Scan Report: Pornhub.com

01

WHOIS & DNS

DNS records retrieved — SPF & DMARC present

· LOW

▸

// whois

// dns records

A                     66.254.114.41
www A                 66.254.114.41
MX 10                 mxb-002a0701.gslb.pphosted.com
MX 10                 mxa-002a0701.gslb.pphosted.com

// ip whois (1)

66.254.114.41         SSL unavailable for this endpoint, order a key at https://members.ip-api.com/ whois ↗

// lookup on dnsarchive.net

same IP 66.254.114.41 ↗

same MX mxb-002a0701.gslb.pphosted.com ↗ mxa-002a0701.gslb.pphosted.com ↗

// email security

✓ SPF

v=spf1 include:_spf.mlsend.com include:sender.zohobooks.com include:mail.zendesk.com ip4:94.199.255.10/32 ip4:208.91.206.64/26 ip4:66.254.113.78/32 ip4:66.254.119.174 ip4:66.254.113.78 ip4:66.254.112.72/30 ip4:162.211.96.66 ip4:162.211.96.67 ip4:67.231.151.26 ip4:67.231.158.156 a:smtp-out.reflected.net a:devilrays-out.reflected.net include:spf.protection.outlook.com -all

✓ DMARC

v=DMARC1; p=none; fo=1; rua=mailto:[email protected],mailto:[email protected],mailto:[email protected]; ruf=mailto:[email protected],mailto:[email protected];

// txt records (18)

txt.01                google-gws-recovery-domain-verification=50340749
txt.02                google-site-verification=A_zvK-GpJnRnZeQsY7Zu6-OhUtttveONsSHeEyesS7E
txt.03                google-site-verification=HjPnSnR1Tun0kHE_HxQ90eShcfVw-ZnloCL0FkOHYXw
txt.04                google-site-verification=dug_KXFRBOzhEpV6p-hzn-ozaGXa3xfF82rW6mqhOK8
txt.05                google-site-verification=mBLIe_LYyVmp7-dKcYMnE2VgbHqhMMbF0Ib_lNxydxw
txt.06                google-site-verification=oiQAl3PbQ5Ozmw2lDDQ_UuJMGvOpEzzJ_b926wxMXcI
txt.07                google-site-verification=yknHGIN9m9c9aEqGRS1pFn4DYeC_EBM0d3iIQic761E
txt.08                google-site-verification=z7sWYEKED5sA2wXYfCmlR2OKkV7YiaPiZMv-YkQ8l6Y
txt.09                j3hm4p54gpzff1dt25w0z1m5q6749v23
txt.10                kRTRS-5fqACZExtm5Ed_63Uz2-mi2w
txt.11                kkvchh9nc20zqclz9r1fwfx4ydfh41pd
txt.12                pd5fdxxbzn34ljgl6kbhd5xnz4cdgt3f
txt.13                51v423477tpvn79tnhkc6dcd50vfwsmw
txt.14                MS=ms54289033
txt.15                VMAIL23980
txt.16                _pp4dhbbh0qvnkenn5nf1e9psomjg6fg
txt.17                _qe1ytxhfkv0x42iw961f8hsxswlank1
txt.18                _twpx4k787g069qzojo75ghmnlil23i8

// findings (6)

✓ ok SPF record present
✓ ok DMARC record present
✓ ok 2 MX record(s) configured
· low No CAA records — any certificate authority can issue certs for this domain
· low No MTA-STS DNS record at _mta-sts — inbound mail can be downgraded
· low No TLS-RPT record at _smtp._tls — no visibility into TLS delivery failures

// external references

DNS history on dnsarchive.net ↗

// detected services (5)

Bing Webmaster

Google Search Console

Microsoft 365

Proofpoint

Zendesk

02

SSL / TLS Certificate

Valid certificate, expires in 273 days — TLSv1.3

✓ OK

▸

03

CMS Detection

No CMS detected

✓ OK

▸

04

Security Headers

5 of 7 headers missing

▲ HIGH

▾

// raw output

HSTS                        ok (max-age=63072000; includeSubDomains; pre)
CSP                         MISSING
X-Frame-Options             ok (SAMEORIGIN)
X-Content-Type-Options      MISSING
Referrer-Policy             MISSING
Permissions-Policy          MISSING
Cross-Origin-Opener         MISSING

// findings (8)

▲ high X-Content-Type-Options missing — MIME-sniffing possible
◐ medium Referrer-Policy missing — leaking referrer data to third parties
◐ medium Content-Security-Policy missing — site exposed to XSS injection
◐ medium Permissions-Policy missing — browser features not restricted
· low Cross-Origin-Opener-Policy not set
✓ ok X-Frame-Options is configured
✓ ok Strict-Transport-Security is configured
· low No /.well-known/security.txt — researchers cannot find a contact for vulnerability reports

05

Raw HTTP Headers

HTTP/3 · 15 headers · openresty

◐ MEDIUM

▸

// detected

⚡ HTTP/3 HTTP/3 (QUIC) in use — fastest available protocol, low latency and connection migration

✓ GZIP compression Response is GZIP-compressed — reduces bandwidth usage

▲ Cookie flags missing 14 of 14 cookie(s) missing security flags

// raw headers (15)

status                        HTTP/3 200
date                          Fri, 01 May 2026 17:50:06 GMT
vary                          User-Agent
rating                        RTA-5042-1996-1400-1577-RTA
server                        openresty
alt-svc                       h3=":443"; ma=3600
location                      https://www.pornhub.com/
accept-ch                     Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-… 
set-cookie                    rp=3849984016:cLsno0WdUuk=;path=/;HttpOnly
content-type                  text/html; charset=UTF-8
cache-control                 no-cache, no-store, must-revalidate
content-length                0
x-frame-options               SAMEORIGIN
content-encoding              gzip
strict-transport-security     max-age=63072000; includeSubDomains; preload

// findings (9)

✓ ok HTTP/3 enabled — best available
✓ ok GZIP compression active
✓ ok Cache-Control: no-cache, no-store, must-revalidate
◐ medium Cookie rp (missing: Secure, SameSite)
◐ medium Cookie ua (missing: HttpOnly, SameSite)
◐ medium Cookie platform (missing: HttpOnly, SameSite)
◐ medium Cookie bs (missing: HttpOnly)
◐ medium Cookie bsdd (missing: HttpOnly)
◐ medium Cookie ss (missing: HttpOnly, SameSite)

06

External JS Libraries

15 external scripts from 3 domains

◐ MEDIUM

▸

// raw output

external scripts            15 from 3 domain(s)
  domain                    ei.phncdn.com (13 files)
    static                  /www-static/js/lib/www-cookie-dedupe.js ↗
    static                  /www-static/js/lib/interval-helper.js ↗
    static                  /www-static/js/lib/utils/mg_utils-2.0.0.js ↗
    static                  /www-static/js/lib/atlasbundle.min.js ↗
    static                  /www-static/js/lib/ph-functions.js ↗
    static                  /www-static/js/mg_modal-2.0.0.js ↗
    static                  /www-static/js/lib/utils/mg_utils-1.0.0.js ↗
    static                  /www-static/js/lib/vue/vue.min.js ↗
    static                  /www-static/js/lib/vue/vue-custom-element.min.js ↗
    static                  /www-static/js/mg_modal-1.0.0.js ↗
    static                  /www-static/js/lib/generated-lib.js ↗
    static                  /www-static/js/lib/networkbar-6.0.0.js ↗
    static                  /www-static/js/front-index.js ↗
  domain                    media.trafficjunky.net (1 file)
    static                  /delivery/js/abp/js1.js ↗
  domain                    static.trafficjunky.com (1 file)
    static                  /ab/ads_test.js ↗
  sri-missing               https://ei.phncdn.com/www-static/js/lib/www-cookie-dedupe.js
  sri-missing               https://ei.phncdn.com/www-static/js/lib/interval-helper.js?c
  sri-missing               https://ei.phncdn.com/www-static/js/lib/utils/mg_utils-2.0.0

// findings (2)

· low 15 external JS files from 3 domains — review third-party dependencies
◐ medium No Subresource Integrity (SRI) hashes — a CDN compromise would silently inject malicious code

07

Malware & Blocklists

Threats detected — 4 suspicious indicator(s)

▲ HIGH

▾

// raw output

Google Safe Browsing        clean
VirusTotal                  clean
injected scripts            4 detected
malware patterns            4 matches

// findings (5)

✓ ok Google Safe Browsing — clean
✓ ok VirusTotal — clean
▲ high Malware pattern detected: Suspicious onclick with javascript:
```
onclick="javascript:void(0);"
---
onclick="javascript:void(0);"
```
▲ high Malware pattern detected: Suspicious innerHTML manipulation
```
.innerHTML=""
---
.innerHTML=""
```

▲ high Malware pattern detected: Suspicious window.open

window.open(e.adLink,c.General.getRandomString()
---
window.open("","_self","")