Report - pttplay.net/vod/2022781146.html

Report Overview

Visited public
2023-09-23 12:56:07
Tags
URL
pttplay.net/vod/2022781146.html
Finishing URL
pttplay.net/vod/2022781146.html
IP / ASN
104.21.56.244
#13335 CLOUDFLARENET
Title
(1) New Message!

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-09-23 05:09:40	1.3 kB	57 kB	104.17.24.14
literalbackseatabroad.com	unknown	2023-09-14	2023-09-23 05:04:24	2023-09-23 05:04:24	7.3 kB	95 kB	173.233.139.164
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15 17:46:22	2023-09-22 15:28:17	2.4 kB	136 kB	172.64.103.10
cdn.barscreative1.com	25648	2021-09-08	2021-09-16 13:14:42	2023-09-22 07:59:33	483 B	5.7 kB	45.133.44.3
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-09-23 07:01:55	1.0 kB	33 kB	216.58.207.227
unseenreport.com	unknown	2022-03-30	2022-03-30 16:33:17	2023-09-22 15:28:11	1.5 kB	847 B	192.243.61.227
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-09-23 06:12:37	443 B	3.9 kB	151.101.129.229
pttplay.net	unknown	unknown	2020-04-10 08:58:57	2023-05-22 08:39:54	8.9 kB	410 kB	104.21.56.244
dugapiece.com	unknown	2023-03-11	2023-03-11 06:26:12	2023-09-13 06:05:03	430 B	14 kB	192.243.61.227
professionalswebcheck.com	unknown	2022-04-01	2022-04-02 00:47:29	2023-09-23 05:11:37	428 B	418 B	35.156.58.209
twigdose.com	unknown	2023-08-21	2023-09-05 12:55:46	2023-09-23 14:55:50	478 B	467 B	192.243.59.13
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-09-23 06:38:57	418 B	1.3 kB	142.250.74.106
friendshipmale.com	unknown	2022-10-21	2022-10-21 14:15:25	2023-09-22 15:28:10	397 B	28 kB	172.64.134.5

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-09-23 12:55:57	high	54.37.238.86	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-09-23	medium	dugapiece.com	Sinkholed
2023-09-23	medium	unseenreport.com	Sinkholed
2023-09-23	medium	unseenreport.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (12)

	URL	From	Size	First Seen	Last Seen
	cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.1/js/bootstrap.min.js	ScriptElement	40 kB	2023-03-07	2025-06-20
Pretty URL cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.1/js/bootstrap.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-20 02:59 Times Seen7970 Hash 2f34b630ffe30ba2ff2b91e3f3c322a1 b16fd8226bd6bfb08e568f1b1d0a21d60247cefb 9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe Loading...

	unknown	ScriptElement	96 kB	2023-03-08	2025-06-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:38 Last Seen2025-06-15 06:47 Times Seen68 Hash a7815d42fc899f4557b5495b6e00d061 a8d88e563e41229d43760a9f191971fd62e8de24 a18e7f7487a56a4c19068b935937cc47aa87d928cb0f7f95b55ca1978eb95a7d Loading...

	friendshipmale.com/sfp.js	ScriptElement	86 kB	2023-08-25	2023-11-23
Pretty URL friendshipmale.com/sfp.js IP 172.64.134.5 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-25 12:30 Last Seen2023-11-23 01:47 Times Seen6642 Hash 2d0450888479d4ddda305bd96206b240 5b4595aab1cd3f854718e05db9be0c65a12ab2f6 44de073e74ff24c6b1c0fe1f3ac5b33d793560e85ef24fb6ce89e76c2cf90af6 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-06-20
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-20 03:45 Times Seen114907 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	pttplay.net/vod/2022781146.html	ScriptElement	215 B	2024-08-21	2024-08-21
Pretty URL pttplay.net/vod/2022781146.html IP 104.21.56.244 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 05:57 Last Seen2024-08-21 05:57 Times Seen1 Hash 5a2d955bbf5a59a7ba7f074dcf3f154d 7db2650b51a4360cd74aff0c3896a202d260a544 3423a06401c0850a3eed8fad67652e34ad4129229ebe4c8f518100037ba90df0 Loading...

	dugapiece.com/f9/19/82/f919823b272bdfb48b2681e66a84d928.js	ScriptElement	37 kB	2023-09-23	2023-09-23
Pretty URL dugapiece.com/f9/19/82/f919823b272bdfb48b2681e66a84d928.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-23 14:56 Last Seen2023-09-23 14:56 Times Seen1 Hash 7b19c8f95aa5db1bda31a86060584e39 2ef471939fe7657124de886cafb693e978b2c0f7 4827cf9a142fa84afb05352390955634f0414da56777aeed4fe6240062b0bfe1 Loading...

	pttplay.net/vod/2022781146.html	ScriptElement	809 B	2023-03-12	2024-08-21
Pretty URL pttplay.net/vod/2022781146.html IP 104.21.56.244 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 15:27 Last Seen2024-08-21 05:57 Times Seen2 Hash 699817ad20952fcf90a2ab754adf9676 a814da6c772788bfe4f930b78b3be569dc4eca16 8c42aed028ac098800775db4f25ccc70f831e4c892fe5e2925a5b4e099366355 Loading...

	pttplay.net/static/pttplay/js/system.js	ScriptElement	46 kB	2023-03-12	2024-08-21
Pretty URL pttplay.net/static/pttplay/js/system.js IP 104.21.56.244 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 15:27 Last Seen2024-08-21 05:57 Times Seen2 Hash 2134d3860c92ef604da696797d4b1041 52d55c941aec1d91b17c4f618e6f114da538e095 26cfdcc5bfa3f07b49bec1378db93cc6bd477c2ee60f598b78c0e159feed5ebc Loading...

	unknown	ScriptElement	601 B	2023-03-12	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 15:27 Last Seen2024-08-21 05:57 Times Seen1 Hash 6d423929caa3971504cd8ce05561e468 a9a92d53dfd8db8397d03be07e3dad356fee0e7c f3f8d840e0e28fff9766c3a6f3858cb7a46b1d89d9440f433854d05cf34d42d6 Loading...

	pttplay.net/static/pttplay/js/home.js	ScriptElement	24 kB	2023-09-23	2024-08-21
Pretty URL pttplay.net/static/pttplay/js/home.js IP 104.21.56.244 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-23 14:56 Last Seen2024-08-21 05:57 Times Seen2 Hash 5592f2510f5a41d6bdafb85e4ce1e2f1 013e093f14c59a1ed0aea67226c1e3eff7ee6244 36d7f0343dcdeb62f1db0aeefe80c52ebdfe8b845ee1a38df3e399c5bb00b78b Loading...

	literalbackseatabroad.com/4e/1b/17/4e1b1723173018b9322224588a5482de.js	ScriptElement	86 kB	2023-09-23	2023-09-23
Pretty URL literalbackseatabroad.com/4e/1b/17/4e1b1723173018b9322224588a5482de.js IP 173.233.139.164 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-23 14:56 Last Seen2023-09-23 14:56 Times Seen1 Hash add992fa9dbe4cae473a347ead9d25a2 fd3852eb872ac1226f0c49c118d9bf8704aeb36c 3c2f9df0d77ae69e9512a8068115532486fe6d01aefbc22e4122c6f779022346 Loading...

	unknown	ScriptElement	3.4 kB	2023-03-07	2025-06-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04 Last Seen2025-06-19 07:04 Times Seen1367 Hash 5c01d7aff077b4ed0804b71c2e3ab4a1 56b4c94cff0d5fdfca579eac85da28a767607644 80351098c2478918bb80008d7836499305bf6f4d4b2abf742b8823255bbb0d8e Loading...

HTTP Transactions (45)

URL IP Response Size

GET cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.1/css/bootstrap.min.css

104.17.24.14

200 OK

16 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.1/css/bootstrap.min.css
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65369)
Size
16 kB (16120 bytes)
Hash
7f89537eaf606bff49f5cc1a7c24dbca
b0972fdcce82fd583d4c2ccc3f2e3df7404a19d0
6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11

HTTP Headers

GET /ajax/libs/twitter-bootstrap/3.4.1/css/bootstrap.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pttplay.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 23 Sep 2023 12:55:49 GMT
content-type: text/css; charset=utf-8
content-length: 16120
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb04010-1da71"
last-modified: Mon, 04 May 2020 16:17:20 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 246193
expires: Thu, 12 Sep 2024 12:55:49 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XvGJ5ogfZL7bB%2B6j%2FuUMFzhWhn63h16lzmjYDo14RpBX15c7P64FK0XLnf58HEkux1a13OberT6%2F6pR0OE%2BmaZRVm1pwnA8B7yNbsoODmqXiCmYclCEx4MtCwuWbnyiUzIXGXaHe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 80b2f1b50fc25689-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

104.17.24.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
28 kB (28007 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pttplay.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 23 Sep 2023 12:55:49 GMT
content-type: application/javascript; charset=utf-8
content-length: 28007
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64942b1e-6d67"
last-modified: Thu, 22 Jun 2023 11:06:06 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1443212
expires: Thu, 12 Sep 2024 12:55:49 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3a%2Bn0bmTLkIA%2Fn3VptghNLFPxrWXd8RiJ2n1NIPOSMebjiEcC3pY5hkqZ9JWVF6NeovT4%2BRTyK7zcL3Ea4Acjg1oRaumAS3lxX76P4gH0tptzeALtoqZCnpwp7kbQkodtHH7QIaB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 80b2f1b52fe35689-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.1/js/bootstrap.min.js

104.17.24.14

200 OK

9.7 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.1/js/bootstrap.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (39553)
Size
9.7 kB (9686 bytes)
Hash
2f34b630ffe30ba2ff2b91e3f3c322a1
b16fd8226bd6bfb08e568f1b1d0a21d60247cefb
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe

HTTP Headers

GET /ajax/libs/twitter-bootstrap/3.4.1/js/bootstrap.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pttplay.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 23 Sep 2023 12:55:49 GMT
content-type: application/javascript; charset=utf-8
content-length: 9686
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64942eb0-25d6"
last-modified: Thu, 22 Jun 2023 11:21:20 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1986301
expires: Thu, 12 Sep 2024 12:55:49 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XnUuC%2FOvMbFY1aOSzMJxsRj4GnUo7GxO%2Fe7Dbx3gtHlMpMgioin4tXPX7h3FIqwp7f9fgug5UHYPhHRF%2Bs93j4F2yhlrPgyRDRV5TRN1RWszFOX6V014n7Ot7WajiUCXK0hlVvhB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 80b2f1b52fea5689-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdn.jsdelivr.net/npm/swiper@3.4.2/dist/css/swiper.min.css

151.101.129.229

200 OK

3.1 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/swiper@3.4.2/dist/css/swiper.min.css
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint88:D1:D3:FA:BE:69:45:71:5A:74:78:14:1A:E8:F3:5A:88:69:9C:7F
ValidityFri, 23 Dec 2022 10:55:14 GMT - Wed, 24 Jan 2024 10:55:13 GMT

File type
ASCII text, with very long lines (17459)
Size
3.1 kB (3090 bytes)
Hash
6af34d0737ad0ca608111771cf74cc79
15d0417baa08a741c6aee19fdfbf4813635f98f8
47b0e7129add982c0e394f0dfa8d9621e6c9e4126859b26e1ad25c18def0d812

HTTP Headers

GET /npm/swiper@3.4.2/dist/css/swiper.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 3.4.2
x-jsd-version-type: version
etag: W/"455f-FdBBe6oIp0HGruGf379IE2NfmPg"
content-encoding: br
accept-ranges: bytes
date: Sat, 23 Sep 2023 12:55:49 GMT
age: 1588480
x-served-by: cache-fra-eddf8230101-FRA, cache-bma1651-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3090
X-Firefox-Spdy: h2

GET pttplay.net/static/img/logo.png

104.21.56.244

200 OK

916 B

URL GET HTTP/3
pttplay.net/static/img/logo.png
IP
104.21.56.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectpttplay.net
Fingerprint2B:0D:BC:B5:B2:62:95:E2:1E:00:CE:AE:9E:D5:70:F3:5B:39:41:36
ValidityMon, 21 Aug 2023 12:28:26 GMT - Sun, 19 Nov 2023 12:28:25 GMT

File type
PNG image data, 135 x 50, 8-bit colormap, non-interlaced\012- data
Size
916 B (916 bytes)
Hash
4807c3547e7720986e2224692a95bf36
6f66288544168d5f0844c5f777125c299a0e0ce3
686e3a564f3f5dba58ead368e48d5c5145d6f6511d9426af2b79767a93d6d3bc

HTTP Headers

GET /static/img/logo.png HTTP/1.1
Host: pttplay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/vod/2022781146.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 12:55:49 GMT
content-type: image/png
content-length: 916
last-modified: Sun, 23 Jul 2023 09:42:33 GMT
x-frame-options: SAMEORIGIN
cache-control: max-age=1382400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RkjpO1TBDzEuT3tVnEP1H%2FvwRhCfYg9JXkHTaZdYlK1EtTUWvbCo7GJ3HtNBOg5cMbd687naLHpW3S8TDuxNrGxsgcG%2Bi4Yf%2F0yR9QeZLA4VoRFuz%2FQ7EKq9dLVCZg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b2f1b4cad75687-OSL
alt-svc: h3=":443"; ma=86400

GET dugapiece.com/f9/19/82/f919823b272bdfb48b2681e66a84d928.js

192.243.61.227

200 OK

14 kB

URL GET HTTP/1.1
dugapiece.com/f9/19/82/f919823b272bdfb48b2681e66a84d928.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectdugapiece.com
Fingerprint4B:03:D0:A6:37:6D:47:36:E4:0A:5C:95:68:FF:DE:C1:16:63:3F:51
ValidityThu, 07 Sep 2023 06:21:59 GMT - Wed, 06 Dec 2023 06:21:58 GMT

File type
ASCII text, with very long lines (37181), with no line terminators
Size
14 kB (13458 bytes)
Hash
7b19c8f95aa5db1bda31a86060584e39
2ef471939fe7657124de886cafb693e978b2c0f7
4827cf9a142fa84afb05352390955634f0414da56777aeed4fe6240062b0bfe1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /f9/19/82/f919823b272bdfb48b2681e66a84d928.js HTTP/1.1
Host: dugapiece.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 23 Sep 2023 12:55:49 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4ce19df35cd33be276cb5287a05f10ef
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET professionalswebcheck.com/stats

35.156.58.209

200 OK

40 B

URL GET HTTP/2
professionalswebcheck.com/stats
IP
35.156.58.209:443
ASN
#16509 AMAZON-02

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerAmazon
Subjectprofessionalswebcheck.com
Fingerprint75:E9:08:FD:96:58:C7:98:43:E8:21:27:A8:E9:B9:A4:55:28:F2:0C
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
628d4b8d082e696f0d79dfe0aecff21d
cd16b4bb4d67d33340fdc47f76930a5eed3632e5
ace7db922fdd392f7ccdc3282cd467cf2d1b8f53be65fc0a9ae380f3b093e34c

HTTP Headers

GET /stats HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pttplay.net
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 23 Sep 2023 12:55:50 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://pttplay.net
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=8b6fb30b-68c8-4a9d-b033-bfa025aa92c1:3:1; expires=Tue, 20 Sep 2033 12:55:50 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

GET pttplay.net/upload/vod/s/202395956.jpg

104.21.56.244

200 OK

10 kB

URL GET HTTP/3
pttplay.net/upload/vod/s/202395956.jpg
IP
104.21.56.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectpttplay.net
Fingerprint2B:0D:BC:B5:B2:62:95:E2:1E:00:CE:AE:9E:D5:70:F3:5B:39:41:36
ValidityMon, 21 Aug 2023 12:28:26 GMT - Sun, 19 Nov 2023 12:28:25 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 150x214, components 3\012- data
Size
10 kB (10182 bytes)
Hash
915f014feecd923247042606708f021b
a9a8b365d2cf7d8994a662f3ec337ac90aa100ea
d7b9e93ca05bb735623854f1e1cb5eeb809ec5a79dc1f9f88473c243dac2360c

HTTP Headers

GET /upload/vod/s/202395956.jpg HTTP/1.1
Host: pttplay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/vod/2022781146.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 12:55:50 GMT
content-type: image/jpeg
content-length: 10182
last-modified: Sun, 23 Jul 2023 10:03:38 GMT
x-frame-options: SAMEORIGIN
cache-control: max-age=1382400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JU0oxP%2BvRvMMgJZV6sZrVKJbi3ItHZH8shDbTN6MM63XvLJ6nIsQmMPXcNUgZjQjRi3cl76NtZjyPyu8wx%2BgMWB%2Brj3Swudx5uJulQZ%2F1xxMUWdKGGKdJqdb89H%2FvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b2f1b87eb35687-OSL
alt-svc: h3=":443"; ma=86400

GET pttplay.net/static/pttplay/images/palyer.png

104.21.56.244

200 OK

19 kB

URL GET HTTP/3
pttplay.net/static/pttplay/images/palyer.png
IP
104.21.56.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectpttplay.net
Fingerprint2B:0D:BC:B5:B2:62:95:E2:1E:00:CE:AE:9E:D5:70:F3:5B:39:41:36
ValidityMon, 21 Aug 2023 12:28:26 GMT - Sun, 19 Nov 2023 12:28:25 GMT

File type
PNG image data, 16 x 1081, 8-bit/color RGBA, non-interlaced\012- data
Size
19 kB (18971 bytes)
Hash
cd464d939e3717d7d3ddf4959246f3d9
3cf0209f51635dce76c9efed3ce16fe442f9edd9
285abaa85a706cc7cda02138fcd694ee0d3ecfc75dac5f7b2674a6a7d64b8a6c

HTTP Headers

GET /static/pttplay/images/palyer.png HTTP/1.1
Host: pttplay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/static/pttplay/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 12:55:50 GMT
content-type: image/png
content-length: 18971
last-modified: Sun, 23 Jul 2023 09:42:33 GMT
x-frame-options: SAMEORIGIN
cache-control: max-age=1382400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5s%2FfMhe1I96ctoLXoPVWVWAW3sDnO8jyUrdyW82zzUdUWhZ8HEANLU0TDQAhOzS82pz%2F2XLRJCuMBcUZUgZRhTieTvSuhcv9Ed1YXyE%2FRWsHr0K6yKWLkgJRu%2ByWUA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b2f1b84e755687-OSL
alt-svc: h3=":443"; ma=86400

GET pttplay.net/upload/vod/s/2023588619.jpg

104.21.56.244

200 OK

9.8 kB

URL GET HTTP/3
pttplay.net/upload/vod/s/2023588619.jpg
IP
104.21.56.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectpttplay.net
Fingerprint2B:0D:BC:B5:B2:62:95:E2:1E:00:CE:AE:9E:D5:70:F3:5B:39:41:36
ValidityMon, 21 Aug 2023 12:28:26 GMT - Sun, 19 Nov 2023 12:28:25 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 150x214, components 3\012- data
Size
9.8 kB (9780 bytes)
Hash
311512ad526b85bc657462f5f19c4081
a6c27976a8d544cabc5ab2ec98166332f1ab7e2a
5e258f803e82c89c31f965cf90816cca12a96b73e1cd4a4c5f1a2c835ca9f7c6

HTTP Headers

GET /upload/vod/s/2023588619.jpg HTTP/1.1
Host: pttplay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/vod/2022781146.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 12:55:50 GMT
content-type: image/jpeg
content-length: 9780
last-modified: Mon, 04 Sep 2023 11:54:35 GMT
x-frame-options: SAMEORIGIN
cache-control: max-age=1382400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V%2BotwmMwloZyxJspFLWup5poVQaBIy54RYEWsYgi9XrkQIALGmVWLSf5S1eY6absGN2KIjkM5s5I%2B5%2Fn5fG84SRXo51bSG05ECewgDHgKuSbGYesodPrQoACv%2FrOrg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b2f1b84e7c5687-OSL
alt-svc: h3=":443"; ma=86400

GET pttplay.net/upload/vod/s/2022781146.jpg

104.21.56.244

200 OK

13 kB

URL GET HTTP/3
pttplay.net/upload/vod/s/2022781146.jpg
IP
104.21.56.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectpttplay.net
Fingerprint2B:0D:BC:B5:B2:62:95:E2:1E:00:CE:AE:9E:D5:70:F3:5B:39:41:36
ValidityMon, 21 Aug 2023 12:28:26 GMT - Sun, 19 Nov 2023 12:28:25 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 150x214, components 3\012- data
Size
13 kB (13184 bytes)
Hash
214870b548558ca3340773f5bc5f2fbe
d20f25b19c133881cbe5203a0859cbe634f889ce
3310d07efa7029befd3793ee0eab53237968b0b301f3f9c4f8170a9d66691bd0

HTTP Headers

GET /upload/vod/s/2022781146.jpg HTTP/1.1
Host: pttplay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/vod/2022781146.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 12:55:50 GMT
content-type: image/jpeg
content-length: 13184
last-modified: Sun, 23 Jul 2023 12:05:16 GMT
x-frame-options: SAMEORIGIN
cache-control: max-age=1382400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pL9rrGXyEtSjAhSXTnffGOy7TmPHzyzdpayAREqBV8eUiC4whZT7HuspVF2FUQUSIwB61CZ6DOXl%2BLcoRViXk55o8uEm7RNHGMjPILDW%2BaibACgU9qngqFdGav8l%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b2f1b83e6c5687-OSL
alt-svc: h3=":443"; ma=86400

GET pttplay.net/upload/vod/s/2023954703.jpg

104.21.56.244

200 OK

12 kB

URL GET HTTP/3
pttplay.net/upload/vod/s/2023954703.jpg
IP
104.21.56.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectpttplay.net
Fingerprint2B:0D:BC:B5:B2:62:95:E2:1E:00:CE:AE:9E:D5:70:F3:5B:39:41:36
ValidityMon, 21 Aug 2023 12:28:26 GMT - Sun, 19 Nov 2023 12:28:25 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 150x214, components 3\012- data
Size
12 kB (11836 bytes)
Hash
85e606045edb5b66b2aa0562bf906279
cefd8ce9bbf51df77844374faa6fd3bef19b8ec8
1f67ad10d6c1887c8238072c4dfd483a5b083a8420bd0d06716ee4ad10154e77

HTTP Headers

GET /upload/vod/s/2023954703.jpg HTTP/1.1
Host: pttplay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/vod/2022781146.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 12:55:50 GMT
content-type: image/jpeg
content-length: 11836
last-modified: Sun, 23 Jul 2023 10:02:41 GMT
x-frame-options: SAMEORIGIN
cache-control: max-age=1382400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ixUV3EoSduRIO0WNz4FXHSNdIJKigogIHWfSmoEYzQ7x5bD7xD2oPv%2Fwrr21ykmwv3uon8pDmranoHtVnSTvaGTGYLzCe2GnN1OpuSVHK5KsLk8S4PfIrLnm2QDw2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b2f1b87ea95687-OSL
alt-svc: h3=":443"; ma=86400

GET pttplay.net/upload/vod/s/2023181373.jpg

104.21.56.244

200 OK

12 kB

URL GET HTTP/3
pttplay.net/upload/vod/s/2023181373.jpg
IP
104.21.56.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectpttplay.net
Fingerprint2B:0D:BC:B5:B2:62:95:E2:1E:00:CE:AE:9E:D5:70:F3:5B:39:41:36
ValidityMon, 21 Aug 2023 12:28:26 GMT - Sun, 19 Nov 2023 12:28:25 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 150x214, components 3\012- data
Size
12 kB (12276 bytes)
Hash
dd29eb8021d6b371eb43497ae737f21a
6ba7bfa471bc8e9b9ec8205521518ab5d9bfd65d
96d6ac358dce6c5428e41ca59c2619fbdfa96a9790b52ea863d22f9779a53af7

HTTP Headers

GET /upload/vod/s/2023181373.jpg HTTP/1.1
Host: pttplay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/vod/2022781146.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 12:55:50 GMT
content-type: image/jpeg
content-length: 12276
last-modified: Fri, 18 Aug 2023 17:58:27 GMT
x-frame-options: SAMEORIGIN
cache-control: max-age=1382400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ic%2BkZcbYwbfSLiDfgKC0MXtryPJgdZxNlEcD2n4b4H6ciSEGYh8Zpfi8TWsJ9q0Yr%2BkG5QkNwyyQo4LqzRMWn3iQj7vowWlOr%2Bl2PHLVNyjU6X4uNP2GrGJ1KydkiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b2f1b84e7b5687-OSL
alt-svc: h3=":443"; ma=86400

GET pttplay.net/upload/vod/s/2023503861.jpg

104.21.56.244

200 OK

11 kB

URL GET HTTP/3
pttplay.net/upload/vod/s/2023503861.jpg
IP
104.21.56.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectpttplay.net
Fingerprint2B:0D:BC:B5:B2:62:95:E2:1E:00:CE:AE:9E:D5:70:F3:5B:39:41:36
ValidityMon, 21 Aug 2023 12:28:26 GMT - Sun, 19 Nov 2023 12:28:25 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 150x214, components 3\012- data
Size
11 kB (11276 bytes)
Hash
02d6061045c3cbe681f980eb67af74f1
bf0a24a90b8d591683ffd920e0899c3724ad0592
07600f3383e7534c1673f00eb796e14bf212899dadd5dc4215829322b037b735

HTTP Headers

GET /upload/vod/s/2023503861.jpg HTTP/1.1
Host: pttplay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/vod/2022781146.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 12:55:50 GMT
content-type: image/jpeg
content-length: 11276
last-modified: Mon, 04 Sep 2023 11:54:35 GMT
x-frame-options: SAMEORIGIN
cache-control: max-age=1382400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i4%2BO8CYapLnfDLYXLo7qb691xvzHFqnMVfI8CA%2Bz%2FquxwOBgHRE%2BhpcnBasI4HtnCzTRTgdkViDwoCA7vnbCBgBJDbisitdCIljmuI3iSqFisRdaVIJLrzD6R3bV8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b2f1b87eb45687-OSL
alt-svc: h3=":443"; ma=86400

GET pttplay.net/upload/vod/s/202317727.jpg

104.21.56.244

200 OK

14 kB

URL GET HTTP/3
pttplay.net/upload/vod/s/202317727.jpg
IP
104.21.56.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectpttplay.net
Fingerprint2B:0D:BC:B5:B2:62:95:E2:1E:00:CE:AE:9E:D5:70:F3:5B:39:41:36
ValidityMon, 21 Aug 2023 12:28:26 GMT - Sun, 19 Nov 2023 12:28:25 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 150x214, components 3\012- data
Size
14 kB (13728 bytes)
Hash
d0da9f4faa8a1e04e53a60539fab8c52
d657ee0cdc354e8fb8e94f48b21f72b0c4dd44ea
117c3e3f256d55aad2f3be065b3737b901e79b9d4bd497915de22f2262e24748

HTTP Headers

GET /upload/vod/s/202317727.jpg HTTP/1.1
Host: pttplay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/vod/2022781146.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 12:55:50 GMT
content-type: image/jpeg
content-length: 13728
last-modified: Sun, 23 Jul 2023 10:02:27 GMT
x-frame-options: SAMEORIGIN
cache-control: max-age=1382400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m%2F974sh8pQ%2Fd6C6CmXjfzGhzPXKqVg50VraCWZHavmW8suIWDb5JMNmUpwSSAh%2BJk80Al7I7qnf8TLbIdoHI63BwzvixYZeZGm%2FL9KprjzKAhEzY8YoVVG5HQ43%2FpA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b2f1b87eb05687-OSL
alt-svc: h3=":443"; ma=86400

GET pttplay.net/static/pttplay/js/home.js

104.21.56.244

200 OK

36 kB

URL GET HTTP/3
pttplay.net/static/pttplay/js/home.js
IP
104.21.56.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectpttplay.net
Fingerprint2B:0D:BC:B5:B2:62:95:E2:1E:00:CE:AE:9E:D5:70:F3:5B:39:41:36
ValidityMon, 21 Aug 2023 12:28:26 GMT - Sun, 19 Nov 2023 12:28:25 GMT

File type
Unicode text, UTF-8 text, with very long lines (2677)
Size
36 kB (36371 bytes)
Hash
5592f2510f5a41d6bdafb85e4ce1e2f1
013e093f14c59a1ed0aea67226c1e3eff7ee6244
36d7f0343dcdeb62f1db0aeefe80c52ebdfe8b845ee1a38df3e399c5bb00b78b

HTTP Headers

GET /static/pttplay/js/home.js HTTP/1.1
Host: pttplay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/vod/2022781146.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 12:55:49 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=37483
last-modified: Sun, 23 Jul 2023 09:42:33 GMT
x-frame-options: SAMEORIGIN
cache-control: max-age=1382400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DPYKFLvtRwmvVYdGhmcHlmx5gUr8FRVAY3tikE3sJmof4zxUE%2BW2ZnEpd88M4rm%2BHmrOONEZWnAHhiww%2FIMpUEuOkwq5d66eNBBX3pBzVi0rp1vQCN%2FJUCcOBjl%2F6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b2f1b4cad55687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET literalbackseatabroad.com/sbar.json?key=f919823b272bdfb48b2681e66a84d928&uuid=8b6fb30b-68c8-4a9d-b033-bfa025aa92c1%3A3%3A1

173.233.139.164

200 OK

4.0 kB

URL GET HTTP/1.1
literalbackseatabroad.com/sbar.json?key=f919823b272bdfb48b2681e66a84d928&uuid=8b6fb30b-68c8-4a9d-b033-bfa025aa92c1%3A3%3A1
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectliteralbackseatabroad.com
FingerprintF4:46:34:A4:DD:6F:F9:84:A6:B0:E5:25:3E:B0:7E:D6:F2:AB:B1:C4
ValidityThu, 14 Sep 2023 11:19:10 GMT - Wed, 13 Dec 2023 11:19:09 GMT

File type
JSON data\012- , ASCII text, with very long lines (5627), with no line terminators
Size
4.0 kB (4005 bytes)
Hash
c4b5ac52546bd25e443d0a78bfcdc858
1217374a57e6eccbf04510f137747b326f43b58c
5f454c917976c1369bc06d62343b207d2dd0fc8b522e970e71ba7c6588030f12

HTTP Headers

GET /sbar.json?key=f919823b272bdfb48b2681e66a84d928&uuid=8b6fb30b-68c8-4a9d-b033-bfa025aa92c1%3A3%3A1 HTTP/1.1
Host: literalbackseatabroad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pttplay.net
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 23 Sep 2023 12:55:50 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://pttplay.net
Access-Control-Allow-Origin: https://pttplay.net
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=18113386; expires=Sun, 24 Sep 2023 12:55:50 GMT; secure; SameSite=None
uid_id2=8b6fb30b-68c8-4a9d-b033-bfa025aa92c1:3:1; expires=Sat, 30 Sep 2023 12:55:50 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 24 Sep 2023 12:55:50 GMT; secure; SameSite=None
uncs=1; expires=Sun, 24 Sep 2023 12:55:50 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 24 Sep 2023 12:55:50 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 24 Sep 2023 12:55:50 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 04a6ec51cf772ffc15358af7728011ce
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET literalbackseatabroad.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2sk1Rd9NTPM4vcDQZ2NC6GFARVMp6q60l3lLGTGMRKMk2HGfzt5%2F6rzJq%2FrFe9VdXWCi%2BCAzLL9BpXTyQSdMOgHUKSiqwEh7SoLgwizV4RZSyfB1ru559xzF%2Bed%2B77YKU%2BIj5IeL79vtpTWdHGp7bde%2ByQIrrVWVVaOWqO4%2B2k3utaywzcDP2n7r7felXzDLIZ%2B4PuBH7SWlZWpGS0GQdD2ofKDJGgnfjsK28FShJH9L3elB0c9iOEJeQFKTP938DiC4g2ywTc3pdsoTP7GO4NS08JYDMX%2Bh9lGZqoMgzlMrYc02z%2FfhnFHy9%2FDZHunhmGG%2FywyNSXe09%2FBsv1zl2DDvTOjTENmYOL%2FqIYNpG6gaANu7kOJIwJwgVtryAYPbxlb0c0zlc7UKbn07C%2Boakou%2FXoF2eDxDa1GrbtGl4UymcMoraFGDVS%2FQV4eoti6AFUdghefQ4mfyeKzVWSD3TWnDZQ4vhqzbso6PlvoxjxeiGgiFpjf6SywlPrhEqVJyIPThJRqoNIGWo5B3UWUzkOpPJSphzL3MBDHrR6P4ljES4JKzkOWBnEapVFCuZ9yv5OEKPnsDWMU%2BRhcj8HtNnK7jQ01hi1%2FgFuv4YQHVxAMRY1KElSOoKIElSKoCoJqWO8J7UJXPxTalSw47%2BF579QTU%2FR36J4p%2BjIjO%2FkJeX4WnHeF38OGPG6lSZDEYYeFvZCJlEUxC7txILtdGkciCWM4VUO5C6DOw5aaklZzFbmakgs%2F%2FQFGD%2BH0IbjyQMuXQatJL%2FRB1ydR7GMre5QXRa7pZjuTBYSpkReXUGx6O%2FqEvHR6v1efvgLJn5DzArc1clvjnvqRoK8fTO6YiuzeMZUj367lhRqoLTq77d2CFvLy1%2B%2FJzcpYsXLTjb%2B6zmfCDB58IF2xSjOhsr4jj24oIaRdNpZL8t2K%2B1iy26Vbv1HarMxXb7%2B9vDLIrXROmawBVUefdcHVlFy%2Bvnf6a1%2F8M4GyDWxZY1DOnSrTgOfbcPl85gyB1XPOcg9VWU9syOZDrQi0nHPKarh%2FcTbHO%2B4B%2BtYDLe4jG9QY2hpDXYPqMVx5cVLk9slbv3ROC0x7E6att8u01V%2BeRevUcUv2ZDdJIj%2FqCd9nkQjDYEly2oloQsMw7aFwU%2Fncbx%2F9DQAA%2F%2F8BAAD%2F%2F7Ni8QuCBAAA

173.233.139.164

200 OK

7 B

URL GET HTTP/1.1
literalbackseatabroad.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2sk1Rd9NTPM4vcDQZ2NC6GFARVMp6q60l3lLGTGMRKMk2HGfzt5%2F6rzJq%2FrFe9VdXWCi%2BCAzLL9BpXTyQSdMOgHUKSiqwEh7SoLgwizV4RZSyfB1ru559xzF%2Bed%2B77YKU%2BIj5IeL79vtpTWdHGp7bde%2ByQIrrVWVVaOWqO4%2B2k3utaywzcDP2n7r7felXzDLIZ%2B4PuBH7SWlZWpGS0GQdD2ofKDJGgnfjsK28FShJH9L3elB0c9iOEJeQFKTP938DiC4g2ywTc3pdsoTP7GO4NS08JYDMX%2Bh9lGZqoMgzlMrYc02z%2FfhnFHy9%2FDZHunhmGG%2FywyNSXe09%2FBsv1zl2DDvTOjTENmYOL%2FqIYNpG6gaANu7kOJIwJwgVtryAYPbxlb0c0zlc7UKbn07C%2Boakou%2FXoF2eDxDa1GrbtGl4UymcMoraFGDVS%2FQV4eoti6AFUdghefQ4mfyeKzVWSD3TWnDZQ4vhqzbso6PlvoxjxeiGgiFpjf6SywlPrhEqVJyIPThJRqoNIGWo5B3UWUzkOpPJSphzL3MBDHrR6P4ljES4JKzkOWBnEapVFCuZ9yv5OEKPnsDWMU%2BRhcj8HtNnK7jQ01hi1%2FgFuv4YQHVxAMRY1KElSOoKIElSKoCoJqWO8J7UJXPxTalSw47%2BF579QTU%2FR36J4p%2BjIjO%2FkJeX4WnHeF38OGPG6lSZDEYYeFvZCJlEUxC7txILtdGkciCWM4VUO5C6DOw5aaklZzFbmakgs%2F%2FQFGD%2BH0IbjyQMuXQatJL%2FRB1ydR7GMre5QXRa7pZjuTBYSpkReXUGx6O%2FqEvHR6v1efvgLJn5DzArc1clvjnvqRoK8fTO6YiuzeMZUj367lhRqoLTq77d2CFvLy1%2B%2FJzcpYsXLTjb%2B6zmfCDB58IF2xSjOhsr4jj24oIaRdNpZL8t2K%2B1iy26Vbv1HarMxXb7%2B9vDLIrXROmawBVUefdcHVlFy%2Bvnf6a1%2F8M4GyDWxZY1DOnSrTgOfbcPl85gyB1XPOcg9VWU9syOZDrQi0nHPKarh%2FcTbHO%2B4B%2BtYDLe4jG9QY2hpDXYPqMVx5cVLk9slbv3ROC0x7E6att8u01V%2BeRevUcUv2ZDdJIj%2FqCd9nkQjDYEly2oloQsMw7aFwU%2Fncbx%2F9DQAA%2F%2F8BAAD%2F%2F7Ni8QuCBAAA
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectliteralbackseatabroad.com
FingerprintF4:46:34:A4:DD:6F:F9:84:A6:B0:E5:25:3E:B0:7E:D6:F2:AB:B1:C4
ValidityThu, 14 Sep 2023 11:19:10 GMT - Wed, 13 Dec 2023 11:19:09 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST2sk1Rd9NTPM4vcDQZ2NC6GFARVMp6q60l3lLGTGMRKMk2HGfzt5%2F6rzJq%2FrFe9VdXWCi%2BCAzLL9BpXTyQSdMOgHUKSiqwEh7SoLgwizV4RZSyfB1ru559xzF%2Bed%2B77YKU%2BIj5IeL79vtpTWdHGp7bde%2ByQIrrVWVVaOWqO4%2B2k3utaywzcDP2n7r7felXzDLIZ%2B4PuBH7SWlZWpGS0GQdD2ofKDJGgnfjsK28FShJH9L3elB0c9iOEJeQFKTP938DiC4g2ywTc3pdsoTP7GO4NS08JYDMX%2Bh9lGZqoMgzlMrYc02z%2FfhnFHy9%2FDZHunhmGG%2FywyNSXe09%2FBsv1zl2DDvTOjTENmYOL%2FqIYNpG6gaANu7kOJIwJwgVtryAYPbxlb0c0zlc7UKbn07C%2Boakou%2FXoF2eDxDa1GrbtGl4UymcMoraFGDVS%2FQV4eoti6AFUdghefQ4mfyeKzVWSD3TWnDZQ4vhqzbso6PlvoxjxeiGgiFpjf6SywlPrhEqVJyIPThJRqoNIGWo5B3UWUzkOpPJSphzL3MBDHrR6P4ljES4JKzkOWBnEapVFCuZ9yv5OEKPnsDWMU%2BRhcj8HtNnK7jQ01hi1%2FgFuv4YQHVxAMRY1KElSOoKIElSKoCoJqWO8J7UJXPxTalSw47%2BF579QTU%2FR36J4p%2BjIjO%2FkJeX4WnHeF38OGPG6lSZDEYYeFvZCJlEUxC7txILtdGkciCWM4VUO5C6DOw5aaklZzFbmakgs%2F%2FQFGD%2BH0IbjyQMuXQatJL%2FRB1ydR7GMre5QXRa7pZjuTBYSpkReXUGx6O%2FqEvHR6v1efvgLJn5DzArc1clvjnvqRoK8fTO6YiuzeMZUj367lhRqoLTq77d2CFvLy1%2B%2FJzcpYsXLTjb%2B6zmfCDB58IF2xSjOhsr4jj24oIaRdNpZL8t2K%2B1iy26Vbv1HarMxXb7%2B9vDLIrXROmawBVUefdcHVlFy%2Bvnf6a1%2F8M4GyDWxZY1DOnSrTgOfbcPl85gyB1XPOcg9VWU9syOZDrQi0nHPKarh%2FcTbHO%2B4B%2BtYDLe4jG9QY2hpDXYPqMVx5cVLk9slbv3ROC0x7E6att8u01V%2BeRevUcUv2ZDdJIj%2FqCd9nkQjDYEly2oloQsMw7aFwU%2Fncbx%2F9DQAA%2F%2F8BAAD%2F%2F7Ni8QuCBAAA HTTP/1.1
Host: literalbackseatabroad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/
Cookie: u_pl=18113386; uid_id2=8b6fb30b-68c8-4a9d-b033-bfa025aa92c1:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 23 Sep 2023 12:55:50 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: de1f1ca937fd29c69e227fcd7e1199fe
Strict-Transport-Security: max-age=0; includeSubdomains

GET twigdose.com/pixel/purst?dl=0&th=0&sc=0&rs=2135&rd=2135&fd=568&bv=22.10.v.10&tmpl=136

192.243.59.13

200 OK

0 B

URL GET HTTP/1.1
twigdose.com/pixel/purst?dl=0&th=0&sc=0&rs=2135&rd=2135&fd=568&bv=22.10.v.10&tmpl=136
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjecttwigdose.com
FingerprintC6:A5:B0:AB:80:FC:B9:82:45:F2:A6:ED:8A:A7:CB:2B:15:57:F4:B2
ValiditySat, 16 Sep 2023 03:10:14 GMT - Fri, 15 Dec 2023 03:10:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=2135&rd=2135&fd=568&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: twigdose.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 23 Sep 2023 12:55:50 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET cdn.creative-bars1.com/sb/notifications/vpn/default/us/windows/browser-black/img/close.png

172.64.103.10

200 OK

4.0 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/vpn/default/us/windows/browser-black/img/close.png
IP
172.64.103.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint48:B7:50:3B:95:5B:52:CB:74:D5:D6:39:E2:DD:12:9D:05:51:D6:87
ValidityWed, 23 Aug 2023 16:10:20 GMT - Tue, 21 Nov 2023 16:10:19 GMT

File type
PNG image data, 500 x 500, 8-bit gray+alpha, non-interlaced\012- data
Size
4.0 kB (4022 bytes)
Hash
23e9690b0e7ac26868363a6248f44467
d7ad0eae64e0c1e65b12eda0aa9d2b91996dd64f
f362c67320d739ccf3bea21f857b9620075bd20ceacda8c51261b9612fe28395

HTTP Headers

GET /sb/notifications/vpn/default/us/windows/browser-black/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 23 Sep 2023 12:55:51 GMT
content-type: image/png
content-length: 4022
last-modified: Fri, 10 Apr 2020 10:20:20 GMT
etag: "5e904864-fb6"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 19128760
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3lniQBzYgTW71F6L29ZMkvR7Sj4bIKKxTZ6ntXLZmzRzCNxV0HGKkLVRIVWTyuwoNFrVluBgwQWtqaEf22qgl8jDuaNP%2FDkO9xqMWem6ctDkc8Auwl2Awo7S3bMz2B7qiF3lrqvhP8N8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b2f1c01abc7750-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdn.creative-bars1.com/sb/notifications/vpn/default/us/windows/browser-black/img/icon-green.png

172.64.103.10

200 OK

44 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/vpn/default/us/windows/browser-black/img/icon-green.png
IP
172.64.103.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint48:B7:50:3B:95:5B:52:CB:74:D5:D6:39:E2:DD:12:9D:05:51:D6:87
ValidityWed, 23 Aug 2023 16:10:20 GMT - Tue, 21 Nov 2023 16:10:19 GMT

File type
PNG image data, 700 x 709, 8-bit colormap, non-interlaced\012- data
Size
44 kB (44232 bytes)
Hash
0729aa7ad6c52977ca308f6d79a9829e
0da869330679bb1d9e153e91c4a3225df5f7462b
de8c5383930955f35e08700071b8074ccbb57dcd0efa3e309df59cb2dbb617e8

HTTP Headers

GET /sb/notifications/vpn/default/us/windows/browser-black/img/icon-green.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 23 Sep 2023 12:55:51 GMT
content-type: image/png
content-length: 44232
last-modified: Tue, 09 Aug 2022 13:20:24 GMT
etag: "62f25f18-acc8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 26953138
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=isLlZzM4swYBo9%2FIqf8rkpyK%2BZpcq18PSFT6LCE9AJVjKqe6ggE9peOXh9lwZy0HNdSF8v2FwYCYhE7XV7NHONMIth80FKIpkXOThDKUrn%2BeLeDgb0mgF26gTm3imowPBl9yRUYaVDwf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b2f1c01abf7750-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET pttplay.net/static/pttplay/fonts/font_593233_jsu8tlct5shpk3xr.woff

104.21.56.244

200 OK

13 kB

URL GET HTTP/3
pttplay.net/static/pttplay/fonts/font_593233_jsu8tlct5shpk3xr.woff
IP
104.21.56.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectpttplay.net
Fingerprint2B:0D:BC:B5:B2:62:95:E2:1E:00:CE:AE:9E:D5:70:F3:5B:39:41:36
ValidityMon, 21 Aug 2023 12:28:26 GMT - Sun, 19 Nov 2023 12:28:25 GMT

File type
Web Open Font Format, TrueType, length 13408, version 1.0\012- data
Size
13 kB (13408 bytes)
Hash
99af6debcdaba3e7ffe01b4c3cbccacb
4efda64b06cd7c294f6214623bcb634f3def3bd1
1106aebd6819da7203324abc443186658c8f54180a460ccc5b83553c5ce34f72

HTTP Headers

GET /static/pttplay/fonts/font_593233_jsu8tlct5shpk3xr.woff HTTP/1.1
Host: pttplay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/static/pttplay/css/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 12:55:51 GMT
content-type: font/woff
content-length: 13408
last-modified: Sun, 23 Jul 2023 09:42:33 GMT
x-frame-options: SAMEORIGIN
cache-control: max-age=1382400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wqy%2BlHR6W01EJiXZCcDD43E4LYnwvlUd3FDV7L1fOuKgRsO8vckSVspO3dKpiCwAQyjP57qyQ6gVaStfGMWVHEbC91eUdUWip0eGwR6QVxbZpfnDo2nDsrBVUE8qPA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b2f1b88ec15687-OSL
alt-svc: h3=":443"; ma=86400

GET cdn.creative-bars1.com/sb/notifications/vpn/default/us/windows/browser-black/js/script.js

172.64.103.10

200 OK

189 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/vpn/default/us/windows/browser-black/js/script.js
IP
172.64.103.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint48:B7:50:3B:95:5B:52:CB:74:D5:D6:39:E2:DD:12:9D:05:51:D6:87
ValidityWed, 23 Aug 2023 16:10:20 GMT - Tue, 21 Nov 2023 16:10:19 GMT

File type
ASCII text
Size
189 B (189 bytes)
Hash
5ca8c1679ba9453cfa512e01d6fec9c5
45628341eb20e4acee5e812d3b2dfc8f23962daf
520a0196a18cbe656f7382a02ec828125e68bdac511b9ebe2bf27f31e262d037

HTTP Headers

GET /sb/notifications/vpn/default/us/windows/browser-black/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pttplay.net
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 23 Sep 2023 12:55:51 GMT
content-type: application/javascript
last-modified: Fri, 10 Apr 2020 10:20:22 GMT
etag: W/"5e904866-182"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 65702
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=82dlCp%2B3dHt0YqD5r7yfHwxeCVnN5wtFktXPbiB31txkW4dh%2B9a%2FCn0P%2Fy5SDJnpFBV5%2BpY6u1zvnum2FB95uwXurGQ%2BB%2BOBRbhU0WNgGQh%2Fw0i%2BF2ZkTAlHNI%2BM9%2BDk5M%2FLDsKLNCdi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b2f1c00aa87750-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET literalbackseatabroad.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fwindows%2Fbrowser-black%2Fcss%2Fanimate.css&l=79245&fd=161

192.243.59.12

200 OK

0 B

URL GET HTTP/1.1
literalbackseatabroad.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fwindows%2Fbrowser-black%2Fcss%2Fanimate.css&l=79245&fd=161
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectliteralbackseatabroad.com
FingerprintF4:46:34:A4:DD:6F:F9:84:A6:B0:E5:25:3E:B0:7E:D6:F2:AB:B1:C4
ValidityThu, 14 Sep 2023 11:19:10 GMT - Wed, 13 Dec 2023 11:19:09 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fwindows%2Fbrowser-black%2Fcss%2Fanimate.css&l=79245&fd=161 HTTP/1.1
Host: literalbackseatabroad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/
Cookie: u_pl=18113386; uid_id2=8b6fb30b-68c8-4a9d-b033-bfa025aa92c1:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 23 Sep 2023 12:55:51 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET cdn.barscreative1.com/sb/notifications/vpn/default/us/windows/browser-black/index.html

45.133.44.3

200 OK

5.3 kB

URL GET HTTP/2
cdn.barscreative1.com/sb/notifications/vpn/default/us/windows/browser-black/index.html
IP
45.133.44.3:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
FingerprintCB:0F:87:85:B0:83:8B:5C:86:E5:81:91:9D:F5:ED:C4:A2:B6:B1:BE
ValidityTue, 12 Sep 2023 01:01:21 GMT - Mon, 11 Dec 2023 01:01:20 GMT

File type
gzip compressed data, from Unix\012- data
Size
5.3 kB (5290 bytes)
Hash
e2aab0ebff7cc8a82590574ecea88e30
3e9fb51ba348734d5630dc5183ee206bad36f581
d1203a27cef33dea20411c5e722d20599aa6351f0eecab05f0d185cba7f4b035

HTTP Headers

GET /sb/notifications/vpn/default/us/windows/browser-black/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pttplay.net
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 23 Sep 2023 12:55:50 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Fri, 10 Apr 2020 10:20:16 GMT
etag: W/"5e904860-50a"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sat, 23 Sep 2023 13:55:50 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pttplay.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 22 Sep 2023 10:05:24 GMT
expires: Sat, 21 Sep 2024 10:05:24 GMT
cache-control: public, max-age=31536000
age: 96627
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pttplay.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 21 Sep 2023 04:50:55 GMT
expires: Fri, 20 Sep 2024 04:50:55 GMT
cache-control: public, max-age=31536000
age: 201896
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

701 B

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT

File type
gzip compressed data, max compression\012- data
Size
701 B (701 bytes)
Hash
22380e1a2a53c82d46b0f02c0864e606
533ef8469b24020c3f44dd6f598f0d546ec349bf
d0c362cbc5f3c5fdcdcabab4cdb48a5fa5368086836188c36e30d9e1a2d5aa5d

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 23 Sep 2023 12:55:51 GMT
date: Sat, 23 Sep 2023 12:55:51 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET literalbackseatabroad.com/pixel/sbs?c=1

173.233.139.164

200 OK

0 B

URL GET HTTP/1.1
literalbackseatabroad.com/pixel/sbs?c=1
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectliteralbackseatabroad.com
FingerprintF4:46:34:A4:DD:6F:F9:84:A6:B0:E5:25:3E:B0:7E:D6:F2:AB:B1:C4
ValidityThu, 14 Sep 2023 11:19:10 GMT - Wed, 13 Dec 2023 11:19:09 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: literalbackseatabroad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/
Cookie: u_pl=18113386; uid_id2=8b6fb30b-68c8-4a9d-b033-bfa025aa92c1:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 23 Sep 2023 12:55:51 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET unseenreport.com/pxf.gif?uuid=8b6fb30b-68c8-4a9d-b033-bfa025aa92c1&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=f919823b272bdfb48b2681e66a84d928&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12

192.243.61.227

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=8b6fb30b-68c8-4a9d-b033-bfa025aa92c1&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=f919823b272bdfb48b2681e66a84d928&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
FingerprintBE:8C:78:D1:BA:58:B8:88:10:09:32:1D:31:7A:D9:4A:09:BF:6C:7A
ValiditySat, 23 Sep 2023 07:33:12 GMT - Fri, 22 Dec 2023 07:33:11 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=8b6fb30b-68c8-4a9d-b033-bfa025aa92c1&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=f919823b272bdfb48b2681e66a84d928&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 23 Sep 2023 12:55:52 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 27a2f4e249b948b1d01196169dc59199
Strict-Transport-Security: max-age=0; includeSubdomains

GET friendshipmale.com/sfp.js

172.64.134.5

200 OK

27 kB

URL GET HTTP/3
friendshipmale.com/sfp.js
IP
172.64.134.5:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
27 kB (27087 bytes)
Hash
2d0450888479d4ddda305bd96206b240
5b4595aab1cd3f854718e05db9be0c65a12ab2f6
44de073e74ff24c6b1c0fe1f3ac5b33d793560e85ef24fb6ce89e76c2cf90af6

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 23 Sep 2023 12:55:50 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: b6a7c962d0d096ed0a1f8e8acbb64f83
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 23 Sep 2023 12:55:49 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E28%2B7NseEm2WD4HbvHACT2UFtwUOTb5Vzi%2Bfa6poQgaD%2FTlENAPRqAyVH%2BTJDmb%2Fl0P0JLGfmK8bFvkyzQy4zvsNC6kFJWN0kv1JDLYLTs301Ue6EgDEkIy87wDKalObsj3uj5Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b2f1b97d5771e0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdn.creative-bars1.com/sb/notifications/vpn/default/us/windows/browser-black/css/animate.css

172.64.103.10

200 OK

79 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/vpn/default/us/windows/browser-black/css/animate.css
IP
172.64.103.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint48:B7:50:3B:95:5B:52:CB:74:D5:D6:39:E2:DD:12:9D:05:51:D6:87
ValidityWed, 23 Aug 2023 16:10:20 GMT - Tue, 21 Nov 2023 16:10:19 GMT

File type
ASCII text
Size
79 kB (79245 bytes)
Hash
80047eaa13ebd50c50e8a9753621e430
9c503e07d130572a0eaf51f7c02cbd4cf6213fe3
3f831a59615f8d5d40b4340b2836f91438c876f8dbce75f78e38360d6fe0f429

HTTP Headers

GET /sb/notifications/vpn/default/us/windows/browser-black/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pttplay.net
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 23 Sep 2023 12:55:51 GMT
content-type: text/css
last-modified: Fri, 10 Apr 2020 10:20:18 GMT
etag: W/"5e904862-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 65702
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9l9Gn6QLXrZxECVgQRJZGGSFFoLt7khK3vs8HkKfRTcPXvFQy8kSIVFvfLefsEVORnQQzrQUyCFPZ6%2BSEeSCvAXCHsNlcqaF6w2PGe3H7IxBF3%2FN80Yfd2Phy3jiWN%2B4lJwa5ubeWKkg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b2f1bffa9b7750-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdn.creative-bars1.com/sb/notifications/vpn/default/us/windows/browser-black/css/style.css

172.64.103.10

200 OK

4.3 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/vpn/default/us/windows/browser-black/css/style.css
IP
172.64.103.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint48:B7:50:3B:95:5B:52:CB:74:D5:D6:39:E2:DD:12:9D:05:51:D6:87
ValidityWed, 23 Aug 2023 16:10:20 GMT - Tue, 21 Nov 2023 16:10:19 GMT

File type
ASCII text, with very long lines (4527), with no line terminators
Size
4.3 kB (4254 bytes)
Hash
40c6ffeef90ad98d94c1372966894621
5bc102fc9c9611c9d3e61becc379ae35a0bb9144
79f73975b3bf9b7e48480b5dfe30e368b6902703c66b72e676763c5e62046d33

HTTP Headers

GET /sb/notifications/vpn/default/us/windows/browser-black/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pttplay.net
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 23 Sep 2023 12:55:51 GMT
content-type: text/css
last-modified: Fri, 27 Nov 2020 13:45:32 GMT
etag: W/"5fc102fc-109e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 65702
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mZHjZHP7xXpsMgIOVVF7J%2F19PQklUz4v7vM7Bdw6%2ByDOxJXiSQP7cvcjL2TLExOidhpXo2oyJzqE32xLGhNAcpKSMDXYzilWmOQ5nzQY1KdlTH6bwYuXsYA7BRgy%2BqnbindzeNKQPPMv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b2f1c00ab07750-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

173.233.139.164

200 OK

0 B

URL GET HTTP/1.1
literalbackseatabroad.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fwindows%2Fbrowser-black%2Fjs%2Fscript.js&l=386&fd=189
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectliteralbackseatabroad.com
FingerprintF4:46:34:A4:DD:6F:F9:84:A6:B0:E5:25:3E:B0:7E:D6:F2:AB:B1:C4
ValidityThu, 14 Sep 2023 11:19:10 GMT - Wed, 13 Dec 2023 11:19:09 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fwindows%2Fbrowser-black%2Fjs%2Fscript.js&l=386&fd=189 HTTP/1.1
Host: literalbackseatabroad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/
Cookie: u_pl=18113386; uid_id2=8b6fb30b-68c8-4a9d-b033-bfa025aa92c1:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 23 Sep 2023 12:55:51 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET literalbackseatabroad.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRitzoY9KAjqXjwIIyyoYCbdPT2THvcgG9dIMG6WXX%2FdpH71pDY1XU1V9%2FQkeAguyB7H%2F6DzJtmgGxb9AxTp6GlByHjKwSDC3hVhzzJJcNy6fO997zu8et%2F31W5xSnwU9GTlQ7OttKaL7abfeOOzILjWWFNpMWwM487nnehaww7eDvxu03%2Bz8b7km2Yx9APfD%2FygsaKsTMxwMQiCpg%2BVHXaDZtdvRmEzaEcY2me5Kzw46kEMTslLUGLy3OGjCIrXSPvf3ZBuMzfZW%2B%2F1C01zYzEQBx%2Bnm6kpU%2FRnMLEekvTgYhrGHa%2F8CJPunxmGGfw3yNSEeE%2F%2BBEsPLlyCDfbPjTINmYKJ51EOakhdQ9Ea3NyDEscE4AI315H2H9w0tqRb5yqdqhMy%2F%2FQfqHJC5n%2B%2FgrT%2FaFmrYeOO0UWuTOowTCqoYQ3Vq5EVR8i356DKI%2FD8SyjxK1l8uoa0v7futIESJ1dj1klYy2cLnZjHCxHtigXmt1oLLKF%2B2Ka0G%2FLgLCGlaqikhpYjUHcJhfNQKA9F4qHIPPTFSWOJR3Es4ragkvOQJUGcREnUpdxPuN%2Fqhij49A8j5NkIXI%2FA7Q4yu4NNNYItfoLbqOCEB5cTDESFUhKUjqCkBKUiKHOCclDtC%2B1CVz0Q2hUsuKjhRW1VY5P3dum%2ByXsyJbvZKXlxGpx3hd%2FFpjxpJN2gG4ctFi6FTCQsilnYiQPZ6dA4Et0whlMVlJsDdR621YQ06qvI1ITM%2FfIXGD2C00fgygMtXgUtx0uhD7oxjmIf2%2BnDLM8zTbeaqcwhTIUsn0e%2B5e3qU%2FLK2f5ef%2FIaJH9MLh64rZDZCnfVzwQ9fX9825Rk77YpHfl%2BPctVX23T6W7v5DSXl7%2F9QG6VxorVG270zXU%2BFabw8CPp8jWaCpX2HHm4rISQdsVYLskPq%2B5TyW4VbmO5sGmRrd16d2W1n1npnDJpDaqOv%2BiAqwm5fH3%2F7Gpf%2FrsLZWvYokK%2FmDlVpgbPduCyWc8ZAqtnnGUeyqIa25DNmloRaDnjlFVw%2F%2BNshnfdffSsB5rfQ9qvMLAVBroC1SO44tI4z%2Bzjd35rnT0w7Y2Ztt4e01Z%2FfR6tUycNzn1JA7YUSClku8V51OHTQ29FSzJuizZyN5Ev%2FPHJvwAAAP%2F%2FAQAA%2F%2F9MRVkbggQAAA%3D%3D

192.243.59.12

200 OK

0 B

URL GET HTTP/1.1
literalbackseatabroad.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRitzoY9KAjqXjwIIyyoYCbdPT2THvcgG9dIMG6WXX%2FdpH71pDY1XU1V9%2FQkeAguyB7H%2F6DzJtmgGxb9AxTp6GlByHjKwSDC3hVhzzJJcNy6fO997zu8et%2F31W5xSnwU9GTlQ7OttKaL7abfeOOzILjWWFNpMWwM487nnehaww7eDvxu03%2Bz8b7km2Yx9APfD%2FygsaKsTMxwMQiCpg%2BVHXaDZtdvRmEzaEcY2me5Kzw46kEMTslLUGLy3OGjCIrXSPvf3ZBuMzfZW%2B%2F1C01zYzEQBx%2Bnm6kpU%2FRnMLEekvTgYhrGHa%2F8CJPunxmGGfw3yNSEeE%2F%2BBEsPLlyCDfbPjTINmYKJ51EOakhdQ9Ea3NyDEscE4AI315H2H9w0tqRb5yqdqhMy%2F%2FQfqHJC5n%2B%2FgrT%2FaFmrYeOO0UWuTOowTCqoYQ3Vq5EVR8i356DKI%2FD8SyjxK1l8uoa0v7futIESJ1dj1klYy2cLnZjHCxHtigXmt1oLLKF%2B2Ka0G%2FLgLCGlaqikhpYjUHcJhfNQKA9F4qHIPPTFSWOJR3Es4ragkvOQJUGcREnUpdxPuN%2Fqhij49A8j5NkIXI%2FA7Q4yu4NNNYItfoLbqOCEB5cTDESFUhKUjqCkBKUiKHOCclDtC%2B1CVz0Q2hUsuKjhRW1VY5P3dum%2ByXsyJbvZKXlxGpx3hd%2FFpjxpJN2gG4ctFi6FTCQsilnYiQPZ6dA4Et0whlMVlJsDdR621YQ06qvI1ITM%2FfIXGD2C00fgygMtXgUtx0uhD7oxjmIf2%2BnDLM8zTbeaqcwhTIUsn0e%2B5e3qU%2FLK2f5ef%2FIaJH9MLh64rZDZCnfVzwQ9fX9825Rk77YpHfl%2BPctVX23T6W7v5DSXl7%2F9QG6VxorVG270zXU%2BFabw8CPp8jWaCpX2HHm4rISQdsVYLskPq%2B5TyW4VbmO5sGmRrd16d2W1n1npnDJpDaqOv%2BiAqwm5fH3%2F7Gpf%2FrsLZWvYokK%2FmDlVpgbPduCyWc8ZAqtnnGUeyqIa25DNmloRaDnjlFVw%2F%2BNshnfdffSsB5rfQ9qvMLAVBroC1SO44tI4z%2Bzjd35rnT0w7Y2Ztt4e01Z%2FfR6tUycNzn1JA7YUSClku8V51OHTQ29FSzJuizZyN5Ev%2FPHJvwAAAP%2F%2FAQAA%2F%2F9MRVkbggQAAA%3D%3D
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectliteralbackseatabroad.com
FingerprintF4:46:34:A4:DD:6F:F9:84:A6:B0:E5:25:3E:B0:7E:D6:F2:AB:B1:C4
ValidityThu, 14 Sep 2023 11:19:10 GMT - Wed, 13 Dec 2023 11:19:09 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRitzoY9KAjqXjwIIyyoYCbdPT2THvcgG9dIMG6WXX%2FdpH71pDY1XU1V9%2FQkeAguyB7H%2F6DzJtmgGxb9AxTp6GlByHjKwSDC3hVhzzJJcNy6fO997zu8et%2F31W5xSnwU9GTlQ7OttKaL7abfeOOzILjWWFNpMWwM487nnehaww7eDvxu03%2Bz8b7km2Yx9APfD%2FygsaKsTMxwMQiCpg%2BVHXaDZtdvRmEzaEcY2me5Kzw46kEMTslLUGLy3OGjCIrXSPvf3ZBuMzfZW%2B%2F1C01zYzEQBx%2Bnm6kpU%2FRnMLEekvTgYhrGHa%2F8CJPunxmGGfw3yNSEeE%2F%2BBEsPLlyCDfbPjTINmYKJ51EOakhdQ9Ea3NyDEscE4AI315H2H9w0tqRb5yqdqhMy%2F%2FQfqHJC5n%2B%2FgrT%2FaFmrYeOO0UWuTOowTCqoYQ3Vq5EVR8i356DKI%2FD8SyjxK1l8uoa0v7futIESJ1dj1klYy2cLnZjHCxHtigXmt1oLLKF%2B2Ka0G%2FLgLCGlaqikhpYjUHcJhfNQKA9F4qHIPPTFSWOJR3Es4ragkvOQJUGcREnUpdxPuN%2Fqhij49A8j5NkIXI%2FA7Q4yu4NNNYItfoLbqOCEB5cTDESFUhKUjqCkBKUiKHOCclDtC%2B1CVz0Q2hUsuKjhRW1VY5P3dum%2ByXsyJbvZKXlxGpx3hd%2FFpjxpJN2gG4ctFi6FTCQsilnYiQPZ6dA4Et0whlMVlJsDdR621YQ06qvI1ITM%2FfIXGD2C00fgygMtXgUtx0uhD7oxjmIf2%2BnDLM8zTbeaqcwhTIUsn0e%2B5e3qU%2FLK2f5ef%2FIaJH9MLh64rZDZCnfVzwQ9fX9825Rk77YpHfl%2BPctVX23T6W7v5DSXl7%2F9QG6VxorVG270zXU%2BFabw8CPp8jWaCpX2HHm4rISQdsVYLskPq%2B5TyW4VbmO5sGmRrd16d2W1n1npnDJpDaqOv%2BiAqwm5fH3%2F7Gpf%2FrsLZWvYokK%2FmDlVpgbPduCyWc8ZAqtnnGUeyqIa25DNmloRaDnjlFVw%2F%2BNshnfdffSsB5rfQ9qvMLAVBroC1SO44tI4z%2Bzjd35rnT0w7Y2Ztt4e01Z%2FfR6tUycNzn1JA7YUSClku8V51OHTQ29FSzJuizZyN5Ev%2FPHJvwAAAP%2F%2FAQAA%2F%2F9MRVkbggQAAA%3D%3D HTTP/1.1
Host: literalbackseatabroad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/
Cookie: u_pl=18113386; uid_id2=8b6fb30b-68c8-4a9d-b033-bfa025aa92c1:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 23 Sep 2023 12:55:51 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0a46350d9a8aafcabf5d5052dc9852bc
Strict-Transport-Security: max-age=0; includeSubdomains

GET unseenreport.com/pxf.gif?uuid=8b6fb30b-68c8-4a9d-b033-bfa025aa92c1&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=4e1b1723173018b9322224588a5482de&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=8b6fb30b-68c8-4a9d-b033-bfa025aa92c1&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=4e1b1723173018b9322224588a5482de&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
FingerprintBE:8C:78:D1:BA:58:B8:88:10:09:32:1D:31:7A:D9:4A:09:BF:6C:7A
ValiditySat, 23 Sep 2023 07:33:12 GMT - Fri, 22 Dec 2023 07:33:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=8b6fb30b-68c8-4a9d-b033-bfa025aa92c1&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=4e1b1723173018b9322224588a5482de&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 23 Sep 2023 12:55:52 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3eb51974e275da1eddd134ca2f025f5a
Strict-Transport-Security: max-age=0; includeSubdomains

GET pttplay.net/vod/2022781146.html

104.21.56.244

200 OK

14 kB

URL User Request GET HTTP/2
pttplay.net/vod/2022781146.html
IP
104.21.56.244:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectpttplay.net
Fingerprint2B:0D:BC:B5:B2:62:95:E2:1E:00:CE:AE:9E:D5:70:F3:5B:39:41:36
ValidityMon, 21 Aug 2023 12:28:26 GMT - Sun, 19 Nov 2023 12:28:25 GMT

File type

Size
14 kB (14062 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /vod/2022781146.html HTTP/1.1
Host: pttplay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 23 Sep 2023 12:55:48 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
expires: Sat, 23 Sep 2023 12:56:59 GMT
cache-control: max-age=180
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6UFaRYUckt3s%2B1cEgZJ5NjmuS%2FbLFPSz2fni%2FSa4nrWmCiHhF%2Flz1qEE45k6%2FMwbofenr8Y4IYCRMZlG6lmbPuWy01KmIGk2ve8JpG6AxwodLy1OzHkJgsMBV9w53w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b2f1af3f2bb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET pttplay.net/static/pttplay/css/style.css

104.21.56.244

200 OK

59 kB

URL GET HTTP/3
pttplay.net/static/pttplay/css/style.css
IP
104.21.56.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectpttplay.net
Fingerprint2B:0D:BC:B5:B2:62:95:E2:1E:00:CE:AE:9E:D5:70:F3:5B:39:41:36
ValidityMon, 21 Aug 2023 12:28:26 GMT - Sun, 19 Nov 2023 12:28:25 GMT

File type

Size
59 kB (59154 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/pttplay/css/style.css HTTP/1.1
Host: pttplay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/vod/2022781146.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 12:55:49 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=78272
last-modified: Sun, 23 Jul 2023 09:42:33 GMT
x-frame-options: SAMEORIGIN
cache-control: max-age=1382400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7X6q6WIpD61xoAleAEpnSDCBGadVAPJOPdD7hHXKfWcweg0oa3WPNTibT%2FFIZqStlIQ4Bbcqps%2B6tJXwZ%2FYzXPynPbZQ%2BSAmTo%2BapEeQuwAHwU9FL7srJJ5KWknNxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b2f1b4cad05687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET pttplay.net/static/pttplay/js/swiper.min.js

104.21.56.244

200 OK

96 kB

URL GET HTTP/3
pttplay.net/static/pttplay/js/swiper.min.js
IP
104.21.56.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectpttplay.net
Fingerprint2B:0D:BC:B5:B2:62:95:E2:1E:00:CE:AE:9E:D5:70:F3:5B:39:41:36
ValidityMon, 21 Aug 2023 12:28:26 GMT - Sun, 19 Nov 2023 12:28:25 GMT

File type
ASCII text, with very long lines (31999)
Size
96 kB (96376 bytes)
Hash
a7815d42fc899f4557b5495b6e00d061
a8d88e563e41229d43760a9f191971fd62e8de24
a18e7f7487a56a4c19068b935937cc47aa87d928cb0f7f95b55ca1978eb95a7d

HTTP Headers

GET /static/pttplay/js/swiper.min.js HTTP/1.1
Host: pttplay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/vod/2022781146.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 12:55:50 GMT
content-type: application/javascript
last-modified: Sun, 23 Jul 2023 09:42:33 GMT
x-frame-options: SAMEORIGIN
cache-control: max-age=1382400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iSgAvX9%2BCvALfRAUNIoxu103zDY8Ql4peffOfKVjy5SfwluZ%2F3hGoqW4WqHXHLM8STbJRI%2BCA%2BfWCtUMx%2BnjbmH8rt1153GxMUMP9%2B%2Byg3q3BmCaRkruZWgCa455gg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b2f1b8ff205687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

173.233.139.164

200 OK

0 B

URL GET HTTP/1.1
literalbackseatabroad.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fwindows%2Fbrowser-black%2Fcss%2Fstyle.css&l=4254&fd=159
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectliteralbackseatabroad.com
FingerprintF4:46:34:A4:DD:6F:F9:84:A6:B0:E5:25:3E:B0:7E:D6:F2:AB:B1:C4
ValidityThu, 14 Sep 2023 11:19:10 GMT - Wed, 13 Dec 2023 11:19:09 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fwindows%2Fbrowser-black%2Fcss%2Fstyle.css&l=4254&fd=159 HTTP/1.1
Host: literalbackseatabroad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/
Cookie: u_pl=18113386; uid_id2=8b6fb30b-68c8-4a9d-b033-bfa025aa92c1:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 23 Sep 2023 12:55:51 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET pttplay.net/static/pttplay/css/white.css

104.21.56.244

200 OK

11 kB

URL GET HTTP/3
pttplay.net/static/pttplay/css/white.css
IP
104.21.56.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectpttplay.net
Fingerprint2B:0D:BC:B5:B2:62:95:E2:1E:00:CE:AE:9E:D5:70:F3:5B:39:41:36
ValidityMon, 21 Aug 2023 12:28:26 GMT - Sun, 19 Nov 2023 12:28:25 GMT

File type
ASCII text, with very long lines (10689), with no line terminators
Size
11 kB (10689 bytes)
Hash
e7424c3b2b182970ba736b0c88927dca
762a7e3c4aedf1623c5a1ddb9fc47a392b6e7836
98936bb39405938cf92df80e6eea6ca51fc7f0d6da41380001994849403a62d6

HTTP Headers

GET /static/pttplay/css/white.css HTTP/1.1
Host: pttplay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/vod/2022781146.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 12:55:49 GMT
content-type: text/css
cf-bgj: minify
last-modified: Sun, 23 Jul 2023 09:42:33 GMT
x-frame-options: SAMEORIGIN
cache-control: max-age=1382400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8uXdGceGp4T5dza6TYLBsR%2Fs3Imc8wmoBY0qv7M7PdEoby1F4JAIZHFw0XDdFV4OYmPVZqMF8a1WCNXkjEGGLKmeyGb5yjdNtj1UArQugjG6sbjVJ8a7b6ldxqOkSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b2f1b4cad25687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET literalbackseatabroad.com/4e/1b/17/4e1b1723173018b9322224588a5482de.js

173.233.139.164

200 OK

86 kB

URL GET HTTP/1.1
literalbackseatabroad.com/4e/1b/17/4e1b1723173018b9322224588a5482de.js
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectliteralbackseatabroad.com
FingerprintF4:46:34:A4:DD:6F:F9:84:A6:B0:E5:25:3E:B0:7E:D6:F2:AB:B1:C4
ValidityThu, 14 Sep 2023 11:19:10 GMT - Wed, 13 Dec 2023 11:19:09 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Size
86 kB (85782 bytes)
Hash
add992fa9dbe4cae473a347ead9d25a2
fd3852eb872ac1226f0c49c118d9bf8704aeb36c
3c2f9df0d77ae69e9512a8068115532486fe6d01aefbc22e4122c6f779022346

HTTP Headers

GET /4e/1b/17/4e1b1723173018b9322224588a5482de.js HTTP/1.1
Host: literalbackseatabroad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 23 Sep 2023 12:55:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b8b50423790620b0043cb1c4b44fb531
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET pttplay.net/favicon.ico

104.21.56.244

200 OK

15 kB

URL GET HTTP/3
pttplay.net/favicon.ico
IP
104.21.56.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectpttplay.net
Fingerprint2B:0D:BC:B5:B2:62:95:E2:1E:00:CE:AE:9E:D5:70:F3:5B:39:41:36
ValidityMon, 21 Aug 2023 12:28:26 GMT - Sun, 19 Nov 2023 12:28:25 GMT

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
15 kB (15406 bytes)
Hash
336d3c314cd4925bb3ec94462e9698a4
bb9ed1e25a967817bcae062c0c860924257b5855
cab239d7f29bce66010970a188d6aa7d482a948e2582995deff342296e76affa

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: pttplay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/vod/2022781146.html
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=8b6fb30b-68c8-4a9d-b033-bfa025aa92c1%3A3%3A1; sb_main_f919823b272bdfb48b2681e66a84d928=1; sb_count_f919823b272bdfb48b2681e66a84d928=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=literalbackseatabroad.com; ppu_main_4e1b1723173018b9322224588a5482de=1; ppu_idelay_4e1b1723173018b9322224588a5482de=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 12:55:52 GMT
content-type: image/vnd.microsoft.icon
last-modified: Sun, 23 Jul 2023 09:42:33 GMT
x-frame-options: SAMEORIGIN
cache-control: max-age=1382400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hTygPr3ri7LGD5587MTNi5ZMknqQqPZhVQtzAgE0rNvTmvYgdzqecIZKeWMNrtGyr7rKMH62dhHH1wTdw5yr345Uuwwgdutx3UUnhBxp8n5pGvM9urIC939RTFf6SA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b2f1c3ba205687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET pttplay.net/static/pttplay/js/system.js

104.21.56.244

200 OK

46 kB

URL GET HTTP/3
pttplay.net/static/pttplay/js/system.js
IP
104.21.56.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectpttplay.net
Fingerprint2B:0D:BC:B5:B2:62:95:E2:1E:00:CE:AE:9E:D5:70:F3:5B:39:41:36
ValidityMon, 21 Aug 2023 12:28:26 GMT - Sun, 19 Nov 2023 12:28:25 GMT

File type

Size
46 kB (46397 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/pttplay/js/system.js HTTP/1.1
Host: pttplay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/vod/2022781146.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 12:55:49 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=69356
last-modified: Sun, 23 Jul 2023 09:42:33 GMT
x-frame-options: SAMEORIGIN
cache-control: max-age=1382400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fgVyxVQtKvz5ScPxmd8J98c7j1EXyTT%2FfQfEdoVcX7FlY9Q3BoSzjKYdEb073Yl4kE5ymQTiTlgGTG4jtr8gvdGvu0E6IeLx6sf8jvQ%2BCqRYAb4npYh2oL0hgMCamQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b2f1b4cad35687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET pttplay.net/static/pttplay/js/jquery.lazyload.min.js

104.21.56.244

200 OK

3.4 kB

URL GET HTTP/3
pttplay.net/static/pttplay/js/jquery.lazyload.min.js
IP
104.21.56.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pttplay.net/vod/2022781146.html
Certificate
IssuerLet's Encrypt
Subjectpttplay.net
Fingerprint2B:0D:BC:B5:B2:62:95:E2:1E:00:CE:AE:9E:D5:70:F3:5B:39:41:36
ValidityMon, 21 Aug 2023 12:28:26 GMT - Sun, 19 Nov 2023 12:28:25 GMT

File type
ASCII text, with very long lines (3454), with no line terminators
Size
3.4 kB (3381 bytes)
Hash
60d2900c5bd77480d72c87a0757e53a4
a14ab5f1d902491ad7d9e0be7f7df2d2047a587f
d86dbcd6ce632288c61916f31f7df15a4570d569cfb3d2017bec1193d86c2a5f

HTTP Headers

GET /static/pttplay/js/jquery.lazyload.min.js HTTP/1.1
Host: pttplay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://pttplay.net/vod/2022781146.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 12:55:50 GMT
content-type: application/javascript
last-modified: Sun, 23 Jul 2023 09:42:33 GMT
x-frame-options: SAMEORIGIN
cache-control: max-age=1382400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0xfNlmNe2XgIK0em4wLo3EVpO8lGyjgKokq032e%2FNVmQRvWKvb8auZ6PpxNWYU8YEmizizk0iU9j52Bm%2B2Kn4OtPn%2Fby0hleVzdYAdWWhmhbl5oOvlQH0SxStKptug%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b2f1b8ff235687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN