ebd3bc74866f6cd818141da0ff7ae51b4b1970dad1695f3f57845909f9c7b7a4

Analysis

max time kernel
95s
max time network
93s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
14/08/2024, 03:46 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ccsetup626pro.exe
Size

72.2MB
MD5

b0641da60584a9ddbbc5a5c14d1e2c25
SHA1

9a3a808fe55c5174e262762de319aeea2701bae8
SHA256

ebd3bc74866f6cd818141da0ff7ae51b4b1970dad1695f3f57845909f9c7b7a4
SHA512

3a66626336034210d847757c87b005763169eece50b678dd44d90a5527dce2ec55b3d3ecee3c3b5e750052dbe5c0cea52e42811d8b566c33f5c43e77ba1d0d00
SSDEEP

1572864:Hcsg1pG3zhIExyRA2V/eboTJKq7/89/6C6KOhNMi:HyG3dI/RAUUoTJH7/89/6C6KUNt

Score

7^/10

bootkit discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Downloads MZ/PE file

Writes to the Master Boot Record (MBR) 1 TTPs 5 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	ccsetup626pro.exe
File opened for modification	\??\PhysicalDrive0	CCUpdate.exe
File opened for modification	\??\PhysicalDrive0	CCleaner64.exe
File opened for modification	\??\PhysicalDrive0	CCUpdate.exe
File opened for modification	\??\PhysicalDrive0	CCleaner64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\CCleaner\branding.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1051.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1056.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1155.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-2052.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\CCleanerReactivator.exe	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1043.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1044.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1055.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1087.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\libwavmodapi.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1032.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1038.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1062.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1067.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1086.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1102.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\libwaheap.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\CCleaner.exe	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1025.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1029.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1046.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1063.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-9999.dll	ccsetup626pro.exe
File opened for modification	C:\Program Files\CCleaner	CCleaner64.exe
File created	C:\Program Files\CCleaner\Lang\lang-1110.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\libwaapi.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Setup\959a9ad0-8f14-4d55-9ad5-052cd6f713fb.xml	CCUpdate.exe
File created	C:\Program Files\CCleaner\Lang\lang-1059.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1081.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\uninst.exe	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\CCUpdate.exe	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1031.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1079.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Setup\253a35ed-e3f1-4e9e-9628-68e736ecace2.ini	CCUpdate.exe
File created	C:\Program Files\CCleaner\CCleanerBugReport.exe	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\autotrial.dat	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1036.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1053.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1060.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1061.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1066.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\libwalocal.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Setup\config.def	CCleaner64.exe
File created	C:\Program Files\CCleaner\Lang\lang-1034.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1041.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1048.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1092.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1093.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\CCleanerReactivator.dll	ccsetup626pro.exe
File opened for modification	C:\Program Files\CCleaner	CCleaner64.exe
File created	C:\Program Files\CCleaner\libwautils.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1030.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1049.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1057.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1068.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1071.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1109.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-5146.dll	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\CCleaner64.exe	ccsetup626pro.exe
File created	C:\Program Files\CCleaner\Lang\lang-1027.dll	ccsetup626pro.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\CCleanerCrashReporting.job	CCleaner64.exe
File opened for modification	C:\Windows\Tasks\CCleanerCrashReporting.job	CCleaner64.exe

Executes dropped EXE 4 IoCs

pid	Process
3524	CCleaner64.exe
1956	CCUpdate.exe
5188	CCUpdate.exe
5360	CCleaner64.exe

Loads dropped DLL 18 IoCs

pid	Process
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3524	CCleaner64.exe
3524	CCleaner64.exe
3004	ccsetup626pro.exe
5188	CCUpdate.exe
5360	CCleaner64.exe
5360	CCleaner64.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
behavioral1/files/0x000100000002ab49-393.dat	embeds_openssl

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CCUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CCUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ccsetup626pro.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	ccsetup626pro.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	ccsetup626pro.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	CCleaner64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	CCleaner64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	ccsetup626pro.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	CCleaner64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	CCleaner64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	CCleaner64.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 21 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Piriform\CCleaner\AutoICS = "1"	ccsetup626pro.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE	ccsetup626pro.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Piriform\CCleaner	ccsetup626pro.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\Software\Piriform\CCleaner\UpdateBackground = "1"	ccsetup626pro.exe
Key created	\REGISTRY\USER\S-1-5-20\SOFTWARE\Piriform\CCleaner	ccsetup626pro.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Piriform	ccsetup626pro.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Piriform\CCleaner	ccsetup626pro.exe
Key created	\REGISTRY\USER\.DEFAULT	ccsetup626pro.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	ccsetup626pro.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Piriform	ccsetup626pro.exe
Key created	\REGISTRY\USER\S-1-5-20	ccsetup626pro.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Piriform\CCleaner	ccsetup626pro.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Piriform	ccsetup626pro.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Piriform\CCleaner	ccsetup626pro.exe
Key created	\REGISTRY\USER\S-1-5-19	ccsetup626pro.exe
Key created	\REGISTRY\USER\S-1-5-20\SOFTWARE	ccsetup626pro.exe
Set value (str)	\REGISTRY\USER\S-1-5-20\Software\Piriform\CCleaner\UpdateBackground = "1"	ccsetup626pro.exe
Set value (str)	\REGISTRY\USER\S-1-5-20\Software\Piriform\CCleaner\AutoICS = "1"	ccsetup626pro.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Piriform\CCleaner\UpdateBackground = "1"	ccsetup626pro.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Piriform\CCleaner	ccsetup626pro.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\Software\Piriform\CCleaner\AutoICS = "1"	ccsetup626pro.exe

Modifies registry class 27 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Run CCleaner\command	ccsetup626pro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Open CCleaner...\command	ccsetup626pro.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\SOFTWARE\Piriform	ccsetup626pro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Open CCleaner...	ccsetup626pro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Open CCleaner...\command	ccsetup626pro.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\SOFTWARE\Piriform\CCleaner\AutoICS = "1"	ccsetup626pro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch	ccsetup626pro.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\SOFTWARE\Piriform\CCleaner	ccsetup626pro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Run CCleaner\command	ccsetup626pro.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Run CCleaner\command\ = "C:\\Program Files\\CCleaner\\ccleaner.exe /AUTORB"	ccsetup626pro.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Open CCleaner...\command\ = "C:\\Program Files\\CCleaner\\ccleaner.exe /FRB"	ccsetup626pro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}	ccsetup626pro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\open\command	ccsetup626pro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	ccsetup626pro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell	ccsetup626pro.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\ = "URL: CCleaner Protocol"	ccsetup626pro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\open	ccsetup626pro.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\open\	ccsetup626pro.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\open\command\ = "\"C:\\Program Files\\CCleaner\\ccleaner.exe\" /%1"	ccsetup626pro.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\URL Protocol	ccsetup626pro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell	ccsetup626pro.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Software\Piriform\CCleaner	ccsetup626pro.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Run CCleaner	ccsetup626pro.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\	ccsetup626pro.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\SOFTWARE	ccsetup626pro.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\SOFTWARE\Piriform\CCleaner\UpdateBackground = "1"	ccsetup626pro.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
3524	CCleaner64.exe
3524	CCleaner64.exe
3524	CCleaner64.exe
3524	CCleaner64.exe
3524	CCleaner64.exe
3524	CCleaner64.exe
3524	CCleaner64.exe
3524	CCleaner64.exe
3524	CCleaner64.exe
3524	CCleaner64.exe
3524	CCleaner64.exe
3524	CCleaner64.exe
3524	CCleaner64.exe
3524	CCleaner64.exe
3524	CCleaner64.exe
3524	CCleaner64.exe
3524	CCleaner64.exe
3524	CCleaner64.exe
3524	CCleaner64.exe
3524	CCleaner64.exe
3524	CCleaner64.exe
3524	CCleaner64.exe
3524	CCleaner64.exe
3524	CCleaner64.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeRestorePrivilege	3004	ccsetup626pro.exe
Token: SeDebugPrivilege	3524	CCleaner64.exe
Token: SeDebugPrivilege	5360	CCleaner64.exe
Token: SeShutdownPrivilege	5360	CCleaner64.exe
Token: SeCreatePagefilePrivilege	5360	CCleaner64.exe
Token: SeShutdownPrivilege	5360	CCleaner64.exe
Token: SeCreatePagefilePrivilege	5360	CCleaner64.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
5480	MiniSearchHost.exe
3004	ccsetup626pro.exe
3004	ccsetup626pro.exe
5360	CCleaner64.exe
5360	CCleaner64.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 3524	3004	ccsetup626pro.exe	85
PID 3004 wrote to memory of 3524	3004	ccsetup626pro.exe	85
PID 3004 wrote to memory of 1956	3004	ccsetup626pro.exe	87
PID 3004 wrote to memory of 1956	3004	ccsetup626pro.exe	87
PID 3004 wrote to memory of 1956	3004	ccsetup626pro.exe	87
PID 1956 wrote to memory of 5188	1956	CCUpdate.exe	88
PID 1956 wrote to memory of 5188	1956	CCUpdate.exe	88
PID 1956 wrote to memory of 5188	1956	CCUpdate.exe	88
PID 3004 wrote to memory of 3780	3004	ccsetup626pro.exe	89
PID 3004 wrote to memory of 3780	3004	ccsetup626pro.exe	89
PID 3004 wrote to memory of 5360	3004	ccsetup626pro.exe	90
PID 3004 wrote to memory of 5360	3004	ccsetup626pro.exe	90
PID 3780 wrote to memory of 2452	3780	msedge.exe	91
PID 3780 wrote to memory of 2452	3780	msedge.exe	91
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4024	3780	msedge.exe	92
PID 3780 wrote to memory of 4592	3780	msedge.exe	93
PID 3780 wrote to memory of 4592	3780	msedge.exe	93
PID 3780 wrote to memory of 3264	3780	msedge.exe	94
PID 3780 wrote to memory of 3264	3780	msedge.exe	94
PID 3780 wrote to memory of 3264	3780	msedge.exe	94
PID 3780 wrote to memory of 3264	3780	msedge.exe	94
PID 3780 wrote to memory of 3264	3780	msedge.exe	94
PID 3780 wrote to memory of 3264	3780	msedge.exe	94
PID 3780 wrote to memory of 3264	3780	msedge.exe	94
PID 3780 wrote to memory of 3264	3780	msedge.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\ccsetup626pro.exe
"C:\Users\Admin\AppData\Local\Temp\ccsetup626pro.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Program Files\CCleaner\CCleaner64.exe
  "C:\Program Files\CCleaner\CCleaner64.exe" /createSkipUAC
  2⤵
  - Writes to the Master Boot Record (MBR)
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3524
- C:\Program Files\CCleaner\CCUpdate.exe
  "C:\Program Files\CCleaner\CCUpdate.exe" /reg
  2⤵
  - Writes to the Master Boot Record (MBR)
  - Drops file in Program Files directory
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1956
- - C:\Program Files\CCleaner\CCUpdate.exe
    CCUpdate.exe /emupdater /applydll "C:\Program Files\CCleaner\Setup\70c9b85f-bf47-4af2-8b76-0b93b460c24b.dll"
    3⤵
    - Writes to the Master Boot Record (MBR)
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=3
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa51203cb8,0x7ffa51203cc8,0x7ffa51203cd8
    3⤵
    PID:2452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,1330511639565632459,14641089765873982967,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
    3⤵
    PID:4024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,1330511639565632459,14641089765873982967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
    3⤵
    PID:4592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,1330511639565632459,14641089765873982967,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
    3⤵
    PID:3264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,1330511639565632459,14641089765873982967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
    3⤵
    PID:244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,1330511639565632459,14641089765873982967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
    3⤵
    PID:4476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,1330511639565632459,14641089765873982967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2780 /prefetch:1
    3⤵
    PID:5352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,1330511639565632459,14641089765873982967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
    3⤵
    PID:5204
- C:\Program Files\CCleaner\CCleaner64.exe
  "C:\Program Files\CCleaner\CCleaner64.exe"
  2⤵
  - Writes to the Master Boot Record (MBR)
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:5360

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5764

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\6d9beeac63954009b2cc3d09f6185d83 /t 2704 /p 5360
1⤵
PID:3868

Network

DNS

analytics.avcdn.net

CCleaner64.exe

Remote address:

8.8.8.8:53

Request

analytics.avcdn.net

IN A

Response

analytics.avcdn.net

IN CNAME

analytics.ff.avast.com

analytics.ff.avast.com

IN CNAME

analytics-prod-gcp.ff.avast.com

analytics-prod-gcp.ff.avast.com

IN A

34.117.223.223
DNS

analytics.avcdn.net

CCleaner64.exe

Remote address:

8.8.8.8:53

Request

analytics.avcdn.net

IN A
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

223.223.117.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

223.223.117.34.in-addr.arpa

IN PTR

Response

223.223.117.34.in-addr.arpa

IN PTR

22322311734bcgoogleusercontentcom
DNS

223.223.117.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

223.223.117.34.in-addr.arpa

IN PTR
POST

https://analytics.avcdn.net/receive3

ccsetup626pro.exe

Remote address:

34.117.223.223:443

Request

POST /receive3 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-enc-sb
User-Agent: Avast Antivirus
Content-Length: 289
Host: analytics.avcdn.net

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 14 Aug 2024 03:51:20 GMT
Content-Type: application/octet-stream
Content-Length: 24
X-ASW-Receiver-Ack: processed
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://analytics.avcdn.net/receive3

ccsetup626pro.exe

Remote address:

34.117.223.223:443

Request

POST /receive3 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-enc-sb
User-Agent: Avast Antivirus
Content-Length: 289
Host: analytics.avcdn.net

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 14 Aug 2024 03:51:28 GMT
Content-Type: application/octet-stream
Content-Length: 24
X-ASW-Receiver-Ack: processed
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://analytics.avcdn.net/receive3

ccsetup626pro.exe

Remote address:

34.117.223.223:443

Request

POST /receive3 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-enc-sb
User-Agent: Avast Antivirus
Content-Length: 289
Host: analytics.avcdn.net

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 14 Aug 2024 03:51:35 GMT
Content-Type: application/octet-stream
Content-Length: 24
X-ASW-Receiver-Ack: processed
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

service.piriform.com

ccsetup626pro.exe

Remote address:

8.8.8.8:53

Request

service.piriform.com

IN A

Response

service.piriform.com

IN CNAME

service.piriform.com-v1.edgekey.net

service.piriform.com-v1.edgekey.net

IN CNAME

e5003.dsca.akamaiedge.net

e5003.dsca.akamaiedge.net

IN A

23.49.163.75
DNS

ctldl.windowsupdate.com

ccsetup626pro.exe

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

ctldl.windowsupdate.com.delivery.microsoft.com

ctldl.windowsupdate.com.delivery.microsoft.com

IN CNAME

wu-b-net.trafficmanager.net

wu-b-net.trafficmanager.net

IN CNAME

bg.microsoft.map.fastly.net

bg.microsoft.map.fastly.net

IN A

199.232.214.172

bg.microsoft.map.fastly.net

IN A

199.232.210.172
DNS

ocsp.digicert.com

ccsetup626pro.exe

Remote address:

8.8.8.8:53

Request

ocsp.digicert.com

IN A

Response

ocsp.digicert.com

IN CNAME

ocsp.edge.digicert.com

ocsp.edge.digicert.com

IN CNAME

fp2e7a.wpc.2be4.phicdn.net

fp2e7a.wpc.2be4.phicdn.net

IN CNAME

fp2e7a.wpc.phicdn.net

fp2e7a.wpc.phicdn.net

IN A

192.229.221.95
DNS

ocsp.digicert.com

ccsetup626pro.exe

Remote address:

8.8.8.8:53

Request

ocsp.digicert.com

IN A
DNS

ocsp.digicert.com

ccsetup626pro.exe

Remote address:

8.8.8.8:53

Request

ocsp.digicert.com

IN A
DNS

75.163.49.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.163.49.23.in-addr.arpa

IN PTR

Response

75.163.49.23.in-addr.arpa

IN PTR

a23-49-163-75deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

license.piriform.com

Remote address:

8.8.8.8:53

Request

license.piriform.com

IN A

Response

license.piriform.com

IN CNAME

license.piriform.com-v2.edgekey.net

license.piriform.com-v2.edgekey.net

IN CNAME

e5003.dsca.akamaiedge.net

e5003.dsca.akamaiedge.net

IN A

23.49.163.75
DNS

shepherd.ff.avast.com

Remote address:

8.8.8.8:53

Request

shepherd.ff.avast.com

IN A

Response

shepherd.ff.avast.com

IN CNAME

shepherd-gcp.ff.avast.com

shepherd-gcp.ff.avast.com

IN A

34.160.176.28
DNS

ocsp.pki.goog

Remote address:

8.8.8.8:53

Request

ocsp.pki.goog

IN A

Response

ocsp.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

216.58.214.67
DNS

ocsp.pki.goog

Remote address:

8.8.8.8:53

Request

ocsp.pki.goog

IN A
DNS

28.176.160.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.176.160.34.in-addr.arpa

IN PTR

Response

28.176.160.34.in-addr.arpa

IN PTR

2817616034bcgoogleusercontentcom
DNS

c.pki.goog

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

216.58.214.67
DNS

o.pki.goog

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

216.58.214.67
DNS

67.214.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.214.58.216.in-addr.arpa

IN PTR

Response

67.214.58.216.in-addr.arpa

IN PTR

fra15s10-in-f671e100net

67.214.58.216.in-addr.arpa

IN PTR

fra15s10-in-f3�H

67.214.58.216.in-addr.arpa

IN PTR

par10s39-in-f3�H
DNS

ip-info.ff.avast.com

Remote address:

8.8.8.8:53

Request

ip-info.ff.avast.com

IN A

Response

ip-info.ff.avast.com

IN CNAME

ip-info-gcp.ff.avast.com

ip-info-gcp.ff.avast.com

IN A

34.149.149.62
DNS

ip-info.ff.avast.com

Remote address:

8.8.8.8:53

Request

ip-info.ff.avast.com

IN A

Response

ip-info.ff.avast.com

IN CNAME

ip-info-gcp.ff.avast.com

ip-info-gcp.ff.avast.com

IN A

34.149.149.62
DNS

62.149.149.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

62.149.149.34.in-addr.arpa

IN PTR

Response

62.149.149.34.in-addr.arpa

IN PTR

6214914934bcgoogleusercontentcom
DNS

emupdate.avcdn.net

Remote address:

8.8.8.8:53

Request

emupdate.avcdn.net

IN A

Response

emupdate.avcdn.net

IN CNAME

emupdate.avcdn.net.edgesuite.net

emupdate.avcdn.net.edgesuite.net

IN CNAME

a1544.dscd.akamai.net

a1544.dscd.akamai.net

IN A

2.18.190.72

a1544.dscd.akamai.net

IN A

2.18.190.74
DNS

emupdate.avcdn.net

Remote address:

8.8.8.8:53

Request

emupdate.avcdn.net

IN A
GET

http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D

ccsetup626pro.exe

Remote address:

216.58.214.67:80

Request

GET /gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 1446
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Wed, 14 Aug 2024 03:31:03 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1230
GET

http://c.pki.goog/r/r1.crl

ccsetup626pro.exe

Remote address:

216.58.214.67:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 14 Aug 2024 03:19:28 GMT
Expires: Wed, 14 Aug 2024 04:09:28 GMT
Cache-Control: public, max-age=3000
Age: 1926
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://o.pki.goog/s/wr3/tKg/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQSq0i5t2Pafi2Gw9uzwnc7KTctWgQUx4H1%2FY6I2QA8TWOiUDEkoM4j%2FiMCEQC0qDqIEtY8IApzSgcUAYOk

ccsetup626pro.exe

Remote address:

216.58.214.67:80

Request

GET /s/wr3/tKg/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQSq0i5t2Pafi2Gw9uzwnc7KTctWgQUx4H1%2FY6I2QA8TWOiUDEkoM4j%2FiMCEQC0qDqIEtY8IApzSgcUAYOk HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Wed, 14 Aug 2024 00:01:42 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 13792
DNS

ncc.avast.com

CCleaner64.exe

Remote address:

8.8.8.8:53

Request

ncc.avast.com

IN A

Response

ncc.avast.com

IN CNAME

ncc.avast.com.edgesuite.net

ncc.avast.com.edgesuite.net

IN CNAME

a1488.dscd.akamai.net

a1488.dscd.akamai.net

IN A

2.18.190.83

a1488.dscd.akamai.net

IN A

2.18.190.77
DNS

83.190.18.2.in-addr.arpa

CCleaner64.exe

Remote address:

8.8.8.8:53

Request

83.190.18.2.in-addr.arpa

IN PTR

Response

83.190.18.2.in-addr.arpa

IN PTR

a2-18-190-83deploystaticakamaitechnologiescom
DNS

83.190.18.2.in-addr.arpa

CCleaner64.exe

Remote address:

8.8.8.8:53

Request

83.190.18.2.in-addr.arpa

IN PTR
GET

http://ncc.avast.com/ncc.txt

CCleaner64.exe

Remote address:

2.18.190.83:80

Request

GET /ncc.txt HTTP/1.1
Connection: Keep-Alive
User-Agent: Avast Antivirus
Host: ncc.avast.com

Response

HTTP/1.1 200 OK

Content-Type: text/html
Content-Length: 26
Date: Wed, 14 Aug 2024 03:51:37 GMT
Connection: keep-alive
POST

https://analytics.avcdn.net/receive3

CCleaner64.exe

Remote address:

34.117.223.223:443

Request

POST /receive3 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-enc-sb
User-Agent: Avast Antivirus
Content-Length: 234
Host: analytics.avcdn.net

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 14 Aug 2024 03:51:37 GMT
Content-Type: application/octet-stream
Content-Length: 24
X-ASW-Receiver-Ack: processed
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://analytics.avcdn.net/receive3

CCleaner64.exe

Remote address:

34.117.223.223:443

Request

POST /receive3 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-enc-sb
User-Agent: Avast Antivirus
Content-Length: 245
Host: analytics.avcdn.net

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 14 Aug 2024 03:51:38 GMT
Content-Type: application/octet-stream
Content-Length: 24
X-ASW-Receiver-Ack: processed
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://analytics.avcdn.net/receive3

CCleaner64.exe

Remote address:

34.117.223.223:443

Request

POST /receive3 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-enc-sb
User-Agent: Avast Antivirus
Content-Length: 253
Host: analytics.avcdn.net

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 14 Aug 2024 03:51:38 GMT
Content-Type: application/octet-stream
Content-Length: 24
X-ASW-Receiver-Ack: processed
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

emupdate.avcdn.net

CCUpdate.exe

Remote address:

8.8.8.8:53

Request

emupdate.avcdn.net

IN A

Response

emupdate.avcdn.net

IN CNAME

emupdate.avcdn.net.edgesuite.net

emupdate.avcdn.net.edgesuite.net

IN CNAME

a1544.dscd.akamai.net

a1544.dscd.akamai.net

IN A

2.18.190.74

a1544.dscd.akamai.net

IN A

2.18.190.72
DNS

ccleaner.tools.avcdn.net

CCUpdate.exe

Remote address:

8.8.8.8:53

Request

ccleaner.tools.avcdn.net

IN A

Response

ccleaner.tools.avcdn.net

IN CNAME

tools.avcdn.net.edgesuite.net

tools.avcdn.net.edgesuite.net

IN CNAME

a1163.dscd.akamai.net

a1163.dscd.akamai.net

IN A

2.18.190.83

a1163.dscd.akamai.net

IN A

2.18.190.81
DNS

ccleaner.tools.avcdn.net

CCUpdate.exe

Remote address:

8.8.8.8:53

Request

ccleaner.tools.avcdn.net

IN A

Response

ccleaner.tools.avcdn.net

IN CNAME

tools.avcdn.net.edgesuite.net

tools.avcdn.net.edgesuite.net

IN CNAME

a1163.dscd.akamai.net

a1163.dscd.akamai.net

IN A

2.18.190.83

a1163.dscd.akamai.net

IN A

2.18.190.81
DNS

74.190.18.2.in-addr.arpa

CCUpdate.exe

Remote address:

8.8.8.8:53

Request

74.190.18.2.in-addr.arpa

IN PTR

Response

74.190.18.2.in-addr.arpa

IN PTR

a2-18-190-74deploystaticakamaitechnologiescom
DNS

www.google-analytics.com

CCUpdate.exe

Remote address:

8.8.8.8:53

Request

www.google-analytics.com

IN A

Response

www.google-analytics.com

IN CNAME

www-alv.google-analytics.com

www-alv.google-analytics.com

IN A

216.239.38.178

www-alv.google-analytics.com

IN A

216.239.36.178

www-alv.google-analytics.com

IN A

216.239.34.178

www-alv.google-analytics.com

IN A

216.239.32.178
DNS

178.38.239.216.in-addr.arpa

CCUpdate.exe

Remote address:

8.8.8.8:53

Request

178.38.239.216.in-addr.arpa

IN PTR

Response
DNS

www.ccleaner.com

CCUpdate.exe

Remote address:

8.8.8.8:53

Request

www.ccleaner.com

IN A

Response

www.ccleaner.com

IN CNAME

www.ccleaner.com.edgekey.net

www.ccleaner.com.edgekey.net

IN CNAME

e13363.dsca.akamaiedge.net

e13363.dsca.akamaiedge.net

IN A

2.18.109.139
DNS

ipm-provider.ff.avast.com

CCUpdate.exe

Remote address:

8.8.8.8:53

Request

ipm-provider.ff.avast.com

IN A

Response

ipm-provider.ff.avast.com

IN CNAME

ipm-gcp-prod.ff.avast.com

ipm-gcp-prod.ff.avast.com

IN A

34.111.24.1
DNS

fonts.googleapis.com

CCUpdate.exe

Remote address:

8.8.8.8:53

Request

fonts.googleapis.com

IN A

Response

fonts.googleapis.com

IN A

142.250.75.234
DNS

73.159.190.20.in-addr.arpa

CCUpdate.exe

Remote address:

8.8.8.8:53

Request

73.159.190.20.in-addr.arpa

IN PTR

Response
DNS

s7.addthis.com

CCUpdate.exe

Remote address:

8.8.8.8:53

Request

s7.addthis.com

IN A

Response

s7.addthis.com

IN CNAME

s8.addthis.com

s8.addthis.com

IN CNAME

ds-s7.addthis.com.edgekey.net

ds-s7.addthis.com.edgekey.net

IN CNAME

e4016.a.akamaiedge.net

e4016.a.akamaiedge.net

IN A

2.18.109.243
DNS

cdn-production.ccleaner.com

CCUpdate.exe

Remote address:

8.8.8.8:53

Request

cdn-production.ccleaner.com

IN A

Response

cdn-production.ccleaner.com

IN CNAME

cdn-production.ccleaner.com.edgekey.net

cdn-production.ccleaner.com.edgekey.net

IN CNAME

e13363.dsca.akamaiedge.net

e13363.dsca.akamaiedge.net

IN A

2.18.109.139
DNS

185.198.28.184.in-addr.arpa

CCUpdate.exe

Remote address:

8.8.8.8:53

Request

185.198.28.184.in-addr.arpa

IN PTR

Response

185.198.28.184.in-addr.arpa

IN PTR

a184-28-198-185deploystaticakamaitechnologiescom
DNS

s.yimg.com

CCUpdate.exe

Remote address:

8.8.8.8:53

Request

s.yimg.com

IN A

Response

s.yimg.com

IN CNAME

edge.gycpi.b.yahoodns.net

edge.gycpi.b.yahoodns.net

IN A

87.248.114.12

edge.gycpi.b.yahoodns.net

IN A

87.248.114.11
DNS

oms.ccleaner.com

CCUpdate.exe

Remote address:

8.8.8.8:53

Request

oms.ccleaner.com

IN A

Response

oms.ccleaner.com

IN CNAME

2w99epxhne.data.adobedc.net

2w99epxhne.data.adobedc.net

IN A

66.235.152.156

2w99epxhne.data.adobedc.net

IN A

66.235.152.221

2w99epxhne.data.adobedc.net

IN A

66.235.152.225
DNS

225.152.235.66.in-addr.arpa

CCUpdate.exe

Remote address:

8.8.8.8:53

Request

225.152.235.66.in-addr.arpa

IN PTR

Response

225.152.235.66.in-addr.arpa

IN PTR

ip-66-235-152-225dataadobedcnet
HEAD

http://emupdate.avcdn.net/files/emupdate/pong.txt

CCUpdate.exe

Remote address:

2.18.190.74:80

Request

HEAD /files/emupdate/pong.txt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: CCleaner Update Agent
Host: emupdate.avcdn.net

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: text/plain
Content-Length: 3
Last-Modified: Mon, 02 Jan 2017 10:13:10 GMT
ETag: "586a27b6-3"
Access-Control-Allow-Origin: *
x-cache-status: REVALIDATED
x-origin-cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=2157
Expires: Wed, 14 Aug 2024 04:27:35 GMT
Date: Wed, 14 Aug 2024 03:51:38 GMT
Connection: keep-alive
GET

http://ccleaner.tools.avcdn.net/tools/ccleaner/update/patches.ini

CCUpdate.exe

Remote address:

2.18.190.83:80

Request

GET /tools/ccleaner/update/patches.ini HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: CCleaner Update Agent
Host: ccleaner.tools.avcdn.net

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: text/plain
Content-Length: 170
Last-Modified: Mon, 10 Sep 2018 09:32:42 GMT
ETag: "5b963a3a-aa"
Access-Control-Allow-Origin: *
X-Cache-Status: HIT
X-Origin-Cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=895
Expires: Wed, 14 Aug 2024 04:06:34 GMT
Date: Wed, 14 Aug 2024 03:51:39 GMT
Connection: keep-alive
GET

http://ccleaner.tools.avcdn.net/tools/ccleaner/update/20180205.dll

CCUpdate.exe

Remote address:

2.18.190.83:80

Request

GET /tools/ccleaner/update/20180205.dll HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: CCleaner Update Agent
Host: ccleaner.tools.avcdn.net

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/octet-stream
Content-Length: 480648
Last-Modified: Mon, 10 Sep 2018 09:26:32 GMT
ETag: "5b9638c8-75588"
Access-Control-Allow-Origin: *
X-Cache-Status: HIT
X-Origin-Cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=1053
Expires: Wed, 14 Aug 2024 04:09:13 GMT
Date: Wed, 14 Aug 2024 03:51:40 GMT
Connection: keep-alive
GET

http://ccleaner.tools.avcdn.net/tools/ccleaner/update/updates.xml

CCUpdate.exe

Remote address:

2.18.190.83:80

Request

GET /tools/ccleaner/update/updates.xml HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: CCleaner Update Agent
Host: ccleaner.tools.avcdn.net

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: text/xml
Content-Length: 818
Last-Modified: Mon, 29 Jul 2024 07:28:17 GMT
ETag: "66a74491-332"
Access-Control-Allow-Origin: *
x-cache-status: EXPIRED
x-origin-cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=1680
Expires: Wed, 14 Aug 2024 04:19:41 GMT
Date: Wed, 14 Aug 2024 03:51:41 GMT
Connection: keep-alive
GET

http://www.google-analytics.com/collect?v=1&tid=UA-58120669-26&t=event&cid=488dca4c15f9a1d330ad312b391a804e00000000000000000000000000000000&ec=20180910&ea=executed&el=1&ev=0

CCUpdate.exe

Remote address:

216.239.38.178:80

Request

GET /collect?v=1&tid=UA-58120669-26&t=event&cid=488dca4c15f9a1d330ad312b391a804e00000000000000000000000000000000&ec=20180910&ea=executed&el=1&ev=0 HTTP/1.1
Connection: Keep-Alive
User-Agent: Avast SimpleHttp/3.0
Host: www.google-analytics.com

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Wed, 14 Aug 2024 02:18:25 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 5596
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
GET

http://www.google-analytics.com/collect?v=1&tid=UA-58120669-26&t=event&cid=488dca4c15f9a1d330ad312b391a804e00000000000000000000000000000000&ec=20180910&ea=version&el=6.26.0.11169&ev=0

CCUpdate.exe

Remote address:

216.239.38.178:80

Request

GET /collect?v=1&tid=UA-58120669-26&t=event&cid=488dca4c15f9a1d330ad312b391a804e00000000000000000000000000000000&ec=20180910&ea=version&el=6.26.0.11169&ev=0 HTTP/1.1
Connection: Keep-Alive
User-Agent: Avast SimpleHttp/3.0
Host: www.google-analytics.com

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Wed, 14 Aug 2024 02:18:25 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 5596
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
GET

http://www.google-analytics.com/collect?v=1&tid=UA-58120669-26&t=event&cid=488dca4c15f9a1d330ad312b391a804e00000000000000000000000000000000&ec=20180910&ea=version_check&el=0&ev=0

CCUpdate.exe

Remote address:

216.239.38.178:80

Request

GET /collect?v=1&tid=UA-58120669-26&t=event&cid=488dca4c15f9a1d330ad312b391a804e00000000000000000000000000000000&ec=20180910&ea=version_check&el=0&ev=0 HTTP/1.1
Connection: Keep-Alive
User-Agent: Avast SimpleHttp/3.0
Host: www.google-analytics.com

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Wed, 14 Aug 2024 02:18:25 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 5596
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
DNS

ncc.avast.com

CCleaner64.exe

Remote address:

8.8.8.8:53

Request

ncc.avast.com

IN A

Response

ncc.avast.com

IN CNAME

ncc.avast.com.edgesuite.net

ncc.avast.com.edgesuite.net

IN CNAME

a1488.dscd.akamai.net

a1488.dscd.akamai.net

IN A

2.18.190.83

a1488.dscd.akamai.net

IN A

2.18.190.77
DNS

cdn.cookielaw.org

CCleaner64.exe

Remote address:

8.8.8.8:53

Request

cdn.cookielaw.org

IN A

Response

cdn.cookielaw.org

IN A

104.18.86.42

cdn.cookielaw.org

IN A

104.18.87.42
DNS

1.24.111.34.in-addr.arpa

CCleaner64.exe

Remote address:

8.8.8.8:53

Request

1.24.111.34.in-addr.arpa

IN PTR

Response

1.24.111.34.in-addr.arpa

IN PTR

12411134bcgoogleusercontentcom
DNS

s1.pir.fm

CCleaner64.exe

Remote address:

8.8.8.8:53

Request

s1.pir.fm

IN A

Response

s1.pir.fm

IN CNAME

s1.pir.fm.edgekey.net

s1.pir.fm.edgekey.net

IN CNAME

e131816.dsca.akamaiedge.net

e131816.dsca.akamaiedge.net

IN A

184.28.198.185

e131816.dsca.akamaiedge.net

IN A

184.28.198.186
DNS

dpm.demdex.net

CCleaner64.exe

Remote address:

8.8.8.8:53

Request

dpm.demdex.net

IN A

Response

dpm.demdex.net

IN CNAME

gslb-2.demdex.net

gslb-2.demdex.net

IN CNAME

edge-irl1.demdex.net

edge-irl1.demdex.net

IN CNAME

dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com

dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com

IN A

54.228.186.105

dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com

IN A

52.214.73.191

dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com

IN A

54.78.109.69

dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com

IN A

54.171.135.222

dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com

IN A

34.254.85.174

dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com

IN A

34.253.253.34

dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com

IN A

34.251.153.53

dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com

IN A

54.76.102.91
DNS

196.20.217.172.in-addr.arpa

CCleaner64.exe

Remote address:

8.8.8.8:53

Request

196.20.217.172.in-addr.arpa

IN PTR

Response

196.20.217.172.in-addr.arpa

IN PTR

waw02s08-in-f1961e100net

196.20.217.172.in-addr.arpa

IN PTR

par10s50-in-f4�J

196.20.217.172.in-addr.arpa

IN PTR

waw02s08-in-f4�J
DNS

symantec.demdex.net

CCleaner64.exe

Remote address:

8.8.8.8:53

Request

symantec.demdex.net

IN A

Response

symantec.demdex.net

IN CNAME

gslb-2.demdex.net

gslb-2.demdex.net

IN CNAME

edge-irl1.demdex.net

edge-irl1.demdex.net

IN CNAME

dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com

dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com

IN A

34.251.153.53

dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com

IN A

52.214.214.237

dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com

IN A

34.250.191.11

dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com

IN A

3.248.118.156

dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com

IN A

34.249.63.123

dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com

IN A

52.211.89.53

dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com

IN A

54.171.135.222

dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com

IN A

52.214.73.191
DNS

ctldl.windowsupdate.com

CCleaner64.exe

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

ctldl.windowsupdate.com.delivery.microsoft.com

ctldl.windowsupdate.com.delivery.microsoft.com

IN CNAME

wu-b-net.trafficmanager.net

wu-b-net.trafficmanager.net

IN CNAME

wu.azureedge.net

wu.azureedge.net

IN CNAME

wu.ec.azureedge.net

wu.ec.azureedge.net

IN CNAME

bg.apr-52dd2-0503.edgecastdns.net

bg.apr-52dd2-0503.edgecastdns.net

IN CNAME

hlb.apr-52dd2-0.edgecastdns.net

hlb.apr-52dd2-0.edgecastdns.net

IN CNAME

cs11.wpc.v0cdn.net

cs11.wpc.v0cdn.net

IN A

93.184.221.240
DNS

162.214.58.216.in-addr.arpa

CCleaner64.exe

Remote address:

8.8.8.8:53

Request

162.214.58.216.in-addr.arpa

IN PTR

Response

162.214.58.216.in-addr.arpa

IN PTR

mad01s26-in-f1621e100net

162.214.58.216.in-addr.arpa

IN PTR

par10s42-in-f2�J

162.214.58.216.in-addr.arpa

IN PTR

mad01s26-in-f2�J
GET

http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=3

msedge.exe

Remote address:

2.18.109.139:80

Request

GET /go/app_releasenotes?p=1&v=&l=1033&b=1&a=3 HTTP/1.1
Host: www.ccleaner.com
Connection: keep-alive
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Content-Length: 0
Location: https://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=3
Cache-Control: max-age=0
Expires: Wed, 14 Aug 2024 03:52:22 GMT
Date: Wed, 14 Aug 2024 03:52:22 GMT
Connection: keep-alive
Server-Timing: cdn-cache; desc=HIT
Server-Timing: edge; dur=1
Permissions-Policy: interest-cohort=()
Server-Timing: ak_p; desc="1723607542088_1551571597_115391889_18_6898_47_0_-";dur=1
GET

http://ncc.avast.com/ncc.txt

CCleaner64.exe

Remote address:

2.18.190.83:80

Request

GET /ncc.txt HTTP/1.1
Connection: Keep-Alive
User-Agent: Avast Antivirus
Host: ncc.avast.com

Response

HTTP/1.1 200 OK

Content-Type: text/html
Content-Length: 26
Date: Wed, 14 Aug 2024 03:52:22 GMT
Connection: keep-alive
GET

https://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=3

msedge.exe

Remote address:

2.18.109.139:443

Request

GET /go/app_releasenotes?p=1&v=&l=1033&b=1&a=3 HTTP/2.0
host: www.ccleaner.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

content-type: text/html; charset=utf-8
access-control-expose-headers: Request-Context
location: /knowledge/ccleaner-v6-26-11169?cv=v6-26-11169
request-context: appId=cid-v1:f596e2d8-53ab-4408-9336-8b048cfa7a07
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-length: 163
x-edgeconnect-midmile-rtt: 0
x-edgeconnect-origin-mex-latency: 81
cache-control: private, max-age=3600
expires: Wed, 14 Aug 2024 04:52:22 GMT
date: Wed, 14 Aug 2024 03:52:22 GMT
set-cookie: ARRAffinity=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f;Path=/;HttpOnly;Secure;Domain=www.ccleaner.com
set-cookie: ARRAffinitySameSite=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f;Path=/;HttpOnly;SameSite=None;Secure;Domain=www.ccleaner.com
server-timing: cdn-cache; desc=REVALIDATE
server-timing: edge; dur=5
server-timing: origin; dur=81
permissions-policy: interest-cohort=()
server-timing: ak_p; desc="1723607542198_1551571655_31067326_8633_5114_48_98_255";dur=1
GET

https://www.ccleaner.com/knowledge/ccleaner-v6-26-11169?cv=v6-26-11169

msedge.exe

Remote address:

2.18.109.139:443

Request

GET /knowledge/ccleaner-v6-26-11169?cv=v6-26-11169 HTTP/2.0
host: www.ccleaner.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ARRAffinity=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: ARRAffinitySameSite=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f

Response

HTTP/2.0 200

content-type: text/html; charset=utf-8
access-control-expose-headers: Request-Context
vary: Accept-Encoding
request-context: appId=cid-v1:f596e2d8-53ab-4408-9336-8b048cfa7a07
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-edgeconnect-midmile-rtt: 0
x-edgeconnect-origin-mex-latency: 93
x-akamai-transformed: 9 8583 0 pmb=mRUM,1
content-encoding: gzip
cache-control: private, max-age=3099
expires: Wed, 14 Aug 2024 04:44:01 GMT
date: Wed, 14 Aug 2024 03:52:22 GMT
content-length: 8886
set-cookie: _cc_langChoice=en-us; expires=Thu, 14-Aug-2025 03:52:22 GMT; path=/
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=14
server-timing: origin; dur=0
permissions-policy: interest-cohort=()
server-timing: ak_p; desc="1723607542450_1551571655_31067341_1389_5228_48_0_255";dur=1
GET

https://www.ccleaner.com/dist/uiv1/apiary-legacy-vue.css?v=1.0.105

msedge.exe

Remote address:

2.18.109.139:443

Request

GET /dist/uiv1/apiary-legacy-vue.css?v=1.0.105 HTTP/2.0
host: www.ccleaner.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.ccleaner.com/knowledge/ccleaner-v6-26-11169?cv=v6-26-11169
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ARRAffinity=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: ARRAffinitySameSite=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: _cc_langChoice=en-us

Response

HTTP/2.0 200

content-length: 52029
content-type: text/css
accept-ranges: bytes
access-control-expose-headers: Request-Context
content-encoding: gzip
etag: "051e4d40c3da1:0"
last-modified: Thu, 20 Jun 2024 10:58:50 GMT
vary: Accept-Encoding
request-context: appId=cid-v1:f596e2d8-53ab-4408-9336-8b048cfa7a07
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: max-age=1573508
expires: Sun, 01 Sep 2024 08:57:30 GMT
date: Wed, 14 Aug 2024 03:52:22 GMT
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=1
permissions-policy: interest-cohort=()
server-timing: ak_p; desc="1723607542613_1551571655_31067353_569_4088_49_0_255";dur=1
GET

https://www.ccleaner.com/dist/uiv1/apiary-legacy-native.css?v=1.0.105

msedge.exe

Remote address:

2.18.109.139:443

Request

GET /dist/uiv1/apiary-legacy-native.css?v=1.0.105 HTTP/2.0
host: www.ccleaner.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.ccleaner.com/knowledge/ccleaner-v6-26-11169?cv=v6-26-11169
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ARRAffinity=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: ARRAffinitySameSite=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: _cc_langChoice=en-us

Response

HTTP/2.0 200

content-length: 382538
content-type: text/css
accept-ranges: bytes
access-control-expose-headers: Request-Context
content-encoding: gzip
etag: "08ff8c80c3da1:0"
last-modified: Thu, 20 Jun 2024 10:58:30 GMT
vary: Accept-Encoding
request-context: appId=cid-v1:f596e2d8-53ab-4408-9336-8b048cfa7a07
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: max-age=1573601
expires: Sun, 01 Sep 2024 08:59:03 GMT
date: Wed, 14 Aug 2024 03:52:22 GMT
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=1
permissions-policy: interest-cohort=()
server-timing: ak_p; desc="1723607542607_1551571655_31067354_37_4886_49_0_255";dur=1
GET

https://www.ccleaner.com/dist/js/legacy/sniffer.js?v=1.0.105

msedge.exe

Remote address:

2.18.109.139:443

Request

GET /dist/js/legacy/sniffer.js?v=1.0.105 HTTP/2.0
host: www.ccleaner.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ccleaner.com/knowledge/ccleaner-v6-26-11169?cv=v6-26-11169
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ARRAffinity=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: ARRAffinitySameSite=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: _cc_langChoice=en-us

Response

HTTP/2.0 200

content-length: 2047
content-type: application/x-javascript
accept-ranges: bytes
access-control-expose-headers: Request-Context
content-encoding: gzip
etag: "0d384940c3da1:0"
last-modified: Thu, 20 Jun 2024 10:57:02 GMT
vary: Accept-Encoding
request-context: appId=cid-v1:f596e2d8-53ab-4408-9336-8b048cfa7a07
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: max-age=1573506
expires: Sun, 01 Sep 2024 08:57:28 GMT
date: Wed, 14 Aug 2024 03:52:22 GMT
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=1
permissions-policy: interest-cohort=()
server-timing: ak_p; desc="1723607542607_1551571655_31067355_36_4836_49_0_219";dur=1
GET

https://www.ccleaner.com/dist/js/legacy/unsupportedBrowserRedirect.js?v=1.0.105

msedge.exe

Remote address:

2.18.109.139:443

Request

GET /dist/js/legacy/unsupportedBrowserRedirect.js?v=1.0.105 HTTP/2.0
host: www.ccleaner.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ccleaner.com/knowledge/ccleaner-v6-26-11169?cv=v6-26-11169
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ARRAffinity=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: ARRAffinitySameSite=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: _cc_langChoice=en-us

Response

HTTP/2.0 200

content-type: application/x-javascript
accept-ranges: bytes
access-control-expose-headers: Request-Context
etag: "0d384940c3da1:0"
last-modified: Thu, 20 Jun 2024 10:57:02 GMT
request-context: appId=cid-v1:f596e2d8-53ab-4408-9336-8b048cfa7a07
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
content-length: 444
cache-control: max-age=1573544
expires: Sun, 01 Sep 2024 08:58:06 GMT
date: Wed, 14 Aug 2024 03:52:22 GMT
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=1
permissions-policy: interest-cohort=()
server-timing: ak_p; desc="1723607542619_1551571655_31067358_84_4438_49_0_219";dur=1
GET

https://www.ccleaner.com/scripts/vendor/vue.global.prod.min-3.2.21.js?v=1.0.105

msedge.exe

Remote address:

2.18.109.139:443

Request

GET /scripts/vendor/vue.global.prod.min-3.2.21.js?v=1.0.105 HTTP/2.0
host: www.ccleaner.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ccleaner.com/knowledge/ccleaner-v6-26-11169?cv=v6-26-11169
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ARRAffinity=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: ARRAffinitySameSite=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: _cc_langChoice=en-us

Response

HTTP/2.0 200

content-length: 47568
content-type: application/x-javascript
accept-ranges: bytes
access-control-expose-headers: Request-Context
content-encoding: gzip
etag: "07922920c3da1:0"
last-modified: Thu, 20 Jun 2024 10:56:58 GMT
vary: Accept-Encoding
request-context: appId=cid-v1:f596e2d8-53ab-4408-9336-8b048cfa7a07
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: max-age=1573663
expires: Sun, 01 Sep 2024 09:00:05 GMT
date: Wed, 14 Aug 2024 03:52:22 GMT
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=1
permissions-policy: interest-cohort=()
server-timing: ak_p; desc="1723607542890_1551571655_31067389_27_5076_48_0_182";dur=1
GET

https://www.ccleaner.com/scripts/vendor/jquery-3.6.4.min.js?v=1.0.105

msedge.exe

Remote address:

2.18.109.139:443

Request

GET /scripts/vendor/jquery-3.6.4.min.js?v=1.0.105 HTTP/2.0
host: www.ccleaner.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ccleaner.com/knowledge/ccleaner-v6-26-11169?cv=v6-26-11169
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ARRAffinity=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: ARRAffinitySameSite=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: _cc_langChoice=en-us

Response

HTTP/2.0 200

content-length: 31120
content-type: application/x-javascript
accept-ranges: bytes
access-control-expose-headers: Request-Context
content-encoding: gzip
etag: "07922920c3da1:0"
last-modified: Thu, 20 Jun 2024 10:56:58 GMT
vary: Accept-Encoding
request-context: appId=cid-v1:f596e2d8-53ab-4408-9336-8b048cfa7a07
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: max-age=1573553
expires: Sun, 01 Sep 2024 08:58:16 GMT
date: Wed, 14 Aug 2024 03:52:23 GMT
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=1
permissions-policy: interest-cohort=()
server-timing: ak_p; desc="1723607543004_1551571655_31067401_28_4488_49_0_182";dur=1
GET

https://www.ccleaner.com/dist/uiv1/apiary-legacy-native.iife.js?v=1.0.105

msedge.exe

Remote address:

2.18.109.139:443

Request

GET /dist/uiv1/apiary-legacy-native.iife.js?v=1.0.105 HTTP/2.0
host: www.ccleaner.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ccleaner.com/knowledge/ccleaner-v6-26-11169?cv=v6-26-11169
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ARRAffinity=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: ARRAffinitySameSite=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: _cc_langChoice=en-us

Response

HTTP/2.0 200

content-length: 155334
content-type: application/x-javascript
accept-ranges: bytes
access-control-expose-headers: Request-Context
content-encoding: gzip
etag: "08ff8c80c3da1:0"
last-modified: Thu, 20 Jun 2024 10:58:30 GMT
vary: Accept-Encoding
request-context: appId=cid-v1:f596e2d8-53ab-4408-9336-8b048cfa7a07
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: max-age=1573544
expires: Sun, 01 Sep 2024 08:58:07 GMT
date: Wed, 14 Aug 2024 03:52:23 GMT
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=1
permissions-policy: interest-cohort=()
server-timing: ak_p; desc="1723607543074_1551571655_31067411_32_4876_52_0_182";dur=1
GET

https://www.ccleaner.com/dist/uiv1/apiary-legacy-vue.iife.js?v=1.0.105

msedge.exe

Remote address:

2.18.109.139:443

Request

GET /dist/uiv1/apiary-legacy-vue.iife.js?v=1.0.105 HTTP/2.0
host: www.ccleaner.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ccleaner.com/knowledge/ccleaner-v6-26-11169?cv=v6-26-11169
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ARRAffinity=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: ARRAffinitySameSite=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: _cc_langChoice=en-us

Response

HTTP/2.0 200

content-length: 142130
content-type: application/x-javascript
accept-ranges: bytes
access-control-expose-headers: Request-Context
content-encoding: gzip
etag: "051e4d40c3da1:0"
last-modified: Thu, 20 Jun 2024 10:58:50 GMT
vary: Accept-Encoding
request-context: appId=cid-v1:f596e2d8-53ab-4408-9336-8b048cfa7a07
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: max-age=1573491
expires: Sun, 01 Sep 2024 08:57:14 GMT
date: Wed, 14 Aug 2024 03:52:23 GMT
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=1
permissions-policy: interest-cohort=()
server-timing: ak_p; desc="1723607543163_1551571655_31067421_31_4792_50_0_182";dur=1
GET

https://www.ccleaner.com/en-us/api/knowledge/categories?guid=c0c9d759-25ff-4378-a1c0-c4dc20c62cde

msedge.exe

Remote address:

2.18.109.139:443

Request

GET /en-us/api/knowledge/categories?guid=c0c9d759-25ff-4378-a1c0-c4dc20c62cde HTTP/2.0
host: www.ccleaner.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
accept: application/json, text/plain, */*
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ccleaner.com/knowledge/ccleaner-v6-26-11169?cv=v6-26-11169
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ARRAffinity=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: ARRAffinitySameSite=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: _cc_langChoice=en-us

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
access-control-expose-headers: Request-Context
content-encoding: gzip
pragma: no-cache
vary: Accept-Encoding
request-context: appId=cid-v1:f596e2d8-53ab-4408-9336-8b048cfa7a07
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-length: 1563
cache-control: max-age=2387
expires: Wed, 14 Aug 2024 04:32:10 GMT
date: Wed, 14 Aug 2024 03:52:23 GMT
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=17
server-timing: origin; dur=0
permissions-policy: interest-cohort=()
server-timing: ak_p; desc="1723607543673_1551571655_31067490_1650_5461_57_0_219";dur=1
GET

https://www.ccleaner.com/en-us/api/knowledge/related-articles?guid=c0c9d759-25ff-4378-a1c0-c4dc20c62cde

msedge.exe

Remote address:

2.18.109.139:443

Request

GET /en-us/api/knowledge/related-articles?guid=c0c9d759-25ff-4378-a1c0-c4dc20c62cde HTTP/2.0
host: www.ccleaner.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
accept: application/json, text/plain, */*
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ccleaner.com/knowledge/ccleaner-v6-26-11169?cv=v6-26-11169
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ARRAffinity=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: ARRAffinitySameSite=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: _cc_langChoice=en-us

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
access-control-expose-headers: Request-Context
content-encoding: gzip
pragma: no-cache
vary: Accept-Encoding
request-context: appId=cid-v1:f596e2d8-53ab-4408-9336-8b048cfa7a07
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-length: 418
cache-control: max-age=2389
expires: Wed, 14 Aug 2024 04:32:12 GMT
date: Wed, 14 Aug 2024 03:52:23 GMT
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=43
server-timing: origin; dur=0
permissions-policy: interest-cohort=()
server-timing: ak_p; desc="1723607543668_1551571655_31067489_4357_5097_57_0_219";dur=1
GET

https://www.ccleaner.com/en-us/api/knowledge/article?guid=c0c9d759-25ff-4378-a1c0-c4dc20c62cde

msedge.exe

Remote address:

2.18.109.139:443

Request

GET /en-us/api/knowledge/article?guid=c0c9d759-25ff-4378-a1c0-c4dc20c62cde HTTP/2.0
host: www.ccleaner.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
accept: application/json, text/plain, */*
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ccleaner.com/knowledge/ccleaner-v6-26-11169?cv=v6-26-11169
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ARRAffinity=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: ARRAffinitySameSite=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: _cc_langChoice=en-us

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
access-control-expose-headers: Request-Context
content-encoding: gzip
pragma: no-cache
vary: Accept-Encoding
request-context: appId=cid-v1:f596e2d8-53ab-4408-9336-8b048cfa7a07
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-length: 518
x-edgeconnect-midmile-rtt: 1
x-edgeconnect-origin-mex-latency: 310
cache-control: max-age=83368
expires: Thu, 15 Aug 2024 03:01:51 GMT
date: Wed, 14 Aug 2024 03:52:23 GMT
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=1
permissions-policy: interest-cohort=()
server-timing: ak_p; desc="1723607543733_1551571655_31067502_30_5590_57_0_219";dur=1
GET

https://www.ccleaner.com/en-us/api/knowledge/labels?guid=c0c9d759-25ff-4378-a1c0-c4dc20c62cde

msedge.exe

Remote address:

2.18.109.139:443

Request

GET /en-us/api/knowledge/labels?guid=c0c9d759-25ff-4378-a1c0-c4dc20c62cde HTTP/2.0
host: www.ccleaner.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
accept: application/json, text/plain, */*
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ccleaner.com/knowledge/ccleaner-v6-26-11169?cv=v6-26-11169
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ARRAffinity=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: ARRAffinitySameSite=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: _cc_langChoice=en-us

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
access-control-expose-headers: Request-Context
content-encoding: gzip
pragma: no-cache
vary: Accept-Encoding
request-context: appId=cid-v1:f596e2d8-53ab-4408-9336-8b048cfa7a07
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-length: 1033
cache-control: max-age=2403
expires: Wed, 14 Aug 2024 04:32:26 GMT
date: Wed, 14 Aug 2024 03:52:23 GMT
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=63
server-timing: origin; dur=0
permissions-policy: interest-cohort=()
server-timing: ak_p; desc="1723607543673_1551571655_31067492_6281_5249_57_0_219";dur=1
GET

https://www.ccleaner.com/en-us/api/site/settings

msedge.exe

Remote address:

2.18.109.139:443

Request

GET /en-us/api/site/settings HTTP/2.0
host: www.ccleaner.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
accept: application/json, text/javascript, */*; q=0.01
dnt: 1
x-requested-with: XMLHttpRequest
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ccleaner.com/knowledge/ccleaner-v6-26-11169?cv=v6-26-11169
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ARRAffinity=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: ARRAffinitySameSite=82114ef1feb862070f28d10a1995c203dbb887ec294dd45226282a29a4e0ac3f
cookie: _cc_langChoice=en-us
cookie: _cc_xsource=x-acqsource=&x-campaign=1&x-origin=2&x-variant=1&undefined=&x-aswparam=&partnerid=&programtype=&clickid=&trafficsource=&cjevent=

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/jpeg
etag: "7895cb1f002cbe6fefe3535878a3d9c3:1681822242.34759"
last-modified: Wed, 17 Nov 2021 13:56:50 GMT
content-length: 9878
cache-control: max-age=2037759
date: Wed, 14 Aug 2024 03:52:23 GMT
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=1
server-timing: ak_p; desc="1723607543819_1551571655_31067509_36_6209_57_0_146";dur=1
GET

https://cdn-production.ccleaner.com/site/cafopxlb/blog-author-alex.jpg

msedge.exe

Remote address:

2.18.109.139:443

Request

GET /site/cafopxlb/blog-author-alex.jpg HTTP/2.0
host: cdn-production.ccleaner.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/png
etag: "1ea6a99f2723659b81506fee83fe1583:1687261888.480553"
last-modified: Wed, 17 Nov 2021 13:58:42 GMT
content-length: 20421
cache-control: max-age=1172904
date: Wed, 14 Aug 2024 03:52:23 GMT
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=1
server-timing: ak_p; desc="1723607543819_1551571655_31067510_89_6200_57_0_146";dur=1
GET

https://cdn-production.ccleaner.com/site/rv3ppjqo/recuva_450x245px.png

msedge.exe

Remote address:

2.18.109.139:443

Request

GET /site/rv3ppjqo/recuva_450x245px.png HTTP/2.0
host: cdn-production.ccleaner.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/jpeg
etag: "6455eac0d7b6fb17d419fc734538a9cf:1674554639.556057"
last-modified: Fri, 12 Nov 2021 11:26:54 GMT
content-length: 92067
cache-control: max-age=2037717
date: Wed, 14 Aug 2024 03:52:23 GMT
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=1
server-timing: ak_p; desc="1723607543819_1551571655_31067511_35_6216_57_0_146";dur=1
GET

https://cdn-production.ccleaner.com/site/ysco1rxm/release-announce-blog-1560x590.jpg

msedge.exe

Remote address:

2.18.109.139:443

Request

GET /site/ysco1rxm/release-announce-blog-1560x590.jpg HTTP/2.0
host: cdn-production.ccleaner.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/jpeg
etag: "4f8e6bd03d291411b935206ee6fec92a:1686744901.382973"
last-modified: Wed, 14 Jun 2023 12:15:01 GMT
content-length: 177562
cache-control: max-age=2119251
date: Wed, 14 Aug 2024 03:52:23 GMT
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=1
server-timing: ak_p; desc="1723607543819_1551571655_31067512_29_7658_57_0_146";dur=1
GET

https://cdn-production.ccleaner.com/site/veim0gik/janmazal.jpeg

msedge.exe

Remote address:

2.18.109.139:443

Request

GET /site/veim0gik/janmazal.jpeg HTTP/2.0
host: cdn-production.ccleaner.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
access-control-expose-headers: Request-Context
content-encoding: gzip
pragma: no-cache
vary: Accept-Encoding
request-context: appId=cid-v1:f596e2d8-53ab-4408-9336-8b048cfa7a07
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-length: 2520
x-edgeconnect-midmile-rtt: 1
x-edgeconnect-origin-mex-latency: 347
cache-control: max-age=3556
expires: Wed, 14 Aug 2024 04:51:40 GMT
date: Wed, 14 Aug 2024 03:52:24 GMT
server-timing: cdn-cache; desc=REVALIDATE
server-timing: edge; dur=50
server-timing: origin; dur=347
permissions-policy: interest-cohort=()
server-timing: ak_p; desc="1723607543673_1551571655_31067491_39756_4972_53_0_219";dur=1
GET

https://cdn-uat.ccleaner.com/site/43khe3ys/cc-logo-inline-black-text.svg

msedge.exe

Remote address:

2.18.109.139:443

Request

GET /site/43khe3ys/cc-logo-inline-black-text.svg HTTP/2.0
host: cdn-uat.ccleaner.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: at_check=true
cookie: mbox=session#5a7714e6811a496da3bc686cacbc8044#1723609402
cookie: _gcl_au=1.1.506217054.1723607542
cookie: __srcCookie=007_z8h||source=(Other)|medium=(none)|campaign=(not set)|segmentCode=z
cookie: pglpid=undefined
cookie: sourceCodeCookie=999_a8h||source=direct|medium=(none)|campaign=(not set)|segmentCode=a
cookie: __trSrc=999_a8h
cookie: sdl_cid=926184086.1723607542
cookie: AMCVS_67C716D751E567F70A490D4C%40AdobeOrg=1
cookie: AMCV_67C716D751E567F70A490D4C%40AdobeOrg=179643557%7CMCIDTS%7C19950%7CMCMID%7C80157457351543210364418001446598287226%7CMCAAMLH-1724212341%7C6%7CMCAAMB-1724212341%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1723614741s%7CNONE%7CvVersion%7C5.5.0
cookie: OptanonConsent=isIABGlobal=false&datestamp=Wed+Aug+14+2024+03%3A52%3A21+GMT%2B0000+(Greenwich+Mean+Time)&version=6.36.0&hosts=&consentId=4a334313-adca-4de1-8be8-32ad469c8ccc&interactionCount=0&landingPath=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169%3Fcv%3Dv6-26-11169
cookie: avstperm=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0%2CC0005%3A0

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/svg+xml
etag: "8af764f8de1feaa90054ecb9ddbed251:1678292891.685973"
last-modified: Wed, 17 Nov 2021 13:56:21 GMT
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Thu, 14 Aug 2025 03:52:24 GMT
date: Wed, 14 Aug 2024 03:52:24 GMT
content-length: 17261
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=1
server-timing: ak_p; desc="1723607544560_1551571655_31067602_26_6079_52_0_219";dur=1
GET

http://o.pki.goog/s/wr3/Gvk/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSq0i5t2Pafi2Gw9uzwnc7KTctWgQUx4H1%2FY6I2QA8TWOiUDEkoM4j%2FiMCEBr5AFlWZR%2FCCWtA%2Bxx6j%2FM%3D

CCleaner64.exe

Remote address:

216.58.214.67:80

Request

GET /s/wr3/Gvk/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSq0i5t2Pafi2Gw9uzwnc7KTctWgQUx4H1%2FY6I2QA8TWOiUDEkoM4j%2FiMCEBr5AFlWZR%2FCCWtA%2Bxx6j%2FM%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Wed, 14 Aug 2024 01:20:33 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 9109
GET

https://cdn.cookielaw.org/consent/831b8ee0-e952-49a5-af6b-01382c722774/OtAutoBlock.js

msedge.exe

Remote address:

104.18.86.42:443

Request

GET /consent/831b8ee0-e952-49a5-af6b-01382c722774/OtAutoBlock.js HTTP/2.0
host: cdn.cookielaw.org
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 14 Aug 2024 03:52:22 GMT
content-type: application/javascript
content-length: 6882
content-encoding: gzip
content-md5: Wbr2pAeg61Hfi+2FuD0cYA==
last-modified: Tue, 13 Aug 2024 06:29:30 GMT
etag: 0x8DCBB6149C9BAB8
x-ms-request-id: f56b62c7-b01e-003c-70b1-ed2751000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 32632
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8b2dfde66d7793f0-LHR
GET

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

msedge.exe

Remote address:

104.18.86.42:443

Request

GET /scripttemplates/otSDKStub.js HTTP/2.0
host: cdn.cookielaw.org
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 14 Aug 2024 03:52:22 GMT
content-type: application/x-javascript
content-length: 8439
cf-ray: 8b2dfde66d7693f0-LHR
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 48116
cache-control: public, max-age=86400
content-encoding: gzip
etag: 0x8DCBBA478FA678B
expires: Thu, 15 Aug 2024 03:52:22 GMT
last-modified: Tue, 13 Aug 2024 14:30:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-md5: KQnH3XO6FDi+7xN6YpnIfg==
x-content-type-options: nosniff
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: b811ee6a-101e-005c-648d-ed6273000000
x-ms-version: 2009-09-19
server: cloudflare
GET

https://cdn.cookielaw.org/scripttemplates/6.36.0/otBannerSdk.js

msedge.exe

Remote address:

104.18.86.42:443

Request

GET /scripttemplates/6.36.0/otBannerSdk.js HTTP/2.0
host: cdn.cookielaw.org
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 14 Aug 2024 03:52:23 GMT
content-type: application/javascript
content-length: 87793
content-encoding: gzip
content-md5: 8atDBk1Pe2rTtV5h1AnhkA==
last-modified: Tue, 07 Jun 2022 19:29:06 GMT
etag: 0x8DA48BBFD0F8D63
x-ms-request-id: 11ac1156-e01e-008e-4c72-79ef35000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 26709
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8b2dfdec899693f0-LHR
GET

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

msedge.exe

Remote address:

104.18.86.42:443

Request

GET /logos/static/powered_by_logo.svg HTTP/2.0
host: cdn.cookielaw.org
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 14 Aug 2024 03:52:24 GMT
content-type: image/svg+xml
content-md5: Y+c301RBZNK39PvKQWrIBw==
last-modified: Tue, 13 Aug 2024 06:29:36 GMT
x-ms-request-id: fec37f1d-a01e-0067-07b4-ed202d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 31456
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8b2dfdf18cd993f0-LHR
content-encoding: gzip
DNS

42.86.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.86.18.104.in-addr.arpa

IN PTR

Response
DNS

fonts.gstatic.com

Remote address:

8.8.8.8:53

Request

fonts.gstatic.com

IN A

Response

fonts.gstatic.com

IN A

142.250.179.67
DNS

www.google.com

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

172.217.20.196
DNS

www.gstatic.com

Remote address:

8.8.8.8:53

Request

www.gstatic.com

IN A

Response

www.gstatic.com

IN A

142.250.74.227
DNS

243.109.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

243.109.18.2.in-addr.arpa

IN PTR

Response

243.109.18.2.in-addr.arpa

IN PTR

a2-18-109-243deploystaticakamaitechnologiescom
DNS

symantec.tt.omtrdc.net

Remote address:

8.8.8.8:53

Request

symantec.tt.omtrdc.net

IN A

Response

symantec.tt.omtrdc.net

IN CNAME

adobetarget.data.adobedc.net

adobetarget.data.adobedc.net

IN A

66.235.152.225

adobetarget.data.adobedc.net

IN A

66.235.152.156

adobetarget.data.adobedc.net

IN A

66.235.152.221
DNS

120.108.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

120.108.18.2.in-addr.arpa

IN PTR

Response

120.108.18.2.in-addr.arpa

IN PTR

a2-18-108-120deploystaticakamaitechnologiescom
DNS

240.209.17.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.209.17.104.in-addr.arpa

IN PTR

Response
DNS

234.75.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.75.250.142.in-addr.arpa

IN PTR

Response

234.75.250.142.in-addr.arpa

IN PTR

par10s41-in-f101e100net
DNS

s.go-mpulse.net

Remote address:

8.8.8.8:53

Request

s.go-mpulse.net

IN A

Response

s.go-mpulse.net

IN CNAME

ip46.go-mpulse.net.edgekey.net

ip46.go-mpulse.net.edgekey.net

IN CNAME

e4518.dscx.akamaiedge.net

e4518.dscx.akamaiedge.net

IN A

95.100.244.132
DNS

www.googletagmanager.com

Remote address:

8.8.8.8:53

Request

www.googletagmanager.com

IN A

Response

www.googletagmanager.com

IN A

216.58.214.168
DNS

www.nortonlifelock.com

Remote address:

8.8.8.8:53

Request

www.nortonlifelock.com

IN A

Response

www.nortonlifelock.com

IN CNAME

www.nortonlifelock.com.edgekey.net

www.nortonlifelock.com.edgekey.net

IN CNAME

e4117.dsca.akamaiedge.net

e4117.dsca.akamaiedge.net

IN A

2.18.108.120
DNS

mstatic.ccleaner.com

Remote address:

8.8.8.8:53

Request

mstatic.ccleaner.com

IN A

Response

mstatic.ccleaner.com

IN A

20.50.2.53
DNS

tr.outbrain.com

Remote address:

8.8.8.8:53

Request

tr.outbrain.com

IN A

Response

tr.outbrain.com

IN CNAME

alldcs.outbrain.org

alldcs.outbrain.org

IN CNAME

chidc2.outbrain.org

chidc2.outbrain.org

IN A

50.31.142.223
DNS

37.39.156.108.in-addr.arpa

Remote address:

8.8.8.8:53

Request

37.39.156.108.in-addr.arpa

IN PTR

Response

37.39.156.108.in-addr.arpa

IN PTR

server-108-156-39-37lhr50r cloudfrontnet
GET

https://cdn.cookielaw.org/consent/831b8ee0-e952-49a5-af6b-01382c722774/831b8ee0-e952-49a5-af6b-01382c722774.json

msedge.exe

Remote address:

104.18.86.42:443

Request

GET /consent/831b8ee0-e952-49a5-af6b-01382c722774/831b8ee0-e952-49a5-af6b-01382c722774.json HTTP/2.0
host: cdn.cookielaw.org
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.ccleaner.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 14 Aug 2024 03:52:23 GMT
content-type: application/x-javascript
content-length: 1898
cf-ray: 8b2dfde97c63948a-LHR
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 48116
cache-control: public, max-age=86400
content-encoding: gzip
etag: 0x8DCBBA475C0B4B9
expires: Thu, 15 Aug 2024 03:52:23 GMT
last-modified: Tue, 13 Aug 2024 14:30:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-md5: AdkJ+2zp/6A/fQzqijpcMg==
x-content-type-options: nosniff
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 7861b7a3-601e-0053-608d-ed8f85000000
x-ms-version: 2009-09-19
server: cloudflare
GET

https://cdn.cookielaw.org/consent/831b8ee0-e952-49a5-af6b-01382c722774/0191274f-f38d-7131-b9c2-42835c1452b6/en.json

msedge.exe

Remote address:

104.18.86.42:443

Request

GET /consent/831b8ee0-e952-49a5-af6b-01382c722774/0191274f-f38d-7131-b9c2-42835c1452b6/en.json HTTP/2.0
host: cdn.cookielaw.org
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.ccleaner.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 14 Aug 2024 03:52:24 GMT
content-type: application/x-javascript
content-length: 40611
cf-ray: 8b2dfdee2f46948a-LHR
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 48115
cache-control: public, max-age=86400
content-encoding: gzip
etag: 0x8DCBBA4762F2757
expires: Thu, 15 Aug 2024 03:52:24 GMT
last-modified: Tue, 13 Aug 2024 14:30:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-md5: 1ro56ZkTN46a8G0DWG3URQ==
x-content-type-options: nosniff
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 6e71d97b-e01e-00ac-068d-edb21d000000
x-ms-version: 2009-09-19
server: cloudflare
GET

https://cdn.cookielaw.org/scripttemplates/6.36.0/assets/otCenterRounded.json

msedge.exe

Remote address:

104.18.86.42:443

Request

GET /scripttemplates/6.36.0/assets/otCenterRounded.json HTTP/2.0
host: cdn.cookielaw.org
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.ccleaner.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 14 Aug 2024 03:52:24 GMT
content-type: application/json
content-length: 12974
content-encoding: gzip
content-md5: ee1LIfkTbcemCp7i24lw6Q==
last-modified: Tue, 07 Jun 2022 19:28:58 GMT
etag: 0x8DA48BBF82DCA58
x-ms-request-id: bb638d0f-801e-006c-44c6-0bd214000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 50189
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8b2dfdf058ae948a-LHR
GET

https://cdn.cookielaw.org/scripttemplates/6.36.0/assets/v2/otPcCenter.json

msedge.exe

Remote address:

104.18.86.42:443

Request

GET /scripttemplates/6.36.0/assets/v2/otPcCenter.json HTTP/2.0
host: cdn.cookielaw.org
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.ccleaner.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 14 Aug 2024 03:52:24 GMT
content-type: application/json
content-length: 2585
content-encoding: gzip
content-md5: eB5KwLWtcYPmjc/KKwC/xQ==
last-modified: Tue, 07 Jun 2022 19:28:57 GMT
etag: 0x8DA48BBF745FC61
x-ms-request-id: 06037085-501e-000d-6108-7cf157000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 80849
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8b2dfdf058ac948a-LHR
GET

https://cdn.cookielaw.org/scripttemplates/6.36.0/assets/otCommonStyles.css

msedge.exe

Remote address:

104.18.86.42:443

Request

GET /scripttemplates/6.36.0/assets/otCommonStyles.css HTTP/2.0
host: cdn.cookielaw.org
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.ccleaner.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 14 Aug 2024 03:52:24 GMT
content-type: text/css
content-md5: /wtHD+oYY7dZRzCx50GZrQ==
last-modified: Tue, 07 Jun 2022 19:29:11 GMT
x-ms-request-id: ee661ea6-c01e-0020-3440-0d4224000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 50129
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8b2dfdf058af948a-LHR
content-encoding: gzip
GET

https://s.go-mpulse.net/boomerang/KHFPC-EEZSQ-MPDZF-9BJVS-S3BCL

msedge.exe

Remote address:

95.100.244.132:443

Request

GET /boomerang/KHFPC-EEZSQ-MPDZF-9BJVS-S3BCL HTTP/2.0
host: s.go-mpulse.net
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
content-encoding: br
customappheader: mpulse-ab-boomr__git__361fdb1__git__361fdb1__p19.alsi10-lite
last-modified: Sun, 14 Jul 2024 13:41:11 GMT
timing-allow-origin: *
vary: Accept-Encoding
content-length: 36382
date: Wed, 14 Aug 2024 03:52:23 GMT
DNS

geolocation.onetrust.com

msedge.exe

Remote address:

8.8.8.8:53

Request

geolocation.onetrust.com

IN A

Response

geolocation.onetrust.com

IN A

104.18.28.127

geolocation.onetrust.com

IN A

104.18.29.127
DNS

67.179.250.142.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

67.179.250.142.in-addr.arpa

IN PTR

Response

67.179.250.142.in-addr.arpa

IN PTR

par21s19-in-f31e100net
DNS

amplify.outbrain.com

msedge.exe

Remote address:

8.8.8.8:53

Request

amplify.outbrain.com

IN A

Response

amplify.outbrain.com

IN CNAME

wildcard.outbrain.com.edgekey.net

wildcard.outbrain.com.edgekey.net

IN CNAME

e10883.g.akamaiedge.net

e10883.g.akamaiedge.net

IN A

2.18.109.60
DNS

wave.outbrain.com

msedge.exe

Remote address:

8.8.8.8:53

Request

wave.outbrain.com

IN A

Response

wave.outbrain.com

IN CNAME

wildcard.outbrain.com.edgekey.net

wildcard.outbrain.com.edgekey.net

IN CNAME

e10883.g.akamaiedge.net

e10883.g.akamaiedge.net

IN A

2.18.109.60
DNS

240.198.48.52.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

240.198.48.52.in-addr.arpa

IN PTR

Response

240.198.48.52.in-addr.arpa

IN PTR

ec2-52-48-198-240 eu-west-1compute amazonawscom
GET

https://www.google.com/recaptcha/api.js?onload=ccleaner_recaptcha_onloadCallback&render=explicit

msedge.exe

Remote address:

172.217.20.196:443

Request

GET /recaptcha/api.js?onload=ccleaner_recaptcha_onloadCallback&render=explicit HTTP/2.0
host: www.google.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://s7.addthis.com/js/300/addthis_widget.js

msedge.exe

Remote address:

2.18.109.243:443

Request

GET /js/300/addthis_widget.js HTTP/2.0
host: s7.addthis.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/javascript
server: Oracle API Gateway
strict-transport-security: max-age=31536000
opc-request-id: /FB21F01164D45FFB0F18F2D9559FBBAC/90A8B063F16F648805215FA646E6D1D6
x-content-type-options: nosniff
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
content-encoding: gzip
content-length: 76
date: Wed, 14 Aug 2024 03:52:23 GMT
vary: Accept-Encoding
x-distribution: 99
x-host: s7.addthis.com
GET

https://s1.pir.fm/pf/logos--DA8LAgMPCAQ/ccleaner-logo--small.jpg

msedge.exe

Remote address:

184.28.198.185:443

Request

GET /pf/logos--DA8LAgMPCAQ/ccleaner-logo--small.jpg HTTP/2.0
host: s1.pir.fm
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/jpeg
etag: "21f472010b9cdd8c4f035fe0dc10d3e4:1629218008.203889"
last-modified: Tue, 17 Aug 2021 16:33:28 GMT
content-length: 6488
cache-control: max-age=1957946
date: Wed, 14 Aug 2024 03:52:23 GMT
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=1
server-timing: ak_p; desc="1723607543602_3088893621_3555466541_25_1490_51_51_219";dur=1
GET

https://s1.pir.fm/pf/btn-hamburger-grey.png

msedge.exe

Remote address:

184.28.198.185:443

Request

GET /pf/btn-hamburger-grey.png HTTP/2.0
host: s1.pir.fm
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-length: 142
content-type: image/png
etag: "d1323b2d9208f4937cfbcc2c85f9c8ef:1629217936.637151"
last-modified: Tue, 17 Aug 2021 16:32:16 GMT
unused62: 8096267
cache-control: max-age=2036584
date: Wed, 14 Aug 2024 03:52:23 GMT
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=1
server-timing: ak_p; desc="1723607543657_3088893621_3555466548_75_1507_51_0_146";dur=1
GET

https://s1.pir.fm/pf/blog/knowledge-center-header-image.jpg

msedge.exe

Remote address:

184.28.198.185:443

Request

GET /pf/blog/knowledge-center-header-image.jpg HTTP/2.0
host: s1.pir.fm
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/jpeg
etag: "f412765c87da4b4c13fc1d58ec42fbf2:1629217916.354671"
last-modified: Tue, 17 Aug 2021 16:31:56 GMT
content-length: 64194
cache-control: max-age=2039583
date: Wed, 14 Aug 2024 03:52:23 GMT
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=1
server-timing: ak_p; desc="1723607543693_3088893621_3555466638_96_1551_51_0_146";dur=1
GET

https://s1.pir.fm/pf/blog/post-icon.png

msedge.exe

Remote address:

184.28.198.185:443

Request

GET /pf/blog/post-icon.png HTTP/2.0
host: s1.pir.fm
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/png
etag: "afc4701847aa2f501bc26f82449bb588:1629217920.997349"
last-modified: Tue, 17 Aug 2021 16:32:01 GMT
content-length: 910
unused62: 8096267
cache-control: max-age=1525589
date: Wed, 14 Aug 2024 03:52:23 GMT
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=1
server-timing: ak_p; desc="1723607543708_3088893621_3555466680_157_1387_48_0_146";dur=1
GET

https://s1.pir.fm/pf/blog/facebook.png

msedge.exe

Remote address:

184.28.198.185:443

Request

GET /pf/blog/facebook.png HTTP/2.0
host: s1.pir.fm
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/png
etag: "15610f754cad6a500e1840bc7a26a668:1629217909.021564"
last-modified: Tue, 17 Aug 2021 16:31:49 GMT
content-length: 710
unused62: 8096267
cache-control: max-age=1952677
date: Wed, 14 Aug 2024 03:52:23 GMT
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=1
server-timing: ak_p; desc="1723607543710_3088893621_3555466682_40_1078_48_0_146";dur=1
GET

https://s1.pir.fm/pf/blog/twitter.png

msedge.exe

Remote address:

184.28.198.185:443

Request

GET /pf/blog/twitter.png HTTP/2.0
host: s1.pir.fm
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/png
etag: "ae7f706f4454ceef6ae8d73188ba81fe:1629217931.388715"
last-modified: Tue, 17 Aug 2021 16:32:11 GMT
content-length: 1344
cache-control: max-age=1769974
date: Wed, 14 Aug 2024 03:52:23 GMT
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=1
server-timing: ak_p; desc="1723607543710_3088893621_3555466683_45_1043_48_0_146";dur=1
GET

https://s1.pir.fm/pf/blog/linkedin.png

msedge.exe

Remote address:

184.28.198.185:443

Request

GET /pf/blog/linkedin.png HTTP/2.0
host: s1.pir.fm
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/png
etag: "4b95f1ff1304b8d6ee6124308535e427:1629217916.626804"
last-modified: Tue, 17 Aug 2021 16:31:56 GMT
content-length: 972
unused62: 8096267
cache-control: max-age=2113311
date: Wed, 14 Aug 2024 03:52:23 GMT
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=1
server-timing: ak_p; desc="1723607543710_3088893621_3555466684_61_1053_48_0_146";dur=1
GET

https://s1.pir.fm/pf/favicons--AwgCBwYOBQc/favicon-32x32.png

msedge.exe

Remote address:

184.28.198.185:443

Request

GET /pf/favicons--AwgCBwYOBQc/favicon-32x32.png HTTP/2.0
host: s1.pir.fm
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/png
etag: "4c6f3de823f62f41d3e6fba169eaedc0:1629217980.036267"
last-modified: Tue, 17 Aug 2021 16:33:00 GMT
content-length: 2584
unused62: 8096267
cache-control: max-age=1952790
date: Wed, 14 Aug 2024 03:52:25 GMT
server-timing: cdn-cache; desc=HIT
server-timing: edge; dur=8
server-timing: ak_p; desc="1723607545152_3088893621_3555470231_812_1442_55_0_219";dur=1
GET

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

msedge.exe

Remote address:

104.18.28.127:443

Request

GET /cookieconsentpub/v1/geo/location HTTP/2.0
host: geolocation.onetrust.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
accept: application/json
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
origin: https://www.ccleaner.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 14 Aug 2024 03:52:23 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 8b2dfdec09a57701-LHR
content-encoding: gzip
GET

https://assets.adobedtm.com/b29989a14bed/fb232d48b52a/launch-6a58c8f8d4cd.min.js

msedge.exe

Remote address:

2.18.108.226:443

Request

GET /b29989a14bed/fb232d48b52a/launch-6a58c8f8d4cd.min.js HTTP/2.0
host: assets.adobedtm.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: application/x-javascript
etag: "9fd89de1a5b58327ff8bb7d91d552999:1723053263.238406"
last-modified: Wed, 07 Aug 2024 17:54:23 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 60706
cache-control: max-age=3600
expires: Wed, 14 Aug 2024 04:52:23 GMT
date: Wed, 14 Aug 2024 03:52:23 GMT
access-control-allow-origin: https://www.ccleaner.com
timing-allow-origin: *
GET

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1723607541333

msedge.exe

Remote address:

54.228.186.105:443

Request

GET /id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1723607541333 HTTP/2.0
host: dpm.demdex.net
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: application/x-www-form-urlencoded
accept: */*
origin: https://www.ccleaner.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 14 Aug 2024 03:52:24 GMT
content-type: application/json;charset=utf-8
content-length: 308
x-tid: FpL9I3gIQlc=
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 UTC
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://www.ccleaner.com
vary: Origin
access-control-allow-credentials: true
dcs: dcs-prod-irl1-1-v064-06003dfbc.edge-irl1.demdex.com 1 ms
set-cookie: demdex=80318171545503196774396917911101543371; Max-Age=15552000; Expires=Mon, 10 Feb 2025 03:52:24 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
content-encoding: gzip
GET

https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zrwp_AAAAGaMagN6

msedge.exe

Remote address:

54.228.186.105:443

Request

GET /ibs:dpid=411&dpuuid=Zrwp_AAAAGaMagN6 HTTP/2.0
host: dpm.demdex.net
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Wed, 14 Aug 2024 03:52:25 GMT
content-length: 0
location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Zrwp_AAAAGaMagN6
x-tid: Lyxu+NNRTCE=
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 UTC
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
dcs: dcs-prod-irl1-1-v064-0ebf9a4d8.edge-irl1.demdex.com 0 ms
set-cookie: demdex=76729210527920456200149320221987444983; Max-Age=15552000; Expires=Mon, 10 Feb 2025 03:52:25 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
GET

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Zrwp_AAAAGaMagN6

msedge.exe

Remote address:

54.228.186.105:443

Request

GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Zrwp_AAAAGaMagN6 HTTP/2.0
host: dpm.demdex.net
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 14 Aug 2024 03:52:25 GMT
content-type: image/gif
content-length: 59
x-tid: QY5FZGaIQSg=
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 UTC
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
x-content-type-options: nosniff
dcs: dcs-prod-irl1-1-v064-08821a187.edge-irl1.demdex.com 0 ms
content-encoding: gzip
DNS

127.28.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

127.28.18.104.in-addr.arpa

IN PTR

Response
DNS

cm.everesttech.net

Remote address:

8.8.8.8:53

Request

cm.everesttech.net

IN A

Response

cm.everesttech.net

IN CNAME

cm.everesttech.net.akadns.net

cm.everesttech.net.akadns.net

IN A

52.48.198.240

cm.everesttech.net.akadns.net

IN A

99.80.25.176

cm.everesttech.net.akadns.net

IN A

34.241.49.148
DNS

53.2.50.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

53.2.50.20.in-addr.arpa

IN PTR

Response
DNS

226.108.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.108.18.2.in-addr.arpa

IN PTR

Response

226.108.18.2.in-addr.arpa

IN PTR

a2-18-108-226deploystaticakamaitechnologiescom
DNS

googleads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

216.58.214.162
DNS

60.109.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

60.109.18.2.in-addr.arpa

IN PTR

Response

60.109.18.2.in-addr.arpa

IN PTR

a2-18-109-60deploystaticakamaitechnologiescom
DNS

168.214.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

168.214.58.216.in-addr.arpa

IN PTR

Response

168.214.58.216.in-addr.arpa

IN PTR

mad01s26-in-f81e100net

168.214.58.216.in-addr.arpa

IN PTR

par10s42-in-f8�H

168.214.58.216.in-addr.arpa

IN PTR

mad01s26-in-f168�H
DNS

cdn-uat.ccleaner.com

Remote address:

8.8.8.8:53

Request

cdn-uat.ccleaner.com

IN A

Response

cdn-uat.ccleaner.com

IN CNAME

cdn-uat.ccleaner.com.edgekey.net

cdn-uat.ccleaner.com.edgekey.net

IN CNAME

e13363.dsca.akamaiedge.net

e13363.dsca.akamaiedge.net

IN A

2.18.109.139
DNS

53.153.251.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

53.153.251.34.in-addr.arpa

IN PTR

Response

53.153.251.34.in-addr.arpa

IN PTR

ec2-34-251-153-53 eu-west-1compute amazonawscom
DNS

227.74.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.74.250.142.in-addr.arpa

IN PTR

Response

227.74.250.142.in-addr.arpa

IN PTR

par10s40-in-f31e100net
DNS

x.ss2.us

Remote address:

8.8.8.8:53

Request

x.ss2.us

IN A

Response

x.ss2.us

IN A

108.156.39.43

x.ss2.us

IN A

108.156.39.107

x.ss2.us

IN A

108.156.39.6

x.ss2.us

IN A

108.156.39.61
DNS

12.114.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

12.114.248.87.in-addr.arpa

IN PTR

Response

12.114.248.87.in-addr.arpa

IN PTR

e2ycpiviplobyahoocom
DNS

zn4i1jhjmxub1nc6y-gendigital.siteintercept.qualtrics.com

Remote address:

8.8.8.8:53

Request

zn4i1jhjmxub1nc6y-gendigital.siteintercept.qualtrics.com

IN A

Response

zn4i1jhjmxub1nc6y-gendigital.siteintercept.qualtrics.com

IN CNAME

siteintercept.qprod2.net

siteintercept.qprod2.net

IN CNAME

prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net

prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net

IN A

104.17.209.240

prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net

IN A

104.17.208.240
POST

https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5&tag_exp=0&rnd=866396609.1723607542&url=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169&dma=0&npa=0&gtm=45He48c0n71KFXRTRv71945860za200&auid=506217054.1723607542

msedge.exe

Remote address:

172.217.20.196:443

Request

POST /pagead/landing?gcs=G111&gcd=13t3t3t3t5&tag_exp=0&rnd=866396609.1723607542&url=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169&dma=0&npa=0&gtm=45He48c0n71KFXRTRv71945860za200&auid=506217054.1723607542 HTTP/2.0
host: www.google.com
content-length: 0
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.ccleaner.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.nortonlifelock.com/content/dam/norton-adobe-analytics/prod/s_code_norton_min.js

msedge.exe

Remote address:

2.18.108.120:443

Request

GET /content/dam/norton-adobe-analytics/prod/s_code_norton_min.js HTTP/2.0
host: www.nortonlifelock.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
content-length: 26650
server: Apache
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-disposition: attachment
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2024 17:35:58 GMT
etag: "1429e-61dd97a589b80-gzip"
accept-ranges: bytes
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=0
expires: Wed, 14 Aug 2024 03:52:24 GMT
date: Wed, 14 Aug 2024 03:52:24 GMT
vary: Accept-Encoding
GET

https://mstatic.ccleaner.com/api/mhubc.js

msedge.exe

Remote address:

20.50.2.53:443

Request

GET /api/mhubc.js HTTP/2.0
host: mstatic.ccleaner.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: AMCV_67C716D751E567F70A490D4C%40AdobeOrg=179643557%7CMCIDTS%7C19950%7CvVersion%7C5.5.0
cookie: at_check=true
cookie: mbox=session#5a7714e6811a496da3bc686cacbc8044#1723609402
cookie: _gcl_au=1.1.506217054.1723607542
cookie: __srcCookie=007_z8h||source=(Other)|medium=(none)|campaign=(not set)|segmentCode=z
cookie: pglpid=undefined

Response

HTTP/2.0 200

content-type: application/javascript; charset=utf-8
date: Wed, 14 Aug 2024 03:52:24 GMT
cache-control: public, max-age=86400, private
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex,nofollow
GET

https://amplify.outbrain.com/cp/obtp.js

msedge.exe

Remote address:

2.18.109.60:443

Request

GET /cp/obtp.js HTTP/1.1
Host: amplify.outbrain.com
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://www.ccleaner.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "484f007d650a3fc9fe7590700b8bf590:1721634587.188058"
Last-Modified: Mon, 22 Jul 2024 07:46:01 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8617
Cache-Control: max-age=1200
Expires: Wed, 14 Aug 2024 04:12:24 GMT
Date: Wed, 14 Aug 2024 03:52:24 GMT
Connection: keep-alive
X-RG: EU
X-CC: GB
GET

https://symantec.demdex.net/dest5.html?d_nsid=0

msedge.exe

Remote address:

34.251.153.53:443

Request

GET /dest5.html?d_nsid=0 HTTP/2.0
host: symantec.demdex.net
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 14 Aug 2024 03:52:24 GMT
content-type: text/html;charset=UTF-8
x-tid: +keHfNJaSew=
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 UTC
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
accept-ranges: bytes
last-modified: Tue, 13 Aug 2024 08:47:04 GMT
vary: accept-encoding
dcs: dcs-prod-irl1-1-v064-046468a86.edge-irl1.demdex.com 0 ms
content-encoding: gzip
GET

https://s.yimg.com/wi/ytc.js

msedge.exe

Remote address:

87.248.114.12:443

Request

GET /wi/ytc.js HTTP/2.0
host: s.yimg.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://s.yimg.com/wi/config/10180940.json

msedge.exe

Remote address:

87.248.114.12:443

Request

GET /wi/config/10180940.json HTTP/2.0
host: s.yimg.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.ccleaner.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.mczbf.com/tags/563151391133/tag.js

msedge.exe

Remote address:

108.156.39.37:443

Request

GET /tags/563151391133/tag.js HTTP/1.1
Host: www.mczbf.com
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://www.ccleaner.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Wed, 14 Aug 2024 03:34:51 GMT
X-Request-ID: 2a0edbca-59ee-11ef-bb48-8beaa0909693
Cache-Control: max-age=1800
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
X-Cache: Hit from cloudfront
Via: 1.1 728b6476f3e2317ec8044d22806d4f94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P1
X-Amz-Cf-Id: 8yEViJboDWbn-bJRpd7lizohmnCnItkNmm3jfPxRwmUoz10tYGpd8Q==
Age: 1053
GET

https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&tag_exp=0&rnd=866396609.1723607542&url=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169&dma=0&npa=0&gtm=45He48c0n71KFXRTRv71945860za200&auid=506217054.1723607542

msedge.exe

Remote address:

216.58.214.162:443

Request

GET /pagead/landing?gcs=G111&gcd=13t3t3t3t5&tag_exp=0&rnd=866396609.1723607542&url=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169&dma=0&npa=0&gtm=45He48c0n71KFXRTRv71945860za200&auid=506217054.1723607542 HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://symantec.tt.omtrdc.net/m2/symantec/mbox/json?mbox=sym_global_mbox&mboxSession=5a7714e6811a496da3bc686cacbc8044&mboxPC=&mboxPage=b57208d4b1d34fcbaae100c023400f94&mboxRid=229c185856394450bf2044e853802282&mboxVersion=1.8.3&mboxCount=1&mboxTime=1723607541395&mboxHost=www.ccleaner.com&mboxURL=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169%3Fcv%3Dv6-26-11169&mboxReferrer=&browserHeight=601&browserWidth=1263&browserTimeOffset=0&screenHeight=720&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&webGLRenderer=ANGLE%20(NVIDIA%2C%20NVIDIA%20GeForce%20RTX%203060%20Ti%20Direct3D11%20vs_5_0%20ps_5_0%2C%20D3D11-10.0.22000.1)&country=us&language=en&pagename=ccleaner-v6-26-11169&at_property=74efb873-ee28-a71f-a807-f416259640d3&site_section=ccleaner&site_subsection=knowledge&mboxMCSDID=4041BE97A99ED376-54BA1D9733C01931&mboxMCGVID=80157457351543210364418001446598287226&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&mboxMCGLH=6

msedge.exe

Remote address:

66.235.152.225:443

Request

GET /m2/symantec/mbox/json?mbox=sym_global_mbox&mboxSession=5a7714e6811a496da3bc686cacbc8044&mboxPC=&mboxPage=b57208d4b1d34fcbaae100c023400f94&mboxRid=229c185856394450bf2044e853802282&mboxVersion=1.8.3&mboxCount=1&mboxTime=1723607541395&mboxHost=www.ccleaner.com&mboxURL=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169%3Fcv%3Dv6-26-11169&mboxReferrer=&browserHeight=601&browserWidth=1263&browserTimeOffset=0&screenHeight=720&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&webGLRenderer=ANGLE%20(NVIDIA%2C%20NVIDIA%20GeForce%20RTX%203060%20Ti%20Direct3D11%20vs_5_0%20ps_5_0%2C%20D3D11-10.0.22000.1)&country=us&language=en&pagename=ccleaner-v6-26-11169&at_property=74efb873-ee28-a71f-a807-f416259640d3&site_section=ccleaner&site_subsection=knowledge&mboxMCSDID=4041BE97A99ED376-54BA1D9733C01931&mboxMCGVID=80157457351543210364418001446598287226&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&mboxMCGLH=6 HTTP/2.0
host: symantec.tt.omtrdc.net
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.ccleaner.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 14 Aug 2024 03:52:24 GMT
content-type: application/json;charset=UTF-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
access-control-allow-origin: https://www.ccleaner.com
access-control-allow-credentials: true
x-request-id: 229c185856394450bf2044e853802282
pragma: no-cache
timing-allow-origin: *
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
server: jag
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
GET

https://tr.outbrain.com/unifiedPixel?au=true&bust=05136152260757458&referrer=&cht=ot&marketerId=001ac0827d67b7b38319c9517e7fa2f4cc&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169%3Fcv%3Dv6-26-11169&g=1&obApiVersion=1.1&obtpVersion=2.0.5

msedge.exe

Remote address:

50.31.142.223:443

Request

GET /unifiedPixel?au=true&bust=05136152260757458&referrer=&cht=ot&marketerId=001ac0827d67b7b38319c9517e7fa2f4cc&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169%3Fcv%3Dv6-26-11169&g=1&obApiVersion=1.1&obtpVersion=2.0.5 HTTP/1.1
Host: tr.outbrain.com
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: empty
Referer: https://www.ccleaner.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

date: Wed, 14 Aug 2024 03:52:24 GMT
content-type: image/gif;
content-length: 54
cache-control: no-cache
x-traceid: 1d7500b1f0352f2ff01e73598aed7d33
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://wave.outbrain.com/mtWavesBundler/handler/001ac0827d67b7b38319c9517e7fa2f4cc

msedge.exe

Remote address:

2.18.109.60:443

Request

GET /mtWavesBundler/handler/001ac0827d67b7b38319c9517e7fa2f4cc HTTP/1.1
Host: wave.outbrain.com
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://www.ccleaner.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
x-traceid: 84dea759c0ad4eb00bed985f4196c501
Access-Control-Allow-Origin: *
ob-sent-time: 1723550988461
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
strict-transport-security: max-age=31536000; includeSubDomains; preload
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 22
Cache-Control: max-age=60
Expires: Wed, 14 Aug 2024 03:53:24 GMT
Date: Wed, 14 Aug 2024 03:52:24 GMT
Connection: keep-alive
X-RG: EU
X-CC: GB
GET

https://oms.ccleaner.com/b/ss/symanteccom/1/JS-2.22.0/s35328544968541?AQB=1&ndh=1&pf=1&t=14%2F7%2F2024%203%3A52%3A22%203%200&sdid=4041BE97A99ED376-54BA1D9733C01931&mid=80157457351543210364418001446598287226&aamlh=6&ce=UTF-8&pageName=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-26-11169&g=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169%3Fcv%3Dv6-26-11169&server=norton&events=event69&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=us&c3=en&c8=D%3Dv163&c14=D%3Dv16&v18=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-26-11169&v21=D%3Dc21&v27=D%3Dc2&v28=D%3Dc3&c35=D%3DpageName&c41=ccleaner&v41=D%3Dc41&c46=html&c47=page&v47=s_code_norton%202024-07-15&c48=CCleaner%20v6.26.11169&v48=D%3Dc49&c49=knowledge&v49=D%3Dc48&v57=80157457351543210364418001446598287226&c59=ccleaner%3Aknowledge%3Accleaner-v6-26-11169&v59=D%3Dc59&v72=ccleaner&c75=D%3Dv57&v96=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169&v164=ccleaner%3A999_a&s=1280x720&c=24&j=1.6&v=N&k=Y&bw=1280&bh=601&mcorgid=67C716D751E567F70A490D4C%40AdobeOrg&AQE=1

msedge.exe

Remote address:

66.235.152.156:443

Request

GET /b/ss/symanteccom/1/JS-2.22.0/s35328544968541?AQB=1&ndh=1&pf=1&t=14%2F7%2F2024%203%3A52%3A22%203%200&sdid=4041BE97A99ED376-54BA1D9733C01931&mid=80157457351543210364418001446598287226&aamlh=6&ce=UTF-8&pageName=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-26-11169&g=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169%3Fcv%3Dv6-26-11169&server=norton&events=event69&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=us&c3=en&c8=D%3Dv163&c14=D%3Dv16&v18=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-26-11169&v21=D%3Dc21&v27=D%3Dc2&v28=D%3Dc3&c35=D%3DpageName&c41=ccleaner&v41=D%3Dc41&c46=html&c47=page&v47=s_code_norton%202024-07-15&c48=CCleaner%20v6.26.11169&v48=D%3Dc49&c49=knowledge&v49=D%3Dc48&v57=80157457351543210364418001446598287226&c59=ccleaner%3Aknowledge%3Accleaner-v6-26-11169&v59=D%3Dc59&v72=ccleaner&c75=D%3Dv57&v96=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169&v164=ccleaner%3A999_a&s=1280x720&c=24&j=1.6&v=N&k=Y&bw=1280&bh=601&mcorgid=67C716D751E567F70A490D4C%40AdobeOrg&AQE=1 HTTP/2.0
host: oms.ccleaner.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: at_check=true
cookie: mbox=session#5a7714e6811a496da3bc686cacbc8044#1723609402
cookie: _gcl_au=1.1.506217054.1723607542
cookie: __srcCookie=007_z8h||source=(Other)|medium=(none)|campaign=(not set)|segmentCode=z
cookie: pglpid=undefined
cookie: sourceCodeCookie=999_a8h||source=direct|medium=(none)|campaign=(not set)|segmentCode=a
cookie: __trSrc=999_a8h
cookie: sdl_cid=926184086.1723607542
cookie: AMCVS_67C716D751E567F70A490D4C%40AdobeOrg=1
cookie: AMCV_67C716D751E567F70A490D4C%40AdobeOrg=179643557%7CMCIDTS%7C19950%7CMCMID%7C80157457351543210364418001446598287226%7CMCAAMLH-1724212341%7C6%7CMCAAMB-1724212341%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1723614741s%7CNONE%7CvVersion%7C5.5.0
cookie: avstperm=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0%2CC0005%3A0
cookie: OptanonConsent=isIABGlobal=false&datestamp=Wed+Aug+14+2024+03%3A52%3A21+GMT%2B0000+(Greenwich+Mean+Time)&version=6.36.0&hosts=&consentId=4a334313-adca-4de1-8be8-32ad469c8ccc&interactionCount=0&landingPath=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169%3Fcv%3Dv6-26-11169&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CBG232%3A0%2CC0004%3A0%2CC0005%3A0
cookie: s_nr=1723607542160-New
cookie: event69=event69
cookie: channelStack=s_eVar72~ccleaner
cookie: s_tbm=true
cookie: s_gpv=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-26-11169
cookie: s_gpv_custom=ccleaner%3Aknowledge%3Accleaner-v6-26-11169
cookie: s_cc=true

Response

HTTP/2.0 200

access-control-allow-origin: *
date: Wed, 14 Aug 2024 03:52:24 GMT
expires: Tue, 13 Aug 2024 03:52:24 GMT
last-modified: Thu, 15 Aug 2024 03:52:24 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3701419017732292608-4618639922172636374
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
POST

https://www.mczbf.com/563151391133/pageInfo

msedge.exe

Remote address:

108.156.39.37:443

Request

POST /563151391133/pageInfo HTTP/1.1
Host: www.mczbf.com
Connection: keep-alive
Content-Length: 868
Cache-Control: max-age=0
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
Accept: */*
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Content-Type: application/x-www-form-urlencoded
Origin: https://www.ccleaner.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.ccleaner.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/png
Content-Length: 68
Connection: keep-alive
Date: Wed, 14 Aug 2024 03:52:25 GMT
X-Robots-Tag: noindex, nofollow
X-Request-ID: 9e111fb2-59f0-11ef-bb48-8beaa0909693
Access-Control-Allow-Origin: *
Cache-Control: no-store
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 81dd58fce895623c177df225d0a65d52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P1
X-Amz-Cf-Id: yT8YDDx6xyU1WlwzSas2NSCTUIC5zZL-80R7H2fCa8Uk73-4q7NPKw==
DNS

43.39.156.108.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.39.156.108.in-addr.arpa

IN PTR

Response

43.39.156.108.in-addr.arpa

IN PTR

server-108-156-39-43lhr50r cloudfrontnet
DNS

privacyportal-de.onetrust.com

Remote address:

8.8.8.8:53

Request

privacyportal-de.onetrust.com

IN A

Response

privacyportal-de.onetrust.com

IN A

104.18.29.127

privacyportal-de.onetrust.com

IN A

104.18.28.127
DNS

223.142.31.50.in-addr.arpa

Remote address:

8.8.8.8:53

Request

223.142.31.50.in-addr.arpa

IN PTR

Response

223.142.31.50.in-addr.arpa

IN PTR

chioutbraincom
DNS

21.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.236.111.52.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

156.152.235.66.in-addr.arpa

Remote address:

8.8.8.8:53

Request

156.152.235.66.in-addr.arpa

IN PTR

Response

156.152.235.66.in-addr.arpa

IN PTR

ip-66-235-152-156dataadobedcnet
DNS

nexusrules.officeapps.live.com

Remote address:

8.8.8.8:53

Request

nexusrules.officeapps.live.com

IN A

Response

nexusrules.officeapps.live.com

IN CNAME

prod.nexusrules.live.com.akadns.net

prod.nexusrules.live.com.akadns.net

IN A

52.111.236.21
GET

https://zn4i1jhjmxub1nc6y-gendigital.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_4I1jhjmxub1NC6y

msedge.exe

Remote address:

104.17.209.240:443

Request

GET /SIE/?Q_ZID=ZN_4I1jhjmxub1NC6y HTTP/2.0
host: zn4i1jhjmxub1nc6y-gendigital.siteintercept.qualtrics.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ccleaner.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 14 Aug 2024 03:52:25 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
content-encoding: gzip
edge-control: max-age=604800
etag: W/"26a0-pVF40tAG64E9W8gT4nZfsvIiS7g"
timing-allow-origin: *
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
permissions-policy: camera=(), geolocation=(), microphone=()
content-security-policy-report-only: frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
cf-cache-status: HIT
age: 160677
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 8b2dfdf64f0b3693-LHR

34.117.223.223:443

https://analytics.avcdn.net/receive3

tls, http

ccsetup626pro.exe

3.1kB
6.5kB
18
14

HTTP Request

POST https://analytics.avcdn.net/receive3

HTTP Response

200

HTTP Request

POST https://analytics.avcdn.net/receive3

HTTP Response

200

HTTP Request

POST https://analytics.avcdn.net/receive3

HTTP Response

200
23.49.163.75:443

service.piriform.com

tls

ccsetup626pro.exe

1.3kB
5.2kB
12
9
23.49.163.75:443

license.piriform.com

tls

ccsetup626pro.exe

1.9kB
6.5kB
14
10
34.160.176.28:443

shepherd.ff.avast.com

tls

ccsetup626pro.exe

1.7kB
8.1kB
16
13
216.58.214.67:80

http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D

http

ccsetup626pro.exe

469 B
1.9kB
5
4

HTTP Request

GET http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D

HTTP Response

200
216.58.214.67:80

http://c.pki.goog/r/r1.crl

http

ccsetup626pro.exe

395 B
1.7kB
6
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
216.58.214.67:80

http://o.pki.goog/s/wr3/tKg/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQSq0i5t2Pafi2Gw9uzwnc7KTctWgQUx4H1%2FY6I2QA8TWOiUDEkoM4j%2FiMCEQC0qDqIEtY8IApzSgcUAYOk

http

ccsetup626pro.exe

467 B
858 B
5
3

HTTP Request

GET http://o.pki.goog/s/wr3/tKg/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQSq0i5t2Pafi2Gw9uzwnc7KTctWgQUx4H1%2FY6I2QA8TWOiUDEkoM4j%2FiMCEQC0qDqIEtY8IApzSgcUAYOk

HTTP Response

200
34.149.149.62:443

ip-info.ff.avast.com

tls

CCUpdate.exe

987 B
6.4kB
10
10
2.18.190.83:80

http://ncc.avast.com/ncc.txt

http

CCleaner64.exe

329 B
243 B
5
2

HTTP Request

GET http://ncc.avast.com/ncc.txt

HTTP Response

200
34.117.223.223:443

https://analytics.avcdn.net/receive3

tls, http

CCleaner64.exe

2.9kB
7.0kB
18
17

HTTP Request

POST https://analytics.avcdn.net/receive3

HTTP Response

200

HTTP Request

POST https://analytics.avcdn.net/receive3

HTTP Response

200

HTTP Request

POST https://analytics.avcdn.net/receive3

HTTP Response

200
2.18.190.74:80

http://emupdate.avcdn.net/files/emupdate/pong.txt

http

CCUpdate.exe

400 B
573 B
5
3

HTTP Request

HEAD http://emupdate.avcdn.net/files/emupdate/pong.txt

HTTP Response

200
2.18.190.83:80

http://ccleaner.tools.avcdn.net/tools/ccleaner/update/updates.xml

http

CCUpdate.exe

17.6kB
497.4kB
283
361

HTTP Request

GET http://ccleaner.tools.avcdn.net/tools/ccleaner/update/patches.ini

HTTP Response

200

HTTP Request

GET http://ccleaner.tools.avcdn.net/tools/ccleaner/update/20180205.dll

HTTP Response

200

HTTP Request

GET http://ccleaner.tools.avcdn.net/tools/ccleaner/update/updates.xml

HTTP Response

200
34.149.149.62:443

ip-info.ff.avast.com

tls

CCUpdate.exe

1.9kB
6.6kB
14
12
216.239.38.178:80

http://www.google-analytics.com/collect?v=1&tid=UA-58120669-26&t=event&cid=488dca4c15f9a1d330ad312b391a804e00000000000000000000000000000000&ec=20180910&ea=version_check&el=0&ev=0

http

CCUpdate.exe

1.0kB
1.5kB
6
5

HTTP Request

GET http://www.google-analytics.com/collect?v=1&tid=UA-58120669-26&t=event&cid=488dca4c15f9a1d330ad312b391a804e00000000000000000000000000000000&ec=20180910&ea=executed&el=1&ev=0

HTTP Response

200

HTTP Request

GET http://www.google-analytics.com/collect?v=1&tid=UA-58120669-26&t=event&cid=488dca4c15f9a1d330ad312b391a804e00000000000000000000000000000000&ec=20180910&ea=version&el=6.26.0.11169&ev=0

HTTP Response

200

HTTP Request

GET http://www.google-analytics.com/collect?v=1&tid=UA-58120669-26&t=event&cid=488dca4c15f9a1d330ad312b391a804e00000000000000000000000000000000&ec=20180910&ea=version_check&el=0&ev=0

HTTP Response

200
2.18.109.139:80

http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=3

http

msedge.exe

765 B
619 B
6
4

HTTP Request

GET http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=3

HTTP Response

301
2.18.109.139:80

cdn-production.ccleaner.com

msedge.exe

190 B
92 B
4
2
2.18.190.83:80

http://ncc.avast.com/ncc.txt

http

CCleaner64.exe

283 B
283 B
4
3

HTTP Request

GET http://ncc.avast.com/ncc.txt

HTTP Response

200
34.111.24.1:443

ipm-provider.ff.avast.com

tls

CCleaner64.exe

1.7kB
6.3kB
11
10
2.18.109.139:443

https://cdn-uat.ccleaner.com/site/43khe3ys/cc-logo-inline-black-text.svg

tls, http2

msedge.exe

25.9kB
1.2MB
474
896

HTTP Request

GET https://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=3

HTTP Response

301

HTTP Request

GET https://www.ccleaner.com/knowledge/ccleaner-v6-26-11169?cv=v6-26-11169

HTTP Response

200

HTTP Request

GET https://www.ccleaner.com/dist/uiv1/apiary-legacy-vue.css?v=1.0.105

HTTP Request

GET https://www.ccleaner.com/dist/uiv1/apiary-legacy-native.css?v=1.0.105

HTTP Request

GET https://www.ccleaner.com/dist/js/legacy/sniffer.js?v=1.0.105

HTTP Request

GET https://www.ccleaner.com/dist/js/legacy/unsupportedBrowserRedirect.js?v=1.0.105

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.ccleaner.com/scripts/vendor/vue.global.prod.min-3.2.21.js?v=1.0.105

HTTP Response

200

HTTP Request

GET https://www.ccleaner.com/scripts/vendor/jquery-3.6.4.min.js?v=1.0.105

HTTP Response

200

HTTP Request

GET https://www.ccleaner.com/dist/uiv1/apiary-legacy-native.iife.js?v=1.0.105

HTTP Response

200

HTTP Request

GET https://www.ccleaner.com/dist/uiv1/apiary-legacy-vue.iife.js?v=1.0.105

HTTP Response

200

HTTP Request

GET https://www.ccleaner.com/en-us/api/knowledge/categories?guid=c0c9d759-25ff-4378-a1c0-c4dc20c62cde

HTTP Request

GET https://www.ccleaner.com/en-us/api/knowledge/related-articles?guid=c0c9d759-25ff-4378-a1c0-c4dc20c62cde

HTTP Request

GET https://www.ccleaner.com/en-us/api/knowledge/article?guid=c0c9d759-25ff-4378-a1c0-c4dc20c62cde

HTTP Request

GET https://www.ccleaner.com/en-us/api/knowledge/labels?guid=c0c9d759-25ff-4378-a1c0-c4dc20c62cde

HTTP Request

GET https://www.ccleaner.com/en-us/api/site/settings

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn-production.ccleaner.com/site/cafopxlb/blog-author-alex.jpg

HTTP Request

GET https://cdn-production.ccleaner.com/site/rv3ppjqo/recuva_450x245px.png

HTTP Request

GET https://cdn-production.ccleaner.com/site/ysco1rxm/release-announce-blog-1560x590.jpg

HTTP Request

GET https://cdn-production.ccleaner.com/site/veim0gik/janmazal.jpeg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn-uat.ccleaner.com/site/43khe3ys/cc-logo-inline-black-text.svg

HTTP Response

200
216.58.214.67:80

http://o.pki.goog/s/wr3/Gvk/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSq0i5t2Pafi2Gw9uzwnc7KTctWgQUx4H1%2FY6I2QA8TWOiUDEkoM4j%2FiMCEBr5AFlWZR%2FCCWtA%2Bxx6j%2FM%3D

http

CCleaner64.exe

429 B
856 B
4
3

HTTP Request

GET http://o.pki.goog/s/wr3/Gvk/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSq0i5t2Pafi2Gw9uzwnc7KTctWgQUx4H1%2FY6I2QA8TWOiUDEkoM4j%2FiMCEBr5AFlWZR%2FCCWtA%2Bxx6j%2FM%3D

HTTP Response

200
104.18.86.42:443

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

tls, http2

msedge.exe

4.4kB
114.8kB
67
101

HTTP Request

GET https://cdn.cookielaw.org/consent/831b8ee0-e952-49a5-af6b-01382c722774/OtAutoBlock.js

HTTP Request

GET https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn.cookielaw.org/scripttemplates/6.36.0/otBannerSdk.js

HTTP Response

200

HTTP Request

GET https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

HTTP Response

200
104.18.86.42:443

cdn.cookielaw.org

tls, http2

msedge.exe

943 B
3.1kB
8
6
104.18.86.42:443

https://cdn.cookielaw.org/scripttemplates/6.36.0/assets/otCommonStyles.css

tls, http2

msedge.exe

3.6kB
70.9kB
47
75

HTTP Request

GET https://cdn.cookielaw.org/consent/831b8ee0-e952-49a5-af6b-01382c722774/831b8ee0-e952-49a5-af6b-01382c722774.json

HTTP Response

200

HTTP Request

GET https://cdn.cookielaw.org/consent/831b8ee0-e952-49a5-af6b-01382c722774/0191274f-f38d-7131-b9c2-42835c1452b6/en.json

HTTP Response

200

HTTP Request

GET https://cdn.cookielaw.org/scripttemplates/6.36.0/assets/otCenterRounded.json

HTTP Request

GET https://cdn.cookielaw.org/scripttemplates/6.36.0/assets/v2/otPcCenter.json

HTTP Request

GET https://cdn.cookielaw.org/scripttemplates/6.36.0/assets/otCommonStyles.css

HTTP Response

200

HTTP Response

200

HTTP Response

200
95.100.244.132:443

https://s.go-mpulse.net/boomerang/KHFPC-EEZSQ-MPDZF-9BJVS-S3BCL

tls, http2

msedge.exe

2.7kB
42.7kB
35
40

HTTP Request

GET https://s.go-mpulse.net/boomerang/KHFPC-EEZSQ-MPDZF-9BJVS-S3BCL

HTTP Response

200
172.217.20.196:443

https://www.google.com/recaptcha/api.js?onload=ccleaner_recaptcha_onloadCallback&render=explicit

tls, http2

msedge.exe

1.8kB
6.9kB
15
17

HTTP Request

GET https://www.google.com/recaptcha/api.js?onload=ccleaner_recaptcha_onloadCallback&render=explicit
2.18.109.243:443

https://s7.addthis.com/js/300/addthis_widget.js

tls, http2

msedge.exe

1.8kB
6.8kB
15
18

HTTP Request

GET https://s7.addthis.com/js/300/addthis_widget.js

HTTP Response

200
184.28.198.185:443

s1.pir.fm

tls

msedge.exe

1.1kB
4.6kB
10
10
184.28.198.185:443

https://s1.pir.fm/pf/favicons--AwgCBwYOBQc/favicon-32x32.png

tls, http2

msedge.exe

4.5kB
87.3kB
63
76

HTTP Request

GET https://s1.pir.fm/pf/logos--DA8LAgMPCAQ/ccleaner-logo--small.jpg

HTTP Request

GET https://s1.pir.fm/pf/btn-hamburger-grey.png

HTTP Request

GET https://s1.pir.fm/pf/blog/knowledge-center-header-image.jpg

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://s1.pir.fm/pf/blog/post-icon.png

HTTP Request

GET https://s1.pir.fm/pf/blog/facebook.png

HTTP Request

GET https://s1.pir.fm/pf/blog/twitter.png

HTTP Request

GET https://s1.pir.fm/pf/blog/linkedin.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://s1.pir.fm/pf/favicons--AwgCBwYOBQc/favicon-32x32.png

HTTP Response

200
104.18.28.127:443

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

tls, http2

msedge.exe

1.6kB
3.6kB
12
11

HTTP Request

GET https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

HTTP Response

200
2.18.108.226:443

https://assets.adobedtm.com/b29989a14bed/fb232d48b52a/launch-6a58c8f8d4cd.min.js

tls, http2

msedge.exe

3.2kB
68.1kB
45
59

HTTP Request

GET https://assets.adobedtm.com/b29989a14bed/fb232d48b52a/launch-6a58c8f8d4cd.min.js

HTTP Response

200
54.228.186.105:443

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Zrwp_AAAAGaMagN6

tls, http2

msedge.exe

2.1kB
7.5kB
16
18

HTTP Request

GET https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1723607541333

HTTP Response

200

HTTP Request

GET https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zrwp_AAAAGaMagN6

HTTP Response

302

HTTP Request

GET https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Zrwp_AAAAGaMagN6

HTTP Response

200
172.217.20.196:443

https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5&tag_exp=0&rnd=866396609.1723607542&url=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169&dma=0&npa=0&gtm=45He48c0n71KFXRTRv71945860za200&auid=506217054.1723607542

tls, http2

msedge.exe

2.0kB
6.1kB
16
16

HTTP Request

POST https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5&tag_exp=0&rnd=866396609.1723607542&url=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169&dma=0&npa=0&gtm=45He48c0n71KFXRTRv71945860za200&auid=506217054.1723607542
2.18.108.120:443

https://www.nortonlifelock.com/content/dam/norton-adobe-analytics/prod/s_code_norton_min.js

tls, http2

msedge.exe

2.3kB
34.6kB
26
37

HTTP Request

GET https://www.nortonlifelock.com/content/dam/norton-adobe-analytics/prod/s_code_norton_min.js

HTTP Response

200
20.50.2.53:443

https://mstatic.ccleaner.com/api/mhubc.js

tls, http2

msedge.exe

4.0kB
80.0kB
47
65

HTTP Request

GET https://mstatic.ccleaner.com/api/mhubc.js

HTTP Response

200
2.18.109.60:443

https://amplify.outbrain.com/cp/obtp.js

tls, http

msedge.exe

1.8kB
14.4kB
14
18

HTTP Request

GET https://amplify.outbrain.com/cp/obtp.js

HTTP Response

200
34.251.153.53:443

https://symantec.demdex.net/dest5.html?d_nsid=0

tls, http2

msedge.exe

1.8kB
8.7kB
14
15

HTTP Request

GET https://symantec.demdex.net/dest5.html?d_nsid=0

HTTP Response

200
87.248.114.12:443

https://s.yimg.com/wi/config/10180940.json

tls, http2

msedge.exe

2.0kB
14.4kB
18
20

HTTP Request

GET https://s.yimg.com/wi/ytc.js

HTTP Request

GET https://s.yimg.com/wi/config/10180940.json
108.156.39.37:443

https://www.mczbf.com/tags/563151391133/tag.js

tls, http

msedge.exe

1.9kB
23.2kB
17
22

HTTP Request

GET https://www.mczbf.com/tags/563151391133/tag.js

HTTP Response

200
52.48.198.240:443

cm.everesttech.net

tls

msedge.exe

1.8kB
6.6kB
11
11
216.58.214.162:443

https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&tag_exp=0&rnd=866396609.1723607542&url=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169&dma=0&npa=0&gtm=45He48c0n71KFXRTRv71945860za200&auid=506217054.1723607542

tls, http2

msedge.exe

1.9kB
6.3kB
15
16

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&tag_exp=0&rnd=866396609.1723607542&url=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169&dma=0&npa=0&gtm=45He48c0n71KFXRTRv71945860za200&auid=506217054.1723607542
66.235.152.225:443

https://symantec.tt.omtrdc.net/m2/symantec/mbox/json?mbox=sym_global_mbox&mboxSession=5a7714e6811a496da3bc686cacbc8044&mboxPC=&mboxPage=b57208d4b1d34fcbaae100c023400f94&mboxRid=229c185856394450bf2044e853802282&mboxVersion=1.8.3&mboxCount=1&mboxTime=1723607541395&mboxHost=www.ccleaner.com&mboxURL=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169%3Fcv%3Dv6-26-11169&mboxReferrer=&browserHeight=601&browserWidth=1263&browserTimeOffset=0&screenHeight=720&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&webGLRenderer=ANGLE%20(NVIDIA%2C%20NVIDIA%20GeForce%20RTX%203060%20Ti%20Direct3D11%20vs_5_0%20ps_5_0%2C%20D3D11-10.0.22000.1)&country=us&language=en&pagename=ccleaner-v6-26-11169&at_property=74efb873-ee28-a71f-a807-f416259640d3&site_section=ccleaner&site_subsection=knowledge&mboxMCSDID=4041BE97A99ED376-54BA1D9733C01931&mboxMCGVID=80157457351543210364418001446598287226&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&mboxMCGLH=6

tls, http2

msedge.exe

2.3kB
5.6kB
12
11

HTTP Request

GET https://symantec.tt.omtrdc.net/m2/symantec/mbox/json?mbox=sym_global_mbox&mboxSession=5a7714e6811a496da3bc686cacbc8044&mboxPC=&mboxPage=b57208d4b1d34fcbaae100c023400f94&mboxRid=229c185856394450bf2044e853802282&mboxVersion=1.8.3&mboxCount=1&mboxTime=1723607541395&mboxHost=www.ccleaner.com&mboxURL=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169%3Fcv%3Dv6-26-11169&mboxReferrer=&browserHeight=601&browserWidth=1263&browserTimeOffset=0&screenHeight=720&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&webGLRenderer=ANGLE%20(NVIDIA%2C%20NVIDIA%20GeForce%20RTX%203060%20Ti%20Direct3D11%20vs_5_0%20ps_5_0%2C%20D3D11-10.0.22000.1)&country=us&language=en&pagename=ccleaner-v6-26-11169&at_property=74efb873-ee28-a71f-a807-f416259640d3&site_section=ccleaner&site_subsection=knowledge&mboxMCSDID=4041BE97A99ED376-54BA1D9733C01931&mboxMCGVID=80157457351543210364418001446598287226&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&mboxMCGLH=6

HTTP Response

200
50.31.142.223:443

https://tr.outbrain.com/unifiedPixel?au=true&bust=05136152260757458&referrer=&cht=ot&marketerId=001ac0827d67b7b38319c9517e7fa2f4cc&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169%3Fcv%3Dv6-26-11169&g=1&obApiVersion=1.1&obtpVersion=2.0.5

tls, http

msedge.exe

1.9kB
4.8kB
11
10

HTTP Request

GET https://tr.outbrain.com/unifiedPixel?au=true&bust=05136152260757458&referrer=&cht=ot&marketerId=001ac0827d67b7b38319c9517e7fa2f4cc&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169%3Fcv%3Dv6-26-11169&g=1&obApiVersion=1.1&obtpVersion=2.0.5

HTTP Response

200
2.18.109.60:443

https://wave.outbrain.com/mtWavesBundler/handler/001ac0827d67b7b38319c9517e7fa2f4cc

tls, http

msedge.exe

1.7kB
5.6kB
11
12

HTTP Request

GET https://wave.outbrain.com/mtWavesBundler/handler/001ac0827d67b7b38319c9517e7fa2f4cc

HTTP Response

200
66.235.152.156:443

https://oms.ccleaner.com/b/ss/symanteccom/1/JS-2.22.0/s35328544968541?AQB=1&ndh=1&pf=1&t=14%2F7%2F2024%203%3A52%3A22%203%200&sdid=4041BE97A99ED376-54BA1D9733C01931&mid=80157457351543210364418001446598287226&aamlh=6&ce=UTF-8&pageName=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-26-11169&g=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169%3Fcv%3Dv6-26-11169&server=norton&events=event69&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=us&c3=en&c8=D%3Dv163&c14=D%3Dv16&v18=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-26-11169&v21=D%3Dc21&v27=D%3Dc2&v28=D%3Dc3&c35=D%3DpageName&c41=ccleaner&v41=D%3Dc41&c46=html&c47=page&v47=s_code_norton%202024-07-15&c48=CCleaner%20v6.26.11169&v48=D%3Dc49&c49=knowledge&v49=D%3Dc48&v57=80157457351543210364418001446598287226&c59=ccleaner%3Aknowledge%3Accleaner-v6-26-11169&v59=D%3Dc59&v72=ccleaner&c75=D%3Dv57&v96=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169&v164=ccleaner%3A999_a&s=1280x720&c=24&j=1.6&v=N&k=Y&bw=1280&bh=601&mcorgid=67C716D751E567F70A490D4C%40AdobeOrg&AQE=1

tls, http2

msedge.exe

3.4kB
4.6kB
13
12

HTTP Request

GET https://oms.ccleaner.com/b/ss/symanteccom/1/JS-2.22.0/s35328544968541?AQB=1&ndh=1&pf=1&t=14%2F7%2F2024%203%3A52%3A22%203%200&sdid=4041BE97A99ED376-54BA1D9733C01931&mid=80157457351543210364418001446598287226&aamlh=6&ce=UTF-8&pageName=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-26-11169&g=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169%3Fcv%3Dv6-26-11169&server=norton&events=event69&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=us&c3=en&c8=D%3Dv163&c14=D%3Dv16&v18=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-26-11169&v21=D%3Dc21&v27=D%3Dc2&v28=D%3Dc3&c35=D%3DpageName&c41=ccleaner&v41=D%3Dc41&c46=html&c47=page&v47=s_code_norton%202024-07-15&c48=CCleaner%20v6.26.11169&v48=D%3Dc49&c49=knowledge&v49=D%3Dc48&v57=80157457351543210364418001446598287226&c59=ccleaner%3Aknowledge%3Accleaner-v6-26-11169&v59=D%3Dc59&v72=ccleaner&c75=D%3Dv57&v96=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-26-11169&v164=ccleaner%3A999_a&s=1280x720&c=24&j=1.6&v=N&k=Y&bw=1280&bh=601&mcorgid=67C716D751E567F70A490D4C%40AdobeOrg&AQE=1

HTTP Response

200
108.156.39.37:443

https://www.mczbf.com/563151391133/pageInfo

tls, http

msedge.exe

2.6kB
7.2kB
11
12

HTTP Request

POST https://www.mczbf.com/563151391133/pageInfo

HTTP Response

200
104.17.209.240:443

https://zn4i1jhjmxub1nc6y-gendigital.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_4I1jhjmxub1NC6y

tls, http2

msedge.exe

1.8kB
9.4kB
16
16

HTTP Request

GET https://zn4i1jhjmxub1nc6y-gendigital.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_4I1jhjmxub1NC6y

HTTP Response

200
104.18.29.127:443

privacyportal-de.onetrust.com

msedge.exe

98 B
52 B
2
1

8.8.8.8:53

analytics.avcdn.net

dns

CCleaner64.exe

130 B
150 B
2
1

DNS Request

analytics.avcdn.net

DNS Request

analytics.avcdn.net

DNS Response

34.117.223.223
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

212 B
216 B
3
2

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

223.223.117.34.in-addr.arpa

DNS Request

223.223.117.34.in-addr.arpa
8.8.8.8:53

service.piriform.com

dns

ccsetup626pro.exe

324 B
572 B
5
3

DNS Request

service.piriform.com

DNS Response

23.49.163.75

DNS Request

ctldl.windowsupdate.com

DNS Response

199.232.214.172

199.232.210.172

DNS Request

ocsp.digicert.com

DNS Request

ocsp.digicert.com

DNS Request

ocsp.digicert.com

DNS Response

192.229.221.95
8.8.8.8:53

75.163.49.23.in-addr.arpa

dns

217 B
279 B
3
2

DNS Request

75.163.49.23.in-addr.arpa

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

325 B
515 B
5
4

DNS Request

172.214.232.199.in-addr.arpa

DNS Request

license.piriform.com

DNS Response

23.49.163.75

DNS Request

shepherd.ff.avast.com

DNS Response

34.160.176.28

DNS Request

ocsp.pki.goog

DNS Request

ocsp.pki.goog

DNS Response

216.58.214.67
8.8.8.8:53

28.176.160.34.in-addr.arpa

dns

588 B
1.0kB
9
8

DNS Request

28.176.160.34.in-addr.arpa

DNS Request

c.pki.goog

DNS Response

216.58.214.67

DNS Request

o.pki.goog

DNS Response

216.58.214.67

DNS Request

67.214.58.216.in-addr.arpa

DNS Request

ip-info.ff.avast.com

DNS Response

34.149.149.62

DNS Request

ip-info.ff.avast.com

DNS Response

34.149.149.62

DNS Request

62.149.149.34.in-addr.arpa

DNS Request

emupdate.avcdn.net

DNS Request

emupdate.avcdn.net

DNS Response

2.18.190.72

2.18.190.74
8.8.8.8:53

ncc.avast.com

dns

CCleaner64.exe

199 B
297 B
3
2

DNS Request

ncc.avast.com

DNS Response

2.18.190.83

2.18.190.77

DNS Request

83.190.18.2.in-addr.arpa

DNS Request

83.190.18.2.in-addr.arpa
8.8.8.8:53

emupdate.avcdn.net

dns

CCUpdate.exe

1.1kB
2.3kB
16
16

DNS Request

emupdate.avcdn.net

DNS Response

2.18.190.74

2.18.190.72

DNS Request

ccleaner.tools.avcdn.net

DNS Response

2.18.190.83

2.18.190.81

DNS Request

ccleaner.tools.avcdn.net

DNS Response

2.18.190.83

2.18.190.81

DNS Request

74.190.18.2.in-addr.arpa

DNS Request

www.google-analytics.com

DNS Response

216.239.38.178

216.239.36.178

216.239.34.178

216.239.32.178

DNS Request

178.38.239.216.in-addr.arpa

DNS Request

www.ccleaner.com

DNS Response

2.18.109.139

DNS Request

ipm-provider.ff.avast.com

DNS Response

34.111.24.1

DNS Request

fonts.googleapis.com

DNS Response

142.250.75.234

DNS Request

73.159.190.20.in-addr.arpa

DNS Request

s7.addthis.com

DNS Response

2.18.109.243

DNS Request

cdn-production.ccleaner.com

DNS Response

2.18.109.139

DNS Request

185.198.28.184.in-addr.arpa

DNS Request

s.yimg.com

DNS Response

87.248.114.12

87.248.114.11

DNS Request

oms.ccleaner.com

DNS Response

66.235.152.156

66.235.152.221

66.235.152.225

DNS Request

225.152.235.66.in-addr.arpa
8.8.8.8:53

ncc.avast.com

dns

CCleaner64.exe

587 B
1.8kB
9
9

DNS Request

ncc.avast.com

DNS Response

2.18.190.83

2.18.190.77

DNS Request

cdn.cookielaw.org

DNS Response

104.18.86.42

104.18.87.42

DNS Request

1.24.111.34.in-addr.arpa

DNS Request

s1.pir.fm

DNS Response

184.28.198.185

184.28.198.186

DNS Request

dpm.demdex.net

DNS Response

54.228.186.105

52.214.73.191

54.78.109.69

54.171.135.222

34.254.85.174

34.253.253.34

34.251.153.53

54.76.102.91

DNS Request

196.20.217.172.in-addr.arpa

DNS Request

symantec.demdex.net

DNS Response

34.251.153.53

52.214.214.237

34.250.191.11

3.248.118.156

34.249.63.123

52.211.89.53

54.171.135.222

52.214.73.191

DNS Request

ctldl.windowsupdate.com

DNS Response

93.184.221.240

DNS Request

162.214.58.216.in-addr.arpa
8.8.8.8:53

42.86.18.104.in-addr.arpa

dns

538 B
925 B
8
8

DNS Request

42.86.18.104.in-addr.arpa

DNS Request

fonts.gstatic.com

DNS Response

142.250.179.67

DNS Request

www.google.com

DNS Response

172.217.20.196

DNS Request

www.gstatic.com

DNS Response

142.250.74.227

DNS Request

243.109.18.2.in-addr.arpa

DNS Request

symantec.tt.omtrdc.net

DNS Response

66.235.152.225

66.235.152.156

66.235.152.221

DNS Request

120.108.18.2.in-addr.arpa

DNS Request

240.209.17.104.in-addr.arpa
8.8.8.8:53

234.75.250.142.in-addr.arpa

dns

471 B
862 B
7
7

DNS Request

234.75.250.142.in-addr.arpa

DNS Request

s.go-mpulse.net

DNS Response

95.100.244.132

DNS Request

www.googletagmanager.com

DNS Response

216.58.214.168

DNS Request

www.nortonlifelock.com

DNS Response

2.18.108.120

DNS Request

mstatic.ccleaner.com

DNS Response

20.50.2.53

DNS Request

tr.outbrain.com

DNS Response

50.31.142.223

DNS Request

37.39.156.108.in-addr.arpa
8.8.8.8:53

geolocation.onetrust.com

dns

msedge.exe

344 B
671 B
5
5

DNS Request

geolocation.onetrust.com

DNS Response

104.18.28.127

104.18.29.127

DNS Request

67.179.250.142.in-addr.arpa

DNS Request

amplify.outbrain.com

DNS Response

2.18.109.60

DNS Request

wave.outbrain.com

DNS Response

2.18.109.60

DNS Request

240.198.48.52.in-addr.arpa
8.8.8.8:53

127.28.18.104.in-addr.arpa

dns

205 B
441 B
3
3

DNS Request

127.28.18.104.in-addr.arpa

DNS Request

cm.everesttech.net

DNS Response

52.48.198.240

99.80.25.176

34.241.49.148

DNS Request

53.2.50.20.in-addr.arpa
8.8.8.8:53

226.108.18.2.in-addr.arpa

dns

214 B
357 B
3
3

DNS Request

226.108.18.2.in-addr.arpa

DNS Request

googleads.g.doubleclick.net

DNS Response

216.58.214.162

DNS Request

60.109.18.2.in-addr.arpa
8.8.8.8:53

168.214.58.216.in-addr.arpa

dns

211 B
471 B
3
3

DNS Request

168.214.58.216.in-addr.arpa

DNS Request

cdn-uat.ccleaner.com

DNS Response

2.18.109.139

DNS Request

53.153.251.34.in-addr.arpa
8.8.8.8:53

227.74.250.142.in-addr.arpa

dns

301 B
576 B
4
4

DNS Request

227.74.250.142.in-addr.arpa

DNS Request

x.ss2.us

DNS Response

108.156.39.43

108.156.39.107

108.156.39.6

108.156.39.61

DNS Request

12.114.248.87.in-addr.arpa

DNS Request

zn4i1jhjmxub1nc6y-gendigital.siteintercept.qualtrics.com

DNS Response

104.17.209.240

104.17.208.240
172.217.20.196:443

www.google.com

https

msedge.exe

3.3kB
6.8kB
9
8
8.8.8.8:53

43.39.156.108.in-addr.arpa

dns

147 B
236 B
2
2

DNS Request

43.39.156.108.in-addr.arpa

DNS Request

privacyportal-de.onetrust.com

DNS Response

104.18.29.127

104.18.28.127
8.8.8.8:53

223.142.31.50.in-addr.arpa

dns

144 B
260 B
2
2

DNS Request

223.142.31.50.in-addr.arpa

DNS Request

21.236.111.52.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

156.152.235.66.in-addr.arpa

dns

149 B
262 B
2
2

DNS Request

156.152.235.66.in-addr.arpa

DNS Request

nexusrules.officeapps.live.com

DNS Response

52.111.236.21

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\CCleaner\CCUpdate.exe

Filesize
809KB

MD5
943a4f169e9a3303ed6defc1ac3690bd

SHA1
e0bd76b866624164c10b85d37efb6474b84164df

SHA256
e531742a357907248de84b99f68ed7e8edd70e7ca918d21b24cc17ee4c128240

SHA512
da29cafdd63fd3ab3d2378fc6c2810d7579ebd6b62a4f99248458094cd2e42dc0071b83f0aee4185ca1c81139dec2991212ac383d77a737937558bbcb29d688c

Download Submit
C:\Program Files\CCleaner\CCleaner.exe

Filesize
37.1MB

MD5
6b4c65034b779fa91129d036f2854a55

SHA1
b0c21f129f58f4195cbffb8268b5693b0a4c4f2a

SHA256
9cea0bdcf677382833e973158a0c7c9b5dee86fbd7c6fdb8b114aa7b23e64d58

SHA512
b3d16086c09b23b6e8fa796e307348c005a2885c6067a5d180eeba39178d1a37fa6dffd4aad6f7a1624c9e150bf3b62f49ebfaa7612ebb26dc34264fcee88dba

Download Submit
C:\Program Files\CCleaner\CCleaner64.exe

Filesize
42.9MB

MD5
4ee9df4bef3571c74b1a4556e6afae6c

SHA1
4cd037edf6984b026f25572298e5c6345cbd7b0a

SHA256
c02731acaa708f929e4935da2338cda307afb4729c962722708e5a4e3b8aeb33

SHA512
a295f2d91639db79c496b31c3f03f175a9b1649d1f4c5342bdcb01c2e8871d3ef48938cfda72c57cc8724ad94d9284fb8f8e9135886e51d69f075b01a8d95085

Download Submit
C:\Program Files\CCleaner\Setup\253a35ed-e3f1-4e9e-9628-68e736ecace2.ini

Filesize
170B

MD5
2af9f69df769f876f6e02da18e966020

SHA1
5d21312d9bd23a498a294844778c49641a63d5e2

SHA256
473d48a44a348f6c547aefd2c60dd4b9de0092e1fb94a7611bdd374783ef3b2c

SHA512
a4705e5491cf03867fd46e63293181bf761d04fe0cccb86e373dd567c68d646634f64ef95d5b910d2266468b93bf7cdf6f9acbf576c6f42a4ff6c3caa09d2274

Download Submit
C:\Program Files\CCleaner\Setup\70c9b85f-bf47-4af2-8b76-0b93b460c24b.dll

Filesize
469KB

MD5
fe6f58fb55d9a93502528c3c9bb13a3f

SHA1
516275dddbc9e2f056342201b03a0931d93a6239

SHA256
c427bcf6b065edf06662e0540e3e9a21c07095184e7bb9d05926dc3b79fc3348

SHA512
7f45f187d6c3156b89e2daf0c2bfdc60a59140ff94f8255fa672422abc43aa1252b0fe0fa0a3ef675f9e71c33b26424597c015db83dec7f5e20ee8769c61c619

Download Submit
C:\Program Files\CCleaner\Setup\959a9ad0-8f14-4d55-9ad5-052cd6f713fb.xml

Filesize
818B

MD5
ae6a8195071ca62513212cc891097046

SHA1
59e970ce9228067477754b352217bcf6aa7624a6

SHA256
6670a81a48ea5c942c3617f0cfa026352adfa1a9bcbb7848f4c41ea427585ff0

SHA512
ceae43a60089f75f654e9a639a06afbdc213f031d5aceebb73ef5cb41e300e7ea209c17bbd3c5f1de5b5eb7bf3770ae7222263c0ba23202ef48ecfb91072014e

Download Submit
C:\Program Files\CCleaner\Setup\config.def

Filesize
27B

MD5
05927e894c81eb42c3b4dae5a5a6c937

SHA1
7ec0660aac7c3396599447a49f30ba18e1f0db49

SHA256
09c65b39bc891e12956ab7bb30fae147ef7c8fa37542b6f040613436b566e7f8

SHA512
c06e2788952a3550597f5b539cf8f5cf7a569e33192951bc8ce97d4570bd4ba35abce99586f309f3e1cffe6f1d83aee98b79c0c26503ef4cd4d1fbfb40e1ba4e

Download Submit
C:\Program Files\CCleaner\branding.dll

Filesize
50KB

MD5
e5f8138cc87bc199a98bb484db9b4076

SHA1
4ba3693662feb8661937fb1a3fac771702f70a25

SHA256
3289901e88e38e1a9dec202e7a731d1fadf16855349a394d046107aa40c93d84

SHA512
f55e43d4ebbaed6a27631a43368bcdd2bc9aedb16d06c631af2b7be2e1a411f66a1dd52a07a2c26b0b86ac47693d63b94cbc74a75be19aa4fabc949db64c0762

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
27cc9762ba0aa5f6ddd0326700b2cfe7

SHA1
b5e36b6d05c9d942f4a5738835ed83960603c7ee

SHA256
eb0cadc23ef08f1d6e2e2506f3a4cb1bb50cb5d06e6eca1528a7cf84a34cbfb7

SHA512
d6045875c96ce6b6f3acfd57733de4626747b26c37d5cec39adb2ace15b23a2e820ed26bdd16c62ee12bb0ae9256fc21484eea41a1c5b1e9cfe1136b44b47717

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
6fe8810b7655494e7d6d3e8c6b6b78f5

SHA1
425ed930be351417e6e80eaf88a3456a4c2c80bc

SHA256
86c27af92621e3c2d2073d2845353a870432ccbfc34c69250d51ee7301d0d4c3

SHA512
5ae7e404a381b05b222c1b90dd3a15cf5eebc82390673935e749001d6b9e69ce39256660387cdaa59811ce55e4dd78afb240e6258f095e6ec98d765e4a1464d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
7f2141754f93a64f472a8ee062393afc

SHA1
0f80da172532019b36b036416e27f4a44fd41f33

SHA256
07c006da67cd466b4347b877a831c145bcfa09672bf1ba9182abede717bade42

SHA512
c3b714a2077431a77dd737d221c95de8636079ef02dfece061fb43a95119876e55755dbcdf708ceb95c5e37d0c67a302e5b0b523e4996e68fc0fba72414520f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
16face7e6e3bf6a152880e008d7c26cd

SHA1
989233a9f44cf080bffa73f6759e8340f9a6321f

SHA256
bc38bfb9b8c6364a6e5f6fbeca7f2466a0e1a4cab2fc3c746501fcc530925539

SHA512
40a4683c0eb757054ba4fb44c9ebb92e54f0c10f902f071fb40813ce6f03b68eb498b4fd10d408e6258b1f557990de19437146113d3b8e1afbd450d2436d6074

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
874b606a3fdec9daad493eb99fd585b0

SHA1
39d19d74562e3400c41462e82ef2264e2920a96a

SHA256
efc0365c8265f262cefeb27c4a85f9a55118ef89d58e3e88ef87eaaa037bd089

SHA512
16fb84fe55156e9e8ef03033cd986ba792b7d1ae93409d4ed3da72c3fb5533ed26b0913ef1ba1434a23ef152a2066f5be7e0cb46e2e6219276ce0d55fca45fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f74f80cd052dc4903da98dd6916f375d

SHA1
3e3512884ee41291824b30b256670b3d0a1c8d40

SHA256
d9589878daebff7c0991b2007a7af982f4760512545b4e331708f3f3308447ac

SHA512
bd186699a85c91cda88df15ebee640f99b55ff168e228dd0de8d7416d62de1bcb57e88beb3b12ce74a54a9c7491934ef3dd5fdd6b92ab5c909f129b419d96b77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c32b6fc873c040253034fe4bf5037bd0

SHA1
fc58579eb5bf46c8d5246a45abae3566898c2e27

SHA256
8d59014ec29aebf56b641a018b29b6c64e33764d7a2262283ce51319071f930c

SHA512
e8ba0e9e78bc58b3d6d671a1e693cbe81745f000daaf281cc6aa6c591ae261b981f704e3dcb32f0fef87424aab0f42e4cfe40e445d8ef5a529c7bfda8ac510f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
9426d0326d6016be6f3c4c161dbe01f5

SHA1
97f6dc8df1c7bc4bc4d8d02cf9f443881b3f43b5

SHA256
bf2eed5f0cc111d4abc26f8bbb95b0d2bcdef9114a300894580e81acd6643b60

SHA512
704ad0984a8cfabdf62155c8e758cc61a1a63b044bcb36d94bbcc4fa64a4b5c38812143fbab683063c3b4da8b81a472a9134153054437c7aa2f40f1e14fc88b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b0c49973db4be3abe51d3c56e2248c7d

SHA1
351334c218a309ddd12b65bae583287b757b0ef8

SHA256
8c23565d8fd73bbac510623a8994bd94b6e055a9e03688a85c921a8dfbb196df

SHA512
91452fba75cf7c4f0183c8ab575a08e7391153bbc4e36042d38c12dbfefa29372a95cc31b9c91d2c2ef570a67e650a4fa280e7d6934a398becd13c93f155403e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
402ce52c60972f041e4f7d8fcc760a05

SHA1
dc68d87fa7724cbcfe2a6e61fe0438c3c197f467

SHA256
12df37dc972bf21e8deff5ccd65b971a69843b65f9e90b2c466de4c116610117

SHA512
dacebad37d5fef06f0edba198080865801ce645ccffec8bcdb75a47e4a00c4a418e08b96a1e9d8f465a528ee98704c81452060bcec69bc46ea970f21cab4a983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b94562b7a029d67318fa7fec4e473e7b

SHA1
e60f69856e212653001dfc4356876d2daf76ef20

SHA256
1b2c06c8dceec0de6bb9fc7ae13903acd0a6bce718204ac468801c28926fa65c

SHA512
292359c710f7d2d49ccac32c4c5e2ebcbdd5e0347fe91a24bdfac432c2586947281e7d1077996c5b15391aa3501772a0ed0bd97c8662795658230a041387ac31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
5c3d7765ba43bd1edee4b831682a4b15

SHA1
85b74a85860b724221380ac36104c4cee5ed4b38

SHA256
c5f1bd264450e4e5abbc92baa64264e8621ffc3dc7ffe360145958651635b186

SHA512
9e6977b042efa5eb699dcd81cb8246309dc51e89b4e90ad752d4dbafba629c2f55813da36959e4489cae1f738f28c9e1bb976bc030b34e0c956a7656defeadf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3fba7fcc4fa38a3d244544cce8e188e2

SHA1
6cd8c92dbb4d5c83e0d503cf643e04cad07a7cd9

SHA256
53d75d5a34e2bedbd600613f46afaa12c0781969d8bbbac39fc756bccb6c2cc3

SHA512
b396f76a1c280b775e6be5d5513475ae12aedfe48c95ada5572f4e2d451c6d55ddcf52afc2e51df080bab30a033b9d6055f155f27188cf570a914d63d9eeb81c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.log

Filesize
512KB

MD5
ccc255ef6d9af1c10fe4d0b4dd39f35c

SHA1
d6f025ece0cc2589ec25101d407feaf7fef88eed

SHA256
d16fa132a8627979127917ecd285636a2d1cec4b4684e7686e72ae1b141f8c97

SHA512
7357ae43ff99854b39a52ba53475b674be414573b4e261f39bed4e3a17039b4bbb566416bb7b4f78acf66427be46c6d2b9d759a54f3dc664200c7c6d67a32139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

Filesize
14.0MB

MD5
1f18607067da61023c4fe50e996912d0

SHA1
2a65f6e75dca2eb789b1b6efc5aaa26fbad56ce2

SHA256
4c0af43708d708c0e87451a510bc423aaedd5fc1947679e3096c2f59910da34c

SHA512
740cd6cb1bf3b79a88403ae22120cb37c330597f0b0c4f482ea00196a85b02d60d0eb60876018a2c7de0e61942e33903a5ebf39b2e7da7b1025b6db59a2c3aa3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
3e1f5eeae74491d8850ef2c8b03a9a3b

SHA1
0c02c9c2550107de6dd0eb740ac5668f292883c0

SHA256
66756c0edf3925de7bcb685385e2a4f0b854cffd796a9e90eb1ed064b1fb0e30

SHA512
7637f0807d88dbceeb68823a044583e2248ac1ba73c000da6560f94075635a27d15970df7e52f8315bdc2f1c45cff6f1ab7690e916b58307a533f8df24329c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\aswb17427cc941ed194.tmp

Filesize
35B

MD5
28d6814f309ea289f847c69cf91194c6

SHA1
0f4e929dd5bb2564f7ab9c76338e04e292a42ace

SHA256
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

SHA512
1d68b92e8d822fe82dc7563edd7b37f3418a02a89f1a9f0454cca664c2fc2565235e0d85540ff9be0b20175be3f5b7b4eae1175067465d5cca13486aab4c582c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseC3A0.tmp\ButtonEvent.dll

Filesize
5KB

MD5
c24568a3b0d7c8d7761e684eb77252b5

SHA1
66db7f147cbc2309d8d78fdce54660041acbc60d

SHA256
e2da6d8b73b5954d58baa89a949aacece0527dfb940ca130ac6d3fd992d0909d

SHA512
5d43e4c838fd7f4c6a4ab6cc6d63e0f81d765d9ca33d9278d082c4f75f9416907df10b003e10edc1b5ef39535f722d8dbfab114775ac67da7f9390dcc2b4b443

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseC3A0.tmp\INetC.dll

Filesize
23KB

MD5
7760daf1b6a7f13f06b25b5a09137ca1

SHA1
cc5a98ea3aa582de5428c819731e1faeccfcf33a

SHA256
5233110ed8e95a4a1042f57d9b2dc72bc253e8cb5282437637a51e4e9fcb9079

SHA512
d038bea292ffa2f2f44c85305350645d504be5c45a9d1b30db6d9708bfac27e2ff1e41a76c844d9231d465f31d502a5313dfded6309326d6dfbe30e51a76fdb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseC3A0.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseC3A0.tmp\UserInfo.dll

Filesize
4KB

MD5
2f69afa9d17a5245ec9b5bb03d56f63c

SHA1
e0a133222136b3d4783e965513a690c23826aec9

SHA256
e54989d2b83e7282d0bec56b098635146aab5d5a283f1f89486816851ef885a0

SHA512
bfd4af50e41ebc56e30355c722c2a55540a5bbddb68f1522ef7aabfe4f5f2a20e87fa9677ee3cdb3c0bf5bd3988b89d1224d32c9f23342a16e46c542d8dc0926

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseC3A0.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseC3A0.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseC3A0.tmp\p\ServiceUninstaller.dll

Filesize
497KB

MD5
3053907a25371c3ed0c5447d9862b594

SHA1
f39f0363886bb06cb1c427db983bd6da44c01194

SHA256
0b78d56aceefb4ff259660bd55bbb497ce29a5d60206b5d19d05e1442829e495

SHA512
226530658b3e1530f93285962e6b97d61f54039c1bbfcbc5ec27e9ba1489864aecd2d5b58577c8a9d7b25595a03aa35ee97cc7e33e026a89cbf5d470aa65c3e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseC3A0.tmp\p\pfBL.dll

Filesize
6.0MB

MD5
b17e3a7bcb1cf4a0d5959a21ffe3336c

SHA1
c1bc1b1b715007c05f79162cab00ba3c23d94efc

SHA256
aac187b6ca8256f90f64d940cbd9aa457f3b52229cca5bb17d5ec4ac3f8993c4

SHA512
9e02ff8f279fe0e17ef03dec289c7ae623b2ec2b12434bc08479d8c676e25ed3d0ebac54a44a7e571b6bd65e50aa056338b5db90e94ab5ed3b279d514efcde47

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseC3A0.tmp\ui\pfUI.dll

Filesize
10.4MB

MD5
bfcf84b904fa8cc6fa2ecd12b451b10b

SHA1
d8a695ad1d12e0c5ef4867c64526c71446edffd7

SHA256
d5743d79630a56e3a84baf601c26f2744f3c9d1ccfe1649e8f6fe4a75ca8b309

SHA512
bdf7cfc299c26851f20f1fb1a96c258b882d348de63d666fa2543d30449b2aa4249f8972e9957e71ee4126b33f2f55397b0ce796af30006d033d4b61930def69

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseC3A0.tmp\ui\res\CC_Logo_40x96.png

Filesize
2KB

MD5
d32b0460183056d3056d6db89c992b88

SHA1
79823e151b3438ab8d273a6b4a3d56a9571379b4

SHA256
b013039e32d2f8e54cfebdbfdabc25f21aa0bbe9ef26a2a5319a20024961e9a7

SHA512
3ad36f9d4015f2d3d5bc15eac221a0ecef3fcb1ef4c3c87b97b3413a66faa445869e054f7252cc233cd2bf8f1aa75cb3351d2c70c8121f4850b3db29951bc817

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseC3A0.tmp\ui\res\CC_logo_72x66.png

Filesize
7KB

MD5
a736159759a56c29575e49cb2a51f2b3

SHA1
b1594bbca4358886d25c3a1bc662d87c913318cb

SHA256
58e75de1789c90333daaf93176194d2a3d64f2eecdf57a4b9384a229e81f874f

SHA512
4da523a36375b37fa7bc4b4ccf7c93e1df7b2da15152edf7d419927aa1bb271ef8ba27fe734d2f623fcc02b47319e75333df014bed01eb466e0cd9ec4111ef53

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseC3A0.tmp\ui\res\PF_computer.png

Filesize
87KB

MD5
7f4f45c9393a0664d9d0725a2ff42c6b

SHA1
b7b30eb534e6dc69e8e293443c157134569e8ce7

SHA256
dbd8b6fdb66604a0a5e8efe269fbfa598e4a94dc146006036409d905209da42b

SHA512
0c27f9ce615cbff3e17fd772ce3929ab4419d7432d96223b7eec1ba70953f2ac993404b954020247b52d7f7499212d44eb6f85da2e2676773cafe1ce89b390f9

Download Submit
C:\Windows\Tasks\CCleanerCrashReporting.job

Filesize
666B

MD5
ef63af2c5124eb2a9d1592fa26d2b364

SHA1
ac2a204493dd6a7da7dc59b9df218bf8fd700926

SHA256
f4441d0cd101e9959d1cb71fd03af45726b205eb8e497f856e27a1f3a0472ddc

SHA512
db565ddc81b4844b2e189d0623d921e31324ca48b8ee1230085369ac86fbf05420077aaf9383b17f55de9b1573f518ad72303de311c627540a7b29edee8d9317

Download Submit
memory/3004-164-0x0000000007BB0000-0x0000000007BB8000-memory.dmp

Filesize
32KB

Download
memory/3004-148-0x0000000007B70000-0x0000000007B71000-memory.dmp

Filesize
4KB

Download
memory/3004-145-0x0000000007E00000-0x0000000007E08000-memory.dmp

Filesize
32KB

Download
memory/3004-121-0x0000000006D40000-0x0000000006D50000-memory.dmp

Filesize
64KB

Download
memory/3004-113-0x0000000006B80000-0x0000000006B90000-memory.dmp

Filesize
64KB

Download
memory/3004-150-0x0000000007B80000-0x0000000007B88000-memory.dmp

Filesize
32KB

Download
memory/3004-147-0x0000000007B80000-0x0000000007B88000-memory.dmp

Filesize
32KB

Download
memory/3004-153-0x0000000007B70000-0x0000000007B78000-memory.dmp

Filesize
32KB

Download
memory/3004-156-0x0000000007B30000-0x0000000007B31000-memory.dmp

Filesize
4KB

Download
memory/3004-166-0x0000000007C90000-0x0000000007C98000-memory.dmp

Filesize
32KB

Download
memory/3004-169-0x0000000007B70000-0x0000000007B71000-memory.dmp

Filesize
4KB

Download
memory/3004-173-0x0000000007B30000-0x0000000007B31000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response