Report - bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

Report Overview

Visited public
2024-06-01 10:36:04
Tags
Submit Tags
URL
bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Finishing URL
bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
IP / ASN
104.21.53.172
#13335 CLOUDFLARENET
Title
Перенаправление на сторонний сайт | Do4a.com - Второе дыхание

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-05-31 18:52:22	496 B	1.4 kB	142.250.74.106
bj.do4a.me	unknown	unknown	No data	No data	10 kB	512 kB	172.67.215.209
bannernetwork.net	unknown	2018-05-30	2018-12-10 23:11:06	2024-03-20 20:56:49	4.5 kB	24 MB	172.67.140.28
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2024-06-01 02:12:45	1.3 kB	243 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-06-01	medium	bannernetwork.net	Sinkholed
2024-06-01	medium	bannernetwork.net	Sinkholed
2024-06-01	medium	bannernetwork.net	Sinkholed
2024-06-01	medium	bannernetwork.net	Sinkholed
2024-06-01	medium	bannernetwork.net	Sinkholed
2024-06-01	medium	bannernetwork.net	Sinkholed
2024-06-01	medium	bannernetwork.net	Sinkholed
2024-06-01	medium	bannernetwork.net	Sinkholed
2024-06-01	medium	bannernetwork.net	Sinkholed
2024-06-01	medium	bannernetwork.net	Sinkholed
2024-06-01	medium	bannernetwork.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (13)

	URL	From	Size	First Seen	Last Seen
	bj.do4a.me/js/Minimalism/jquery.ui.totop.js?_v=2c76e9c8	ScriptElement	1.7 kB	2023-03-07	2025-06-25
Pretty URL bj.do4a.me/js/Minimalism/jquery.ui.totop.js?_v=2c76e9c8 IP 172.67.215.209 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05 Last Seen2025-06-25 04:07 Times Seen43 Hash 1daf8822c62b730a6dc80f027ff8faf0 bed5fcc3a223f70448d6a256c4c482e4339269ec 972120582a22b0e9e83bca1713ebebdf2356dda9d7c9c81c156f72f934261ec9 Loading...

	bj.do4a.me/proxy.php?link=https://vimeo.com/704979506	ScriptElement	819 B	2023-04-30	2024-08-19
Pretty URL bj.do4a.me/proxy.php?link=https://vimeo.com/704979506 IP 172.67.215.209 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-30 07:17 Last Seen2024-08-19 21:06 Times Seen2 Hash a64547d7ef9bb71e63145ac176f8a1b6 d343203acfb97e5e98689d296a733b2c99720109 12c52b0e65f0e9d100476bfe2cee5366abf9b70aed683872e753591ebe96b342 Loading...

	www.googletagmanager.com/gtag/js?id=UA-120595707-1	ScriptElement	210 kB	2024-08-19	2024-08-19
Pretty URL www.googletagmanager.com/gtag/js?id=UA-120595707-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 21:06 Last Seen2024-08-19 21:06 Times Seen2 Hash b9d80755d3cbdbba9542e0799f1516b5 1a71de406c3e0b70ab3b55bf56ecfc2a676c3dfa 77efb309784c47d100c047acf5c609cef886a5d8d7256b5288ed246b54764cbd Loading...

	bj.do4a.me/sandbox%20eval%20code		147 B	2023-04-11	2025-07-17
Pretty URL bj.do4a.me/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-07-17 08:55 Times Seen410056 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	bj.do4a.me/proxy.php?link=https://vimeo.com/704979506	ScriptElement	155 B	2023-04-30	2024-08-19
Pretty URL bj.do4a.me/proxy.php?link=https://vimeo.com/704979506 IP 172.67.215.209 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-30 07:17 Last Seen2024-08-19 21:06 Times Seen2 Hash a64225c081821318103c34f82ceb92b6 67a5010936e36b2d7e8fed6cbe6c7224628bc1d4 886b643b905a010211817dd8b46044e4947ce037e37cc0d692132fc78ba4dfe6 Loading...

	bj.do4a.me/js/jquery/jquery-1.11.0.min.js	ScriptElement	96 kB	2023-03-07	2025-07-17
Pretty URL bj.do4a.me/js/jquery/jquery-1.11.0.min.js IP 172.67.215.209 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-17 06:09 Times Seen11820 Hash 8fc25e27d42774aeae6edbc0a18b72aa b66ed708717bf0b4a005a4d0113af8843ef3b8ff b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682 Loading...

	www.googletagmanager.com/gtag/js?id=G-98JGTJBXV1&l=dataLayer&cx=c	ScriptElement	253 kB	2024-08-19	2024-08-19
Pretty URL www.googletagmanager.com/gtag/js?id=G-98JGTJBXV1&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 21:06 Last Seen2024-08-19 21:06 Times Seen1 Hash 9db0a03e92ed0e7d1a78786a96982bf4 44dfd5b343eab1ba4e0c5786f32a02271beedab5 762923b50720e75100361cccecf90b9ebaed0ae780721ecc376818689f8f801c Loading...

	www.googletagmanager.com/gtag/js?id=UA-120595707-1	ScriptElement	210 kB	2024-08-19	2024-08-19
Pretty URL www.googletagmanager.com/gtag/js?id=UA-120595707-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 21:06 Last Seen2024-08-19 21:06 Times Seen2 Hash 425aa5fe66ca1888717a942f0cf7b445 3a899e9a5d49649ffd741ec3c4d790918a86c150 630d2c015f7c1d1e13623ee00a9186fae46ce13b843a35cc95a1d4234bc6efa2 Loading...

	bj.do4a.me/proxy.php?link=https://vimeo.com/704979506	ScriptElement	130 B	2024-08-19	2024-08-19
Pretty URL bj.do4a.me/proxy.php?link=https://vimeo.com/704979506 IP 172.67.215.209 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 21:06 Last Seen2024-08-19 21:06 Times Seen2 Hash f6a6ddb5bdce6aaf369ffa2b3032c76a bddec1784bf35a2399c6552d8becda6cda572e27 cbb3c9e95e3335c5fef2a79f37ed5bbf89da3685bbcbea8ce7b798db4e8d74aa Loading...

	bj.do4a.me/proxy.php?link=https://vimeo.com/704979506	ScriptElement	157 B	2023-04-30	2024-08-19
Pretty URL bj.do4a.me/proxy.php?link=https://vimeo.com/704979506 IP 172.67.215.209 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-30 07:17 Last Seen2024-08-19 21:06 Times Seen2 Hash f860e42dc67cab3604fd911ec598cdc7 a21d0c75dbca8fe83290d42644f8610626a9e84c 44a450d6b6dca9148681e2b8f46ae2031363c8ddf7a11ab9d3cac5b9d8e11c68 Loading...

	bj.do4a.me/js/xenforo/xenforo.js?_v=2c76e9c8	ScriptElement	169 kB	2023-04-30	2025-06-24
Pretty URL bj.do4a.me/js/xenforo/xenforo.js?_v=2c76e9c8 IP 172.67.215.209 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-30 07:17 Last Seen2025-06-24 20:05 Times Seen8 Hash 7659c2ab3bd2001e23118eb49d15aa34 b579daf754abb940b25692bda1007573fb949cca 0baa35b068dd1c4a80020f01ccd76eab83058bd6bb98877a59035771ad07d8fa Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-07-17
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-07-17 08:55 Times Seen409661 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	bj.do4a.me/proxy.php?link=https://vimeo.com/704979506	ScriptElement	2.2 kB	2024-08-19	2024-08-19
Pretty URL bj.do4a.me/proxy.php?link=https://vimeo.com/704979506 IP 172.67.215.209 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 21:06 Last Seen2024-08-19 21:06 Times Seen1 Hash 099ceaab045813667d985a8ed38fb301 60f83497bb315fafb10f790d337f73c01f753070 e4d0c909231082008df8b05f0265a3fbc64f7a95d051e971a6e87b1bbf3af322 Loading...

HTTP Transactions (34)

URL IP Response Size

GET bj.do4a.me/css.php?css=xenforo,form,public&style=6&dir=LTR&d=1717073373

172.67.215.209

200 OK

21 kB

URL GET HTTP/3
bj.do4a.me/css.php?css=xenforo,form,public&style=6&dir=LTR&d=1717073373
IP
172.67.215.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectdo4a.me
FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95
ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

File type
ASCII text, with very long lines (1784)
Size
21 kB (21082 bytes)
Hash
4c60beeb4b54ec2052c9eee6d4bf8d8f
3f1832d31e6f05bccb9a238024bd1a8f2767a72c
0e77b1f043220a9ebc856569a1b5b5249369999d17762d3a545d6fe1fcb311d5

HTTP Headers

GET /css.php?css=xenforo,form,public&style=6&dir=LTR&d=1717073373 HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: text/css; charset=utf-8
content-length: 21082
x-powered-by: PHP/5.6.21
expires: Wed, 01 Jan 2020 00:00:00 GMT
last-modified: Thu, 30 May 2024 12:49:33 GMT
cache-control: public
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
set-cookie: dcs=XhfWsWZa/UJ4wiIeCkJuAg==; expires=Sun, 01-Jun-25 10:51:46 GMT; domain=do4a.net; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZpY90V2rd8Hiq36Y6L7EQAAu9jufoxZCeF5Tw6vx8FQCjs53DOC5TrMxZiesWUnb5DLLwggo0ymBdetqwRcvwvdc2Iqy%2FZNguwLGPLYhsDbsBdv8GSrhsozDr%2Fmi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88ce8ed3eeab56bb-OSL
alt-svc: h3=":443"; ma=86400

GET bannernetwork.net/do4a/homosteron.gif

172.67.140.28

200 OK

74 kB

URL GET HTTP/2
bannernetwork.net/do4a/homosteron.gif
IP
172.67.140.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectbannernetwork.net
Fingerprint6F:AB:65:D5:04:84:FD:D1:5D:99:B8:5B:2B:FC:07:C0:4E:FF:C2:54
ValiditySat, 18 May 2024 07:17:30 GMT - Fri, 16 Aug 2024 07:17:29 GMT

File type
GIF image data, version 89a, 500 x 90
Size
74 kB (73937 bytes)
Hash
8eba3d0ef05d4696fa35e6b333364675
8808e2e5b2b2742fdaeba7218834da7bffefedf3
408cd81fde12aeaa1eb73fdc912cee9206690316b7c4385601bf49cb9da6497d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /do4a/homosteron.gif HTTP/1.1
Host: bannernetwork.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/gif
content-length: 73937
last-modified: Tue, 19 Mar 2024 19:22:23 GMT
etag: "65f9e5ef-120d1"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2768
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oXWuCRmqomZTgOTuupojjsE1%2Fu0VtCqSPPAlfV0Wt0I1RtJjEy5ftehwC2oGmy%2FaCUu%2FrC%2FzJuAvbEw1XeZc0U4EEBmbQeAKmj%2FOrwlooEC6f6sTnZJfn2cevjpq4si9vVHHtw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed47b1eb51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET bannernetwork.net/do4a/d4hilmaapril.gif

172.67.140.28

200 OK

28 kB

URL GET HTTP/2
bannernetwork.net/do4a/d4hilmaapril.gif
IP
172.67.140.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectbannernetwork.net
Fingerprint6F:AB:65:D5:04:84:FD:D1:5D:99:B8:5B:2B:FC:07:C0:4E:FF:C2:54
ValiditySat, 18 May 2024 07:17:30 GMT - Fri, 16 Aug 2024 07:17:29 GMT

File type
GIF image data, version 89a, 500 x 90
Size
28 kB (27625 bytes)
Hash
a7eea1c27985e24d1b9527ff9dffa326
1d5ac9cff76ff7f60dd806c29e9ef06f2a9f11f2
8a3c9624c52d7f8a1df13a289449f33e7c134f5703ef01868409c9d69c7c6373

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /do4a/d4hilmaapril.gif HTTP/1.1
Host: bannernetwork.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/gif
content-length: 27625
last-modified: Tue, 16 Apr 2024 11:34:12 GMT
etag: "661e6234-6be9"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3046
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pcU46CwmnjxgjpUt2vL9UPUjisY34oXruUv84A37tBaouqOhwx5JxdbnyjQ0GrftkbC%2BJN5rE0E16o8z30JFsZ5wd%2F2gfcydgoZWfb0370wNEDU%2BX06iMOMryM%2FYZSaYZfVnpg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed47b13b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET bannernetwork.net/do4a/realbig.gif

172.67.140.28

200 OK

259 kB

URL GET HTTP/2
bannernetwork.net/do4a/realbig.gif
IP
172.67.140.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectbannernetwork.net
Fingerprint6F:AB:65:D5:04:84:FD:D1:5D:99:B8:5B:2B:FC:07:C0:4E:FF:C2:54
ValiditySat, 18 May 2024 07:17:30 GMT - Fri, 16 Aug 2024 07:17:29 GMT

File type
GIF image data, version 89a, 600 x 160
Size
259 kB (258679 bytes)
Hash
2fa481a8c7340b1cae0c0b41ab749317
238ecd2e7e0414f0803d3ce522c50efa0bf149af
8f738aca08124efed4c6230de1f30fa12620dca691d882e60632cb9814d7b106

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /do4a/realbig.gif HTTP/1.1
Host: bannernetwork.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/gif
content-length: 258679
last-modified: Thu, 11 Nov 2021 08:16:08 GMT
etag: "618cd148-3f277"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3046
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=015NlS0TRVavPoaNz6y6%2FAbaDGPXstm0MOxmum%2Fvljs3PJ2JQGfsh%2Fwf%2Bd317jWgh5xfvAOpksrNDSlzPEaCdlD2xF%2F41AYoHRHqWNbv97wgc90azmFv%2BdFl1rZjfLTn%2BR5NaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed47b00b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET bannernetwork.net/do4a/farmdo4a.gif

172.67.140.28

200 OK

579 kB

URL GET HTTP/2
bannernetwork.net/do4a/farmdo4a.gif
IP
172.67.140.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectbannernetwork.net
Fingerprint6F:AB:65:D5:04:84:FD:D1:5D:99:B8:5B:2B:FC:07:C0:4E:FF:C2:54
ValiditySat, 18 May 2024 07:17:30 GMT - Fri, 16 Aug 2024 07:17:29 GMT

File type
GIF image data, version 89a, 500 x 90
Size
579 kB (578886 bytes)
Hash
c75707d346978c1fbd0e2ec279327940
19bc6285f9ea91575b71620d471cfd3292163f4a
bafed46a8ab75e7a050a95faafdaa0476f2afc8f5490492981e8101039e3560b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /do4a/farmdo4a.gif HTTP/1.1
Host: bannernetwork.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/gif
content-length: 578886
last-modified: Sat, 07 Oct 2023 08:39:35 GMT
etag: "65211947-8d546"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3046
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uS1V8J0mw3TeMt9d3SlDBWrKpqpaHkONc7LqRrhuTuoId8AsTTToWsUcswiFeFIxzeh1PvHllQ0B98%2FCSJRxVXKY%2BuB5lD%2Fq%2BU7tuXfub%2B%2BNTHHTzYFJurujiDF4wq%2FpltvRWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed47b1cb51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=UA-120595707-1

142.250.74.168

200 OK

76 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-120595707-1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint44:90:16:0A:70:BD:B4:DF:9D:30:32:B2:3E:31:F4:BD:D4:E3:F8:91
ValidityMon, 13 May 2024 06:34:48 GMT - Mon, 05 Aug 2024 06:34:47 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
76 kB (75719 bytes)
Hash
b9d80755d3cbdbba9542e0799f1516b5
1a71de406c3e0b70ab3b55bf56ecfc2a676c3dfa
77efb309784c47d100c047acf5c609cef886a5d8d7256b5288ed246b54764cbd

HTTP Headers

GET /gtag/js?id=UA-120595707-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Jun 2024 10:35:37 GMT
expires: Sat, 01 Jun 2024 10:35:37 GMT
cache-control: private, max-age=900
last-modified: Sat, 01 Jun 2024 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75719
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET bj.do4a.me/css.php?css=MinimalismToTop,cmf_block,do4a,login_bar,nat_public_css,notices&style=6&dir=LTR&d=1717073373

172.67.215.209

200 OK

5.6 kB

URL GET HTTP/3
bj.do4a.me/css.php?css=MinimalismToTop,cmf_block,do4a,login_bar,nat_public_css,notices&style=6&dir=LTR&d=1717073373
IP
172.67.215.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectdo4a.me
FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95
ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

File type
ASCII text, with very long lines (689)
Size
5.6 kB (5578 bytes)
Hash
8f3f9ecd999e05c31efb7ce391dee9fb
2079d4ab4d2ae56ea547d83fafccdf1b34f97616
33704cc7724745b129f590220e1dbcf050cd7f7724566cf20d98b9e72cff7dc6

HTTP Headers

GET /css.php?css=MinimalismToTop,cmf_block,do4a,login_bar,nat_public_css,notices&style=6&dir=LTR&d=1717073373 HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: text/css; charset=utf-8
content-length: 5578
x-powered-by: PHP/5.6.21
expires: Wed, 01 Jan 2020 00:00:00 GMT
last-modified: Thu, 30 May 2024 12:49:33 GMT
cache-control: public
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
set-cookie: dcs=XhfWsWZa/UJ4wiIeCkJvAg==; expires=Sun, 01-Jun-25 10:51:46 GMT; domain=do4a.net; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TLeVXkL%2Bcr8Ly3XO62pyDOpGuRJ1YvNETJ3Qnu7dVM3EUK3S2onv5vZRlQCU2pdpQm95WDKSULJTs0wIg56c5RqRZM6ET5ItbbFm9zbGSSrpAWx88Eep94P%2FL%2B9c"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88ce8ed3eeaf56bb-OSL
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/styles/default/do4a/logo.png

172.67.215.209

200 OK

23 kB

URL GET HTTP/3
bj.do4a.me/styles/default/do4a/logo.png
IP
172.67.215.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectdo4a.me
FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95
ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

File type
PNG image data, 271 x 70, 8-bit/color RGBA, non-interlaced
Size
23 kB (23160 bytes)
Hash
2f32895fc73551836c8a5f3681d32965
0bc93c506e2b9a16b9d4105d4ab9cc43d968090c
9e6b26193f6a7a8c1eec51c52d555e88a21cab04e6d4cdc4e8f383090254ab42

HTTP Headers

GET /styles/default/do4a/logo.png HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/png
content-length: 23160
last-modified: Thu, 23 May 2013 16:02:47 GMT
etag: "519e3da7-5a78"
expires: Sat, 08 Jun 2024 10:51:46 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UJ4KiIcClo8Ag==; expires=Sun, 01-Jun-25 10:51:46 GMT; domain=do4a.net; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pac3S0YRzXHbRTt%2Bz552u%2BG5Ae19V0pxuth%2FjCXL1%2BxXCTwd1ie16cAw%2Fc%2BKlUv611fFxIMSrVFh0cm8Q4RZhI2KLpZI%2BFwEHzNhxUn%2BJG8vGUdqsYZTxzaXdf2D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed3feda56bb-OSL
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/yzen.jpg

172.67.215.209

200 OK

12 kB

URL GET HTTP/3
bj.do4a.me/yzen.jpg
IP
172.67.215.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectdo4a.me
FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95
ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=156, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=156], progressive, precision 8, 14x14, components 3
Size
12 kB (11769 bytes)
Hash
d256e3d4cffbe55efb7912e8ce9aeee8
c296c0e9597c6eb01a23b59923ac1367c3a9146f
9dd1493091907b5182922be0bf59eb7ea105fd8c9638dccdc77ac2268474f323

HTTP Headers

GET /yzen.jpg HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/jpeg
content-length: 11769
last-modified: Fri, 21 Dec 2018 09:20:17 GMT
etag: "5c1cb051-2df9"
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UJ4wiIeCkJxAg==; expires=Sun, 01-Jun-25 10:51:46 GMT; domain=do4a.net; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KGn8lW8Qqog9fgRs7o7Jfs7OzA0Inkl5UGM%2BATEZoi74ULgtz57Kk5xZXj3RQ3OsFLEAjbg6lUjtmBqN9jlUYTbhEJTkHCB1wItFlQIst3iMSW62NXwIF8xkiaTI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed3fedc56bb-OSL
alt-svc: h3=":443"; ma=86400

GET bannernetwork.net/do4a/phlcripta.gif

172.67.140.28

200 OK

1.1 MB

URL GET HTTP/2
bannernetwork.net/do4a/phlcripta.gif
IP
172.67.140.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectbannernetwork.net
Fingerprint6F:AB:65:D5:04:84:FD:D1:5D:99:B8:5B:2B:FC:07:C0:4E:FF:C2:54
ValiditySat, 18 May 2024 07:17:30 GMT - Fri, 16 Aug 2024 07:17:29 GMT

File type
GIF image data, version 89a, 960 x 300
Size
1.1 MB (1142309 bytes)
Hash
91308b0f8c52136974be1e88a71ba11c
19f7965a5429cf8f4ed750e47524003037fd99e5
63e75786484c45041fbacb40ba6c4936eee5d13f592866b0d12d849bf25d4864

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /do4a/phlcripta.gif HTTP/1.1
Host: bannernetwork.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/gif
content-length: 1142309
last-modified: Sun, 26 May 2024 05:28:17 GMT
etag: "6652c871-116e25"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2670
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XFGDftqi3QpiBQX9K7fNR15emLlQoVvNB9mvONd4GWaaSjF0rnZOKMY3R1WOna5WojVcM0vX2FtdFy1N6xRQUIJ5s7vr2cr0Fox0inFPa%2F8ZSv6wesvNTPffWHxIf09QyLU4Og%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed47b21b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET bannernetwork.net/do4a/d4profarm.gif

172.67.140.28

200 OK

1.3 MB

URL GET HTTP/2
bannernetwork.net/do4a/d4profarm.gif
IP
172.67.140.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectbannernetwork.net
Fingerprint6F:AB:65:D5:04:84:FD:D1:5D:99:B8:5B:2B:FC:07:C0:4E:FF:C2:54
ValiditySat, 18 May 2024 07:17:30 GMT - Fri, 16 Aug 2024 07:17:29 GMT

File type
GIF image data, version 89a, 350 x 100
Size
1.3 MB (1278921 bytes)
Hash
a394c1634a3de34d1578db9a8c880e24
762ea1623317a8e4d099edeb2e7b49cdda027300
4e3bf9c2ef97543f863ffb4bc558a78cb65fa9fb8ed4a8cf4a2dde813f9fa9e7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /do4a/d4profarm.gif HTTP/1.1
Host: bannernetwork.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/gif
content-length: 1278921
last-modified: Wed, 16 Dec 2020 13:36:41 GMT
etag: "5fda0d69-1383c9"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2462
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hfQ6g8OXNw%2BH1sNEQz3YKsJ97LdYEYR1DXzPchKLGC3R%2F2fGWoz2VCt%2B5J9TYXi%2Bb0byiL6tRFeWV6BkLCAAjL3AZGAiYSfh4GzCt%2BpTfdR%2B0P%2BUa01Cw%2BPEGgh2GxsMN%2Bfh7A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed47b0cb51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET bannernetwork.net/do4a/anabolnew.gif

172.67.140.28

200 OK

1.6 MB

URL GET HTTP/2
bannernetwork.net/do4a/anabolnew.gif
IP
172.67.140.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectbannernetwork.net
Fingerprint6F:AB:65:D5:04:84:FD:D1:5D:99:B8:5B:2B:FC:07:C0:4E:FF:C2:54
ValiditySat, 18 May 2024 07:17:30 GMT - Fri, 16 Aug 2024 07:17:29 GMT

File type
GIF image data, version 89a, 550 x 170
Size
1.6 MB (1599962 bytes)
Hash
fbbed2611a3928cddce7006fc5def7c3
720c6b348d07013d716c6a7b2292028df787e868
df8ef8bd3dc738d0547595015cc9f0f7730451983625ba79b35a0e3405cfb388

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /do4a/anabolnew.gif HTTP/1.1
Host: bannernetwork.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/gif
content-length: 1599962
last-modified: Mon, 15 Nov 2021 08:32:36 GMT
etag: "61921b24-1869da"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3046
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=irhXOzuNTjtSDP0WJ9T%2BMvn1gmnniFX%2Bwj449sxdsy1mUnRTxXmxG%2BRQ2bKs%2BAuqCwA7VUmnyVj7UrT%2Fn%2FyLpUTvVUSGGMx%2B39zyKfnloUJJIy%2FmcuX%2B58hzSh8Iv0jq3q3Okw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed47b1fb51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET bannernetwork.net/do4a/d4strongf.gif

172.67.140.28

200 OK

2.5 MB

URL GET HTTP/2
bannernetwork.net/do4a/d4strongf.gif
IP
172.67.140.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectbannernetwork.net
Fingerprint6F:AB:65:D5:04:84:FD:D1:5D:99:B8:5B:2B:FC:07:C0:4E:FF:C2:54
ValiditySat, 18 May 2024 07:17:30 GMT - Fri, 16 Aug 2024 07:17:29 GMT

File type
GIF image data, version 89a, 1378 x 394
Size
2.5 MB (2520655 bytes)
Hash
62fe3b947217b5b33270b7c27cc8e116
0247e13c7187bfc19183dd127247e9e02f476480
b8f1b2c3e38022541e1371871daafdd9b7dffebad967fa5f119a5a07fbfbb2f6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /do4a/d4strongf.gif HTTP/1.1
Host: bannernetwork.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/gif
content-length: 2520655
last-modified: Sat, 23 Dec 2023 16:32:47 GMT
etag: "65870baf-26764f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2240
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ixIXc6I89Cz4uk%2BjPVdTUjtju58msgdT4BFDUW3lgdW%2FeR2PWPlmjKZ2Jkpdo1RwTb0deYqthtkTv3h94spBldrGvXH0GtwYpCPyitCKA9mgzA000lT1MxTG7FfsGSKWilAiUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed47b08b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET bannernetwork.net/do4a/rubelfarma.gif

172.67.140.28

200 OK

4.2 MB

URL GET HTTP/2
bannernetwork.net/do4a/rubelfarma.gif
IP
172.67.140.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectbannernetwork.net
Fingerprint6F:AB:65:D5:04:84:FD:D1:5D:99:B8:5B:2B:FC:07:C0:4E:FF:C2:54
ValiditySat, 18 May 2024 07:17:30 GMT - Fri, 16 Aug 2024 07:17:29 GMT

File type
GIF image data, version 89a, 500 x 160
Size
4.2 MB (4182540 bytes)
Hash
feca38f426cc88e2fbbb888d0133c167
afcb9ada9ade6673f7c0f0eb5954b6dd687bc022
e4c9b4a4fb0a1ee0d1ff9e2d3cc20c40a2c1f62749ab0ad2cd16a3e61c06e58d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /do4a/rubelfarma.gif HTTP/1.1
Host: bannernetwork.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/gif
content-length: 4182540
last-modified: Fri, 18 Dec 2020 11:17:07 GMT
etag: "5fdc8fb3-3fd20c"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3046
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=94g03eaJ1XaU60N8Vpm2LtM7BMhzVPaAFfBXGSO8C1WR9RvQHCoEWyovGfU9UNDk6CcwS%2BuSPRfQQ%2FAIdSUrd0PdTdB3fvQ3NwI2ZAbrY4N%2BuKRcD%2B6itz%2FJvJ9gRcYAtM5Hgw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed47b03b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET bannernetwork.net/do4a/rmassa.gif

172.67.140.28

200 OK

6.0 MB

URL GET HTTP/2
bannernetwork.net/do4a/rmassa.gif
IP
172.67.140.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectbannernetwork.net
Fingerprint6F:AB:65:D5:04:84:FD:D1:5D:99:B8:5B:2B:FC:07:C0:4E:FF:C2:54
ValiditySat, 18 May 2024 07:17:30 GMT - Fri, 16 Aug 2024 07:17:29 GMT

File type
GIF image data, version 89a, 500 x 90
Size
6.0 MB (6009808 bytes)
Hash
890ae26e6fce6afe80e67cbb67e0dbc1
8399a3b7399fd2d88ec4283764767c2423ba5de3
e9cd06489eb8c66fd0ed7c205d613d1a0352994bba15a51949b0d1cedcdbe6db

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /do4a/rmassa.gif HTTP/1.1
Host: bannernetwork.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/gif
content-length: 6009808
last-modified: Wed, 09 Dec 2020 15:31:32 GMT
etag: "5fd0edd4-5bb3d0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1911
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P5D18KwUl9RQn2s%2FsJ1M0M%2B8WeF6MvEFcqWva8ZI7EFY%2BBN1n%2Bdzgh%2BHnBe6WMCgB8%2B%2BcqXfT3wObPdOuv40rh4XQw2yKKWkj1qAUZVtDFVsNtw2XLccyaiVhmbAmS%2Fv1Jyyyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed47b11b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET bannernetwork.net/do4a/brutal.gif

172.67.140.28

200 OK

6.3 MB

URL GET HTTP/2
bannernetwork.net/do4a/brutal.gif
IP
172.67.140.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectbannernetwork.net
Fingerprint6F:AB:65:D5:04:84:FD:D1:5D:99:B8:5B:2B:FC:07:C0:4E:FF:C2:54
ValiditySat, 18 May 2024 07:17:30 GMT - Fri, 16 Aug 2024 07:17:29 GMT

File type
GIF image data, version 89a, 350 x 100
Size
6.3 MB (6266580 bytes)
Hash
cc1d26d199c3958649d008162f45df21
647c9602d47099346c57c5ca1e4c742f8a6881af
13aaede5a128c09a368f24eb1c1166c3d50c09741a4ff2f7c0de21d983e155e2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /do4a/brutal.gif HTTP/1.1
Host: bannernetwork.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: image/gif
content-length: 6266580
last-modified: Tue, 28 Nov 2023 06:59:26 GMT
etag: "65658fce-5f9ed4"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3046
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=idKSF539ZvhOc%2Fra52EmTAUEl77sN4%2B9yrM60KQSydQLIVMdo4g9XHXRUclN1LXZyYChalKl4J82IMlwuKBhmrLRmrFxt09Z1hhYa9gpUbVBusTYwZzz4nvqHUbAA2SWaop4qA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed47b07b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-98JGTJBXV1&l=dataLayer&cx=c

142.250.74.168

200 OK

90 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-98JGTJBXV1&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint44:90:16:0A:70:BD:B4:DF:9D:30:32:B2:3E:31:F4:BD:D4:E3:F8:91
ValidityMon, 13 May 2024 06:34:48 GMT - Mon, 05 Aug 2024 06:34:47 GMT

File type
JavaScript source, ASCII text, with very long lines (4242)
Size
90 kB (89523 bytes)
Hash
9db0a03e92ed0e7d1a78786a96982bf4
44dfd5b343eab1ba4e0c5786f32a02271beedab5
762923b50720e75100361cccecf90b9ebaed0ae780721ecc376818689f8f801c

HTTP Headers

GET /gtag/js?id=G-98JGTJBXV1&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Jun 2024 10:35:40 GMT
expires: Sat, 01 Jun 2024 10:35:40 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 89523
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=UA-120595707-1

142.250.74.168

200 OK

76 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-120595707-1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint44:90:16:0A:70:BD:B4:DF:9D:30:32:B2:3E:31:F4:BD:D4:E3:F8:91
ValidityMon, 13 May 2024 06:34:48 GMT - Mon, 05 Aug 2024 06:34:47 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
76 kB (75721 bytes)
Hash
425aa5fe66ca1888717a942f0cf7b445
3a899e9a5d49649ffd741ec3c4d790918a86c150
630d2c015f7c1d1e13623ee00a9186fae46ce13b843a35cc95a1d4234bc6efa2

HTTP Headers

GET /gtag/js?id=UA-120595707-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Jun 2024 10:35:40 GMT
expires: Sat, 01 Jun 2024 10:35:40 GMT
cache-control: private, max-age=900
last-modified: Sat, 01 Jun 2024 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75721
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET bj.do4a.me/styles/default/do4a/background/button.png

172.67.215.209

200 OK

154 B

URL GET HTTP/3
bj.do4a.me/styles/default/do4a/background/button.png
IP
172.67.215.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectdo4a.me
FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95
ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

File type
PNG image data, 3 x 3, 8-bit/color RGBA, non-interlaced
Size
154 B (154 bytes)
Hash
dd587da6cdfaaf63139bb036709c611c
4596a1e94ca83ff3f186decab2805d15c0b30f94
3847d4745ab20d5e517068c9221f70459299ecdb84a32c8bb72f141881ac03ff

HTTP Headers

GET /styles/default/do4a/background/button.png HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/css.php?css=MinimalismToTop,cmf_block,do4a,login_bar,nat_public_css,notices&style=6&dir=LTR&d=1717073373
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:41 GMT
content-type: image/png
content-length: 154
last-modified: Thu, 23 May 2013 16:02:47 GMT
etag: "519e3da7-9a"
expires: Sat, 08 Jun 2024 10:51:50 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UZ5ECIbCeLlAg==; expires=Sun, 01-Jun-25 10:51:50 GMT; domain=do4a.net; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vFRqIYI5IHw8QiIM4f8f6RjrxWCZL9n4BS7KREAE8TNH1KJoiIw%2FB4NgpWpgv1lxsGVrxqqofHhrRgVnLdWEuDT5Nnf6ipqBatoJLZyR%2F4AsYXIt6hXwr8%2BJtT%2B%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8eed3a7356bb-OSL
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/styles/default/xenforo/xenforo-ui-sprite.png

172.67.215.209

200 OK

3.9 kB

URL GET HTTP/3
bj.do4a.me/styles/default/xenforo/xenforo-ui-sprite.png
IP
172.67.215.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectdo4a.me
FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95
ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

File type
PNG image data, 200 x 57, 8-bit colormap, non-interlaced
Size
3.9 kB (3894 bytes)
Hash
1532d029447a00554657cd413939c0a6
7272ee5f4798e9939592e25f0b81083edf869760
148805ef840df5f06de10c18349522ea3f2ce394218c5515f54e9265828691e5

HTTP Headers

GET /styles/default/xenforo/xenforo-ui-sprite.png HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/css.php?css=xenforo,form,public&style=6&dir=LTR&d=1717073373
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:41 GMT
content-type: image/png
content-length: 3894
last-modified: Thu, 15 Mar 2018 07:45:14 GMT
etag: "5aaa248a-f36"
expires: Sat, 08 Jun 2024 10:51:50 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UZ4KiIcClpIAg==; expires=Sun, 01-Jun-25 10:51:50 GMT; domain=do4a.net; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BXKckJYfOs2sDKzAhB2tl5Nm2K%2FttJLG6yqEtPz3f%2FKqMOsaNBZJyg6bq6aUNvjUTs9wTKiyZk6bIK1SFTDehY7s%2BpES410byXEd3Q%2BI8kxwZOHwnu0yIRTs%2BjHE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8eed3a7556bb-OSL
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/styles/default/do4a/background/header-repeat.png

172.67.215.209

200 OK

1.4 kB

URL GET HTTP/3
bj.do4a.me/styles/default/do4a/background/header-repeat.png
IP
172.67.215.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectdo4a.me
FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95
ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

File type
PNG image data, 79 x 118, 8-bit/color RGBA, non-interlaced
Size
1.4 kB (1390 bytes)
Hash
7b5b7598992122002a2030017cd822e5
55c309ff25c2fd235f54d00f4de387ab7c4d94bc
d439b2ba91eba302241a286778b34deadb403db4e7eaaaf20c61c41b80f3225b

HTTP Headers

GET /styles/default/do4a/background/header-repeat.png HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/css.php?css=MinimalismToTop,cmf_block,do4a,login_bar,nat_public_css,notices&style=6&dir=LTR&d=1717073373
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:41 GMT
content-type: image/png
content-length: 1390
last-modified: Thu, 23 May 2013 16:02:47 GMT
etag: "519e3da7-56e"
expires: Sat, 08 Jun 2024 10:51:50 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UZ4KiIcClpMAg==; expires=Sun, 01-Jun-25 10:51:50 GMT; domain=do4a.net; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HG0HdcNTvkmKAxfpkeXfi%2BBV4z8WP2KrjDhXeGBlqfHZg%2Bs%2FLoC%2BhwqzUNqAM7SWesMydNjy6OIsA0n5pI1hnIhqx0k%2BHCFWGAx3udvTZraPc%2ForSGIMbw28ztKf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8eed3a8056bb-OSL
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/styles/default/xenforo/gradients/category-23px-light.png

172.67.215.209

200 OK

1.1 kB

URL GET HTTP/3
bj.do4a.me/styles/default/xenforo/gradients/category-23px-light.png
IP
172.67.215.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectdo4a.me
FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95
ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

File type
PNG image data, 62 x 23, 8-bit colormap, non-interlaced
Size
1.1 kB (1072 bytes)
Hash
916a045b94d1b04e1d725fd339426682
8acc8b8ad406039fd7d6966495ba5ac1361a8174
4cc4cae0bb86846428c4d8471ec2cd1627e7df4ce1fc4e4bb11c94cf557f9c8e

HTTP Headers

GET /styles/default/xenforo/gradients/category-23px-light.png HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/css.php?css=xenforo,form,public&style=6&dir=LTR&d=1717073373
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:41 GMT
content-type: image/png
content-length: 1072
last-modified: Thu, 15 Mar 2018 07:45:14 GMT
etag: "5aaa248a-430"
expires: Sat, 08 Jun 2024 10:51:50 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UZ4wiIeCkKIAg==; expires=Sun, 01-Jun-25 10:51:50 GMT; domain=do4a.net; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KcrpzVFsfY6Lt9rY%2B%2B3MaYQUmXVFl87Xa3uwQY8grv7iQGjqGWdUgshtHzWFDtKnCGTeHPqEJxamsG5lDgIPgWquOjmKM8ylnnmZoHdW1y6dObZi2ScLfjByE9xE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8eed3a7c56bb-OSL
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/styles/default/do4a/background/navTabs.png

172.67.215.209

200 OK

4.9 kB

URL GET HTTP/3
bj.do4a.me/styles/default/do4a/background/navTabs.png
IP
172.67.215.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectdo4a.me
FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95
ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

File type
PNG image data, 162 x 22, 8-bit/color RGBA, non-interlaced
Size
4.9 kB (4911 bytes)
Hash
50a7428491450287eb915340eff2cb5e
a04de2cc34b9063c5bef81fb594588f17703ed58
370aa4b40c9f6e0c362e4c68d21f29b52c140e18d00258ccce17dcf6b15a8ebb

HTTP Headers

GET /styles/default/do4a/background/navTabs.png HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/css.php?css=xenforo,form,public&style=6&dir=LTR&d=1717073373
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:41 GMT
content-type: image/png
content-length: 4911
last-modified: Thu, 23 May 2013 16:02:47 GMT
etag: "519e3da7-132f"
expires: Sat, 08 Jun 2024 10:51:50 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UZ4wiIeCkKKAg==; expires=Sun, 01-Jun-25 10:51:50 GMT; domain=do4a.net; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2jiE5U4BDpwc1vYjHXr2Ba7oBCT%2BQfmX%2FyTPt7HwIW6MJ0cb9bxZ96b%2FnmxCpU64WwiMsEOHAP%2BNnntuybw%2BirUnCMVD2Vj3Q2BcdNPT8JBL9dPlCZ6LDqO3AJG%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8eed3a8356bb-OSL
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/styles/default/do4a/background/navTab.png

172.67.215.209

200 OK

2.5 kB

URL GET HTTP/3
bj.do4a.me/styles/default/do4a/background/navTab.png
IP
172.67.215.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectdo4a.me
FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95
ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

File type
PNG image data, 146 x 26, 8-bit/color RGBA, non-interlaced
Size
2.5 kB (2511 bytes)
Hash
67e498fc4e93b4533a80f41d49efcf81
f7baac8793d0c0d6fdea3200019760b1ac61c484
59840f0f69f826c3cf93f3ea73b400d38677a81367819f6459e76f0fdd3dad22

HTTP Headers

GET /styles/default/do4a/background/navTab.png HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/css.php?css=xenforo,form,public&style=6&dir=LTR&d=1717073373
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:41 GMT
content-type: image/png
content-length: 2511
last-modified: Thu, 23 May 2013 16:02:47 GMT
etag: "519e3da7-9cf"
expires: Sat, 08 Jun 2024 10:51:50 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UZ4wiIeCkKLAg==; expires=Sun, 01-Jun-25 10:51:50 GMT; domain=do4a.net; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tSGUCCcQYmj40erWbCmyLgkqf9jOOez8X3%2F37wkox1mj5G7kd6ErJatokP7fleOL0L9MuvdQ2v1IeE0EdXQvUIwIAG7laLx84CpVSvbh%2FgemhzlAJltpCmIo72Ct"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8eed3a8756bb-OSL
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/styles/default/do4a/background/footer_center.png

172.67.215.209

200 OK

57 kB

URL GET HTTP/3
bj.do4a.me/styles/default/do4a/background/footer_center.png
IP
172.67.215.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectdo4a.me
FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95
ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

File type
PNG image data, 1003 x 120, 8-bit/color RGBA, non-interlaced
Size
57 kB (57049 bytes)
Hash
febfa4f2b589fa647b2cca2b5614da65
e3d761c9d3f22b85bff1e92e2bd955d0652ac772
8c114810a6123b95b0169a70a8ec481a8880f68b093e322efb7a12e8607ebbf4

HTTP Headers

GET /styles/default/do4a/background/footer_center.png HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/css.php?css=MinimalismToTop,cmf_block,do4a,login_bar,nat_public_css,notices&style=6&dir=LTR&d=1717073373
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:41 GMT
content-type: image/png
content-length: 57049
last-modified: Sun, 03 Aug 2014 06:59:36 GMT
etag: "53ddddd8-ded9"
expires: Sat, 08 Jun 2024 10:51:50 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UZ4KiIcClpLAg==; expires=Sun, 01-Jun-25 10:51:50 GMT; domain=do4a.net; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TJWl2f0JbDeK81a7doZVFlc%2BpASQikVlzgQQZzMB%2B4mPdiz%2BCosR%2BQSTXpi7jM5xsriUXTecI8UdcXC7iEJp17hOYWYrJA57nC8BRUDdU52K1%2Flyfc%2F12duflRma"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8eed3a9f56bb-OSL
alt-svc: h3=":443"; ma=86400

GET fonts.googleapis.com/css?family=PT+Serif:400,700,400italic,700italic&subset=latin,cyrillic-ext,latin-ext,cyrillic

142.250.74.106

200 OK

816 B

URL GET HTTP/2
fonts.googleapis.com/css?family=PT+Serif:400,700,400italic,700italic&subset=latin,cyrillic-ext,latin-ext,cyrillic
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint8E:9C:6E:70:61:4E:A0:D8:4A:BD:CA:F0:BF:75:60:FE:A2:36:FB:7A
ValidityMon, 13 May 2024 07:31:30 GMT - Mon, 05 Aug 2024 07:31:29 GMT

File type
gzip compressed data, max compression
Size
816 B (816 bytes)
Hash
646d9ea297ed21476e39554df0c3cfbc
3811d903556aa8c4ebbd7f3a810840d483ae8fd4
cec73e4f3616bd37aba97437c4a471000f62c2cdfbfca8202a3ab11e79609690

HTTP Headers

GET /css?family=PT+Serif:400,700,400italic,700italic&subset=latin,cyrillic-ext,latin-ext,cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 01 Jun 2024 10:35:40 GMT
date: Sat, 01 Jun 2024 10:35:40 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET bj.do4a.me/styles/default/do4a/background/header-middle.png

172.67.215.209

200 OK

59 kB

URL GET HTTP/3
bj.do4a.me/styles/default/do4a/background/header-middle.png
IP
172.67.215.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectdo4a.me
FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95
ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

File type
PNG image data, 1170 x 118, 8-bit/color RGBA, non-interlaced
Size
59 kB (58661 bytes)
Hash
c18131dcd4cb92c50b92ea07e27ad01a
8e50495a0662a3306cbe1d3a1d37719a347b6353
e3d83a3a346c0e0daeab4e8c6a35fe7bb8ed1fc0bd831d39a019c07894e3af8c

HTTP Headers

GET /styles/default/do4a/background/header-middle.png HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/css.php?css=MinimalismToTop,cmf_block,do4a,login_bar,nat_public_css,notices&style=6&dir=LTR&d=1717073373
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:41 GMT
content-type: image/png
content-length: 58661
last-modified: Thu, 23 May 2013 16:02:47 GMT
etag: "519e3da7-e525"
expires: Sat, 08 Jun 2024 10:51:50 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UZ4wiIeCkKJAg==; expires=Sun, 01-Jun-25 10:51:50 GMT; domain=do4a.net; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=87HXONOlobzOUaDuea5oUrYnLabkli2poTn767LC5WOT1RHYbE2G6pAl6KqpvY9u54kD2mE%2FPheUPSLTfYg6FG0i2AZOaCW36lweG1vzBSWq6BIiUN1tJ18UQkCf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8eed3a7d56bb-OSL
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/styles/default/do4a/logo_square.jpg

172.67.215.209

200 OK

9.6 kB

URL GET HTTP/3
bj.do4a.me/styles/default/do4a/logo_square.jpg
IP
172.67.215.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectdo4a.me
FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95
ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
Size
9.6 kB (9555 bytes)
Hash
9721a322a7463720094ff58bc091078c
630568ab44ba5d2e9d8264e6706619dfbab65300
58799413398361b5ac3e6ee7ab8361a762f764d5f204b4422865bf130ff19246

HTTP Headers

GET /styles/default/do4a/logo_square.jpg HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Cookie: _ga_98JGTJBXV1=GS1.1.1717238141.1.0.1717238141.0.0.0; _ga=GA1.1.1109428271.1717238141
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:41 GMT
content-type: image/jpeg
content-length: 9555
last-modified: Tue, 11 Nov 2014 21:54:18 GMT
etag: "5462858a-2553"
expires: Sat, 08 Jun 2024 10:51:50 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UZ4KiIcClpQAg==; expires=Sun, 01-Jun-25 10:51:50 GMT; domain=do4a.net; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1%2FwuvD4lsV74bbj8HDLZ6NUMRGfDdwOsFdbuI9WzT8ugv4CUsB9t72cWz5RxNegfzFkCDPx2L7yC5LBQSCXm5Ybrjrrt%2F8o8lj4iRfcCWmgBgJ5E7LLWYOmQqV2T"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8eef0df356bb-OSL
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/js/jquery/jquery-1.11.0.min.js

172.67.215.209

200 OK

96 kB

URL GET HTTP/3
bj.do4a.me/js/jquery/jquery-1.11.0.min.js
IP
172.67.215.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectdo4a.me
FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95
ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

File type
JavaScript source, ASCII text, with very long lines (32341)
Size
96 kB (96381 bytes)
Hash
8fc25e27d42774aeae6edbc0a18b72aa
b66ed708717bf0b4a005a4d0113af8843ef3b8ff
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

HTTP Headers

GET /js/jquery/jquery-1.11.0.min.js HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 15 Mar 2018 07:45:14 GMT
etag: W/"5aaa248a-1787d"
expires: Sat, 01 Jun 2024 11:51:46 GMT
cache-control: max-age=3600
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UJ5ECIbCeLUAg==; expires=Sun, 01-Jun-25 10:51:46 GMT; domain=do4a.net; path=/
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QXWlF%2BB0sxvSAAE9dl8LBMPRFjRZIYrhUR2UwgoH%2Fqwi%2FJG3Bxx0GZo%2FZYm%2BMpZLdlKRaS89PEhy9e8Km2Gh34l7033bWhzKr8DhwbKpaKJ8M2aOUK2vR6Q66Vb2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed3eebb56bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/favicon.ico

172.67.215.209

200 OK

1.2 kB

URL GET HTTP/3
bj.do4a.me/favicon.ico
IP
172.67.215.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectdo4a.me
FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95
ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
75c2e2541dedb852451d1863468a063d
ea1d3434bdcb7aacb522436941e4e4cb77c38434
2c21749fafcf76df68e02bef45c19055c1aac9d51de778e931c1df4d3f1ab898

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Cookie: _ga_98JGTJBXV1=GS1.1.1717238141.1.0.1717238141.0.0.0; _ga=GA1.1.1109428271.1717238141
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:41 GMT
content-type: image/x-icon
last-modified: Thu, 23 May 2013 16:02:47 GMT
etag: W/"519e3da7-47e"
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UZ35SIdClnfAg==; expires=Sun, 01-Jun-25 10:51:50 GMT; domain=do4a.net; path=/
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gy2SstgTMtU2sOACGWZQsK6UQ5iq8LSBp%2F%2FcZ%2FidDHrbIXqJ55EXq4gB948iQlJjoQlRv5OZZSkAAI0OFCZdrk7u1Fy9hVcnJ1SS4tZR1p5ML5GrVDoT2drUBo0H"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8eef0df656bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/styles/default/do4a/background/footer_repeat.png

172.67.215.209

200 OK

210 B

URL GET HTTP/3
bj.do4a.me/styles/default/do4a/background/footer_repeat.png
IP
172.67.215.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectdo4a.me
FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95
ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

File type
PNG image data, 1 x 120, 8-bit/color RGBA, non-interlaced
Size
210 B (210 bytes)
Hash
cbd94bd64e7b3deb321fb99a637daebc
91e0ae7d590871a08646632e57a193a001ce27d0
7ad84f0388ef8b6f53e56faedb564aaa37b9e3e7e431afd7b808beb26f82f87d

HTTP Headers

GET /styles/default/do4a/background/footer_repeat.png HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/css.php?css=MinimalismToTop,cmf_block,do4a,login_bar,nat_public_css,notices&style=6&dir=LTR&d=1717073373
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:41 GMT
content-type: image/png
content-length: 210
last-modified: Sun, 03 Aug 2014 06:59:40 GMT
etag: "53dddddc-d2"
expires: Sat, 08 Jun 2024 10:51:50 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UZ4wiIeCkKMAg==; expires=Sun, 01-Jun-25 10:51:50 GMT; domain=do4a.net; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rikViPrQw6%2BYEegyuhbtoQgetx8IZJrgpnm%2BWGTGqkp3otTyIGCTwmxlS8NI%2FpTENX%2FgN8UTIsqyOK9rcoCYA7rivp2f1XnxLt2E2mUff%2FBunHlikShhzrFQLuyI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8eed3aa556bb-OSL
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/proxy.php?link=https://vimeo.com/704979506

172.67.215.209

200 OK

25 kB

URL User Request GET HTTP/2
bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
IP
172.67.215.209:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectdo4a.me
FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95
ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

File type

Size
25 kB (24920 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /proxy.php?link=https://vimeo.com/704979506 HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 01 Jun 2024 10:35:36 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/5.6.21
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
x-xss-protection: 1
vary: Accept-Encoding
x-proxy-error: disabled
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
set-cookie: dcs=XhfWsWZa/UF5ECIbCeLMAg==; expires=Sun, 01-Jun-25 10:51:45 GMT; domain=do4a.net; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1T5uKn3RSMdS5LQS4Ppe426vc9OJ0x%2FdKOOBVTpsC%2BzuUdhXmzB8AGUcgDsJ4Ihw6p7K6SXrGGgfJ5DWzcztq14LLJSlsEbRSCH8ADGEMUQWRwREiLTLxREqv%2F%2B3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88ce8ed19c92712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET bj.do4a.me/js/xenforo/xenforo.js?_v=2c76e9c8

172.67.215.209

200 OK

169 kB

URL GET HTTP/3
bj.do4a.me/js/xenforo/xenforo.js?_v=2c76e9c8
IP
172.67.215.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectdo4a.me
FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95
ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

File type

Size
169 kB (169382 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js/xenforo/xenforo.js?_v=2c76e9c8 HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 15 Mar 2018 07:45:14 GMT
etag: W/"5aaa248a-295a6"
expires: Sat, 01 Jun 2024 11:51:46 GMT
cache-control: max-age=3600
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UJ4wiIeCkJwAg==; expires=Sun, 01-Jun-25 10:51:46 GMT; domain=do4a.net; path=/
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l%2BUm2drKajVaRR38ZDIF9EdTGa%2FLOz6P74aWySvXk%2Fhbw%2FvBtVppFkvyqfL4boCk7ELXo4DDO7Uxj4EjEa9J%2Bou8ZJH3HBqJrrrVEqzAj%2Fcdg%2BepgEgjXcsY1WdR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed3eebf56bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET bj.do4a.me/js/Minimalism/jquery.ui.totop.js?_v=2c76e9c8

172.67.215.209

200 OK

1.7 kB

URL GET HTTP/3
bj.do4a.me/js/Minimalism/jquery.ui.totop.js?_v=2c76e9c8
IP
172.67.215.209:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Certificate
IssuerGoogle Trust Services LLC
Subjectdo4a.me
FingerprintF3:2A:6A:21:51:AF:38:9A:83:C1:43:9F:DB:3A:3F:B8:3F:27:5E:95
ValiditySun, 28 Apr 2024 02:25:56 GMT - Sat, 27 Jul 2024 02:25:55 GMT

File type
JavaScript source, ASCII text, with very long lines (1941), with no line terminators
Size
1.7 kB (1738 bytes)
Hash
885dcd087cb8d41f36f36e8972b9c88d
d6d7c8f33ced07f93a75607d46582b26cfd14f86
2b7bc357ed9d7a721171c641739c3b03fa253550f1375facf80aa256f4a3e0a2

HTTP Headers

GET /js/Minimalism/jquery.ui.totop.js?_v=2c76e9c8 HTTP/1.1
Host: bj.do4a.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bj.do4a.me/proxy.php?link=https://vimeo.com/704979506
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Jun 2024 10:35:37 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 04 Mar 2010 18:04:34 GMT
etag: W/"4b8ff632-6ca"
expires: Sat, 01 Jun 2024 11:51:46 GMT
cache-control: max-age=3600
strict-transport-security: max-age=31536000
public-key-pins: pin-sha256="ihuShc0WDhVQ+2ntnX1EEo/i2a8UN/57IkzcVyPBpT4="; max-age=5184000
cf-cache-status: BYPASS
set-cookie: dcs=XhfWsWZa/UJ4KiIcClo9Ag==; expires=Sun, 01-Jun-25 10:51:46 GMT; domain=do4a.net; path=/
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YItfJZzXifKdZ9jJS3H2wJbFpwaZYnCfPSeVd6mFRDlS%2FDwoSsKvO5eEMchk8Kn3B1ci6Wy50zennRMz4xOg2gKGl0zvjrnj8BsbrUNqKux%2FCKyQYFPsC6C3Ks82"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88ce8ed3eec756bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by