142.250.179.238

172.217.16.238

142.250.187.238

172.217.169.46

142.250.180.14

216.58.212.206
8.8.8.8:53

googleads.g.doubleclick.net

dns

IEXPLORE.EXE

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

216.58.212.226
8.8.8.8:53

static.doubleclick.net

dns

IEXPLORE.EXE

68 B
84 B
1
1

DNS Request

static.doubleclick.net

DNS Response

142.250.187.230
8.8.8.8:53

jnn-pa.googleapis.com

dns

IEXPLORE.EXE

67 B
275 B
1
1

DNS Request

jnn-pa.googleapis.com

DNS Response

216.58.201.106

142.250.200.42

142.250.187.202

172.217.16.234

216.58.212.202

142.250.200.10

172.217.169.74

142.250.187.234

172.217.169.42

142.250.179.234

142.250.180.10

142.250.178.10

216.58.204.74
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.192.26.94
8.8.8.8:53

crl.microsoft.com

dns

63 B
162 B
1
1

DNS Request

crl.microsoft.com

DNS Response

2.19.117.22

2.19.117.18
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

72.247.166.29
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

72.247.166.29

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
d89dcd087a4a3babada524bd01929ed1

SHA1
81dcdae80c6ecb7b7f4e15b2a7641b98e8e2ecb4

SHA256
b881f1b3d963baf6189264b47db0dda26f8e020b0d54e160dd8a30ba1101d6bb

SHA512
0c06307ef3188c736ea055f8b817c21264fbb09c9a4430095d8976be1499cde77057c9ad365352ca469a9dc869ccf617dbb29bb859190b09b2a2dd40704e65b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_252B35A0C9E78A87AECDDBB68FF7B1F0

Filesize
472B

MD5
1ac4b8399602b21a9623d68fbc3ee204

SHA1
f52d9e08e146da469650b03ce4c40c7d710d22d4

SHA256
8c46be4c3f15d73ed0e6b3f87b35cf0453526161b8f95d8d7cc968eb4c22a185

SHA512
93c63ad44efe459221888810318c2a3a93211b91a1cd1fb5ccbfc72ba512cd114208550437367b4037074bfcb74f4e18a916163df7e08d72afe25d5b7f751316

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
005d6936e4c8227d88a8a5b773f13131

SHA1
db3619ce01d1d1634980fcbabb1ae2508295cf64

SHA256
325cc07cf0d9cf0940fe9d38f4651d463bd869b4253cf64b8ba6d9ee6ef03759

SHA512
c62e8560d035ad2fe92f84b183926287c7f3b6a683458244ead52a71fb7f3a997860169eb7d11e47f9b40a56917741ba4fc6597b22806ef89b7f05aef966e1fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
0052f6abfa2f9ef47387c32951a14b2e

SHA1
fb9a931fb406e0c7767afbcceb9a026c41c46005

SHA256
e85d0226b1c54408f42021d0151e9d62a48adc865f9228c6cd6238e4f78581b2

SHA512
fd6fa6aad0b43bcd4bf9af08ae2be6e95c0257572bbd79244157f8a98694e2c9ad1d32bd258a6cbf94e77f3cd210c92ccc4b20f600333cdd4dbe59a4feb7a4c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
8309b16b47aeff9f907e991e7b781e3b

SHA1
16d06eb49ab5cc1d1c87102263d430105d746a3c

SHA256
309d03b885a780ed4f637e57863e1f0cf7981719107783ffdf982353b129a2e8

SHA512
7e6b651535993e9e9d4b83e13b06821346614a7b7c1fd82b88ccdbf90ea0767f997e443112924482d907132ac8b7ec5c48995524c0b1fe3394425c7ac4d81fe2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00110bacf04cac6fa683b8af08a88159

SHA1
a03afeca6061d72641dd56cd15bba767d9793a7d

SHA256
adabd615a36b68d7037493422f8dc9a53adf8d730ef2bcf68e86d743475453f5

SHA512
658cb21a2da6c1faa4287a74eef26d6107f31d41b0f7598975431a23b2dad7abfda602311b72896bf58705365053fe88bbac50c8f3c3f3ec91ca003106f01c29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb557a6e0f662c0308db8f9691e7bad6

SHA1
12322f34c4ba7f56db05c56b35fe8ba5ca941be7

SHA256
28670f87310e7f97fa7d220bf3d03a55f532866d8df10f69d721175b5211856f

SHA512
6457df50ec0e6d4431511aba1e375c6d74d861ef19cadca8d60255c8dd76c307922d223ad400fba4263dcd4dc07aaeadf8ab46343aa1b8ffd5dc21d83c8ef6c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38c267830442baaf13597ff5a97aaace

SHA1
84d8255f2048ac922ec30708e14ab32302f5442d

SHA256
ab25d8bf9f5d83131d3a0f2b7b70c89ca4f475505f899c32c9cea3b81018162f

SHA512
7de7419562bfe2a78a329e703c003199b48e88b2247f7fb47e11b90168c87e7eaa112f0e584bb149bece11df2c4ea471a95f7a1ef72f042827dcfa71f53d5081

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
454d1804436be399f1b5b91394c73055

SHA1
e7ce1b2b8a9abbc9597925e40501bda6a05466aa

SHA256
e05ee37baf968d4e62da5f13d16ef1b6329a1ef61298c7f5d910aa1c7d5a7566

SHA512
525ec50cb7159b759285d09d1ae37e77a320ea6930e7ae694aefdd75f90833aa63163c9afe77896c850041c9425b623edd489bc4534792e29dd4ecf4eef7e2e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a92424aafad2091490ba6a134470455a

SHA1
21801814c3f10cddc1801bd11e076e2acdceeba7

SHA256
761818630593ebdb0c2fe49e2cc6d1ab76a8da2091d945897d033417a33820c1

SHA512
33a9e3fd17d962b7b89aec14f9e57cde0695b1855a04d8cb652ee6041189b4d2025b14216fed9c0ed5f6333f68e66efdf88e78dfd951620845967a8883bd7d9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bcfbbcd47a2edebc9d955ec8cb8ee431

SHA1
4d7d32967bcadff27c7a66bdbc58a75c75e238d5

SHA256
866f5e1bd7c62e4426baa7682eee4d407c1f2b71c8cad9f98636fe2304eb88db

SHA512
2821b8e2d328f30992fe8634596310972db4d8b6ee182de36d52e1b0b0040c7b2cdec376ef843dad2218be4185229705f8743a69f734722965925b0c70605af2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d2755731f882c771abdeb2340dd97179

SHA1
688a846e4ecccf40e55049b18ceb8f7aa9e226e0

SHA256
f654bed48fb08d3d255c038a776b839629dbab09794bcea8bacc4ddb2ffc18a1

SHA512
c5cc9f181b648a0fa775dd3aa141053a8f96880eeda3da2c10c659128ecfb88a84bd4ae59f7754f5a54d704ae003ca8fa808451bc97581f4f85cfafb6701b549

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7416c1797f706e135ee3f1b16b0b1ece

SHA1
3eff5d7a256ca8531bb7d585cba770330521e736

SHA256
bbf2b9872732f63a441a52bbe8fdb790eac004c61fa955a9f289d6aea49f8608

SHA512
ff3de65749a6109e0b6f296eee3694e870925ea53cb66484da62e1bcf6f8cb7fdd94e64dd626b77789d2c2cd6c46d1fb88a68f300c87a2e9230d9f3b3afdf729

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b616126a553f0beaaa0abf1042e120d

SHA1
02f7630e5d48dcc205663f37246dd982a30a373b

SHA256
787f5c3e4ac2d410632366252190cba09a4bf82a6f5369a0c585bbcdd09965e5

SHA512
60f34e4b9db6943949ad19f43684c694c740cc312f1ccac82f6a4c8de345c6497b8a324b9fd432f97cdda46f30372504a95b24420755dce1cee77b3009f5d624

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b90bdf4454016f3bd1503fdeda173cb8

SHA1
0d0e169208eb0d1721fddf196098e082eec4897a

SHA256
1dfac07b0b2c46701a54c134ece8915e23281e0fb8daf5bce58e27fec7ff60fa

SHA512
7bd79d4340d56bc51f22b9f70682436aeba94ccad0c021d5dd1acd3bb084ab225f4172f505308aa7bf1aead35e9ce4a189fb8d15c3d2f6325f5fd0d1b9dc9ade

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f657e2a7be488a3533eb04ba0f919599

SHA1
0c6fc53cd246fd0e176a5aa23e99a0eb2e9e9627

SHA256
d5c252bbcc83eeefa6f5e8c2b16b069f1a014a28e7cf287d675fee77c206955c

SHA512
e71d600f4b9cd25ca637d77f4d99eab83e3147288b7eb3f92ef0efdc8ffcebbd6b30164699efc8e4431a6b33c762634bb0cd1c70b57272ccfde0c65c85c7b982

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80f275f5f68425c97a909d24b1ce1350

SHA1
5fe49bb0c5c13141e61b4c0cd1545c52de03b6eb

SHA256
cdcccfcdd187c395259ce846855ded0f375a06b9bc719f1aafda0c95ecb11494

SHA512
97e2ebf64e38c8020a417e2f3c97b1238a202d3a1fe7697d933c15b00cf46a39f2e050321d0344d96341c1f85cb29e7c2e37e7d9a53dd8339c9102b3a9f404ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eeb4406b5074791c6a14f577bf82e2aa

SHA1
1ac50efa02901bf74b37e7110e6c86ff58d18859

SHA256
938991701a6233cee0d9c7c869633b073d0038fa622aedbb14062283e8c51c24

SHA512
50668c2a7a0376c01ded162a6a3cbc30ef90736866bd65fbdbafb6bc8ce22866462d3ff1f94cf220a2c1e63e976a65d9a101e1d1a0ac482cd97900eb3eb4728d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
943726d0dd28616d3d4566b64003cca2

SHA1
98bd7b3a0b66c9cb8d26dc9416e75a574b50a356

SHA256
538c3a6c8040ccbda7c1752ff8f17b2f304701ea2055398db165dbbf4f4cb953

SHA512
4f09ade2ab07966265008ebf27941d5044cbda396522be2b92d55cce86101bfbf1a73069846d8afffd8436f5d9153c76cc0023084b831dafdb0a0e0adb263f11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f22c25fbbcc59903b4d83b906ac691b6

SHA1
2073573ea8bcb8b1eb2c8d40db5cfd49bd5d30b2

SHA256
72116dd737a9fd735044306b42fc8d45ba753fbe55bd22982c89a33e21770cc9

SHA512
8697f7c769e7b4b0e87d1906401917a065c753b0f4405b69712e0e9eb1d68f615b546c7205b63131b09f91fbc07da0b78677698bf89a67eef15154a108fd8b11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a92d347c26ddea31ab23a0467ca71a4

SHA1
bd3c2d793ddc16a0fac09ac0fa190c573e5c2754

SHA256
b3a66cfd2b0c1593a5460be58f1bf16de663cd01a80d54e44ebcfe91a26bb0c9

SHA512
b0e0f9456635cd217e8a404d33c8f79584217c7e3271cb37a4dd998b9ab12ef8b7f3cee99a8bd98ca1e5bf98c75f4814f3b7d1615897056ad4c119740361aa51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc0d2a432aee587b2cab80d9b173915d

SHA1
b7cc6e1b83b0f413153d4fce440ef5b9912619af

SHA256
6aeefc5d3b193b849c055c45340d2e49ef720714c9d9fbee6614568a90b9bbb3

SHA512
cc78e90432a41440721ad7cdf276f3c35cd426a7672c3b885a1d80a2b56ef3d3160fadc1bd3a72008fb388b569bdb72fc76aa2dc3bb392f280a4c6b0251bc9ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a387f40301c3d13d161e9d69c0d5f04

SHA1
393e0315557b4aa94d47b4764e8aed266e844c0a

SHA256
031b430fb6d3bd882cf62f5970a9ee7b6d4d64aa3cab740eb02c95cbcb6100b5

SHA512
1c4597d0b08bff1d990267fb2fc3ce2094c13c83c494126726c665192031a7ee8ff0031133ba4ef3e24f8f283428f900f231e1c59a5e1f022932b2ec04c68186

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5360b5d407b4ffde211947bbfcdb0a8

SHA1
b37bc80db966feaad7ad6a11b70880577c37a69f

SHA256
2625ac31b5d7446ed9702399af47a85f7532a2c6a7263b393635bd80c04725bf

SHA512
db8ac861af4b0d14bb4bfe5f5838d8f081e08e4b14b3ab084e50b75ea3c084b9940ba27e00bfacaefcd4e3dfda8998a4c6cc2818a91bc4a12beee534fdb6d6ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_252B35A0C9E78A87AECDDBB68FF7B1F0

Filesize
398B

MD5
5ce090e9cbfe0e0ef67d925989c06c7e

SHA1
ddf46602b33a1f11125fee01b2df2cac26efc24f

SHA256
929203c6445095ba24f3093f47aeac6b468af6a1d4130571b89017064ce2abc5

SHA512
2e8cd0fe70bf1bfde3bc4251b199a92f69e289177664b455a8d5bf07eb2d9051418fb7bef6e729a9d9ff8615a88a503398f7b3344b828d64fc48f76505a3fc6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
bed634262e48f900cd308f269fbe94fa

SHA1
1b879e6ce2f05f6be65e486fc3611c83ab542850

SHA256
2daef6db69c7bb2138f6831263e304e4287496fc70ccdc750762b60d94c822bc

SHA512
d2b65da99b5b99ccdf061cc80b318413e6e007d6cd4f0e4b0d0ab606135f58c01f3e0290b0e54819f1e8f48165b64c51ba35a3c7dafea485689db426b2590a10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S95FXXFL\www.youtube[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S95FXXFL\www.youtube[1].xml

Filesize
229B

MD5
774a7b3efd937660a9d1f541c0df446f

SHA1
efc9cdc94a0161ccafca97adfa69a1c4052b2bf8

SHA256
dbdfe9a00fbcfd8684f95e8c484c20fecd724e8a240ed5520b9721d10bebac32

SHA512
4590cc655c22e0522761cfe95acac18d507ddf1030fe6fe5b040505af259c3f84f128ab304c97637f3528cc8e78c062288aa071cf71242f3720649fbac062e00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S95FXXFL\www.youtube[1].xml

Filesize
402B

MD5
4dcace0f89f85e4f1b43ef673b8dfad8

SHA1
90747f04eac32182b424ccdbe5f2c4ca5f8ecfdb

SHA256
aa8f2c70bc999eefe88ce50d6a7de5b7f9416768c1e0b0a8555136af451420c3

SHA512
ba3371f5dbcd7b033882edefcbef2b15e5fbdebdc4e950e5f35541f6dee1632d0f2c1b2245732afec47cdbd09e151e8c2d820e2e4ea055c12eccd753729bff81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S95FXXFL\www.youtube[1].xml

Filesize
17KB

MD5
de02c78606f54163bc6877baf8dc5ce7

SHA1
79f71f8573d421693c18e6219a5db73b681907d8

SHA256
a27166f39569fa3355d7707b21a56a729e5af471f549a63e32700f982e01b76c

SHA512
59e6448e41891fd42a76170c25ba23ae3596e96f2d83cb306b85c328b53f035e9829ae0dc8ae10b8c51ac482ef7f5b2ff896ce8de0430b7c9713f23465ff8d80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S95FXXFL\www.youtube[1].xml

Filesize
578B

MD5
073f25044c72419fba97122adb0a34cb

SHA1
a3e92798416b09361692809202c8665d7820a1ed

SHA256
9a0b919a81d18fc1891da4673dac8285df5663c0c5ccd2bf3450fb3b6d8e07cf

SHA512
691710d7bba1363a1f8623643db4499067c9f2f3c8d5f24ca123eabe2045696e6eababded5b8e5d6bfbead07c7f2362234a0a1b99403004011ea5c8d9763f986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S95FXXFL\www.youtube[1].xml

Filesize
578B

MD5
e67b404a7617f7aa422644c3f082abd1

SHA1
eff625143a8818f8553ae42a35203f763122b97f

SHA256
3c2fb60d0fdef62099a0f6211749b8aac6bc2ecc91785bcd53817438c302aea0

SHA512
1723e77db19e23490735a2f4c7f8e7e2a39d8c30bbc8fbab18a6d1f6ddbc9e6bbbaac30abf9377976c6ea1a370a81c0cddb6897322a6180a0bafddb86d2322fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S95FXXFL\www.youtube[1].xml

Filesize
578B

MD5
cb00ede9ff46b65dc915fd5590db90b7

SHA1
d5dcd10aaf76b4634f05746dbd85097e9e5bc4b5

SHA256
37b7922723d88990e5f43bd66debc1d6e2c88a3564583581bb9461adbdd92dcd

SHA512
f3b859b78d944dac7eebe5a116b9fb5590b05032814a93af2968b3fd3e466b853be302b8360b257c563f5bcdd586626e2d80061b0842273d4ca8fbd9271857eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S95FXXFL\www.youtube[1].xml

Filesize
578B

MD5
fca2b26a55b57ab5913c76bcd9aa0a60

SHA1
3c9f588a6db64cfcba250c9159c401103079c8ea

SHA256
0fbd3137365a86af13d680048df029786c4114dd8a2c8a5d92956b043be4e2c9

SHA512
9e449a5f70518b685dd3c78705ee03599eed112ff96ccb3eec24e94b65ed9035a8734ddf65bffea94faaebe3de9d517690c56b95c2a5d0d9988f0e0b15afa3a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S95FXXFL\www.youtube[1].xml

Filesize
578B

MD5
6032bb8f38a476a4aa5c068376f859bd

SHA1
f7d8c45779d072e5a0cc3babc244c338a44d4a67

SHA256
973ce79a288e4095cfee2249e5b01ff04af2551f0d904a35d5a49631481cb2e2

SHA512
1cb4e8e63130b4d6d66d3b722ca8cfa715c684e11c375dbe859e5872b75e3523c0d00270d2c4d4352f16f34204ed5ea4ce7d8a9cbffce7cf5fa203358616aced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S95FXXFL\www.youtube[1].xml

Filesize
578B

MD5
462537999b955141f9c38e4fddb53c1c

SHA1
dd586658fb2dd9beb72a0456e6c5983f2b4dc4c1

SHA256
dfa47a5a6b73a8eb67eef35dbabfa0eea78e9a68398939bc7ed03b6d37981121

SHA512
393edcd4c421a17397c76eb8df2d87c5fd6ff76ee4b01eff29957da893ab26e6e67a9072ed633d4980a56383390c75f18b62245e2c85532a22a816582abeb68b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S95FXXFL\www.youtube[1].xml

Filesize
578B

MD5
967c5c6e2733fa64f97b4a543d28ab1f

SHA1
dac190dc818a9982e5f0ed9b1003deba2e69d898

SHA256
3c52763f638bab1e87a9cad8598025cb063bd7adee001994b05ff9f697a9c72a

SHA512
78c75087b8f7ec4940ccaf8d1ac88fd4ae52f5fc86cad40b324a69a86f0a8ef7a1d0845112ca47c75171c2eedc35ac3a5ed5c85f47833151e911212744a213bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE0FF.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE100.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request