Submitted URL: https://watch4sell.com/oum.php
Effective URL: https://www.gulfxs.com/wp-includes/certificates/idkbank/
Submission: On March 25 via api from US

Summary

This website contacted 12 IPs in 4 countries across 9 domains to perform 44 HTTP transactions. The main IP is 198.23.59.167, located in United States and belongs to STEADFAST, US. The main domain is www.gulfxs.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 12th 2021. Valid for: 3 months.
This is the only time www.gulfxs.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Raiffeisen Bank (Banking)

Domain & IP information

Domain Requested by
11 www.gulfxs.com www.gulfxs.com
9 www.youtube.com www.gulfxs.com
www.youtube.com
8 online.rbb.bg www.gulfxs.com
online.rbb.bg
2 googleads.g.doubleclick.net 1 redirects www.youtube.com
2 fonts.gstatic.com www.youtube.com
1 www.gstatic.com www.youtube.com
1 i.ytimg.com www.youtube.com
1 yt3.ggpht.com www.youtube.com
1 www.google.com www.youtube.com
1 static.doubleclick.net www.youtube.com
1 watch4sell.com 1 redirects
44 11
Subject Issuer Validity Valid
gulfxs.com
cPanel, Inc. Certification Authority
2021-03-12 -
2021-06-10
3 months crt.sh
online.rbb.bg
Sectigo RSA Extended Validation Secure Server CA
2020-04-15 -
2022-04-15
2 years crt.sh
*.google.com
GTS CA 1O1
2021-03-11 -
2021-06-03
3 months crt.sh
*.gstatic.com
GTS CA 1O1
2021-02-23 -
2021-05-18
3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1
2021-03-11 -
2021-06-03
3 months crt.sh
*.doubleclick.net
GTS CA 1O1
2021-03-11 -
2021-06-03
3 months crt.sh
www.google.com
GTS CA 1O1
2021-03-11 -
2021-06-03
3 months crt.sh
*.googleusercontent.com
GTS CA 1O1
2021-02-23 -
2021-05-18
3 months crt.sh
edgestatic.com
GTS CA 1O1
2021-02-23 -
2021-05-18
3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.gulfxs.com/wp-includes/certificates/idkbank/
Frame ID: 71E1CC8D1D650AE44D5D942BC6A8F1A4
Requests: 27 HTTP requests in this frame

Frame: https://www.youtube.com/embed/1Wh2xI03Tgs
Frame ID: 58BCE63EF6775CF7F4B67F0DE82AD05B
Requests: 18 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://watch4sell.com/oum.php HTTP 302
    https://www.gulfxs.com/wp-includes/certificates/idkbank/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Overall confidence: 100%
Detected patterns
  • script /require.*\.js/i

Page Statistics

44
Requests

82 %
HTTPS

77 %
IPv6

9
Domains

11
Subdomains

12
IPs

4
Countries

1250 kB
Transfer

3358 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://watch4sell.com/oum.php HTTP 302
    https://www.gulfxs.com/wp-includes/certificates/idkbank/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 32
  • https://googleads.g.doubleclick.net/pagead/id HTTP 302
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

44 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.gulfxs.com/wp-includes/certificates/idkbank/
Redirect Chain
  • https://watch4sell.com/oum.php
  • https://www.gulfxs.com/wp-includes/certificates/idkbank/
37 KB
38 KB
Document
General
Full URL
https://www.gulfxs.com/wp-includes/certificates/idkbank/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.23.59.167 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
fajrtechguys.com
Software
Apache / PHP/5.6.40
Resource Hash
c2855cefb7e8c6c29bf546fcc5c022efe6e9fda9c10f19d74dbb6d9b9ebe59ea

Request headers

:method
GET
:authority
www.gulfxs.com
:scheme
https
:path
/wp-includes/certificates/idkbank/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Thu, 25 Mar 2021 16:59:58 GMT
server
Apache
x-powered-by
PHP/5.6.40
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
set-cookie
PHPSESSID=tlnf5uf1l7npgd3p885ssmv8n0; path=/
content-type
text/html; charset=UTF-8

Redirect headers

Date
Thu, 25 Mar 2021 16:59:46 GMT
Server
Apache
X-Powered-By
PHP/7.3.11
Location
https://www.gulfxs.com/wp-includes/certificates/idkbank/
Content-Length
0
Keep-Alive
timeout=5, max=20
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
smartbanner.min.css
online.rbb.bg/Content/css/smartbanner/
12 KB
4 KB
Stylesheet
General
Full URL
https://online.rbb.bg/Content/css/smartbanner/smartbanner.min.css
Requested by
Host: www.gulfxs.com
URL: https://www.gulfxs.com/wp-includes/certificates/idkbank/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
194.48.206.22 , Bulgaria, ASN44396 (RBB-, BG),
Reverse DNS
online.rbb.bg
Software
/
Resource Hash
1af1054fde4c9fa4ab8cd305fb5d88dda8124e214556b1338bfbb0a5b762cb75
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.gulfxs.com/
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

strict-transport-security
max-age=31536000;includeSubDomains
content-encoding
gzip
vary
Accept-Encoding
last-modified
Fri, 12 Feb 2021 10:04:16 GMT
server
etag
"090d16b261d71:0"
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=1200
date
Thu, 25 Mar 2021 16:59:59 GMT
accept-ranges
bytes
content-length
3900
style.min.css
online.rbb.bg/Content/css/
563 KB
67 KB
Stylesheet
General
Full URL
https://online.rbb.bg/Content/css/style.min.css
Requested by
Host: www.gulfxs.com
URL: https://www.gulfxs.com/wp-includes/certificates/idkbank/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
194.48.206.22 , Bulgaria, ASN44396 (RBB-, BG),
Reverse DNS
online.rbb.bg
Software
/
Resource Hash
5a95a6473130a7f166440a4008d265278e3af71adffe6bbe32230148ef543886
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.gulfxs.com/
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

strict-transport-security
max-age=31536000;includeSubDomains
content-encoding
gzip
vary
Accept-Encoding
last-modified
Fri, 12 Feb 2021 10:07:10 GMT
server
etag
"0db87d3261d71:0"
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=1200
date
Thu, 25 Mar 2021 16:59:59 GMT
accept-ranges
bytes
content-length
68181
require.js
www.gulfxs.com/Scripts/libs/
0
0
Script
General
Full URL
https://www.gulfxs.com/Scripts/libs/require.js
Requested by
Host: www.gulfxs.com
URL: https://www.gulfxs.com/wp-includes/certificates/idkbank/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.23.59.167 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
fajrtechguys.com
Software
Apache / PHP/5.6.40
Resource Hash

Request headers

Referer
https://www.gulfxs.com/wp-includes/certificates/idkbank/
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Thu, 25 Mar 2021 16:59:59 GMT
cache-control
no-cache, must-revalidate, max-age=0
expires
Wed, 11 Jan 1984 05:00:00 GMT
server
Apache
x-powered-by
PHP/5.6.40
link
<https://www.gulfxs.com/wp-json/>; rel="https://api.w.org/"
content-type
text/html; charset=UTF-8
promise.js
www.gulfxs.com/Scripts/libs/
0
0
Script
General
Full URL
https://www.gulfxs.com/Scripts/libs/promise.js
Requested by
Host: www.gulfxs.com
URL: https://www.gulfxs.com/wp-includes/certificates/idkbank/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.23.59.167 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
fajrtechguys.com
Software
Apache / PHP/5.6.40
Resource Hash

Request headers

Referer
https://www.gulfxs.com/wp-includes/certificates/idkbank/
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Thu, 25 Mar 2021 16:59:59 GMT
cache-control
no-cache, must-revalidate, max-age=0
expires
Wed, 11 Jan 1984 05:00:00 GMT
server
Apache
x-powered-by
PHP/5.6.40
link
<https://www.gulfxs.com/wp-json/>; rel="https://api.w.org/"
content-type
text/html; charset=UTF-8
smartbanner.min.js
www.gulfxs.com/Scripts/libs/
0
0
Script
General
Full URL
https://www.gulfxs.com/Scripts/libs/smartbanner.min.js
Requested by
Host: www.gulfxs.com
URL: https://www.gulfxs.com/wp-includes/certificates/idkbank/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.23.59.167 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
fajrtechguys.com
Software
Apache / PHP/5.6.40
Resource Hash

Request headers

Referer
https://www.gulfxs.com/wp-includes/certificates/idkbank/
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Thu, 25 Mar 2021 16:59:59 GMT
cache-control
no-cache, must-revalidate, max-age=0
expires
Wed, 11 Jan 1984 05:00:00 GMT
server
Apache
x-powered-by
PHP/5.6.40
link
<https://www.gulfxs.com/wp-json/>; rel="https://api.w.org/"
content-type
text/html; charset=UTF-8
fb.png
www.gulfxs.com/Content/images/
44 KB
44 KB
Image
General
Full URL
https://www.gulfxs.com/Content/images/fb.png
Requested by
Host: www.gulfxs.com
URL: https://www.gulfxs.com/wp-includes/certificates/idkbank/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.23.59.167 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
fajrtechguys.com
Software
Apache / PHP/5.6.40
Resource Hash
024f472b5e2bbcd3fb3c37358806810a206f82aa7a0dba99d3a30a5e03ce9ccc

Request headers

Referer
https://www.gulfxs.com/wp-includes/certificates/idkbank/
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Thu, 25 Mar 2021 17:00:01 GMT
cache-control
no-cache, must-revalidate, max-age=0
expires
Wed, 11 Jan 1984 05:00:00 GMT
server
Apache
x-powered-by
PHP/5.6.40
link
<https://www.gulfxs.com/wp-json/>; rel="https://api.w.org/"
content-type
text/html; charset=UTF-8
youtube.png
www.gulfxs.com/Content/images/
44 KB
44 KB
Image
General
Full URL
https://www.gulfxs.com/Content/images/youtube.png
Requested by
Host: www.gulfxs.com
URL: https://www.gulfxs.com/wp-includes/certificates/idkbank/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.23.59.167 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
fajrtechguys.com
Software
Apache / PHP/5.6.40
Resource Hash
024f472b5e2bbcd3fb3c37358806810a206f82aa7a0dba99d3a30a5e03ce9ccc

Request headers

Referer
https://www.gulfxs.com/wp-includes/certificates/idkbank/
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Thu, 25 Mar 2021 17:00:01 GMT
cache-control
no-cache, must-revalidate, max-age=0
expires
Wed, 11 Jan 1984 05:00:00 GMT
server
Apache
x-powered-by
PHP/5.6.40
link
<https://www.gulfxs.com/wp-json/>; rel="https://api.w.org/"
content-type
text/html; charset=UTF-8
linkedin.png
www.gulfxs.com/Content/images/
44 KB
44 KB
Image
General
Full URL
https://www.gulfxs.com/Content/images/linkedin.png
Requested by
Host: www.gulfxs.com
URL: https://www.gulfxs.com/wp-includes/certificates/idkbank/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.23.59.167 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
fajrtechguys.com
Software
Apache / PHP/5.6.40
Resource Hash
024f472b5e2bbcd3fb3c37358806810a206f82aa7a0dba99d3a30a5e03ce9ccc

Request headers

Referer
https://www.gulfxs.com/wp-includes/certificates/idkbank/
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Thu, 25 Mar 2021 17:00:01 GMT
cache-control
no-cache, must-revalidate, max-age=0
expires
Wed, 11 Jan 1984 05:00:00 GMT
server
Apache
x-powered-by
PHP/5.6.40
link
<https://www.gulfxs.com/wp-json/>; rel="https://api.w.org/"
content-type
text/html; charset=UTF-8
twitter.png
www.gulfxs.com/Content/images/
10 KB
10 KB
Image
General
Full URL
https://www.gulfxs.com/Content/images/twitter.png
Requested by
Host: www.gulfxs.com
URL: https://www.gulfxs.com/wp-includes/certificates/idkbank/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.23.59.167 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
fajrtechguys.com
Software
Apache / PHP/5.6.40
Resource Hash
b3d3224be7e87dc55749502732ba5ad5b85128bd21a60ead42aa0d5b805817d7

Request headers

Referer
https://www.gulfxs.com/wp-includes/certificates/idkbank/
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Thu, 25 Mar 2021 17:00:01 GMT
cache-control
no-cache, must-revalidate, max-age=0
expires
Wed, 11 Jan 1984 05:00:00 GMT
server
Apache
x-powered-by
PHP/5.6.40
link
<https://www.gulfxs.com/wp-json/>; rel="https://api.w.org/"
content-type
text/html; charset=UTF-8
instagram.png
www.gulfxs.com/Content/images/
9 KB
9 KB
Image
General
Full URL
https://www.gulfxs.com/Content/images/instagram.png
Requested by
Host: www.gulfxs.com
URL: https://www.gulfxs.com/wp-includes/certificates/idkbank/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.23.59.167 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
fajrtechguys.com
Software
Apache / PHP/5.6.40
Resource Hash
83076093eef62bdd7f942250b7c798e62478266f3286f53c3dbdb57a4efc2d26

Request headers

Referer
https://www.gulfxs.com/wp-includes/certificates/idkbank/
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Thu, 25 Mar 2021 17:00:01 GMT
cache-control
no-cache, must-revalidate, max-age=0
expires
Wed, 11 Jan 1984 05:00:00 GMT
server
Apache
x-powered-by
PHP/5.6.40
link
<https://www.gulfxs.com/wp-json/>; rel="https://api.w.org/"
content-type
text/html; charset=UTF-8
viber.png
www.gulfxs.com/Content/images/
44 KB
44 KB
Image
General
Full URL
https://www.gulfxs.com/Content/images/viber.png
Requested by
Host: www.gulfxs.com
URL: https://www.gulfxs.com/wp-includes/certificates/idkbank/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.23.59.167 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
fajrtechguys.com
Software
Apache / PHP/5.6.40
Resource Hash
024f472b5e2bbcd3fb3c37358806810a206f82aa7a0dba99d3a30a5e03ce9ccc

Request headers

Referer
https://www.gulfxs.com/wp-includes/certificates/idkbank/
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Thu, 25 Mar 2021 17:00:01 GMT
cache-control
no-cache, must-revalidate, max-age=0
expires
Wed, 11 Jan 1984 05:00:00 GMT
server
Apache
x-powered-by
PHP/5.6.40
link
<https://www.gulfxs.com/wp-json/>; rel="https://api.w.org/"
content-type
text/html; charset=UTF-8
rbb-blog.png
www.gulfxs.com/Content/images/
11 KB
11 KB
Image
General
Full URL
https://www.gulfxs.com/Content/images/rbb-blog.png
Requested by
Host: www.gulfxs.com
URL: https://www.gulfxs.com/wp-includes/certificates/idkbank/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.23.59.167 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
fajrtechguys.com
Software
Apache / PHP/5.6.40
Resource Hash
5d3d9b84177c0d0ef12e7e1e01ac96ba5db052f972e816d0276e69f2c17ee6ae

Request headers

Referer
https://www.gulfxs.com/wp-includes/certificates/idkbank/
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Thu, 25 Mar 2021 17:00:05 GMT
cache-control
no-cache, must-revalidate, max-age=0
expires
Wed, 11 Jan 1984 05:00:00 GMT
server
Apache
x-powered-by
PHP/5.6.40
link
<https://www.gulfxs.com/wp-json/>; rel="https://api.w.org/"
content-type
text/html; charset=UTF-8
1Wh2xI03Tgs
www.youtube.com/embed/ Frame 58BC
51 KB
22 KB
Document
General
Full URL
https://www.youtube.com/embed/1Wh2xI03Tgs
Requested by
Host: www.gulfxs.com
URL: https://www.gulfxs.com/wp-includes/certificates/idkbank/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
61d36005a5c2101a9f6cf19ad60dfa6c4b29fa0b9d7ff87018c50ab37ee6a11b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.youtube.com
:scheme
https
:path
/embed/1Wh2xI03Tgs
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.gulfxs.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36
Referer
https://www.gulfxs.com/

Response headers

content-type
text/html; charset=utf-8
x-content-type-options
nosniff
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Thu, 25 Mar 2021 17:00:01 GMT
strict-transport-security
max-age=31536000
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding
br
server
ESF
x-xss-protection
0
set-cookie
YSC=g3wupYOiHEQ; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none VISITOR_INFO1_LIVE=JofxVBdlbes; Domain=.youtube.com; Expires=Tue, 21-Sep-2021 17:00:01 GMT; Path=/; Secure; HttpOnly; SameSite=none CONSENT=PENDING+681; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
bg-body.png
online.rbb.bg/Content/images/
3 KB
4 KB
Image
General
Full URL
https://online.rbb.bg/Content/images/bg-body.png
Requested by
Host: online.rbb.bg
URL: https://online.rbb.bg/Content/css/style.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
194.48.206.22 , Bulgaria, ASN44396 (RBB-, BG),
Reverse DNS
online.rbb.bg
Software
/
Resource Hash
ba74790b1e9670ae6429a7cf9f8949d51e042dfa3d2a43f34e779ee3954330eb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://online.rbb.bg/Content/css/style.min.css
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

strict-transport-security
max-age=31536000;includeSubDomains
last-modified
Fri, 12 Feb 2021 10:04:16 GMT
server
etag
"090d16b261d71:0"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=1200
date
Thu, 25 Mar 2021 17:00:00 GMT
accept-ranges
bytes
content-length
3536
logo-rbb-white-bg.svg
online.rbb.bg/Content/svg/
10 KB
4 KB
Image
General
Full URL
https://online.rbb.bg/Content/svg/logo-rbb-white-bg.svg
Requested by
Host: online.rbb.bg
URL: https://online.rbb.bg/Content/css/style.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
194.48.206.22 , Bulgaria, ASN44396 (RBB-, BG),
Reverse DNS
online.rbb.bg
Software
/
Resource Hash
89dff036ab45ec3efd6e551ab3679501670c50882bcb04e3aefbc787983773b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://online.rbb.bg/Content/css/style.min.css
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

strict-transport-security
max-age=31536000;includeSubDomains
content-encoding
gzip
vary
Accept-Encoding
last-modified
Fri, 12 Feb 2021 10:04:16 GMT
server
etag
"090d16b261d71:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=1200
date
Thu, 25 Mar 2021 17:00:00 GMT
accept-ranges
bytes
content-length
4191
RBB_1920x498_site_banner.jpg
online.rbb.bg/Content/images/
148 KB
149 KB
Image
General
Full URL
https://online.rbb.bg/Content/images/RBB_1920x498_site_banner.jpg
Requested by
Host: online.rbb.bg
URL: https://online.rbb.bg/Content/css/style.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
194.48.206.22 , Bulgaria, ASN44396 (RBB-, BG),
Reverse DNS
online.rbb.bg
Software
/
Resource Hash
6d80dfe07d24a3d6be3c36cf7b4f5b954ae99c49668e4c00e9c4c9598d98ad44
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://online.rbb.bg/Content/css/style.min.css
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

strict-transport-security
max-age=31536000;includeSubDomains
last-modified
Fri, 12 Feb 2021 10:04:16 GMT
server
etag
"090d16b261d71:0"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=1200
date
Thu, 25 Mar 2021 17:00:00 GMT
accept-ranges
bytes
content-length
152034
326381_1_0.woff
online.rbb.bg/Content/fonts/webfonts/
0
0

FuturaPT-Medium.woff
online.rbb.bg/Content/fonts/webfonts/
0
0

326381_0_0.woff
online.rbb.bg/Content/fonts/webfonts/
0
0

iconset-rbb.ttf
online.rbb.bg/Content/fonts/iconset-rbb//
0
0

mobileApp.png
online.rbb.bg/Content/images/
9 KB
9 KB
Image
General
Full URL
https://online.rbb.bg/Content/images/mobileApp.png
Requested by
Host: online.rbb.bg
URL: https://online.rbb.bg/Content/css/style.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
194.48.206.22 , Bulgaria, ASN44396 (RBB-, BG),
Reverse DNS
online.rbb.bg
Software
/
Resource Hash
b2b769bc93904f1ed851dd0c266c5a14ae9fca670ec9cc39fa00065286fb1ae4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://online.rbb.bg/Content/css/style.min.css
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

strict-transport-security
max-age=31536000;includeSubDomains
last-modified
Fri, 12 Feb 2021 10:04:16 GMT
server
etag
"090d16b261d71:0"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=1200
date
Thu, 25 Mar 2021 17:00:00 GMT
accept-ranges
bytes
content-length
9051
app-store-bg.png
online.rbb.bg/Content/images/
3 KB
3 KB
Image
General
Full URL
https://online.rbb.bg/Content/images/app-store-bg.png
Requested by
Host: online.rbb.bg
URL: https://online.rbb.bg/Content/css/style.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
194.48.206.22 , Bulgaria, ASN44396 (RBB-, BG),
Reverse DNS
online.rbb.bg
Software
/
Resource Hash
5c95c6c1193ef4afdf14770fe02d2f008be731d477b38ad44e3a497241984696
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://online.rbb.bg/Content/css/style.min.css
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

strict-transport-security
max-age=31536000;includeSubDomains
last-modified
Fri, 12 Feb 2021 10:04:16 GMT
server
etag
"090d16b261d71:0"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=1200
date
Thu, 25 Mar 2021 17:00:00 GMT
accept-ranges
bytes
content-length
3127
google-play-bg.png
online.rbb.bg/Content/images/
4 KB
4 KB
Image
General
Full URL
https://online.rbb.bg/Content/images/google-play-bg.png
Requested by
Host: online.rbb.bg
URL: https://online.rbb.bg/Content/css/style.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
194.48.206.22 , Bulgaria, ASN44396 (RBB-, BG),
Reverse DNS
online.rbb.bg
Software
/
Resource Hash
c84158c02aa08b902be924e5b9b81fd349cd09510aa72710c70a6d55ac931fcd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://online.rbb.bg/Content/css/style.min.css
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

strict-transport-security
max-age=31536000;includeSubDomains
last-modified
Fri, 12 Feb 2021 10:04:16 GMT
server
etag
"090d16b261d71:0"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=1200
date
Thu, 25 Mar 2021 17:00:00 GMT
accept-ranges
bytes
content-length
3783
326381_1_0.ttf
online.rbb.bg/Content/fonts/webfonts/
0
0

www-player-webp.css
www.youtube.com/s/player/38c5f870/ Frame 58BC
339 KB
51 KB
Stylesheet
General
Full URL
https://www.youtube.com/s/player/38c5f870/www-player-webp.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/1Wh2xI03Tgs
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9c6de398b00be04297ce1aebdf24eed587464488127326a6611438bc65dc26e3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/embed/1Wh2xI03Tgs
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Tue, 23 Mar 2021 14:45:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 23 Mar 2021 00:19:11 GMT
server
sffe
age
180873
vary
Accept-Encoding, Origin
content-type
text/css
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
52118
x-xss-protection
0
expires
Wed, 23 Mar 2022 14:45:28 GMT
www-embed-player.js
www.youtube.com/s/player/38c5f870/www-embed-player.vflset/ Frame 58BC
161 KB
58 KB
Script
General
Full URL
https://www.youtube.com/s/player/38c5f870/www-embed-player.vflset/www-embed-player.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/1Wh2xI03Tgs
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1f47665d4cc35069e17635c7584d07b44765a0634fad1475d8a6a0a163c6d246
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/embed/1Wh2xI03Tgs
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Thu, 25 Mar 2021 13:24:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 23 Mar 2021 00:19:11 GMT
server
sffe
age
12961
vary
Accept-Encoding, Origin
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
59582
x-xss-protection
0
expires
Fri, 25 Mar 2022 13:24:00 GMT
base.js
www.youtube.com/s/player/38c5f870/player_ias.vflset/en_US/ Frame 58BC
2 MB
507 KB
Script
General
Full URL
https://www.youtube.com/s/player/38c5f870/player_ias.vflset/en_US/base.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/1Wh2xI03Tgs
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5e0d14229ae0f4d80a6e75cf1344fd3d32cccfa42e39ee154993eea24064eb63
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/embed/1Wh2xI03Tgs
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Tue, 23 Mar 2021 14:54:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 23 Mar 2021 00:19:11 GMT
server
sffe
age
180339
vary
Accept-Encoding, Origin
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
519271
x-xss-protection
0
expires
Wed, 23 Mar 2022 14:54:22 GMT
fetch-polyfill.js
www.youtube.com/s/player/38c5f870/fetch-polyfill.vflset/ Frame 58BC
8 KB
9 KB
Script
General
Full URL
https://www.youtube.com/s/player/38c5f870/fetch-polyfill.vflset/fetch-polyfill.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/1Wh2xI03Tgs
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/embed/1Wh2xI03Tgs
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Wed, 24 Mar 2021 23:46:51 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Mar 2021 00:19:11 GMT
server
sffe
age
61990
vary
Accept-Encoding, Origin
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8543
x-xss-protection
0
expires
Thu, 24 Mar 2022 23:46:51 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 58BC
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/1Wh2xI03Tgs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.youtube.com
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Sat, 20 Mar 2021 01:51:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
age
486486
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15344
x-xss-protection
0
expires
Sun, 20 Mar 2022 01:51:55 GMT
FuturaPT-Medium.ttf
online.rbb.bg/Content/fonts/webfonts/
0
0

326381_0_0.ttf
online.rbb.bg/Content/fonts/webfonts/
0
0

iconset-rbb.woff
online.rbb.bg/Content/fonts/iconset-rbb//
0
0

id
googleads.g.doubleclick.net/pagead/ Frame 58BC
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/id
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
113 B
921 B
XHR
General
Full URL
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/1Wh2xI03Tgs
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
20a37521486e408f00f8cdc929f5532e568dd2dc68e011cac039da9cf9aa184f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Thu, 25 Mar 2021 17:00:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
133
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Thu, 25 Mar 2021 17:00:01 GMT
x-content-type-options
nosniff
access-control-allow-origin
https://www.youtube.com
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad_status.js
static.doubleclick.net/instream/ Frame 58BC
29 B
91 B
Script
General
Full URL
https://static.doubleclick.net/instream/ad_status.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/38c5f870/www-embed-player.vflset/www-embed-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Thu, 25 Mar 2021 16:56:04 GMT
x-content-type-options
nosniff
last-modified
Thu, 12 Dec 2013 23:40:16 GMT
server
sffe
age
237
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29
x-xss-protection
0
expires
Thu, 25 Mar 2021 17:11:04 GMT
remote.js
www.youtube.com/s/player/38c5f870/player_ias.vflset/en_US/ Frame 58BC
97 KB
32 KB
Script
General
Full URL
https://www.youtube.com/s/player/38c5f870/player_ias.vflset/en_US/remote.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/38c5f870/player_ias.vflset/en_US/base.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b4551596f954aa5759824aea3f0069656fcacb1f8a2c52d1d871f3f2e0057847
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/embed/1Wh2xI03Tgs
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Tue, 23 Mar 2021 14:54:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 23 Mar 2021 00:19:11 GMT
server
sffe
age
180319
vary
Accept-Encoding, Origin
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32696
x-xss-protection
0
expires
Wed, 23 Mar 2022 14:54:42 GMT
zo4Agt5SJcnoXNS4M1MG4WyhXvbc_d-XVm4sRsRj_20.js
www.google.com/js/th/ Frame 58BC
33 KB
12 KB
Script
General
Full URL
https://www.google.com/js/th/zo4Agt5SJcnoXNS4M1MG4WyhXvbc_d-XVm4sRsRj_20.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/38c5f870/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ce8e0082de5225c9e85cd4b8335306e16ca15ef6dcfddf97566e2c46c463ff6d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Thu, 25 Mar 2021 10:58:19 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 15 Mar 2021 13:00:00 GMT
server
sffe
age
21702
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12627
x-xss-protection
0
expires
Fri, 25 Mar 2022 10:58:19 GMT
embed.js
www.youtube.com/s/player/38c5f870/player_ias.vflset/en_US/ Frame 58BC
24 KB
7 KB
Script
General
Full URL
https://www.youtube.com/s/player/38c5f870/player_ias.vflset/en_US/embed.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/38c5f870/player_ias.vflset/en_US/base.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a20336a648e840ea05405464c67782e3deff240b1c6260c7c1eff298046fa2de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/embed/1Wh2xI03Tgs
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Tue, 23 Mar 2021 14:54:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 23 Mar 2021 00:19:11 GMT
server
sffe
age
180338
vary
Accept-Encoding, Origin
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7471
x-xss-protection
0
expires
Wed, 23 Mar 2022 14:54:23 GMT
truncated
/ Frame 58BC
175 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

Content-Type
image/png
AAUvwnho-hBZguvxqeFBlYvKWYgd7suP6iK-R8wE-BiRrg=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 58BC
3 KB
3 KB
Image
General
Full URL
https://yt3.ggpht.com/ytc/AAUvwnho-hBZguvxqeFBlYvKWYgd7suP6iK-R8wE-BiRrg=s68-c-k-c0x00ffffff-no-rj
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/1Wh2xI03Tgs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
66e9c373f8e295700917cb31e8b1d212e61f692e14ac98abfa16d0ca6cb8d38c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Thu, 25 Mar 2021 16:47:03 GMT
x-content-type-options
nosniff
age
778
content-disposition
inline;filename="unnamed.jpg"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3153
x-xss-protection
0
server
fife
etag
"v5f6"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Fri, 26 Mar 2021 08:47:03 GMT
sddefault.webp
i.ytimg.com/vi_webp/1Wh2xI03Tgs/ Frame 58BC
33 KB
33 KB
Image
General
Full URL
https://i.ytimg.com/vi_webp/1Wh2xI03Tgs/sddefault.webp
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/1Wh2xI03Tgs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b065d519a47e9f19646102ce5337382fcdc7a3f8fc7399f0d26e214c4824a1a0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Thu, 25 Mar 2021 17:00:01 GMT
x-content-type-options
nosniff
server
sffe
age
0
etag
"1589868051"
vary
Origin
content-type
image/webp
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33702
x-xss-protection
0
expires
Thu, 25 Mar 2021 19:00:01 GMT
KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 58BC
10 KB
10 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/1Wh2xI03Tgs
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
53f2931d978bf9b24d43b5d556ecf315a6b3f089699c5ba3a954c4dde8663361
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.youtube.com
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Sat, 20 Mar 2021 23:15:58 GMT
x-content-type-options
nosniff
last-modified
Mon, 16 Oct 2017 17:32:49 GMT
server
sffe
age
409443
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9832
x-xss-protection
0
expires
Sun, 20 Mar 2022 23:15:58 GMT
cast_sender.js
www.gstatic.com/cv/js/sender/v1/ Frame 58BC
4 KB
2 KB
Script
General
Full URL
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/38c5f870/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Thu, 25 Mar 2021 17:00:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 16 Feb 2021 23:57:06 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2007
x-xss-protection
0
expires
Thu, 25 Mar 2021 17:00:01 GMT
generate_204
www.youtube.com/ Frame 58BC
0
38 B
Image
General
Full URL
https://www.youtube.com/generate_204?iJjZ4w
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/1Wh2xI03Tgs
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.youtube.com/embed/1Wh2xI03Tgs
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

Response headers

date
Thu, 25 Mar 2021 17:00:02 GMT
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
log_event
www.youtube.com/youtubei/v1/ Frame 58BC
28 B
191 B
XHR
General
Full URL
https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/38c5f870/www-embed-player.vflset/www-embed-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36
Content-Type
application/json
X-YouTube-Utc-Offset
60
X-YouTube-Client-Name
56
Referer
https://www.youtube.com/embed/1Wh2xI03Tgs
X-YouTube-Client-Version
1.20210322.1.0
X-YouTube-Time-Zone
Europe/Berlin
X-Goog-Visitor-Id
CgtKb2Z4VkJkbGJlcyiRg_OCBg%3D%3D
X-YouTube-Ad-Signals
dt=1616691601710&flash=0&frm=2&u_tz=60&u_his=2&u_java&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug&u_nmime&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C566%2C304&vis=1&wgl=true&ca_type=image&bid=ANyPxKrg9lD7cvOSfZc638aywzGiiSFrgaGp3_fPNKJvAPenmXNjqBhQsxcVfhVg7X6YSKqoXZPxcvGCABPICh05uUAvQGQfOQ

Response headers

date
Thu, 25 Mar 2021 17:00:12 GMT
content-encoding
br
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
vary
Origin, X-Origin, Referer
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
content-type
application/json; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31
x-xss-protection
0
expires
Thu, 25 Mar 2021 17:00:12 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
online.rbb.bg
URL
https://online.rbb.bg/Content/fonts/webfonts/326381_1_0.woff
Domain
online.rbb.bg
URL
https://online.rbb.bg/Content/fonts/webfonts/FuturaPT-Medium.woff
Domain
online.rbb.bg
URL
https://online.rbb.bg/Content/fonts/webfonts/326381_0_0.woff
Domain
online.rbb.bg
URL
https://online.rbb.bg/Content/fonts/iconset-rbb//iconset-rbb.ttf?wxo579
Domain
online.rbb.bg
URL
https://online.rbb.bg/Content/fonts/webfonts/326381_1_0.ttf
Domain
online.rbb.bg
URL
https://online.rbb.bg/Content/fonts/webfonts/FuturaPT-Medium.ttf
Domain
online.rbb.bg
URL
https://online.rbb.bg/Content/fonts/webfonts/326381_0_0.ttf
Domain
online.rbb.bg
URL
https://online.rbb.bg/Content/fonts/iconset-rbb//iconset-rbb.woff?wxo579

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Raiffeisen Bank (Banking)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated

2 Cookies

Domain/Path Name / Value
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: JofxVBdlbes
.youtube.com/ Name: YSC
Value: g3wupYOiHEQ

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.gstatic.com
googleads.g.doubleclick.net
i.ytimg.com
online.rbb.bg
static.doubleclick.net
watch4sell.com
www.google.com
www.gstatic.com
www.gulfxs.com
www.youtube.com
yt3.ggpht.com
online.rbb.bg
103.143.46.48
194.48.206.22
198.23.59.167
2a00:1450:4001:800::2006
2a00:1450:4001:808::2003
2a00:1450:4001:808::200e
2a00:1450:4001:809::2016
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::2004
2a00:1450:4001:810::2002
2a00:1450:4001:810::200e
2a00:1450:4001:813::2001
2a00:1450:4001:82a::2003
024f472b5e2bbcd3fb3c37358806810a206f82aa7a0dba99d3a30a5e03ce9ccc
1af1054fde4c9fa4ab8cd305fb5d88dda8124e214556b1338bfbb0a5b762cb75
1f47665d4cc35069e17635c7584d07b44765a0634fad1475d8a6a0a163c6d246
20a37521486e408f00f8cdc929f5532e568dd2dc68e011cac039da9cf9aa184f
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
53f2931d978bf9b24d43b5d556ecf315a6b3f089699c5ba3a954c4dde8663361
5a95a6473130a7f166440a4008d265278e3af71adffe6bbe32230148ef543886
5c95c6c1193ef4afdf14770fe02d2f008be731d477b38ad44e3a497241984696
5d3d9b84177c0d0ef12e7e1e01ac96ba5db052f972e816d0276e69f2c17ee6ae
5e0d14229ae0f4d80a6e75cf1344fd3d32cccfa42e39ee154993eea24064eb63
61d36005a5c2101a9f6cf19ad60dfa6c4b29fa0b9d7ff87018c50ab37ee6a11b
66e9c373f8e295700917cb31e8b1d212e61f692e14ac98abfa16d0ca6cb8d38c
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
6d80dfe07d24a3d6be3c36cf7b4f5b954ae99c49668e4c00e9c4c9598d98ad44
83076093eef62bdd7f942250b7c798e62478266f3286f53c3dbdb57a4efc2d26
89dff036ab45ec3efd6e551ab3679501670c50882bcb04e3aefbc787983773b0
9c6de398b00be04297ce1aebdf24eed587464488127326a6611438bc65dc26e3
a20336a648e840ea05405464c67782e3deff240b1c6260c7c1eff298046fa2de
b065d519a47e9f19646102ce5337382fcdc7a3f8fc7399f0d26e214c4824a1a0
b2b769bc93904f1ed851dd0c266c5a14ae9fca670ec9cc39fa00065286fb1ae4
b3d3224be7e87dc55749502732ba5ad5b85128bd21a60ead42aa0d5b805817d7
b4551596f954aa5759824aea3f0069656fcacb1f8a2c52d1d871f3f2e0057847
ba74790b1e9670ae6429a7cf9f8949d51e042dfa3d2a43f34e779ee3954330eb
c2855cefb7e8c6c29bf546fcc5c022efe6e9fda9c10f19d74dbb6d9b9ebe59ea
c84158c02aa08b902be924e5b9b81fd349cd09510aa72710c70a6d55ac931fcd
ce8e0082de5225c9e85cd4b8335306e16ca15ef6dcfddf97566e2c46c463ff6d
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9