Report - bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Report Overview

Visitedpublic

2024-06-01 10:36:04

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-05-31 18:52:22	496 B	1.4 kB	142.250.74.106
bj.do4a.me	unknown	unknown	No data	No data	10 kB	512 kB	172.67.215.209
bannernetwork.net	unknown	2018-05-30	2018-12-10 23:11:06	2024-03-20 20:56:49	4.5 kB	24 MB	172.67.140.28
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2024-06-01 02:12:45	1.3 kB	243 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-06-01	medium	bannernetwork.net	Sinkholed
2024-06-01	medium	bannernetwork.net	Sinkholed
2024-06-01	medium	bannernetwork.net	Sinkholed
2024-06-01	medium	bannernetwork.net	Sinkholed
2024-06-01	medium	bannernetwork.net	Sinkholed
2024-06-01	medium	bannernetwork.net	Sinkholed
2024-06-01	medium	bannernetwork.net	Sinkholed
2024-06-01	medium	bannernetwork.net	Sinkholed
2024-06-01	medium	bannernetwork.net	Sinkholed
2024-06-01	medium	bannernetwork.net	Sinkholed
2024-06-01	medium	bannernetwork.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (13)

	URL	From	Size	First Seen	Last Seen
	bj.do4a.me/js/Minimalism/jquery.ui.totop.js?_v=2c76e9c8	ScriptElement	1.7 kB	2023-03-07	2025-07-23
URL bj.do4a.me/js/Minimalism/jquery.ui.totop.js?_v=2c76e9c8 IP / ASN 172.67.215.209 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-07-23 Times Seen 44 Size 1.7 kB (1738 bytes) MD5 1daf8822c62b730a6dc80f027ff8faf0 SHA1 bed5fcc3a223f70448d6a256c4c482e4339269ec SHA256 972120582a22b0e9e83bca1713ebebdf2356dda9d7c9c81c156f72f934261ec9 Format Code Loading...

	bj.do4a.me/proxy.php?link=https://vimeo.com/704979506	ScriptElement	819 B	2023-04-30	2024-08-19
URL bj.do4a.me/proxy.php?link=https://vimeo.com/704979506 IP / ASN 172.67.215.209 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-04-30 Last Seen 2024-08-19 Times Seen 2 Size 819 B (819 bytes) MD5 a64547d7ef9bb71e63145ac176f8a1b6 SHA1 d343203acfb97e5e98689d296a733b2c99720109 SHA256 12c52b0e65f0e9d100476bfe2cee5366abf9b70aed683872e753591ebe96b342 Format Code Loading...

	www.googletagmanager.com/gtag/js?id=UA-120595707-1	ScriptElement	210 kB	2024-08-19	2024-08-19
URL www.googletagmanager.com/gtag/js?id=UA-120595707-1 IP / ASN 142.250.74.168 #15169 GOOGLE Introduced by ScriptElement Embedded false Resource Info First Seen 2024-08-19 Last Seen 2024-08-19 Times Seen 2 Size 210 kB (210311 bytes) MD5 b9d80755d3cbdbba9542e0799f1516b5 SHA1 1a71de406c3e0b70ab3b55bf56ecfc2a676c3dfa SHA256 77efb309784c47d100c047acf5c609cef886a5d8d7256b5288ed246b54764cbd Format Code Loading...

	bj.do4a.me/sandbox%20eval%20code		147 B	2023-04-11	2025-08-07
URL bj.do4a.me/sandbox%20eval%20code IP / ASN 0.0.0.0 #0 Introduced by Embedded false Resource Info First Seen 2023-04-11 Last Seen 2025-08-07 Times Seen 422399 Size 147 B (147 bytes) MD5 92b651082ce234f66bb544e678befda3 SHA1 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 SHA256 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Format Code Loading...

	bj.do4a.me/proxy.php?link=https://vimeo.com/704979506	ScriptElement	155 B	2023-04-30	2024-08-19
URL bj.do4a.me/proxy.php?link=https://vimeo.com/704979506 IP / ASN 172.67.215.209 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-04-30 Last Seen 2024-08-19 Times Seen 2 Size 155 B (155 bytes) MD5 a64225c081821318103c34f82ceb92b6 SHA1 67a5010936e36b2d7e8fed6cbe6c7224628bc1d4 SHA256 886b643b905a010211817dd8b46044e4947ce037e37cc0d692132fc78ba4dfe6 Format Code Loading...

	bj.do4a.me/js/jquery/jquery-1.11.0.min.js	ScriptElement	96 kB	2023-03-07	2025-08-07
URL bj.do4a.me/js/jquery/jquery-1.11.0.min.js IP / ASN 172.67.215.209 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-07 Times Seen 13144 Size 96 kB (96381 bytes) MD5 8fc25e27d42774aeae6edbc0a18b72aa SHA1 b66ed708717bf0b4a005a4d0113af8843ef3b8ff SHA256 b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682 Format Code Loading...

	www.googletagmanager.com/gtag/js?id=G-98JGTJBXV1&l=dataLayer&cx=c	ScriptElement	253 kB	2024-08-19	2024-08-19
URL www.googletagmanager.com/gtag/js?id=G-98JGTJBXV1&l=dataLayer&cx=c IP / ASN 142.250.74.168 #15169 GOOGLE Introduced by ScriptElement Embedded false Resource Info First Seen 2024-08-19 Last Seen 2024-08-19 Times Seen 1 Size 253 kB (252871 bytes) MD5 9db0a03e92ed0e7d1a78786a96982bf4 SHA1 44dfd5b343eab1ba4e0c5786f32a02271beedab5 SHA256 762923b50720e75100361cccecf90b9ebaed0ae780721ecc376818689f8f801c Format Code Loading...

	www.googletagmanager.com/gtag/js?id=UA-120595707-1	ScriptElement	210 kB	2024-08-19	2024-08-19
URL www.googletagmanager.com/gtag/js?id=UA-120595707-1 IP / ASN 142.250.74.168 #15169 GOOGLE Introduced by ScriptElement Embedded false Resource Info First Seen 2024-08-19 Last Seen 2024-08-19 Times Seen 2 Size 210 kB (210311 bytes) MD5 425aa5fe66ca1888717a942f0cf7b445 SHA1 3a899e9a5d49649ffd741ec3c4d790918a86c150 SHA256 630d2c015f7c1d1e13623ee00a9186fae46ce13b843a35cc95a1d4234bc6efa2 Format Code Loading...

	bj.do4a.me/proxy.php?link=https://vimeo.com/704979506	ScriptElement	130 B	2024-08-19	2024-08-19
URL bj.do4a.me/proxy.php?link=https://vimeo.com/704979506 IP / ASN 172.67.215.209 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2024-08-19 Last Seen 2024-08-19 Times Seen 2 Size 130 B (130 bytes) MD5 f6a6ddb5bdce6aaf369ffa2b3032c76a SHA1 bddec1784bf35a2399c6552d8becda6cda572e27 SHA256 cbb3c9e95e3335c5fef2a79f37ed5bbf89da3685bbcbea8ce7b798db4e8d74aa Format Code Loading...

	bj.do4a.me/proxy.php?link=https://vimeo.com/704979506	ScriptElement	157 B	2023-04-30	2024-08-19
URL bj.do4a.me/proxy.php?link=https://vimeo.com/704979506 IP / ASN 172.67.215.209 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-04-30 Last Seen 2024-08-19 Times Seen 2 Size 157 B (157 bytes) MD5 f860e42dc67cab3604fd911ec598cdc7 SHA1 a21d0c75dbca8fe83290d42644f8610626a9e84c SHA256 44a450d6b6dca9148681e2b8f46ae2031363c8ddf7a11ab9d3cac5b9d8e11c68 Format Code Loading...

	bj.do4a.me/js/xenforo/xenforo.js?_v=2c76e9c8	ScriptElement	169 kB	2023-04-30	2025-08-02
URL bj.do4a.me/js/xenforo/xenforo.js?_v=2c76e9c8 IP / ASN 172.67.215.209 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-04-30 Last Seen 2025-08-02 Times Seen 9 Size 169 kB (169382 bytes) MD5 7659c2ab3bd2001e23118eb49d15aa34 SHA1 b579daf754abb940b25692bda1007573fb949cca SHA256 0baa35b068dd1c4a80020f01ccd76eab83058bd6bb98877a59035771ad07d8fa Format Code Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-08-07
URL www.google-analytics.com/analytics.js IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded false Resource Info First Seen 2023-04-11 Last Seen 2025-08-07 Times Seen 421668 Size 4.7 kB (4691 bytes) MD5 f24128d0c9cba7be2916c693427a3483 SHA1 1b6397d496ea896ebc2018b01b995cee4f166029 SHA256 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Format Code Loading...

	bj.do4a.me/proxy.php?link=https://vimeo.com/704979506	ScriptElement	2.2 kB	2024-08-19	2024-08-19
URL bj.do4a.me/proxy.php?link=https://vimeo.com/704979506 IP / ASN 172.67.215.209 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2024-08-19 Last Seen 2024-08-19 Times Seen 1 Size 2.2 kB (2191 bytes) MD5 099ceaab045813667d985a8ed38fb301 SHA1 60f83497bb315fafb10f790d337f73c01f753070 SHA256 e4d0c909231082008df8b05f0265a3fbc64f7a95d051e971a6e87b1bbf3af322 Format Code Loading...

HTTP Transactions (34)

URL IP Response Size

GET bj.do4a.me/css.php?css=xenforo,form,public&style=6&dir=LTR&d=1717073373

172.67.215.209

200 OK

21 kB

URL GET HTTPS

bj.do4a.me/css.php?css=xenforo,form,public&style=6&dir=LTR&d=1717073373

IP / ASN

172.67.215.209

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typeASCII text, with very long lines (1784)

First Seen2024-08-19

Last Seen2024-08-19

Times Seen2

Size21 kB (21082 bytes)

MD54c60beeb4b54ec2052c9eee6d4bf8d8f

SHA13f1832d31e6f05bccb9a238024bd1a8f2767a72c

SHA2560e77b1f043220a9ebc856569a1b5b5249369999d17762d3a545d6fe1fcb311d5

Certificate Info

IssuerGoogle Trust Services LLC

Subjectdo4a.me

FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95

ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

HTTP Headers

GET /css.php?css=xenforo,form,public&style=6&dir=LTR&d=1717073373 HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: text/css; charset=utf-8
content-length: 21082
x-powered-by: PHP/5.6.21
expires: Wed, 01 Jan 2020 00:00:00 GMT
last-modified: Thu, 30 May 2024 12:49:33 GMT
cache-control: public
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
set-cookie: dcs=XhfWsWZa/UJ4wiIeCkJuAg==; expires=Sun, 01-Jun-25 10:51:46 GMT; domain=do4a.net; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZpY90V2rd8Hiq36Y6L7EQAAu9jufoxZCeF5Tw6vx8FQCjs53DOC5TrMxZiesWUnb5DLLwggo0ymBdetqwRcvwvdc2Iqy%2FZNguwLGPLYhsDbsBdv8GSrhsozDr%2Fmi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88ce8ed3eeab56bb-OSL
alt-svc: h3=":443"; ma=86400

GET bannernetwork.net/do4a/homosteron.gif

172.67.140.28

200 OK

74 kB

URL GET HTTPS

bannernetwork.net/do4a/homosteron.gif

IP / ASN

172.67.140.28

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typeGIF image data, version 89a, 500 x 90

First Seen2024-08-19

Last Seen2024-08-19

Times Seen2

Size74 kB (73937 bytes)

MD58eba3d0ef05d4696fa35e6b333364675

SHA18808e2e5b2b2742fdaeba7218834da7bffefedf3

SHA256408cd81fde12aeaa1eb73fdc912cee9206690316b7c4385601bf49cb9da6497d

Certificate Info

IssuerGoogle Trust Services LLC

Subjectbannernetwork.net

Fingerprint6F:AB:65:D5:04:84:FD:D1:5D:99:B8:5B:2B:FC:07:C0:4E:FF:C2:54

ValiditySat, 18 May 2024 07:17:30 GMT - Fri, 16 Aug 2024 07:17:29 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /do4a/homosteron.gif HTTP/1.1
Host: bannernetwork.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/gif
content-length: 73937
last-modified: Tue, 19 Mar 2024 19:22:23 GMT
etag: "65f9e5ef-120d1"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2768
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oXWuCRmqomZTgOTuupojjsE1%2Fu0VtCqSPPAlfV0Wt0I1RtJjEy5ftehwC2oGmy%2FaCUu%2FrC%2FzJuAvbEw1XeZc0U4EEBmbQeAKmj%2FOrwlooEC6f6sTnZJfn2cevjpq4si9vVHHtw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed47b1eb51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET bannernetwork.net/do4a/d4hilmaapril.gif

172.67.140.28

200 OK

28 kB

URL GET HTTPS

bannernetwork.net/do4a/d4hilmaapril.gif

IP / ASN

172.67.140.28

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typeGIF image data, version 89a, 500 x 90

First Seen2024-08-19

Last Seen2024-08-19

Times Seen2

Size28 kB (27625 bytes)

MD5a7eea1c27985e24d1b9527ff9dffa326

SHA11d5ac9cff76ff7f60dd806c29e9ef06f2a9f11f2

SHA2568a3c9624c52d7f8a1df13a289449f33e7c134f5703ef01868409c9d69c7c6373

Certificate Info

IssuerGoogle Trust Services LLC

Subjectbannernetwork.net

Fingerprint6F:AB:65:D5:04:84:FD:D1:5D:99:B8:5B:2B:FC:07:C0:4E:FF:C2:54

ValiditySat, 18 May 2024 07:17:30 GMT - Fri, 16 Aug 2024 07:17:29 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /do4a/d4hilmaapril.gif HTTP/1.1
Host: bannernetwork.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/gif
content-length: 27625
last-modified: Tue, 16 Apr 2024 11:34:12 GMT
etag: "661e6234-6be9"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3046
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pcU46CwmnjxgjpUt2vL9UPUjisY34oXruUv84A37tBaouqOhwx5JxdbnyjQ0GrftkbC%2BJN5rE0E16o8z30JFsZ5wd%2F2gfcydgoZWfb0370wNEDU%2BX06iMOMryM%2FYZSaYZfVnpg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed47b13b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET bannernetwork.net/do4a/realbig.gif

172.67.140.28

200 OK

259 kB

URL GET HTTPS

bannernetwork.net/do4a/realbig.gif

IP / ASN

172.67.140.28

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typeGIF image data, version 89a, 600 x 160

First Seen2023-08-05

Last Seen2024-08-19

Times Seen2

Size259 kB (258679 bytes)

MD52fa481a8c7340b1cae0c0b41ab749317

SHA1238ecd2e7e0414f0803d3ce522c50efa0bf149af

SHA2568f738aca08124efed4c6230de1f30fa12620dca691d882e60632cb9814d7b106

Certificate Info

IssuerGoogle Trust Services LLC

Subjectbannernetwork.net

Fingerprint6F:AB:65:D5:04:84:FD:D1:5D:99:B8:5B:2B:FC:07:C0:4E:FF:C2:54

ValiditySat, 18 May 2024 07:17:30 GMT - Fri, 16 Aug 2024 07:17:29 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /do4a/realbig.gif HTTP/1.1
Host: bannernetwork.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/gif
content-length: 258679
last-modified: Thu, 11 Nov 2021 08:16:08 GMT
etag: "618cd148-3f277"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3046
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=015NlS0TRVavPoaNz6y6%2FAbaDGPXstm0MOxmum%2Fvljs3PJ2JQGfsh%2Fwf%2Bd317jWgh5xfvAOpksrNDSlzPEaCdlD2xF%2F41AYoHRHqWNbv97wgc90azmFv%2BdFl1rZjfLTn%2BR5NaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed47b00b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET bannernetwork.net/do4a/farmdo4a.gif

172.67.140.28

200 OK

579 kB

URL GET HTTPS

bannernetwork.net/do4a/farmdo4a.gif

IP / ASN

172.67.140.28

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typeGIF image data, version 89a, 500 x 90

First Seen2024-08-19

Last Seen2024-08-19

Times Seen2

Size579 kB (578886 bytes)

MD5c75707d346978c1fbd0e2ec279327940

SHA119bc6285f9ea91575b71620d471cfd3292163f4a

SHA256bafed46a8ab75e7a050a95faafdaa0476f2afc8f5490492981e8101039e3560b

Certificate Info

IssuerGoogle Trust Services LLC

Subjectbannernetwork.net

Fingerprint6F:AB:65:D5:04:84:FD:D1:5D:99:B8:5B:2B:FC:07:C0:4E:FF:C2:54

ValiditySat, 18 May 2024 07:17:30 GMT - Fri, 16 Aug 2024 07:17:29 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /do4a/farmdo4a.gif HTTP/1.1
Host: bannernetwork.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/gif
content-length: 578886
last-modified: Sat, 07 Oct 2023 08:39:35 GMT
etag: "65211947-8d546"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3046
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uS1V8J0mw3TeMt9d3SlDBWrKpqpaHkONc7LqRrhuTuoId8AsTTToWsUcswiFeFIxzeh1PvHllQ0B98%2FCSJRxVXKY%2BuB5lD%2Fq%2BU7tuXfub%2B%2BNTHHTzYFJurujiDF4wq%2FpltvRWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed47b1cb51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=UA-120595707-1

142.250.74.168

200 OK

76 kB

URL GET HTTPS

www.googletagmanager.com/gtag/js?id=UA-120595707-1

IP / ASN

142.250.74.168

#15169 GOOGLE

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typeJavaScript source, ASCII text, with very long lines (4179)

First Seen2024-08-19

Last Seen2024-08-19

Times Seen2

Size76 kB (75719 bytes)

MD5b9d80755d3cbdbba9542e0799f1516b5

SHA11a71de406c3e0b70ab3b55bf56ecfc2a676c3dfa

SHA25677efb309784c47d100c047acf5c609cef886a5d8d7256b5288ed246b54764cbd

Certificate Info

IssuerGoogle Trust Services LLC

Subject*.google-analytics.com

Fingerprint44:90:16:0A:70:BD:B4:DF:9D:30:32:B2:3E:31:F4:BD:D4:E3:F8:91

ValidityMon, 13 May 2024 06:34:48 GMT - Mon, 05 Aug 2024 06:34:47 GMT

HTTP Headers

GET /gtag/js?id=UA-120595707-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Jun 2024 10:35:37 GMT
expires: Sat, 01 Jun 2024 10:35:37 GMT
cache-control: private, max-age=900
last-modified: Sat, 01 Jun 2024 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75719
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET bj.do4a.me/css.php?css=MinimalismToTop,cmf_block,do4a,login_bar,nat_public_css,notices&style=6&dir=LTR&d=1717073373

172.67.215.209

200 OK

5.6 kB

URL GET HTTPS

bj.do4a.me/css.php?css=MinimalismToTop,cmf_block,do4a,login_bar,nat_public_css,notices&style=6&dir=LTR&d=1717073373

IP / ASN

172.67.215.209

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typeASCII text, with very long lines (689)

First Seen2023-04-30

Last Seen2024-08-19

Times Seen2

Size5.6 kB (5578 bytes)

MD58f3f9ecd999e05c31efb7ce391dee9fb

SHA12079d4ab4d2ae56ea547d83fafccdf1b34f97616

SHA25633704cc7724745b129f590220e1dbcf050cd7f7724566cf20d98b9e72cff7dc6

Certificate Info

IssuerGoogle Trust Services LLC

Subjectdo4a.me

FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95

ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

HTTP Headers

GET /css.php?css=MinimalismToTop,cmf_block,do4a,login_bar,nat_public_css,notices&style=6&dir=LTR&d=1717073373 HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: text/css; charset=utf-8
content-length: 5578
x-powered-by: PHP/5.6.21
expires: Wed, 01 Jan 2020 00:00:00 GMT
last-modified: Thu, 30 May 2024 12:49:33 GMT
cache-control: public
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
set-cookie: dcs=XhfWsWZa/UJ4wiIeCkJvAg==; expires=Sun, 01-Jun-25 10:51:46 GMT; domain=do4a.net; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TLeVXkL%2Bcr8Ly3XO62pyDOpGuRJ1YvNETJ3Qnu7dVM3EUK3S2onv5vZRlQCU2pdpQm95WDKSULJTs0wIg56c5RqRZM6ET5ItbbFm9zbGSSrpAWx88Eep94P%2FL%2B9c"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88ce8ed3eeaf56bb-OSL
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/styles/default/do4a/logo.png

172.67.215.209

200 OK

23 kB

URL GET HTTPS

bj.do4a.me/styles/default/do4a/logo.png

IP / ASN

172.67.215.209

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typePNG image data, 271 x 70, 8-bit/color RGBA, non-interlaced

First Seen2023-08-05

Last Seen2024-08-19

Times Seen2

Size23 kB (23160 bytes)

MD52f32895fc73551836c8a5f3681d32965

SHA10bc93c506e2b9a16b9d4105d4ab9cc43d968090c

SHA2569e6b26193f6a7a8c1eec51c52d555e88a21cab04e6d4cdc4e8f383090254ab42

Certificate Info

IssuerGoogle Trust Services LLC

Subjectdo4a.me

FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95

ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

HTTP Headers

GET /styles/default/do4a/logo.png HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/png
content-length: 23160
last-modified: Thu, 23 May 2013 16:02:47 GMT
etag: "519e3da7-5a78"
expires: Sat, 08 Jun 2024 10:51:46 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UJ4KiIcClo8Ag==; expires=Sun, 01-Jun-25 10:51:46 GMT; domain=do4a.net; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pac3S0YRzXHbRTt%2Bz552u%2BG5Ae19V0pxuth%2FjCXL1%2BxXCTwd1ie16cAw%2Fc%2BKlUv611fFxIMSrVFh0cm8Q4RZhI2KLpZI%2BFwEHzNhxUn%2BJG8vGUdqsYZTxzaXdf2D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed3feda56bb-OSL
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/yzen.jpg

172.67.215.209

200 OK

12 kB

URL GET HTTPS

bj.do4a.me/yzen.jpg

IP / ASN

172.67.215.209

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typeJPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=156, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=156], progressive, precision 8, 14x14, components 3

First Seen2024-08-19

Last Seen2024-08-19

Times Seen2

Size12 kB (11769 bytes)

MD5d256e3d4cffbe55efb7912e8ce9aeee8

SHA1c296c0e9597c6eb01a23b59923ac1367c3a9146f

SHA2569dd1493091907b5182922be0bf59eb7ea105fd8c9638dccdc77ac2268474f323

Certificate Info

IssuerGoogle Trust Services LLC

Subjectdo4a.me

FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95

ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

HTTP Headers

GET /yzen.jpg HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/jpeg
content-length: 11769
last-modified: Fri, 21 Dec 2018 09:20:17 GMT
etag: "5c1cb051-2df9"
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UJ4wiIeCkJxAg==; expires=Sun, 01-Jun-25 10:51:46 GMT; domain=do4a.net; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KGn8lW8Qqog9fgRs7o7Jfs7OzA0Inkl5UGM%2BATEZoi74ULgtz57Kk5xZXj3RQ3OsFLEAjbg6lUjtmBqN9jlUYTbhEJTkHCB1wItFlQIst3iMSW62NXwIF8xkiaTI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed3fedc56bb-OSL
alt-svc: h3=":443"; ma=86400

GET bannernetwork.net/do4a/phlcripta.gif

172.67.140.28

200 OK

1.1 MB

URL GET HTTPS

bannernetwork.net/do4a/phlcripta.gif

IP / ASN

172.67.140.28

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typeGIF image data, version 89a, 960 x 300

First Seen2024-08-19

Last Seen2024-08-19

Times Seen2

Size1.1 MB (1142309 bytes)

MD591308b0f8c52136974be1e88a71ba11c

SHA119f7965a5429cf8f4ed750e47524003037fd99e5

SHA25663e75786484c45041fbacb40ba6c4936eee5d13f592866b0d12d849bf25d4864

Certificate Info

IssuerGoogle Trust Services LLC

Subjectbannernetwork.net

Fingerprint6F:AB:65:D5:04:84:FD:D1:5D:99:B8:5B:2B:FC:07:C0:4E:FF:C2:54

ValiditySat, 18 May 2024 07:17:30 GMT - Fri, 16 Aug 2024 07:17:29 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /do4a/phlcripta.gif HTTP/1.1
Host: bannernetwork.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/gif
content-length: 1142309
last-modified: Sun, 26 May 2024 05:28:17 GMT
etag: "6652c871-116e25"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2670
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XFGDftqi3QpiBQX9K7fNR15emLlQoVvNB9mvONd4GWaaSjF0rnZOKMY3R1WOna5WojVcM0vX2FtdFy1N6xRQUIJ5s7vr2cr0Fox0inFPa%2F8ZSv6wesvNTPffWHxIf09QyLU4Og%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed47b21b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET bannernetwork.net/do4a/d4profarm.gif

172.67.140.28

200 OK

1.3 MB

URL GET HTTPS

bannernetwork.net/do4a/d4profarm.gif

IP / ASN

172.67.140.28

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typeGIF image data, version 89a, 350 x 100

First Seen2023-08-05

Last Seen2024-08-19

Times Seen2

Size1.3 MB (1278921 bytes)

MD5a394c1634a3de34d1578db9a8c880e24

SHA1762ea1623317a8e4d099edeb2e7b49cdda027300

SHA2564e3bf9c2ef97543f863ffb4bc558a78cb65fa9fb8ed4a8cf4a2dde813f9fa9e7

Certificate Info

IssuerGoogle Trust Services LLC

Subjectbannernetwork.net

Fingerprint6F:AB:65:D5:04:84:FD:D1:5D:99:B8:5B:2B:FC:07:C0:4E:FF:C2:54

ValiditySat, 18 May 2024 07:17:30 GMT - Fri, 16 Aug 2024 07:17:29 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /do4a/d4profarm.gif HTTP/1.1
Host: bannernetwork.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/gif
content-length: 1278921
last-modified: Wed, 16 Dec 2020 13:36:41 GMT
etag: "5fda0d69-1383c9"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2462
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hfQ6g8OXNw%2BH1sNEQz3YKsJ97LdYEYR1DXzPchKLGC3R%2F2fGWoz2VCt%2B5J9TYXi%2Bb0byiL6tRFeWV6BkLCAAjL3AZGAiYSfh4GzCt%2BpTfdR%2B0P%2BUa01Cw%2BPEGgh2GxsMN%2Bfh7A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed47b0cb51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET bannernetwork.net/do4a/anabolnew.gif

172.67.140.28

200 OK

1.6 MB

URL GET HTTPS

bannernetwork.net/do4a/anabolnew.gif

IP / ASN

172.67.140.28

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typeGIF image data, version 89a, 550 x 170

First Seen2023-08-05

Last Seen2025-06-19

Times Seen3

Size1.6 MB (1599962 bytes)

MD5fbbed2611a3928cddce7006fc5def7c3

SHA1720c6b348d07013d716c6a7b2292028df787e868

SHA256df8ef8bd3dc738d0547595015cc9f0f7730451983625ba79b35a0e3405cfb388

Certificate Info

IssuerGoogle Trust Services LLC

Subjectbannernetwork.net

Fingerprint6F:AB:65:D5:04:84:FD:D1:5D:99:B8:5B:2B:FC:07:C0:4E:FF:C2:54

ValiditySat, 18 May 2024 07:17:30 GMT - Fri, 16 Aug 2024 07:17:29 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /do4a/anabolnew.gif HTTP/1.1
Host: bannernetwork.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/gif
content-length: 1599962
last-modified: Mon, 15 Nov 2021 08:32:36 GMT
etag: "61921b24-1869da"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3046
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=irhXOzuNTjtSDP0WJ9T%2BMvn1gmnniFX%2Bwj449sxdsy1mUnRTxXmxG%2BRQ2bKs%2BAuqCwA7VUmnyVj7UrT%2Fn%2FyLpUTvVUSGGMx%2B39zyKfnloUJJIy%2FmcuX%2B58hzSh8Iv0jq3q3Okw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed47b1fb51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET bannernetwork.net/do4a/d4strongf.gif

172.67.140.28

200 OK

2.5 MB

URL GET HTTPS

bannernetwork.net/do4a/d4strongf.gif

IP / ASN

172.67.140.28

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typeGIF image data, version 89a, 1378 x 394

First Seen2024-08-19

Last Seen2024-08-19

Times Seen2

Size2.5 MB (2520655 bytes)

MD562fe3b947217b5b33270b7c27cc8e116

SHA10247e13c7187bfc19183dd127247e9e02f476480

SHA256b8f1b2c3e38022541e1371871daafdd9b7dffebad967fa5f119a5a07fbfbb2f6

Certificate Info

IssuerGoogle Trust Services LLC

Subjectbannernetwork.net

Fingerprint6F:AB:65:D5:04:84:FD:D1:5D:99:B8:5B:2B:FC:07:C0:4E:FF:C2:54

ValiditySat, 18 May 2024 07:17:30 GMT - Fri, 16 Aug 2024 07:17:29 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /do4a/d4strongf.gif HTTP/1.1
Host: bannernetwork.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/gif
content-length: 2520655
last-modified: Sat, 23 Dec 2023 16:32:47 GMT
etag: "65870baf-26764f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2240
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ixIXc6I89Cz4uk%2BjPVdTUjtju58msgdT4BFDUW3lgdW%2FeR2PWPlmjKZ2Jkpdo1RwTb0deYqthtkTv3h94spBldrGvXH0GtwYpCPyitCKA9mgzA000lT1MxTG7FfsGSKWilAiUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed47b08b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET bannernetwork.net/do4a/rubelfarma.gif

172.67.140.28

200 OK

4.2 MB

URL GET HTTPS

bannernetwork.net/do4a/rubelfarma.gif

IP / ASN

172.67.140.28

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typeGIF image data, version 89a, 500 x 160

First Seen2023-08-05

Last Seen2025-06-19

Times Seen3

Size4.2 MB (4182540 bytes)

MD5feca38f426cc88e2fbbb888d0133c167

SHA1afcb9ada9ade6673f7c0f0eb5954b6dd687bc022

SHA256e4c9b4a4fb0a1ee0d1ff9e2d3cc20c40a2c1f62749ab0ad2cd16a3e61c06e58d

Certificate Info

IssuerGoogle Trust Services LLC

Subjectbannernetwork.net

Fingerprint6F:AB:65:D5:04:84:FD:D1:5D:99:B8:5B:2B:FC:07:C0:4E:FF:C2:54

ValiditySat, 18 May 2024 07:17:30 GMT - Fri, 16 Aug 2024 07:17:29 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /do4a/rubelfarma.gif HTTP/1.1
Host: bannernetwork.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/gif
content-length: 4182540
last-modified: Fri, 18 Dec 2020 11:17:07 GMT
etag: "5fdc8fb3-3fd20c"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3046
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=94g03eaJ1XaU60N8Vpm2LtM7BMhzVPaAFfBXGSO8C1WR9RvQHCoEWyovGfU9UNDk6CcwS%2BuSPRfQQ%2FAIdSUrd0PdTdB3fvQ3NwI2ZAbrY4N%2BuKRcD%2B6itz%2FJvJ9gRcYAtM5Hgw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed47b03b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET bannernetwork.net/do4a/rmassa.gif

172.67.140.28

200 OK

6.0 MB

URL GET HTTPS

bannernetwork.net/do4a/rmassa.gif

IP / ASN

172.67.140.28

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typeGIF image data, version 89a, 500 x 90

First Seen2023-08-05

Last Seen2024-08-19

Times Seen2

Size6.0 MB (6009808 bytes)

MD5890ae26e6fce6afe80e67cbb67e0dbc1

SHA18399a3b7399fd2d88ec4283764767c2423ba5de3

SHA256e9cd06489eb8c66fd0ed7c205d613d1a0352994bba15a51949b0d1cedcdbe6db

Certificate Info

IssuerGoogle Trust Services LLC

Subjectbannernetwork.net

Fingerprint6F:AB:65:D5:04:84:FD:D1:5D:99:B8:5B:2B:FC:07:C0:4E:FF:C2:54

ValiditySat, 18 May 2024 07:17:30 GMT - Fri, 16 Aug 2024 07:17:29 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /do4a/rmassa.gif HTTP/1.1
Host: bannernetwork.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/gif
content-length: 6009808
last-modified: Wed, 09 Dec 2020 15:31:32 GMT
etag: "5fd0edd4-5bb3d0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1911
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P5D18KwUl9RQn2s%2FsJ1M0M%2B8WeF6MvEFcqWva8ZI7EFY%2BBN1n%2Bdzgh%2BHnBe6WMCgB8%2B%2BcqXfT3wObPdOuv40rh4XQw2yKKWkj1qAUZVtDFVsNtw2XLccyaiVhmbAmS%2Fv1Jyyyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed47b11b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET bannernetwork.net/do4a/brutal.gif

172.67.140.28

200 OK

6.3 MB

URL GET HTTPS

bannernetwork.net/do4a/brutal.gif

IP / ASN

172.67.140.28

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typeGIF image data, version 89a, 350 x 100

First Seen2024-08-19

Last Seen2024-08-19

Times Seen2

Size6.3 MB (6266580 bytes)

MD5cc1d26d199c3958649d008162f45df21

SHA1647c9602d47099346c57c5ca1e4c742f8a6881af

SHA25613aaede5a128c09a368f24eb1c1166c3d50c09741a4ff2f7c0de21d983e155e2

Certificate Info

IssuerGoogle Trust Services LLC

Subjectbannernetwork.net

Fingerprint6F:AB:65:D5:04:84:FD:D1:5D:99:B8:5B:2B:FC:07:C0:4E:FF:C2:54

ValiditySat, 18 May 2024 07:17:30 GMT - Fri, 16 Aug 2024 07:17:29 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /do4a/brutal.gif HTTP/1.1
Host: bannernetwork.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/gif
content-length: 6266580
last-modified: Tue, 28 Nov 2023 06:59:26 GMT
etag: "65658fce-5f9ed4"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3046
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=idKSF539ZvhOc%2Fra52EmTAUEl77sN4%2B9yrM60KQSydQLIVMdo4g9XHXRUclN1LXZyYChalKl4J82IMlwuKBhmrLRmrFxt09Z1hhYa9gpUbVBusTYwZzz4nvqHUbAA2SWaop4qA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed47b07b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-98JGTJBXV1&l=dataLayer&cx=c

142.250.74.168

200 OK

90 kB

URL GET HTTPS

www.googletagmanager.com/gtag/js?id=G-98JGTJBXV1&l=dataLayer&cx=c

IP / ASN

142.250.74.168

#15169 GOOGLE

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typeJavaScript source, ASCII text, with very long lines (4242)

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size90 kB (89523 bytes)

MD59db0a03e92ed0e7d1a78786a96982bf4

SHA144dfd5b343eab1ba4e0c5786f32a02271beedab5

SHA256762923b50720e75100361cccecf90b9ebaed0ae780721ecc376818689f8f801c

Certificate Info

IssuerGoogle Trust Services LLC

Subject*.google-analytics.com

Fingerprint44:90:16:0A:70:BD:B4:DF:9D:30:32:B2:3E:31:F4:BD:D4:E3:F8:91

ValidityMon, 13 May 2024 06:34:48 GMT - Mon, 05 Aug 2024 06:34:47 GMT

HTTP Headers

GET /gtag/js?id=G-98JGTJBXV1&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Jun 2024 10:35:40 GMT
expires: Sat, 01 Jun 2024 10:35:40 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 89523
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=UA-120595707-1

142.250.74.168

200 OK

76 kB

URL GET HTTPS

www.googletagmanager.com/gtag/js?id=UA-120595707-1

IP / ASN

142.250.74.168

#15169 GOOGLE

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typeJavaScript source, ASCII text, with very long lines (4179)

First Seen2024-08-19

Last Seen2024-08-19

Times Seen2

Size76 kB (75721 bytes)

MD5425aa5fe66ca1888717a942f0cf7b445

SHA13a899e9a5d49649ffd741ec3c4d790918a86c150

SHA256630d2c015f7c1d1e13623ee00a9186fae46ce13b843a35cc95a1d4234bc6efa2

Certificate Info

IssuerGoogle Trust Services LLC

Subject*.google-analytics.com

Fingerprint44:90:16:0A:70:BD:B4:DF:9D:30:32:B2:3E:31:F4:BD:D4:E3:F8:91

ValidityMon, 13 May 2024 06:34:48 GMT - Mon, 05 Aug 2024 06:34:47 GMT

HTTP Headers

GET /gtag/js?id=UA-120595707-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Jun 2024 10:35:40 GMT
expires: Sat, 01 Jun 2024 10:35:40 GMT
cache-control: private, max-age=900
last-modified: Sat, 01 Jun 2024 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75721
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET bj.do4a.me/styles/default/do4a/background/button.png

172.67.215.209

200 OK

154 B

URL GET HTTPS

bj.do4a.me/styles/default/do4a/background/button.png

IP / ASN

172.67.215.209

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typePNG image data, 3 x 3, 8-bit/color RGBA, non-interlaced

First Seen2023-08-05

Last Seen2024-08-19

Times Seen2

Size154 B (154 bytes)

MD5dd587da6cdfaaf63139bb036709c611c

SHA14596a1e94ca83ff3f186decab2805d15c0b30f94

SHA2563847d4745ab20d5e517068c9221f70459299ecdb84a32c8bb72f141881ac03ff

Certificate Info

IssuerGoogle Trust Services LLC

Subjectdo4a.me

FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95

ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

HTTP Headers

GET /styles/default/do4a/background/button.png HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/css.php?css=MinimalismToTop,cmf_block,do4a,login_bar,nat_public_css,notices&style=6&dir=LTR&d=1717073373
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:41 GMT
content-type: image/png
content-length: 154
last-modified: Thu, 23 May 2013 16:02:47 GMT
etag: "519e3da7-9a"
expires: Sat, 08 Jun 2024 10:51:50 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UZ5ECIbCeLlAg==; expires=Sun, 01-Jun-25 10:51:50 GMT; domain=do4a.net; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vFRqIYI5IHw8QiIM4f8f6RjrxWCZL9n4BS7KREAE8TNH1KJoiIw%2FB4NgpWpgv1lxsGVrxqqofHhrRgVnLdWEuDT5Nnf6ipqBatoJLZyR%2F4AsYXIt6hXwr8%2BJtT%2B%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8eed3a7356bb-OSL
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/styles/default/xenforo/xenforo-ui-sprite.png

172.67.215.209

200 OK

3.9 kB

URL GET HTTPS

bj.do4a.me/styles/default/xenforo/xenforo-ui-sprite.png

IP / ASN

172.67.215.209

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typePNG image data, 200 x 57, 8-bit colormap, non-interlaced

First Seen2023-05-21

Last Seen2025-08-03

Times Seen73

Size3.9 kB (3894 bytes)

MD51532d029447a00554657cd413939c0a6

SHA17272ee5f4798e9939592e25f0b81083edf869760

SHA256148805ef840df5f06de10c18349522ea3f2ce394218c5515f54e9265828691e5

Certificate Info

IssuerGoogle Trust Services LLC

Subjectdo4a.me

FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95

ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

HTTP Headers

GET /styles/default/xenforo/xenforo-ui-sprite.png HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/css.php?css=xenforo,form,public&style=6&dir=LTR&d=1717073373
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:41 GMT
content-type: image/png
content-length: 3894
last-modified: Thu, 15 Mar 2018 07:45:14 GMT
etag: "5aaa248a-f36"
expires: Sat, 08 Jun 2024 10:51:50 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UZ4KiIcClpIAg==; expires=Sun, 01-Jun-25 10:51:50 GMT; domain=do4a.net; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BXKckJYfOs2sDKzAhB2tl5Nm2K%2FttJLG6yqEtPz3f%2FKqMOsaNBZJyg6bq6aUNvjUTs9wTKiyZk6bIK1SFTDehY7s%2BpES410byXEd3Q%2BI8kxwZOHwnu0yIRTs%2BjHE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8eed3a7556bb-OSL
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/styles/default/do4a/background/header-repeat.png

172.67.215.209

200 OK

1.4 kB

URL GET HTTPS

bj.do4a.me/styles/default/do4a/background/header-repeat.png

IP / ASN

172.67.215.209

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typePNG image data, 79 x 118, 8-bit/color RGBA, non-interlaced

First Seen2023-08-05

Last Seen2024-08-19

Times Seen2

Size1.4 kB (1390 bytes)

MD57b5b7598992122002a2030017cd822e5

SHA155c309ff25c2fd235f54d00f4de387ab7c4d94bc

SHA256d439b2ba91eba302241a286778b34deadb403db4e7eaaaf20c61c41b80f3225b

Certificate Info

IssuerGoogle Trust Services LLC

Subjectdo4a.me

FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95

ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

HTTP Headers

GET /styles/default/do4a/background/header-repeat.png HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/css.php?css=MinimalismToTop,cmf_block,do4a,login_bar,nat_public_css,notices&style=6&dir=LTR&d=1717073373
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:41 GMT
content-type: image/png
content-length: 1390
last-modified: Thu, 23 May 2013 16:02:47 GMT
etag: "519e3da7-56e"
expires: Sat, 08 Jun 2024 10:51:50 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UZ4KiIcClpMAg==; expires=Sun, 01-Jun-25 10:51:50 GMT; domain=do4a.net; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HG0HdcNTvkmKAxfpkeXfi%2BBV4z8WP2KrjDhXeGBlqfHZg%2Bs%2FLoC%2BhwqzUNqAM7SWesMydNjy6OIsA0n5pI1hnIhqx0k%2BHCFWGAx3udvTZraPc%2ForSGIMbw28ztKf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8eed3a8056bb-OSL
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/styles/default/xenforo/gradients/category-23px-light.png

172.67.215.209

200 OK

1.1 kB

URL GET HTTPS

bj.do4a.me/styles/default/xenforo/gradients/category-23px-light.png

IP / ASN

172.67.215.209

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typePNG image data, 62 x 23, 8-bit colormap, non-interlaced

First Seen2023-05-21

Last Seen2025-08-03

Times Seen59

Size1.1 kB (1072 bytes)

MD5916a045b94d1b04e1d725fd339426682

SHA18acc8b8ad406039fd7d6966495ba5ac1361a8174

SHA2564cc4cae0bb86846428c4d8471ec2cd1627e7df4ce1fc4e4bb11c94cf557f9c8e

Certificate Info

IssuerGoogle Trust Services LLC

Subjectdo4a.me

FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95

ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

HTTP Headers

GET /styles/default/xenforo/gradients/category-23px-light.png HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/css.php?css=xenforo,form,public&style=6&dir=LTR&d=1717073373
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:41 GMT
content-type: image/png
content-length: 1072
last-modified: Thu, 15 Mar 2018 07:45:14 GMT
etag: "5aaa248a-430"
expires: Sat, 08 Jun 2024 10:51:50 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UZ4wiIeCkKIAg==; expires=Sun, 01-Jun-25 10:51:50 GMT; domain=do4a.net; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KcrpzVFsfY6Lt9rY%2B%2B3MaYQUmXVFl87Xa3uwQY8grv7iQGjqGWdUgshtHzWFDtKnCGTeHPqEJxamsG5lDgIPgWquOjmKM8ylnnmZoHdW1y6dObZi2ScLfjByE9xE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8eed3a7c56bb-OSL
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/styles/default/do4a/background/navTabs.png

172.67.215.209

200 OK

4.9 kB

URL GET HTTPS

bj.do4a.me/styles/default/do4a/background/navTabs.png

IP / ASN

172.67.215.209

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typePNG image data, 162 x 22, 8-bit/color RGBA, non-interlaced

First Seen2023-08-05

Last Seen2024-08-19

Times Seen2

Size4.9 kB (4911 bytes)

MD550a7428491450287eb915340eff2cb5e

SHA1a04de2cc34b9063c5bef81fb594588f17703ed58

SHA256370aa4b40c9f6e0c362e4c68d21f29b52c140e18d00258ccce17dcf6b15a8ebb

Certificate Info

IssuerGoogle Trust Services LLC

Subjectdo4a.me

FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95

ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

HTTP Headers

GET /styles/default/do4a/background/navTabs.png HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/css.php?css=xenforo,form,public&style=6&dir=LTR&d=1717073373
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:41 GMT
content-type: image/png
content-length: 4911
last-modified: Thu, 23 May 2013 16:02:47 GMT
etag: "519e3da7-132f"
expires: Sat, 08 Jun 2024 10:51:50 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UZ4wiIeCkKKAg==; expires=Sun, 01-Jun-25 10:51:50 GMT; domain=do4a.net; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2jiE5U4BDpwc1vYjHXr2Ba7oBCT%2BQfmX%2FyTPt7HwIW6MJ0cb9bxZ96b%2FnmxCpU64WwiMsEOHAP%2BNnntuybw%2BirUnCMVD2Vj3Q2BcdNPT8JBL9dPlCZ6LDqO3AJG%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8eed3a8356bb-OSL
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/styles/default/do4a/background/navTab.png

172.67.215.209

200 OK

2.5 kB

URL GET HTTPS

bj.do4a.me/styles/default/do4a/background/navTab.png

IP / ASN

172.67.215.209

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typePNG image data, 146 x 26, 8-bit/color RGBA, non-interlaced

First Seen2023-08-05

Last Seen2024-08-19

Times Seen2

Size2.5 kB (2511 bytes)

MD567e498fc4e93b4533a80f41d49efcf81

SHA1f7baac8793d0c0d6fdea3200019760b1ac61c484

SHA25659840f0f69f826c3cf93f3ea73b400d38677a81367819f6459e76f0fdd3dad22

Certificate Info

IssuerGoogle Trust Services LLC

Subjectdo4a.me

FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95

ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

HTTP Headers

GET /styles/default/do4a/background/navTab.png HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/css.php?css=xenforo,form,public&style=6&dir=LTR&d=1717073373
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:41 GMT
content-type: image/png
content-length: 2511
last-modified: Thu, 23 May 2013 16:02:47 GMT
etag: "519e3da7-9cf"
expires: Sat, 08 Jun 2024 10:51:50 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UZ4wiIeCkKLAg==; expires=Sun, 01-Jun-25 10:51:50 GMT; domain=do4a.net; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tSGUCCcQYmj40erWbCmyLgkqf9jOOez8X3%2F37wkox1mj5G7kd6ErJatokP7fleOL0L9MuvdQ2v1IeE0EdXQvUIwIAG7laLx84CpVSvbh%2FgemhzlAJltpCmIo72Ct"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8eed3a8756bb-OSL
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/styles/default/do4a/background/footer_center.png

172.67.215.209

200 OK

57 kB

URL GET HTTPS

bj.do4a.me/styles/default/do4a/background/footer_center.png

IP / ASN

172.67.215.209

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typePNG image data, 1003 x 120, 8-bit/color RGBA, non-interlaced

First Seen2023-08-05

Last Seen2024-08-19

Times Seen2

Size57 kB (57049 bytes)

MD5febfa4f2b589fa647b2cca2b5614da65

SHA1e3d761c9d3f22b85bff1e92e2bd955d0652ac772

SHA2568c114810a6123b95b0169a70a8ec481a8880f68b093e322efb7a12e8607ebbf4

Certificate Info

IssuerGoogle Trust Services LLC

Subjectdo4a.me

FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95

ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

HTTP Headers

GET /styles/default/do4a/background/footer_center.png HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/css.php?css=MinimalismToTop,cmf_block,do4a,login_bar,nat_public_css,notices&style=6&dir=LTR&d=1717073373
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:41 GMT
content-type: image/png
content-length: 57049
last-modified: Sun, 03 Aug 2014 06:59:36 GMT
etag: "53ddddd8-ded9"
expires: Sat, 08 Jun 2024 10:51:50 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UZ4KiIcClpLAg==; expires=Sun, 01-Jun-25 10:51:50 GMT; domain=do4a.net; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TJWl2f0JbDeK81a7doZVFlc%2BpASQikVlzgQQZzMB%2B4mPdiz%2BCosR%2BQSTXpi7jM5xsriUXTecI8UdcXC7iEJp17hOYWYrJA57nC8BRUDdU52K1%2Flyfc%2F12duflRma"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8eed3a9f56bb-OSL
alt-svc: h3=":443"; ma=86400

GET fonts.googleapis.com/css?family=PT+Serif:400,700,400italic,700italic&subset=latin,cyrillic-ext,latin-ext,cyrillic

142.250.74.106

200 OK

816 B

URL GET HTTPS

fonts.googleapis.com/css?family=PT+Serif:400,700,400italic,700italic&subset=latin,cyrillic-ext,latin-ext,cyrillic

IP / ASN

142.250.74.106

#15169 GOOGLE

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typegzip compressed data, max compression

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size816 B (816 bytes)

MD5646d9ea297ed21476e39554df0c3cfbc

SHA13811d903556aa8c4ebbd7f3a810840d483ae8fd4

SHA256cec73e4f3616bd37aba97437c4a471000f62c2cdfbfca8202a3ab11e79609690

Certificate Info

IssuerGoogle Trust Services LLC

Subjectupload.video.google.com

Fingerprint8E:9C:6E:70:61:4E:A0:D8:4A:BD:CA:F0:BF:75:60:FE:A2:36:FB:7A

ValidityMon, 13 May 2024 07:31:30 GMT - Mon, 05 Aug 2024 07:31:29 GMT

HTTP Headers

GET /css?family=PT+Serif:400,700,400italic,700italic&subset=latin,cyrillic-ext,latin-ext,cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 01 Jun 2024 10:35:40 GMT
date: Sat, 01 Jun 2024 10:35:40 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET bj.do4a.me/styles/default/do4a/background/header-middle.png

172.67.215.209

200 OK

59 kB

URL GET HTTPS

bj.do4a.me/styles/default/do4a/background/header-middle.png

IP / ASN

172.67.215.209

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typePNG image data, 1170 x 118, 8-bit/color RGBA, non-interlaced

First Seen2023-08-05

Last Seen2024-08-19

Times Seen2

Size59 kB (58661 bytes)

MD5c18131dcd4cb92c50b92ea07e27ad01a

SHA18e50495a0662a3306cbe1d3a1d37719a347b6353

SHA256e3d83a3a346c0e0daeab4e8c6a35fe7bb8ed1fc0bd831d39a019c07894e3af8c

Certificate Info

IssuerGoogle Trust Services LLC

Subjectdo4a.me

FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95

ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

HTTP Headers

GET /styles/default/do4a/background/header-middle.png HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/css.php?css=MinimalismToTop,cmf_block,do4a,login_bar,nat_public_css,notices&style=6&dir=LTR&d=1717073373
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:41 GMT
content-type: image/png
content-length: 58661
last-modified: Thu, 23 May 2013 16:02:47 GMT
etag: "519e3da7-e525"
expires: Sat, 08 Jun 2024 10:51:50 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UZ4wiIeCkKJAg==; expires=Sun, 01-Jun-25 10:51:50 GMT; domain=do4a.net; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=87HXONOlobzOUaDuea5oUrYnLabkli2poTn767LC5WOT1RHYbE2G6pAl6KqpvY9u54kD2mE%2FPheUPSLTfYg6FG0i2AZOaCW36lweG1vzBSWq6BIiUN1tJ18UQkCf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8eed3a7d56bb-OSL
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/styles/default/do4a/logo_square.jpg

172.67.215.209

200 OK

9.6 kB

URL GET HTTPS

bj.do4a.me/styles/default/do4a/logo_square.jpg

IP / ASN

172.67.215.209

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3

First Seen2023-08-05

Last Seen2024-08-19

Times Seen2

Size9.6 kB (9555 bytes)

MD59721a322a7463720094ff58bc091078c

SHA1630568ab44ba5d2e9d8264e6706619dfbab65300

SHA25658799413398361b5ac3e6ee7ab8361a762f764d5f204b4422865bf130ff19246

Certificate Info

IssuerGoogle Trust Services LLC

Subjectdo4a.me

FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95

ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

HTTP Headers

GET /styles/default/do4a/logo_square.jpg HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Cookie: _ga_98JGTJBXV1=GS1.1.1717238141.1.0.1717238141.0.0.0; _ga=GA1.1.1109428271.1717238141
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:41 GMT
content-type: image/jpeg
content-length: 9555
last-modified: Tue, 11 Nov 2014 21:54:18 GMT
etag: "5462858a-2553"
expires: Sat, 08 Jun 2024 10:51:50 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UZ4KiIcClpQAg==; expires=Sun, 01-Jun-25 10:51:50 GMT; domain=do4a.net; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1%2FwuvD4lsV74bbj8HDLZ6NUMRGfDdwOsFdbuI9WzT8ugv4CUsB9t72cWz5RxNegfzFkCDPx2L7yC5LBQSCXm5Ybrjrrt%2F8o8lj4iRfcCWmgBgJ5E7LLWYOmQqV2T"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8eef0df356bb-OSL
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/js/jquery/jquery-1.11.0.min.js

172.67.215.209

200 OK

96 kB

URL GET HTTPS

bj.do4a.me/js/jquery/jquery-1.11.0.min.js

IP / ASN

172.67.215.209

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typeJavaScript source, ASCII text, with very long lines (32341)

First Seen2023-03-07

Last Seen2025-08-07

Times Seen13144

Size96 kB (96381 bytes)

MD58fc25e27d42774aeae6edbc0a18b72aa

SHA1b66ed708717bf0b4a005a4d0113af8843ef3b8ff

SHA256b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

Certificate Info

IssuerGoogle Trust Services LLC

Subjectdo4a.me

FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95

ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

HTTP Headers

GET /js/jquery/jquery-1.11.0.min.js HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 15 Mar 2018 07:45:14 GMT
etag: W/"5aaa248a-1787d"
expires: Sat, 01 Jun 2024 11:51:46 GMT
cache-control: max-age=3600
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UJ5ECIbCeLUAg==; expires=Sun, 01-Jun-25 10:51:46 GMT; domain=do4a.net; path=/
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QXWlF%2BB0sxvSAAE9dl8LBMPRFjRZIYrhUR2UwgoH%2Fqwi%2FJG3Bxx0GZo%2FZYm%2BMpZLdlKRaS89PEhy9e8Km2Gh34l7033bWhzKr8DhwbKpaKJ8M2aOUK2vR6Q66Vb2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed3eebb56bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/favicon.ico

172.67.215.209

200 OK

1.2 kB

URL GET HTTPS

bj.do4a.me/favicon.ico

IP / ASN

172.67.215.209

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel

First Seen2023-08-05

Last Seen2024-08-19

Times Seen2

Size1.2 kB (1150 bytes)

MD575c2e2541dedb852451d1863468a063d

SHA1ea1d3434bdcb7aacb522436941e4e4cb77c38434

SHA2562c21749fafcf76df68e02bef45c19055c1aac9d51de778e931c1df4d3f1ab898

Certificate Info

IssuerGoogle Trust Services LLC

Subjectdo4a.me

FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95

ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Cookie: _ga_98JGTJBXV1=GS1.1.1717238141.1.0.1717238141.0.0.0; _ga=GA1.1.1109428271.1717238141
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:41 GMT
content-type: image/x-icon
last-modified: Thu, 23 May 2013 16:02:47 GMT
etag: W/"519e3da7-47e"
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UZ35SIdClnfAg==; expires=Sun, 01-Jun-25 10:51:50 GMT; domain=do4a.net; path=/
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gy2SstgTMtU2sOACGWZQsK6UQ5iq8LSBp%2F%2FcZ%2FidDHrbIXqJ55EXq4gB948iQlJjoQlRv5OZZSkAAI0OFCZdrk7u1Fy9hVcnJ1SS4tZR1p5ML5GrVDoT2drUBo0H"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8eef0df656bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/styles/default/do4a/background/footer_repeat.png

172.67.215.209

200 OK

210 B

URL GET HTTPS

bj.do4a.me/styles/default/do4a/background/footer_repeat.png

IP / ASN

172.67.215.209

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typePNG image data, 1 x 120, 8-bit/color RGBA, non-interlaced

First Seen2023-08-05

Last Seen2024-08-19

Times Seen2

Size210 B (210 bytes)

MD5cbd94bd64e7b3deb321fb99a637daebc

SHA191e0ae7d590871a08646632e57a193a001ce27d0

SHA2567ad84f0388ef8b6f53e56faedb564aaa37b9e3e7e431afd7b808beb26f82f87d

Certificate Info

IssuerGoogle Trust Services LLC

Subjectdo4a.me

FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95

ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

HTTP Headers

GET /styles/default/do4a/background/footer_repeat.png HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/css.php?css=MinimalismToTop,cmf_block,do4a,login_bar,nat_public_css,notices&style=6&dir=LTR&d=1717073373
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:41 GMT
content-type: image/png
content-length: 210
last-modified: Sun, 03 Aug 2014 06:59:40 GMT
etag: "53dddddc-d2"
expires: Sat, 08 Jun 2024 10:51:50 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UZ4wiIeCkKMAg==; expires=Sun, 01-Jun-25 10:51:50 GMT; domain=do4a.net; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rikViPrQw6%2BYEegyuhbtoQgetx8IZJrgpnm%2BWGTGqkp3otTyIGCTwmxlS8NI%2FpTENX%2FgN8UTIsqyOK9rcoCYA7rivp2f1XnxLt2E2mUff%2FBunHlikShhzrFQLuyI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8eed3aa556bb-OSL
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

172.67.215.209

200 OK

25 kB

URL User Request GET HTTPS

bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

IP / ASN

172.67.215.209

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-07

Times Seen5707010

Size25 kB (24920 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services LLC

Subjectdo4a.me

FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95

ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

HTTP Headers

GET /proxy.php?link=https://vimeo.com/704979506 HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 01 Jun 2024 10:35:36 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/5.6.21
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
x-xss-protection: 1
vary: Accept-Encoding
x-proxy-error: disabled
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
set-cookie: dcs=XhfWsWZa/UF5ECIbCeLMAg==; expires=Sun, 01-Jun-25 10:51:45 GMT; domain=do4a.net; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1T5uKn3RSMdS5LQS4Ppe426vc9OJ0x%2FdKOOBVTpsC%2BzuUdhXmzB8AGUcgDsJ4Ihw6p7K6SXrGGgfJ5DWzcztq14LLJSlsEbRSCH8ADGEMUQWRwREiLTLxREqv%2F%2B3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88ce8ed19c92712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET bj.do4a.me/js/xenforo/xenforo.js?_v=2c76e9c8

172.67.215.209

200 OK

169 kB

URL GET HTTPS

bj.do4a.me/js/xenforo/xenforo.js?_v=2c76e9c8

IP / ASN

172.67.215.209

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-07

Times Seen5707010

Size169 kB (169382 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services LLC

Subjectdo4a.me

FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95

ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

HTTP Headers

GET /js/xenforo/xenforo.js?_v=2c76e9c8 HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 15 Mar 2018 07:45:14 GMT
etag: W/"5aaa248a-295a6"
expires: Sat, 01 Jun 2024 11:51:46 GMT
cache-control: max-age=3600
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UJ4wiIeCkJwAg==; expires=Sun, 01-Jun-25 10:51:46 GMT; domain=do4a.net; path=/
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l%2BUm2drKajVaRR38ZDIF9EdTGa%2FLOz6P74aWySvXk%2Fhbw%2FvBtVppFkvyqfL4boCk7ELXo4DDO7Uxj4EjEa9J%2Bou8ZJH3HBqJrrrVEqzAj%2Fcdg%2BepgEgjXcsY1WdR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed3eebf56bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/js/Minimalism/jquery.ui.totop.js?_v=2c76e9c8

172.67.215.209

200 OK

1.7 kB

URL GET HTTPS

bj.do4a.me/js/Minimalism/jquery.ui.totop.js?_v=2c76e9c8

IP / ASN

172.67.215.209

#13335 CLOUDFLARENET

Requested byhttps://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Resource Info

File typeJavaScript source, ASCII text, with very long lines (1941), with no line terminators

First Seen2023-04-30

Last Seen2025-03-19

Times Seen4

Size1.7 kB (1738 bytes)

MD5885dcd087cb8d41f36f36e8972b9c88d

SHA1d6d7c8f33ced07f93a75607d46582b26cfd14f86

SHA2562b7bc357ed9d7a721171c641739c3b03fa253550f1375facf80aa256f4a3e0a2

Certificate Info

IssuerGoogle Trust Services LLC

Subjectdo4a.me

FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95

ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

HTTP Headers

GET /js/Minimalism/jquery.ui.totop.js?_v=2c76e9c8 HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 04 Mar 2010 18:04:34 GMT
etag: W/"4b8ff632-6ca"
expires: Sat, 01 Jun 2024 11:51:46 GMT
cache-control: max-age=3600
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UJ4KiIcClo9Ag==; expires=Sun, 01-Jun-25 10:51:46 GMT; domain=do4a.net; path=/
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YItfJZzXifKdZ9jJS3H2wJbFpwaZYnCfPSeVd6mFRDlS%2FDwoSsKvO5eEMchk8Kn3B1ci6Wy50zennRMz4xOg2gKGl0zvjrnj8BsbrUNqKux%2FCKyQYFPsC6C3Ks82"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed3eec756bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400