xenarmor | hxxps://gofile[.]io/d/10lzhS

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	XClient.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost.lnk	XClient.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost.lnk	XClient.exe

Executes dropped EXE 22 IoCs

pid	Process
4948	XClient.exe
3912	XClient.exe
5184	XClient.exe
1084	conhost.exe
3828	conhost.exe
1196	conhost.exe
4268	conhost.exe
4612	cdjypv.exe
4792	conhost.exe
2740	epxlcn.exe
5044	conhost.exe
4344	conhost.exe
5128	conhost.exe
4612	conhost.exe
5376	conhost.exe
5388	conhost.exe
2852	conhost.exe
4348	conhost.exe
3256	conhost.exe
4620	conhost.exe
6696	conhost.exe
5704	All-In-One.exe

Loads dropped DLL 42 IoCs

pid	Process
4948	XClient.exe
400	MsiExec.exe
4332	MsiExec.exe
4336	MsiExec.exe
4332	MsiExec.exe
4332	MsiExec.exe
4332	MsiExec.exe
4332	MsiExec.exe
5872	MsiExec.exe
5872	MsiExec.exe
4528	MsiExec.exe
3572	MsiExec.exe
5012	MsiExec.exe
2548	MsiExec.exe
3572	MsiExec.exe
3572	MsiExec.exe
3572	MsiExec.exe
3572	MsiExec.exe
4612	MsiExec.exe
4612	MsiExec.exe
5140	MsiExec.exe
4612	MsiExec.exe
3012	MsiExec.exe
4612	MsiExec.exe
4612	MsiExec.exe
6760	MsiExec.exe
7120	MsiExec.exe
7120	MsiExec.exe
7120	MsiExec.exe
6972	MsiExec.exe
4048	MsiExec.exe
7120	MsiExec.exe
7120	MsiExec.exe
6972	MsiExec.exe
6972	MsiExec.exe
6972	MsiExec.exe
6972	MsiExec.exe
7620	MsiExec.exe
7768	MsiExec.exe
7768	MsiExec.exe
8476	MsiExec.exe
5704	All-In-One.exe

Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0005000000022e51-1254.dat	upx
behavioral1/files/0x0007000000022e52-1259.dat	upx
behavioral1/files/0x0002000000022ab5-1249.dat	upx
behavioral1/files/0x0002000000022ab4-1244.dat	upx
behavioral1/files/0x0002000000022711-1239.dat	upx

Accesses Microsoft Outlook accounts 1 TTPs 1 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts	All-In-One.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost = "C:\\ProgramData\\conhost.exe"	XClient.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

Peripheral Device Discovery

T1120

System Information Discovery

description	ioc	Process
File opened (read-only)	\??\M:	MsiExec.exe
File opened (read-only)	\??\I:	MsiExec.exe
File opened (read-only)	\??\S:	MsiExec.exe
File opened (read-only)	\??\P:	MsiExec.exe
File opened (read-only)	\??\I:	MsiExec.exe
File opened (read-only)	\??\M:	MsiExec.exe
File opened (read-only)	\??\X:	MsiExec.exe
File opened (read-only)	\??\E:	MsiExec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\G:	MsiExec.exe
File opened (read-only)	\??\P:	MsiExec.exe
File opened (read-only)	\??\B:	MsiExec.exe
File opened (read-only)	\??\X:	MsiExec.exe
File opened (read-only)	\??\U:	MsiExec.exe
File opened (read-only)	\??\W:	MsiExec.exe
File opened (read-only)	\??\B:	MsiExec.exe
File opened (read-only)	\??\Y:	MsiExec.exe
File opened (read-only)	\??\V:	MsiExec.exe
File opened (read-only)	\??\Y:	MsiExec.exe
File opened (read-only)	\??\J:	MsiExec.exe
File opened (read-only)	\??\G:	MsiExec.exe
File opened (read-only)	\??\E:	MsiExec.exe
File opened (read-only)	\??\M:	MsiExec.exe
File opened (read-only)	\??\N:	MsiExec.exe
File opened (read-only)	\??\U:	MsiExec.exe
File opened (read-only)	\??\U:	MsiExec.exe
File opened (read-only)	\??\Z:	MsiExec.exe
File opened (read-only)	\??\K:	MsiExec.exe
File opened (read-only)	\??\X:	MsiExec.exe
File opened (read-only)	\??\A:	MsiExec.exe
File opened (read-only)	\??\I:	MsiExec.exe
File opened (read-only)	\??\P:	MsiExec.exe
File opened (read-only)	\??\L:	MsiExec.exe
File opened (read-only)	\??\G:	MsiExec.exe
File opened (read-only)	\??\E:	MsiExec.exe
File opened (read-only)	\??\V:	MsiExec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\J:	MsiExec.exe
File opened (read-only)	\??\I:	MsiExec.exe
File opened (read-only)	\??\L:	MsiExec.exe
File opened (read-only)	\??\H:	MsiExec.exe
File opened (read-only)	\??\A:	MsiExec.exe
File opened (read-only)	\??\J:	MsiExec.exe
File opened (read-only)	\??\Q:	MsiExec.exe
File opened (read-only)	\??\U:	MsiExec.exe
File opened (read-only)	\??\E:	MsiExec.exe
File opened (read-only)	\??\V:	MsiExec.exe
File opened (read-only)	\??\T:	MsiExec.exe
File opened (read-only)	\??\Z:	MsiExec.exe
File opened (read-only)	\??\M:	MsiExec.exe
File opened (read-only)	\??\E:	MsiExec.exe
File opened (read-only)	\??\B:	MsiExec.exe
File opened (read-only)	\??\P:	MsiExec.exe
File opened (read-only)	\??\V:	MsiExec.exe
File opened (read-only)	\??\E:	MsiExec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\N:	MsiExec.exe
File opened (read-only)	\??\J:	MsiExec.exe
File opened (read-only)	\??\B:	MsiExec.exe
File opened (read-only)	\??\Z:	MsiExec.exe
File opened (read-only)	\??\M:	MsiExec.exe
File opened (read-only)	\??\U:	MsiExec.exe
File opened (read-only)	\??\A:	MsiExec.exe
File opened (read-only)	\??\M:	msiexec.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
46	ip-api.com

Drops file in System32 directory 16 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\mfc110chs.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110fra.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110kor.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcomp110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110cht.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110deu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110jpn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcamp110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm110u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110enu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110esn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110ita.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110rus.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm110.dll	msiexec.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\Desktop\Wallpaper = "C:\\vcredist2010_x64.log.html"	XClient.exe

Drops file in Windows directory 28 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI7CD2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI112D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\msvcp140_1.dll_x86	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI62DE.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1355.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\concrt140.dll_x86	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7C63.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1354.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\vccorlib140.dll_x64	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7B88.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\CacheSize.txt	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\concrt140.dll_x64	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\vcruntime140.dll_x64	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\msvcp140_1.dll_x64	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4C67.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI11DA.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1277.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\msvcp140.dll_x86	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF06D.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI12F5.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\vccorlib140.dll_x86	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\msvcp140.dll_x64	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\vcruntime140.dll_x86	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFE4.tmp	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\CacheSize.txt	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

Peripheral Device Discovery

T1120

System Information Discovery

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000d9d47eb9a1a06eb40000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000d9d47eb90000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900d9d47eb9000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dd9d47eb9000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000d9d47eb900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe

Checks processor information in registry 2 TTPs 22 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	XClient.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	MsiExec.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	MsiExec.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MsiExec.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MsiExec.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	MsiExec.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MsiExec.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	MsiExec.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MsiExec.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	XClient.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MsiExec.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	MsiExec.exe

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

pid	Process
5956	schtasks.exe

Enumerates system info in registry 2 TTPs 10 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate	XClient.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	XClient.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion	XClient.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	XClient.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\31	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\32	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C	msiexec.exe

Modifies registry class 12 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\00006109E70000000100000000F01FEC\SourceList\LastUsedSource = "n;1;C:\\program files\\microsoft office\\root\\integration\\"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings	calc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}v14.30.30704\\packages\\vcRuntimeMinimum_x86\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}v14.30.30704\\packages\\vcRuntimeAdditional_amd64\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\\packages\\vcRuntimeMinimum_amd64\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\679E80FBE29B63345BF612177149674C\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\679E80FBE29B63345BF612177149674C\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\\packages\\vcRuntimeAdditional_x86\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\00006109E70000000100000000F01FEC\SourceList	msiexec.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 913486.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4948	XClient.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1616	msedge.exe
1616	msedge.exe
5108	msedge.exe
5108	msedge.exe
808	identity_helper.exe
808	identity_helper.exe
5264	powershell.exe
5264	powershell.exe
5264	powershell.exe
5436	powershell.exe
5436	powershell.exe
5436	powershell.exe
5616	powershell.exe
5616	powershell.exe
5616	powershell.exe
5788	powershell.exe
5788	powershell.exe
5788	powershell.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4948	XClient.exe
4816	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4948	XClient.exe
Token: SeDebugPrivilege	3912	XClient.exe
Token: SeDebugPrivilege	5264	powershell.exe
Token: SeDebugPrivilege	5436	powershell.exe
Token: SeDebugPrivilege	5616	powershell.exe
Token: SeDebugPrivilege	5788	powershell.exe
Token: SeDebugPrivilege	4948	XClient.exe
Token: SeDebugPrivilege	5184	XClient.exe
Token: SeDebugPrivilege	1084	conhost.exe
Token: SeDebugPrivilege	3828	conhost.exe
Token: SeDebugPrivilege	1196	conhost.exe
Token: SeDebugPrivilege	4268	conhost.exe
Token: 33	3828	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3828	AUDIODG.EXE
Token: SeDebugPrivilege	4792	conhost.exe
Token: SeDebugPrivilege	5044	conhost.exe
Token: SeDebugPrivilege	4344	conhost.exe
Token: SeDebugPrivilege	5128	conhost.exe
Token: SeDebugPrivilege	4612	conhost.exe
Token: SeDebugPrivilege	5376	conhost.exe
Token: SeDebugPrivilege	5388	conhost.exe
Token: SeDebugPrivilege	2852	conhost.exe
Token: 33	5904	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5904	AUDIODG.EXE
Token: SeDebugPrivilege	4348	conhost.exe
Token: SeShutdownPrivilege	5416	MsiExec.exe
Token: SeIncreaseQuotaPrivilege	5416	MsiExec.exe
Token: SeShutdownPrivilege	4448	MsiExec.exe
Token: SeIncreaseQuotaPrivilege	4448	MsiExec.exe
Token: SeShutdownPrivilege	868	MsiExec.exe
Token: SeIncreaseQuotaPrivilege	868	MsiExec.exe
Token: SeSecurityPrivilege	1988	msiexec.exe
Token: SeCreateTokenPrivilege	5416	MsiExec.exe
Token: SeAssignPrimaryTokenPrivilege	5416	MsiExec.exe
Token: SeLockMemoryPrivilege	5416	MsiExec.exe
Token: SeIncreaseQuotaPrivilege	5416	MsiExec.exe
Token: SeMachineAccountPrivilege	5416	MsiExec.exe
Token: SeTcbPrivilege	5416	MsiExec.exe
Token: SeSecurityPrivilege	5416	MsiExec.exe
Token: SeTakeOwnershipPrivilege	5416	MsiExec.exe
Token: SeLoadDriverPrivilege	5416	MsiExec.exe
Token: SeSystemProfilePrivilege	5416	MsiExec.exe
Token: SeSystemtimePrivilege	5416	MsiExec.exe
Token: SeProfSingleProcessPrivilege	5416	MsiExec.exe
Token: SeIncBasePriorityPrivilege	5416	MsiExec.exe
Token: SeCreatePagefilePrivilege	5416	MsiExec.exe
Token: SeCreatePermanentPrivilege	5416	MsiExec.exe
Token: SeBackupPrivilege	5416	MsiExec.exe
Token: SeRestorePrivilege	5416	MsiExec.exe
Token: SeShutdownPrivilege	5416	MsiExec.exe
Token: SeDebugPrivilege	5416	MsiExec.exe
Token: SeAuditPrivilege	5416	MsiExec.exe
Token: SeSystemEnvironmentPrivilege	5416	MsiExec.exe
Token: SeChangeNotifyPrivilege	5416	MsiExec.exe
Token: SeRemoteShutdownPrivilege	5416	MsiExec.exe
Token: SeUndockPrivilege	5416	MsiExec.exe
Token: SeSyncAgentPrivilege	5416	MsiExec.exe
Token: SeEnableDelegationPrivilege	5416	MsiExec.exe
Token: SeManageVolumePrivilege	5416	MsiExec.exe
Token: SeImpersonatePrivilege	5416	MsiExec.exe
Token: SeCreateGlobalPrivilege	5416	MsiExec.exe
Token: SeCreateTokenPrivilege	4448	MsiExec.exe
Token: SeAssignPrimaryTokenPrivilege	4448	MsiExec.exe
Token: SeLockMemoryPrivilege	4448	MsiExec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
3640	notepad.exe
4904	msedge.exe
4904	msedge.exe
868	MsiExec.exe
4448	MsiExec.exe
5416	MsiExec.exe
5700	MsiExec.exe
244	MsiExec.exe
384	MsiExec.exe
5996	MsiExec.exe
5544	MsiExec.exe
5996	MsiExec.exe
384	MsiExec.exe
244	MsiExec.exe
5544	MsiExec.exe
5700	MsiExec.exe
5248	MsiExec.exe
4764	MsiExec.exe
3044	MsiExec.exe

Suspicious use of SendNotifyMessage 35 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
4948	XClient.exe
4948	XClient.exe
4948	XClient.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4948	XClient.exe
4816	OpenWith.exe
4948	XClient.exe
5704	All-In-One.exe
5704	All-In-One.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5108 wrote to memory of 2920	5108	msedge.exe	82
PID 5108 wrote to memory of 2920	5108	msedge.exe	82
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 2256	5108	msedge.exe	83
PID 5108 wrote to memory of 1616	5108	msedge.exe	84
PID 5108 wrote to memory of 1616	5108	msedge.exe	84
PID 5108 wrote to memory of 2752	5108	msedge.exe	85
PID 5108 wrote to memory of 2752	5108	msedge.exe	85
PID 5108 wrote to memory of 2752	5108	msedge.exe	85
PID 5108 wrote to memory of 2752	5108	msedge.exe	85
PID 5108 wrote to memory of 2752	5108	msedge.exe	85
PID 5108 wrote to memory of 2752	5108	msedge.exe	85
PID 5108 wrote to memory of 2752	5108	msedge.exe	85
PID 5108 wrote to memory of 2752	5108	msedge.exe	85
PID 5108 wrote to memory of 2752	5108	msedge.exe	85
PID 5108 wrote to memory of 2752	5108	msedge.exe	85
PID 5108 wrote to memory of 2752	5108	msedge.exe	85
PID 5108 wrote to memory of 2752	5108	msedge.exe	85
PID 5108 wrote to memory of 2752	5108	msedge.exe	85
PID 5108 wrote to memory of 2752	5108	msedge.exe	85
PID 5108 wrote to memory of 2752	5108	msedge.exe	85
PID 5108 wrote to memory of 2752	5108	msedge.exe	85
PID 5108 wrote to memory of 2752	5108	msedge.exe	85
PID 5108 wrote to memory of 2752	5108	msedge.exe	85
PID 5108 wrote to memory of 2752	5108	msedge.exe	85
PID 5108 wrote to memory of 2752	5108	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/10lzhS
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8354246f8,0x7ff835424708,0x7ff835424718
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,16020548269046679382,466963119071923158,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,16020548269046679382,466963119071923158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,16020548269046679382,466963119071923158,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16020548269046679382,466963119071923158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16020548269046679382,466963119071923158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16020548269046679382,466963119071923158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,16020548269046679382,466963119071923158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,16020548269046679382,466963119071923158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16020548269046679382,466963119071923158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16020548269046679382,466963119071923158,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16020548269046679382,466963119071923158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16020548269046679382,466963119071923158,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16020548269046679382,466963119071923158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,16020548269046679382,466963119071923158,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16020548269046679382,466963119071923158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2156,16020548269046679382,466963119071923158,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6204 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,16020548269046679382,466963119071923158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6244 /prefetch:8
  2⤵
  PID:3900
- C:\Users\Admin\Downloads\XClient.exe
  "C:\Users\Admin\Downloads\XClient.exe"
  2⤵
  - Checks computer location settings
  - Drops startup file
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Sets desktop wallpaper using registry
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4948
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\XClient.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5264
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XClient.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5436
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\conhost.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5616
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'conhost.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5788
- - C:\Windows\System32\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "conhost" /tr "C:\ProgramData\conhost.exe"
    3⤵
    - Creates scheduled task(s)
    PID:5956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/
    3⤵
    PID:3756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8354246f8,0x7ff835424708,0x7ff835424718
      4⤵
      PID:4692
- - C:\Windows\SYSTEM32\cmd.exe
    cmd.exe /c start calc
    3⤵
    PID:3600
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      Modifies registry class
      PID:228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:4904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8354246f8,0x7ff835424708,0x7ff835424718
      4⤵
      PID:2360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,7566321662052949644,13485049516917258837,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
      4⤵
      PID:3080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,7566321662052949644,13485049516917258837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
      4⤵
      PID:6060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,7566321662052949644,13485049516917258837,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
      4⤵
      PID:4300
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7566321662052949644,13485049516917258837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
      4⤵
      PID:3796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7566321662052949644,13485049516917258837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
      4⤵
      PID:1104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7566321662052949644,13485049516917258837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
      4⤵
      PID:5628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,7566321662052949644,13485049516917258837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
      4⤵
      PID:4376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,7566321662052949644,13485049516917258837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
      4⤵
      PID:380
- - C:\Users\Admin\AppData\Local\Temp\cdjypv.exe
    "C:\Users\Admin\AppData\Local\Temp\cdjypv.exe"
    3⤵
    - Executes dropped EXE
    PID:4612
- - C:\Users\Admin\AppData\Local\Temp\epxlcn.exe
    "C:\Users\Admin\AppData\Local\Temp\epxlcn.exe"
    3⤵
    - Executes dropped EXE
    PID:2740
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd"
    3⤵
    PID:540
  - - C:\Windows\system32\netsh.exe
      netsh wlan show profiles
      4⤵
      PID:3912
- - C:\Windows\SYSTEM32\CMD.EXE
    "CMD.EXE"
    3⤵
    PID:5872
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{71024AE4-039E-4CA4-87B4-2F64180401F0}
    3⤵
    - Enumerates connected drives
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:5416
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{64A3A4F4-B792-11D6-A78A-00B0D0180381}
    3⤵
    - Enumerates connected drives
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:868
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:4448
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}
    3⤵
    PID:2168
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{2BB73336-4F69-4141-9797-E9BD6FE3980A}
    3⤵
    PID:376
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{79043ED0-7ED1-4227-A5E5-04C5594D21F7}
    3⤵
    PID:5616
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{C7B73281-AB0A-4DAD-A09F-5C30D40679AC}
    3⤵
    PID:3232
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
    3⤵
    PID:4936
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
    3⤵
    PID:2488
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
    3⤵
    PID:3944
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
    3⤵
    PID:4464
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{37B8F9C7-03FB-3253-8781-2517C99D7C00}
    3⤵
    PID:60
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
    3⤵
    PID:5596
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9}
    3⤵
    PID:5260
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
    3⤵
    PID:2700
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}
    3⤵
    PID:4320
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{CB0836EC-B072-368D-82B2-D3470BF95707}
    3⤵
    PID:5664
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{7DAD0258-515C-3DD4-8964-BD714199E0F7}
    3⤵
    PID:5224
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}
    3⤵
    PID:2672
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}
    3⤵
    - Suspicious use of FindShellTrayWindow
    PID:244
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{662A0088-6FCD-45DD-9EA7-68674058AED5}
    3⤵
    - Enumerates connected drives
    - Suspicious use of FindShellTrayWindow
    PID:5700
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{BF08E976-B92E-4336-B56F-2171179476C4}
    3⤵
    - Enumerates connected drives
    - Suspicious use of FindShellTrayWindow
    PID:384
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}
    3⤵
    - Enumerates connected drives
    - Suspicious use of FindShellTrayWindow
    PID:5996
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{BCC2FB07-8CF0-4542-B10C-61BCEF04AFF2}
    3⤵
    PID:3080
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}
    3⤵
    PID:4324
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{D46F1FD9-2FE8-4D05-B2AC-011C23B69B24}
    3⤵
    PID:4944
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{90160000-008C-0000-1000-0000000FF1CE}
    3⤵
    PID:2256
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{90160000-007E-0000-1000-0000000FF1CE}
    3⤵
    - Suspicious use of FindShellTrayWindow
    PID:5544
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{90160000-008C-0409-1000-0000000FF1CE}
    3⤵
    PID:5388
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}
    3⤵
    PID:3912
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{E634F316-BEB6-4FB3-A612-F7102F576165}
    3⤵
    PID:4664
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{9F51D16B-42E8-4A4A-8228-75045541A2AE}
    3⤵
    PID:5584
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}
    3⤵
    PID:2604
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}
    3⤵
    PID:5472
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{71024AE4-039E-4CA4-87B4-2F64180401F0}
    3⤵
    - Enumerates connected drives
    - Checks processor information in registry
    - Suspicious use of FindShellTrayWindow
    PID:5248
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}
    3⤵
    PID:3948
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}
    3⤵
    PID:2744
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{BCC2FB07-8CF0-4542-B10C-61BCEF04AFF2}
    3⤵
    PID:5808
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{79043ED0-7ED1-4227-A5E5-04C5594D21F7}
    3⤵
    PID:5516
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}
    3⤵
    PID:4708
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{C7B73281-AB0A-4DAD-A09F-5C30D40679AC}
    3⤵
    PID:3448
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
    3⤵
    PID:4896
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
    3⤵
    PID:208
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
    3⤵
    PID:1560
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
    3⤵
    PID:2448
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{37B8F9C7-03FB-3253-8781-2517C99D7C00}
    3⤵
    PID:4592
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
    3⤵
    PID:3356
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9}
    3⤵
    PID:4916
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
    3⤵
    PID:4492
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}
    3⤵
    PID:5972
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{CB0836EC-B072-368D-82B2-D3470BF95707}
    3⤵
    PID:1868
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{7DAD0258-515C-3DD4-8964-BD714199E0F7}
    3⤵
    PID:2688
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}
    3⤵
    - Enumerates connected drives
    - Suspicious use of FindShellTrayWindow
    PID:4764
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{662A0088-6FCD-45DD-9EA7-68674058AED5}
    3⤵
    - Suspicious use of FindShellTrayWindow
    PID:3044
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{BF08E976-B92E-4336-B56F-2171179476C4}
    3⤵
    PID:5136
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}
    3⤵
    - Enumerates connected drives
    PID:3316
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{E634F316-BEB6-4FB3-A612-F7102F576165}
    3⤵
    PID:3980
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}
    3⤵
    PID:6092
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{D46F1FD9-2FE8-4D05-B2AC-011C23B69B24}
    3⤵
    PID:5868
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{90160000-008C-0000-1000-0000000FF1CE}
    3⤵
    PID:2144
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{90160000-007E-0000-1000-0000000FF1CE}
    3⤵
    - Enumerates connected drives
    PID:3364
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{9F51D16B-42E8-4A4A-8228-75045541A2AE}
    3⤵
    PID:1104
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{90160000-008C-0409-1000-0000000FF1CE}
    3⤵
    PID:6128
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{64A3A4F4-B792-11D6-A78A-00B0D0180381}
    3⤵
    - Enumerates connected drives
    - Checks processor information in registry
    PID:6140
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
    3⤵
    - Enumerates connected drives
    PID:688
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}
    3⤵
    PID:5280
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}
    3⤵
    PID:4412
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{2BB73336-4F69-4141-9797-E9BD6FE3980A}
    3⤵
    PID:1300
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{71024AE4-039E-4CA4-87B4-2F64180401F0}
    3⤵
    - Enumerates connected drives
    - Checks processor information in registry
    PID:1596
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{9F51D16B-42E8-4A4A-8228-75045541A2AE}
    3⤵
    PID:6136
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}
    3⤵
    PID:4584
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}
    3⤵
    PID:2160
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{BCC2FB07-8CF0-4542-B10C-61BCEF04AFF2}
    3⤵
    PID:5364
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{2BB73336-4F69-4141-9797-E9BD6FE3980A}
    3⤵
    PID:4428
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}
    3⤵
    PID:2368
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{C7B73281-AB0A-4DAD-A09F-5C30D40679AC}
    3⤵
    PID:1488
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
    3⤵
    PID:3252
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
    3⤵
    PID:924
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
    3⤵
    PID:4672
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
    3⤵
    PID:4576
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{37B8F9C7-03FB-3253-8781-2517C99D7C00}
    3⤵
    PID:4872
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
    3⤵
    PID:2668
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9}
    3⤵
    PID:2780
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
    3⤵
    PID:3244
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}
    3⤵
    PID:1808
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{CB0836EC-B072-368D-82B2-D3470BF95707}
    3⤵
    PID:5720
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{7DAD0258-515C-3DD4-8964-BD714199E0F7}
    3⤵
    PID:5176
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}
    3⤵
    PID:2496
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}
    3⤵
    - Enumerates connected drives
    PID:4424
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{662A0088-6FCD-45DD-9EA7-68674058AED5}
    3⤵
    - Enumerates connected drives
    PID:5996
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{BF08E976-B92E-4336-B56F-2171179476C4}
    3⤵
    - Enumerates connected drives
    PID:4680
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}
    3⤵
    - Enumerates connected drives
    PID:1352
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{E634F316-BEB6-4FB3-A612-F7102F576165}
    3⤵
    PID:1112
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}
    3⤵
    PID:5464
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{D46F1FD9-2FE8-4D05-B2AC-011C23B69B24}
    3⤵
    PID:5032
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{90160000-008C-0000-1000-0000000FF1CE}
    3⤵
    PID:4968
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{90160000-007E-0000-1000-0000000FF1CE}
    3⤵
    PID:5292
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{90160000-008C-0409-1000-0000000FF1CE}
    3⤵
    PID:6048
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}
    3⤵
    PID:4684
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
    3⤵
    - Enumerates connected drives
    PID:5692
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{79043ED0-7ED1-4227-A5E5-04C5594D21F7}
    3⤵
    PID:4472
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{64A3A4F4-B792-11D6-A78A-00B0D0180381}
    3⤵
    - Checks processor information in registry
    PID:3916
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{71024AE4-039E-4CA4-87B4-2F64180401F0}
    3⤵
    - Enumerates connected drives
    - Checks processor information in registry
    PID:5592
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{2BB73336-4F69-4141-9797-E9BD6FE3980A}
    3⤵
    PID:3568
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}
    3⤵
    PID:532
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}
    3⤵
    PID:724
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{BCC2FB07-8CF0-4542-B10C-61BCEF04AFF2}
    3⤵
    PID:1268
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{79043ED0-7ED1-4227-A5E5-04C5594D21F7}
    3⤵
    PID:5404
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}
    3⤵
    PID:3468
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{C7B73281-AB0A-4DAD-A09F-5C30D40679AC}
    3⤵
    PID:5352
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
    3⤵
    PID:5532
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
    3⤵
    PID:4676
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
    3⤵
    PID:5700
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{37B8F9C7-03FB-3253-8781-2517C99D7C00}
    3⤵
    PID:2164
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
    3⤵
    PID:4272
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9}
    3⤵
    PID:1720
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
    3⤵
    PID:3744
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}
    3⤵
    PID:2316
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{CB0836EC-B072-368D-82B2-D3470BF95707}
    3⤵
    - Enumerates connected drives
    PID:2444
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{7DAD0258-515C-3DD4-8964-BD714199E0F7}
    3⤵
    PID:5328
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}
    3⤵
    PID:844
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}
    3⤵
    - Enumerates connected drives
    PID:820
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{662A0088-6FCD-45DD-9EA7-68674058AED5}
    3⤵
    PID:6124
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{BF08E976-B92E-4336-B56F-2171179476C4}
    3⤵
    - Enumerates connected drives
    PID:5476
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}
    3⤵
    - Enumerates connected drives
    PID:6164
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{E634F316-BEB6-4FB3-A612-F7102F576165}
    3⤵
    PID:6196
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}
    3⤵
    PID:6208
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{64A3A4F4-B792-11D6-A78A-00B0D0180381}
    3⤵
    - Enumerates connected drives
    - Checks processor information in registry
    PID:6240
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{90160000-008C-0409-1000-0000000FF1CE}
    3⤵
    PID:6264
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{90160000-008C-0000-1000-0000000FF1CE}
    3⤵
    PID:6296
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{9F51D16B-42E8-4A4A-8228-75045541A2AE}
    3⤵
    PID:6360
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
    3⤵
    PID:6412
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}
    3⤵
    PID:6452
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
    3⤵
    PID:6468
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{D46F1FD9-2FE8-4D05-B2AC-011C23B69B24}
    3⤵
    PID:6508
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{90160000-007E-0000-1000-0000000FF1CE}
    3⤵
    - Enumerates connected drives
    PID:6532
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{9F51D16B-42E8-4A4A-8228-75045541A2AE}
    3⤵
    PID:6580
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}
    3⤵
    PID:6592
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}
    3⤵
    PID:6600
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{BCC2FB07-8CF0-4542-B10C-61BCEF04AFF2}
    3⤵
    PID:6636
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{79043ED0-7ED1-4227-A5E5-04C5594D21F7}
    3⤵
    PID:6660
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}
    3⤵
    PID:6684
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{C7B73281-AB0A-4DAD-A09F-5C30D40679AC}
    3⤵
    PID:6716
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
    3⤵
    PID:6740
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
    3⤵
    PID:6784
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
    3⤵
    - Enumerates connected drives
    PID:6848
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{64A3A4F4-B792-11D6-A78A-00B0D0180381}
    3⤵
    - Enumerates connected drives
    - Checks processor information in registry
    PID:6864
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{2BB73336-4F69-4141-9797-E9BD6FE3980A}
    3⤵
    PID:6888
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
    3⤵
    PID:6928
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9}
    3⤵
    PID:6992
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
    3⤵
    PID:7040
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}
    3⤵
    PID:7100
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{CB0836EC-B072-368D-82B2-D3470BF95707}
    3⤵
    PID:7132
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{7DAD0258-515C-3DD4-8964-BD714199E0F7}
    3⤵
    PID:1184
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}
    3⤵
    PID:6252
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}
    3⤵
    - Enumerates connected drives
    PID:6336
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{662A0088-6FCD-45DD-9EA7-68674058AED5}
    3⤵
    - Enumerates connected drives
    PID:6260
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{BF08E976-B92E-4336-B56F-2171179476C4}
    3⤵
    - Enumerates connected drives
    PID:5324
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}
    3⤵
    - Enumerates connected drives
    PID:6860
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{E634F316-BEB6-4FB3-A612-F7102F576165}
    3⤵
    PID:5752
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}
    3⤵
    PID:7028
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{D46F1FD9-2FE8-4D05-B2AC-011C23B69B24}
    3⤵
    PID:7060
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{90160000-008C-0000-1000-0000000FF1CE}
    3⤵
    PID:7072
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{90160000-007E-0000-1000-0000000FF1CE}
    3⤵
    - Enumerates connected drives
    PID:5560
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{90160000-008C-0409-1000-0000000FF1CE}
    3⤵
    PID:6588
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
    3⤵
    PID:3896
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /I{71024AE4-039E-4CA4-87B4-2F64180401F0}
    3⤵
    - Enumerates connected drives
    - Checks processor information in registry
    PID:7000
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{37B8F9C7-03FB-3253-8781-2517C99D7C00}
    3⤵
    - Enumerates connected drives
    PID:7208
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}
    3⤵
    PID:7304
- - C:\Windows\SYSTEM32\MsiExec.exe
    MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
    3⤵
    PID:7316
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /c Cd %temp% && All-In-One.exe OutPut.json
    3⤵
    PID:8948
  - - C:\Users\Admin\AppData\Local\Temp\All-In-One.exe
      All-In-One.exe OutPut.json
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Accesses Microsoft Outlook accounts
      Suspicious use of SetWindowsHookEx
      PID:5704
- C:\Users\Admin\Downloads\XClient.exe
  "C:\Users\Admin\Downloads\XClient.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16020548269046679382,466963119071923158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16020548269046679382,466963119071923158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16020548269046679382,466963119071923158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,16020548269046679382,466963119071923158,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6024 /prefetch:2
  2⤵
  PID:5872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4584

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5176

C:\Users\Admin\Downloads\XClient.exe
"C:\Users\Admin\Downloads\XClient.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5184

C:\ProgramData\conhost.exe
C:\ProgramData\conhost.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1084

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:3640

C:\ProgramData\conhost.exe
C:\ProgramData\conhost.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3828

C:\ProgramData\conhost.exe
C:\ProgramData\conhost.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1196

C:\ProgramData\conhost.exe
C:\ProgramData\conhost.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4268

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1444

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e8 0x4c0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3828

C:\ProgramData\conhost.exe
C:\ProgramData\conhost.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4792

C:\ProgramData\conhost.exe
C:\ProgramData\conhost.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5044

C:\ProgramData\conhost.exe
C:\ProgramData\conhost.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4344

C:\ProgramData\conhost.exe
C:\ProgramData\conhost.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5128

C:\ProgramData\conhost.exe
C:\ProgramData\conhost.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4612

C:\ProgramData\conhost.exe
C:\ProgramData\conhost.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5376

C:\ProgramData\conhost.exe
C:\ProgramData\conhost.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5388

C:\ProgramData\conhost.exe
C:\ProgramData\conhost.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2852

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e8 0x4c0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5904

C:\ProgramData\conhost.exe
C:\ProgramData\conhost.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4348

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1988
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 6DF517BDE64F5C274F3FB228188117B3 C
  2⤵
  - Loads dropped DLL
  PID:400
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8386003F77F18062654E610D0525C7E6 C
  2⤵
  - Loads dropped DLL
  PID:4332
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding E70B036A2B35AE75AF9301DF807A294B C
  2⤵
  - Loads dropped DLL
  PID:4336
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 1AC3F9D65F7E9DD2FC7FF591025EAF71
  2⤵
  - Loads dropped DLL
  PID:5872
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding B8546DC2ABEB31A79CDD06F4EDD7C0A1 C
  2⤵
  - Loads dropped DLL
  PID:4528
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 6E2E7569C2CA3DFC9B2E34B1D7DAD3D0 C
  2⤵
  - Loads dropped DLL
  PID:3572
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding D2928CD02F24FD72BAA8F47540A0B782 C
  2⤵
  - Loads dropped DLL
  PID:5012
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 7A159F207CF890C5F241C305FB819CA4 C
  2⤵
  - Loads dropped DLL
  PID:2548
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2EBF3AE34EF2CDE9DB65DC54B43F4AD7 C
  2⤵
  - Loads dropped DLL
  PID:4612
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding A8B05C6B7A0B81DB67713F17D03C3B0D C
  2⤵
  - Loads dropped DLL
  PID:5140
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding E722ACA26E9AF728674E2E70307E5DF6 C
  2⤵
  - Loads dropped DLL
  PID:3012
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding D4D92784BAA2CC0783E07AAABD5D6EDB C
  2⤵
  - Loads dropped DLL
  PID:6760
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding DF45E71E1523936E254B2D15096726D9 C
  2⤵
  - Loads dropped DLL
  PID:7120
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding E8A68880DB37AAB5E75118BD58D9EA22 C
  2⤵
  - Loads dropped DLL
  PID:6972
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 11C787BE037E96803A7E61203653D8C3 C
  2⤵
  - Loads dropped DLL
  PID:4048
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 8E8B520673086B8E40285F25926D26EA C
  2⤵
  - Loads dropped DLL
  PID:7620
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding B791E83FAEB5CBA56067F0537E0266C9
  2⤵
  - Loads dropped DLL
  PID:7768
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:8400
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding F1C09B284E0EBA98CCF376A415BA470C
  2⤵
  - Loads dropped DLL
  PID:8476

C:\ProgramData\conhost.exe
C:\ProgramData\conhost.exe
1⤵
- Executes dropped EXE
PID:3256

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:944

C:\ProgramData\conhost.exe
C:\ProgramData\conhost.exe
1⤵
- Executes dropped EXE
PID:4620

C:\ProgramData\conhost.exe
C:\ProgramData\conhost.exe
1⤵
- Executes dropped EXE
PID:6696

C:\ProgramData\conhost.exe
C:\ProgramData\conhost.exe
1⤵
PID:5444

Network

DNS

gofile.io

XClient.exe

Remote address:

8.8.8.8:53

Request

gofile.io

IN A

Response

gofile.io

IN A

51.38.43.18

gofile.io

IN A

151.80.29.83

gofile.io

IN A

51.178.66.33
GET

https://gofile.io/d/10lzhS

msedge.exe

Remote address:

51.38.43.18:443

Request

GET /d/10lzhS HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:21 GMT
content-type: text/html; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Thu, 25 Jan 2024 10:59:02 GMT
etag: W/"278f-18d4045f1d9"
content-encoding: gzip
GET

https://gofile.io/dist/css/bootstrap.min.css

msedge.exe

Remote address:

51.38.43.18:443

Request

GET /dist/css/bootstrap.min.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:22 GMT
content-type: text/css; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"2fbaa-1857d39aa87"
content-encoding: gzip
GET

https://gofile.io/dist/css/bootstrap-icons.css

msedge.exe

Remote address:

51.38.43.18:443

Request

GET /dist/css/bootstrap-icons.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:22 GMT
content-type: text/css; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"17579-1857d39aa87"
content-encoding: gzip
GET

https://gofile.io/dist/css/bootstrap-nightfall.css

msedge.exe

Remote address:

51.38.43.18:443

Request

GET /dist/css/bootstrap-nightfall.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:22 GMT
content-type: text/css; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"c869-1857d39aa87"
content-encoding: gzip
GET

https://gofile.io/dist/css/plyr.css

msedge.exe

Remote address:

51.38.43.18:443

Request

GET /dist/css/plyr.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:22 GMT
content-type: text/css; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Sun, 08 Jan 2023 19:47:36 GMT
etag: W/"85ae-18592ec961b"
content-encoding: gzip
GET

https://gofile.io/dist/css/allcss.css

msedge.exe

Remote address:

51.38.43.18:443

Request

GET /dist/css/allcss.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:22 GMT
content-type: text/css; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Fri, 26 Jan 2024 00:18:13 GMT
etag: W/"758-18d43219e7e"
content-encoding: gzip
GET

https://gofile.io/dist/js/bootstrap.bundle.min.js

msedge.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/bootstrap.bundle.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:22 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"2339-1857d39aa8b"
content-encoding: gzip
GET

https://gofile.io/dist/js/sha256.min.js

msedge.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/sha256.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:22 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"13a49-1857d39aa87"
content-encoding: gzip
GET

https://gofile.io/dist/js/qrcode.min.js

msedge.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/qrcode.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:22 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"4dda-1857d39aa8b"
content-encoding: gzip
GET

https://gofile.io/dist/js/dayjs.min.js

msedge.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/dayjs.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:22 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"1a0e-1857d39aa8b"
content-encoding: gzip
GET

https://gofile.io/dist/js/customParseFormat.js

msedge.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/customParseFormat.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:22 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"ea2-1857d39aa8b"
content-encoding: gzip
GET

https://gofile.io/dist/js/marked.min.js

msedge.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/marked.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:22 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"aca2-1857d39aa8b"
content-encoding: gzip
GET

https://gofile.io/dist/js/plyr.js

msedge.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/plyr.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:22 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Sun, 08 Jan 2023 19:47:36 GMT
etag: W/"1b1b2-18592ec961b"
content-encoding: gzip
GET

https://gofile.io/dist/js/chart.umd.min.js

msedge.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/chart.umd.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:22 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Thu, 06 Jun 2024 01:30:15 GMT
etag: W/"37ce1-18feb2b025e"
content-encoding: gzip
GET

https://gofile.io/dist/js/alljs.js

msedge.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/alljs.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:22 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 08 Mar 2023 18:58:17 GMT
etag: W/"3094c-186c296a29e"
content-encoding: gzip
GET

https://gofile.io/dist/img/logo-small-70.png

msedge.exe

Remote address:

51.38.43.18:443

Request

GET /dist/img/logo-small-70.png HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:22 GMT
content-type: image/png
content-length: 2367
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"93f-1857d39aa87"
GET

https://gofile.io/dist/css/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47

msedge.exe

Remote address:

51.38.43.18:443

Request

GET /dist/css/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47 HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://gofile.io
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:22 GMT
content-type: font/woff2
content-length: 121296
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"1d9d0-1857d39aa87"
GET

https://gofile.io/dist/img/favicon96.png

msedge.exe

Remote address:

51.38.43.18:443

Request

GET /dist/img/favicon96.png HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:23 GMT
content-type: image/png
content-length: 2886
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"b46-1857d39aa87"
GET

https://gofile.io/dist/img/favicon32.png

msedge.exe

Remote address:

51.38.43.18:443

Request

GET /dist/img/favicon32.png HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:23 GMT
content-type: image/png
content-length: 903
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"387-1857d39aa87"
GET

https://gofile.io/dist/img/favicon16.png

msedge.exe

Remote address:

51.38.43.18:443

Request

GET /dist/img/favicon16.png HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:23 GMT
content-type: image/png
content-length: 503
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"1f7-1857d39aa87"
GET

https://gofile.io/contents/files.html

msedge.exe

Remote address:

51.38.43.18:443

Request

GET /contents/files.html HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=cPENt9GHmlphCwWKHMAOy7yocan2c1VC

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:23 GMT
content-type: text/html; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Thu, 06 Jun 2024 01:24:30 GMT
etag: W/"4cfc-18feb25bcb3"
content-encoding: gzip
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

18.43.38.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.43.38.51.in-addr.arpa

IN PTR

Response

18.43.38.51.in-addr.arpa

IN PTR

ns3120834ip-51-38-43eu
DNS

75.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.159.190.20.in-addr.arpa

IN PTR

Response
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

api.gofile.io

msedge.exe

Remote address:

8.8.8.8:53

Request

api.gofile.io

IN A

Response

api.gofile.io

IN A

151.80.29.83

api.gofile.io

IN A

51.38.43.18

api.gofile.io

IN A

51.178.66.33
POST

https://api.gofile.io/accounts

msedge.exe

Remote address:

151.80.29.83:443

Request

POST /accounts HTTP/2.0
host: api.gofile.io
content-length: 2
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:23 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
etag: W/"6f-iHy6g4l82+biG0f6u17ZEuUpQKk"
content-encoding: gzip
OPTIONS

https://api.gofile.io/accounts/3d0c0fd9-637f-4d49-811f-9b45f0f545f8

msedge.exe

Remote address:

151.80.29.83:443

Request

OPTIONS /accounts/3d0c0fd9-637f-4d49-811f-9b45f0f545f8 HTTP/2.0
host: api.gofile.io
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization
origin: https://gofile.io
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:23 GMT
content-type: text/html; charset=utf-8
content-length: 8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
allow: GET,HEAD
etag: W/"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg"
GET

https://api.gofile.io/accounts/3d0c0fd9-637f-4d49-811f-9b45f0f545f8

msedge.exe

Remote address:

151.80.29.83:443

Request

GET /accounts/3d0c0fd9-637f-4d49-811f-9b45f0f545f8 HTTP/2.0
host: api.gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
sec-ch-ua-mobile: ?0
authorization: Bearer cPENt9GHmlphCwWKHMAOy7yocan2c1VC
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:23 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
etag: W/"111-NFE5W2w5SJTd3q8ZYQ342ZovJqg"
content-encoding: gzip
OPTIONS

https://api.gofile.io/contents/10lzhS?wt=4fd6sg89d7s6

msedge.exe

Remote address:

151.80.29.83:443

Request

OPTIONS /contents/10lzhS?wt=4fd6sg89d7s6 HTTP/2.0
host: api.gofile.io
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization
origin: https://gofile.io
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:24 GMT
content-type: text/html; charset=utf-8
content-length: 15
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
allow: GET,HEAD,DELETE
etag: W/"f-vwvPzyVoI/ffOSHTCooZCn+JbCg"
GET

https://api.gofile.io/contents/10lzhS?wt=4fd6sg89d7s6

msedge.exe

Remote address:

151.80.29.83:443

Request

GET /contents/10lzhS?wt=4fd6sg89d7s6 HTTP/2.0
host: api.gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
sec-ch-ua-mobile: ?0
authorization: Bearer cPENt9GHmlphCwWKHMAOy7yocan2c1VC
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 08 Jun 2024 19:42:24 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
etag: W/"2b7-Ce+uUVjvqAH1gR1fJFxSuoTTR5k"
content-encoding: gzip
DNS

83.29.80.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

83.29.80.151.in-addr.arpa

IN PTR

Response

83.29.80.151.in-addr.arpa

IN PTR

ns3048708ip-151-80-29eu
DNS

s.gofile.io

msedge.exe

Remote address:

8.8.8.8:53

Request

s.gofile.io

IN A

Response

s.gofile.io

IN A

51.75.242.210
GET

https://s.gofile.io/js/script.js

msedge.exe

Remote address:

51.75.242.210:443

Request

GET /js/script.js HTTP/2.0
host: s.gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=cPENt9GHmlphCwWKHMAOy7yocan2c1VC

Response

HTTP/2.0 200

access-control-allow-origin: *
cache-control: public, max-age=86400, must-revalidate
content-type: application/javascript
cross-origin-resource-policy: cross-origin
date: Sat, 08 Jun 2024 19:42:23 GMT
server: Cowboy
x-content-type-options: nosniff
content-length: 1346
POST

https://s.gofile.io/api/event

msedge.exe

Remote address:

51.75.242.210:443

Request

POST /api/event HTTP/2.0
host: s.gofile.io
content-length: 74
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 202

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers:
cache-control: max-age=0, private, must-revalidate
content-type: text/plain; charset=utf-8
date: Sat, 08 Jun 2024 19:42:24 GMT
server: Cowboy
x-request-id: F9ce42IhSL_pAM6aT4SC
content-length: 2
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

210.242.75.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.242.75.51.in-addr.arpa

IN PTR

Response

210.242.75.51.in-addr.arpa

IN PTR

mailgofileio
DNS

store10.gofile.io

msedge.exe

Remote address:

8.8.8.8:53

Request

store10.gofile.io

IN A

Response

store10.gofile.io

IN A

31.14.70.252
GET

https://store10.gofile.io/download/web/1a269dc3-0817-4526-9242-9d18341662d1/XClient.exe

msedge.exe

Remote address:

31.14.70.252:443

Request

GET /download/web/1a269dc3-0817-4526-9242-9d18341662d1/XClient.exe HTTP/1.1
Host: store10.gofile.io
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://gofile.io/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: accountToken=cPENt9GHmlphCwWKHMAOy7yocan2c1VC

Response

HTTP/1.1 200 OK

Server: nginx/1.21.6
Date: Sat, 08 Jun 2024 19:42:27 GMT
Content-Type: application/x-msdos-program
Content-Length: 76288
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Accept, Accept-Language, Content-Language, Content-Type, Content-Length, Range, Authorization
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Cache-Control, Content-Encoding, Content-Range
Content-Disposition: attachment; filename="XClient.exe"
Last-Modified: Sat, 08 Jun 2024 19:41:49 GMT
DNS

252.70.14.31.in-addr.arpa

Remote address:

8.8.8.8:53

Request

252.70.14.31.in-addr.arpa

IN PTR

Response

252.70.14.31.in-addr.arpa

IN PTR

31-14-70-252custmojifr
DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

ip-api.com

XClient.exe

Remote address:

8.8.8.8:53

Request

ip-api.com

IN A

Response

ip-api.com

IN A

208.95.112.1
GET

http://ip-api.com/line/?fields=hosting

XClient.exe

Remote address:

208.95.112.1:80

Request

GET /line/?fields=hosting HTTP/1.1
Host: ip-api.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 08 Jun 2024 19:42:39 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 6
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
DNS

1.112.95.208.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.112.95.208.in-addr.arpa

IN PTR

Response

1.112.95.208.in-addr.arpa

IN PTR

ip-apicom
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

moving-agenda.gl.at.ply.gg

XClient.exe

Remote address:

8.8.8.8:53

Request

moving-agenda.gl.at.ply.gg

IN A

Response

moving-agenda.gl.at.ply.gg

IN A

147.185.221.20
DNS

20.221.185.147.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.221.185.147.in-addr.arpa

IN PTR

Response
DNS

20.221.185.147.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.221.185.147.in-addr.arpa

IN PTR
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

pornhub.com

msedge.exe

Remote address:

8.8.8.8:53

Request

pornhub.com

IN A

Response

pornhub.com

IN A

66.254.114.41
GET

http://pornhub.com/

msedge.exe

Remote address:

66.254.114.41:80

Request

GET / HTTP/1.1
Host: pornhub.com
Connection: keep-alive
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

content-length: 0
location: https://pornhub.com/
DNS

msedge.exe

Remote address:

66.254.114.41:80

Response

HTTP/1.1 408 Request Time-out

Content-length: 110
Cache-Control: no-cache
Connection: close
Content-Type: text/html
GET

https://pornhub.com/

msedge.exe

Remote address:

66.254.114.41:443

Request

GET / HTTP/2.0
host: pornhub.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

content-length: 0
location: https://www.pornhub.com/
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/

msedge.exe

Remote address:

66.254.114.41:443

Request

GET / HTTP/2.0
host: www.pornhub.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: openresty
date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: text/html; charset=UTF-8
set-cookie: platform=pc; expires=Sat, 15-Jun-2024 19:44:03 GMT; Max-Age=604800; path=/; domain=pornhub.com; secure
set-cookie: ss=141304893629904476; expires=Sun, 08-Jun-2025 19:44:03 GMT; Max-Age=31536000; path=/; domain=pornhub.com; secure
set-cookie: __s=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=pornhub.com; secure
set-cookie: __l=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=pornhub.com; secure
x-frame-options: SAMEORIGIN
cache-control: no-cache, no-store, must-revalidate
vary: User-Agent
rating: RTA-5042-1996-1400-1577-RTA
content-encoding: gzip
set-cookie: __s=6664B483-42FE722901BB2CDD0C-130A0146; Secure; Samesite=None
set-cookie: __l=6664B483-42FE722901BB2CDD0C-130A0146; Secure; Samesite=None; Max-Age=31556926
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1717875843%2C%22hash%22%3A%22690aeedc4f0a565539658eaa4980f86d%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hbresp=header&hb=37ABF1C4-1D73-47FB-AAEC-0ECA7417A6DE&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A5%7D%2C%7B%22zone%22%3A2184351%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa

msedge.exe

Remote address:

66.254.114.41:443

Request

GET /_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1717875843%2C%22hash%22%3A%22690aeedc4f0a565539658eaa4980f86d%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hbresp=header&hb=37ABF1C4-1D73-47FB-AAEC-0ECA7417A6DE&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A5%7D%2C%7B%22zone%22%3A2184351%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa HTTP/2.0
host: www.pornhub.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=141304893629904476
cookie: __s=6664B483-42FE722901BB2CDD0C-130A0146
cookie: __l=6664B483-42FE722901BB2CDD0C-130A0146

Response

HTTP/2.0 202

server: openresty
date: Sat, 08 Jun 2024 19:44:03 GMT
content-length: 0
cache-control: private, no-cache, proxy-revalidate, no-store, max-age=0
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1717875843%2C%22hash%22%3A%22690aeedc4f0a565539658eaa4980f86d%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hc=37ABF1C4-1D73-47FB-AAEC-0ECA7417A6DE&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A5%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa

msedge.exe

Remote address:

66.254.114.41:443

Request

GET /_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1717875843%2C%22hash%22%3A%22690aeedc4f0a565539658eaa4980f86d%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hc=37ABF1C4-1D73-47FB-AAEC-0ECA7417A6DE&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A5%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa HTTP/2.0
host: www.pornhub.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=141304893629904476
cookie: __s=6664B483-42FE722901BB2CDD0C-130A0146
cookie: __l=6664B483-42FE722901BB2CDD0C-130A0146

Response

HTTP/2.0 200

server: openresty
date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: application/json
cache-control: private, no-cache, proxy-revalidate, no-store, max-age=0
headerbiding: 1
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type
access-control-max-age: 86400
content-encoding: gzip
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1717875843%2C%22hash%22%3A%22690aeedc4f0a565539658eaa4980f86d%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hc=37ABF1C4-1D73-47FB-AAEC-0ECA7417A6DE&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A2184351%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa

msedge.exe

Remote address:

66.254.114.41:443

Request

GET /_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1717875843%2C%22hash%22%3A%22690aeedc4f0a565539658eaa4980f86d%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hc=37ABF1C4-1D73-47FB-AAEC-0ECA7417A6DE&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A2184351%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa HTTP/2.0
host: www.pornhub.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=141304893629904476
cookie: __s=6664B483-42FE722901BB2CDD0C-130A0146
cookie: __l=6664B483-42FE722901BB2CDD0C-130A0146

Response

HTTP/2.0 200

server: openresty
date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: application/json
cache-control: private, no-cache, proxy-revalidate, no-store, max-age=0
headerbiding: 1
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type
access-control-max-age: 86400
content-encoding: gzip
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
POST

https://www.pornhub.com/_i?type=event&event=consent-modal-open

msedge.exe

Remote address:

66.254.114.41:443

Request

POST /_i?type=event&event=consent-modal-open HTTP/2.0
host: www.pornhub.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
x-requested-with: XMLHttpRequest
content-type: application/x-www-form-urlencoded; charset=UTF-8
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.pornhub.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=141304893629904476
cookie: __s=6664B483-42FE722901BB2CDD0C-130A0146
cookie: __l=6664B483-42FE722901BB2CDD0C-130A0146
cookie: cookieConsent=1

Response

HTTP/2.0 200

content-length: 0
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/front/menu_livesex?segment=straight&token=MTcxNzg3NTg0M1Vs0dM3tajmh2d85j_-87DpWc4zOFbZwrF1eBHBVG4RwLvPXrhidEqmhxP_S2lHK6v4_plGGyJFnzgE0eNmLwA.

msedge.exe

Remote address:

66.254.114.41:443

Request

GET /front/menu_livesex?segment=straight&token=MTcxNzg3NTg0M1Vs0dM3tajmh2d85j_-87DpWc4zOFbZwrF1eBHBVG4RwLvPXrhidEqmhxP_S2lHK6v4_plGGyJFnzgE0eNmLwA. HTTP/2.0
host: www.pornhub.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
x-requested-with: XMLHttpRequest
content-type: application/x-www-form-urlencoded; charset=UTF-8
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=141304893629904476
cookie: __s=6664B483-42FE722901BB2CDD0C-130A0146
cookie: __l=6664B483-42FE722901BB2CDD0C-130A0146
cookie: cookieConsent=1

Response

HTTP/2.0 200

server: openresty
date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: text/html; charset=UTF-8
set-cookie: __s=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=pornhub.com; secure
set-cookie: __l=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=pornhub.com; secure
x-frame-options: SAMEORIGIN
cache-control: no-cache, no-store, must-revalidate
vary: User-Agent
rating: RTA-5042-1996-1400-1577-RTA
content-encoding: gzip
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/_xa/deep_pixel?info=CiQ2YWZiM2IzZS05NGQ5LTQ5MTEtYTM4OS1mZTQ0Zjk3ZmRkNDQQg%2BmSswYaIjZiZWM4NjY5ZTZmMDQ1ZTg5OWJmNjRmNzIwMWE1MzZlLTIgAjCfqYUBOJ%2BphQFA%2FfgESJOY4t8DUgEyWNXrqd4DYKu0yvIDciBlNDE2NzkxYmQ1ZjQ0ODZhODU4MGNiNjFkNzk5ODFjY4EBi%2BB%2FK9mxIT%2BSAQJHQpoBA0VOR6IBBkxvbmRvbsoBEmd0dCBjb21tdW5pY2F0aW9uc9IBBHdpZmnaAQd3aW5kb3dz4gEOMTkxLjEwMS4yMDkuMzn6AQ4xOTEuMTAxLjIwOS4zOYICB2RlZDc2NTaIAiGSAgRlZGdlmgIERUMxTqoCBDEwLjCyAgQ5Mi4w2AKFr4TSBeACt5%2FnlQT6AgExggNfeyJhY3Rvcl9pZCI6bnVsbCwiY29udGVudF90eXBlIjpudWxsLCJ2aWRlb19pZCI6bnVsbCwiaGFzaCI6IjY5MGFlZWRjNGYwYTU2NTUzOTY1OGVhYTQ5ODBmODZkIn2SAwdkZXNrdG9wmgMCZW6oAwHCAwRob21lmAQB&noc=1&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F92.0.4515.131+Safari%2F537.36+Edg%2F92.0.902.67

msedge.exe

Remote address:

66.254.114.41:443

Request

GET /_xa/deep_pixel?info=CiQ2YWZiM2IzZS05NGQ5LTQ5MTEtYTM4OS1mZTQ0Zjk3ZmRkNDQQg%2BmSswYaIjZiZWM4NjY5ZTZmMDQ1ZTg5OWJmNjRmNzIwMWE1MzZlLTIgAjCfqYUBOJ%2BphQFA%2FfgESJOY4t8DUgEyWNXrqd4DYKu0yvIDciBlNDE2NzkxYmQ1ZjQ0ODZhODU4MGNiNjFkNzk5ODFjY4EBi%2BB%2FK9mxIT%2BSAQJHQpoBA0VOR6IBBkxvbmRvbsoBEmd0dCBjb21tdW5pY2F0aW9uc9IBBHdpZmnaAQd3aW5kb3dz4gEOMTkxLjEwMS4yMDkuMzn6AQ4xOTEuMTAxLjIwOS4zOYICB2RlZDc2NTaIAiGSAgRlZGdlmgIERUMxTqoCBDEwLjCyAgQ5Mi4w2AKFr4TSBeACt5%2FnlQT6AgExggNfeyJhY3Rvcl9pZCI6bnVsbCwiY29udGVudF90eXBlIjpudWxsLCJ2aWRlb19pZCI6bnVsbCwiaGFzaCI6IjY5MGFlZWRjNGYwYTU2NTUzOTY1OGVhYTQ5ODBmODZkIn2SAwdkZXNrdG9wmgMCZW6oAwHCAwRob21lmAQB&noc=1&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F92.0.4515.131+Safari%2F537.36+Edg%2F92.0.902.67 HTTP/2.0
host: www.pornhub.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=141304893629904476
cookie: __s=6664B483-42FE722901BB2CDD0C-130A0146
cookie: __l=6664B483-42FE722901BB2CDD0C-130A0146
cookie: cookieConsent=1

Response

HTTP/2.0 200

server: openresty
date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/gif
content-length: 35
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Sun, 22 Jan 1984 03:00:00 GMT
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/_xa/deep_pixel?info=CiRjMjAwOTdmNS04ZGZlLTRmY2YtOWUzMC0yMTdlY2RlZTY0MzcQg%2BmSswYaIjZiZWM4NjY5ZTZmMDQ1ZTg5OWJmNjRmNzIwMWE1MzZlLTEoATAFOAVIsYzX3wNSATJYsdaA3QNg49KP8gNyIGU0MTY3OTFiZDVmNDQ4NmE4NTgwY2I2MWQ3OTk4MWNjgQHxaOOItfjkPpIBAkdCmgEDRU5HogEGTG9uZG9uygESZ3R0IGNvbW11bmljYXRpb25z0gEEd2lmadoBB3dpbmRvd3PiAQ4xOTEuMTAxLjIwOS4zOfoBDjE5MS4xMDEuMjA5LjM5ggIHZGVkNzY1NogCIZICBGVkZ2WaAgRFQzFOqgIEMTAuMLICBDkyLjDYAs%2BS%2B84F4ALX4%2BaUBPoCATGCA197ImFjdG9yX2lkIjpudWxsLCJjb250ZW50X3R5cGUiOm51bGwsInZpZGVvX2lkIjpudWxsLCJoYXNoIjoiNjkwYWVlZGM0ZjBhNTY1NTM5NjU4ZWFhNDk4MGY4NmQifZIDB2Rlc2t0b3CaAwJlbsIDBGhvbWWYBAE%3D&noc=1&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F92.0.4515.131+Safari%2F537.36+Edg%2F92.0.902.67

msedge.exe

Remote address:

66.254.114.41:443

Request

GET /_xa/deep_pixel?info=CiRjMjAwOTdmNS04ZGZlLTRmY2YtOWUzMC0yMTdlY2RlZTY0MzcQg%2BmSswYaIjZiZWM4NjY5ZTZmMDQ1ZTg5OWJmNjRmNzIwMWE1MzZlLTEoATAFOAVIsYzX3wNSATJYsdaA3QNg49KP8gNyIGU0MTY3OTFiZDVmNDQ4NmE4NTgwY2I2MWQ3OTk4MWNjgQHxaOOItfjkPpIBAkdCmgEDRU5HogEGTG9uZG9uygESZ3R0IGNvbW11bmljYXRpb25z0gEEd2lmadoBB3dpbmRvd3PiAQ4xOTEuMTAxLjIwOS4zOfoBDjE5MS4xMDEuMjA5LjM5ggIHZGVkNzY1NogCIZICBGVkZ2WaAgRFQzFOqgIEMTAuMLICBDkyLjDYAs%2BS%2B84F4ALX4%2BaUBPoCATGCA197ImFjdG9yX2lkIjpudWxsLCJjb250ZW50X3R5cGUiOm51bGwsInZpZGVvX2lkIjpudWxsLCJoYXNoIjoiNjkwYWVlZGM0ZjBhNTY1NTM5NjU4ZWFhNDk4MGY4NmQifZIDB2Rlc2t0b3CaAwJlbsIDBGhvbWWYBAE%3D&noc=1&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F92.0.4515.131+Safari%2F537.36+Edg%2F92.0.902.67 HTTP/2.0
host: www.pornhub.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=141304893629904476
cookie: __s=6664B483-42FE722901BB2CDD0C-130A0146
cookie: __l=6664B483-42FE722901BB2CDD0C-130A0146
cookie: cookieConsent=1

Response

HTTP/2.0 200

server: openresty
date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/gif
content-length: 35
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Sun, 22 Jan 1984 03:00:00 GMT
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/_xa/fla/log?action=ad_view&ad_id=1045600811&campaign_id=1006144531&initial_zone_id=2184351&member_id=1003124181&zone_id=2184351

msedge.exe

Remote address:

66.254.114.41:443

Request

GET /_xa/fla/log?action=ad_view&ad_id=1045600811&campaign_id=1006144531&initial_zone_id=2184351&member_id=1003124181&zone_id=2184351 HTTP/2.0
host: www.pornhub.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model: ""
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=141304893629904476
cookie: __s=6664B483-42FE722901BB2CDD0C-130A0146
cookie: __l=6664B483-42FE722901BB2CDD0C-130A0146
cookie: cookieConsent=1

Response

HTTP/2.0 200

server: nginx
date: Sat, 08 Jun 2024 19:44:05 GMT
content-length: 0
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/service-worker.js

msedge.exe

Remote address:

66.254.114.41:443

Request

GET /service-worker.js HTTP/2.0
host: www.pornhub.com
cache-control: max-age=0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
service-worker: script
sec-fetch-site: same-origin
sec-fetch-mode: same-origin
sec-fetch-dest: serviceworker
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=141304893629904476
cookie: __s=6664B483-42FE722901BB2CDD0C-130A0146
cookie: __l=6664B483-42FE722901BB2CDD0C-130A0146
cookie: cookieConsent=1

Response

HTTP/2.0 200

server: openresty
date: Sat, 08 Jun 2024 19:44:05 GMT
content-type: application/javascript
content-length: 683
last-modified: Thu, 06 Jun 2024 22:52:07 GMT
etag: "66623d97-2ab"
x-frame-options: SAMEORIGIN
expires: Sun, 06 Oct 2024 19:44:05 GMT
cache-control: max-age=10368000
pragma: public
cache-control: public
accept-ranges: bytes
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
DNS

www.pornhub.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.pornhub.com

IN A

Response

www.pornhub.com

IN CNAME

pornhub.com

pornhub.com

IN A

66.254.114.41
DNS

static.trafficjunky.com

msedge.exe

Remote address:

8.8.8.8:53

Request

static.trafficjunky.com

IN A

Response

static.trafficjunky.com

IN CNAME

static.trafficjunky.com.sds.rncdn7.com

static.trafficjunky.com.sds.rncdn7.com

IN A

64.210.156.20

static.trafficjunky.com.sds.rncdn7.com

IN A

64.210.156.21

static.trafficjunky.com.sds.rncdn7.com

IN A

64.210.156.22

static.trafficjunky.com.sds.rncdn7.com

IN A

64.210.156.23

static.trafficjunky.com.sds.rncdn7.com

IN A

64.210.156.16

static.trafficjunky.com.sds.rncdn7.com

IN A

64.210.156.17

static.trafficjunky.com.sds.rncdn7.com

IN A

64.210.156.18

static.trafficjunky.com.sds.rncdn7.com

IN A

64.210.156.19
DNS

ei.phncdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ei.phncdn.com

IN A

Response

ei.phncdn.com

IN CNAME

ei.phncdn.com.sds.rncdn7.com

ei.phncdn.com.sds.rncdn7.com

IN A

64.210.156.22

ei.phncdn.com.sds.rncdn7.com

IN A

64.210.156.23

ei.phncdn.com.sds.rncdn7.com

IN A

64.210.156.16

ei.phncdn.com.sds.rncdn7.com

IN A

64.210.156.17

ei.phncdn.com.sds.rncdn7.com

IN A

64.210.156.18

ei.phncdn.com.sds.rncdn7.com

IN A

64.210.156.19

ei.phncdn.com.sds.rncdn7.com

IN A

64.210.156.20

ei.phncdn.com.sds.rncdn7.com

IN A

64.210.156.21
GET

https://static.trafficjunky.com/invocation/embeddedads/production/embeddedads.es6.min.js

msedge.exe

Remote address:

64.210.156.20:443

Request

GET /invocation/embeddedads/production/embeddedads.es6.min.js HTTP/2.0
host: static.trafficjunky.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 08 May 2024 17:17:29 GMT
etag: W/"82171bb5b-16a7a-617f47a257c40"
expires: Mon, 09 Sep 2024 10:19:00 GMT
cache-control: max-age=1725877140
content-encoding: br
x-cdn-diag: lon1-16009-1-6806-h-0-0---;16032-39-25012----0-0-0
GET

https://static.trafficjunky.com/ab/ads_test.js

msedge.exe

Remote address:

64.210.156.20:443

Request

GET /ab/ads_test.js HTTP/2.0
host: static.trafficjunky.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 26 Jul 2023 19:30:36 GMT
etag: W/"6bb93e32b-7e3-60168e1c0cf00"
expires: Mon, 29 Jul 2024 09:32:40 GMT
cache-control: max-age=3600
content-encoding: br
x-cdn-diag: lon1-16032-2-19422-h-0-0---;16032-39-25012----0-0-0
GET

https://static.trafficjunky.com/invocation/popunder/production/popunder.min.js

msedge.exe

Remote address:

64.210.156.20:443

Request

GET /invocation/popunder/production/popunder.min.js HTTP/2.0
host: static.trafficjunky.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 02 May 2024 15:47:47 GMT
etag: W/"2e4fe4eef-735b-6177a864e6ec0"
expires: Wed, 04 Sep 2024 13:36:54 GMT
cache-control: max-age=1725457014
content-encoding: br
x-cdn-diag: lon1-16008-1-23877-h-0-0---;16032-51-25012----0-2-0
GET

https://ei.phncdn.com/www-static/css/global-backgrounds.css?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/css/global-backgrounds.css?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: text/css
content-length: 1921
last-modified: Thu, 06 Jun 2024 14:35:04 GMT
etag: "6661c918-781"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:12 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16009-2-6869-h-0-0---;16009-39-50042----0-0-1
GET

https://ei.phncdn.com/www-static/css/generated-header.css?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/css/generated-header.css?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: text/css
content-length: 66126
last-modified: Thu, 06 Jun 2024 14:35:04 GMT
etag: "6661c918-1024e"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:12 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16032-1-19356-h-0-0---;16009-39-50042----0-0-1
GET

https://ei.phncdn.com/www-static/css/front-index-pc.css?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/css/front-index-pc.css?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: text/css
content-length: 7198
last-modified: Thu, 06 Jun 2024 14:35:04 GMT
etag: "6661c918-1c1e"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:15 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-3-37366-h-0-0---;16009-39-50042----0-0-1
GET

https://ei.phncdn.com/www-static/css/flags/round_flag.css?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/css/flags/round_flag.css?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: text/css
content-length: 2065
last-modified: Thu, 06 Jun 2024 14:35:04 GMT
etag: "6661c918-811"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:12 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16032-1-19355-h-0-0---;16009-39-50042----0-0-1
GET

https://ei.phncdn.com/www-static/css/ph-icons.css?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/css/ph-icons.css?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: text/css
content-length: 2527
last-modified: Thu, 06 Jun 2024 14:35:04 GMT
etag: "6661c918-9df"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:11 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16009-1-6804-h-0-0---;16009-39-50042----0-0-1
GET

https://ei.phncdn.com/www-static/js/cookieBanner/cookie_banner.js?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/cookieBanner/cookie_banner.js?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: application/javascript
content-length: 6979
last-modified: Wed, 29 May 2024 14:19:43 GMT
etag: "6657397f-1b43"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:11 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16032-3-19460-h-0-0---;16009-39-50042----0-0-1
GET

https://ei.phncdn.com/www-static/js/lib/utils/mg_utils-1.0.0.js?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/lib/utils/mg_utils-1.0.0.js?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: application/javascript
content-length: 3893
last-modified: Wed, 29 May 2024 14:19:43 GMT
etag: "6657397f-f35"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:11 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-2-37306-h-0-0---;16009-39-50042----0-0-2
GET

https://ei.phncdn.com/www-static/js/lib/ph-functions.js?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/lib/ph-functions.js?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: application/javascript
content-length: 8993
last-modified: Wed, 29 May 2024 14:19:43 GMT
etag: "6657397f-2321"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:11 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-3-37348-h-0-0---;16009-39-50042----0-0-2
GET

https://ei.phncdn.com/www-static/js/mg_modal-1.0.0.js?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/mg_modal-1.0.0.js?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: application/javascript
content-length: 1279
last-modified: Tue, 30 Jan 2024 10:10:09 GMT
etag: "65b8cb01-4ff"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:11 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-3-23995-h-0-0---;16009-61-50042----0-0-1
GET

https://ei.phncdn.com/www-static/images/pornhub_logo_straight.svg?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/images/pornhub_logo_straight.svg?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: image/svg+xml
content-length: 2338
last-modified: Thu, 01 Jun 2023 20:31:47 GMT
etag: "64790033-922"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:11 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-1-23876-h-0-0---;16009-61-50042----0-0-1
GET

https://ei.phncdn.com/pics/logos/9091.png?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /pics/logos/9091.png?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: image/png
content-length: 2940
expires: Fri, 04 Oct 2024 07:19:48 GMT
cache-control: max-age=10341576
last-modified: Thu, 11 Apr 2024 20:34:05 GMT
x-pending-security: A valid hash was not supplied.
etag: "1fa09d754-b7c-615d8138e4110"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16008-1-23876-h-0-0---;16009-61-50042----0-0-1
GET

https://ei.phncdn.com/www-static/css/large.css?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/css/large.css?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: text/css
content-length: 6470
last-modified: Thu, 11 Jan 2024 20:49:32 GMT
etag: "65a0545c-1946"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:12 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-1-37263-h-0-0---;16009-61-50042----0-0-0
GET

https://ei.phncdn.com/www-static/js/lib/vue/vue.min.js

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/lib/vue/vue.min.js HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: application/javascript
content-length: 32666
last-modified: Thu, 01 Jun 2023 20:32:18 GMT
etag: "64790052-7f9a"
content-encoding: br
expires: Thu, 25 Jan 2024 19:48:23 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16009-1-6807-h-0-0---;16009-47-50042----0-0-0
GET

https://ei.phncdn.com/www-static/js/lib/vue/vue-custom-element.min.js

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/lib/vue/vue-custom-element.min.js HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: application/javascript
content-length: 3155
last-modified: Thu, 01 Jun 2023 20:32:18 GMT
etag: "64790052-c53"
content-encoding: br
expires: Thu, 25 Jan 2024 19:48:23 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16009-2-6870-h-0-0---;16009-47-50042----0-0-0
GET

https://ei.phncdn.com/www-static/js/lib/generated-lib.js?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/lib/generated-lib.js?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: application/javascript
content-length: 28633
last-modified: Wed, 29 May 2024 14:19:43 GMT
etag: "6657397f-6fd9"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:12 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-3-37366-h-0-0---;16009-47-50042----0-0-0
GET

https://ei.phncdn.com/www-static/js/lib/networkbar-5.0.0.js?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/lib/networkbar-5.0.0.js?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: application/javascript
content-length: 7819
last-modified: Tue, 21 May 2024 12:16:09 GMT
etag: "664c9089-1e8b"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:12 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-2-37325-h-0-0---;16009-47-50042----0-0-0
GET

https://ei.phncdn.com/www-static/js/front-index.js?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/front-index.js?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: application/javascript
content-length: 1232
last-modified: Tue, 30 Jan 2024 10:10:09 GMT
etag: "65b8cb01-4d0"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:15 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16032-3-19460-h-0-0---;16009-47-50042----0-0-0
GET

https://ei.phncdn.com/www-static/images/countryFlags/svgs/united_kingdom.svg?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/images/countryFlags/svgs/united_kingdom.svg?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ei.phncdn.com/www-static/css/flags/round_flag.css?cache=2024060601
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: image/svg+xml
content-length: 975
last-modified: Thu, 01 Jun 2023 20:31:55 GMT
etag: "6479003b-3cf"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:13 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-2-23938-h-0-0---;16009-46-50042----0-0-0
GET

https://ei.phncdn.com/www-static/images/verified-badge.svg?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/images/verified-badge.svg?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ei.phncdn.com/www-static/css/generated-header.css?cache=2024060601
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: image/svg+xml
content-length: 167
last-modified: Thu, 01 Jun 2023 20:31:48 GMT
etag: "64790034-a7"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:12 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-2-37307-h-0-0---;16009-46-50042----0-0-0
GET

https://ei.phncdn.com/www-static/images/channel-badge.svg?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/images/channel-badge.svg?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ei.phncdn.com/www-static/css/generated-header.css?cache=2024060601
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/svg+xml
content-length: 457
last-modified: Thu, 01 Jun 2023 20:31:47 GMT
etag: "64790033-1c9"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:12 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-1-23876-h-0-0---;16009-45-50042----0-0-0
GET

https://ei.phncdn.com/www-static/images/trophy-icon-Pornstar.svg?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/images/trophy-icon-Pornstar.svg?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ei.phncdn.com/www-static/css/generated-header.css?cache=2024060601
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/svg+xml
content-length: 432
last-modified: Thu, 01 Jun 2023 20:31:48 GMT
etag: "64790034-1b0"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:12 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16032-2-19423-h-0-0---;16009-45-50042----0-0-1
GET

https://ei.phncdn.com/videos/202405/09/452244951/original/(m=q79I5KZbeafTGgaaaa)(mh=yMRU5JV7wTNvkdPK)0.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202405/09/452244951/original/(m=q79I5KZbeafTGgaaaa)(mh=yMRU5JV7wTNvkdPK)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/jpeg
content-length: 14874
expires: Sat, 14 Sep 2024 13:50:53 GMT
cache-control: max-age=10029305
last-modified: Tue, 21 May 2024 11:55:39 GMT
etag: "caef-618f57f1ed40f"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16008-2-23940-h-0-0---;16009-45-50042----0-0-1
GET

https://ei.phncdn.com/videos/202405/21/452760141/original/(m=qKTQ6KZbeafTGgaaaa)(mh=7CwB3ljtIIvl9z4C)0.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202405/21/452760141/original/(m=qKTQ6KZbeafTGgaaaa)(mh=7CwB3ljtIIvl9z4C)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/jpeg
content-length: 16654
expires: Wed, 22 May 2024 23:20:07 GMT
cache-control: max-age=86400
last-modified: Tue, 21 May 2024 23:09:24 GMT
etag: "107db-618fee8a7896d"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16008-1-23878-h-0-0---;16009-45-50042----0-0-1
GET

https://ei.phncdn.com/videos/202405/20/452723391/original/(m=qOHZ3KZbeafTGgaaaa)(mh=BEw9TMvbuSzsPJw4)0.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202405/20/452723391/original/(m=qOHZ3KZbeafTGgaaaa)(mh=BEw9TMvbuSzsPJw4)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/jpeg
content-length: 13699
expires: Wed, 22 May 2024 00:08:49 GMT
cache-control: max-age=86400
last-modified: Mon, 20 May 2024 22:18:16 GMT
etag: "c286-618ea13fa77a3"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16032-2-19421-h-0-0---;16009-45-50042----0-0-0
GET

https://ei.phncdn.com/videos/202405/18/452623901/original/(m=qT7R0KZbeafTGgaaaa)(mh=MOQeH2yePsKB_j8b)0.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202405/18/452623901/original/(m=qT7R0KZbeafTGgaaaa)(mh=MOQeH2yePsKB_j8b)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/jpeg
content-length: 16600
expires: Mon, 20 May 2024 19:18:07 GMT
cache-control: max-age=86400
last-modified: Sun, 19 May 2024 16:57:17 GMT
etag: "115a3-618d17a2e3d91"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16009-2-6871-h-0-0---;16009-45-50042----0-0-0
GET

https://ei.phncdn.com/videos/202405/11/452330031/original/(m=qQM2-JZbeafTGgaaaa)(mh=FBuGCAKne9GIRP6b)0.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202405/11/452330031/original/(m=qQM2-JZbeafTGgaaaa)(mh=FBuGCAKne9GIRP6b)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/jpeg
content-length: 15602
expires: Tue, 16 Jul 2024 18:51:57 GMT
cache-control: max-age=10372719
last-modified: Mon, 18 Mar 2024 16:52:58 GMT
etag: "ea95-613f230983cf8"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16009-2-6870-h-0-0---;16009-45-50042----0-0-0
GET

https://ei.phncdn.com/videos/202403/12/449449741/original/(m=qQR8W-YbeafTGgaaaa)(mh=GMrv70wShSiow7gJ)0.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202403/12/449449741/original/(m=qQR8W-YbeafTGgaaaa)(mh=GMrv70wShSiow7gJ)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/jpeg
content-length: 18021
expires: Sun, 12 May 2024 21:23:25 GMT
cache-control: max-age=86400
last-modified: Sat, 11 May 2024 20:44:58 GMT
etag: "11eee-61833b9b64ab8"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16007-1-37245-h-0-0---;16009-45-50042----0-0-1
GET

https://ei.phncdn.com/videos/202405/15/452499191/thumbs_25/(m=eafTGgaaaa)(mh=V0iMUHzj88vsC-gX)11.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202405/15/452499191/thumbs_25/(m=eafTGgaaaa)(mh=V0iMUHzj88vsC-gX)11.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/jpeg
content-length: 8774
expires: Sun, 29 Sep 2024 01:17:24 GMT
cache-control: max-age=10338592
last-modified: Sat, 01 Jun 2024 09:27:23 GMT
etag: "13f21-619d0b52799c8"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16032-2-19423-h-0-0---;16009-45-50042----0-0-0
GET

https://ei.phncdn.com/videos/202405/12/452370401/original/(m=qVMMIKZbeafTGgaaaa)(mh=WSf5O0xssXXg32R1)0.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202405/12/452370401/original/(m=qVMMIKZbeafTGgaaaa)(mh=WSf5O0xssXXg32R1)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/jpeg
content-length: 14418
expires: Mon, 13 May 2024 20:34:59 GMT
cache-control: max-age=86400
last-modified: Sun, 12 May 2024 19:30:23 GMT
etag: "cd72-61846ccd997f1"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16008-2-23940-h-0-0---;16009-45-50042----0-0-1
GET

https://ei.phncdn.com/videos/202405/16/452551951/original/(m=qNWM_LZbeafTGgaaaa)(mh=ImkUp3uLt-bjqqEL)0.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202405/16/452551951/original/(m=qNWM_LZbeafTGgaaaa)(mh=ImkUp3uLt-bjqqEL)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/jpeg
content-length: 15135
expires: Sat, 14 Sep 2024 18:22:16 GMT
cache-control: max-age=9982194
last-modified: Wed, 22 May 2024 05:32:15 GMT
etag: "e4ac-6190441d8b1af"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16032-3-19460-h-0-0---;16009-45-50042----0-0-0
GET

https://ei.phncdn.com/videos/202405/20/452725441/original/(m=q-6G7KZbeafTGgaaaa)(mh=EobuyJ3HHQ_7LaRA)0.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202405/20/452725441/original/(m=q-6G7KZbeafTGgaaaa)(mh=EobuyJ3HHQ_7LaRA)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/jpeg
content-length: 16853
expires: Sun, 26 May 2024 20:04:09 GMT
cache-control: max-age=86400
last-modified: Sat, 25 May 2024 19:29:18 GMT
etag: "13886-6194c4ce53c37"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16008-1-23877-h-0-0---;16009-45-50042----0-0-0
GET

https://ei.phncdn.com/videos/202405/25/452950431/original/(m=qUGVKLZbeafTGgaaaa)(mh=vQqFgQgntbNcuY6a)0.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202405/25/452950431/original/(m=qUGVKLZbeafTGgaaaa)(mh=vQqFgQgntbNcuY6a)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/jpeg
content-length: 12598
expires: Mon, 13 May 2024 14:20:55 GMT
cache-control: max-age=86400
last-modified: Sun, 12 May 2024 14:20:39 GMT
etag: "103d5-618427929092e"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16007-3-37347-h-0-0---;16009-45-50042----0-0-0
GET

https://ei.phncdn.com/videos/202405/12/452345241/thumbs_5/(m=eafTGgaaaa)(mh=CfSyrMvq_m0nKmD5)6.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202405/12/452345241/thumbs_5/(m=eafTGgaaaa)(mh=CfSyrMvq_m0nKmD5)6.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/jpeg
content-length: 20167
expires: Wed, 01 May 2024 21:45:17 GMT
cache-control: max-age=86400
last-modified: Tue, 30 Apr 2024 16:12:15 GMT
etag: "155dc-61752a2210e8b"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16008-1-23877-h-0-0---;16009-45-50042----0-0-1
GET

https://ei.phncdn.com/videos/202404/08/450814591/thumbs_25/(m=eafTGgaaaa)(mh=Xnplhe8ooBEsoQmp)16.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202404/08/450814591/thumbs_25/(m=eafTGgaaaa)(mh=Xnplhe8ooBEsoQmp)16.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/jpeg
content-length: 12059
expires: Wed, 10 Apr 2024 15:15:56 GMT
cache-control: max-age=86400
last-modified: Tue, 09 Apr 2024 15:10:47 GMT
etag: "f588-615ab53aadfa0"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16007-3-37366-h-0-0---;16009-45-50042----0-0-2
GET

https://ei.phncdn.com/videos/202404/29/451764031/original/(m=q-IMIJZbeafTGgaaaa)(mh=rT4JFmbmyxMwZhfn)0.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202404/29/451764031/original/(m=q-IMIJZbeafTGgaaaa)(mh=rT4JFmbmyxMwZhfn)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/jpeg
content-length: 15477
expires: Fri, 04 Oct 2024 11:51:10 GMT
cache-control: max-age=10534053
last-modified: Tue, 04 Jun 2024 13:43:35 GMT
etag: "f22e-61a10a2eb1ffe"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16008-3-23992-h-0-0---;16009-45-50042----0-0-2
GET

https://ei.phncdn.com/videos/202405/03/451932881/thumbs_75/(m=eafTGgaaaa)(mh=2zhlRxwqaq-VOpyG)9.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202405/03/451932881/thumbs_75/(m=eafTGgaaaa)(mh=2zhlRxwqaq-VOpyG)9.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/jpeg
content-length: 18647
expires: Wed, 26 Jun 2024 10:10:56 GMT
cache-control: max-age=10357181
last-modified: Tue, 27 Feb 2024 12:49:04 GMT
etag: "13e14-6125c73879c01"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16007-1-37245-h-0-0---;16009-45-50042----0-0-1
GET

https://ei.phncdn.com/videos/202405/24/452920491/original/(m=q2NLOLZbeafTGgaaaa)(mh=M5bkLJkgZodAmOse)0.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202405/24/452920491/original/(m=q2NLOLZbeafTGgaaaa)(mh=M5bkLJkgZodAmOse)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/jpeg
content-length: 16246
expires: Fri, 05 Jul 2024 14:44:08 GMT
cache-control: max-age=9901931
last-modified: Wed, 13 Mar 2024 00:01:51 GMT
etag: "33fe8-6137f7b5b37a2"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16009-2-6871-h-0-0---;16009-45-50042----0-0-1
GET

https://ei.phncdn.com/videos/202402/20/448441921/original/(m=qGY279YbeafTGgaaaa)(mh=SA2YFKsYx032O6RZ)0.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202402/20/448441921/original/(m=qGY279YbeafTGgaaaa)(mh=SA2YFKsYx032O6RZ)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/jpeg
content-length: 13709
expires: Mon, 23 Sep 2024 19:37:10 GMT
cache-control: max-age=10812240
last-modified: Tue, 21 May 2024 16:12:18 GMT
etag: "11f43-618f914ff8dbf"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16007-2-37325-h-0-0---;16009-45-50042----0-0-1
GET

https://ei.phncdn.com/videos/202403/08/449296861/thumbs_5/(m=eafTGgaaaa)(mh=8KZ980p6rcyMbpzU)7.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202403/08/449296861/thumbs_5/(m=eafTGgaaaa)(mh=8KZ980p6rcyMbpzU)7.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/jpeg
content-length: 18743
expires: Thu, 26 Sep 2024 20:15:02 GMT
cache-control: max-age=10594822
last-modified: Mon, 27 May 2024 05:07:02 GMT
etag: "10295-619687cd9cd55"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16008-1-23878-h-0-0---;16009-45-50042----0-0-1
GET

https://ei.phncdn.com/videos/202402/15/448188791/thumbs_45/(m=eafTGgaaaa)(mh=x8dDGnR6mOVkg7tW)9.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202402/15/448188791/thumbs_45/(m=eafTGgaaaa)(mh=x8dDGnR6mOVkg7tW)9.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/jpeg
content-length: 12749
expires: Tue, 17 Sep 2024 02:08:37 GMT
cache-control: max-age=10472567
last-modified: Fri, 16 Feb 2024 22:54:23 GMT
etag: "e51f-61187a00adcf8"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16008-3-23993-h-0-0---;16009-45-50042----0-0-2
GET

https://ei.phncdn.com/videos/202406/04/453379472/thumbs_20/(m=eafTGgaaaa)(mh=eAcMq7B9CJtvuE7R)12.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202406/04/453379472/thumbs_20/(m=eafTGgaaaa)(mh=eAcMq7B9CJtvuE7R)12.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/jpeg
content-length: 15162
expires: Thu, 06 Jun 2024 01:01:38 GMT
cache-control: max-age=86400
last-modified: Wed, 05 Jun 2024 01:01:16 GMT
etag: "135d9-61a1a1a7f67e0"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16009-2-6870-h-0-0---;16009-45-50042----0-0-2
GET

https://ei.phncdn.com/videos/202404/08/450776501/original/(m=qQGPNHZbeafTGgaaaa)(mh=Qa5lQnuzIn8i5DZM)0.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202404/08/450776501/original/(m=qQGPNHZbeafTGgaaaa)(mh=Qa5lQnuzIn8i5DZM)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/jpeg
content-length: 17664
expires: Sat, 06 Apr 2024 02:22:31 GMT
cache-control: max-age=86400
last-modified: Thu, 04 Apr 2024 22:49:31 GMT
etag: "12378-6154d26ffbd18"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16032-1-19356-h-0-0---;16009-45-50042----0-0-1
GET

https://ei.phncdn.com/videos/202404/20/451339601/original/(m=eafTGgaaaa)(mh=PguQjTmcSpY5uySm)13.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202404/20/451339601/original/(m=eafTGgaaaa)(mh=PguQjTmcSpY5uySm)13.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/jpeg
content-length: 17568
expires: Tue, 09 Apr 2024 08:56:12 GMT
cache-control: max-age=86400
last-modified: Mon, 08 Apr 2024 08:00:10 GMT
etag: "fe1c-6159131cbbef8"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16007-1-37244-h-0-0---;16009-45-50042----0-0-1
GET

https://ei.phncdn.com/videos/202404/04/450620111/original/(m=q7ZR_GZbeafTGgaaaa)(mh=yB6tzNcPTqbbQxsM)0.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202404/04/450620111/original/(m=q7ZR_GZbeafTGgaaaa)(mh=yB6tzNcPTqbbQxsM)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/jpeg
content-length: 18622
expires: Sun, 21 Apr 2024 16:16:54 GMT
cache-control: max-age=86400
last-modified: Sat, 20 Apr 2024 13:24:57 GMT
etag: "264c8-6168721661c40"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16007-2-37306-h-0-0---;16009-45-50042----0-0-1
GET

https://ei.phncdn.com/www-static/images/sprite-icons.png?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/images/sprite-icons.png?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ei.phncdn.com/www-static/css/global-backgrounds.css?cache=2024060601
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/png
content-length: 30488
last-modified: Tue, 16 Jan 2024 00:05:09 GMT
etag: "65a5c835-7718"
expires: Fri, 04 Oct 2024 14:40:13 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
timing-allow-origin: *
accept-ranges: bytes
x-cdn-diag: lon1-16032-2-19423-h-0-0---;16009-45-50042----0-0-1
GET

https://ei.phncdn.com/www-static/css/header-non-critical.css?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/css/header-non-critical.css?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: text/css
content-length: 30198
last-modified: Thu, 06 Jun 2024 14:35:04 GMT
etag: "6661c918-75f6"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:13 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-2-37306-h-0-0---;16009-40-50042----0-0-1
GET

https://ei.phncdn.com/www-static/css/commons-non-critical.css?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/css/commons-non-critical.css?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: text/css
content-length: 5887
last-modified: Thu, 06 Jun 2024 14:35:04 GMT
etag: "6661c918-16ff"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:13 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-2-23938-h-0-0---;16009-44-50042----0-0-1
GET

https://ei.phncdn.com/www-static/css/modals_commons.css?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/css/modals_commons.css?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: text/css
content-length: 2262
last-modified: Mon, 01 Apr 2024 19:04:46 GMT
etag: "660b054e-8d6"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:13 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-2-23938-h-0-0---;16009-44-50042----0-0-0
GET

https://ei.phncdn.com/www-static/css/playlist-base.css?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/css/playlist-base.css?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: text/css
content-length: 5059
last-modified: Thu, 01 Jun 2023 20:31:39 GMT
etag: "6479002b-13c3"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:13 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16009-2-6870-h-0-0---;16009-44-50042----0-0-0
GET

https://ei.phncdn.com/www-static/css/premium/premium-modals.css?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/css/premium/premium-modals.css?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: text/css
content-length: 3841
last-modified: Tue, 02 Apr 2024 18:08:58 GMT
etag: "660c49ba-f01"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:13 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16032-2-19421-h-0-0---;16009-40-50042----0-0-0
GET

https://ei.phncdn.com/www-static/css/pc/onboardingModalFlow/onboardingModalFlow.css?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/css/pc/onboardingModalFlow/onboardingModalFlow.css?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: text/css
content-length: 2825
last-modified: Wed, 15 May 2024 19:05:37 GMT
etag: "66450781-b09"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:13 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16009-2-6871-h-0-0---;16009-40-50042----0-0-0
GET

https://ss.phncdn.com/head/load-1.0.3.js

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /head/load-1.0.3.js HTTP/2.0
host: ss.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: application/javascript
content-length: 1964
last-modified: Tue, 28 Apr 2015 12:43:45 GMT
etag: "553f8081-7ac"
content-encoding: gzip
expires: Sat, 27 Jan 2024 17:02:26 GMT
cache-control: max-age=1706374946
access-control-allow-origin: *
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
x-cdn-diag: lon1-16009-2-6869-h-0-0---;16009-40-50042----0-0-1
GET

https://ei.phncdn.com/www-static/favicon.ico?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/favicon.ico?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:05 GMT
content-type: image/x-icon
content-length: 1406
last-modified: Thu, 01 Jun 2023 20:31:32 GMT
etag: "64790024-57e"
expires: Fri, 04 Oct 2024 14:40:14 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
accept-ranges: bytes
x-cdn-diag: lon1-16009-2-6871-h-0-0---;16009-44-50042----0-0-0
GET

https://ei.phncdn.com/www-static/js/lib/jquery-3.6.0.min.js

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/lib/jquery-3.6.0.min.js HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:05 GMT
content-type: application/javascript
content-length: 29982
last-modified: Thu, 01 Jun 2023 20:32:16 GMT
etag: "64790050-751e"
content-encoding: br
expires: Thu, 25 Jan 2024 18:07:43 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-3-23992-h-0-0---;16009-44-50042----0-0-1
GET

https://ei.phncdn.com/www-static/js/header.js?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/header.js?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:05 GMT
content-type: application/javascript
content-length: 1307
last-modified: Thu, 06 Jul 2023 14:18:22 GMT
etag: "64a6cd2e-51b"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:14 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16009-2-6871-h-0-0---;16009-44-50042----0-0-0
GET

https://ei.phncdn.com/www-static/js/lib/jquery-ui-1.13.2.min.js

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/lib/jquery-ui-1.13.2.min.js HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:05 GMT
content-type: application/javascript
content-length: 61467
last-modified: Wed, 20 Sep 2023 16:02:56 GMT
etag: "650b17b0-f01b"
content-encoding: br
expires: Wed, 24 Jul 2024 16:46:18 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-2-37308-h-0-0---;16009-44-50042----0-0-0
GET

https://ei.phncdn.com/www-static/js/lib/jquery.slimscroll.min.js

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/lib/jquery.slimscroll.min.js HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:05 GMT
content-type: application/javascript
content-length: 1753
last-modified: Thu, 01 Jun 2023 20:32:16 GMT
etag: "64790050-6d9"
content-encoding: br
expires: Sat, 20 Jul 2024 21:44:24 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-1-37263-h-0-0---;16009-44-50042----0-0-2
GET

https://ei.phncdn.com/www-static/js/phub.js?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/phub.js?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:05 GMT
content-type: application/javascript
content-length: 11362
last-modified: Thu, 30 May 2024 16:42:15 GMT
etag: "6658ac67-2c62"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:14 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-2-37308-h-0-0---;16009-44-50042----0-0-1
GET

https://ei.phncdn.com/www-static/js/playlist/playlist-basic.js?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/playlist/playlist-basic.js?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:05 GMT
content-type: application/javascript
content-length: 5596
last-modified: Mon, 29 Apr 2024 12:39:14 GMT
etag: "662f94f2-15dc"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:14 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16032-3-19460-h-0-0---;16009-44-50042----0-0-0
GET

https://ei.phncdn.com/www-static/js/widgets-live-popup.js?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/widgets-live-popup.js?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:05 GMT
content-type: application/javascript
content-length: 282
last-modified: Thu, 01 Jun 2023 20:32:16 GMT
etag: "64790050-11a"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:14 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16032-3-19460-h-0-0---;16009-44-50042----0-0-1
GET

https://ei.phncdn.com/www-static/js/playlist/playlists-common.js?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/playlist/playlists-common.js?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:05 GMT
content-type: application/javascript
content-length: 1354
last-modified: Thu, 01 Jun 2023 20:32:18 GMT
etag: "64790052-54a"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:14 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-3-23992-h-0-0---;16009-44-50042----0-0-0
GET

https://ei.phncdn.com/www-static/js/v-recaptcha.js?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/v-recaptcha.js?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:05 GMT
content-type: application/javascript
content-length: 1330
last-modified: Thu, 01 Jun 2023 20:32:16 GMT
etag: "64790050-532"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:12 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-3-23994-h-0-0---;16009-44-50042----0-0-0
GET

https://ei.phncdn.com/www-static/js/lib/signinbox.js?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/lib/signinbox.js?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:05 GMT
content-type: application/javascript
content-length: 2005
last-modified: Tue, 07 May 2024 16:33:06 GMT
etag: "663a57c2-7d5"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:12 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-3-23995-h-0-0---;16009-44-50042----0-0-0
GET

https://ei.phncdn.com/www-static/js/signin.js?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/signin.js?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:05 GMT
content-type: application/javascript
content-length: 2467
last-modified: Tue, 07 May 2024 16:33:06 GMT
etag: "663a57c2-9a3"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:12 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-3-23993-h-0-0---;16009-44-50042----0-0-0
GET

https://ei.phncdn.com/www-static/js/create-account.js?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/create-account.js?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:05 GMT
content-type: application/javascript
content-length: 4468
last-modified: Thu, 06 Jun 2024 14:35:04 GMT
etag: "6661c918-1174"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:14 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-2-23939-h-0-0---;16009-44-50042----0-0-1
GET

https://ei.phncdn.com/www-static/js/onboardingModalFlow/widgets-onboardingModalFlow.js?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/onboardingModalFlow/widgets-onboardingModalFlow.js?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:05 GMT
content-type: application/javascript
content-length: 3442
last-modified: Thu, 06 Jun 2024 14:35:04 GMT
etag: "6661c918-d72"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:12 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-3-23995-h-0-0---;16009-44-50042----0-0-1
GET

https://ei.phncdn.com/www-static/js/ph-footer.js?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/ph-footer.js?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:05 GMT
content-type: application/javascript
content-length: 1359
last-modified: Tue, 13 Jun 2023 16:33:15 GMT
etag: "64889a4b-54f"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:14 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-1-37263-h-0-0---;16009-44-50042----0-0-1
GET

https://ei.phncdn.com/www-static/js/premium/premium-modals.js?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/premium/premium-modals.js?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:05 GMT
content-type: application/javascript
content-length: 3970
last-modified: Tue, 30 Jan 2024 10:10:10 GMT
etag: "65b8cb02-f82"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:14 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16009-1-6805-h-0-0---;16009-44-50042----0-0-1
GET

https://ei.phncdn.com/www-static/js/lib/generated/front-index-pc.js?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/lib/generated/front-index-pc.js?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:05 GMT
content-type: application/javascript
content-length: 190
last-modified: Wed, 03 Apr 2024 20:20:49 GMT
etag: "660dba21-be"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:15 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-1-37246-h-0-0---;16009-44-50042----0-0-1
GET

https://ei.phncdn.com/www-static/js/promo-banner.js?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/js/promo-banner.js?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:05 GMT
content-type: application/javascript
content-length: 313
last-modified: Mon, 13 Nov 2023 18:15:06 GMT
etag: "655267aa-139"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:15 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16032-3-19460-h-0-0---;16009-44-50042----0-0-1
DNS

41.114.254.66.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.114.254.66.in-addr.arpa

IN PTR

Response

41.114.254.66.in-addr.arpa

IN PTR

reflectededge reflectednet
DNS

media.trafficjunky.net

msedge.exe

Remote address:

8.8.8.8:53

Request

media.trafficjunky.net

IN A

Response

media.trafficjunky.net

IN CNAME

media.trafficjunky.net.sds.rncdn7.com

media.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.16

media.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.17

media.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.18

media.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.19

media.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.20

media.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.21

media.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.22

media.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.23
DNS

prvc.io

msedge.exe

Remote address:

8.8.8.8:53

Request

prvc.io

IN A

Response

prvc.io

IN A

172.67.177.254

prvc.io

IN A

104.21.56.52
DNS

cdn1-smallimg.phncdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cdn1-smallimg.phncdn.com

IN A

Response

cdn1-smallimg.phncdn.com

IN CNAME

smallimg.phncdn.com

smallimg.phncdn.com

IN A

66.254.114.156
GET

https://media.trafficjunky.net/delivery/js/abp/js1.js

msedge.exe

Remote address:

64.210.156.16:443

Request

GET /delivery/js/abp/js1.js HTTP/2.0
host: media.trafficjunky.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: application/javascript
content-length: 13
last-modified: Tue, 08 Dec 2015 21:50:49 GMT
etag: "131e477ac-d-52669f77ae040"
expires: Sun, 21 Jul 2024 04:19:34 GMT
cache-control: max-age=1721535574
vary: Accept-Encoding
accept-ranges: bytes
x-cdn-diag: lon1-16007-2-37325-h-0-0---;16032-39-25012----0-0-1
GET

https://cdn1-smallimg.phncdn.com/n172nWs1UEcnquuObA5x52osw51230gH/rta-1.gif

msedge.exe

Remote address:

66.254.114.156:443

Request

GET /n172nWs1UEcnquuObA5x52osw51230gH/rta-1.gif HTTP/1.1
Host: cdn1-smallimg.phncdn.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.pornhub.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

server: openresty
date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: image/gif
content-length: 1882
last-modified: Thu, 08 Oct 2015 21:35:30 GMT
etag: "5616e1a2-75a"
expires: Mon, 08 Jul 2024 19:44:03 GMT
cache-control: max-age=2592000
accept-ranges: bytes
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
GET

https://prvc.io/api/init-4039n5u7thbwcvx8fran.js

msedge.exe

Remote address:

172.67.177.254:443

Request

GET /api/init-4039n5u7thbwcvx8fran.js HTTP/2.0
host: prvc.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:03 GMT
content-type: text/javascript
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zuCCScm7bdH4RbVV1YTOuyB%2BbfGwZ6LEREhTh3flYKeKuM%2F05xc3T6npB2u9xmvez0%2BCMY1UUDNJYVFJtHhyhx%2FNI4yIhFJt2JxU1PzlnnYNzJaowY3XzrEE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 890b5fd7ca88240f-LHR
alt-svc: h3=":443"; ma=86400
GET

https://ei.phncdn.com/www-static/fonts/ph-icons/ph-icons.woff2?cache=2024060601

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /www-static/fonts/ph-icons/ph-icons.woff2?cache=2024060601 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://www.pornhub.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://ei.phncdn.com/www-static/css/generated-header.css?cache=2024060601
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: application/octet-stream
content-length: 29621
last-modified: Thu, 16 May 2024 16:00:25 GMT
etag: "66462d99-73b5"
content-encoding: br
expires: Fri, 04 Oct 2024 14:40:11 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16032-2-19421-h-0-0---;16032-39-25012----0-0-0
DNS

20.156.210.64.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.156.210.64.in-addr.arpa

IN PTR

Response
DNS

ss.phncdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ss.phncdn.com

IN A

Response

ss.phncdn.com

IN CNAME

ss.phncdn.com.sds.rncdn7.com

ss.phncdn.com.sds.rncdn7.com

IN A

64.210.156.18

ss.phncdn.com.sds.rncdn7.com

IN A

64.210.156.19

ss.phncdn.com.sds.rncdn7.com

IN A

64.210.156.20

ss.phncdn.com.sds.rncdn7.com

IN A

64.210.156.21

ss.phncdn.com.sds.rncdn7.com

IN A

64.210.156.22

ss.phncdn.com.sds.rncdn7.com

IN A

64.210.156.23

ss.phncdn.com.sds.rncdn7.com

IN A

64.210.156.16

ss.phncdn.com.sds.rncdn7.com

IN A

64.210.156.17
DNS

22.156.210.64.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.156.210.64.in-addr.arpa

IN PTR

Response
DNS

16.156.210.64.in-addr.arpa

Remote address:

8.8.8.8:53

Request

16.156.210.64.in-addr.arpa

IN PTR

Response
DNS

156.114.254.66.in-addr.arpa

Remote address:

8.8.8.8:53

Request

156.114.254.66.in-addr.arpa

IN PTR

Response

156.114.254.66.in-addr.arpa

IN PTR

reflectededge reflectednet
DNS

254.177.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.177.67.172.in-addr.arpa

IN PTR

Response
DNS

72.214.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

72.214.58.216.in-addr.arpa

IN PTR

Response

72.214.58.216.in-addr.arpa

IN PTR

par10s39-in-f81e100net

72.214.58.216.in-addr.arpa

IN PTR

fra15s10-in-f8�G

72.214.58.216.in-addr.arpa

IN PTR

fra15s10-in-f72�G
DNS

238.75.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.75.250.142.in-addr.arpa

IN PTR

Response

238.75.250.142.in-addr.arpa

IN PTR

par10s41-in-f141e100net
DNS

a.adtng.com

msedge.exe

Remote address:

8.8.8.8:53

Request

a.adtng.com

IN A

Response

a.adtng.com

IN A

66.254.114.171
GET

https://a.adtng.com/get/10010117?&uuid=6bec8669e6f045e899bf64f7201a536e&impid=6bec8669e6f045e899bf64f7201a536e-2&tj_zid=2184351&tj_cid=1006144531&tj_aid=1514215301&infos=CiQ2YWZiM2IzZS05NGQ5LTQ5MTEtYTM4OS1mZTQ0Zjk3ZmRkNDQQg+mSswYaIjZiZWM4NjY5ZTZmMDQ1ZTg5OWJmNjRmNzIwMWE1MzZlLTIgAjCfqYUBOJ+phQFA/fgESJOY4t8DUgEyWNXrqd4DYKu0yvIDciBlNDE2NzkxYmQ1ZjQ0ODZhODU4MGNiNjFkNzk5ODFjY4EBi+B/K9mxIT+SAQJHQpoBA0VOR6IBBkxvbmRvbsoBEmd0dCBjb21tdW5pY2F0aW9uc9IBBHdpZmnaAQd3aW5kb3dz4gEOMTkxLjEwMS4yMDkuMzn6AQ4xOTEuMTAxLjIwOS4zOYICB2RlZDc2NTaIAiGSAgRlZGdlmgIERUMxTqoCBDEwLjCyAgQ5Mi4w2AKFr4TSBeACt5/nlQT6AgExggNfeyJhY3Rvcl9pZCI6bnVsbCwiY29udGVudF90eXBlIjpudWxsLCJ2aWRlb19pZCI6bnVsbCwiaGFzaCI6IjY5MGFlZWRjNGYwYTU2NTUzOTY1OGVhYTQ5ODBmODZkIn2SAwdkZXNrdG9wmgMCZW6oAwHCAwRob21lmAQB&noc=1

msedge.exe

Remote address:

66.254.114.171:443

Request

GET /get/10010117?&uuid=6bec8669e6f045e899bf64f7201a536e&impid=6bec8669e6f045e899bf64f7201a536e-2&tj_zid=2184351&tj_cid=1006144531&tj_aid=1514215301&infos=CiQ2YWZiM2IzZS05NGQ5LTQ5MTEtYTM4OS1mZTQ0Zjk3ZmRkNDQQg+mSswYaIjZiZWM4NjY5ZTZmMDQ1ZTg5OWJmNjRmNzIwMWE1MzZlLTIgAjCfqYUBOJ+phQFA/fgESJOY4t8DUgEyWNXrqd4DYKu0yvIDciBlNDE2NzkxYmQ1ZjQ0ODZhODU4MGNiNjFkNzk5ODFjY4EBi+B/K9mxIT+SAQJHQpoBA0VOR6IBBkxvbmRvbsoBEmd0dCBjb21tdW5pY2F0aW9uc9IBBHdpZmnaAQd3aW5kb3dz4gEOMTkxLjEwMS4yMDkuMzn6AQ4xOTEuMTAxLjIwOS4zOYICB2RlZDc2NTaIAiGSAgRlZGdlmgIERUMxTqoCBDEwLjCyAgQ5Mi4w2AKFr4TSBeACt5/nlQT6AgExggNfeyJhY3Rvcl9pZCI6bnVsbCwiY29udGVudF90eXBlIjpudWxsLCJ2aWRlb19pZCI6bnVsbCwiaGFzaCI6IjY5MGFlZWRjNGYwYTU2NTUzOTY1OGVhYTQ5ODBmODZkIn2SAwdkZXNrdG9wmgMCZW6oAwHCAwRob21lmAQB&noc=1 HTTP/2.0
host: a.adtng.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: openresty
date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
GET

https://a.adtng.com/track/adviews/eyJleHRfemlkIjoiMjE4NDM1MSIsImV4dF9jIjoiIiwiZXh0X2FpZCI6IjE1MTQyMTUzMDEiLCJwaWQiOiI0OSIsInNpZCI6IjEwMDEwMTE3IiwibmlkcyI6IjUzOTg4IiwiZHluX2RtbiI6IiIsImNyaWQiOiIxMTA2MDM2Iiwic3YiOiIyNTYzNSIsInJlZl9kbW4iOiJ3d3cucG9ybmh1Yi5jb20iLCJleHRfY2lkIjoiMTAwNjE0NDUzMSIsInRzbmFtZSI6Ik1CIiwiY3JjIjoiMTIiLCJjbiI6IjMwMFgyNTBfVElFUl8xLjAiLCJuaWQiOiI1Mzk4OCIsImV4dF9wdWIiOiIiLCJjcnAiOiI0Ljc5IiwidGlkIjoiMSIsIml0IjoiMDhcL0p1blwvMjAyNDoxOTo0NDowNCArMDAwMCIsImNjIjoiNSIsInNuY2lkIjoiMTA3MTg0IiwiY2lkIjoiMzkwMTAiLCJleHRfdWlkIjoiIiwiY3AiOiI0NS4wNSIsInNuY2NpZCI6IjIzOTQ1MjEiLCJpaWQiOiIxNzY5ZmY4NTgwMzE3MmI3NjdmNTRhZjNmMmEzYWVlMiIsImV4dF9paWQiOiIifQ==?unique_view=1

msedge.exe

Remote address:

66.254.114.171:443

Request

GET /track/adviews/eyJleHRfemlkIjoiMjE4NDM1MSIsImV4dF9jIjoiIiwiZXh0X2FpZCI6IjE1MTQyMTUzMDEiLCJwaWQiOiI0OSIsInNpZCI6IjEwMDEwMTE3IiwibmlkcyI6IjUzOTg4IiwiZHluX2RtbiI6IiIsImNyaWQiOiIxMTA2MDM2Iiwic3YiOiIyNTYzNSIsInJlZl9kbW4iOiJ3d3cucG9ybmh1Yi5jb20iLCJleHRfY2lkIjoiMTAwNjE0NDUzMSIsInRzbmFtZSI6Ik1CIiwiY3JjIjoiMTIiLCJjbiI6IjMwMFgyNTBfVElFUl8xLjAiLCJuaWQiOiI1Mzk4OCIsImV4dF9wdWIiOiIiLCJjcnAiOiI0Ljc5IiwidGlkIjoiMSIsIml0IjoiMDhcL0p1blwvMjAyNDoxOTo0NDowNCArMDAwMCIsImNjIjoiNSIsInNuY2lkIjoiMTA3MTg0IiwiY2lkIjoiMzkwMTAiLCJleHRfdWlkIjoiIiwiY3AiOiI0NS4wNSIsInNuY2NpZCI6IjIzOTQ1MjEiLCJpaWQiOiIxNzY5ZmY4NTgwMzE3MmI3NjdmNTRhZjNmMmEzYWVlMiIsImV4dF9paWQiOiIifQ==?unique_view=1 HTTP/2.0
host: a.adtng.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://a.adtng.com/get/10010117?&uuid=6bec8669e6f045e899bf64f7201a536e&impid=6bec8669e6f045e899bf64f7201a536e-2&tj_zid=2184351&tj_cid=1006144531&tj_aid=1514215301&infos=CiQ2YWZiM2IzZS05NGQ5LTQ5MTEtYTM4OS1mZTQ0Zjk3ZmRkNDQQg+mSswYaIjZiZWM4NjY5ZTZmMDQ1ZTg5OWJmNjRmNzIwMWE1MzZlLTIgAjCfqYUBOJ+phQFA/fgESJOY4t8DUgEyWNXrqd4DYKu0yvIDciBlNDE2NzkxYmQ1ZjQ0ODZhODU4MGNiNjFkNzk5ODFjY4EBi+B/K9mxIT+SAQJHQpoBA0VOR6IBBkxvbmRvbsoBEmd0dCBjb21tdW5pY2F0aW9uc9IBBHdpZmnaAQd3aW5kb3dz4gEOMTkxLjEwMS4yMDkuMzn6AQ4xOTEuMTAxLjIwOS4zOYICB2RlZDc2NTaIAiGSAgRlZGdlmgIERUMxTqoCBDEwLjCyAgQ5Mi4w2AKFr4TSBeACt5/nlQT6AgExggNfeyJhY3Rvcl9pZCI6bnVsbCwiY29udGVudF90eXBlIjpudWxsLCJ2aWRlb19pZCI6bnVsbCwiaGFzaCI6IjY5MGFlZWRjNGYwYTU2NTUzOTY1OGVhYTQ5ODBmODZkIn2SAwdkZXNrdG9wmgMCZW6oAwHCAwRob21lmAQB&noc=1
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: openresty
date: Sat, 08 Jun 2024 19:44:05 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
DNS

eg-cdn.trafficjunky.net

msedge.exe

Remote address:

8.8.8.8:53

Request

eg-cdn.trafficjunky.net

IN A

Response

eg-cdn.trafficjunky.net

IN CNAME

cs742.wpc.rncdn4.com

cs742.wpc.rncdn4.com

IN A

93.184.223.43
DNS

eg-cdn.trafficjunky.net

msedge.exe

Remote address:

8.8.8.8:53

Request

eg-cdn.trafficjunky.net

IN A

Response

eg-cdn.trafficjunky.net

IN CNAME

cs742.wpc.rncdn4.com

cs742.wpc.rncdn4.com

IN A

93.184.223.43
GET

https://eg-cdn.trafficjunky.net/uploaded_content/creative/101/822/963/1/1018229631.gif

msedge.exe

Remote address:

93.184.223.43:443

Request

GET /uploaded_content/creative/101/822/963/1/1018229631.gif HTTP/2.0
host: eg-cdn.trafficjunky.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
age: 6628223
cache-control: max-age=1721952168
content-type: image/gif
date: Sat, 08 Jun 2024 19:44:05 GMT
etag: "2d2995ebb-48ef6-58e808d5a0b80"
expires: Thu, 10 Oct 2024 17:13:10 GMT
last-modified: Thu, 25 Jul 2019 12:27:42 GMT
server: ECAcc (frb/66AA)
x-cache: HIT
content-length: 298742
DNS

ht-cdn2.adtng.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ht-cdn2.adtng.com

IN A

Response

ht-cdn2.adtng.com

IN CNAME

ht-cdn2.adtng.com.sds.rncdn7.com

ht-cdn2.adtng.com.sds.rncdn7.com

IN A

64.210.156.23

ht-cdn2.adtng.com.sds.rncdn7.com

IN A

64.210.156.16

ht-cdn2.adtng.com.sds.rncdn7.com

IN A

64.210.156.17

ht-cdn2.adtng.com.sds.rncdn7.com

IN A

64.210.156.18

ht-cdn2.adtng.com.sds.rncdn7.com

IN A

64.210.156.19

ht-cdn2.adtng.com.sds.rncdn7.com

IN A

64.210.156.20

ht-cdn2.adtng.com.sds.rncdn7.com

IN A

64.210.156.21

ht-cdn2.adtng.com.sds.rncdn7.com

IN A

64.210.156.22
DNS

ht-cdn2.adtng.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ht-cdn2.adtng.com

IN A

Response

ht-cdn2.adtng.com

IN CNAME

ht-cdn2.adtng.com.sds.rncdn7.com

ht-cdn2.adtng.com.sds.rncdn7.com

IN A

64.210.156.23

ht-cdn2.adtng.com.sds.rncdn7.com

IN A

64.210.156.16

ht-cdn2.adtng.com.sds.rncdn7.com

IN A

64.210.156.17

ht-cdn2.adtng.com.sds.rncdn7.com

IN A

64.210.156.18

ht-cdn2.adtng.com.sds.rncdn7.com

IN A

64.210.156.19

ht-cdn2.adtng.com.sds.rncdn7.com

IN A

64.210.156.20

ht-cdn2.adtng.com.sds.rncdn7.com

IN A

64.210.156.21

ht-cdn2.adtng.com.sds.rncdn7.com

IN A

64.210.156.22
DNS

hw-cdn2.adtng.com

msedge.exe

Remote address:

8.8.8.8:53

Request

hw-cdn2.adtng.com

IN A

Response

hw-cdn2.adtng.com

IN CNAME

hw-cdn2.adtng.com.lds.rncdn7.com

hw-cdn2.adtng.com.lds.rncdn7.com

IN A

64.210.156.4

hw-cdn2.adtng.com.lds.rncdn7.com

IN A

64.210.156.5

hw-cdn2.adtng.com.lds.rncdn7.com

IN A

64.210.156.6

hw-cdn2.adtng.com.lds.rncdn7.com

IN A

64.210.156.7

hw-cdn2.adtng.com.lds.rncdn7.com

IN A

64.210.156.0

hw-cdn2.adtng.com.lds.rncdn7.com

IN A

64.210.156.1

hw-cdn2.adtng.com.lds.rncdn7.com

IN A

64.210.156.2

hw-cdn2.adtng.com.lds.rncdn7.com

IN A

64.210.156.3
DNS

hw-cdn2.adtng.com

msedge.exe

Remote address:

8.8.8.8:53

Request

hw-cdn2.adtng.com

IN A

Response

hw-cdn2.adtng.com

IN CNAME

hw-cdn2.adtng.com.lds.rncdn7.com

hw-cdn2.adtng.com.lds.rncdn7.com

IN A

64.210.156.4

hw-cdn2.adtng.com.lds.rncdn7.com

IN A

64.210.156.5

hw-cdn2.adtng.com.lds.rncdn7.com

IN A

64.210.156.6

hw-cdn2.adtng.com.lds.rncdn7.com

IN A

64.210.156.7

hw-cdn2.adtng.com.lds.rncdn7.com

IN A

64.210.156.0

hw-cdn2.adtng.com.lds.rncdn7.com

IN A

64.210.156.1

hw-cdn2.adtng.com.lds.rncdn7.com

IN A

64.210.156.2

hw-cdn2.adtng.com.lds.rncdn7.com

IN A

64.210.156.3
GET

https://ht-cdn2.adtng.com/delivery/vortex/vortex-simple-1.0.0.js

msedge.exe

Remote address:

64.210.156.23:443

Request

GET /delivery/vortex/vortex-simple-1.0.0.js HTTP/2.0
host: ht-cdn2.adtng.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://a.adtng.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:05 GMT
content-type: application/javascript
content-length: 5027
last-modified: Fri, 02 Nov 2018 14:17:11 GMT
etag: "13a3-579af30f7688b"
expires: Thu, 01 Feb 2024 10:22:39 GMT
cache-control: max-age=10779181
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,OPTIONS
accept-ranges: bytes
x-cdn-diag: lon1-16009-2-6871-h-0-0---;16007-53-23445----0-0-0
GET

https://hw-cdn2.adtng.com/a7/creatives/1/49/819454/1106036/1106036_logo.png

msedge.exe

Remote address:

64.210.156.4:443

Request

GET /a7/creatives/1/49/819454/1106036/1106036_logo.png HTTP/2.0
host: hw-cdn2.adtng.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://a.adtng.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: image/png
content-length: 7243
last-modified: Thu, 06 Jun 2024 13:56:14 GMT
expires: Tue, 08 Oct 2024 12:17:36 GMT
cache-control: max-age=10697091
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,OPTIONS
accept-ranges: bytes
x-cdn-diag: lon1-16035-7-12701-h-0-0---;16030-48-46378----0-0-1
GET

https://hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js

msedge.exe

Remote address:

64.210.156.4:443

Request

GET /delivery/intersection_observer/IntersectionObserver.js HTTP/2.0
host: hw-cdn2.adtng.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://a.adtng.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:44:04 GMT
content-type: application/javascript
content-length: 16885
last-modified: Tue, 05 Apr 2022 20:54:54 GMT
expires: Sun, 17 Mar 2024 01:54:48 GMT
cache-control: max-age=10382487
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,OPTIONS
accept-ranges: bytes
x-cdn-diag: lon1-16025-2-3664780-h-0-0---;16030-43-46378----0-1-0
GET

https://hw-cdn2.adtng.com/a7/creatives/1/49/819454/1106036/1106036_video.mp4

msedge.exe

Remote address:

64.210.156.4:443

Request

GET /a7/creatives/1/49/819454/1106036/1106036_video.mp4 HTTP/2.0
host: hw-cdn2.adtng.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
accept-encoding: identity;q=1, *;q=0
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: video
referer: https://a.adtng.com/
accept-language: en-US,en;q=0.9
range: bytes=0-

Response

HTTP/2.0 206

date: Sat, 08 Jun 2024 19:44:05 GMT
content-type: video/mp4
content-length: 758861
last-modified: Thu, 06 Jun 2024 14:01:00 GMT
expires: Tue, 08 Oct 2024 12:17:36 GMT
cache-control: max-age=10697091
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,OPTIONS
accept-ranges: bytes
content-range: bytes 0-758860/758861
x-cdn-diag: lon1-16037-6-29417-h-0-0---;16030-50-46378----0-0-1
DNS

43.223.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.223.184.93.in-addr.arpa

IN PTR

Response
DNS

171.114.254.66.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.114.254.66.in-addr.arpa

IN PTR

Response

171.114.254.66.in-addr.arpa

IN PTR

reflectededge reflectednet
DNS

23.156.210.64.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.156.210.64.in-addr.arpa

IN PTR

Response
DNS

4.156.210.64.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.156.210.64.in-addr.arpa

IN PTR

Response
DNS

storage.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

storage.googleapis.com

IN A

Response

storage.googleapis.com

IN A

172.217.18.219

storage.googleapis.com

IN A

142.250.75.251

storage.googleapis.com

IN A

216.58.214.187

storage.googleapis.com

IN A

172.217.20.187

storage.googleapis.com

IN A

172.217.20.219

storage.googleapis.com

IN A

216.58.215.59

storage.googleapis.com

IN A

142.250.179.91

storage.googleapis.com

IN A

142.250.179.123

storage.googleapis.com

IN A

142.250.178.155

storage.googleapis.com

IN A

142.250.201.187
DNS

storage.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

storage.googleapis.com

IN A

Response

storage.googleapis.com

IN A

172.217.18.219

storage.googleapis.com

IN A

142.250.75.251

storage.googleapis.com

IN A

216.58.214.187

storage.googleapis.com

IN A

172.217.20.187

storage.googleapis.com

IN A

172.217.20.219

storage.googleapis.com

IN A

216.58.215.59

storage.googleapis.com

IN A

142.250.179.91

storage.googleapis.com

IN A

142.250.179.123

storage.googleapis.com

IN A

142.250.178.155

storage.googleapis.com

IN A

142.250.201.187
GET

https://storage.googleapis.com/workbox-cdn/releases/5.1.3/workbox-sw.js

msedge.exe

Remote address:

172.217.18.219:443

Request

GET /workbox-cdn/releases/5.1.3/workbox-sw.js HTTP/2.0
host: storage.googleapis.com
cache-control: max-age=0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

219.18.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

219.18.217.172.in-addr.arpa

IN PTR

Response

219.18.217.172.in-addr.arpa

IN PTR

par10s38-in-f271e100net

219.18.217.172.in-addr.arpa

IN PTR

ham02s14-in-f219�I
DNS

219.18.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

219.18.217.172.in-addr.arpa

IN PTR

Response

219.18.217.172.in-addr.arpa

IN PTR

ham02s14-in-f2191e100net

219.18.217.172.in-addr.arpa

IN PTR

par10s38-in-f27�J
DNS

msedge.exe

Remote address:

66.254.114.41:80

Response

HTTP/1.1 400 Bad request

Content-length: 90
Cache-Control: no-cache
Connection: close
Content-Type: text/html
DNS

msedge.exe

Remote address:

66.254.114.41:80

Response

HTTP/1.1 400 Bad request

Content-length: 90
Cache-Control: no-cache
Connection: close
Content-Type: text/html
GET

https://www.pornhub.com/

msedge.exe

Remote address:

66.254.114.41:443

Request

GET / HTTP/2.0
host: www.pornhub.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=141304893629904476
cookie: __l=6664B483-42FE722901BB2CDD0C-130A0146

Response

HTTP/2.0 200

server: openresty
date: Sat, 08 Jun 2024 19:46:27 GMT
content-type: text/html; charset=UTF-8
set-cookie: __l=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=pornhub.com; secure
set-cookie: __s=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=pornhub.com; secure
x-frame-options: SAMEORIGIN
cache-control: no-cache, no-store, must-revalidate
vary: User-Agent
rating: RTA-5042-1996-1400-1577-RTA
content-encoding: gzip
set-cookie: __s=6664B513-42FE722901BB2CE0D6-13048E15; Secure; Samesite=None
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1717875987%2C%22hash%22%3A%22d13dc111b661138eda2102c5f08cfa13%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hbresp=header&hb=E66DE107-BF9F-43A0-AFD7-1D90D6A15677&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A5%7D%2C%7B%22zone%22%3A2184351%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa

msedge.exe

Remote address:

66.254.114.41:443

Request

GET /_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1717875987%2C%22hash%22%3A%22d13dc111b661138eda2102c5f08cfa13%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hbresp=header&hb=E66DE107-BF9F-43A0-AFD7-1D90D6A15677&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A5%7D%2C%7B%22zone%22%3A2184351%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa HTTP/2.0
host: www.pornhub.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=141304893629904476
cookie: __l=6664B483-42FE722901BB2CDD0C-130A0146
cookie: __s=6664B513-42FE722901BB2CE0D6-13048E15

Response

HTTP/2.0 202

server: openresty
date: Sat, 08 Jun 2024 19:46:27 GMT
content-length: 0
cache-control: private, no-cache, proxy-revalidate, no-store, max-age=0
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1717875987%2C%22hash%22%3A%22d13dc111b661138eda2102c5f08cfa13%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hc=E66DE107-BF9F-43A0-AFD7-1D90D6A15677&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A5%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa

msedge.exe

Remote address:

66.254.114.41:443

Request

GET /_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1717875987%2C%22hash%22%3A%22d13dc111b661138eda2102c5f08cfa13%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hc=E66DE107-BF9F-43A0-AFD7-1D90D6A15677&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A5%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa HTTP/2.0
host: www.pornhub.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=141304893629904476
cookie: __l=6664B483-42FE722901BB2CDD0C-130A0146
cookie: __s=6664B513-42FE722901BB2CE0D6-13048E15

Response

HTTP/2.0 200

server: openresty
date: Sat, 08 Jun 2024 19:46:27 GMT
content-type: application/json
cache-control: private, no-cache, proxy-revalidate, no-store, max-age=0
headerbiding: 1
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type
access-control-max-age: 86400
content-encoding: gzip
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1717875987%2C%22hash%22%3A%22d13dc111b661138eda2102c5f08cfa13%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hc=E66DE107-BF9F-43A0-AFD7-1D90D6A15677&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A2184351%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa

msedge.exe

Remote address:

66.254.114.41:443

Request

GET /_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1717875987%2C%22hash%22%3A%22d13dc111b661138eda2102c5f08cfa13%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hc=E66DE107-BF9F-43A0-AFD7-1D90D6A15677&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A2184351%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa HTTP/2.0
host: www.pornhub.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=141304893629904476
cookie: __l=6664B483-42FE722901BB2CDD0C-130A0146
cookie: __s=6664B513-42FE722901BB2CE0D6-13048E15

Response

HTTP/2.0 200

server: openresty
date: Sat, 08 Jun 2024 19:46:27 GMT
content-type: application/json
cache-control: private, no-cache, proxy-revalidate, no-store, max-age=0
headerbiding: 1
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type
access-control-max-age: 86400
content-encoding: gzip
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
POST

https://www.pornhub.com/_i?type=event&event=consent-modal-open

msedge.exe

Remote address:

66.254.114.41:443

Request

POST /_i?type=event&event=consent-modal-open HTTP/2.0
host: www.pornhub.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
x-requested-with: XMLHttpRequest
content-type: application/x-www-form-urlencoded; charset=UTF-8
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.pornhub.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=141304893629904476
cookie: __l=6664B483-42FE722901BB2CDD0C-130A0146
cookie: __s=6664B513-42FE722901BB2CE0D6-13048E15
cookie: cookieConsent=1

Response

HTTP/2.0 200

content-length: 0
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/_xa/deep_pixel?info=CiRmNjUwMzNkZS05NjQzLTQ1OTAtOTIyNi0yNGQ3Njg5OWQ3NzkQk%2BqSswYaIjIxNjA2OTkwYTcwMjQxOWNiOTIxNGQyYjVkYzdkODczLTEoATAFOAVIsYzX3wNSATJYsdaA3QNgz9KP8gNyIGU0MTY3OTFiZDVmNDQ4NmE4NTgwY2I2MWQ3OTk4MWNjgQHxaOOItfjkPpIBAkdCmgEDRU5HogEGTG9uZG9uygESZ3R0IGNvbW11bmljYXRpb25z0gEEd2lmadoBB3dpbmRvd3PiAQ4xOTEuMTAxLjIwOS4zOfoBDjE5MS4xMDEuMjA5LjM5ggIHZGVkNzY1NogCIZICBGVkZ2WaAgRFQzFOqgIEMTAuMLICBDkyLjDYAp2S%2B84F4ALX4%2BaUBPoCATGCA197ImFjdG9yX2lkIjpudWxsLCJjb250ZW50X3R5cGUiOm51bGwsInZpZGVvX2lkIjpudWxsLCJoYXNoIjoiZDEzZGMxMTFiNjYxMTM4ZWRhMjEwMmM1ZjA4Y2ZhMTMifZIDB2Rlc2t0b3CaAwJlbsIDBGhvbWWYBAE%3D&noc=1&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F92.0.4515.131+Safari%2F537.36+Edg%2F92.0.902.67

msedge.exe

Remote address:

66.254.114.41:443

Request

GET /_xa/deep_pixel?info=CiRmNjUwMzNkZS05NjQzLTQ1OTAtOTIyNi0yNGQ3Njg5OWQ3NzkQk%2BqSswYaIjIxNjA2OTkwYTcwMjQxOWNiOTIxNGQyYjVkYzdkODczLTEoATAFOAVIsYzX3wNSATJYsdaA3QNgz9KP8gNyIGU0MTY3OTFiZDVmNDQ4NmE4NTgwY2I2MWQ3OTk4MWNjgQHxaOOItfjkPpIBAkdCmgEDRU5HogEGTG9uZG9uygESZ3R0IGNvbW11bmljYXRpb25z0gEEd2lmadoBB3dpbmRvd3PiAQ4xOTEuMTAxLjIwOS4zOfoBDjE5MS4xMDEuMjA5LjM5ggIHZGVkNzY1NogCIZICBGVkZ2WaAgRFQzFOqgIEMTAuMLICBDkyLjDYAp2S%2B84F4ALX4%2BaUBPoCATGCA197ImFjdG9yX2lkIjpudWxsLCJjb250ZW50X3R5cGUiOm51bGwsInZpZGVvX2lkIjpudWxsLCJoYXNoIjoiZDEzZGMxMTFiNjYxMTM4ZWRhMjEwMmM1ZjA4Y2ZhMTMifZIDB2Rlc2t0b3CaAwJlbsIDBGhvbWWYBAE%3D&noc=1&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F92.0.4515.131+Safari%2F537.36+Edg%2F92.0.902.67 HTTP/2.0
host: www.pornhub.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=141304893629904476
cookie: __l=6664B483-42FE722901BB2CDD0C-130A0146
cookie: __s=6664B513-42FE722901BB2CE0D6-13048E15
cookie: cookieConsent=1

Response

HTTP/2.0 200

server: openresty
date: Sat, 08 Jun 2024 19:46:28 GMT
content-type: image/gif
content-length: 35
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Sun, 22 Jan 1984 03:00:00 GMT
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/front/menu_livesex?segment=straight&token=MTcxNzg3NTk4N3gdVmnxQRuMJE3XyDoCQlnfZU7n3WGNEzMb8jll7R3RMxD7j9X7JFTaLWG283ZtarHx1U368zwJvAsKxPMV-BM.

msedge.exe

Remote address:

66.254.114.41:443

Request

GET /front/menu_livesex?segment=straight&token=MTcxNzg3NTk4N3gdVmnxQRuMJE3XyDoCQlnfZU7n3WGNEzMb8jll7R3RMxD7j9X7JFTaLWG283ZtarHx1U368zwJvAsKxPMV-BM. HTTP/2.0
host: www.pornhub.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
x-requested-with: XMLHttpRequest
content-type: application/x-www-form-urlencoded; charset=UTF-8
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=141304893629904476
cookie: __l=6664B483-42FE722901BB2CDD0C-130A0146
cookie: __s=6664B513-42FE722901BB2CE0D6-13048E15
cookie: cookieConsent=1

Response

HTTP/2.0 200

server: openresty
date: Sat, 08 Jun 2024 19:46:28 GMT
content-type: text/html; charset=UTF-8
set-cookie: __l=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=pornhub.com; secure
set-cookie: __s=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=pornhub.com; secure
x-frame-options: SAMEORIGIN
cache-control: no-cache, no-store, must-revalidate
vary: User-Agent
rating: RTA-5042-1996-1400-1577-RTA
content-encoding: gzip
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/service-worker.js

msedge.exe

Remote address:

66.254.114.41:443

Request

GET /service-worker.js HTTP/2.0
host: www.pornhub.com
cache-control: max-age=0
dnt: 1
accept: */*
service-worker: script
sec-fetch-site: same-origin
sec-fetch-mode: same-origin
sec-fetch-dest: serviceworker
referer: https://www.pornhub.com/service-worker.js
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=141304893629904476
cookie: __l=6664B483-42FE722901BB2CDD0C-130A0146
cookie: __s=6664B513-42FE722901BB2CE0D6-13048E15
cookie: cookieConsent=1
if-none-match: "66623d97-2ab"
if-modified-since: Thu, 06 Jun 2024 22:52:07 GMT

Response

HTTP/2.0 304

server: openresty
date: Sat, 08 Jun 2024 19:46:31 GMT
last-modified: Thu, 06 Jun 2024 22:52:07 GMT
etag: "66623d97-2ab"
x-frame-options: SAMEORIGIN
expires: Sun, 06 Oct 2024 19:46:31 GMT
cache-control: max-age=10368000
pragma: public
cache-control: public
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://prvc.io/api/init-4039n5u7thbwcvx8fran.js

msedge.exe

Remote address:

172.67.177.254:443

Request

GET /api/init-4039n5u7thbwcvx8fran.js HTTP/2.0
host: prvc.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:46:28 GMT
content-type: text/javascript
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rDi2qMGE1qjqQcCYQIt%2FRgIPzWsdUUyIHoXdRTrjTVVFTMUtzmzkk5BXoUifQTXmavP6CBFDbjwQi%2BdzIZEaR%2FloEoYsLNGY0KFtrEnI2jaNHOZMlxzZixW0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 890b635bf91135db-LHR
alt-svc: h3=":443"; ma=86400
GET

https://ei.phncdn.com/videos/202405/16/452524871/original/(m=qQGMLMZbeafTGgaaaa)(mh=dQGsLw9gN6E2hKFZ)0.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202405/16/452524871/original/(m=qQGMLMZbeafTGgaaaa)(mh=dQGsLw9gN6E2hKFZ)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:46:28 GMT
content-type: image/jpeg
content-length: 10072
expires: Sun, 19 May 2024 19:01:18 GMT
cache-control: max-age=86400
last-modified: Sat, 18 May 2024 18:36:33 GMT
etag: "a5d0-618bebf622aae"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16009-2-6869-h-0-0---;16032-40-25012----0-0-0
GET

https://ei.phncdn.com/videos/202405/17/452602211/original/(m=qXP9XKZbeafTGgaaaa)(mh=pswuhiv4tO-DKvef)0.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202405/17/452602211/original/(m=qXP9XKZbeafTGgaaaa)(mh=pswuhiv4tO-DKvef)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:46:28 GMT
content-type: image/jpeg
content-length: 13763
expires: Sun, 06 Oct 2024 13:21:33 GMT
cache-control: max-age=10483407
last-modified: Fri, 07 Jun 2024 05:18:02 GMT
etag: "cded-61a45ec7b009b"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16008-1-23877-h-0-0---;16032-40-25012----0-0-1
GET

https://ei.phncdn.com/videos/202309/16/439523501/original/(m=eafTGgaaaa)(mh=NWeB_k_oRBtHU5ZU)4.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202309/16/439523501/original/(m=eafTGgaaaa)(mh=NWeB_k_oRBtHU5ZU)4.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:46:28 GMT
content-type: image/jpeg
content-length: 15388
expires: Sat, 27 Apr 2024 02:19:48 GMT
cache-control: max-age=9854416
last-modified: Sat, 16 Sep 2023 14:55:23 GMT
etag: "2390f-6057b193fecc0"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16009-2-6869-h-0-0---;16032-40-25012----0-0-0
GET

https://ei.phncdn.com/videos/202403/22/449965451/thumbs_35/(m=eafTGgaaaa)(mh=St9UP-_IFFMucl-A)8.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202403/22/449965451/thumbs_35/(m=eafTGgaaaa)(mh=St9UP-_IFFMucl-A)8.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:46:28 GMT
content-type: image/jpeg
content-length: 14125
expires: Tue, 01 Oct 2024 09:00:34 GMT
cache-control: max-age=10850743
last-modified: Tue, 28 May 2024 18:54:33 GMT
etag: "3e64e-619882a1f8fb2"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16008-1-23876-h-0-0---;16032-40-25012----0-0-0
GET

https://ei.phncdn.com/videos/202405/10/452284521/thumbs_28/(m=eafTGgaaaa)(mh=fDuTWVKBpB4mCWtd)3.jpg

msedge.exe

Remote address:

64.210.156.22:443

Request

GET /videos/202405/10/452284521/thumbs_28/(m=eafTGgaaaa)(mh=fDuTWVKBpB4mCWtd)3.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:46:28 GMT
content-type: image/jpeg
content-length: 13055
expires: Sat, 23 Mar 2024 20:02:09 GMT
cache-control: max-age=86400
last-modified: Fri, 22 Mar 2024 20:01:28 GMT
etag: "10109-614454a19bd33"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16032-1-19356-h-0-0---;16032-40-25012----0-0-0
GET

https://eg-cdn.trafficjunky.net/uploaded_content/video/001/956/071/1956071_video.mp4

msedge.exe

Remote address:

93.184.223.43:443

Request

GET /uploaded_content/video/001/956/071/1956071_video.mp4 HTTP/2.0
host: eg-cdn.trafficjunky.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
accept-encoding: identity;q=1, *;q=0
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: video
referer: https://www.pornhub.com/
accept-language: en-US,en;q=0.9
range: bytes=0-

Response

HTTP/2.0 206

accept-ranges: bytes
age: 2975043
cache-control: max-age=1725274206
content-range: bytes 0-233444/233445
content-type: video/mp4
date: Sat, 08 Jun 2024 19:46:28 GMT
etag: "7b667c1c0-38fe5-60e8fbe5ad540"
expires: Sun, 06 Oct 2024 21:14:09 GMT
last-modified: Wed, 10 Jan 2024 04:19:57 GMT
server: ECAcc (frb/670C)
x-cache: HIT
content-length: 233445
GET

https://eg-cdn.trafficjunky.net/uploaded_content/video/001/956/071/1956071_video.mp4

msedge.exe

Remote address:

93.184.223.43:443

Request

GET /uploaded_content/video/001/956/071/1956071_video.mp4 HTTP/2.0
host: eg-cdn.trafficjunky.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
accept-encoding: identity;q=1, *;q=0
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: video
referer: https://www.pornhub.com/
accept-language: en-US,en;q=0.9
range: bytes=0-

Response

HTTP/2.0 206

accept-ranges: bytes
age: 2975043
cache-control: max-age=1725274206
content-range: bytes 0-233444/233445
content-type: video/mp4
date: Sat, 08 Jun 2024 19:46:28 GMT
etag: "7b667c1c0-38fe5-60e8fbe5ad540"
expires: Sun, 06 Oct 2024 21:14:09 GMT
last-modified: Wed, 10 Jan 2024 04:19:57 GMT
server: ECAcc (frb/670C)
x-cache: HIT
content-length: 233445
DNS

ht-cdn.trafficjunky.net

msedge.exe

Remote address:

8.8.8.8:53

Request

ht-cdn.trafficjunky.net

IN A

Response

ht-cdn.trafficjunky.net

IN CNAME

ht-cdn.trafficjunky.net.sds.rncdn7.com

ht-cdn.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.21

ht-cdn.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.22

ht-cdn.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.23

ht-cdn.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.16

ht-cdn.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.17

ht-cdn.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.18

ht-cdn.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.19

ht-cdn.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.20
DNS

ht-cdn.trafficjunky.net

msedge.exe

Remote address:

8.8.8.8:53

Request

ht-cdn.trafficjunky.net

IN A

Response

ht-cdn.trafficjunky.net

IN CNAME

ht-cdn.trafficjunky.net.sds.rncdn7.com

ht-cdn.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.21

ht-cdn.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.22

ht-cdn.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.23

ht-cdn.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.16

ht-cdn.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.17

ht-cdn.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.18

ht-cdn.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.19

ht-cdn.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.20
GET

https://ht-cdn.trafficjunky.net/uploaded_content/creative/101/822/962/1/1018229621.gif

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /uploaded_content/creative/101/822/962/1/1018229621.gif HTTP/2.0
host: ht-cdn.trafficjunky.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 08 Jun 2024 19:46:28 GMT
content-type: image/gif
content-length: 282097
last-modified: Thu, 25 Jul 2019 12:27:41 GMT
etag: "2d10f4d84-44df1-58e808d4ac940"
expires: Sun, 28 Jan 2024 14:42:34 GMT
cache-control: max-age=1706452954
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,OPTIONS
accept-ranges: bytes
x-cdn-diag: lon1-16032-1-19356-h-0-0---;16008-43-9360----0-0-0
DNS

21.156.210.64.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.156.210.64.in-addr.arpa

IN PTR

Response
DNS

31.73.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.73.42.20.in-addr.arpa

IN PTR

Response
DNS

31.73.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.73.42.20.in-addr.arpa

IN PTR

Response
DNS

gofile.io

XClient.exe

Remote address:

8.8.8.8:53

Request

gofile.io

IN A

Response

gofile.io

IN A

51.38.43.18

gofile.io

IN A

151.80.29.83

gofile.io

IN A

51.178.66.33
DNS

gofile.io

XClient.exe

Remote address:

8.8.8.8:53

Request

gofile.io

IN A

Response

gofile.io

IN A

51.38.43.18

gofile.io

IN A

151.80.29.83

gofile.io

IN A

51.178.66.33
GET

https://gofile.io/d/10lzhS

XClient.exe

Remote address:

51.38.43.18:443

Request

GET /d/10lzhS HTTP/1.1
Host: gofile.io
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx/1.25.5
Date: Sat, 08 Jun 2024 19:49:56 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 498
Connection: keep-alive
X-DNS-Prefetch-Control: off
Expect-CT: max-age=0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
Origin-Agent-Cluster: ?1
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: origin
X-XSS-Protection: 0
ETag: W/"1f2-Fdzd+hM+gag6y5AiyPbgsP40c/U"
DNS

www.example.com

XClient.exe

Remote address:

8.8.8.8:53

Request

www.example.com

IN A

Response

www.example.com

IN A

93.184.215.14
DNS

www.example.com

XClient.exe

Remote address:

8.8.8.8:53

Request

www.example.com

IN A

Response

www.example.com

IN A

93.184.215.14
GET

http://www.example.com/File.exe

XClient.exe

Remote address:

93.184.215.14:80

Request

GET /File.exe HTTP/1.1
Host: www.example.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Accept-Ranges: bytes
Age: 223102
Cache-Control: max-age=604800
Content-Type: text/html; charset=UTF-8
Date: Sat, 08 Jun 2024 19:51:38 GMT
Expires: Sat, 15 Jun 2024 19:51:38 GMT
Last-Modified: Thu, 06 Jun 2024 05:53:16 GMT
Server: ECAcc (lac/55AA)
Vary: Accept-Encoding
X-Cache: 404-HIT
Content-Length: 1256
DNS

14.215.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.215.184.93.in-addr.arpa

IN PTR

Response
DNS

14.215.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.215.184.93.in-addr.arpa

IN PTR

Response
DNS

76.234.34.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.234.34.23.in-addr.arpa

IN PTR

Response

76.234.34.23.in-addr.arpa

IN PTR

a23-34-234-76deploystaticakamaitechnologiescom
DNS

76.234.34.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.234.34.23.in-addr.arpa

IN PTR

Response

76.234.34.23.in-addr.arpa

IN PTR

a23-34-234-76deploystaticakamaitechnologiescom

51.38.43.18:443

https://gofile.io/contents/files.html

tls, http2

msedge.exe

13.9kB
478.8kB
215
375

HTTP Request

GET https://gofile.io/d/10lzhS

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/css/bootstrap.min.css

HTTP Request

GET https://gofile.io/dist/css/bootstrap-icons.css

HTTP Request

GET https://gofile.io/dist/css/bootstrap-nightfall.css

HTTP Request

GET https://gofile.io/dist/css/plyr.css

HTTP Request

GET https://gofile.io/dist/css/allcss.css

HTTP Request

GET https://gofile.io/dist/js/bootstrap.bundle.min.js

HTTP Request

GET https://gofile.io/dist/js/sha256.min.js

HTTP Request

GET https://gofile.io/dist/js/qrcode.min.js

HTTP Request

GET https://gofile.io/dist/js/dayjs.min.js

HTTP Request

GET https://gofile.io/dist/js/customParseFormat.js

HTTP Request

GET https://gofile.io/dist/js/marked.min.js

HTTP Request

GET https://gofile.io/dist/js/plyr.js

HTTP Request

GET https://gofile.io/dist/js/chart.umd.min.js

HTTP Request

GET https://gofile.io/dist/js/alljs.js

HTTP Request

GET https://gofile.io/dist/img/logo-small-70.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/css/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/img/favicon96.png

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/img/favicon32.png

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/img/favicon16.png

HTTP Response

200

HTTP Request

GET https://gofile.io/contents/files.html

HTTP Response

200
151.80.29.83:443

https://api.gofile.io/contents/10lzhS?wt=4fd6sg89d7s6

tls, http2

msedge.exe

3.5kB
11.6kB
27
30

HTTP Request

POST https://api.gofile.io/accounts

HTTP Response

200

HTTP Request

OPTIONS https://api.gofile.io/accounts/3d0c0fd9-637f-4d49-811f-9b45f0f545f8

HTTP Response

200

HTTP Request

GET https://api.gofile.io/accounts/3d0c0fd9-637f-4d49-811f-9b45f0f545f8

HTTP Response

200

HTTP Request

OPTIONS https://api.gofile.io/contents/10lzhS?wt=4fd6sg89d7s6

HTTP Response

200

HTTP Request

GET https://api.gofile.io/contents/10lzhS?wt=4fd6sg89d7s6

HTTP Response

200
51.75.242.210:443

https://s.gofile.io/js/script.js

tls, http2

msedge.exe

2.5kB
6.4kB
19
18

HTTP Request

GET https://s.gofile.io/js/script.js

HTTP Response

200
51.75.242.210:443

s.gofile.io

tls, http2

msedge.exe

1.7kB
993 B
12
9
51.75.242.210:443

https://s.gofile.io/api/event

tls, http2

msedge.exe

2.6kB
5.0kB
20
17

HTTP Request

POST https://s.gofile.io/api/event

HTTP Response

202
31.14.70.252:443

store10.gofile.io

tls

msedge.exe

1.6kB
4.3kB
11
12
31.14.70.252:443

https://store10.gofile.io/download/web/1a269dc3-0817-4526-9242-9d18341662d1/XClient.exe

tls, http

msedge.exe

4.9kB
84.1kB
65
70

HTTP Request

GET https://store10.gofile.io/download/web/1a269dc3-0817-4526-9242-9d18341662d1/XClient.exe

HTTP Response

200
208.95.112.1:80

http://ip-api.com/line/?fields=hosting

http

XClient.exe

430 B
347 B
6
4

HTTP Request

GET http://ip-api.com/line/?fields=hosting

HTTP Response

200
127.0.0.1:15871

XClient.exe
127.0.0.1:15871

XClient.exe
127.0.0.1:15871

XClient.exe
147.185.221.20:15871

moving-agenda.gl.at.ply.gg

XClient.exe

249.8kB
12.5MB
5211
10027
66.254.114.41:80

http://pornhub.com/

http

msedge.exe

719 B
217 B
6
3

HTTP Request

GET http://pornhub.com/

HTTP Response

301
66.254.114.41:80

pornhub.com

http

msedge.exe

282 B
405 B
6
4

HTTP Response

408
66.254.114.41:443

https://www.pornhub.com/service-worker.js

tls, http2

msedge.exe

63.1kB
1.7MB
964
1344

HTTP Request

GET https://pornhub.com/

HTTP Response

301

HTTP Request

GET https://www.pornhub.com/

HTTP Response

200

HTTP Request

GET https://www.pornhub.com/_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1717875843%2C%22hash%22%3A%22690aeedc4f0a565539658eaa4980f86d%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hbresp=header&hb=37ABF1C4-1D73-47FB-AAEC-0ECA7417A6DE&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A5%7D%2C%7B%22zone%22%3A2184351%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa

HTTP Response

202

HTTP Request

GET https://www.pornhub.com/_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1717875843%2C%22hash%22%3A%22690aeedc4f0a565539658eaa4980f86d%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hc=37ABF1C4-1D73-47FB-AAEC-0ECA7417A6DE&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A5%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa

HTTP Request

GET https://www.pornhub.com/_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1717875843%2C%22hash%22%3A%22690aeedc4f0a565539658eaa4980f86d%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hc=37ABF1C4-1D73-47FB-AAEC-0ECA7417A6DE&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A2184351%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://www.pornhub.com/_i?type=event&event=consent-modal-open

HTTP Response

200

HTTP Request

GET https://www.pornhub.com/front/menu_livesex?segment=straight&token=MTcxNzg3NTg0M1Vs0dM3tajmh2d85j_-87DpWc4zOFbZwrF1eBHBVG4RwLvPXrhidEqmhxP_S2lHK6v4_plGGyJFnzgE0eNmLwA.

HTTP Response

200

HTTP Request

GET https://www.pornhub.com/_xa/deep_pixel?info=CiQ2YWZiM2IzZS05NGQ5LTQ5MTEtYTM4OS1mZTQ0Zjk3ZmRkNDQQg%2BmSswYaIjZiZWM4NjY5ZTZmMDQ1ZTg5OWJmNjRmNzIwMWE1MzZlLTIgAjCfqYUBOJ%2BphQFA%2FfgESJOY4t8DUgEyWNXrqd4DYKu0yvIDciBlNDE2NzkxYmQ1ZjQ0ODZhODU4MGNiNjFkNzk5ODFjY4EBi%2BB%2FK9mxIT%2BSAQJHQpoBA0VOR6IBBkxvbmRvbsoBEmd0dCBjb21tdW5pY2F0aW9uc9IBBHdpZmnaAQd3aW5kb3dz4gEOMTkxLjEwMS4yMDkuMzn6AQ4xOTEuMTAxLjIwOS4zOYICB2RlZDc2NTaIAiGSAgRlZGdlmgIERUMxTqoCBDEwLjCyAgQ5Mi4w2AKFr4TSBeACt5%2FnlQT6AgExggNfeyJhY3Rvcl9pZCI6bnVsbCwiY29udGVudF90eXBlIjpudWxsLCJ2aWRlb19pZCI6bnVsbCwiaGFzaCI6IjY5MGFlZWRjNGYwYTU2NTUzOTY1OGVhYTQ5ODBmODZkIn2SAwdkZXNrdG9wmgMCZW6oAwHCAwRob21lmAQB&noc=1&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F92.0.4515.131+Safari%2F537.36+Edg%2F92.0.902.67

HTTP Response

200

HTTP Request

GET https://www.pornhub.com/_xa/deep_pixel?info=CiRjMjAwOTdmNS04ZGZlLTRmY2YtOWUzMC0yMTdlY2RlZTY0MzcQg%2BmSswYaIjZiZWM4NjY5ZTZmMDQ1ZTg5OWJmNjRmNzIwMWE1MzZlLTEoATAFOAVIsYzX3wNSATJYsdaA3QNg49KP8gNyIGU0MTY3OTFiZDVmNDQ4NmE4NTgwY2I2MWQ3OTk4MWNjgQHxaOOItfjkPpIBAkdCmgEDRU5HogEGTG9uZG9uygESZ3R0IGNvbW11bmljYXRpb25z0gEEd2lmadoBB3dpbmRvd3PiAQ4xOTEuMTAxLjIwOS4zOfoBDjE5MS4xMDEuMjA5LjM5ggIHZGVkNzY1NogCIZICBGVkZ2WaAgRFQzFOqgIEMTAuMLICBDkyLjDYAs%2BS%2B84F4ALX4%2BaUBPoCATGCA197ImFjdG9yX2lkIjpudWxsLCJjb250ZW50X3R5cGUiOm51bGwsInZpZGVvX2lkIjpudWxsLCJoYXNoIjoiNjkwYWVlZGM0ZjBhNTY1NTM5NjU4ZWFhNDk4MGY4NmQifZIDB2Rlc2t0b3CaAwJlbsIDBGhvbWWYBAE%3D&noc=1&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F92.0.4515.131+Safari%2F537.36+Edg%2F92.0.902.67

HTTP Response

200

HTTP Request

GET https://www.pornhub.com/_xa/fla/log?action=ad_view&ad_id=1045600811&campaign_id=1006144531&initial_zone_id=2184351&member_id=1003124181&zone_id=2184351

HTTP Response

200

HTTP Request

GET https://www.pornhub.com/service-worker.js

HTTP Response

200
64.210.156.20:443

static.trafficjunky.com

tls

msedge.exe

1.0kB
4.0kB
8
6
64.210.156.20:443

https://static.trafficjunky.com/invocation/popunder/production/popunder.min.js

tls, http2

msedge.exe

3.1kB
44.1kB
39
43

HTTP Request

GET https://static.trafficjunky.com/invocation/embeddedads/production/embeddedads.es6.min.js

HTTP Request

GET https://static.trafficjunky.com/ab/ads_test.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.trafficjunky.com/invocation/popunder/production/popunder.min.js

HTTP Response

200
64.210.156.22:443

https://ei.phncdn.com/www-static/js/promo-banner.js?cache=2024060601

tls, http2

msedge.exe

37.4kB
825.4kB
621
657

HTTP Request

GET https://ei.phncdn.com/www-static/css/global-backgrounds.css?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/css/generated-header.css?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/css/front-index-pc.css?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/css/flags/round_flag.css?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/css/ph-icons.css?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/js/cookieBanner/cookie_banner.js?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/js/lib/utils/mg_utils-1.0.0.js?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/js/lib/ph-functions.js?cache=2024060601

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://ei.phncdn.com/www-static/js/mg_modal-1.0.0.js?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/images/pornhub_logo_straight.svg?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/pics/logos/9091.png?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/css/large.css?cache=2024060601

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://ei.phncdn.com/www-static/js/lib/vue/vue.min.js

HTTP Request

GET https://ei.phncdn.com/www-static/js/lib/vue/vue-custom-element.min.js

HTTP Request

GET https://ei.phncdn.com/www-static/js/lib/generated-lib.js?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/js/lib/networkbar-5.0.0.js?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/js/front-index.js?cache=2024060601

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://ei.phncdn.com/www-static/images/countryFlags/svgs/united_kingdom.svg?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/images/verified-badge.svg?cache=2024060601

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://ei.phncdn.com/www-static/images/channel-badge.svg?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/images/trophy-icon-Pornstar.svg?cache=2024060601

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://ei.phncdn.com/videos/202405/09/452244951/original/(m=q79I5KZbeafTGgaaaa)(mh=yMRU5JV7wTNvkdPK)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202405/21/452760141/original/(m=qKTQ6KZbeafTGgaaaa)(mh=7CwB3ljtIIvl9z4C)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202405/20/452723391/original/(m=qOHZ3KZbeafTGgaaaa)(mh=BEw9TMvbuSzsPJw4)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202405/18/452623901/original/(m=qT7R0KZbeafTGgaaaa)(mh=MOQeH2yePsKB_j8b)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202405/11/452330031/original/(m=qQM2-JZbeafTGgaaaa)(mh=FBuGCAKne9GIRP6b)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202403/12/449449741/original/(m=qQR8W-YbeafTGgaaaa)(mh=GMrv70wShSiow7gJ)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202405/15/452499191/thumbs_25/(m=eafTGgaaaa)(mh=V0iMUHzj88vsC-gX)11.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202405/12/452370401/original/(m=qVMMIKZbeafTGgaaaa)(mh=WSf5O0xssXXg32R1)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202405/16/452551951/original/(m=qNWM_LZbeafTGgaaaa)(mh=ImkUp3uLt-bjqqEL)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202405/20/452725441/original/(m=q-6G7KZbeafTGgaaaa)(mh=EobuyJ3HHQ_7LaRA)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202405/25/452950431/original/(m=qUGVKLZbeafTGgaaaa)(mh=vQqFgQgntbNcuY6a)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202405/12/452345241/thumbs_5/(m=eafTGgaaaa)(mh=CfSyrMvq_m0nKmD5)6.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202404/08/450814591/thumbs_25/(m=eafTGgaaaa)(mh=Xnplhe8ooBEsoQmp)16.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202404/29/451764031/original/(m=q-IMIJZbeafTGgaaaa)(mh=rT4JFmbmyxMwZhfn)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202405/03/451932881/thumbs_75/(m=eafTGgaaaa)(mh=2zhlRxwqaq-VOpyG)9.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202405/24/452920491/original/(m=q2NLOLZbeafTGgaaaa)(mh=M5bkLJkgZodAmOse)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202402/20/448441921/original/(m=qGY279YbeafTGgaaaa)(mh=SA2YFKsYx032O6RZ)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202403/08/449296861/thumbs_5/(m=eafTGgaaaa)(mh=8KZ980p6rcyMbpzU)7.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202402/15/448188791/thumbs_45/(m=eafTGgaaaa)(mh=x8dDGnR6mOVkg7tW)9.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202406/04/453379472/thumbs_20/(m=eafTGgaaaa)(mh=eAcMq7B9CJtvuE7R)12.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202404/08/450776501/original/(m=qQGPNHZbeafTGgaaaa)(mh=Qa5lQnuzIn8i5DZM)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202404/20/451339601/original/(m=eafTGgaaaa)(mh=PguQjTmcSpY5uySm)13.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202404/04/450620111/original/(m=q7ZR_GZbeafTGgaaaa)(mh=yB6tzNcPTqbbQxsM)0.jpg

HTTP Request

GET https://ei.phncdn.com/www-static/images/sprite-icons.png?cache=2024060601

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://ei.phncdn.com/www-static/css/header-non-critical.css?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/css/commons-non-critical.css?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/css/modals_commons.css?cache=2024060601

HTTP Response

200

HTTP Request

GET https://ei.phncdn.com/www-static/css/playlist-base.css?cache=2024060601

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://ei.phncdn.com/www-static/css/premium/premium-modals.css?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/css/pc/onboardingModalFlow/onboardingModalFlow.css?cache=2024060601

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://ss.phncdn.com/head/load-1.0.3.js

HTTP Response

200

HTTP Request

GET https://ei.phncdn.com/www-static/favicon.ico?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/js/lib/jquery-3.6.0.min.js

HTTP Request

GET https://ei.phncdn.com/www-static/js/header.js?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/js/lib/jquery-ui-1.13.2.min.js

HTTP Request

GET https://ei.phncdn.com/www-static/js/lib/jquery.slimscroll.min.js

HTTP Request

GET https://ei.phncdn.com/www-static/js/phub.js?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/js/playlist/playlist-basic.js?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/js/widgets-live-popup.js?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/js/playlist/playlists-common.js?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/js/v-recaptcha.js?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/js/lib/signinbox.js?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/js/signin.js?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/js/create-account.js?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/js/onboardingModalFlow/widgets-onboardingModalFlow.js?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/js/ph-footer.js?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/js/premium/premium-modals.js?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/js/lib/generated/front-index-pc.js?cache=2024060601

HTTP Request

GET https://ei.phncdn.com/www-static/js/promo-banner.js?cache=2024060601

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
64.210.156.22:443

ei.phncdn.com

tls

msedge.exe

1.1kB
4.0kB
9
7
64.210.156.22:443

ei.phncdn.com

tls

msedge.exe

1.0kB
4.0kB
8
6
64.210.156.22:443

ei.phncdn.com

tls

msedge.exe

1.1kB
4.0kB
9
7
64.210.156.22:443

ei.phncdn.com

tls

msedge.exe

1.1kB
4.0kB
9
7
64.210.156.22:443

ei.phncdn.com

tls

msedge.exe

1.1kB
4.0kB
9
7
64.210.156.16:443

https://media.trafficjunky.net/delivery/js/abp/js1.js

tls, http2

msedge.exe

1.7kB
4.7kB
12
12

HTTP Request

GET https://media.trafficjunky.net/delivery/js/abp/js1.js

HTTP Response

200
66.254.114.156:443

https://cdn1-smallimg.phncdn.com/n172nWs1UEcnquuObA5x52osw51230gH/rta-1.gif

tls, http

msedge.exe

1.8kB
6.6kB
12
11

HTTP Request

GET https://cdn1-smallimg.phncdn.com/n172nWs1UEcnquuObA5x52osw51230gH/rta-1.gif

HTTP Response

200
172.67.177.254:443

https://prvc.io/api/init-4039n5u7thbwcvx8fran.js

tls, http2

msedge.exe

1.6kB
5.9kB
13
13

HTTP Request

GET https://prvc.io/api/init-4039n5u7thbwcvx8fran.js

HTTP Response

200
64.210.156.22:443

https://ei.phncdn.com/www-static/fonts/ph-icons/ph-icons.woff2?cache=2024060601

tls, http2

msedge.exe

2.5kB
35.7kB
29
34

HTTP Request

GET https://ei.phncdn.com/www-static/fonts/ph-icons/ph-icons.woff2?cache=2024060601

HTTP Response

200
66.254.114.171:443

https://a.adtng.com/track/adviews/eyJleHRfemlkIjoiMjE4NDM1MSIsImV4dF9jIjoiIiwiZXh0X2FpZCI6IjE1MTQyMTUzMDEiLCJwaWQiOiI0OSIsInNpZCI6IjEwMDEwMTE3IiwibmlkcyI6IjUzOTg4IiwiZHluX2RtbiI6IiIsImNyaWQiOiIxMTA2MDM2Iiwic3YiOiIyNTYzNSIsInJlZl9kbW4iOiJ3d3cucG9ybmh1Yi5jb20iLCJleHRfY2lkIjoiMTAwNjE0NDUzMSIsInRzbmFtZSI6Ik1CIiwiY3JjIjoiMTIiLCJjbiI6IjMwMFgyNTBfVElFUl8xLjAiLCJuaWQiOiI1Mzk4OCIsImV4dF9wdWIiOiIiLCJjcnAiOiI0Ljc5IiwidGlkIjoiMSIsIml0IjoiMDhcL0p1blwvMjAyNDoxOTo0NDowNCArMDAwMCIsImNjIjoiNSIsInNuY2lkIjoiMTA3MTg0IiwiY2lkIjoiMzkwMTAiLCJleHRfdWlkIjoiIiwiY3AiOiI0NS4wNSIsInNuY2NpZCI6IjIzOTQ1MjEiLCJpaWQiOiIxNzY5ZmY4NTgwMzE3MmI3NjdmNTRhZjNmMmEzYWVlMiIsImV4dF9paWQiOiIifQ==?unique_view=1

tls, http2

msedge.exe

5.0kB
15.8kB
23
24

HTTP Request

GET https://a.adtng.com/get/10010117?&uuid=6bec8669e6f045e899bf64f7201a536e&impid=6bec8669e6f045e899bf64f7201a536e-2&tj_zid=2184351&tj_cid=1006144531&tj_aid=1514215301&infos=CiQ2YWZiM2IzZS05NGQ5LTQ5MTEtYTM4OS1mZTQ0Zjk3ZmRkNDQQg+mSswYaIjZiZWM4NjY5ZTZmMDQ1ZTg5OWJmNjRmNzIwMWE1MzZlLTIgAjCfqYUBOJ+phQFA/fgESJOY4t8DUgEyWNXrqd4DYKu0yvIDciBlNDE2NzkxYmQ1ZjQ0ODZhODU4MGNiNjFkNzk5ODFjY4EBi+B/K9mxIT+SAQJHQpoBA0VOR6IBBkxvbmRvbsoBEmd0dCBjb21tdW5pY2F0aW9uc9IBBHdpZmnaAQd3aW5kb3dz4gEOMTkxLjEwMS4yMDkuMzn6AQ4xOTEuMTAxLjIwOS4zOYICB2RlZDc2NTaIAiGSAgRlZGdlmgIERUMxTqoCBDEwLjCyAgQ5Mi4w2AKFr4TSBeACt5/nlQT6AgExggNfeyJhY3Rvcl9pZCI6bnVsbCwiY29udGVudF90eXBlIjpudWxsLCJ2aWRlb19pZCI6bnVsbCwiaGFzaCI6IjY5MGFlZWRjNGYwYTU2NTUzOTY1OGVhYTQ5ODBmODZkIn2SAwdkZXNrdG9wmgMCZW6oAwHCAwRob21lmAQB&noc=1

HTTP Response

200

HTTP Request

GET https://a.adtng.com/track/adviews/eyJleHRfemlkIjoiMjE4NDM1MSIsImV4dF9jIjoiIiwiZXh0X2FpZCI6IjE1MTQyMTUzMDEiLCJwaWQiOiI0OSIsInNpZCI6IjEwMDEwMTE3IiwibmlkcyI6IjUzOTg4IiwiZHluX2RtbiI6IiIsImNyaWQiOiIxMTA2MDM2Iiwic3YiOiIyNTYzNSIsInJlZl9kbW4iOiJ3d3cucG9ybmh1Yi5jb20iLCJleHRfY2lkIjoiMTAwNjE0NDUzMSIsInRzbmFtZSI6Ik1CIiwiY3JjIjoiMTIiLCJjbiI6IjMwMFgyNTBfVElFUl8xLjAiLCJuaWQiOiI1Mzk4OCIsImV4dF9wdWIiOiIiLCJjcnAiOiI0Ljc5IiwidGlkIjoiMSIsIml0IjoiMDhcL0p1blwvMjAyNDoxOTo0NDowNCArMDAwMCIsImNjIjoiNSIsInNuY2lkIjoiMTA3MTg0IiwiY2lkIjoiMzkwMTAiLCJleHRfdWlkIjoiIiwiY3AiOiI0NS4wNSIsInNuY2NpZCI6IjIzOTQ1MjEiLCJpaWQiOiIxNzY5ZmY4NTgwMzE3MmI3NjdmNTRhZjNmMmEzYWVlMiIsImV4dF9paWQiOiIifQ==?unique_view=1

HTTP Response

200
93.184.223.43:443

https://eg-cdn.trafficjunky.net/uploaded_content/creative/101/822/963/1/1018229631.gif

tls, http2

msedge.exe

7.5kB
314.5kB
128
233

HTTP Request

GET https://eg-cdn.trafficjunky.net/uploaded_content/creative/101/822/963/1/1018229631.gif

HTTP Response

200
64.210.156.23:443

https://ht-cdn2.adtng.com/delivery/vortex/vortex-simple-1.0.0.js

tls, http2

msedge.exe

3.1kB
11.0kB
21
20

HTTP Request

GET https://ht-cdn2.adtng.com/delivery/vortex/vortex-simple-1.0.0.js

HTTP Response

200
64.210.156.4:443

https://hw-cdn2.adtng.com/a7/creatives/1/49/819454/1106036/1106036_video.mp4

tls, http2

msedge.exe

16.7kB
817.2kB
312
602

HTTP Request

GET https://hw-cdn2.adtng.com/a7/creatives/1/49/819454/1106036/1106036_logo.png

HTTP Response

200

HTTP Request

GET https://hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js

HTTP Response

200

HTTP Request

GET https://hw-cdn2.adtng.com/a7/creatives/1/49/819454/1106036/1106036_video.mp4

HTTP Response

206
172.217.18.219:443

https://storage.googleapis.com/workbox-cdn/releases/5.1.3/workbox-sw.js

tls, http2

msedge.exe

1.7kB
7.4kB
15
13

HTTP Request

GET https://storage.googleapis.com/workbox-cdn/releases/5.1.3/workbox-sw.js
147.185.221.20:15871

moving-agenda.gl.at.ply.gg

XClient.exe

163.3MB
1.4MB
122652
22666
147.185.221.20:15871

moving-agenda.gl.at.ply.gg

XClient.exe

405.8kB
1.9kB
301
44
147.185.221.20:15871

moving-agenda.gl.at.ply.gg

XClient.exe

2.8kB
1.9kB
39
38
66.254.114.41:80

www.pornhub.com

http

msedge.exe

236 B
339 B
5
3

HTTP Response

400
66.254.114.41:80

www.pornhub.com

http

msedge.exe

236 B
339 B
5
3

HTTP Response

400
66.254.114.41:443

https://www.pornhub.com/service-worker.js

tls, http2

msedge.exe

44.5kB
1.7MB
840
1241

HTTP Request

GET https://www.pornhub.com/

HTTP Response

200

HTTP Request

GET https://www.pornhub.com/_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1717875987%2C%22hash%22%3A%22d13dc111b661138eda2102c5f08cfa13%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hbresp=header&hb=E66DE107-BF9F-43A0-AFD7-1D90D6A15677&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A5%7D%2C%7B%22zone%22%3A2184351%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa

HTTP Response

202

HTTP Request

GET https://www.pornhub.com/_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1717875987%2C%22hash%22%3A%22d13dc111b661138eda2102c5f08cfa13%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hc=E66DE107-BF9F-43A0-AFD7-1D90D6A15677&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A5%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa

HTTP Request

GET https://www.pornhub.com/_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1717875987%2C%22hash%22%3A%22d13dc111b661138eda2102c5f08cfa13%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hc=E66DE107-BF9F-43A0-AFD7-1D90D6A15677&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A2184351%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://www.pornhub.com/_i?type=event&event=consent-modal-open

HTTP Response

200

HTTP Request

GET https://www.pornhub.com/_xa/deep_pixel?info=CiRmNjUwMzNkZS05NjQzLTQ1OTAtOTIyNi0yNGQ3Njg5OWQ3NzkQk%2BqSswYaIjIxNjA2OTkwYTcwMjQxOWNiOTIxNGQyYjVkYzdkODczLTEoATAFOAVIsYzX3wNSATJYsdaA3QNgz9KP8gNyIGU0MTY3OTFiZDVmNDQ4NmE4NTgwY2I2MWQ3OTk4MWNjgQHxaOOItfjkPpIBAkdCmgEDRU5HogEGTG9uZG9uygESZ3R0IGNvbW11bmljYXRpb25z0gEEd2lmadoBB3dpbmRvd3PiAQ4xOTEuMTAxLjIwOS4zOfoBDjE5MS4xMDEuMjA5LjM5ggIHZGVkNzY1NogCIZICBGVkZ2WaAgRFQzFOqgIEMTAuMLICBDkyLjDYAp2S%2B84F4ALX4%2BaUBPoCATGCA197ImFjdG9yX2lkIjpudWxsLCJjb250ZW50X3R5cGUiOm51bGwsInZpZGVvX2lkIjpudWxsLCJoYXNoIjoiZDEzZGMxMTFiNjYxMTM4ZWRhMjEwMmM1ZjA4Y2ZhMTMifZIDB2Rlc2t0b3CaAwJlbsIDBGhvbWWYBAE%3D&noc=1&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F92.0.4515.131+Safari%2F537.36+Edg%2F92.0.902.67

HTTP Response

200

HTTP Request

GET https://www.pornhub.com/front/menu_livesex?segment=straight&token=MTcxNzg3NTk4N3gdVmnxQRuMJE3XyDoCQlnfZU7n3WGNEzMb8jll7R3RMxD7j9X7JFTaLWG283ZtarHx1U368zwJvAsKxPMV-BM.

HTTP Response

200

HTTP Request

GET https://www.pornhub.com/service-worker.js

HTTP Response

304
172.67.177.254:443

https://prvc.io/api/init-4039n5u7thbwcvx8fran.js

tls, http2

msedge.exe

1.7kB
5.9kB
14
14

HTTP Request

GET https://prvc.io/api/init-4039n5u7thbwcvx8fran.js

HTTP Response

200
64.210.156.22:443

https://ei.phncdn.com/videos/202405/10/452284521/thumbs_28/(m=eafTGgaaaa)(mh=fDuTWVKBpB4mCWtd)3.jpg

tls, http2

msedge.exe

4.0kB
75.0kB
50
61

HTTP Request

GET https://ei.phncdn.com/videos/202405/16/452524871/original/(m=qQGMLMZbeafTGgaaaa)(mh=dQGsLw9gN6E2hKFZ)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202405/17/452602211/original/(m=qXP9XKZbeafTGgaaaa)(mh=pswuhiv4tO-DKvef)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202309/16/439523501/original/(m=eafTGgaaaa)(mh=NWeB_k_oRBtHU5ZU)4.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202403/22/449965451/thumbs_35/(m=eafTGgaaaa)(mh=St9UP-_IFFMucl-A)8.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202405/10/452284521/thumbs_28/(m=eafTGgaaaa)(mh=fDuTWVKBpB4mCWtd)3.jpg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
93.184.223.43:443

https://eg-cdn.trafficjunky.net/uploaded_content/video/001/956/071/1956071_video.mp4

tls, http2

msedge.exe

18.8kB
488.5kB
322
357

HTTP Request

GET https://eg-cdn.trafficjunky.net/uploaded_content/video/001/956/071/1956071_video.mp4

HTTP Response

206

HTTP Request

GET https://eg-cdn.trafficjunky.net/uploaded_content/video/001/956/071/1956071_video.mp4

HTTP Response

206
64.210.156.21:443

https://ht-cdn.trafficjunky.net/uploaded_content/creative/101/822/962/1/1018229621.gif

tls, http2

msedge.exe

6.9kB
299.9kB
123
222

HTTP Request

GET https://ht-cdn.trafficjunky.net/uploaded_content/creative/101/822/962/1/1018229621.gif

HTTP Response

200
147.185.221.20:15871

moving-agenda.gl.at.ply.gg

XClient.exe

6.3kB
462 B
14
10
147.185.221.20:15871

moving-agenda.gl.at.ply.gg

XClient.exe

326 B
191 B
5
4
147.185.221.20:15871

moving-agenda.gl.at.ply.gg

XClient.exe

1.3kB
306 B
7
6
147.185.221.20:15871

moving-agenda.gl.at.ply.gg

XClient.exe

6.8kB
1.1kB
23
22
147.185.221.20:15871

moving-agenda.gl.at.ply.gg

XClient.exe

304.4kB
1.4kB
227
31
51.38.43.18:443

https://gofile.io/d/10lzhS

tls, http

XClient.exe

762 B
5.3kB
9
11

HTTP Request

GET https://gofile.io/d/10lzhS

HTTP Response

200
147.185.221.20:15871

moving-agenda.gl.at.ply.gg

XClient.exe

236 B
172 B
5
4
147.185.221.20:15871

moving-agenda.gl.at.ply.gg

XClient.exe

2.6kB
536 B
9
10
147.185.221.20:15871

moving-agenda.gl.at.ply.gg

XClient.exe

99.7kB
3.1kB
99
54
93.184.215.14:80

http://www.example.com/File.exe

http

XClient.exe

349 B
1.8kB
6
5

HTTP Request

GET http://www.example.com/File.exe

HTTP Response

404
147.185.221.20:15871

moving-agenda.gl.at.ply.gg

XClient.exe

1.3kB
191 B
5
4
147.185.221.20:15871

moving-agenda.gl.at.ply.gg

XClient.exe

7.5kB
1.1kB
28
27
147.185.221.20:15871

moving-agenda.gl.at.ply.gg

XClient.exe

9.1kB
15.9kB
32
39
147.185.221.20:15871

moving-agenda.gl.at.ply.gg

XClient.exe

326 B
191 B
5
4
147.185.221.20:15871

moving-agenda.gl.at.ply.gg

XClient.exe

677 B
863 B
9
9
147.185.221.20:15871

moving-agenda.gl.at.ply.gg

XClient.exe

734 B
485 B
7
8
147.185.221.20:15871

moving-agenda.gl.at.ply.gg

5.6kB
342 B
9
7
147.185.221.20:15871

moving-agenda.gl.at.ply.gg

2.2MB
5.8kB
1622
140

8.8.8.8:53

gofile.io

dns

XClient.exe

55 B
103 B
1
1

DNS Request

gofile.io

DNS Response

51.38.43.18

151.80.29.83

51.178.66.33
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

18.43.38.51.in-addr.arpa

dns

70 B
108 B
1
1

DNS Request

18.43.38.51.in-addr.arpa
8.8.8.8:53

75.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

75.159.190.20.in-addr.arpa
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

api.gofile.io

dns

msedge.exe

59 B
107 B
1
1

DNS Request

api.gofile.io

DNS Response

151.80.29.83

51.38.43.18

51.178.66.33
8.8.8.8:53

83.29.80.151.in-addr.arpa

dns

71 B
110 B
1
1

DNS Request

83.29.80.151.in-addr.arpa
8.8.8.8:53

s.gofile.io

dns

msedge.exe

57 B
73 B
1
1

DNS Request

s.gofile.io

DNS Response

51.75.242.210
224.0.0.251:5353

msedge.exe

652 B
10
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

210.242.75.51.in-addr.arpa

dns

72 B
100 B
1
1

DNS Request

210.242.75.51.in-addr.arpa
8.8.8.8:53

store10.gofile.io

dns

msedge.exe

63 B
79 B
1
1

DNS Request

store10.gofile.io

DNS Response

31.14.70.252
8.8.8.8:53

252.70.14.31.in-addr.arpa

dns

71 B
110 B
1
1

DNS Request

252.70.14.31.in-addr.arpa
8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

ip-api.com

dns

XClient.exe

56 B
72 B
1
1

DNS Request

ip-api.com

DNS Response

208.95.112.1
8.8.8.8:53

1.112.95.208.in-addr.arpa

dns

71 B
95 B
1
1

DNS Request

1.112.95.208.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

144 B
146 B
2
1

DNS Request

157.123.68.40.in-addr.arpa

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

moving-agenda.gl.at.ply.gg

dns

XClient.exe

72 B
88 B
1
1

DNS Request

moving-agenda.gl.at.ply.gg

DNS Response

147.185.221.20
8.8.8.8:53

20.221.185.147.in-addr.arpa

dns

146 B
130 B
2
1

DNS Request

20.221.185.147.in-addr.arpa

DNS Request

20.221.185.147.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

pornhub.com

dns

msedge.exe

57 B
73 B
1
1

DNS Request

pornhub.com

DNS Response

66.254.114.41
8.8.8.8:53

www.pornhub.com

dns

msedge.exe

61 B
91 B
1
1

DNS Request

www.pornhub.com

DNS Response

66.254.114.41
8.8.8.8:53

static.trafficjunky.com

dns

msedge.exe

69 B
246 B
1
1

DNS Request

static.trafficjunky.com

DNS Response

64.210.156.20

64.210.156.21

64.210.156.22

64.210.156.23

64.210.156.16

64.210.156.17

64.210.156.18

64.210.156.19
8.8.8.8:53

ei.phncdn.com

dns

msedge.exe

59 B
226 B
1
1

DNS Request

ei.phncdn.com

DNS Response

64.210.156.22

64.210.156.23

64.210.156.16

64.210.156.17

64.210.156.18

64.210.156.19

64.210.156.20

64.210.156.21
8.8.8.8:53

41.114.254.66.in-addr.arpa

dns

72 B
113 B
1
1

DNS Request

41.114.254.66.in-addr.arpa
8.8.8.8:53

media.trafficjunky.net

dns

msedge.exe

68 B
247 B
1
1

DNS Request

media.trafficjunky.net

DNS Response

64.210.156.16

64.210.156.17

64.210.156.18

64.210.156.19

64.210.156.20

64.210.156.21

64.210.156.22

64.210.156.23
8.8.8.8:53

prvc.io

dns

msedge.exe

53 B
85 B
1
1

DNS Request

prvc.io

DNS Response

172.67.177.254

104.21.56.52
8.8.8.8:53

cdn1-smallimg.phncdn.com

dns

msedge.exe

70 B
109 B
1
1

DNS Request

cdn1-smallimg.phncdn.com

DNS Response

66.254.114.156
8.8.8.8:53

20.156.210.64.in-addr.arpa

dns

72 B
141 B
1
1

DNS Request

20.156.210.64.in-addr.arpa
8.8.8.8:53

ss.phncdn.com

dns

msedge.exe

59 B
226 B
1
1

DNS Request

ss.phncdn.com

DNS Response

64.210.156.18

64.210.156.19

64.210.156.20

64.210.156.21

64.210.156.22

64.210.156.23

64.210.156.16

64.210.156.17
8.8.8.8:53

22.156.210.64.in-addr.arpa

dns

72 B
141 B
1
1

DNS Request

22.156.210.64.in-addr.arpa
8.8.8.8:53

16.156.210.64.in-addr.arpa

dns

72 B
141 B
1
1

DNS Request

16.156.210.64.in-addr.arpa
8.8.8.8:53

156.114.254.66.in-addr.arpa

dns

73 B
114 B
1
1

DNS Request

156.114.254.66.in-addr.arpa
8.8.8.8:53

254.177.67.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

254.177.67.172.in-addr.arpa
8.8.8.8:53

72.214.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

72.214.58.216.in-addr.arpa
8.8.8.8:53

238.75.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

238.75.250.142.in-addr.arpa
8.8.8.8:53

a.adtng.com

dns

msedge.exe

57 B
73 B
1
1

DNS Request

a.adtng.com

DNS Response

66.254.114.171
8.8.8.8:53

eg-cdn.trafficjunky.net

dns

msedge.exe

138 B
238 B
2
2

DNS Request

eg-cdn.trafficjunky.net

DNS Request

eg-cdn.trafficjunky.net

DNS Response

93.184.223.43

DNS Response

93.184.223.43
8.8.8.8:53

ht-cdn2.adtng.com

dns

msedge.exe

126 B
468 B
2
2

DNS Request

ht-cdn2.adtng.com

DNS Request

ht-cdn2.adtng.com

DNS Response

64.210.156.23

64.210.156.16

64.210.156.17

64.210.156.18

64.210.156.19

64.210.156.20

64.210.156.21

64.210.156.22

DNS Response

64.210.156.23

64.210.156.16

64.210.156.17

64.210.156.18

64.210.156.19

64.210.156.20

64.210.156.21

64.210.156.22
8.8.8.8:53

hw-cdn2.adtng.com

dns

msedge.exe

126 B
468 B
2
2

DNS Request

hw-cdn2.adtng.com

DNS Request

hw-cdn2.adtng.com

DNS Response

64.210.156.4

64.210.156.5

64.210.156.6

64.210.156.7

64.210.156.0

64.210.156.1

64.210.156.2

64.210.156.3

DNS Response

64.210.156.4

64.210.156.5

64.210.156.6

64.210.156.7

64.210.156.0

64.210.156.1

64.210.156.2

64.210.156.3
8.8.8.8:53

43.223.184.93.in-addr.arpa

dns

72 B
143 B
1
1

DNS Request

43.223.184.93.in-addr.arpa
8.8.8.8:53

171.114.254.66.in-addr.arpa

dns

73 B
114 B
1
1

DNS Request

171.114.254.66.in-addr.arpa
8.8.8.8:53

23.156.210.64.in-addr.arpa

dns

72 B
141 B
1
1

DNS Request

23.156.210.64.in-addr.arpa
8.8.8.8:53

4.156.210.64.in-addr.arpa

dns

71 B
140 B
1
1

DNS Request

4.156.210.64.in-addr.arpa
8.8.8.8:53

storage.googleapis.com

dns

msedge.exe

136 B
456 B
2
2

DNS Request

storage.googleapis.com

DNS Request

storage.googleapis.com

DNS Response

172.217.18.219

142.250.75.251

216.58.214.187

172.217.20.187

172.217.20.219

216.58.215.59

142.250.179.91

142.250.179.123

142.250.178.155

142.250.201.187

DNS Response

172.217.18.219

142.250.75.251

216.58.214.187

172.217.20.187

172.217.20.219

216.58.215.59

142.250.179.91

142.250.179.123

142.250.178.155

142.250.201.187
8.8.8.8:53

219.18.217.172.in-addr.arpa

dns

146 B
286 B
2
2

DNS Request

219.18.217.172.in-addr.arpa

DNS Request

219.18.217.172.in-addr.arpa
8.8.8.8:53

ht-cdn.trafficjunky.net

dns

msedge.exe

138 B
498 B
2
2

DNS Request

ht-cdn.trafficjunky.net

DNS Request

ht-cdn.trafficjunky.net

DNS Response

64.210.156.21

64.210.156.22

64.210.156.23

64.210.156.16

64.210.156.17

64.210.156.18

64.210.156.19

64.210.156.20

DNS Response

64.210.156.21

64.210.156.22

64.210.156.23

64.210.156.16

64.210.156.17

64.210.156.18

64.210.156.19

64.210.156.20
8.8.8.8:53

21.156.210.64.in-addr.arpa

dns

72 B
141 B
1
1

DNS Request

21.156.210.64.in-addr.arpa
8.8.8.8:53

31.73.42.20.in-addr.arpa

dns

140 B
312 B
2
2

DNS Request

31.73.42.20.in-addr.arpa

DNS Request

31.73.42.20.in-addr.arpa
8.8.8.8:53

gofile.io

dns

XClient.exe

110 B
206 B
2
2

DNS Request

gofile.io

DNS Request

gofile.io

DNS Response

51.38.43.18

151.80.29.83

51.178.66.33

DNS Response

51.38.43.18

151.80.29.83

51.178.66.33
8.8.8.8:53

www.example.com

dns

XClient.exe

122 B
154 B
2
2

DNS Request

www.example.com

DNS Request

www.example.com

DNS Response

93.184.215.14

DNS Response

93.184.215.14
8.8.8.8:53

14.215.184.93.in-addr.arpa

dns

144 B
286 B
2
2

DNS Request

14.215.184.93.in-addr.arpa

DNS Request

14.215.184.93.in-addr.arpa
8.8.8.8:53

76.234.34.23.in-addr.arpa

dns

142 B
270 B
2
2

DNS Request

76.234.34.23.in-addr.arpa

DNS Request

76.234.34.23.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

System Information Discovery