{"report_id":"7ecbe109-6d12-476b-90a4-d678f8acf7be","version":6,"status":"done","tags":[],"date":"2026-03-03T16:41:44Z","url":{"schema":"http","addr":"ba.do4a.pro","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":0,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"final":{"url":{"schema":"https","addr":"ba.do4a.pro/","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"title":"Новости | Do4a.com - Второе дыхание","dom":{"size":110059,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (783)","md5":"79d3741d48849aaa4fb093b27e7fc2ce","sha1":"6280c37a070089d9cb2d84302e807dc552cf0d76","sha256":"bb54fbe68117cd80079ec96a307ede65d76ab97ef78bfb1fec962a222cb82318","sha512":"6e66b3b9e3b594d4bc81431749ef7f99063293decba87f38c7154e44c1756b1cf77a684c4d7becbed44040e12e2dfb658142061635651a23401e8332cc2e26f2","ssdeep":"3072:A800nlch3AMQPzE+gVJwyBvbba0yZrKHhoH5EW+ok2zWF93G:J00nqm5JgVayBvfa58GZEZj2zT","tlshash":"80b3369053d98d6a810371d2a414bf5ba4ab4b7ede720ad231be38296ffdc14950f24f","dom_hash":"domhash270d2477d811a401a69d3a61b5a7070c","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"ba.do4a.pro","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":0,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-07T16:41:44Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-03","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"bannernetwork.net/do4a/belnew.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-03","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"bannernetwork.net/do4a/profd4.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null},"summary":[{"fqdn":"bannernetwork.net","ip":{"addr":"104.21.73.40","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-05-30","domain_rank":0,"first_seen":"2018-12-10T23:11:06Z","last_seen":"2024-10-16T21:43:12.915135Z","alert_count":2,"request_count":12,"received_data":25767657,"sent_data":4929,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.251.142.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-03-01T22:20:53.525798Z","alert_count":0,"request_count":3,"received_data":1093236,"sent_data":1316,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"ba.do4a.pro","ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-01-29T11:39:52.287632Z","last_seen":"2026-01-29T11:39:54.208862Z","alert_count":0,"request_count":29,"received_data":2529931,"sent_data":16934,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP:5.6.21","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery:1.11.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"VK Pixel","description":"VK is a Russian online social media and social networking service.","website":"https://vk.com/","common_platform_enumeration":"","icon":"vk.svg","categories":["Analytics"]},{"name":"XenForo","description":"XenForo is a PHP-based forum hosting program for communities that is designed to be deployed on a remote web server.","website":"https://xenforo.com","common_platform_enumeration":"","icon":"XenForo.png","categories":["Message boards"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-03-01T22:15:00.771016Z","alert_count":0,"request_count":4,"received_data":109088,"sent_data":2142,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-03-01T22:18:12.522658Z","alert_count":0,"request_count":1,"received_data":6204,"sent_data":511,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-98JGTJBXV1\u0026cx=c\u0026gtm=4e62r1","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.142.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"fb5601b8ce4179aee20be315c8a8c0bf","sha1":"6ffa85015a1c21634e6036d0cc3af6df79f912a2","sha256":"e5797dbc11606a8cdf5b84bbb45ece4e6d919b0b933e7db8e99e8d6fbf96ed22","sha512":"6a38b98a28fb5a4f5c63566966111b51d4721f41384e20676637727f714a11127e32d6836896e677c5cf0f162ac7b7173c71a629f700ebb5dc2e89cc5cb11830","ssdeep":"6144:U31n5QMWlW5w408SEGk8qICP5RHcG1h/H4UrAXD40:S5fWlW5w47Kk8+H4Ia","tlshash":"9e8419cdb3c670629393b478503f018ba57b68a2b84ccc99f199d8d42e7469a4237f7d","size":401358,"data":"","first_seen":"2026-03-03T16:41:53.527387Z","last_seen":"2026-03-03T16:41:53.527387Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"introduction_type":"scriptElement","is_inline":true,"md5":"a64547d7ef9bb71e63145ac176f8a1b6","sha1":"d343203acfb97e5e98689d296a733b2c99720109","sha256":"12c52b0e65f0e9d100476bfe2cee5366abf9b70aed683872e753591ebe96b342","sha512":"2d52117c774dd709d694303ec5f5538ca9b8f9f0888afd74cdbfe2b2b1ff469cc6b5b752c678ad68d92df62310a28ef558312956bd9c65952871ac4748ecbc0a","ssdeep":"","tlshash":"660199bf2cf250304167b1b89aafa104746364175809ad09bccdc5949f98bad0b7abac","size":819,"data":"","first_seen":"2023-04-30T07:17:34Z","last_seen":"2026-03-03T16:41:53.550763Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-120595707-1","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.142.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"21a94b121c9b3a0a340ad90d668ee4b9","sha1":"13d6e17d5fa13093f18b29645ef2cc44d604631f","sha256":"15f1bea9c22f3c686393df2831f1841bcf4245ceb97bdb435163f36661880255","sha512":"490f14590eb00b30b14caaa4fd6a35f4731b14d081f1fc1455588f55b3d37eebbf06b9955a973bbabdec366783497db81c6cac974b8827eedd9efa84b219204c","ssdeep":"6144:Y31nPWlW5wh08SE48qIA55RHcG1h5H4prTtytG:WPWlW5wh7M8iH4REM","tlshash":"b37408cdb3da706293a3a478503f018bb17a6892b84ccc95f196dcd42e7069a4277f7d","size":344997,"data":"","first_seen":"2026-03-03T16:41:53.500699Z","last_seen":"2026-03-03T16:41:53.500699Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/js/xenforo/xenforo.js?_v=a4977791","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"introduction_type":"scriptElement","is_inline":false,"md5":"7659c2ab3bd2001e23118eb49d15aa34","sha1":"b579daf754abb940b25692bda1007573fb949cca","sha256":"0baa35b068dd1c4a80020f01ccd76eab83058bd6bb98877a59035771ad07d8fa","sha512":"1a8245163289a412f09bfccbf56f25d46b9ebea53cc4fce9b92e964e63545ee35f5a48f238de1b701542f777e8e018f245c77d07c0ea912c5ffe28a4180d1f1b","ssdeep":"3072:pulrhnAh+VhITl8XNeKHrlfMOL9k12jmT3j1jLvbmcJnxQtx:pufr4WnlbL9k1wOjVbmcJnxQtx","tlshash":"37f3faa9b3a1715393fb3078502f0105623168bee50e8974b4ad98e65ebcf492277f3d","size":169382,"data":"","first_seen":"2023-04-30T07:17:34Z","last_seen":"2026-03-21T01:37:59.112707Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"introduction_type":"scriptElement","is_inline":true,"md5":"a64225c081821318103c34f82ceb92b6","sha1":"67a5010936e36b2d7e8fed6cbe6c7224628bc1d4","sha256":"886b643b905a010211817dd8b46044e4947ce037e37cc0d692132fc78ba4dfe6","sha512":"e25ee6dad86c319b6ba1dcee4872ecc34aa6b196860aa99143c3f75bfa911059032e128575cfdd7e5283ba54437253de69f036b231849eea3a3c6b4685075b60","ssdeep":"","tlshash":"55c02b88210a0c7186f727408b3ffb00b8463224d4d09d33484923854e31e03e754940","size":155,"data":"","first_seen":"2023-04-30T07:17:34Z","last_seen":"2026-03-03T16:41:53.552118Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"introduction_type":"scriptElement","is_inline":true,"md5":"4e945239e7e65825e385756ad5ab39a9","sha1":"9b7b9e3e10a719e9ed9dbbf771f761ff43592944","sha256":"cf9f70c6a492292d601713303298aecba2234c5fcc34288f1e91bc867d84f1a3","sha512":"00a0b3f3a4cb6a01e912e03104ef0a4bdaecd8006a3a74bd374cdc9756ad72695be90c7a78aacc733fdce6ec47734c3fa5bca7973e3d02d96db9f37daa6a5d7d","ssdeep":"","tlshash":"2fc02be39295003a458710d610b0e0dd706e400c081c7c11cd4dc840b350f882c36685","size":131,"data":"","first_seen":"2025-12-05T18:05:21.345945Z","last_seen":"2026-03-03T16:41:53.553467Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google-analytics.com/analytics.js","fqdn":"www.google-analytics.com","domain":"google-analytics.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f24128d0c9cba7be2916c693427a3483","sha1":"1b6397d496ea896ebc2018b01b995cee4f166029","sha256":"58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8","sha512":"c4950733b44e258bbc817ce6396f002caec1e11a6413fd0038c9baef2d5f1d992b1fd0ec52515aba52faedb52c28b996a7fc063f28a0f45f3aab5e2f91bf5be5","ssdeep":"96:A1VdZYqhPnjpWx4/eTe8qSMbqaQd6VL2Jyt9LdJoyayCVPVD5wdBfQPfCHiUr3:AXdZYqNjpU4yPqSMbqaQGL2QfdDayCZC","tlshash":"a6a1dc9939fb50210233b1bd1bafa918b23895236208dd61b98c9364bf94437d7f1fc9","size":4691,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-04T13:48:23.877193Z","times_seen":770625,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"introduction_type":"scriptElement","is_inline":true,"md5":"f860e42dc67cab3604fd911ec598cdc7","sha1":"a21d0c75dbca8fe83290d42644f8610626a9e84c","sha256":"44a450d6b6dca9148681e2b8f46ae2031363c8ddf7a11ab9d3cac5b9d8e11c68","sha512":"f91fcda3a1137171986df841d9c807633abc5030a9c007bec6d78d7474de63f192b6c6e1f3005048707985fee0a0a190d46a813facd38dd246bc0b990eb83e85","ssdeep":"","tlshash":"b3c02b8827024c71aafb17400f3ff600b8493210dc900c320c0163856a32c03a714c50","size":157,"data":"","first_seen":"2023-04-30T07:17:34Z","last_seen":"2026-03-03T16:41:53.555268Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"introduction_type":"scriptElement","is_inline":true,"md5":"11d0d3175795f119868d89a00d017726","sha1":"a199fedf36fc3bd29b7f1df6423db0a95d807971","sha256":"9781960481a7d87addf64ef7d1a712e211201c3dc195aef54c8514580ea6dc36","sha512":"4fac1c2f9816282b91401e0a878a151bfa2452fe3f11c336beb89e12cf4ef5a16cea30757c45a64e416ba18a8d3ede67b4483b7bea7b4b629f9f823a3585541b","ssdeep":"","tlshash":"adc02b55e35a0f0b9317a1ee4010420b4104c436f3a00e3c6c2701d07156444bc332c4","size":136,"data":"","first_seen":"2025-08-25T23:25:04.672213Z","last_seen":"2026-03-03T16:41:53.556657Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/js/Minimalism/jquery.ui.totop.js?_v=a4977791","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"introduction_type":"scriptElement","is_inline":false,"md5":"1daf8822c62b730a6dc80f027ff8faf0","sha1":"bed5fcc3a223f70448d6a256c4c482e4339269ec","sha256":"972120582a22b0e9e83bca1713ebebdf2356dda9d7c9c81c156f72f934261ec9","sha512":"a53f04b1d7ec1223ef2682f5a35d873bc52b1124ba291fff0eed86e40456c0c6ecf1881e1631ec09cbda553140de080d08684de373cb08566aa80747be5aff77","ssdeep":"","tlshash":"b6310d98ef5c253de03ad87c8c3f1299ef2c4063e413dcb0b976881da9c0015591dda3","size":1738,"data":"","first_seen":"2023-03-07T12:05:03Z","last_seen":"2026-03-22T11:30:33.903142Z","times_seen":91,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"introduction_type":"scriptElement","is_inline":true,"md5":"bfdc593817cb1a84ba9adf8933ffa42d","sha1":"23c637eb6ffac3d8b8d3783d945a01facb4080aa","sha256":"ee2b9656a179031a93fc98702c46a4691479ce6d9898f3c1f56f983840038311","sha512":"1969d5a9308a8310d7675a58652b67958b91dd3dac11c14a42a3c7eeb729f84072634ca04dbf5ba60317d49abafd64ebd927d0804f66ea0afc544f847cce3773","ssdeep":"","tlshash":"51415121c55810fe83859279c81ebf892f7d4abbdd8f5295f3991d3d71b5207045f40a","size":2313,"data":"","first_seen":"2026-03-03T16:41:53.558219Z","last_seen":"2026-03-03T16:41:53.558219Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/js/jquery/jquery-1.11.0.min.js","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"introduction_type":"scriptElement","is_inline":false,"md5":"8fc25e27d42774aeae6edbc0a18b72aa","sha1":"b66ed708717bf0b4a005a4d0113af8843ef3b8ff","sha256":"b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682","sha512":"87d90a665c15d71ac872bd8bc003d9863964c7ec7ada6370b902b93c0bbd7770fe25730d946c7c6a465baa95efa74bc0e78af3f83aea615af35060cc8702a6c1","ssdeep":"1536:EPpEy5BMibZGOj/bEe8v+/UWf4IhvAuCh/jqkODZ2D5N9Rag0MOIdSZAgtgoX5Yn:bIO/e2D5c4LgtImLja98HrK","tlshash":"cc93e8d9b6d2706297b730a851bf510bb17698eab80c4c60f058d8e47eb4e8d507bf2d","size":96381,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-04-04T13:42:10.512353Z","times_seen":22879,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-120595707-1","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.142.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"21a94b121c9b3a0a340ad90d668ee4b9","sha1":"13d6e17d5fa13093f18b29645ef2cc44d604631f","sha256":"15f1bea9c22f3c686393df2831f1841bcf4245ceb97bdb435163f36661880255","sha512":"490f14590eb00b30b14caaa4fd6a35f4731b14d081f1fc1455588f55b3d37eebbf06b9955a973bbabdec366783497db81c6cac974b8827eedd9efa84b219204c","ssdeep":"6144:Y31nPWlW5wh08SE48qIA55RHcG1h5H4prTtytG:WPWlW5wh7M8iH4REM","tlshash":"b37408cdb3da706293a3a478503f018bb17a6892b84ccc95f196dcd42e7069a4277f7d","size":344997,"data":"","first_seen":"2026-03-03T16:41:53.500699Z","last_seen":"2026-03-03T16:41:53.500699Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/js/cmf/news/news.js?_v=a4977791","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"introduction_type":"scriptElement","is_inline":false,"md5":"dbf8ddf779b31e7659be43bd2d59424a","sha1":"8cb60701292cfed47b2f22b4c404a8752fa049bf","sha256":"b84a2fab0b77340eb97cee076421f6d77203eff2fd28597ae898b1fffce7a2f5","sha512":"6e97481382bcd70fac429ec6a6c6994e9d6df09d99b456996c11e0f5f468e964c0561de6cb70738b09c7959deb5ef66dc492eacb26b9338e2be19dbed4d31fe7","ssdeep":"96:2MYPbixCbn/Lp//X/y8/UN7Zhm0Za0n/7DU:2TjBzx/X/y8/G7Zhm0k0njDU","tlshash":"5ed1ec94773dfeaf04322160b5ba5acad91ed13a46444151fa9e3208ebbcc44f21cd9d","size":6229,"data":"","first_seen":"2025-08-25T23:25:04.466522Z","last_seen":"2026-03-03T16:41:53.534191Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/sandbox%20eval%20code","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"92b651082ce234f66bb544e678befda3","sha1":"14c21c55ddce43b6f677caadf51d4ab98c6a3df8","sha256":"25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded","sha512":"b4fcbc037e0a3d91db2a624921e96b878e9e18dd998ad5649d77d7d053faf28b09c8725a0542aef702310bf85f3037b70985c274db8acabd021efb171d41f361","ssdeep":"","tlshash":"34c08ca3e74026ae2a1166b2b810e003a2866b015aa78402b00a003b1441fe21aaa1a8","size":147,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-04T13:48:23.875738Z","times_seen":772171,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"ba.do4a.pro/styles/default/do4a/background/footer_center.png","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:22.266Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /styles/default/do4a/background/footer_center.png HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/css.php?css=MinimalismToTop,cmf_block,cmf_news,discussion_list,do4a,login_bar,message,message_user_info,nat_public_css,notices\u0026style=6\u0026dir=LTR\u0026d=1772539404\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee; _ga_98JGTJBXV1=GS2.1.s1772556082$o1$g0$t1772556082$j60$l0$h0; _ga=GA1.1.104889216.1772556082\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:22 GMT\r\nContent-Type: image/png\r\nContent-Length: 57049\r\nConnection: keep-alive\r\nLast-Modified: Sun, 03 Aug 2014 06:59:36 GMT\r\nETag: \"53ddddd8-ded9\"\r\nExpires: Tue, 10 Mar 2026 16:45:31 GMT\r\nCache-Control: max-age=604800\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECsWxQIV26T1Ag==; expires=Wed, 03-Mar-27 16:45:31 GMT; domain=do4a.net; path=/\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":57049,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1003 x 120, 8-bit/color RGBA, non-interlaced","md5":"febfa4f2b589fa647b2cca2b5614da65","sha1":"e3d761c9d3f22b85bff1e92e2bd955d0652ac772","sha256":"8c114810a6123b95b0169a70a8ec481a8880f68b093e322efb7a12e8607ebbf4","sha512":"18a236f149489ef1eff3e484fef235569492f6608722bbb1b0712f552b042ad23de3f068f555a0fb963f040c2919b28c5b6347605f7d5877d4561e2d0236dbe2","ssdeep":"768:TxU6wbXwE7Lz+ndlKV6HiBMxwxqBlTuTWbKnncMOfNU5dQe70W7dWvMN93u:2Rx7Lz+dlM6CBZqOOKcMOfqt0Wk89e","tlshash":"364302a23b6f818c44ebf631110e4b643337e3841d2f7889e6773f2852b6fd556116a6","first_seen":"2023-08-05T06:50:02Z","last_seen":"2026-03-03T16:41:53.47061Z","times_seen":6,"resource_available":false,"data":null}},"time_used":343,"timings":{"blocked":102,"dns":0,"connect":0,"send":0,"wait":196,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/attachments/88888888888777777777-jpg.341982/","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.797Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /attachments/88888888888777777777-jpg.341982/ HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:21 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 214486\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.6.21\r\nCache-control: private\r\nX-Frame-Options: SAMEORIGIN\r\nX-Xss-Protection: 1\r\nLast-Modified: Tue, 03 Mar 2026 16:45:30 GMT\r\nContent-Disposition: inline; filename=\"88888888888777777777.jpg\"\r\nEtag: \"1772350079\"\r\nX-Content-Type-Options: nosniff\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECoXRQIU3VRdAg==; expires=Wed, 03-Mar-27 16:45:30 GMT; domain=do4a.net; path=/\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP:5.6.21","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":214486,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x720, components 3","md5":"162697c82739df55c50f345e9028c573","sha1":"b0b23286773a96a2b908a541dc1ef92628c9112b","sha256":"8aa372600e071a08dcde244b7544cbbe1d27243443d6a71e2be8b67edf1f1dcd","sha512":"4268d1d69cacf5c93a1b51ca8c712c95758de17bcb1eeb8474c1e605d0e45a8e8b32e53c7b144374d2a63775d15097e6b424829e787084e68626e32cb51dd83f","ssdeep":"6144:Ato6vI6f6+yJpEz6igenONynUuPPZrFOW8Zixaf:io4IpTJpo8eONyU4yZ9f","tlshash":"1524237fae238bf63ba713f4278161c59f9385d4a304b4d66dd5a56a6c0c40cf82a18f","first_seen":"2026-03-03T16:41:53.473419Z","last_seen":"2026-03-03T16:41:53.473419Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1114,"timings":{"blocked":439,"dns":0,"connect":0,"send":0,"wait":512,"receive":163,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/yzen.jpg","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.819Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /yzen.jpg HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:21 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 11769\r\nConnection: keep-alive\r\nLast-Modified: Fri, 21 Dec 2018 09:20:17 GMT\r\nETag: \"5c1cb051-2df9\"\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECoXRQIU3VRXAg==; expires=Wed, 03-Mar-27 16:45:30 GMT; domain=do4a.net; path=/\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11769,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=156, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=156], progressive, precision 8, 14x14, components 3","md5":"d256e3d4cffbe55efb7912e8ce9aeee8","sha1":"c296c0e9597c6eb01a23b59923ac1367c3a9146f","sha256":"9dd1493091907b5182922be0bf59eb7ea105fd8c9638dccdc77ac2268474f323","sha512":"197d1d33c0a52d032db2b4b72297a7ad30837060991bf691d6c2afaff3dc6c15785708f44b6bd3a75cf3c86fd85e608a83ad38449fc8e8b93b587cfc05e82b33","ssdeep":"96:YUXwL7Br7Uy4lyQJqPGwsPgiCL7ZgknmWpihZY/jHZ03HfqHi6N26MT0D5MdtbZO:rgZrQy4lYCNCxgknQI5Y/qgYNMtKwO4c","tlshash":"af32f825bba1ce22f9e4923854eae7826322b954e7f36642784cb5053bb53c19d4c2c3","first_seen":"2024-08-19T21:06:33.922755Z","last_seen":"2026-03-03T16:41:53.475856Z","times_seen":6,"resource_available":false,"data":null}},"time_used":561,"timings":{"blocked":417,"dns":0,"connect":0,"send":0,"wait":143,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/favicon.ico","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:22.786Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee; _ga_98JGTJBXV1=GS2.1.s1772556082$o1$g0$t1772556082$j60$l0$h0; _ga=GA1.1.104889216.1772556082\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:22 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 1150\r\nConnection: keep-alive\r\nLast-Modified: Thu, 23 May 2013 16:02:47 GMT\r\nETag: \"519e3da7-47e\"\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECwWxQIV26UAAg==; expires=Wed, 03-Mar-27 16:45:32 GMT; domain=do4a.net; path=/\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1150,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel","md5":"75c2e2541dedb852451d1863468a063d","sha1":"ea1d3434bdcb7aacb522436941e4e4cb77c38434","sha256":"2c21749fafcf76df68e02bef45c19055c1aac9d51de778e931c1df4d3f1ab898","sha512":"4fbc6db99f61e53ab4b1ffd3f39148a38b4a634a9fd2f86a0f2296947f09e615a2d78972612d9486add367019c4229eeea37fd1f87c58f117fcb6ce7581c3d2e","ssdeep":"","tlshash":"0f2199313794e08ee081ea34d10ac9f592af3d8a4592a21bb1413f67bb0a1035268655","first_seen":"2023-08-05T06:50:02Z","last_seen":"2026-03-03T16:41:53.478888Z","times_seen":6,"resource_available":false,"data":null}},"time_used":133,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":132,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-03T16:41:19.987Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:20 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 27657\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.6.21\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-control: private, max-age=0\r\nLast-Modified: Tue, 03 Mar 2026 16:45:29 GMT\r\nX-Frame-Options: SAMEORIGIN, SAMEORIGIN, SAMEORIGIN, SAMEORIGIN, SAMEORIGIN, SAMEORIGIN, SAMEORIGIN, SAMEORIGIN, SAMEORIGIN, SAMEORIGIN, SAMEORIGIN\r\nX-Xss-Protection: 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee; path=/; secure; httponly\ndcs=XhfWsWmnECkXRQIU3VRHAg==; expires=Wed, 03-Mar-27 16:45:29 GMT; domain=do4a.net; path=/\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:1.11.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"VK Pixel","description":"VK is a Russian online social media and social networking service.","website":"https://vk.com/","common_platform_enumeration":"","icon":"vk.svg","categories":["Analytics"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP:5.6.21","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"XenForo","description":"XenForo is a PHP-based forum hosting program for communities that is designed to be deployed on a remote web server.","website":"https://xenforo.com","common_platform_enumeration":"","icon":"XenForo.png","categories":["Message boards"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}],"data":{"size":109791,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (785)","md5":"9369c4eaf803c0e92b2f8cf43a3fbba8","sha1":"b9cb491adb1a854a44baed300347cee73f9a556c","sha256":"ea2d7c55c9f733c2d91c8627dba842f34a1ff79feafe1ac0366c304420e0795d","sha512":"4596604abe371a3027214171c2a134c84bb99b8311d33ed8c6e7f449410bbbec5e5e24556b4d0ec4ede2596c70ff525988c84851170c2022ee1d472a2c3464b0","ssdeep":"3072:uzulBn0LRPoEegnJcRctS9i5rDDD5TWF/VPLlREFz:QuHLXgnEc5nDlTORlRm","tlshash":"dcb3469053d98d6a810371d2a414bb5ba4ab4b7ede720ad331be38296bfdc05950f24f","first_seen":"2026-03-03T16:41:53.481308Z","last_seen":"2026-03-03T16:41:53.481308Z","times_seen":1,"resource_available":true,"data":null}},"time_used":641,"timings":{"blocked":107,"dns":6,"connect":44,"send":0,"wait":427,"receive":1,"ssl":53},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/attachments/4maxresdefault-48-jpg.341935/","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.799Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /attachments/4maxresdefault-48-jpg.341935/ HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:21 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 201550\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.6.21\r\nCache-control: private\r\nX-Frame-Options: SAMEORIGIN\r\nX-Xss-Protection: 1\r\nLast-Modified: Tue, 03 Mar 2026 16:45:30 GMT\r\nContent-Disposition: inline; filename=\"4maxresdefault (48).jpg\"\r\nEtag: \"1771914656\"\r\nX-Content-Type-Options: nosniff\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECoXRQIU3VRcAg==; expires=Wed, 03-Mar-27 16:45:30 GMT; domain=do4a.net; path=/\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.6.21","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":201550,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1200x792, components 3","md5":"26e168bc79353fa6938ae6aa1a766591","sha1":"13e5a8bf12003ed6dd4c4c438a88b8f3583a4d11","sha256":"dd744b127c26c607210a1853b94e85b6b642958cf2616aeffc60bf4fd30d2ea8","sha512":"bdb34675cb777e6495a46a43be77082185f63211577e9f54e043c6f5114dfa9f45fb38e0a204b6a71f727648f6c2ca51ea8fe90c641fa55ed8192e01ba21c76f","ssdeep":"3072:tsGx6pCceXT9RbqjgxwIacnEADAuGMgi1CEPFl8BosgDl8QjeBc1YaZuY:61+99qc9acAuGBi1XNlz1vUc1YaZuY","tlshash":"ec14232f181de117a14bd4bbb923cd644cbe4e88b8d650de16272dcfb3920287c61f5a","first_seen":"2026-03-03T16:41:53.48358Z","last_seen":"2026-03-03T16:41:53.48358Z","times_seen":1,"resource_available":false,"data":null}},"time_used":953,"timings":{"blocked":437,"dns":0,"connect":0,"send":0,"wait":425,"receive":91,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/attachments/84maxresdefault-42-jpg.341869/","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.815Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /attachments/84maxresdefault-42-jpg.341869/ HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:21 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 169333\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.6.21\r\nCache-control: private\r\nX-Frame-Options: SAMEORIGIN\r\nX-Xss-Protection: 1\r\nLast-Modified: Tue, 03 Mar 2026 16:45:30 GMT\r\nContent-Disposition: inline; filename=\"84maxresdefault (42).jpg\"\r\nEtag: \"1771148692\"\r\nX-Content-Type-Options: nosniff\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECoXRQIU3VRYAg==; expires=Wed, 03-Mar-27 16:45:30 GMT; domain=do4a.net; path=/\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.6.21","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":169333,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1200x797, components 3","md5":"42311e5c48ff76ec5361c118ca5d8cb4","sha1":"283d93a53aa3f31c6cf33159598598354c6ab3e3","sha256":"7eee5bba358b95c747fa0c5c2a69d35e77886515c9f4882c1c15324b591e673b","sha512":"07b556463ae14547c2400e07b382629be0a339a94dbb945842c3165275e8dabaa59b00f2e2b139590eecbafb33e2a98c3bdaa910a0168ae888200ea4923e8fe7","ssdeep":"3072:S1aBKDFYahgdaSn/K8GnegWsv7LvaYLI+jfvMciYYe0dt/1GE7m1YL:Y6SlSS8Bhsvl7j3CUMtJ7m1YL","tlshash":"33f3120fe9adcf91798a237fd65dc1be60b8a857803055a051ca2d4c3d83a90d4efaf1","first_seen":"2026-03-03T16:41:53.486463Z","last_seen":"2026-03-03T16:41:53.486463Z","times_seen":1,"resource_available":false,"data":null}},"time_used":721,"timings":{"blocked":421,"dns":0,"connect":0,"send":0,"wait":199,"receive":101,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/styles/default/xenforo/gradients/tab-selected-light.png","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:22.055Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /styles/default/xenforo/gradients/tab-selected-light.png HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/css.php?css=MinimalismToTop,cmf_block,cmf_news,discussion_list,do4a,login_bar,message,message_user_info,nat_public_css,notices\u0026style=6\u0026dir=LTR\u0026d=1772539404\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:22 GMT\r\nContent-Type: image/png\r\nContent-Length: 1006\r\nConnection: keep-alive\r\nLast-Modified: Thu, 15 Mar 2018 07:45:14 GMT\r\nETag: \"5aaa248a-3ee\"\r\nExpires: Tue, 10 Mar 2026 16:45:31 GMT\r\nCache-Control: max-age=604800\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECsWxQIV26TvAg==; expires=Wed, 03-Mar-27 16:45:31 GMT; domain=do4a.net; path=/\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1006,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 15 x 30, 8-bit colormap, non-interlaced","md5":"ac63ffe81fc824a648eca566449737d1","sha1":"01b762f645aea039b55d54c1fb2a6c64f5289c1e","sha256":"c5097da42217e110eb92e74d0834e712ea85c4795f54125cab5cd1c3d46103f7","sha512":"5410e73a451f55217b7d118cc9463fbe396ad475fcbd8afbd4e8c382327e51328e5cf7dffe8a3ec4cc8b694c0630a04b605da7607c039575a4842e10645fd14a","ssdeep":"","tlshash":"7511d0a2f0ad8c9bd59ac9374641951041213e9b1f1d571b4fe7f612c7353c0b128f8b","first_seen":"2023-05-21T18:11:02Z","last_seen":"2026-03-18T07:22:54.637763Z","times_seen":40,"resource_available":false,"data":null}},"time_used":129,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":128,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/ptserif/v19/EJRSQgYoZZY2vCFuvAnt66qWVyvHpA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:22.064Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:00 GMT","end":"Mon, 27 Apr 2026 08:37:59 GMT"},"fingerprint":{"sha1":"43:A0:56:D7:CE:45:C9:96:6F:34:12:13:53:CC:34:DD:63:FB:5D:20","sha256":"A4:AF:37:76:AF:D3:DB:1B:79:93:8F:E9:D4:21:4B:BA:43:54:3D:F9:56:DC:18:E9:5C:CA:1A:7C:B2:C7:DF:9B"}}},"request":{"raw":"GET /s/ptserif/v19/EJRSQgYoZZY2vCFuvAnt66qWVyvHpA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ba.do4a.pro\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 20916\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 25 Feb 2026 12:31:11 GMT\r\nexpires: Thu, 25 Feb 2027 12:31:11 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Thu, 04 Sep 2025 17:42:02 GMT\r\ncontent-type: font/woff2\r\nage: 533411\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20916,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 20916, version 1.0","md5":"0c5cf5874944fa89d5ecc54b8af09061","sha1":"845fc18b8206c8ebb117295966939d9b9d200c2b","sha256":"bec4e724c49bde6d6b3f15038c8015f5dc7c810bdaadd3aee537ab72afc50e4a","sha512":"e22fd46109be3b236b8d66ee228e2b347ccb41038c23180139d5066d920e9742a8eb4995981a2635571e85dff89bcee74379de579544df9c065a42fbae66a35e","ssdeep":"384:gGljqj9+EnQdYlWxCDiWJfgcHAZoLmWxvsisTp6EGB:gGlm44PJfzCIxsfzGB","tlshash":"4192d179a5ea6dabb8cd77fb10ac7f0605ee2ed14e016a0c205fd0c9340c99124da967","first_seen":"2025-09-11T15:35:52.875139Z","last_seen":"2026-04-03T09:26:54.064013Z","times_seen":127,"resource_available":false,"data":null}},"time_used":999,"timings":{"blocked":444,"dns":1,"connect":22,"send":0,"wait":53,"receive":7,"ssl":462},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=PT+Serif:400,700,400italic,700italic\u0026subset=latin,cyrillic-ext,latin-ext,cyrillic","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.769Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:07 GMT","end":"Mon, 27 Apr 2026 08:38:06 GMT"},"fingerprint":{"sha1":"6B:DB:3B:B8:9F:A1:8E:49:35:74:D9:D8:24:91:F2:5E:42:56:2F:58","sha256":"37:ED:DF:C4:FB:A3:96:16:9E:47:69:CE:86:A5:35:8E:B5:3A:0B:0B:6A:A1:08:A2:DF:DE:6C:7C:31:BE:94:B1"}}},"request":{"raw":"GET /css?family=PT+Serif:400,700,400italic,700italic\u0026subset=latin,cyrillic-ext,latin-ext,cyrillic HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Tue, 03 Mar 2026 16:41:20 GMT\r\ndate: Tue, 03 Mar 2026 16:41:20 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5518,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"ed7d9676b9ddd7a745a28a91a52788f3","sha1":"ecbb0ecf515f96459bc4f72d54c2ced1787e04e6","sha256":"acca60af8c4624d4b79ec1e567cab32b930018c7e7e4cdeb06e877467b1ff68f","sha512":"b77135d03d3a89af38ca304b34dae74820b29b7833997dd0ab6a65d7ccc18a2755c60bea840d6675d5523fbc6b42b1435f1ad95e7bcb06fe144112f9baac3917","ssdeep":"96:ZYgLe9JYgLhCFZAYgLdJc+uyYgLJNCYgCUzJYgC/FZAYgCxJc+uyYgCzNCOLxJOb:+ke9OkhQkV0kbpUzOphpB0ptxM23OnjV","tlshash":"52b1f0a2042b9940ab472dc223df7d32de0e92053445a97a7bfe1cd4edb2d665370b4d","first_seen":"2025-09-06T09:12:49.503533Z","last_seen":"2026-04-04T08:52:24.847488Z","times_seen":504,"resource_available":false,"data":null}},"time_used":378,"timings":{"blocked":151,"dns":0,"connect":15,"send":0,"wait":37,"receive":0,"ssl":168},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bannernetwork.net/do4a/realbig.gif","fqdn":"bannernetwork.net","domain":"bannernetwork.net","tld":"net"},"ip":{"addr":"104.21.73.40","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.880Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bannernetwork.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Feb 2026 12:36:15 GMT","end":"Thu, 28 May 2026 13:34:48 GMT"},"fingerprint":{"sha1":"3D:3F:AE:3D:9E:7D:C4:1A:4B:04:FE:85:63:60:51:C5:48:90:26:63","sha256":"F7:76:09:F8:95:2E:EB:AC:09:E1:E7:07:B0:6D:EE:5F:95:6F:E6:CA:6E:6B:04:AD:7B:C5:DA:AF:E3:8D:47:B6"}}},"request":{"raw":"GET /do4a/realbig.gif HTTP/1.1\r\nHost: bannernetwork.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 03 Mar 2026 16:41:20 GMT\r\ncontent-type: image/gif\r\ncontent-length: 258679\r\nserver: cloudflare\r\nlast-modified: Thu, 11 Nov 2021 08:16:08 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"618cd148-3f277\"\r\naccept-ranges: bytes\r\nage: 810\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pMzLVSaZu2eMVg78UBxBfJVfqQ%2BB%2FOL1tSVP%2BRxgKFH60F58CFZDBeoHqIimdlmMiTMOsxaV1WrnGBnLVFfSLVBcEArKpP1ZkeXneTD0X73Z\"}]}\r\ncf-ray: 9d6a1691f9c7a9d3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":258679,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 600 x 160","md5":"2fa481a8c7340b1cae0c0b41ab749317","sha1":"238ecd2e7e0414f0803d3ce522c50efa0bf149af","sha256":"8f738aca08124efed4c6230de1f30fa12620dca691d882e60632cb9814d7b106","sha512":"33d040c16eef03d2b1597f433ed64411b6dbdd471ca180670688d17f719eca00ca8310ff04eed00cc4502c3fffaa3d3bc03425b6b5cf1153f32f86a625449c37","ssdeep":"6144:5AoMMpxl07X/mn9QW7ithjCFa2cB/MTeQTmKfRX5zD7Cf:uMkX+n+W7i13/weuxfRX5zXs","tlshash":"d044235a7df08007c0bdca5a593fe051c6d4b9af39480ab7d6ee742218518dc7eee706","first_seen":"2023-08-05T06:50:02Z","last_seen":"2026-03-03T16:41:53.493024Z","times_seen":6,"resource_available":false,"data":null}},"time_used":196,"timings":{"blocked":75,"dns":0,"connect":0,"send":0,"wait":28,"receive":93,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bannernetwork.net/do4a/mroid.gif","fqdn":"bannernetwork.net","domain":"bannernetwork.net","tld":"net"},"ip":{"addr":"104.21.73.40","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.889Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bannernetwork.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Feb 2026 12:36:15 GMT","end":"Thu, 28 May 2026 13:34:48 GMT"},"fingerprint":{"sha1":"3D:3F:AE:3D:9E:7D:C4:1A:4B:04:FE:85:63:60:51:C5:48:90:26:63","sha256":"F7:76:09:F8:95:2E:EB:AC:09:E1:E7:07:B0:6D:EE:5F:95:6F:E6:CA:6E:6B:04:AD:7B:C5:DA:AF:E3:8D:47:B6"}}},"request":{"raw":"GET /do4a/mroid.gif HTTP/1.1\r\nHost: bannernetwork.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 03 Mar 2026 16:41:20 GMT\r\ncontent-type: image/gif\r\ncontent-length: 2723379\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Mar 2026 12:19:50 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"69a42ee6-298e33\"\r\naccept-ranges: bytes\r\nage: 3859\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RoGxTG5OStE9Ur6OyfoCX%2Fl3ragtfd34y2NP36iFY4z8IyAF1SgvMbIdL1Xq0rz5JAFgyhDCzij41paSCGF8BDb8taWQdSvNyeHgKNcafQ7b\"}]}\r\ncf-ray: 9d6a1691f9bca9d3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2723379,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 500 x 90","md5":"f58913b8bf6132cea125eb8d2f01a504","sha1":"7c49653fa921964f0aeeb652077919fa1d23f58d","sha256":"6f4dd0f74f4b833b349ab1f0ded554c395f3951372614ae5f5c66760231b1b94","sha512":"16949ec0cdcd79e4114de4eaf49ea044fff53e71d0e9dfb35cbf9f11d4c1e4797844394f975ed55d76963c1be3638870d0474956a7b5da704a7ec4e5053a25e8","ssdeep":"24576:coY1sveME5gBKnOX4NC6nmF2neZuii0gCtLOeHk6Bpk0W:cLsjESLobC0ix/W","tlshash":"89253355e0381955fb785c7d839bc324df9a01e8d628500fb0293a6fbd0be4eade4517","first_seen":"2025-08-25T23:25:04.520909Z","last_seen":"2026-03-03T16:41:53.4953Z","times_seen":4,"resource_available":false,"data":null}},"time_used":1016,"timings":{"blocked":67,"dns":0,"connect":0,"send":0,"wait":28,"receive":921,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bannernetwork.net/do4a/anabolnew.gif","fqdn":"bannernetwork.net","domain":"bannernetwork.net","tld":"net"},"ip":{"addr":"104.21.73.40","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bannernetwork.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Feb 2026 12:36:15 GMT","end":"Thu, 28 May 2026 13:34:48 GMT"},"fingerprint":{"sha1":"3D:3F:AE:3D:9E:7D:C4:1A:4B:04:FE:85:63:60:51:C5:48:90:26:63","sha256":"F7:76:09:F8:95:2E:EB:AC:09:E1:E7:07:B0:6D:EE:5F:95:6F:E6:CA:6E:6B:04:AD:7B:C5:DA:AF:E3:8D:47:B6"}}},"request":{"raw":"GET /do4a/anabolnew.gif HTTP/1.1\r\nHost: bannernetwork.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 03 Mar 2026 16:41:20 GMT\r\ncontent-type: image/gif\r\ncontent-length: 1599962\r\nserver: cloudflare\r\nlast-modified: Mon, 15 Nov 2021 08:32:36 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"61921b24-1869da\"\r\naccept-ranges: bytes\r\nage: 3159\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=e2WP91ZRGiIimGVnKc%2FYe4HvA86S74l40yj52AeXbZigLlR%2FO7pK%2Fb%2BgzrXxdXpariC%2FKQnlpF2T7zIIbB%2FWfFAv0%2F0DxHe67c8xb0ogRcq%2B\"}]}\r\ncf-ray: 9d6a1691f9b5a9d3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1599962,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 550 x 170","md5":"eac24065d193552fc5a27106a385c202","sha1":"4ef43acddfddaead8a2ea0bee5dda6396fba5bd2","sha256":"e2d43581ed85411823619444bb568968543254c2e5acdfb967050e9b2342f8de","sha512":"7118a9a7044cee203937068a3a1e32ff4ecc31ac298a8fa991b8a0c2680c52ea45a7d40173992c60a75ff49edf5af5fa2ac09b34cd28d138dee9c72aef5a9e2a","ssdeep":"12288:NTays5e9xx2vXrDEeqQm5j75yNEpSHxFoNBRqyepmIeP3yaKuBMo2wPa+92rUJ1E:NT6kocQeVpe+k8FN489+V2K27foNWAtR","tlshash":"7b25235be96cd8637aba24f030324b9449cd44d4d5aa94239c1e7ee331937bf91e0da2","first_seen":"2025-08-25T23:25:04.531206Z","last_seen":"2026-03-03T16:41:53.497677Z","times_seen":4,"resource_available":false,"data":null}},"time_used":786,"timings":{"blocked":81,"dns":0,"connect":0,"send":0,"wait":27,"receive":678,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/ptserif/v19/EJRVQgYoZZY2vCFuvAFWzr8.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:22.059Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:00 GMT","end":"Mon, 27 Apr 2026 08:37:59 GMT"},"fingerprint":{"sha1":"43:A0:56:D7:CE:45:C9:96:6F:34:12:13:53:CC:34:DD:63:FB:5D:20","sha256":"A4:AF:37:76:AF:D3:DB:1B:79:93:8F:E9:D4:21:4B:BA:43:54:3D:F9:56:DC:18:E9:5C:CA:1A:7C:B2:C7:DF:9B"}}},"request":{"raw":"GET /s/ptserif/v19/EJRVQgYoZZY2vCFuvAFWzr8.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ba.do4a.pro\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 33116\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 26 Feb 2026 04:37:51 GMT\r\nexpires: Fri, 26 Feb 2027 04:37:51 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Thu, 04 Sep 2025 17:38:18 GMT\r\ncontent-type: font/woff2\r\nage: 475411\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":33116,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 33116, version 1.0","md5":"48b1fa647f5ccfa511cc07a10fc22e55","sha1":"12e1e0d36983a8d900bc66b4784a6f9b9ace4b60","sha256":"4271064a37f3ffc0aac5f3806db8a72acc23e19447d1804e4e80d8796cbf6330","sha512":"7749703e473f0921d37b5f983896d0da11fe7d5377002bbae7d53c1c20c83f8812fcb43fcf043ccb487b378e4ace47ca113a174573f285e39a40e92c07b90428","ssdeep":"768:SwHBYO+MdvLS9dVksqgeZDkTk2bAt6//LkGWKKey2lcExP/KNu:naMdE0rgIwlbAt6nlhlLBqu","tlshash":"94e201ef699b3b9981638338477189192b0054d4fa6c5678f4edd2fb1013fa904aac3f","first_seen":"2023-05-03T04:45:14Z","last_seen":"2026-04-04T13:03:01.952363Z","times_seen":8831,"resource_available":false,"data":null}},"time_used":991,"timings":{"blocked":448,"dns":1,"connect":21,"send":0,"wait":23,"receive":23,"ssl":470},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-120595707-1","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.142.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.764Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:36:37 GMT","end":"Mon, 27 Apr 2026 08:36:36 GMT"},"fingerprint":{"sha1":"8B:BA:E2:19:5D:6C:81:59:ED:D8:AA:3B:2D:5F:A3:A2:C8:A1:E3:DF","sha256":"B0:8C:FC:C1:98:34:EB:0E:FF:AB:13:B4:9E:AA:B1:7E:02:11:9A:93:31:F2:A1:0F:23:9E:2B:C3:6F:EC:26:F8"}}},"request":{"raw":"GET /gtag/js?id=UA-120595707-1 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Tue, 03 Mar 2026 16:41:20 GMT\r\nexpires: Tue, 03 Mar 2026 16:41:20 GMT\r\ncache-control: private, max-age=900\r\nlast-modified: Tue, 03 Mar 2026 15:00:00 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 119519\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":344997,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5882)","md5":"21a94b121c9b3a0a340ad90d668ee4b9","sha1":"13d6e17d5fa13093f18b29645ef2cc44d604631f","sha256":"15f1bea9c22f3c686393df2831f1841bcf4245ceb97bdb435163f36661880255","sha512":"490f14590eb00b30b14caaa4fd6a35f4731b14d081f1fc1455588f55b3d37eebbf06b9955a973bbabdec366783497db81c6cac974b8827eedd9efa84b219204c","ssdeep":"6144:Y31nPWlW5wh08SE48qIA55RHcG1h5H4prTtytG:WPWlW5wh7M8iH4REM","tlshash":"b37408cdb3da706293a3a478503f018bb17a6892b84ccc95f196dcd42e7069a4277f7d","first_seen":"2026-03-03T16:41:53.500699Z","last_seen":"2026-03-03T16:41:53.500699Z","times_seen":1,"resource_available":true,"data":null}},"time_used":347,"timings":{"blocked":126,"dns":0,"connect":8,"send":0,"wait":30,"receive":29,"ssl":151},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/js/jquery/jquery-1.11.0.min.js","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.771Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /js/jquery/jquery-1.11.0.min.js HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:20 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nLast-Modified: Thu, 15 Mar 2018 07:45:14 GMT\r\nETag: W/\"5aaa248a-1787d\"\r\nExpires: Tue, 03 Mar 2026 17:45:30 GMT\r\nCache-Control: max-age=3600\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECoXRQIU3VRNAg==; expires=Wed, 03-Mar-27 16:45:30 GMT; domain=do4a.net; path=/\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":96381,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32341)","md5":"8fc25e27d42774aeae6edbc0a18b72aa","sha1":"b66ed708717bf0b4a005a4d0113af8843ef3b8ff","sha256":"b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682","sha512":"87d90a665c15d71ac872bd8bc003d9863964c7ec7ada6370b902b93c0bbd7770fe25730d946c7c6a465baa95efa74bc0e78af3f83aea615af35060cc8702a6c1","ssdeep":"1536:EPpEy5BMibZGOj/bEe8v+/UWf4IhvAuCh/jqkODZ2D5N9Rag0MOIdSZAgtgoX5Yn:bIO/e2D5c4LgtImLja98HrK","tlshash":"cc93e8d9b6d2706297b730a851bf510bb17698eab80c4c60f058d8e47eb4e8d507bf2d","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-04-04T13:42:10.512353Z","times_seen":22879,"resource_available":true,"data":null}},"time_used":522,"timings":{"blocked":88,"dns":1,"connect":48,"send":0,"wait":305,"receive":1,"ssl":75},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bannernetwork.net/do4a/belnew.gif","fqdn":"bannernetwork.net","domain":"bannernetwork.net","tld":"net"},"ip":{"addr":"104.21.73.40","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bannernetwork.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Feb 2026 12:36:15 GMT","end":"Thu, 28 May 2026 13:34:48 GMT"},"fingerprint":{"sha1":"3D:3F:AE:3D:9E:7D:C4:1A:4B:04:FE:85:63:60:51:C5:48:90:26:63","sha256":"F7:76:09:F8:95:2E:EB:AC:09:E1:E7:07:B0:6D:EE:5F:95:6F:E6:CA:6E:6B:04:AD:7B:C5:DA:AF:E3:8D:47:B6"}}},"request":{"raw":"GET /do4a/belnew.gif HTTP/1.1\r\nHost: bannernetwork.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 03 Mar 2026 16:41:20 GMT\r\ncontent-type: image/gif\r\ncontent-length: 1695621\r\nserver: cloudflare\r\nlast-modified: Wed, 31 Dec 2025 13:50:38 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"69552a2e-19df85\"\r\naccept-ranges: bytes\r\nage: 810\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WW7MD7aru69SYgA6RovIMIHgjcTYUiZT6xIO9s67TeVwSIbbMN44AOyRC%2BGk7CjZXfEVOr4l6dyDIUNosZXq5izOrxlSIkQgeZrP7c90Azct\"}]}\r\ncf-ray: 9d6a1691f9a9a9d3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1695621,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 500 x 160","md5":"758480e05f56b2aeb38fce143f9085d2","sha1":"649ae7b12abcda5a8a214b7dc78f103e230f0184","sha256":"d97620f4582a39112a15d49b3bf57ca116235f09f3f7e1c71e645689cd6cad2e","sha512":"3353d8ce6496b3e3ccc1557e3006a49786c31b56262c1c7c88dc71742172eae65e39892ee8e80e487527424a056fe7575704fbb44f65b63456ed3c99d4d814ce","ssdeep":"24576:CuCvXzUOX0i6jjYn0tKaklZj6lgqs9jNWR47QOrVfMHAkqC9:fri6XY0AvlZWgl9jYW7Nr9xC9","tlshash":"8a2533aafc1e3d29801c79fa0b37fd1f257cb5386a53443702a63ac7e77659c8490a25","first_seen":"2026-01-29T11:39:58.185584Z","last_seen":"2026-03-03T16:41:53.503241Z","times_seen":2,"resource_available":false,"data":null}},"time_used":731,"timings":{"blocked":73,"dns":0,"connect":0,"send":0,"wait":27,"receive":631,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-03","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"bannernetwork.net/do4a/belnew.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"bannernetwork.net/do4a/profd4.gif","fqdn":"bannernetwork.net","domain":"bannernetwork.net","tld":"net"},"ip":{"addr":"104.21.73.40","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.887Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bannernetwork.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Feb 2026 12:36:15 GMT","end":"Thu, 28 May 2026 13:34:48 GMT"},"fingerprint":{"sha1":"3D:3F:AE:3D:9E:7D:C4:1A:4B:04:FE:85:63:60:51:C5:48:90:26:63","sha256":"F7:76:09:F8:95:2E:EB:AC:09:E1:E7:07:B0:6D:EE:5F:95:6F:E6:CA:6E:6B:04:AD:7B:C5:DA:AF:E3:8D:47:B6"}}},"request":{"raw":"GET /do4a/profd4.gif HTTP/1.1\r\nHost: bannernetwork.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 03 Mar 2026 16:41:20 GMT\r\ncontent-type: image/gif\r\ncontent-length: 6410792\r\nserver: cloudflare\r\nlast-modified: Tue, 25 Mar 2025 15:20:42 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"67e2c9ca-61d228\"\r\naccept-ranges: bytes\r\nage: 265\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XiK9V6UQQVWboEHErQE29VjS0mox5Vo8bwGeHdOaGjGHh0O4X96%2FYp3Xj4FGn8V5ae82j8OUG1ccqfOdIrhYTKEjOjtf9lkVK78ptRaCZ%2BHO\"}]}\r\ncf-ray: 9d6a1691f9b9a9d3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6410792,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1000 x 180","md5":"58e65bba6cec77849ddde4dfd91ff972","sha1":"f6ae0231caa08744f2f2daed38e07410aa230c01","sha256":"e588c83c4b2e7d4761c07857b9fe658ded9e0219e9e86f4f8843d3f9417331ef","sha512":"dc730bf76c58cc51386198826ef8659a89c8a40a722de04f717c3ae83e5ec084b6395720b8674bb1e5a8ff5d4945989ca7171a6af989a914a44c7ef599263c3a","ssdeep":"24576:KzwEPwCd5ij5gN0fIc8okyQz+E5LPyR+meznaOMknNz2gD36hqe:0s5Asn8okyQz+i7y41naOhNBDKJ","tlshash":"e32533d9ea6a1060c35bb2f208b167963dea74f8dc1b33624f9f991297164b19c43f70","first_seen":"2025-08-25T23:25:04.445998Z","last_seen":"2026-03-03T16:41:53.505075Z","times_seen":4,"resource_available":false,"data":null}},"time_used":1615,"timings":{"blocked":68,"dns":0,"connect":0,"send":0,"wait":27,"receive":1520,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-03","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"bannernetwork.net/do4a/profd4.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/styles/default/do4a/background/navTab.png","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:22.263Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /styles/default/do4a/background/navTab.png HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/css.php?css=xenforo,form,public\u0026style=6\u0026dir=LTR\u0026d=1772539404\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee; _ga_98JGTJBXV1=GS2.1.s1772556082$o1$g0$t1772556082$j60$l0$h0; _ga=GA1.1.104889216.1772556082\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:22 GMT\r\nContent-Type: image/png\r\nContent-Length: 2511\r\nConnection: keep-alive\r\nLast-Modified: Thu, 23 May 2013 16:02:47 GMT\r\nETag: \"519e3da7-9cf\"\r\nExpires: Tue, 10 Mar 2026 16:45:31 GMT\r\nCache-Control: max-age=604800\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECsWxQIV26T5Ag==; expires=Wed, 03-Mar-27 16:45:31 GMT; domain=do4a.net; path=/\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2511,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 146 x 26, 8-bit/color RGBA, non-interlaced","md5":"67e498fc4e93b4533a80f41d49efcf81","sha1":"f7baac8793d0c0d6fdea3200019760b1ac61c484","sha256":"59840f0f69f826c3cf93f3ea73b400d38677a81367819f6459e76f0fdd3dad22","sha512":"cc6ea019ca1d424c3d7613cad027429e8bd4588416a702241c8df12c96bef2f30a383f69e4b0ec08abafadafc909740876a4bdcf803a955553259f2129e80282","ssdeep":"","tlshash":"fa512cdb7720fdcd27920aaf694af1a2d00c465ba591cb05543eb8738cb2d220c3504b","first_seen":"2023-08-05T06:50:02Z","last_seen":"2026-03-03T16:41:53.506786Z","times_seen":6,"resource_available":false,"data":null}},"time_used":240,"timings":{"blocked":105,"dns":0,"connect":0,"send":0,"wait":135,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/styles/default/do4a/logo_square.jpg","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:22.784Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /styles/default/do4a/logo_square.jpg HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee; _ga_98JGTJBXV1=GS2.1.s1772556082$o1$g0$t1772556082$j60$l0$h0; _ga=GA1.1.104889216.1772556082\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:22 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 9555\r\nConnection: keep-alive\r\nLast-Modified: Tue, 11 Nov 2014 21:54:18 GMT\r\nETag: \"5462858a-2553\"\r\nExpires: Tue, 10 Mar 2026 16:45:32 GMT\r\nCache-Control: max-age=604800\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECwWxQIV26T/Ag==; expires=Wed, 03-Mar-27 16:45:32 GMT; domain=do4a.net; path=/\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9555,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3","md5":"9721a322a7463720094ff58bc091078c","sha1":"630568ab44ba5d2e9d8264e6706619dfbab65300","sha256":"58799413398361b5ac3e6ee7ab8361a762f764d5f204b4422865bf130ff19246","sha512":"8c45f5ffded401d7c8d7799f220b4df6936f4b345dcbab93c693a763d4832dc40e7a139173cc4865b17a2d9f4ff7500e3d6875507f087ade9b37fa88e32c7d91","ssdeep":"192:/xJUWaQRE2pG5Dqs5XL9pa/7OBqesaKtsKOo+jSEiXzTCe3/:/xp5rG5f27bBuKsSE6f/","tlshash":"30127cb6f7d347988b07c97a865e2e73bb5a28c720a12a0f2860cf17452c9f6524b10c","first_seen":"2023-08-05T06:50:02Z","last_seen":"2026-03-03T16:41:53.508593Z","times_seen":6,"resource_available":false,"data":null}},"time_used":136,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":134,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/css.php?css=MinimalismToTop,cmf_block,cmf_news,discussion_list,do4a,login_bar,message,message_user_info,nat_public_css,notices\u0026style=6\u0026dir=LTR\u0026d=1772539404","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.768Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /css.php?css=MinimalismToTop,cmf_block,cmf_news,discussion_list,do4a,login_bar,message,message_user_info,nat_public_css,notices\u0026style=6\u0026dir=LTR\u0026d=1772539404 HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:20 GMT\r\nContent-Type: text/css; charset=utf-8\r\nContent-Length: 10499\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.6.21\r\nExpires: Wed, 01 Jan 2020 00:00:00 GMT\r\nLast-Modified: Tue, 03 Mar 2026 12:03:24 GMT\r\nCache-Control: public\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECoXRQIU3VRMAg==; expires=Wed, 03-Mar-27 16:45:30 GMT; domain=do4a.net; path=/\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.6.21","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":40265,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (730)","md5":"67ea818e3384fe98118b83b2df8c4c04","sha1":"ed110a25ba6e42e5aedc874e3a706525388965e0","sha256":"e47aeb307ed0ad3f0f2d89a5093af92228e03847ccc511de1ba89ff1547bac24","sha512":"0f24b98b2d06fe33d33c27249173eb19a608b5b5b84ce61651750ad1514c47126349c8bf73537bee8dc567311839a4ba5762664b43b61b8db2a5ccea192ee90b","ssdeep":"384:syUZtPykAFbtPcfDBkrHIQPsgYJd0zUlfQg18rsPpwyadC5H8TOdQaPZW/60jXiE:syqtEHoK4l4g1ysb0WSnnHUS898nFSg","tlshash":"ca039535e568136e712bc21f7861bb9d35bd9542e223952bb57e74a4fb8a0cc6833380","first_seen":"2026-03-03T16:41:53.510388Z","last_seen":"2026-03-03T16:41:53.510388Z","times_seen":1,"resource_available":false,"data":null}},"time_used":310,"timings":{"blocked":67,"dns":1,"connect":43,"send":0,"wait":136,"receive":1,"ssl":58},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/js/Minimalism/jquery.ui.totop.js?_v=a4977791","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.777Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /js/Minimalism/jquery.ui.totop.js?_v=a4977791 HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:20 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nLast-Modified: Thu, 04 Mar 2010 18:04:34 GMT\r\nETag: W/\"4b8ff632-6ca\"\r\nExpires: Tue, 03 Mar 2026 17:45:30 GMT\r\nCache-Control: max-age=3600\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECoXRQIU3VRQAg==; expires=Wed, 03-Mar-27 16:45:30 GMT; domain=do4a.net; path=/\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1738,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"1daf8822c62b730a6dc80f027ff8faf0","sha1":"bed5fcc3a223f70448d6a256c4c482e4339269ec","sha256":"972120582a22b0e9e83bca1713ebebdf2356dda9d7c9c81c156f72f934261ec9","sha512":"a53f04b1d7ec1223ef2682f5a35d873bc52b1124ba291fff0eed86e40456c0c6ecf1881e1631ec09cbda553140de080d08684de373cb08566aa80747be5aff77","ssdeep":"","tlshash":"b6310d98ef5c253de03ad87c8c3f1299ef2c4063e413dcb0b976881da9c0015591dda3","first_seen":"2023-03-07T12:05:03Z","last_seen":"2026-03-22T11:30:33.903142Z","times_seen":91,"resource_available":true,"data":null}},"time_used":265,"timings":{"blocked":-1,"dns":1,"connect":50,"send":0,"wait":130,"receive":0,"ssl":81},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-120595707-1","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.142.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.828Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:36:37 GMT","end":"Mon, 27 Apr 2026 08:36:36 GMT"},"fingerprint":{"sha1":"8B:BA:E2:19:5D:6C:81:59:ED:D8:AA:3B:2D:5F:A3:A2:C8:A1:E3:DF","sha256":"B0:8C:FC:C1:98:34:EB:0E:FF:AB:13:B4:9E:AA:B1:7E:02:11:9A:93:31:F2:A1:0F:23:9E:2B:C3:6F:EC:26:F8"}}},"request":{"raw":"GET /gtag/js?id=UA-120595707-1 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Tue, 03 Mar 2026 16:41:21 GMT\r\nexpires: Tue, 03 Mar 2026 16:41:21 GMT\r\ncache-control: private, max-age=900\r\nlast-modified: Tue, 03 Mar 2026 15:00:00 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 119519\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":344997,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5882)","md5":"21a94b121c9b3a0a340ad90d668ee4b9","sha1":"13d6e17d5fa13093f18b29645ef2cc44d604631f","sha256":"15f1bea9c22f3c686393df2831f1841bcf4245ceb97bdb435163f36661880255","sha512":"490f14590eb00b30b14caaa4fd6a35f4731b14d081f1fc1455588f55b3d37eebbf06b9955a973bbabdec366783497db81c6cac974b8827eedd9efa84b219204c","ssdeep":"6144:Y31nPWlW5wh08SE48qIA55RHcG1h5H4prTtytG:WPWlW5wh7M8iH4REM","tlshash":"b37408cdb3da706293a3a478503f018bb17a6892b84ccc95f196dcd42e7069a4277f7d","first_seen":"2026-03-03T16:41:53.500699Z","last_seen":"2026-03-03T16:41:53.500699Z","times_seen":1,"resource_available":true,"data":null}},"time_used":545,"timings":{"blocked":174,"dns":1,"connect":21,"send":0,"wait":38,"receive":123,"ssl":185},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/styles/default/do4a/background/button.png","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:22.053Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /styles/default/do4a/background/button.png HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/css.php?css=MinimalismToTop,cmf_block,cmf_news,discussion_list,do4a,login_bar,message,message_user_info,nat_public_css,notices\u0026style=6\u0026dir=LTR\u0026d=1772539404\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:22 GMT\r\nContent-Type: image/png\r\nContent-Length: 154\r\nConnection: keep-alive\r\nLast-Modified: Thu, 23 May 2013 16:02:47 GMT\r\nETag: \"519e3da7-9a\"\r\nExpires: Tue, 10 Mar 2026 16:45:31 GMT\r\nCache-Control: max-age=604800\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECsWxQIV26TsAg==; expires=Wed, 03-Mar-27 16:45:31 GMT; domain=do4a.net; path=/\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":154,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 3 x 3, 8-bit/color RGBA, non-interlaced","md5":"dd587da6cdfaaf63139bb036709c611c","sha1":"4596a1e94ca83ff3f186decab2805d15c0b30f94","sha256":"3847d4745ab20d5e517068c9221f70459299ecdb84a32c8bb72f141881ac03ff","sha512":"9b7c82d3541a77f095f9cfddae02d48cf728bbb84a720757e4567647e1fc88a7a375380c17503122e8ded05570e89df133788509ce1042e679ba36fc44dc5832","ssdeep":"","tlshash":"21c02bca12404c3ec23e09d3013b0538fcef09d80727a445c46db45d2d83e860398351","first_seen":"2023-08-05T06:50:02Z","last_seen":"2026-03-03T16:41:53.513418Z","times_seen":6,"resource_available":false,"data":null}},"time_used":127,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":126,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/styles/default/xenforo/gradients/category-23px-light.png","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:22.057Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /styles/default/xenforo/gradients/category-23px-light.png HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/css.php?css=xenforo,form,public\u0026style=6\u0026dir=LTR\u0026d=1772539404\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:22 GMT\r\nContent-Type: image/png\r\nContent-Length: 1072\r\nConnection: keep-alive\r\nLast-Modified: Thu, 15 Mar 2018 07:45:14 GMT\r\nETag: \"5aaa248a-430\"\r\nExpires: Tue, 10 Mar 2026 16:45:31 GMT\r\nCache-Control: max-age=604800\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECsWxQIV26TwAg==; expires=Wed, 03-Mar-27 16:45:31 GMT; domain=do4a.net; path=/\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1072,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 62 x 23, 8-bit colormap, non-interlaced","md5":"916a045b94d1b04e1d725fd339426682","sha1":"8acc8b8ad406039fd7d6966495ba5ac1361a8174","sha256":"4cc4cae0bb86846428c4d8471ec2cd1627e7df4ce1fc4e4bb11c94cf557f9c8e","sha512":"be8bc412965878573bd52e4576e5107efd23b59295c6244b2af127eb21ccd3474c4f38b19e5bd9402354521c711f481ff031fc4bc899925b2e4cb047a6b92afb","ssdeep":"","tlshash":"de118b9a20a3bc08a3c619ebd6df170d9e903d161c8369b8d8f4f49af73a931855c592","first_seen":"2023-05-21T18:11:02Z","last_seen":"2026-03-30T19:43:10.052216Z","times_seen":120,"resource_available":false,"data":null}},"time_used":131,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":131,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/styles/default/do4a/logo.png","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.817Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /styles/default/do4a/logo.png HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:21 GMT\r\nContent-Type: image/png\r\nContent-Length: 23160\r\nConnection: keep-alive\r\nLast-Modified: Thu, 23 May 2013 16:02:47 GMT\r\nETag: \"519e3da7-5a78\"\r\nExpires: Tue, 10 Mar 2026 16:45:30 GMT\r\nCache-Control: max-age=604800\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECoXRQIU3VRWAg==; expires=Wed, 03-Mar-27 16:45:30 GMT; domain=do4a.net; path=/\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23160,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 271 x 70, 8-bit/color RGBA, non-interlaced","md5":"2f32895fc73551836c8a5f3681d32965","sha1":"0bc93c506e2b9a16b9d4105d4ab9cc43d968090c","sha256":"9e6b26193f6a7a8c1eec51c52d555e88a21cab04e6d4cdc4e8f383090254ab42","sha512":"17391894097d8c0fc488a41ff07f491ed486c60677a2dd666728faeb2f6deba7e240b61dd7248cb9799066493ac9ccbfdd3662f0581637abbe37dbf30a67faff","ssdeep":"384:+ON7qQTytcO61vy5OOkrk2zhb4xDzAWxNRFrRlMdvgvpVStpCSALC37Mm:fN7atcO61y5OJrzhb4d9xNLEdYqwC37/","tlshash":"d2a2d0c83c5cf7d8f9dbeea94277d5c625c08b04360828917ec682945f94a13d8ceaad","first_seen":"2023-08-05T06:50:02Z","last_seen":"2026-03-03T16:41:53.517095Z","times_seen":6,"resource_available":false,"data":null}},"time_used":621,"timings":{"blocked":418,"dns":0,"connect":0,"send":0,"wait":202,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bannernetwork.net/do4a/phl25s.gif","fqdn":"bannernetwork.net","domain":"bannernetwork.net","tld":"net"},"ip":{"addr":"104.21.73.40","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bannernetwork.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Feb 2026 12:36:15 GMT","end":"Thu, 28 May 2026 13:34:48 GMT"},"fingerprint":{"sha1":"3D:3F:AE:3D:9E:7D:C4:1A:4B:04:FE:85:63:60:51:C5:48:90:26:63","sha256":"F7:76:09:F8:95:2E:EB:AC:09:E1:E7:07:B0:6D:EE:5F:95:6F:E6:CA:6E:6B:04:AD:7B:C5:DA:AF:E3:8D:47:B6"}}},"request":{"raw":"GET /do4a/phl25s.gif HTTP/1.1\r\nHost: bannernetwork.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 03 Mar 2026 16:41:20 GMT\r\ncontent-type: image/gif\r\ncontent-length: 1558973\r\nserver: cloudflare\r\nlast-modified: Wed, 31 May 2023 09:52:36 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"647718e4-17c9bd\"\r\naccept-ranges: bytes\r\nage: 3159\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4yFduTN6q1B7ikyIbW3Xt5zqZZRWM48RyG78ZPkDnOVuBSSmJgRyAnJQovCVK6qNCLPIuolcumuDpJuuMIhofVn57m68Z0as%2BydznY84kQLc\"}]}\r\ncf-ray: 9d6a1691f9c1a9d3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1558973,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 300","md5":"14f29eb0217f83f84c2b4e5d92180c84","sha1":"96eb402106619691489e16f0f222a3b511cdad39","sha256":"6f00718c1226cd2202e102902f0ffb0bab6760643323e3bccf1607d22371d636","sha512":"7f1f110407f1e6edd988de3a440cc5fba62f07b7758ad7537a0eeb0714bd79bc0ac42234ac652627362b8998e727919e02eac5728723aaa57f888c8b9f0efc0b","ssdeep":"24576:vnipwG6NA3QnCJmVohibZbGlTdhVwWwGvVqXhDBRqtk:vnevy3B1iUWwoqRBMtk","tlshash":"ca25235f59a48e02fd0638700cbbed58b81b51f92dbea063e85ef255be5af8d2014f50","first_seen":"2025-08-25T23:25:04.566394Z","last_seen":"2026-03-03T16:41:53.518806Z","times_seen":4,"resource_available":false,"data":null}},"time_used":554,"timings":{"blocked":76,"dns":0,"connect":0,"send":0,"wait":28,"receive":450,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/styles/default/xenforo/xenforo-ui-sprite.png","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:22.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /styles/default/xenforo/xenforo-ui-sprite.png HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/css.php?css=xenforo,form,public\u0026style=6\u0026dir=LTR\u0026d=1772539404\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:22 GMT\r\nContent-Type: image/png\r\nContent-Length: 3894\r\nConnection: keep-alive\r\nLast-Modified: Thu, 15 Mar 2018 07:45:14 GMT\r\nETag: \"5aaa248a-f36\"\r\nExpires: Tue, 10 Mar 2026 16:45:31 GMT\r\nCache-Control: max-age=604800\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECsWxQIV26TuAg==; expires=Wed, 03-Mar-27 16:45:31 GMT; domain=do4a.net; path=/\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3894,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 57, 8-bit colormap, non-interlaced","md5":"1532d029447a00554657cd413939c0a6","sha1":"7272ee5f4798e9939592e25f0b81083edf869760","sha256":"148805ef840df5f06de10c18349522ea3f2ce394218c5515f54e9265828691e5","sha512":"885803249c137db8507265caba7385d5c9923be3e66a398d320d2c382883936c6b2eeffba42a54c126cc81893b0d78babe80da3f146ba77b446a5c2030026bf5","ssdeep":"","tlshash":"6a816ecbe53d5eccc5934b333a6a06f1420f868585c28752959318d78e91374984da6d","first_seen":"2023-05-21T18:11:02Z","last_seen":"2026-03-30T19:43:10.052813Z","times_seen":134,"resource_available":false,"data":null}},"time_used":127,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":127,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/data/avatars/m/122/122014.jpg?1732517986","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:22.056Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /data/avatars/m/122/122014.jpg?1732517986 HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:22 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 16254\r\nConnection: keep-alive\r\nLast-Modified: Mon, 25 Nov 2024 06:59:46 GMT\r\nETag: \"67442062-3f7e\"\r\nExpires: Thu, 31 Dec 2037 23:55:55 GMT\r\nCache-Control: max-age=315360000\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECsWxQIV26TtAg==; expires=Wed, 03-Mar-27 16:45:31 GMT; domain=do4a.net; path=/\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16254,"size_decoded":0,"mime_type":"image/jpeg","magic":"PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced","md5":"597ac9245fcb6717bd81290d9b22b817","sha1":"a978051826c26eac200d6790fde686c018785dda","sha256":"e0a07695683802fd010a8c5cbf4b2b12a7a5feeef49f5a0b7b94df3b83c7fd8b","sha512":"0118f3c29eae420af42ee75ed3b564012704e3f56f3e65221e1b6c1ca39c7656b19cea9d2330e0d4d860d6ccdf7805e294c3b5466c63ea9a720b40b44a4d6778","ssdeep":"384:et4AVr59Zru60cCw1LU3eDKgKeVQ5REbIuPh:0u011LU3g5Q5RE8up","tlshash":"bc72d1c193c13e34ea22a6fb564a2c8cab1b7fc1f15477e7e7cd94111c16cd56ad9a00","first_seen":"2025-08-25T23:25:04.493256Z","last_seen":"2026-03-03T16:41:53.522688Z","times_seen":3,"resource_available":false,"data":null}},"time_used":154,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":153,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/styles/default/do4a/background/header-middle.png","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:22.258Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /styles/default/do4a/background/header-middle.png HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/css.php?css=MinimalismToTop,cmf_block,cmf_news,discussion_list,do4a,login_bar,message,message_user_info,nat_public_css,notices\u0026style=6\u0026dir=LTR\u0026d=1772539404\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee; _ga_98JGTJBXV1=GS2.1.s1772556082$o1$g0$t1772556082$j60$l0$h0; _ga=GA1.1.104889216.1772556082\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:22 GMT\r\nContent-Type: image/png\r\nContent-Length: 58661\r\nConnection: keep-alive\r\nLast-Modified: Thu, 23 May 2013 16:02:47 GMT\r\nETag: \"519e3da7-e525\"\r\nExpires: Tue, 10 Mar 2026 16:45:31 GMT\r\nCache-Control: max-age=604800\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECsWxQIV26T3Ag==; expires=Wed, 03-Mar-27 16:45:31 GMT; domain=do4a.net; path=/\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":58661,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1170 x 118, 8-bit/color RGBA, non-interlaced","md5":"c18131dcd4cb92c50b92ea07e27ad01a","sha1":"8e50495a0662a3306cbe1d3a1d37719a347b6353","sha256":"e3d83a3a346c0e0daeab4e8c6a35fe7bb8ed1fc0bd831d39a019c07894e3af8c","sha512":"46113962ae10d119de41dac80c74fa8efe80c5e4cf7789736a082de790ca48df555d091f1589bd7a8ccb40e9f6d2e7e08345526a2941ec16d0e7604ee2983738","ssdeep":"1536:bcLTPxfBttWMmg6dVESiV6BBvCp78EUNvVMEj662PIS:wXx5tAMnyVE/6mp7PUNdPj63IS","tlshash":"334301ae2f3189337f48e0c2464620869ca8279031ad1dbe854739db58da1d644fdbef","first_seen":"2023-08-05T06:50:02Z","last_seen":"2026-03-03T16:41:53.524147Z","times_seen":6,"resource_available":false,"data":null}},"time_used":297,"timings":{"blocked":110,"dns":0,"connect":0,"send":0,"wait":156,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/js/xenforo/xenforo.js?_v=a4977791","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.774Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /js/xenforo/xenforo.js?_v=a4977791 HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:20 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nLast-Modified: Thu, 15 Mar 2018 07:45:14 GMT\r\nETag: W/\"5aaa248a-295a6\"\r\nExpires: Tue, 03 Mar 2026 17:45:30 GMT\r\nCache-Control: max-age=3600\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECoXRQIU3VRPAg==; expires=Wed, 03-Mar-27 16:45:30 GMT; domain=do4a.net; path=/\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":169382,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (7085)","md5":"7659c2ab3bd2001e23118eb49d15aa34","sha1":"b579daf754abb940b25692bda1007573fb949cca","sha256":"0baa35b068dd1c4a80020f01ccd76eab83058bd6bb98877a59035771ad07d8fa","sha512":"1a8245163289a412f09bfccbf56f25d46b9ebea53cc4fce9b92e964e63545ee35f5a48f238de1b701542f777e8e018f245c77d07c0ea912c5ffe28a4180d1f1b","ssdeep":"3072:pulrhnAh+VhITl8XNeKHrlfMOL9k12jmT3j1jLvbmcJnxQtx:pufr4WnlbL9k1wOjVbmcJnxQtx","tlshash":"37f3faa9b3a1715393fb3078502f0105623168bee50e8974b4ad98e65ebcf492277f3d","first_seen":"2023-04-30T07:17:34Z","last_seen":"2026-03-21T01:37:59.112707Z","times_seen":14,"resource_available":true,"data":null}},"time_used":571,"timings":{"blocked":85,"dns":0,"connect":47,"send":0,"wait":307,"receive":53,"ssl":74},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-98JGTJBXV1\u0026cx=c\u0026gtm=4e62r1","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.142.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:21.935Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:36:37 GMT","end":"Mon, 27 Apr 2026 08:36:36 GMT"},"fingerprint":{"sha1":"8B:BA:E2:19:5D:6C:81:59:ED:D8:AA:3B:2D:5F:A3:A2:C8:A1:E3:DF","sha256":"B0:8C:FC:C1:98:34:EB:0E:FF:AB:13:B4:9E:AA:B1:7E:02:11:9A:93:31:F2:A1:0F:23:9E:2B:C3:6F:EC:26:F8"}}},"request":{"raw":"GET /gtag/js?id=G-98JGTJBXV1\u0026cx=c\u0026gtm=4e62r1 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Tue, 03 Mar 2026 16:41:21 GMT\r\nexpires: Tue, 03 Mar 2026 16:41:21 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 138022\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":401358,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5882)","md5":"fb5601b8ce4179aee20be315c8a8c0bf","sha1":"6ffa85015a1c21634e6036d0cc3af6df79f912a2","sha256":"e5797dbc11606a8cdf5b84bbb45ece4e6d919b0b933e7db8e99e8d6fbf96ed22","sha512":"6a38b98a28fb5a4f5c63566966111b51d4721f41384e20676637727f714a11127e32d6836896e677c5cf0f162ac7b7173c71a629f700ebb5dc2e89cc5cb11830","ssdeep":"6144:U31n5QMWlW5w408SEGk8qICP5RHcG1h/H4UrAXD40:S5fWlW5w47Kk8+H4Ia","tlshash":"9e8419cdb3c670629393b478503f018ba57b68a2b84ccc99f199d8d42e7469a4237f7d","first_seen":"2026-03-03T16:41:53.527387Z","last_seen":"2026-03-03T16:41:53.527387Z","times_seen":1,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":51,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/styles/default/do4a/background/navTabs.png","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:22.262Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /styles/default/do4a/background/navTabs.png HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/css.php?css=xenforo,form,public\u0026style=6\u0026dir=LTR\u0026d=1772539404\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee; _ga_98JGTJBXV1=GS2.1.s1772556082$o1$g0$t1772556082$j60$l0$h0; _ga=GA1.1.104889216.1772556082\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:22 GMT\r\nContent-Type: image/png\r\nContent-Length: 4911\r\nConnection: keep-alive\r\nLast-Modified: Thu, 23 May 2013 16:02:47 GMT\r\nETag: \"519e3da7-132f\"\r\nExpires: Tue, 10 Mar 2026 16:45:31 GMT\r\nCache-Control: max-age=604800\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECsWxQIV26T4Ag==; expires=Wed, 03-Mar-27 16:45:31 GMT; domain=do4a.net; path=/\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4911,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 162 x 22, 8-bit/color RGBA, non-interlaced","md5":"50a7428491450287eb915340eff2cb5e","sha1":"a04de2cc34b9063c5bef81fb594588f17703ed58","sha256":"370aa4b40c9f6e0c362e4c68d21f29b52c140e18d00258ccce17dcf6b15a8ebb","sha512":"e0e52c9b94334fa309cd0fecc6d3a38e9409840f7e8e0a0a1f3afbafbd108de9ff03f6b7d64f73dbbd9ba16feef0d7f2649e05bb722fc52fae7e732807c48d45","ssdeep":"96:gS8237s4d2gdmaHXQjhcy7RKsZpRCjTE65Xi4P650udKd+Kayhc02ribd33nH9:gSxsDgJXoKkT6xi4P63Kd+Kayh0riJnd","tlshash":"a8a17eada27d12d764572266b6711c68c23ff64ab40a046c6ec9bb1e157ee6200bc7c1","first_seen":"2023-08-05T06:50:02Z","last_seen":"2026-03-03T16:41:53.528606Z","times_seen":6,"resource_available":false,"data":null}},"time_used":242,"timings":{"blocked":106,"dns":0,"connect":0,"send":0,"wait":136,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/styles/default/do4a/background/footer_repeat.png","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:22.267Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /styles/default/do4a/background/footer_repeat.png HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/css.php?css=MinimalismToTop,cmf_block,cmf_news,discussion_list,do4a,login_bar,message,message_user_info,nat_public_css,notices\u0026style=6\u0026dir=LTR\u0026d=1772539404\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee; _ga_98JGTJBXV1=GS2.1.s1772556082$o1$g0$t1772556082$j60$l0$h0; _ga=GA1.1.104889216.1772556082\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:22 GMT\r\nContent-Type: image/png\r\nContent-Length: 210\r\nConnection: keep-alive\r\nLast-Modified: Sun, 03 Aug 2014 06:59:40 GMT\r\nETag: \"53dddddc-d2\"\r\nExpires: Tue, 10 Mar 2026 16:45:31 GMT\r\nCache-Control: max-age=604800\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECsWxQIV26T8Ag==; expires=Wed, 03-Mar-27 16:45:31 GMT; domain=do4a.net; path=/\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":210,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 120, 8-bit/color RGBA, non-interlaced","md5":"cbd94bd64e7b3deb321fb99a637daebc","sha1":"91e0ae7d590871a08646632e57a193a001ce27d0","sha256":"7ad84f0388ef8b6f53e56faedb564aaa37b9e3e7e431afd7b808beb26f82f87d","sha512":"05535b47e97291c22c68905ffc4335fd25484b1163e9acf9101f0149917e85c9d8bf12483cfcc9f1ea2ea2a34d34650a6e18de13a86641f58e6d91b01ea567dd","ssdeep":"","tlshash":"8dd023d7764c1dd8fe951373866a31b2d77115f501342649d1154a245d13e0f50c4a16","first_seen":"2023-08-05T06:50:02Z","last_seen":"2026-03-03T16:41:53.530039Z","times_seen":6,"resource_available":false,"data":null}},"time_used":367,"timings":{"blocked":237,"dns":0,"connect":0,"send":0,"wait":129,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/deferred.php","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:22.678Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"POST /deferred.php HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Ajax-Referer: https://ba.do4a.pro/\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 54\r\nOrigin: https://ba.do4a.pro\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee; _ga_98JGTJBXV1=GS2.1.s1772556082$o1$g0$t1772556082$j60$l0$h0; _ga=GA1.1.104889216.1772556082\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":54,"data":"_xfRequestUri=%2F\u0026_xfNoRedirect=1\u0026_xfResponseType=json"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:22 GMT\r\nContent-Type: application/json; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.6.21\r\nExpires: Tue, 03 Jul 2001 06:00:00 GMT\r\nLast-Modified: Tue, 03 Mar 2026 16:45:31 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECsWxQIV26T9Ag==; expires=Wed, 03-Mar-27 16:45:31 GMT; domain=do4a.net; path=/\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP:5.6.21","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":22,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"2c7802f092013670dee2cfdb2775ec85","sha1":"2a5540a2baa56f6c3e884c16fae70292e8206d31","sha256":"af541be18714cc89f5f29cfb86b4d8fd3ae8eb19e07427575b9ab281fc052e91","sha512":"acc52b395fbac6fb999e33ad04b0806a64cd9d9f4e314cfd57f3615c00198259f542c834abd660d902364e02c88b6b1d4d7acb58e9f67406efb29334a5b6d358","ssdeep":"","tlshash":"207000a020020c08000008222220030a2c080830a020a88a820000202083803a02a200","first_seen":"2023-06-17T12:24:12Z","last_seen":"2026-03-27T05:53:25.687813Z","times_seen":42,"resource_available":false,"data":null}},"time_used":132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bannernetwork.net/do4a/tgphl.gif","fqdn":"bannernetwork.net","domain":"bannernetwork.net","tld":"net"},"ip":{"addr":"104.21.73.40","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.781Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bannernetwork.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Feb 2026 12:36:15 GMT","end":"Thu, 28 May 2026 13:34:48 GMT"},"fingerprint":{"sha1":"3D:3F:AE:3D:9E:7D:C4:1A:4B:04:FE:85:63:60:51:C5:48:90:26:63","sha256":"F7:76:09:F8:95:2E:EB:AC:09:E1:E7:07:B0:6D:EE:5F:95:6F:E6:CA:6E:6B:04:AD:7B:C5:DA:AF:E3:8D:47:B6"}}},"request":{"raw":"GET /do4a/tgphl.gif HTTP/1.1\r\nHost: bannernetwork.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 03 Mar 2026 16:41:20 GMT\r\ncontent-type: image/gif\r\ncontent-length: 793409\r\nserver: cloudflare\r\nlast-modified: Mon, 17 Mar 2025 10:48:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"67d7fe0e-c1b41\"\r\naccept-ranges: bytes\r\nage: 5515\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=afEORpbI4x%2FXJIuOgYuKctlaQH7yeimJvO0oFRqUiAp68d%2BzYpT1IQ6%2F7zyq0c5fHG6pxkFNHyoFa%2FJof4fpLDb5adWEsy1MPBbOLtW7Inij\"}]}\r\ncf-ray: 9d6a1691f9aea9d3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":793409,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 350 x 100","md5":"f4c9e602e80a35b806799d80ba5d5fc5","sha1":"fbe044e221e8b571cdf5f3e8f333b943d0c8e7f8","sha256":"4bd3599c352600d94db2dfcd9c6cd397c6ebe2e8ea91cdb5d2e1303fc977fdb9","sha512":"dc9589069a30c2cf536166067165612d32fb1b85f6b5dcecd8fd59fc41df23e93f25da76a6cd402d469e1dfb8522197f7917f3439717759dc41f781444d59311","ssdeep":"24576:psbYleXklwlboFrIBi/Fm7imSW9+Y6yrA:ysl0kKZAIBi/07im4yE","tlshash":"15f4121ed2168377862b92bd311609ff0cbd587109e3589bce2cf6db2e6925e706850f","first_seen":"2025-06-19T13:49:26.302458Z","last_seen":"2026-03-03T16:41:53.532832Z","times_seen":5,"resource_available":false,"data":null}},"time_used":597,"timings":{"blocked":174,"dns":0,"connect":0,"send":0,"wait":28,"receive":395,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/js/cmf/news/news.js?_v=a4977791","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.775Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /js/cmf/news/news.js?_v=a4977791 HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:20 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nLast-Modified: Wed, 10 Sep 2014 20:28:33 GMT\r\nETag: W/\"5410b471-1855\"\r\nExpires: Tue, 03 Mar 2026 17:45:30 GMT\r\nCache-Control: max-age=3600\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECoXRQIU3VROAg==; expires=Wed, 03-Mar-27 16:45:30 GMT; domain=do4a.net; path=/\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6229,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"dbf8ddf779b31e7659be43bd2d59424a","sha1":"8cb60701292cfed47b2f22b4c404a8752fa049bf","sha256":"b84a2fab0b77340eb97cee076421f6d77203eff2fd28597ae898b1fffce7a2f5","sha512":"6e97481382bcd70fac429ec6a6c6994e9d6df09d99b456996c11e0f5f468e964c0561de6cb70738b09c7959deb5ef66dc492eacb26b9338e2be19dbed4d31fe7","ssdeep":"96:2MYPbixCbn/Lp//X/y8/UN7Zhm0Za0n/7DU:2TjBzx/X/y8/G7Zhm0k0njDU","tlshash":"5ed1ec94773dfeaf04322160b5ba5acad91ed13a46444151fa9e3208ebbcc44f21cd9d","first_seen":"2025-08-25T23:25:04.466522Z","last_seen":"2026-03-03T16:41:53.534191Z","times_seen":3,"resource_available":true,"data":null}},"time_used":341,"timings":{"blocked":85,"dns":1,"connect":52,"send":0,"wait":127,"receive":0,"ssl":72},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bannernetwork.net/do4a/homosteron.gif","fqdn":"bannernetwork.net","domain":"bannernetwork.net","tld":"net"},"ip":{"addr":"104.21.73.40","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.892Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bannernetwork.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Feb 2026 12:36:15 GMT","end":"Thu, 28 May 2026 13:34:48 GMT"},"fingerprint":{"sha1":"3D:3F:AE:3D:9E:7D:C4:1A:4B:04:FE:85:63:60:51:C5:48:90:26:63","sha256":"F7:76:09:F8:95:2E:EB:AC:09:E1:E7:07:B0:6D:EE:5F:95:6F:E6:CA:6E:6B:04:AD:7B:C5:DA:AF:E3:8D:47:B6"}}},"request":{"raw":"GET /do4a/homosteron.gif HTTP/1.1\r\nHost: bannernetwork.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 03 Mar 2026 16:41:20 GMT\r\ncontent-type: image/gif\r\ncontent-length: 73937\r\nserver: cloudflare\r\nlast-modified: Tue, 19 Mar 2024 19:22:23 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65f9e5ef-120d1\"\r\naccept-ranges: bytes\r\nage: 265\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yDB29YthRylmkWhphH6evFnaIlZUL6DHWXOsnBPpiFLUfbvdHDIiGOJ6GhOdykecx9Zh0JpPMPdxRkh5hu2a5Aqq4kUEbZfaFwKh1WxUSKwm\"}]}\r\ncf-ray: 9d6a1691f9b3a9d3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":73937,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 500 x 90","md5":"8eba3d0ef05d4696fa35e6b333364675","sha1":"8808e2e5b2b2742fdaeba7218834da7bffefedf3","sha256":"408cd81fde12aeaa1eb73fdc912cee9206690316b7c4385601bf49cb9da6497d","sha512":"2a6b634c22544d199a9583e1e844a3490583c9f34591d4e45f6f429b98f9fc6c847ce595c5bf15f541a5f03c8747f218ffe81ff5ba192ca6243be0aba80c4dc8","ssdeep":"1536:SYhGT77q5bjWn/R2wlPuuVRb/ZjmcJx36gprRQlwyhqlw8Kz:SYhG25bqnp3uA/ZjDJxZM77z","tlshash":"b87302c3fc206c1da952473498a76f578954885358db43e7a38c7ea628bf0f0f5729c5","first_seen":"2024-08-19T21:06:33.924913Z","last_seen":"2026-03-03T16:41:53.535513Z","times_seen":6,"resource_available":false,"data":null}},"time_used":119,"timings":{"blocked":63,"dns":0,"connect":0,"send":0,"wait":28,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/ptserif/v19/EJRVQgYoZZY2vCFuvAFSzr-tdg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:22.060Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:00 GMT","end":"Mon, 27 Apr 2026 08:37:59 GMT"},"fingerprint":{"sha1":"43:A0:56:D7:CE:45:C9:96:6F:34:12:13:53:CC:34:DD:63:FB:5D:20","sha256":"A4:AF:37:76:AF:D3:DB:1B:79:93:8F:E9:D4:21:4B:BA:43:54:3D:F9:56:DC:18:E9:5C:CA:1A:7C:B2:C7:DF:9B"}}},"request":{"raw":"GET /s/ptserif/v19/EJRVQgYoZZY2vCFuvAFSzr-tdg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ba.do4a.pro\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 22128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 27 Feb 2026 00:26:16 GMT\r\nexpires: Sat, 27 Feb 2027 00:26:16 GMT\r\ncache-control: public, max-age=31536000\r\nage: 404106\r\nlast-modified: Thu, 04 Sep 2025 17:38:19 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 22128, version 1.0","md5":"093d7682a4bbc99425d204af3f15a98a","sha1":"2d73e1c04ce98532d2397c6c9ead90d5322771ba","sha256":"050aee25e3462f72c4d357ee964b8df1801e701bae8af275b697581a87c04a48","sha512":"078f37ddaf3fb5b14f355c985d617160434d3f807bbc9a34dd63eb184cea014e8e22910a448ceaa7db69082a366719d50046802cdeef485b66528450b44b11b1","ssdeep":"384:0Z0fzNz224hLb+W45JB3ltvotJHyHNIEu87qTqAEviy/Cm9AyUQ8A7kW51:0Z0fzNqtkPvotVyH5u87ue/7U5Ja","tlshash":"d9a2e0fe48e96d1b67e8b8342f1d46372c2d1a26c94535365253e28887a0b1ec886dbc","first_seen":"2025-09-07T11:33:10.990458Z","last_seen":"2026-03-31T16:34:56.484111Z","times_seen":149,"resource_available":false,"data":null}},"time_used":994,"timings":{"blocked":448,"dns":0,"connect":23,"send":0,"wait":48,"receive":5,"ssl":464},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/styles/default/do4a/background/header-repeat.png","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:22.261Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /styles/default/do4a/background/header-repeat.png HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/css.php?css=MinimalismToTop,cmf_block,cmf_news,discussion_list,do4a,login_bar,message,message_user_info,nat_public_css,notices\u0026style=6\u0026dir=LTR\u0026d=1772539404\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee; _ga_98JGTJBXV1=GS2.1.s1772556082$o1$g0$t1772556082$j60$l0$h0; _ga=GA1.1.104889216.1772556082\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:22 GMT\r\nContent-Type: image/png\r\nContent-Length: 1390\r\nConnection: keep-alive\r\nLast-Modified: Thu, 23 May 2013 16:02:47 GMT\r\nETag: \"519e3da7-56e\"\r\nExpires: Tue, 10 Mar 2026 16:45:31 GMT\r\nCache-Control: max-age=604800\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECsWxQIV26T2Ag==; expires=Wed, 03-Mar-27 16:45:31 GMT; domain=do4a.net; path=/\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1390,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 79 x 118, 8-bit/color RGBA, non-interlaced","md5":"7b5b7598992122002a2030017cd822e5","sha1":"55c309ff25c2fd235f54d00f4de387ab7c4d94bc","sha256":"d439b2ba91eba302241a286778b34deadb403db4e7eaaaf20c61c41b80f3225b","sha512":"26726be5a5e5f34841cac627193b9249b74718349d4b238b8efb1811954a2096a63d18e98f381288e0e28a7b7ff9b5c8026af5435b4c156382385553714d7384","ssdeep":"","tlshash":"c821d8f7231553feac26a5eb506d13d61b8743bd4717481440c9802abdf5f9acce0575","first_seen":"2023-08-05T06:50:02Z","last_seen":"2026-03-03T16:41:53.538426Z","times_seen":6,"resource_available":false,"data":null}},"time_used":242,"timings":{"blocked":107,"dns":0,"connect":0,"send":0,"wait":135,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/css.php?css=xenforo,form,public\u0026style=6\u0026dir=LTR\u0026d=1772539404","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.766Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /css.php?css=xenforo,form,public\u0026style=6\u0026dir=LTR\u0026d=1772539404 HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:20 GMT\r\nContent-Type: text/css; charset=utf-8\r\nContent-Length: 21152\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.6.21\r\nExpires: Wed, 01 Jan 2020 00:00:00 GMT\r\nLast-Modified: Tue, 03 Mar 2026 12:03:24 GMT\r\nCache-Control: public\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECoXRQIU3VRLAg==; expires=Wed, 03-Mar-27 16:45:30 GMT; domain=do4a.net; path=/\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.6.21","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":83494,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1784)","md5":"31cdf0761cad3bb7fecc68b64ec3f2ea","sha1":"6a671d2945f747df80ae196d28825385e8897b81","sha256":"796b8d1731a8c43b5df4025ca30cddf6b4addb656da85bde884b042699b57951","sha512":"ca10f35f9fd0a19c3c3bab8f62cacdf177de92fe40dfcda5287dfe4331ce3a94474aec4f47ea3272b5a404d571be8d03d87d9d53435312588b091e032a3ed5e4","ssdeep":"1536:KR2z+PMzY7gpenzVzPcsf1fUyh5bup+Nenzd8xLJ:w2Zz7aoS1","tlshash":"6983c631f598212eb127c12978d3abdd33259612d3134b7afcbab9b4ce8a1d95833744","first_seen":"2026-01-29T11:39:58.206721Z","last_seen":"2026-03-03T16:41:53.539657Z","times_seen":2,"resource_available":false,"data":null}},"time_used":225,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":224,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/attachments/4878745-jpg.341880/","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.813Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /attachments/4878745-jpg.341880/ HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:21 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 375918\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.6.21\r\nCache-control: private\r\nX-Frame-Options: SAMEORIGIN\r\nX-Xss-Protection: 1\r\nLast-Modified: Tue, 03 Mar 2026 16:45:30 GMT\r\nContent-Disposition: inline; filename=\"4878745.jpg\"\r\nEtag: \"1771310216\"\r\nX-Content-Type-Options: nosniff\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECoXRQIU3VRaAg==; expires=Wed, 03-Mar-27 16:45:30 GMT; domain=do4a.net; path=/\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.6.21","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":375918,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1080x796, components 3","md5":"82a2c5a2ede67e56fb4a2beca4bf4017","sha1":"0c18fc973990af2b4d4e5cf1c9998adf7fda354e","sha256":"01034bd92e19d781d2f5faaac08f9c54cc31fd7143c8b3d419b78393a49d0470","sha512":"f5d290b2d459f14628a9acc67e5979ea4bea0c7ad21ea528cd362236ed4ceb6b74aedaed1543288e6a5e02026ef5a5482c316ead72324e16a9a1dc4df4faebfc","ssdeep":"6144:SZePa7pi16NpU/Mg/OScVU7HKJBiX+a8aLQbKfpXGD3zToJ8j0G/Joe777Usf1g9:2M16NqMjtUaBiTtLaq2DAi4GRj77US1G","tlshash":"f4842313aba24cdd23afc83474ac6ae5ff51dc30daf4723c09804fa9e405477a645e95","first_seen":"2026-03-03T16:41:53.541269Z","last_seen":"2026-03-03T16:41:53.541269Z","times_seen":1,"resource_available":false,"data":null}},"time_used":869,"timings":{"blocked":422,"dns":0,"connect":0,"send":0,"wait":310,"receive":137,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bannernetwork.net/do4a/d4strongf.gif","fqdn":"bannernetwork.net","domain":"bannernetwork.net","tld":"net"},"ip":{"addr":"104.21.73.40","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.884Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bannernetwork.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Feb 2026 12:36:15 GMT","end":"Thu, 28 May 2026 13:34:48 GMT"},"fingerprint":{"sha1":"3D:3F:AE:3D:9E:7D:C4:1A:4B:04:FE:85:63:60:51:C5:48:90:26:63","sha256":"F7:76:09:F8:95:2E:EB:AC:09:E1:E7:07:B0:6D:EE:5F:95:6F:E6:CA:6E:6B:04:AD:7B:C5:DA:AF:E3:8D:47:B6"}}},"request":{"raw":"GET /do4a/d4strongf.gif HTTP/1.1\r\nHost: bannernetwork.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 03 Mar 2026 16:41:20 GMT\r\ncontent-type: image/gif\r\ncontent-length: 2520655\r\nserver: cloudflare\r\nlast-modified: Sat, 23 Dec 2023 16:32:47 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65870baf-26764f\"\r\naccept-ranges: bytes\r\nage: 265\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5ZLpggQAbVVCZMoLr6j6WNrhX7OmDkhWk0WlCggc2Kflya%2FPv34F1Hhg1yXUySY1PbZDPjjzi33ilOXVOOgR4OnNY1cpkjVuP6ZmtmaoFuxG\"}]}\r\ncf-ray: 9d6a1691f9b2a9d3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2520655,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1378 x 394","md5":"7dd10cb149663b4931d1601b52be1598","sha1":"4db86649affbb988ff4a79c7994146f6cd6d1bd2","sha256":"e39f0a77a2c7037b5f7fecffe649b8bb601fd348132512e3470d7d3aa538c72c","sha512":"b242dee7e26df987dd4fd30ee6d19f01d05c2e5c7e0ef8e9fbcc2a75e9782820c7c8317cb5bf9df87fa7a52d5ad7df99030521bbaa159a4007ce149fa78098ac","ssdeep":"24576:ICG0cR0urtWA3J6YjyW5908+a3Nei1RLWZGpd:ICF0rtWKJ5jVFPdpd","tlshash":"02252342f9f42f833471806dc9b3fa30a68de6faa215304295a51686fc744a0bf57df9","first_seen":"2025-08-25T23:25:04.436199Z","last_seen":"2026-03-03T16:41:53.542492Z","times_seen":4,"resource_available":false,"data":null}},"time_used":968,"timings":{"blocked":71,"dns":0,"connect":0,"send":0,"wait":28,"receive":869,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/styles/4400/market.swf","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"object","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:21.962Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /styles/4400/market.swf HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee\r\nSec-Fetch-Dest: embed\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:22 GMT\r\nContent-Type: application/x-shockwave-flash\r\nContent-Length: 625498\r\nConnection: keep-alive\r\nLast-Modified: Mon, 20 Jul 2015 12:16:44 GMT\r\nETag: \"55ace6ac-98b5a\"\r\nExpires: Tue, 10 Mar 2026 16:45:31 GMT\r\nCache-Control: max-age=604800\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECsWxQIV26TqAg==; expires=Wed, 03-Mar-27 16:45:31 GMT; domain=do4a.net; path=/\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":625498,"size_decoded":0,"mime_type":"application/x-shockwave-flash","magic":"Macromedia Flash data (compressed), version 25","md5":"cf377cae7d9b5f241fcd0e6c3e6fd48a","sha1":"0883a7621573a5713aa4f8bdea29a8e91231a28e","sha256":"a98ea9787aac643341967df3a456395c8c66ea41094cdb0c828866b328e0f5f0","sha512":"0cb45d20909d15cb4b384878dca3c36b6653a46c340593f99108d08319aeb586ceda44a08b77a4878e064225299ab0b913617cce12d81b118f3833ac3195d4bf","ssdeep":"12288:eWaftcSTNcuKByAjcmmRUd6/FWs2qXOxtHDY+wLVVSlbW1:Q+uhKByAjjd6ddOjwLHcbU","tlshash":"7ad433bf356385d0a1bb5de50cdb33424ab16a71ede6b6589b5b58cb0c1f231800ace7","first_seen":"2026-03-03T16:41:53.543825Z","last_seen":"2026-03-03T16:41:53.543825Z","times_seen":1,"resource_available":false,"data":null}},"time_used":453,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":163,"receive":290,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bannernetwork.net/do4a/brutal.gif","fqdn":"bannernetwork.net","domain":"bannernetwork.net","tld":"net"},"ip":{"addr":"104.21.73.40","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.883Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bannernetwork.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Feb 2026 12:36:15 GMT","end":"Thu, 28 May 2026 13:34:48 GMT"},"fingerprint":{"sha1":"3D:3F:AE:3D:9E:7D:C4:1A:4B:04:FE:85:63:60:51:C5:48:90:26:63","sha256":"F7:76:09:F8:95:2E:EB:AC:09:E1:E7:07:B0:6D:EE:5F:95:6F:E6:CA:6E:6B:04:AD:7B:C5:DA:AF:E3:8D:47:B6"}}},"request":{"raw":"GET /do4a/brutal.gif HTTP/1.1\r\nHost: bannernetwork.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 03 Mar 2026 16:41:20 GMT\r\ncontent-type: image/gif\r\ncontent-length: 6266580\r\nserver: cloudflare\r\nlast-modified: Tue, 28 Nov 2023 06:59:26 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65658fce-5f9ed4\"\r\naccept-ranges: bytes\r\nage: 265\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9GASCexDyNzYeWDT1i98XkLOCqZEGhgWS1VDcGfNvflQWNfLCsjWpw1CYOdF4VcfjDirpoq7Vhg0ZCbAI7EaiCpdGkaQSK111B9HmIwWuF5P\"}]}\r\ncf-ray: 9d6a1691f9aca9d3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6266580,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 350 x 100","md5":"03148deafdce6e74bf6944986b1740c1","sha1":"fb81e469af518006ac94f6154a53329a0cbc587c","sha256":"9c3f10d1f5aeaabcbd131d7c02bbe23b81ddcfb197e68a5a622ca5cfe9da5a67","sha512":"80f91c08fc8a9d31c054d538b07102796d93b6bc904bcc8d108cfbc8716760d3e073721063750decb4b59416851a72c8f431cb7316b0505fcc4027b56bd8dcbd","ssdeep":"24576:eyQULvEFXUHby86VqAQCWAls43ysiI5YEZhoHJZde3:ey3iXUO86cAyYysi6RZh+JW","tlshash":"f22523f1b700ed82e4b56a7280ef9f2c6d2ebeb025654710558cb2b14cbf355ace18d5","first_seen":"2025-08-25T23:25:04.570955Z","last_seen":"2026-03-03T16:41:53.545118Z","times_seen":4,"resource_available":false,"data":null}},"time_used":1468,"timings":{"blocked":72,"dns":0,"connect":0,"send":0,"wait":17,"receive":1379,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bannernetwork.net/do4a/d4profarm.gif","fqdn":"bannernetwork.net","domain":"bannernetwork.net","tld":"net"},"ip":{"addr":"104.21.73.40","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bannernetwork.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Feb 2026 12:36:15 GMT","end":"Thu, 28 May 2026 13:34:48 GMT"},"fingerprint":{"sha1":"3D:3F:AE:3D:9E:7D:C4:1A:4B:04:FE:85:63:60:51:C5:48:90:26:63","sha256":"F7:76:09:F8:95:2E:EB:AC:09:E1:E7:07:B0:6D:EE:5F:95:6F:E6:CA:6E:6B:04:AD:7B:C5:DA:AF:E3:8D:47:B6"}}},"request":{"raw":"GET /do4a/d4profarm.gif HTTP/1.1\r\nHost: bannernetwork.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 03 Mar 2026 16:41:20 GMT\r\ncontent-type: image/gif\r\ncontent-length: 1278921\r\nserver: cloudflare\r\nlast-modified: Wed, 16 Dec 2020 13:36:41 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"5fda0d69-1383c9\"\r\naccept-ranges: bytes\r\nage: 264\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8ACRGF1TOXiAMCEGsi1DW1MIqY9OjujCJY%2FUzHjH%2Bh%2F%2F6CiKZfT%2FI5GvI5pQ%2FKFfy4zpd0TBzzphfI0bWlsbnDmKa4ioNLvsxAS1C1AQxq20\"}]}\r\ncf-ray: 9d6a1691f9b6a9d3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1278921,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 350 x 100","md5":"e98f72e4ab55a75da65bbe3f555cd39e","sha1":"7739d0b35774021ad9ad2272c458a772b04d0e4e","sha256":"2496d8d69c862fe7ed89d42ccbf10ebc412e198c5495171886e28008bf5c197f","sha512":"29f63a42b969298ab6793575c96a3ddd23c7dbf677d9a51ec31ebcb319d33f0cab79d3b4278c6131eafcabb4ca976010f4ec8d16628b322224c0e4f094eb9047","ssdeep":"24576:CTIoXGvmy9JQDtFqx45aDHANKKT7zjwbyZKUcMc7:CTIoGOQJQDzqx7gEKT8k/O","tlshash":"ff25334ec40d0a7ea93eb0f05491875aa37342fd5721eb692a0bbd623b005de54f77ac","first_seen":"2025-08-25T23:25:04.456305Z","last_seen":"2026-03-03T16:41:53.546423Z","times_seen":4,"resource_available":false,"data":null}},"time_used":454,"timings":{"blocked":69,"dns":0,"connect":0,"send":0,"wait":28,"receive":357,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/ptserif/v19/EJRSQgYoZZY2vCFuvAnt66qSVys.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:22.061Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:00 GMT","end":"Mon, 27 Apr 2026 08:37:59 GMT"},"fingerprint":{"sha1":"43:A0:56:D7:CE:45:C9:96:6F:34:12:13:53:CC:34:DD:63:FB:5D:20","sha256":"A4:AF:37:76:AF:D3:DB:1B:79:93:8F:E9:D4:21:4B:BA:43:54:3D:F9:56:DC:18:E9:5C:CA:1A:7C:B2:C7:DF:9B"}}},"request":{"raw":"GET /s/ptserif/v19/EJRSQgYoZZY2vCFuvAnt66qSVys.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ba.do4a.pro\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 29588\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 28 Feb 2026 00:33:31 GMT\r\nexpires: Sun, 28 Feb 2027 00:33:31 GMT\r\ncache-control: public, max-age=31536000\r\nage: 317271\r\nlast-modified: Thu, 04 Sep 2025 17:42:06 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":29588,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 29588, version 1.0","md5":"cd87c62c9c9c1728e4ce6069e20b1104","sha1":"0480db0094dec698acf12620a246bd9134766119","sha256":"bf23a7a4eebedbb87d4084a69496b29815914a18e339a00f5dc73a03c9c9328f","sha512":"e178b41b16c3d5f417530f28a9a6ba23d7bee8dcf9325ffa06a03fe0edd68654f1f801181c296bc7d81046fa4e8fe2b4f83e8d9c4a3990de397fc390e1c326d1","ssdeep":"768:qtH/eucpHv7uQbBXaNQyIlxW1cfu0Q0bdKSYJ0ZTPIt4eMz:qBeum9B23aTfu0DdLjIt6","tlshash":"fad2e1adb117b13e4c2cc6b66b1b9d65629026ce619ffad031e88134f5f61b11e11c64","first_seen":"2023-05-03T04:45:14Z","last_seen":"2026-04-04T12:12:43.40614Z","times_seen":8472,"resource_available":false,"data":null}},"time_used":1012,"timings":{"blocked":448,"dns":1,"connect":21,"send":0,"wait":59,"receive":8,"ssl":470},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ba.do4a.pro/attachments/885-jpg.341908/","fqdn":"ba.do4a.pro","domain":"do4a.pro","tld":"pro"},"ip":{"addr":"145.239.93.144","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.805Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ba.do4a.pro","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 12:39:18 GMT","end":"Wed, 27 May 2026 12:39:17 GMT"},"fingerprint":{"sha1":"82:4A:F8:2E:0B:03:9A:4D:F2:3C:E0:DD:92:23:29:71:55:31:45:88","sha256":"AD:4F:51:2D:F4:9D:9F:8C:B9:88:A1:05:87:2F:57:6D:D4:00:0B:7A:3C:8E:5E:1B:20:C6:8F:46:79:86:86:4A"}}},"request":{"raw":"GET /attachments/885-jpg.341908/ HTTP/1.1\r\nHost: ba.do4a.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ba.do4a.pro/\r\nCookie: xf_session=9ec5c0fb64d4d8c46312daf44f9f9aee\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 03 Mar 2026 16:41:21 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 226124\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.6.21\r\nCache-control: private\r\nX-Frame-Options: SAMEORIGIN\r\nX-Xss-Protection: 1\r\nLast-Modified: Tue, 03 Mar 2026 16:45:30 GMT\r\nContent-Disposition: inline; filename=\"885.jpg\"\r\nEtag: \"1771579593\"\r\nX-Content-Type-Options: nosniff\r\nStrict-Transport-Security: max-age=31536000\r\nPublic-Key-Pins: pin-sha256=\"ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4=\"; max-age=5184000\r\nSet-Cookie: dcs=XhfWsWmnECoXRQIU3VRgAg==; expires=Wed, 03-Mar-27 16:45:30 GMT; domain=do4a.net; path=/\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP:5.6.21","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":226124,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1080x1350, components 3","md5":"c2497fd0f2d4da541085d9e0e451ac00","sha1":"52001cb6f84afab42e690bda3b4cbb5fcd0b8df8","sha256":"46da8cb8faed5b70cbcae88c1ad5e7b6438f63afe0f1b91bf1a99bd6628205b1","sha512":"44db8abf0deb5075ce4c366544dc2853ce8212c84efe1004118838c258e093de621ad34b13b49e3788be76273708c3408249515228ac2fe9983426769cb15875","ssdeep":"3072:G9DKZmDShLu5i2GXbL0SP3eQxhZ4kSEa7F6hmqHYSiMLo9EPzwHQUS981+sK2B/K:G9DxDSgU4SPHfrSEaAPHYSiv976Vn","tlshash":"6b2402036006d642a61c9362ae036f4d27297f4cadd6f2df40676e8abff62911c4d46f","first_seen":"2026-03-03T16:41:53.548286Z","last_seen":"2026-03-03T16:41:53.548286Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1118,"timings":{"blocked":575,"dns":0,"connect":0,"send":0,"wait":472,"receive":71,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bannernetwork.net/do4a/farmdo4a.gif","fqdn":"bannernetwork.net","domain":"bannernetwork.net","tld":"net"},"ip":{"addr":"104.21.73.40","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ba.do4a.pro/","date":"2026-03-03T16:41:20.891Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bannernetwork.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Feb 2026 12:36:15 GMT","end":"Thu, 28 May 2026 13:34:48 GMT"},"fingerprint":{"sha1":"3D:3F:AE:3D:9E:7D:C4:1A:4B:04:FE:85:63:60:51:C5:48:90:26:63","sha256":"F7:76:09:F8:95:2E:EB:AC:09:E1:E7:07:B0:6D:EE:5F:95:6F:E6:CA:6E:6B:04:AD:7B:C5:DA:AF:E3:8D:47:B6"}}},"request":{"raw":"GET /do4a/farmdo4a.gif HTTP/1.1\r\nHost: bannernetwork.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 03 Mar 2026 16:41:20 GMT\r\ncontent-type: image/gif\r\ncontent-length: 578886\r\nserver: cloudflare\r\nlast-modified: Sat, 07 Oct 2023 08:39:35 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65211947-8d546\"\r\naccept-ranges: bytes\r\nage: 383\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=J5XG%2FRotqVhOiYfhr3osGc5SS%2FYNEawWQegQp5S5hT2V6WdLKSUp%2BbR2XzCf7qyVlVuvz1QwV64U%2FfWqW0%2F1rE%2FBWmxFZg85fNOtONGdvZ%2Fi\"}]}\r\ncf-ray: 9d6a1691f9a8a9d3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":578886,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 500 x 90","md5":"c75707d346978c1fbd0e2ec279327940","sha1":"19bc6285f9ea91575b71620d471cfd3292163f4a","sha256":"bafed46a8ab75e7a050a95faafdaa0476f2afc8f5490492981e8101039e3560b","sha512":"5e4fcf2cd497f3328660e0bcd953e9cf13614a3ddf714a4a54df50d35422454d725b9f862fe4a3e5338e7f862e43d0ecaaad142f2241ebe6ad2af54410b3e1da","ssdeep":"12288:DqqEkgiPCM08UUxWo6dckGKKy18i9Jx+oMi+1udFEjHXADI:DqzKPCl8UUPUcPtyeoJmia7ADI","tlshash":"63c4236fed8bc34b7951026911e42f504b5038be447bcf319884bca544628ffe99f7aa","first_seen":"2024-08-19T21:06:33.927987Z","last_seen":"2026-03-03T16:41:53.549468Z","times_seen":6,"resource_available":false,"data":null}},"time_used":326,"timings":{"blocked":64,"dns":2,"connect":8,"send":0,"wait":27,"receive":142,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}