| imageshare.eti.pw/i/743b463c2f8e8952e40430d2265b7c9b.png |  85.130.81.193 | 200 OK | 11 kB |
URL GET imageshare.eti.pw/i/743b463c2f8e8952e40430d2265b7c9b.png IP85.130.81.193:443 ASN#13124 A1 Bulgaria EAD
Requested byhttps://ads.eti.pw/banners CertificateIssuerLet's Encrypt Subjecteti.pw Fingerprint39:F1:E5:BF:E3:BF:59:E4:5A:D6:3E:DD:20:31:DA:BC:DA:87:6F:26 ValidityThu, 13 Mar 2025 13:26:20 GMT - Wed, 11 Jun 2025 13:26:19 GMT
File typePNG image data, 320 x 50, 8-bit/color RGBA, non-interlaced Hash743b463c2f8e8952e40430d2265b7c9b 915038e94350d96004398b2518ad12ef5b6267ba 5e144ee6103c50c7704213d6b34e1537d3e467b1a4506ec5e5b92d3ddf7626de
GET /i/743b463c2f8e8952e40430d2265b7c9b.png HTTP/1.1
Host: imageshare.eti.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ads.eti.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:14 GMT
Server: Apache
Last-Modified: Sat, 09 Sep 2023 09:48:10 GMT
ETag: "2a02-604e9fdb2077e"
Accept-Ranges: bytes
Content-Length: 10754
Keep-Alive: timeout=5, max=50000
Connection: Keep-Alive
Content-Type: image/png
|
|
| webtrafbit.ru/img/banner_empty.png |  185.105.111.32 | 200 OK | 21 kB |
URL GET webtrafbit.ru/img/banner_empty.png IP185.105.111.32:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
File typePNG image data, 468 x 60, 8-bit/color RGB, non-interlaced Hash9347f6c8e9497cee41903d95dc152f97 c0fea9bfcb32c2b55554eda35b745ae17bb5b19d 2efcba80862494344e14d4228a1d55fd28f0cce1330cd04e7a23811ba3502b8a
GET /img/banner_empty.png HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:19 GMT
Content-Type: image/png
Content-Length: 20926
Last-Modified: Mon, 10 Mar 2025 12:06:42 GMT
Connection: keep-alive
ETag: "67ced5d2-51be"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
|
|
| cdn.sur.ly/desktop/js/desktop.js |  188.114.97.1 | 200 OK | 5.5 kB |
URL GET cdn.sur.ly/desktop/js/desktop.js IP188.114.97.1:443
Requested byhttps://safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 CertificateIssuerGoogle Trust Services Subjectsur.ly Fingerprint17:2E:23:F4:D1:D3:72:DA:15:57:5C:15:19:57:02:1C:54:E7:BF:EA ValidityWed, 29 Jan 2025 22:49:29 GMT - Tue, 29 Apr 2025 23:47:50 GMT
File typeJavaScript source, ASCII text, with very long lines (5694), with no line terminators Hash12833e7e8559950e1e4ca8a6fd9d889a 0bf2242d693ebabc576c7df2b034c0adc5ca62d6 1f8fa797ae9a67d412ebd6537470aaf8a2808cbc7a9b451b044cae19e7223f81
GET /desktop/js/desktop.js HTTP/1.1
Host: cdn.sur.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://safe.sur.ly/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:04 GMT
content-type: application/javascript
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=9803
etag: W/"62a6bbba-264b"
expires: Thu, 27 Mar 2025 06:05:58 GMT
last-modified: Mon, 13 Jun 2022 04:23:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 372006
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7EYOy3ZAav1I%2BzOJPqXDb%2B2S7D2EadN3Gg%2B9rbizs3ofBCT03%2Br3Yy%2F0FFpRRPCvnaIRZF%2BxCPV4I%2BqRdAw%2FYPXIsvFVM9koLxILN8KS6eyPhjzv%2B7keJZAzWRn5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924838be2a38f5d1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19818&min_rtt=19625&rtt_var=766&sent=47&recv=20&lost=0&retrans=0&sent_bytes=46628&recv_bytes=1633&delivery_rate=1235740&cwnd=194&unsent_bytes=0&cid=61cff6960f508c98&ts=74&x=0"
X-Firefox-Spdy: h2
|
|
| webtrafbit.ru/img/lang/lang__uk.png | 185.105.111.32 | 200 OK | 48 kB |
URL GET webtrafbit.ru/img/lang/lang__uk.png IP185.105.111.32:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
File typePNG image data, 22 x 15, 8-bit/color RGBA, non-interlaced Hasha311920fa16be801d10ed9123ecf71dc e75e81f5e80d7c8329e74ddd4d79895971e42759 ac6414679d063e07752159c527dcd0b68383fd0fc88ed2bb94458cc92e8987e6
GET /img/lang/lang__uk.png HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:10 GMT
Content-Type: image/png
Content-Length: 48115
Last-Modified: Thu, 05 Dec 2024 10:07:24 GMT
Connection: keep-alive
ETag: "67517b5c-bbf3"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
|
|
| ads.eti.pw/300x250banners | 85.130.81.193 | 200 OK | 5.4 kB |
URL GET ads.eti.pw/300x250banners IP85.130.81.193:443 ASN#13124 A1 Bulgaria EAD
Requested byhttps://cryptofaucets.eti.pw/ CertificateIssuerLet's Encrypt Subjecteti.pw Fingerprint39:F1:E5:BF:E3:BF:59:E4:5A:D6:3E:DD:20:31:DA:BC:DA:87:6F:26 ValidityThu, 13 Mar 2025 13:26:20 GMT - Wed, 11 Jun 2025 13:26:19 GMT
File typeHTML document, ASCII text, with very long lines (5466), with no line terminators Hash1b37c8bd51f710c14e9bd8dc95286663 678b60569343e26c4f0e602a3c2ff9bb86d78cc6 c0e527533c3230854138a1e8c9e17140f0935edac75a352f81935f0dc54e03a8
GET /300x250banners HTTP/1.1
Host: ads.eti.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptofaucets.eti.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:12 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1642
Keep-Alive: timeout=5, max=50000
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| imasdk.googleapis.com/js/core/bridge3.688.0_en.html?gdpr=1#fid=goog_1371763289 |  142.250.74.42 | 200 OK | 828 kB |
URL GET imasdk.googleapis.com/js/core/bridge3.688.0_en.html?gdpr=1#fid=goog_1371763289 IP142.250.74.42:443
Requested byhttps://free-btc.org/banner/u=sofiahalbof/size=728x90 CertificateIssuerGoogle Trust Services Subjectupload.video.google.com Fingerprint69:99:38:F9:7C:82:8E:AC:7D:DA:EA:3E:1C:E4:7F:52:1B:36:41:AA ValidityMon, 10 Mar 2025 08:37:02 GMT - Mon, 02 Jun 2025 08:37:01 GMT
File typeHTML document, ASCII text, with very long lines (48645) Size828 kB (828049 bytes) Hash64a42e8e48e53a4404ce126ca068a826 a9228c3b76ccb64f4c0f98cc2e22def8c16d5da6 fc5a30d87e0a056f9fd44d4287bcb8430c34f158982e58c160c0a1b9f13cb908
GET /js/core/bridge3.688.0_en.html?gdpr=1 HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://free-btc.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 261913
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 09:35:02 GMT
expires: Fri, 20 Mar 2026 09:35:02 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 05 Mar 2025 16:13:43 GMT
content-type: text/html
vary: Accept-Encoding
age: 209769
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| webcounter.eti.pw/styles/96/1.png | 85.130.81.193 | 200 OK | 76 B |
URL GET webcounter.eti.pw/styles/96/1.png IP85.130.81.193:443 ASN#13124 A1 Bulgaria EAD
Requested byhttps://cryptofaucets.eti.pw/ CertificateIssuerLet's Encrypt Subjecteti.pw Fingerprint39:F1:E5:BF:E3:BF:59:E4:5A:D6:3E:DD:20:31:DA:BC:DA:87:6F:26 ValidityThu, 13 Mar 2025 13:26:20 GMT - Wed, 11 Jun 2025 13:26:19 GMT
File typePNG image data, 5 x 7, 1-bit grayscale, non-interlaced Hash9d9209533d2072d3af4c9de3c6e18477 4543341217aac855a3d7cbe1d2a0463aa06f8482 ec6289c13ec22d3285657429794bd02006a876a1a2a66ba8d91f6231d744850a
GET /styles/96/1.png HTTP/1.1
Host: webcounter.eti.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptofaucets.eti.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:12 GMT
Server: Apache
Last-Modified: Tue, 30 Oct 2001 18:38:46 GMT
ETag: "4c-3918eba3bd980"
Accept-Ranges: bytes
Content-Length: 76
Keep-Alive: timeout=5, max=49999
Connection: Keep-Alive
Content-Type: image/png
|
|
| pixel.leadsleap.net/set.html?n1=lltkra274900&v1=295567.23&n2=lltkrb274900&v2=295567.23 | 172.67.186.40 | 200 OK | 1.6 kB |
URL GET pixel.leadsleap.net/set.html?n1=lltkra274900&v1=295567.23&n2=lltkrb274900&v2=295567.23 IP172.67.186.40:443
Requested byhttps://llclick.com/9cnxhff7/verytenoi CertificateIssuerGoogle Trust Services Subjectleadsleap.net FingerprintAA:DC:07:9D:4E:95:C5:5F:E9:5F:42:62:92:32:56:00:3F:0A:3C:70 ValiditySat, 08 Mar 2025 16:53:51 GMT - Fri, 06 Jun 2025 17:52:35 GMT
File typeHTML document, ASCII text, with very long lines (1819), with no line terminators Hash29c0baa441868ac44e76691438a96c3e 0f61f766ec1983341fa98a1797432987e2f021c4 2eaac725bed2cd7b57767d78d470d1255be9ab0a179e84d6cd29dded1c0ff30e
GET /set.html?n1=lltkra274900&v1=295567.23&n2=lltkrb274900&v2=295567.23 HTTP/1.1
Host: pixel.leadsleap.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llclick.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:07 GMT
content-type: text/html
last-modified: Thu, 01 Oct 2020 11:41:08 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JJGr2e%2BR6iaTgSNR3wO2Mv090nQTym2GkItwG5hAV7%2B6msWzAxbrLm52%2BPQJptJP2AB7qaNT4hw8XZoQevBuQkBDxkUmP4GUivlBD9lPnXB0HU3rAHwaFnlVlgZJ36syC9L0MLd9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924838cbe81cfe9e-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=25187&min_rtt=19491&rtt_var=13651&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3277&recv_bytes=1325&delivery_rate=221001&cwnd=180&unsent_bytes=0&cid=07358746b7ad6269&ts=440&x=0"
X-Firefox-Spdy: h2
|
|
| sharemyads.com/img/icon.ico | 170.249.194.154 | 200 OK | 1.2 kB |
URL GET sharemyads.com/img/icon.ico IP170.249.194.154:443
Requested byhttps://sharemyads.com/view/468/fv.php?size=1&ison=1&user=24687&vt=6&dref=https://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html&scrw=1280&scrh=1024×tamp=1742673069604 CertificateIssuerLet's Encrypt Subjectmail.sharemyads.com FingerprintFC:E0:4A:23:95:FC:F1:24:F6:72:90:D0:8F:D5:B0:A1:93:14:97:5C ValidityTue, 04 Feb 2025 12:14:52 GMT - Mon, 05 May 2025 12:14:51 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hashea1b692dfb5dc1c4afcb4d5e13b5abed bdce0d42635e2f6ce9d4dfa1a31eb19555a113ce ee991847f3b45fa022ba135496088d51010f35c47fc49da7abdee95679326682
GET /img/icon.ico HTTP/1.1
Host: sharemyads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sharemyads.com/view/468/fv.php?size=1&ison=1&user=24687&vt=6&dref=https://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html&scrw=1280&scrh=1024×tamp=1742673069604
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:10 GMT
server: Apache/2
last-modified: Thu, 05 May 2022 12:33:19 GMT
accept-ranges: bytes
cache-control: public
expires: Sun, 22 Mar 2026 19:51:10 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
x-xss-protection: 1; mode=block
content-length: 439
content-type: image/x-icon
X-Firefox-Spdy: h2
|
|
| imageshare.eti.pw/i/b9a78fefea1c271e8523884b80f79e5c.png | 85.130.81.193 | 200 OK | 12 kB |
URL GET imageshare.eti.pw/i/b9a78fefea1c271e8523884b80f79e5c.png IP85.130.81.193:443 ASN#13124 A1 Bulgaria EAD
Requested byhttps://cryptofaucets.eti.pw/ CertificateIssuerLet's Encrypt Subjecteti.pw Fingerprint39:F1:E5:BF:E3:BF:59:E4:5A:D6:3E:DD:20:31:DA:BC:DA:87:6F:26 ValidityThu, 13 Mar 2025 13:26:20 GMT - Wed, 11 Jun 2025 13:26:19 GMT
File typePNG image data, 320 x 50, 8-bit/color RGBA, non-interlaced Hashb9a78fefea1c271e8523884b80f79e5c 8cd64846718af571c44f323e9d3b8653b5f93b05 2f417bd8ee0e857d5ae4e37074172cf0d79a225f2ff9845427a37dd54ff261a6
GET /i/b9a78fefea1c271e8523884b80f79e5c.png HTTP/1.1
Host: imageshare.eti.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptofaucets.eti.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:12 GMT
Server: Apache
Last-Modified: Sat, 09 Sep 2023 09:48:14 GMT
ETag: "300c-604e9fded3aca"
Accept-Ranges: bytes
Content-Length: 12300
Keep-Alive: timeout=5, max=50000
Connection: Keep-Alive
Content-Type: image/png
|
|
| trafstock.ru/img/pin.gif | 185.114.245.108 | 200 OK | 632 B |
IP185.114.245.108:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerLet's Encrypt Subjecttrafstock.ru Fingerprint1C:0B:08:C6:45:5A:1E:30:2E:64:86:C8:AD:B0:6C:84:E4:DE:B6:E4 ValidityFri, 28 Feb 2025 16:40:26 GMT - Thu, 29 May 2025 16:40:25 GMT
File typeGIF image data, version 89a, 16 x 16 Hash4619995a35c55fa96f2e4e337bcb54d0 6e0a5a143b6ceb12f224d7400a0139b064cc6401 aa35b806207861016b70886ec0bd89c84864d26d9443d3fca659daaa3ef14549
GET /img/pin.gif HTTP/1.1
Host: trafstock.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.26.3
date: Sat, 22 Mar 2025 19:51:09 GMT
content-type: image/gif
content-length: 632
last-modified: Thu, 13 Feb 2025 14:36:00 GMT
etag: "67ae0350-278"
expires: Sun, 22 Mar 2026 19:51:09 GMT
cache-control: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| llsvr.com/imgad/cyberswarm.a.158022.jpg | 104.21.80.1 | 200 OK | 20 kB |
URL GET llsvr.com/imgad/cyberswarm.a.158022.jpg IP104.21.80.1:443
Requested byhttps://w.leadsleap.com/php.php?ll_r=sofiahalbof&ll_id=w38245&ll_sr=&ll_f=0&ll_tbo=&ll_hc=%23e22121&ll_tc=%23555a69&ll_cc=%238d9aa6&ll_bc=%23ffffff&ll_dc=%238891a8&ll_w=300&ll_fh=auto&ll_h=250&ll_b=&ll_n=6&ll_fs=&ll_ff=&ll_pa=0&ll_bgc=&ll_s=w&ll_br=&ll_cl=&ll_nc=1&ll_nf=0&ll_nh=0&ll_nm=0&ll_np=1&ll_fo=&ll_no=&ll_so=&ll_nt=0&ll_wt=1&ll_url=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F2021%2F07%2Fblog-post.html&ll_rf=https%3A%2F%2Fllclick.com%2F CertificateIssuerGoogle Trust Services Subjectllsvr.com Fingerprint33:05:B0:89:29:B4:C7:19:B9:8C:D3:F7:38:EB:1E:CB:34:26:32:4E ValidityMon, 24 Feb 2025 12:10:45 GMT - Sun, 25 May 2025 13:07:07 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 375x250, components 3 Hashc9835ae2300fa647f1c108c03a7914ea 5cb1984b65c6e1c613411ee63e0ad5ac2624cb91 43e062dfaaab0703584a5973d04322e3022dbe30491f4e23cc60b2a9f85e46c9
GET /imgad/cyberswarm.a.158022.jpg HTTP/1.1
Host: llsvr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://w.leadsleap.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:19 GMT
content-type: image/jpeg
content-length: 19874
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z3Sy5VPLEDOjmvWDwPSePyJsPR%2FuzbQE5OLXQapcxXsmvkeLBlFLemBtEUL3OpcSOZEq6PTgwc0ERuPDnbmATwTJ7Ye5N14VXCuOCrULliImbQ6xBEgEnKpT%2FRg%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sun, 25 Aug 2024 01:34:36 GMT
accept-ranges: bytes
cache-control: max-age=31536000
cf-cache-status: MISS
cf-ray: 92483918df8ef5ba-AMS
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
|
|
| sur.ly/surly/images/platforms/drpl.png | 54.173.41.122 | 301 Moved Permanently | 7.7 kB |
URL GET sur.ly/surly/images/platforms/drpl.png IP54.173.41.122:443
Requested byhttps://safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 CertificateIssuerLet's Encrypt Subjectsur.ly Fingerprint1B:0E:89:02:7C:6B:FA:4E:B9:60:89:BE:37:EB:A6:AD:B6:80:88:72 ValiditySun, 23 Feb 2025 17:39:40 GMT - Sat, 24 May 2025 17:39:39 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /surly/images/platforms/drpl.png HTTP/1.1
Host: sur.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Referer: https://safe.sur.ly/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
server: nginx/1.14.2
date: Sat, 22 Mar 2025 19:51:05 GMT
content-type: text/html
content-length: 185
location: https://cdn.sur.ly/surly/images/platforms/drpl.png
referrer-policy: origin-when-cross-origin
X-Firefox-Spdy: h2
|
|
| resources.blogblog.com/img/anon36.png | 172.217.21.169 | 200 OK | 1.7 kB |
URL GET resources.blogblog.com/img/anon36.png IP172.217.21.169:443
Requested byhttps://www.blogger.com/comment/frame/3405693820859981231?po=4364866522047349775&hl=en&blogspotRpcToken=6538628#%7B%22color%22:%22rgb(102,%20102,%20102)%22,%22backgroundColor%22:%22rgb(61,%20133,%20198)%22,%22unvisitedLinkColor%22:%22rgb(61,%20116,%20165)%22,%22fontFamily%22:%22Arial,%20Tahoma,%20Helvetica,%20FreeSans,%20sans-serif%22%7D CertificateIssuerGoogle Trust Services Subject*.blogger.com Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79 ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT
File typePNG image data, 36 x 36, 8-bit/color RGB, non-interlaced Hash106b75877485647b4b5618523f541732 c19e26c01d2972a4c895c3688c735158785620c7 19a794aab8d93c3cafd1efa4ae19579369f92ed5f1bb114d05aa0d7c7d1b3c22
GET /img/anon36.png HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 1654
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 09:17:09 GMT
expires: Thu, 27 Mar 2025 09:17:09 GMT
cache-control: public, max-age=604800
last-modified: Wed, 19 Mar 2025 19:54:16 GMT
content-type: image/png
age: 210841
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.linkslot.ru/img/buyb.png | 104.21.96.1 | 200 OK | 2.6 kB |
URL GET www.linkslot.ru/img/buyb.png IP104.21.96.1:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerGoogle Trust Services Subjectlinkslot.ru Fingerprint0A:9F:00:33:A7:81:5A:68:3E:08:73:80:E1:6C:7F:B7:1E:95:04:47 ValidityWed, 05 Feb 2025 18:17:51 GMT - Tue, 06 May 2025 19:12:32 GMT
File typePNG image data, 127 x 16, 8-bit/color RGBA, non-interlaced Hash6623622f5954708d814fc46180f75b9f 7bd68ddbb91875e815e73fa937efc259e56fad47 5e9b14e8db47eb55c01f3982d1e63061c9ac23ecae71d5313e08169e9cfcce29
GET /img/buyb.png HTTP/1.1
Host: www.linkslot.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:10 GMT
content-type: image/png
content-length: 2585
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BWQQCSDEfTv8Dw295LHks6Jaxn49JW4Fj%2FgHRuYBr7jkoo1kA5vF08OWOV%2FcJLVzhn4nUWwwldUzahSgEi6QKjbarYF704lE20LbEcCSMgkGVqxCMwoM0Pn6KZaee6t0P7o%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Thu, 03 Oct 2024 13:36:03 GMT
etag: "66fe9dc3-a19"
cache-control: max-age=14400
cf-cache-status: HIT
age: 942
accept-ranges: bytes
cf-ray: 924838e33c7af5b1-AMS
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
|
|
| nanswap.com/logo/BAN.svg | 104.21.95.229 | 200 OK | 6.4 kB |
IP104.21.95.229:443
Requested byhttps://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy CertificateIssuerGoogle Trust Services Subjectnanswap.com Fingerprint94:2A:7A:41:6D:BF:DA:41:BF:1A:3F:68:DF:5E:9F:40:4E:7C:CC:49 ValiditySat, 08 Feb 2025 13:38:27 GMT - Fri, 09 May 2025 14:36:29 GMT
File typeSVG Scalable Vector Graphics image Hash6a31aaecdc19cdf017a6cd8af1213d8d e00b16eb13846d465ba49daded1c45e682f018c5 924daf7b8536113bc3cd021a835145c4ac05c24942487988253aafd29687994c
GET /logo/BAN.svg HTTP/1.1
Host: nanswap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:12 GMT
content-type: image/svg+xml
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O4xxy%2FgDq3yPtjHP53rJ6juF2KHQsihUSToiN8cOHvK65yfqjbuD1OZTK8vGRDy2DnhelTRjxawrb9ojFG%2B3pN0reD0rK%2BwqxFoQK5RG8xxQA19XUi8WQr2KZ8kbYA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=14400, s-maxage=60, stale-while-revalidate=300
last-modified: Mon, 01 May 2023 01:21:22 GMT
etag: W/"192d-187d4e66968"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: EXPIRED
cf-ray: 924838ee3e0df5b0-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 | 142.250.74.35 | 200 OK | 15 kB |
URL GET fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 IP142.250.74.35:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu&co=aHR0cHM6Ly93d3cuYmxvZ2dlci5jb206NDQz&hl=en&v=bUO1BXI8H9PgjAPSW9hwuSeI&size=invisible&cb=hnl8na299a3m CertificateIssuerGoogle Trust Services Subject*.gstatic.com Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15344, version 1.0 Hash5d4aeb4e5f5ef754e307d7ffaef688bd 06db651cdf354c64a7383ea9c77024ef4fb4cef8 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 09:35:39 GMT
expires: Fri, 20 Mar 2026 09:35:39 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
age: 209734
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.blogger.com/comment/frame/3405693820859981231?po=4364866522047349775&hl=en&blogspotRpcToken=6538628#%7B%22color%22:%22rgb(102,%20102,%20102)%22,%22backgroundColor%22:%22rgb(61,%20133,%20198)%22,%22unvisitedLinkColor%22:%22rgb(61,%20116,%20165)%22,%22fontFamily%22:%22Arial,%20Tahoma,%20Helvetica,%20FreeSans,%20sans-serif%22%7D | 172.217.21.169 | 200 OK | 62 kB |
URL GET www.blogger.com/comment/frame/3405693820859981231?po=4364866522047349775&hl=en&blogspotRpcToken=6538628#%7B%22color%22:%22rgb(102,%20102,%20102)%22,%22backgroundColor%22:%22rgb(61,%20133,%20198)%22,%22unvisitedLinkColor%22:%22rgb(61,%20116,%20165)%22,%22fontFamily%22:%22Arial,%20Tahoma,%20Helvetica,%20FreeSans,%20sans-serif%22%7D IP172.217.21.169:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerGoogle Trust Services Subject*.blogger.com Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79 ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /comment/frame/3405693820859981231?po=4364866522047349775&hl=en&blogspotRpcToken=6538628 HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 22 Mar 2025 19:51:09 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-site
content-security-policy: require-trusted-types-for 'script';report-uri /_/BloggerCommentUi/cspreport, script-src 'nonce-7GP1MxT_V78GwpXLeW6nbQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/BloggerCommentUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/BloggerCommentUi/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
reporting-endpoints: default="/_/BloggerCommentUi/web-reports?context=eJzjctHikmJw0pBiqHXfyVR6ZSeT06ubTDK9t5geT7nFFPpiOmsqELfePMc6FYiN1p5ndQJiQ4VLrI5AXCRxhbUJiIV4ONau_LOPTeDGo6u7mJSUkvIL45Ny8tPTU4tKM4tTi8pSi-KNDIxMDYyNDPQMDOILDAD7uS2w"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=522=j4wM2LD9Wk2QrrlLcrE1vTgme0ocNYPknQJ5l-aes_Nhqgdh1obV0B14NCxD7vuq_OqNGSFpHvgTAsFDo53SjjFHm8aBMJI-pvaubMxxnr7r-qvUFb5agZnLTfkx35e7sYOvPDaUXe8ggxkmh6qpukKzMyPXqZaip1p5QOjb5zSVhtM2jQZwu0crdpo_0Jeu8DjNI3iLfHFr1BepdOciqI6ULjA; expires=Sun, 21-Sep-2025 19:51:09 GMT; path=/; domain=.blogger.com; Secure; HttpOnly
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| translate.google.com/translate_a/element.js?cb=TranslateInit | 142.250.74.174 | 200 OK | 80 kB |
URL GET translate.google.com/translate_a/element.js?cb=TranslateInit IP142.250.74.174:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerGoogle Trust Services Subject*.google.com FingerprintB5:4D:C5:27:B4:49:22:F3:21:DF:88:3D:E6:05:D6:A1:02:98:C7:E2 ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT
File typeJavaScript source, ASCII text, with very long lines (2148) Hash055ce03cacbf9424d0c016fe9ba9d143 7cca34d7b4fe86b6947602d4fd180dcb60d53e14 0ed8259a7d642951e8f72552b52dbf5b6135cf78d84bb4808b728bb9016dfeed
GET /translate_a/element.js?cb=TranslateInit HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 22 Mar 2025 19:51:10 GMT
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| static1.freebitco.in/banners/728x90-3.png | 172.66.41.13 | 200 OK | 44 kB |
URL GET static1.freebitco.in/banners/728x90-3.png IP172.66.41.13:443
Requested byhttps://traffic2bitcoin.com/ptp.php?ref=sofiahalbof&sitetype=1 CertificateIssuerLet's Encrypt Subjectfreebitco.in Fingerprint96:43:F0:29:AD:55:B5:CA:3E:E4:3A:40:7D:20:8C:32:3D:0E:D4:AD ValiditySun, 23 Feb 2025 20:01:38 GMT - Sat, 24 May 2025 20:01:37 GMT
File typeRIFF (little-endian) data, Web/P image Hash2b3356c4e6170940ce2bf538c7b55a26 782268c3c692056f005a041b2f95a6675f276799 b83b40d396539bb0eea0cd3fc9d496c4847a6242b95e11748d0b4eeb24745064
GET /banners/728x90-3.png HTTP/1.1
Host: static1.freebitco.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://traffic2bitcoin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:10 GMT
content-type: image/webp
content-length: 43968
cache-control: max-age=315360000
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=60358
content-disposition: inline; filename="728x90-3.webp"
expires: Thu, 31 Dec 2037 23:55:55 GMT
vary: Accept
last-modified: Wed, 05 Feb 2025 01:03:10 GMT
cf-cache-status: HIT
age: 867139
accept-ranges: bytes
server: cloudflare
cf-ray: 924838e3dab056b5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.blogger.com/comment/frame/3405693820859981231?po=4364866522047349775&hl=en&blogspotRpcToken=6538628#%7B%22color%22%3A%22rgb(102%2C%20102%2C%20102)%22%2C%22backgroundColor%22%3A%22rgb(61%2C%20133%2C%20198)%22%2C%22unvisitedLinkColor%22%3A%22rgb(61%2C%20116%2C%20165)%22%2C%22fontFamily%22%3A%22Arial%2C%20Tahoma%2C%20Helvetica%2C%20FreeSans%2C%20sans-serif%22%7D | 0.0.0.0 | | 0 B |
URL GET www.blogger.com/comment/frame/3405693820859981231?po=4364866522047349775&hl=en&blogspotRpcToken=6538628#%7B%22color%22%3A%22rgb(102%2C%20102%2C%20102)%22%2C%22backgroundColor%22%3A%22rgb(61%2C%20133%2C%20198)%22%2C%22unvisitedLinkColor%22%3A%22rgb(61%2C%20116%2C%20165)%22%2C%22fontFamily%22%3A%22Arial%2C%20Tahoma%2C%20Helvetica%2C%20FreeSans%2C%20sans-serif%22%7D IP0.0.0.0:0
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerGoogle Trust Services Subject*.blogger.com Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79 ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /comment/frame/3405693820859981231?po=4364866522047349775&hl=en&blogspotRpcToken=6538628 HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| webtrafbit.ru/bootstrap-5.1.1-dist/css/bootstrap.min.css | 185.105.111.32 | 200 OK | 163 kB |
URL GET webtrafbit.ru/bootstrap-5.1.1-dist/css/bootstrap.min.css IP185.105.111.32:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
Size163 kB (162770 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bootstrap-5.1.1-dist/css/bootstrap.min.css HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:09 GMT
Content-Type: text/css
Last-Modified: Thu, 05 Dec 2024 10:07:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"67517b53-27bd2"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000;
Content-Encoding: gzip
|
|
| cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js | 104.17.24.14 | 200 OK | 86 kB |
URL GET cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js IP104.17.24.14:443
Requested byhttps://w.leadsleap.com/php.php?ll_r=sofiahalbof&ll_id=w38245&ll_sr=&ll_f=0&ll_tbo=&ll_hc=%23e22121&ll_tc=%23555a69&ll_cc=%238d9aa6&ll_bc=%23ffffff&ll_dc=%238891a8&ll_w=300&ll_fh=auto&ll_h=250&ll_b=&ll_n=6&ll_fs=&ll_ff=&ll_pa=0&ll_bgc=&ll_s=w&ll_br=&ll_cl=&ll_nc=1&ll_nf=0&ll_nh=0&ll_nm=0&ll_np=1&ll_fo=&ll_no=&ll_so=&ll_nt=0&ll_wt=1&ll_url=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F2021%2F07%2Fblog-post.html&ll_rf=https%3A%2F%2Fllclick.com%2F CertificateIssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32 ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT
File typeJavaScript source, ASCII text, with very long lines (32065) Hash2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://w.leadsleap.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:19 GMT
content-type: application/javascript; charset=utf-8
content-length: 26909
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-14e4a"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 744239
expires: Thu, 12 Mar 2026 19:51:19 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xTG%2BmDCcPXy7IThn1xGvT6p1JQSsfgHVdoPz7%2FkYRdKp8OO6%2Bk1lAYhZ2rmMcsDKV%2BYzc%2FWANTGPE5Jl2FtG0E26UQ3jr1Geh8Nwy7eKd73A5SRigjTvgXrIWKtoaxeI%2FK7NuWMu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 92483918a84a0b06-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| webtrafbit.ru/img/lang/lang__fr.png | 185.105.111.32 | 200 OK | 286 B |
URL GET webtrafbit.ru/img/lang/lang__fr.png IP185.105.111.32:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
File typePNG image data, 22 x 15, 8-bit/color RGBA, non-interlaced Hash2d16c2eb6e8bda3a2a29b8432231d751 15ff26a19b5725d235a946bc7825953f265500ea e4352a0d79f1614b5b6cd1ecf8a90b0e1463fab675f19877bd79f934144df9ab
GET /img/lang/lang__fr.png HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:10 GMT
Content-Type: image/png
Content-Length: 286
Last-Modified: Thu, 05 Dec 2024 10:07:24 GMT
Connection: keep-alive
ETag: "67517b5c-11e"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
|
|
| adslinks.ru/uploads/f5bbf4d15c678b05d56680f73a17a69c.gif | 172.67.150.197 | 200 OK | 54 kB |
URL GET adslinks.ru/uploads/f5bbf4d15c678b05d56680f73a17a69c.gif IP172.67.150.197:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerGoogle Trust Services Subjectadslinks.ru FingerprintE5:AB:5F:73:2A:B4:51:A1:F2:CD:78:BA:7B:6F:34:6F:3D:10:FB:4C ValidityMon, 03 Mar 2025 08:33:04 GMT - Sun, 01 Jun 2025 09:30:26 GMT
File typeGIF image data, version 89a, 468 x 60 Hasha9ade055df91d99d1b250dd75c8c37fd 6eb5cfa458badfcfe727deeb87d6ffd24a55bcc0 3ac75c61212289e269bff59003da2dc9dc8e8d274ec1b51e5ac9612d4beed80e
GET /uploads/f5bbf4d15c678b05d56680f73a17a69c.gif HTTP/1.1
Host: adslinks.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:10 GMT
content-type: image/gif
content-length: 54441
last-modified: Wed, 19 Mar 2025 18:02:21 GMT
etag: "67db06ad-d4a9"
alt-svc: h3=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: HIT
age: 5026
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wv1wYWpj6vx8qC4XX0aDqDoIX9i9jVJKNnszIB%2BAcfYKj%2Fe23W7CetJZ4Bal4L6FXHsZ4PwFqWoEeDak8vWXoKEh6bUThPhWLhs2Cafgrn2I4lJLR1CUyNwFqpXXBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 924838e31a77fba1-AMS
server-timing: cfL4;desc="?proto=QUIC&rtt=22656&min_rtt=20934&rtt_var=9080&sent=14&recv=7&lost=0&retrans=0&sent_bytes=7131&recv_bytes=1398&delivery_rate=30666&cwnd=12000&unsent_bytes=0&cid=2a122c196912ecf7&ts=364&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| cryptofaucets.eti.pw/crypto-prices.php | 85.130.81.193 | 200 OK | 601 B |
URL GET cryptofaucets.eti.pw/crypto-prices.php IP85.130.81.193:443 ASN#13124 A1 Bulgaria EAD
Requested byhttps://cryptofaucets.eti.pw/ CertificateIssuerLet's Encrypt Subjecteti.pw Fingerprint39:F1:E5:BF:E3:BF:59:E4:5A:D6:3E:DD:20:31:DA:BC:DA:87:6F:26 ValidityThu, 13 Mar 2025 13:26:20 GMT - Wed, 11 Jun 2025 13:26:19 GMT
File typeHTML document, ASCII text, with very long lines (648), with no line terminators Hash50c300d6ae777d1625ae5ac3cd47424f 7b498e88616cae45a1e1f80d4da4d257591700ab 6ad573b709cfec8f552130662cceac62317b70375f4dddcc0e1b557595f7bc25
GET /crypto-prices.php HTTP/1.1
Host: cryptofaucets.eti.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptofaucets.eti.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:11 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 374
Keep-Alive: timeout=5, max=49998
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 | 54.173.41.122 | 200 OK | 16 kB |
URL User Request GET safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 IP54.173.41.122:443
CertificateIssuerLet's Encrypt Subjectsafe.sur.ly Fingerprint4D:74:5A:BA:CC:00:FB:97:33:C1:73:06:D0:2D:75:2E:76:64:F8:27 ValidityTue, 21 Jan 2025 17:57:33 GMT - Mon, 21 Apr 2025 17:57:32 GMT
File typeHTML document, ASCII text Hasha457b3719070093d2f6143f06d433a99 8cac208de9f737aa15a7e68ae0b57bd1bcaa477b f53097f5850013c0677b19285acee29d088ef20735b733c38c13c256f9f3e624
GET /o/https://www.myadboardtraffic.com/click.php?id=41094 HTTP/1.1
Host: safe.sur.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.14.2
date: Sat, 22 Mar 2025 19:51:04 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, User-Agent
x-robots-tag: noindex
set-cookie: visitor_id=3a4473efc7989f27891b2c15f6b4ac18aeda9bdd; path=/
surl_panel=1; expires=Tue, 10-Jun-2081 19:51:04 GMT; Max-Age=1774137600; path=/
panel_mobile_stub_show=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
referrer-policy: origin-when-cross-origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| resources.blogblog.com/img/icon18_email.gif | 172.217.21.169 | 200 OK | 164 B |
URL GET resources.blogblog.com/img/icon18_email.gif IP172.217.21.169:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerGoogle Trust Services Subject*.blogger.com Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79 ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT
File typeGIF image data, version 89a, 18 x 13 Hash36b9f993db1b953f3b9b08040aaf9af4 18248661b307586dc291fd2dff4bb59cf7579475 1258cbe1e2900ec3df11a83a6bb6008d7a833f783a6df80b0d5d45a052ac1466
GET /img/icon18_email.gif HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 164
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 09:36:01 GMT
expires: Thu, 27 Mar 2025 09:36:01 GMT
cache-control: public, max-age=604800
last-modified: Wed, 19 Mar 2025 19:54:16 GMT
content-type: image/gif
age: 209708
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.blogger.com/img/share_buttons_20_3.png | 172.217.21.169 | 200 OK | 5.1 kB |
URL GET www.blogger.com/img/share_buttons_20_3.png IP172.217.21.169:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerGoogle Trust Services Subject*.blogger.com Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79 ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT
File typePNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced Hashad9999106d5f550920b586e8e1704e5a 93fd02c51166402a41f96509cd0ca3fb917877dd 3829a5b2ade7cfc416c80b8f3df71e49e68672875f025d525223978f5cee3fd3
GET /img/share_buttons_20_3.png HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.blogger.com/static/v1/widgets/3566091532-css_bundle_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 5080
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 09:23:19 GMT
expires: Thu, 27 Mar 2025 09:23:19 GMT
cache-control: public, max-age=604800
last-modified: Thu, 20 Mar 2025 08:53:18 GMT
content-type: image/png
age: 210470
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.blogger.com/static/v1/widgets/3566091532-css_bundle_v2.css | 172.217.21.169 | 200 OK | 36 kB |
URL GET www.blogger.com/static/v1/widgets/3566091532-css_bundle_v2.css IP172.217.21.169:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerGoogle Trust Services Subject*.blogger.com Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79 ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT
File typeASCII text, with very long lines (35959) Hash1e32420a7b6ddbdcb7def8b3141c4d1e a1be54d42ff1f95244c9653539f90318f5bc0580 a9ca837900b6ae007386d400f659c233120b8af7d93407fd6475c9180d9e83d2
GET /static/v1/widgets/3566091532-css_bundle_v2.css HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 7756
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 09:14:33 GMT
expires: Fri, 20 Mar 2026 09:14:33 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 19 Mar 2025 19:54:16 GMT
content-type: text/css
vary: Accept-Encoding
age: 210996
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| webtrafbit.ru/img/lang/lang__it.png | 185.105.111.32 | 200 OK | 1.3 kB |
URL GET webtrafbit.ru/img/lang/lang__it.png IP185.105.111.32:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
File typePNG image data, 22 x 15, 8-bit/color RGB, non-interlaced Hasha95758fba3e16a1fc300727297b32b81 970ecd3db09893a5f32588bbab147c268858b3e1 b636caa73945fb1e0091ac1d7358b6bc1c437f10727ae2a32b00c599dd9c82e8
GET /img/lang/lang__it.png HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:10 GMT
Content-Type: image/png
Content-Length: 1346
Last-Modified: Thu, 05 Dec 2024 10:07:24 GMT
Connection: keep-alive
ETag: "67517b5c-542"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
|
|
| nanswap.com/cdn-cgi/rum? | 104.21.95.229 | 204 No Content | 0 B |
IP104.21.95.229:443
Requested byhttps://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy CertificateIssuerGoogle Trust Services Subjectnanswap.com Fingerprint94:2A:7A:41:6D:BF:DA:41:BF:1A:3F:68:DF:5E:9F:40:4E:7C:CC:49 ValiditySat, 08 Feb 2025 13:38:27 GMT - Fri, 09 May 2025 14:36:29 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/rum? HTTP/1.1
Host: nanswap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1229
Origin: https://nanswap.com
DNT: 1
Connection: keep-alive
Referer: https://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 204 No Content
date: Sat, 22 Mar 2025 19:51:13 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://nanswap.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 924838f3ef2bf5b0-AMS
x-frame-options: DENY
|
|
| coinbon.us/bnbpick300o.gif | 66.29.146.95 | 200 OK | 66 kB |
URL GET coinbon.us/bnbpick300o.gif IP66.29.146.95:443
Requested byhttps://zerads.com/ad/ad.php?width=300&ref=524 CertificateIssuerSectigo Limited Subjectcoinbon.us Fingerprint18:7B:D4:0B:E5:A4:CD:63:36:1A:04:71:88:86:CF:C6:D7:43:12:72 ValiditySat, 05 Oct 2024 00:00:00 GMT - Thu, 09 Oct 2025 23:59:59 GMT
File typeGIF image data, version 89a, 300 x 250 Hash6dbdb4648280f3b8375cc7612cbafa7b d0a070f22a86fd82b60e3f2687fdbcce07167118 41cb12e26d1233f4523592c48c449195fb6246d13268c27bbf2b78f00671cd6b
GET /bnbpick300o.gif HTTP/1.1
Host: coinbon.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zerads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 29 Mar 2025 19:51:13 GMT
content-type: image/gif
last-modified: Sat, 29 Apr 2023 19:50:08 GMT
accept-ranges: bytes
content-length: 66054
date: Sat, 22 Mar 2025 19:51:13 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
|
|
| www.google.com/recaptcha/api2/webworker.js?hl=en&v=bUO1BXI8H9PgjAPSW9hwuSeI | 142.250.74.68 | 200 OK | 102 B |
URL GET www.google.com/recaptcha/api2/webworker.js?hl=en&v=bUO1BXI8H9PgjAPSW9hwuSeI IP142.250.74.68:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu&co=aHR0cHM6Ly93d3cuYmxvZ2dlci5jb206NDQz&hl=en&v=bUO1BXI8H9PgjAPSW9hwuSeI&size=invisible&cb=hnl8na299a3m CertificateIssuerGoogle Trust Services Subject*.google.com FingerprintB5:4D:C5:27:B4:49:22:F3:21:DF:88:3D:E6:05:D6:A1:02:98:C7:E2 ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT
File typeASCII text, with no line terminators Hash338d2b4b23bc8440059813e17edb4708 30edf24dfe0a845a566e1221d6770c6f8e4e04be 9be5fcdaabc32295abaa67c5565b9cab7bd8dcce77e59d84bdf8818683ba998e
GET /recaptcha/api2/webworker.js?hl=en&v=bUO1BXI8H9PgjAPSW9hwuSeI HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu&co=aHR0cHM6Ly93d3cuYmxvZ2dlci5jb206NDQz&hl=en&v=bUO1BXI8H9PgjAPSW9hwuSeI&size=invisible&cb=hnl8na299a3m
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/javascript; charset=utf-8
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}, {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
expires: Sat, 22 Mar 2025 19:51:13 GMT
date: Sat, 22 Mar 2025 19:51:13 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: same-site
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.googletagmanager.com/gtag/js?id=G-L04HQHN9RZ | 142.250.74.168 | 200 OK | 360 kB |
URL GET www.googletagmanager.com/gtag/js?id=G-L04HQHN9RZ IP142.250.74.168:443
Requested byhttps://safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 CertificateIssuerGoogle Trust Services Subject*.google-analytics.com Fingerprint16:BA:A3:B5:22:51:BB:87:46:7F:17:3F:9D:14:B3:35:F0:FE:B1:8D ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT
File typeJavaScript source, ASCII text, with very long lines (5343) Size360 kB (360077 bytes) Hasheeb7fcec8e0d5c286145e0153b918a6c 50f0564d1fec2820519f3c5f1a01235230551504 03a22eab05bfe1bb0d3a2b5bd14dc8b6bb7929edc19c42c94c50fe2dfbddf72d
GET /gtag/js?id=G-L04HQHN9RZ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://safe.sur.ly/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 22 Mar 2025 19:51:04 GMT
expires: Sat, 22 Mar 2025 19:51:04 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1020:0
report-to: {"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
server: Google Tag Manager
content-length: 120675
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| nanswap.com/_next/static/chunks/main-d4ca74d73c5b344f.js | 104.21.95.229 | 200 OK | 128 kB |
URL GET nanswap.com/_next/static/chunks/main-d4ca74d73c5b344f.js IP104.21.95.229:443
Requested byhttps://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy CertificateIssuerGoogle Trust Services Subjectnanswap.com Fingerprint94:2A:7A:41:6D:BF:DA:41:BF:1A:3F:68:DF:5E:9F:40:4E:7C:CC:49 ValiditySat, 08 Feb 2025 13:38:27 GMT - Fri, 09 May 2025 14:36:29 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size128 kB (128315 bytes) Hashbafaa1b8b33802570eb425e192ea7621 17378520932ffdb4fda905f21c897a7fa2ecf4d3 bbb563c91729fdd4433590343f42d9343c524992594f4eaf48550c03ac657584
GET /_next/static/chunks/main-d4ca74d73c5b344f.js HTTP/1.1
Host: nanswap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:12 GMT
content-type: application/javascript; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3UVOzVVMspjr9D%2Bymls5wB%2Fsdfc2rjuUVfzJ48lySDXWLo5XIeUAR4zC1OHw5CRgZkH5ZLCf2PlY1YwijJQIlJUMkqUOc3NHmIQPscpKhZwXbZPndKBYt4Hu9BGDYA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Tue, 04 Mar 2025 16:09:59 GMT
etag: W/"1f53b-19561ebd1de"
vary: Accept-Encoding
content-encoding: gzip
age: 777119
cf-cache-status: HIT
cf-ray: 924838ee0e00f5b0-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400
|
|
| nanswap.com/_next/static/chunks/pages/iframe-swap/swap-9d11b36e3bfcff07.js | 104.21.95.229 | 200 OK | 262 B |
URL GET nanswap.com/_next/static/chunks/pages/iframe-swap/swap-9d11b36e3bfcff07.js IP104.21.95.229:443
Requested byhttps://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy CertificateIssuerGoogle Trust Services Subjectnanswap.com Fingerprint94:2A:7A:41:6D:BF:DA:41:BF:1A:3F:68:DF:5E:9F:40:4E:7C:CC:49 ValiditySat, 08 Feb 2025 13:38:27 GMT - Fri, 09 May 2025 14:36:29 GMT
File typeASCII text, with no line terminators Hash4c39fb6cba78158ccd482d0de0325938 474c2d4527e3bcf392e631c8331e88e4d9ac824a ab1b1d8d61f73c19d7be05021481e599eb4a59d0e938b296e0e3bb8e1d01c06d
GET /_next/static/chunks/pages/iframe-swap/swap-9d11b36e3bfcff07.js HTTP/1.1
Host: nanswap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:12 GMT
content-type: application/javascript; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7jHroh8jxLxSMdYY63Z%2FXbvhBqf3ivV0386sh3I7yO6%2F5kSzQ%2BC40SrJvgl3NUKc9vVgSJtahnhv5dnVLAdc6I1K683UMuxBGrPdOuoAiQDMhAwUGDP6xLqh%2FX1WBw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 21 Mar 2025 20:40:22 GMT
etag: W/"106-195ba6f7a53"
vary: Accept-Encoding
age: 43349
cf-cache-status: HIT
content-encoding: br
cf-ray: 924838ee1e04f5b0-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400
|
|
| ads.eti.pw/banners | 85.130.81.193 | 200 OK | 5.5 kB |
IP85.130.81.193:443 ASN#13124 A1 Bulgaria EAD
Requested byhttps://cryptofaucets.eti.pw/ CertificateIssuerLet's Encrypt Subjecteti.pw Fingerprint39:F1:E5:BF:E3:BF:59:E4:5A:D6:3E:DD:20:31:DA:BC:DA:87:6F:26 ValidityThu, 13 Mar 2025 13:26:20 GMT - Wed, 11 Jun 2025 13:26:19 GMT
File typeHTML document, ASCII text, with very long lines (5536), with no line terminators Hashd9a7ad3178262cf58ba719b7bb74bc03 16ea037fc6d8dc4b6ac9572f0d2b77edf5bb8569 084de17a52b20f13f361672c4eb483e2fe83d2e2bcd6b330ca13d95178b9ddbe
GET /banners HTTP/1.1
Host: ads.eti.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptofaucets.eti.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:12 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1687
Keep-Alive: timeout=5, max=50000
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| sofiahalbofanimeworld.blogspot.com/js/cookienotice.js | 142.250.74.161 | 200 OK | 6.5 kB |
URL GET sofiahalbofanimeworld.blogspot.com/js/cookienotice.js IP142.250.74.161:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerGoogle Trust Services Subjectmisc-sni.blogspot.com FingerprintEE:A5:D6:A7:7C:19:95:69:19:BA:C1:C3:58:8B:D0:60:33:9E:21:A8 ValidityMon, 10 Mar 2025 08:36:41 GMT - Mon, 02 Jun 2025 08:36:40 GMT
File typeJavaScript source, ASCII text, with very long lines (6697), with no line terminators Hash58fae8c90b64305d219093c844ee9dea f47708279a9fd6051380766656d03b4dbf450262 8e6cc498f85167b53b3e1b0937d0764b7c2753214e2365570481b750638a6f64
GET /js/cookienotice.js HTTP/1.1
Host: sofiahalbofanimeworld.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2026
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 22 Mar 2025 14:12:23 GMT
expires: Sat, 29 Mar 2025 14:12:23 GMT
cache-control: public, max-age=604800
last-modified: Sat, 22 Mar 2025 12:50:04 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 20326
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.blogger.com/img/blogger_logo_round_35.png | 172.217.21.169 | 200 OK | 2.5 kB |
URL GET www.blogger.com/img/blogger_logo_round_35.png IP172.217.21.169:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerGoogle Trust Services Subject*.blogger.com Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79 ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT
File typePNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced Hash838622483cbfed35380b4705f19d7cca 7de684136affc969a24d61927afc18905cf2fc36 183923f8c8c3960dce8ad9722cf55a30d19b321b721741bd9e2ab6ae1f1ae72a
GET /img/blogger_logo_round_35.png HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2531
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 09:17:48 GMT
expires: Thu, 27 Mar 2025 09:17:48 GMT
cache-control: public, max-age=604800
last-modified: Wed, 19 Mar 2025 07:57:06 GMT
content-type: image/png
age: 210801
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.gstatic.com/recaptcha/releases/bUO1BXI8H9PgjAPSW9hwuSeI/recaptcha__en.js | 142.250.74.99 | 200 OK | 561 kB |
URL GET www.gstatic.com/recaptcha/releases/bUO1BXI8H9PgjAPSW9hwuSeI/recaptcha__en.js IP142.250.74.99:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu&co=aHR0cHM6Ly93d3cuYmxvZ2dlci5jb206NDQz&hl=en&v=bUO1BXI8H9PgjAPSW9hwuSeI&size=invisible&cb=hnl8na299a3m CertificateIssuerGoogle Trust Services Subject*.gstatic.com Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT
Size561 kB (560963 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /recaptcha/releases/bUO1BXI8H9PgjAPSW9hwuSeI/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
timing-allow-origin: *
content-length: 220514
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 22 Mar 2025 08:50:15 GMT
expires: Sun, 22 Mar 2026 08:50:15 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 17 Mar 2025 04:01:22 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 39658
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| webtrafbit.ru/js/jquery-3.6.0.min.js | 185.105.111.32 | 200 OK | 90 kB |
URL GET webtrafbit.ru/js/jquery-3.6.0.min.js IP185.105.111.32:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
File typeJavaScript source, ASCII text, with very long lines (65446), with CRLF line terminators Hash0732e3eabbf8aa7ce7f69eedbd07dfdd 4cd5ddc413b3024d7b56331c0d0d0b2bd933f27f ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b
GET /js/jquery-3.6.0.min.js HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:09 GMT
Content-Type: application/javascript
Last-Modified: Thu, 05 Dec 2024 10:06:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"67517b41-15d9f"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000;
Content-Encoding: gzip
|
|
| trafficadbar.com/assets/ads.css | 3.229.155.117 | 200 OK | 385 B |
URL GET trafficadbar.com/assets/ads.css IP3.229.155.117:443
Requested byhttps://trafficadbar.com/bar/page2.php?a=sofiahalbof&b=252&c=90&d=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F2021%2F07%2Fblog-post.html&e=%23ffffff&f=%23AC0101&g=%23f8f8f8&h=%23000000&i=%237c8e06&ref1=https%3A%2F%2Fllclick.com%2F&stg=2&ww=252&wh=90&ref=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F CertificateIssuerAmazon Subjecttrafficadbar.com Fingerprint4A:C5:E8:C2:D5:BE:F7:04:3C:95:C0:E9:E0:CF:50:81:F5:34:41:D9 ValidityFri, 30 Aug 2024 00:00:00 GMT - Sat, 27 Sep 2025 23:59:59 GMT
File typeASCII text, with very long lines (437), with no line terminators Hashbba60ef5a6f086b7cdf1badb389b22ce 7e0216f46d356d30695935fe8cae60b691548972 287982bad3d5801cae87ec38c03252fad7aab58b6629950573cb7c53f82bdf1a
GET /assets/ads.css HTTP/1.1
Host: trafficadbar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://trafficadbar.com/bar/page2.php?a=sofiahalbof&b=252&c=90&d=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F2021%2F07%2Fblog-post.html&e=%23ffffff&f=%23AC0101&g=%23f8f8f8&h=%23000000&i=%237c8e06&ref1=https%3A%2F%2Fllclick.com%2F&stg=2&ww=252&wh=90&ref=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:10 GMT
content-type: text/css
content-length: 385
server: nginx/1.26.1
last-modified: Sun, 21 Jul 2024 12:41:40 GMT
etag: "669d0204-181"
expires: Wed, 21 May 2025 19:51:10 GMT
pragma: public
cache-control: max-age=5184000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| www.blogger.com/_/scs/mss-static/_/js/k=boq-blogger.BloggerCommentUi.en.oKIMd9HUh2w.es5.O/ck=boq-blogger.BloggerCommentUi.BnO9S1S6xfw.L.F4.O/am=DYABzA/d=1/exm=A7fCU,BVgquf,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,LvGhrf,MI6k7c,MdUzUe,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,PrPYRd,QIhFr,RMhBfe,RqjULd,RyvaUb,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VXdfxd,WO9ee,XVMNvd,YwHGTd,Z5uLle,ZDZcre,ZwDk9d,_b,_tp,aW3pY,byfTOb,e5qFLc,eD1YLc,fgib1c,gZjhIf,gychg,hKSk3e,hc6Ubd,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,p3hmRc,pjICDe,pw70Gc,pxq3x,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,zbML3c,zr1jrb/excm=_b,_tp,commentformiframeview/ed=1/wt=2/ujg=1/rs=AEy-KP3SZ2TDiTFHfl66VVVJknfv1Fi0gw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=P6sQOc | 172.217.21.169 | 200 OK | 1.3 kB |
URL GET www.blogger.com/_/scs/mss-static/_/js/k=boq-blogger.BloggerCommentUi.en.oKIMd9HUh2w.es5.O/ck=boq-blogger.BloggerCommentUi.BnO9S1S6xfw.L.F4.O/am=DYABzA/d=1/exm=A7fCU,BVgquf,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,LvGhrf,MI6k7c,MdUzUe,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,PrPYRd,QIhFr,RMhBfe,RqjULd,RyvaUb,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VXdfxd,WO9ee,XVMNvd,YwHGTd,Z5uLle,ZDZcre,ZwDk9d,_b,_tp,aW3pY,byfTOb,e5qFLc,eD1YLc,fgib1c,gZjhIf,gychg,hKSk3e,hc6Ubd,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,p3hmRc,pjICDe,pw70Gc,pxq3x,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,zbML3c,zr1jrb/excm=_b,_tp,commentformiframeview/ed=1/wt=2/ujg=1/rs=AEy-KP3SZ2TDiTFHfl66VVVJknfv1Fi0gw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=P6sQOc IP172.217.21.169:443
Requested byhttps://www.blogger.com/comment/frame/3405693820859981231?po=4364866522047349775&hl=en&blogspotRpcToken=6538628#%7B%22color%22:%22rgb(102,%20102,%20102)%22,%22backgroundColor%22:%22rgb(61,%20133,%20198)%22,%22unvisitedLinkColor%22:%22rgb(61,%20116,%20165)%22,%22fontFamily%22:%22Arial,%20Tahoma,%20Helvetica,%20FreeSans,%20sans-serif%22%7D CertificateIssuerGoogle Trust Services Subject*.blogger.com Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79 ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT
File typeJavaScript source, ASCII text, with very long lines (1362), with no line terminators Hash36f241f3964c746ee3f0c14fe9491e82 95ad1da8b6f7dddcd196c35738636ab5a7f8178b 51ea491fec0dddd4590febf0d3d61c7f27d313549c496eb8f04c198152de563b
GET /_/scs/mss-static/_/js/k=boq-blogger.BloggerCommentUi.en.oKIMd9HUh2w.es5.O/ck=boq-blogger.BloggerCommentUi.BnO9S1S6xfw.L.F4.O/am=DYABzA/d=1/exm=A7fCU,BVgquf,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,LvGhrf,MI6k7c,MdUzUe,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,PrPYRd,QIhFr,RMhBfe,RqjULd,RyvaUb,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VXdfxd,WO9ee,XVMNvd,YwHGTd,Z5uLle,ZDZcre,ZwDk9d,_b,_tp,aW3pY,byfTOb,e5qFLc,eD1YLc,fgib1c,gZjhIf,gychg,hKSk3e,hc6Ubd,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,p3hmRc,pjICDe,pw70Gc,pxq3x,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,zbML3c,zr1jrb/excm=_b,_tp,commentformiframeview/ed=1/wt=2/ujg=1/rs=AEy-KP3SZ2TDiTFHfl66VVVJknfv1Fi0gw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=P6sQOc HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/blogger-boq-js-css-signers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="boq-infra/blogger-boq-js-css-signers"
report-to: {"group":"boq-infra/blogger-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/blogger-boq-js-css-signers"}]}
content-length: 722
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 21 Mar 2025 03:01:31 GMT
expires: Sat, 21 Mar 2026 03:01:31 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 20 Mar 2025 05:08:43 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 146980
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.blogger.com/static/v1/jsbin/681870030-comment_from_post_iframe.js | 172.217.21.169 | 200 OK | 17 kB |
URL GET www.blogger.com/static/v1/jsbin/681870030-comment_from_post_iframe.js IP172.217.21.169:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerGoogle Trust Services Subject*.blogger.com Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79 ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT
File typeJavaScript source, ASCII text, with very long lines (1414) Hash0be1f2f7521b0d17b8a71d096fbfa749 2857151d4e6df2bc66027046af8cf50c65a5879f d13895d0a7c1f15703af496c0f754e5bcbd334e89b426283fef7262ee3ce504e
GET /static/v1/jsbin/681870030-comment_from_post_iframe.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 6483
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 09:15:51 GMT
expires: Fri, 20 Mar 2026 09:15:51 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 19 Mar 2025 14:51:59 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 210918
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| webtrafbit.ru/img/lang/lang__de.png | 185.105.111.32 | 200 OK | 302 B |
URL GET webtrafbit.ru/img/lang/lang__de.png IP185.105.111.32:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
File typePNG image data, 22 x 15, 8-bit/color RGBA, non-interlaced Hash35d3ad2c76c3d5e123c3559cd0fd2854 b877f49ae766872803a254068b0a2135ec786213 22afd4aaee14dea5dd0e34ac845e57585b18db3ef1d3390170ec8b7428ab99cc
GET /img/lang/lang__de.png HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:10 GMT
Content-Type: image/png
Content-Length: 302
Last-Modified: Thu, 05 Dec 2024 10:07:24 GMT
Connection: keep-alive
ETag: "67517b5c-12e"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
|
|
| webtrafbit.ru/img/lang/lang__nl.png | 185.105.111.32 | 200 OK | 1.2 kB |
URL GET webtrafbit.ru/img/lang/lang__nl.png IP185.105.111.32:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
File typePNG image data, 22 x 15, 8-bit/color RGBA, non-interlaced Hashd4713ab90df5c0130b292fccf67e8012 63a377cc3c39af2d93edd4cdaeb57cbafe1adb2d b2b75bf36dbe5c5831874eefc44dfd61f204b664e9146e43e13bda7997fe8fa0
GET /img/lang/lang__nl.png HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:10 GMT
Content-Type: image/png
Content-Length: 1195
Last-Modified: Thu, 05 Dec 2024 10:07:24 GMT
Connection: keep-alive
ETag: "67517b5c-4ab"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
|
|
| nanswap.com/_next/static/chunks/framework-28ac6df9df25500d.js | 104.21.95.229 | 200 OK | 140 kB |
URL GET nanswap.com/_next/static/chunks/framework-28ac6df9df25500d.js IP104.21.95.229:443
Requested byhttps://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy CertificateIssuerGoogle Trust Services Subjectnanswap.com Fingerprint94:2A:7A:41:6D:BF:DA:41:BF:1A:3F:68:DF:5E:9F:40:4E:7C:CC:49 ValiditySat, 08 Feb 2025 13:38:27 GMT - Fri, 09 May 2025 14:36:29 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size140 kB (139998 bytes) Hash9e07c058b4afcc58611ed18a64bbebcc 11a75eb535071953479e5ef22764bc4f443738b3 601d179b3f21e6e7244225e3a2130ea3a1daf614e847700129faf639a9b34f0d
GET /_next/static/chunks/framework-28ac6df9df25500d.js HTTP/1.1
Host: nanswap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:12 GMT
content-type: application/javascript; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eNHFe2rpHr1Gedo0NBuwEOq5xPDACr7VsKlHQAsqO4MLMKTymbZKuGbfHpfyxN51VhcY%2BSC%2FRQZsiHtM7dcRxNGEKdbYlWKAO2tJ4moHqtGzW22GBUaPaZaUwaURaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Sun, 16 Mar 2025 11:06:16 GMT
etag: W/"222de-1959ea21060"
vary: Accept-Encoding
content-encoding: gzip
age: 513053
cf-cache-status: HIT
cf-ray: 924838ee0dfdf5b0-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400
|
|
| nanswap.com/_next/static/GLvWkfZLRwmGsylhz2Gat/_ssgManifest.js | 104.21.95.229 | 200 OK | 1.0 kB |
URL GET nanswap.com/_next/static/GLvWkfZLRwmGsylhz2Gat/_ssgManifest.js IP104.21.95.229:443
Requested byhttps://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy CertificateIssuerGoogle Trust Services Subjectnanswap.com Fingerprint94:2A:7A:41:6D:BF:DA:41:BF:1A:3F:68:DF:5E:9F:40:4E:7C:CC:49 ValiditySat, 08 Feb 2025 13:38:27 GMT - Fri, 09 May 2025 14:36:29 GMT
File typeASCII text, with very long lines (1149), with no line terminators Hashd4709b631164320a3f7bfb1cf038e48d 7359823ed08446c6caa9009479cae90059ad2f4d 4599c1fe97b7f2aaef719121d8d7cf3bc38b5e3efd5da07c5a327c9e0dfadddf
GET /_next/static/GLvWkfZLRwmGsylhz2Gat/_ssgManifest.js HTTP/1.1
Host: nanswap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:12 GMT
content-type: application/javascript; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4NM2aM76n0VoIp1tFRBkJ5ktc0RWcEMgP0WBmR0%2FxijkDECx6fjKQWF%2FJfl9WZ8s6p1emKxRqzd6lNXbGkay5jN%2B54bXnuYDl3%2FQ7M%2BXnnDS1%2BoKU9pw7Lh5stEzqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 21 Mar 2025 20:40:22 GMT
etag: W/"400-195ba6f7a54"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 83439
cf-ray: 924838ee2e09f5b0-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400
|
|
| webcounter.eti.pw/styles/96/7.png | 85.130.81.193 | 200 OK | 74 B |
URL GET webcounter.eti.pw/styles/96/7.png IP85.130.81.193:443 ASN#13124 A1 Bulgaria EAD
Requested byhttps://cryptofaucets.eti.pw/ CertificateIssuerLet's Encrypt Subjecteti.pw Fingerprint39:F1:E5:BF:E3:BF:59:E4:5A:D6:3E:DD:20:31:DA:BC:DA:87:6F:26 ValidityThu, 13 Mar 2025 13:26:20 GMT - Wed, 11 Jun 2025 13:26:19 GMT
File typePNG image data, 5 x 7, 1-bit grayscale, non-interlaced Hash0891c163283c16235415416a066ee155 bfc2b011aa14839e8302ad780ad64423e444e34a 99e94af754cfb1a153a1c4847ae74af45d4e0afa08cac43f0d52619f2e4acce6
GET /styles/96/7.png HTTP/1.1
Host: webcounter.eti.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptofaucets.eti.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:13 GMT
Server: Apache
Last-Modified: Tue, 30 Oct 2001 18:38:46 GMT
ETag: "4a-3918eba3bd980"
Accept-Ranges: bytes
Content-Length: 74
Keep-Alive: timeout=5, max=50000
Connection: Keep-Alive
Content-Type: image/png
|
|
| imageshare.eti.pw/i/fc5bf9319cda01de794ebcae2518afa1.png | 85.130.81.193 | 200 OK | 129 kB |
URL GET imageshare.eti.pw/i/fc5bf9319cda01de794ebcae2518afa1.png IP85.130.81.193:443 ASN#13124 A1 Bulgaria EAD
Requested byhttps://ads.eti.pw/300x250banners CertificateIssuerLet's Encrypt Subjecteti.pw Fingerprint39:F1:E5:BF:E3:BF:59:E4:5A:D6:3E:DD:20:31:DA:BC:DA:87:6F:26 ValidityThu, 13 Mar 2025 13:26:20 GMT - Wed, 11 Jun 2025 13:26:19 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Size129 kB (128898 bytes) Hashfc5bf9319cda01de794ebcae2518afa1 e74ce883c68a62b5e687d25b8aeb2d699faeaa7d 59d5806d60df832446a593f35a13336692b19db98e32cbb4f8be62b1ec8dd2a7
GET /i/fc5bf9319cda01de794ebcae2518afa1.png HTTP/1.1
Host: imageshare.eti.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ads.eti.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:12 GMT
Server: Apache
Last-Modified: Mon, 08 Apr 2024 22:28:06 GMT
ETag: "1f782-6159d51cae999"
Accept-Ranges: bytes
Content-Length: 128898
Keep-Alive: timeout=5, max=49998
Connection: Keep-Alive
Content-Type: image/png
|
|
| adboardz.com/zap.php?pid=99721 | 181.214.142.118 | 302 Moved Temporarily | 64 kB |
URL GET adboardz.com/zap.php?pid=99721 IP181.214.142.118:443 ASN#14670 WHG Hosting Services Ltd
Requested byhttps://llclick.com/9cnxhff7/verytenoi CertificateIssuerLet's Encrypt Subject*.adboardz.com FingerprintE4:1F:45:CB:B7:F9:E5:5A:54:8F:D7:D3:EF:D7:6F:A9:8C:8C:F4:2F ValidityThu, 06 Mar 2025 10:55:04 GMT - Wed, 04 Jun 2025 10:55:03 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zap.php?pid=99721 HTTP/1.1
Host: adboardz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llclick.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Date: Sat, 22 Mar 2025 19:51:08 GMT
Server: Apache
X-Powered-By: PHP/5.6.40
Location: https://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
|
|
| www.blogger.com/navbar/3405693820859981231?po=4364866522047349775&origin=https://sofiahalbofanimeworld.blogspot.com&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.fwXSHnIYz-4.O%2Fd%3D1%2Frs%3DAHpOoo_SvulQ5pP6FvvJyrQeIOJ4MStGTQ%2Fm%3D__features__#id=navbar-iframe&_gfid=navbar-iframe&parent=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com&pfname=&rpctoken=36696282 | 172.217.21.169 | 200 OK | 0 B |
URL GET www.blogger.com/navbar/3405693820859981231?po=4364866522047349775&origin=https://sofiahalbofanimeworld.blogspot.com&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.fwXSHnIYz-4.O%2Fd%3D1%2Frs%3DAHpOoo_SvulQ5pP6FvvJyrQeIOJ4MStGTQ%2Fm%3D__features__#id=navbar-iframe&_gfid=navbar-iframe&parent=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com&pfname=&rpctoken=36696282 IP172.217.21.169:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerGoogle Trust Services Subject*.blogger.com Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79 ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /navbar/3405693820859981231?po=4364866522047349775&origin=https://sofiahalbofanimeworld.blogspot.com&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.fwXSHnIYz-4.O%2Fd%3D1%2Frs%3DAHpOoo_SvulQ5pP6FvvJyrQeIOJ4MStGTQ%2Fm%3D__features__ HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 22 Mar 2025 19:51:10 GMT
content-security-policy: frame-ancestors https://sofiahalbofanimeworld.blogspot.com, require-trusted-types-for 'script';report-uri /_/BloggerNavbarUi/cspreport, script-src 'nonce-H_v53jrUs1R81tmH187URg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/BloggerNavbarUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/;report-uri /_/BloggerNavbarUi/cspreport/allowlist
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: same-site
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: same-origin
reporting-endpoints: default="/_/BloggerNavbarUi/web-reports?context=eJzjctHikmJw05BiqHXfyVR6ZSeT06ubTDK9t5geT7nFFPpiOmsqELfePMc6FYiN1p5ndQJiQ4VLrI5AXCRxhbUJiIV4ONat_LOPTeDB_AutjEpKSfmF8Uk5-enpqUWlmcWpRWWpRfFGBkamBsZGBnoGBvEFBgDrui0_"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=522=mhX-ugMagGmzinx1_bnOhjXqC7iFJOo1W9j0JBP2JuaNv3HgDnEr-oyJTE-MNN1PLhtI-HdCXCI_OlVa2cDmn9MsB-A8gU_clS1AJahdT5qNuAByo0V-uo8qIK4K4jkUX_OexnJO4goWFzmhHkrbr_Uo4FCZfr_rvRGykE20h5wHa_WxEnTtmwhmfI0jzunI8XfQaR1Xsj5sEd65PpqhLHs9Lv0; expires=Sun, 21-Sep-2025 19:51:10 GMT; path=/; domain=.blogger.com; Secure; HttpOnly
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| ads.eti.pw/img/ads.eti.pw.png | 85.130.81.193 | 200 OK | 22 kB |
URL GET ads.eti.pw/img/ads.eti.pw.png IP85.130.81.193:443 ASN#13124 A1 Bulgaria EAD
Requested byhttps://cryptofaucets.eti.pw/ CertificateIssuerLet's Encrypt Subjecteti.pw Fingerprint39:F1:E5:BF:E3:BF:59:E4:5A:D6:3E:DD:20:31:DA:BC:DA:87:6F:26 ValidityThu, 13 Mar 2025 13:26:20 GMT - Wed, 11 Jun 2025 13:26:19 GMT
File typePNG image data, 320 x 50, 8-bit/color RGBA, non-interlaced Hashb04fb8dd6e31f369a3fd433cce305b7b 41e239b201dcfeaa0e50f420dae178ef39aa59f1 bd663217d43d6f36d6c02fb56eefc41ef945e41489652562242309d551282787
GET /img/ads.eti.pw.png HTTP/1.1
Host: ads.eti.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptofaucets.eti.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:12 GMT
Server: Apache
Last-Modified: Sat, 17 Sep 2022 14:34:22 GMT
ETag: "57fb-5e8e05fda65d1"
Accept-Ranges: bytes
Content-Length: 22523
Keep-Alive: timeout=5, max=49999
Connection: Keep-Alive
Content-Type: image/png
|
|
| api.fpadserver.com/static/icons/icon.svg | 104.21.32.41 | 200 OK | 1.5 kB |
URL GET api.fpadserver.com/static/icons/icon.svg IP104.21.32.41:443
Requested byhttps://api.fpadserver.com/banner?id=1753&size=728x90 CertificateIssuerGoogle Trust Services Subjectfpadserver.com Fingerprint59:27:DB:35:C6:E3:71:A1:65:B1:1D:AF:8A:AD:89:A8:E7:53:71:F8 ValidityWed, 19 Feb 2025 14:57:31 GMT - Tue, 20 May 2025 15:55:10 GMT
File typeSVG Scalable Vector Graphics image Hashc015556f85a597079864d27020185e42 c34967a6298d675768c9218c3e321d92b40eb607 5d9ea6f6631c900499cb0a12a795071ca93fec4e320c4017e265df68bb06f5f3
GET /static/icons/icon.svg HTTP/1.1
Host: api.fpadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://api.fpadserver.com/banner?id=1753&size=728x90
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:11 GMT
content-type: image/svg+xml
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lMnoSoetBGh%2FLg3qlwcEs0FZ3UiT7%2BfoPOwu8d8XmVBD3Ri3B8r0DBLUhSNdqFzah4XsNV9onEXURZLnoTv3iVEkTI039FSjqJQKrPhbFtgqX%2BPRB0hDPHrc9z7vW8n1D5%2FSXRc%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Mon, 06 May 2024 13:04:51 GMT
etag: W/"6638d573-5d2"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4789
content-encoding: br
cf-ray: 924838e968fff5bf-AMS
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
|
|
| resources.blogblog.com/blogblog/data/1kt/ethereal/white-fade.png | 172.217.21.169 | 200 OK | 144 B |
URL GET resources.blogblog.com/blogblog/data/1kt/ethereal/white-fade.png IP172.217.21.169:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerGoogle Trust Services Subject*.blogger.com Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79 ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT
File typePNG image data, 1 x 590, 8-bit/color RGBA, non-interlaced Hash4ba06844286b94adfc8ad7bc8a8fde94 9e1fa0c37abf7c05300b90f8938dd2458409a35e 909a47a95386ffd0420ff44c0f1278a3259b918b1bc8213afa97ad6a4bb5bb58
GET /blogblog/data/1kt/ethereal/white-fade.png HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 144
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 09:33:15 GMT
expires: Thu, 27 Mar 2025 09:33:15 GMT
cache-control: public, max-age=604800
last-modified: Wed, 19 Mar 2025 19:54:16 GMT
content-type: image/png
age: 209874
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.fwXSHnIYz-4.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_SvulQ5pP6FvvJyrQeIOJ4MStGTQ/cb=gapi.loaded_0?le=scs | 142.250.74.110 | 200 OK | 179 kB |
URL GET apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.fwXSHnIYz-4.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_SvulQ5pP6FvvJyrQeIOJ4MStGTQ/cb=gapi.loaded_0?le=scs IP142.250.74.110:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerGoogle Trust Services Subject*.google.com FingerprintB5:4D:C5:27:B4:49:22:F3:21:DF:88:3D:E6:05:D6:A1:02:98:C7:E2 ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT
File typeJavaScript source, ASCII text, with very long lines (1617) Size179 kB (179373 bytes) Hashb3621787cb4038a3e33968e36c2c78b6 b0cdac8477c35c8304d68a0852825fd04e3d20be c20891819cf90bf0b70bf7225757c4d6d50991f60f4b70ae691ffcc17b7053ff
GET /_/scs/abc-static/_/js/k=gapi.lb.en.fwXSHnIYz-4.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_SvulQ5pP6FvvJyrQeIOJ4MStGTQ/cb=gapi.loaded_0?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 59059
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 09:17:53 GMT
expires: Fri, 20 Mar 2026 09:17:53 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 04 Mar 2025 15:24:42 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 210796
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.blogger.com/_/scs/mss-static/_/js/k=boq-blogger.BloggerCommentUi.en.oKIMd9HUh2w.es5.O/ck=boq-blogger.BloggerCommentUi.BnO9S1S6xfw.L.F4.O/am=DYABzA/d=1/exm=_b,_tp/excm=_b,_tp,commentformiframeview/ed=1/wt=2/ujg=1/rs=AEy-KP3SZ2TDiTFHfl66VVVJknfv1Fi0gw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=ws9Tlc,n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,byfTOb,lsjVmc,xUdipf,ZDZcre,OTA3Ae,ZwDk9d,RyvaUb,mI3LFb,WO9ee,eD1YLc,gZjhIf,O6y8ed,PrPYRd,MpJwZc,LEikZe,NwH0H,V3dDOb,lazG7b,XVMNvd,L1AAkb,KUM7Z,s39S4,lwddkf,gychg,w9hDv,RMhBfe,SdcwHb,aW3pY,pw70Gc,EFQ78c,Ulmmrd,A7fCU,mdR7q,wmnU7d,xQtZb,JNoxi,MI6k7c,kjKdXe,BVgquf,QIhFr,hKSk3e,hc6Ubd,SpsfSb,Z5uLle,MdUzUe,zbML3c,zr1jrb,Uas9Hd,pjICDe | 172.217.21.169 | 200 OK | 388 kB |
URL GET www.blogger.com/_/scs/mss-static/_/js/k=boq-blogger.BloggerCommentUi.en.oKIMd9HUh2w.es5.O/ck=boq-blogger.BloggerCommentUi.BnO9S1S6xfw.L.F4.O/am=DYABzA/d=1/exm=_b,_tp/excm=_b,_tp,commentformiframeview/ed=1/wt=2/ujg=1/rs=AEy-KP3SZ2TDiTFHfl66VVVJknfv1Fi0gw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=ws9Tlc,n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,byfTOb,lsjVmc,xUdipf,ZDZcre,OTA3Ae,ZwDk9d,RyvaUb,mI3LFb,WO9ee,eD1YLc,gZjhIf,O6y8ed,PrPYRd,MpJwZc,LEikZe,NwH0H,V3dDOb,lazG7b,XVMNvd,L1AAkb,KUM7Z,s39S4,lwddkf,gychg,w9hDv,RMhBfe,SdcwHb,aW3pY,pw70Gc,EFQ78c,Ulmmrd,A7fCU,mdR7q,wmnU7d,xQtZb,JNoxi,MI6k7c,kjKdXe,BVgquf,QIhFr,hKSk3e,hc6Ubd,SpsfSb,Z5uLle,MdUzUe,zbML3c,zr1jrb,Uas9Hd,pjICDe IP172.217.21.169:443
Requested byhttps://www.blogger.com/comment/frame/3405693820859981231?po=4364866522047349775&hl=en&blogspotRpcToken=6538628#%7B%22color%22:%22rgb(102,%20102,%20102)%22,%22backgroundColor%22:%22rgb(61,%20133,%20198)%22,%22unvisitedLinkColor%22:%22rgb(61,%20116,%20165)%22,%22fontFamily%22:%22Arial,%20Tahoma,%20Helvetica,%20FreeSans,%20sans-serif%22%7D CertificateIssuerGoogle Trust Services Subject*.blogger.com Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79 ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT
File typeJavaScript source, ASCII text, with very long lines (2402) Size388 kB (388346 bytes) Hash3fad0ba72fdd357b4c2d4730356726d2 c6c03d8d7a43dca4a72c51467c02f55d6ae90e72 7ece2ef6167c5907cf59cd249232a4972ff1398196898f226e157ccbf71798fd
GET /_/scs/mss-static/_/js/k=boq-blogger.BloggerCommentUi.en.oKIMd9HUh2w.es5.O/ck=boq-blogger.BloggerCommentUi.BnO9S1S6xfw.L.F4.O/am=DYABzA/d=1/exm=_b,_tp/excm=_b,_tp,commentformiframeview/ed=1/wt=2/ujg=1/rs=AEy-KP3SZ2TDiTFHfl66VVVJknfv1Fi0gw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=ws9Tlc,n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,byfTOb,lsjVmc,xUdipf,ZDZcre,OTA3Ae,ZwDk9d,RyvaUb,mI3LFb,WO9ee,eD1YLc,gZjhIf,O6y8ed,PrPYRd,MpJwZc,LEikZe,NwH0H,V3dDOb,lazG7b,XVMNvd,L1AAkb,KUM7Z,s39S4,lwddkf,gychg,w9hDv,RMhBfe,SdcwHb,aW3pY,pw70Gc,EFQ78c,Ulmmrd,A7fCU,mdR7q,wmnU7d,xQtZb,JNoxi,MI6k7c,kjKdXe,BVgquf,QIhFr,hKSk3e,hc6Ubd,SpsfSb,Z5uLle,MdUzUe,zbML3c,zr1jrb,Uas9Hd,pjICDe HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/blogger-boq-js-css-signers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="boq-infra/blogger-boq-js-css-signers"
report-to: {"group":"boq-infra/blogger-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/blogger-boq-js-css-signers"}]}
content-length: 135191
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 21 Mar 2025 03:00:52 GMT
expires: Sat, 21 Mar 2026 03:00:52 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 20 Mar 2025 05:08:43 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 147019
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.google.com/recaptcha/api2/anchor?ar=1&k=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu&co=aHR0cHM6Ly93d3cuYmxvZ2dlci5jb206NDQz&hl=en&v=bUO1BXI8H9PgjAPSW9hwuSeI&size=invisible&cb=hnl8na299a3m | 142.250.74.68 | 200 OK | 73 kB |
URL GET www.google.com/recaptcha/api2/anchor?ar=1&k=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu&co=aHR0cHM6Ly93d3cuYmxvZ2dlci5jb206NDQz&hl=en&v=bUO1BXI8H9PgjAPSW9hwuSeI&size=invisible&cb=hnl8na299a3m IP142.250.74.68:443
Requested byhttps://www.blogger.com/comment/frame/3405693820859981231?po=4364866522047349775&hl=en&blogspotRpcToken=6538628#%7B%22color%22:%22rgb(102,%20102,%20102)%22,%22backgroundColor%22:%22rgb(61,%20133,%20198)%22,%22unvisitedLinkColor%22:%22rgb(61,%20116,%20165)%22,%22fontFamily%22:%22Arial,%20Tahoma,%20Helvetica,%20FreeSans,%20sans-serif%22%7D CertificateIssuerGoogle Trust Services Subject*.google.com FingerprintB5:4D:C5:27:B4:49:22:F3:21:DF:88:3D:E6:05:D6:A1:02:98:C7:E2 ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT
File typeHTML document, ASCII text, with very long lines (56645) Hash6eff175f58137bf22054030052b4a3de b01df0e6a494aba066c168a004a3e6868217b314 c4c5ba8d82692186a9342af33b403d8c2d351aea545c4808e98d5d3df75bf075
GET /recaptcha/api2/anchor?ar=1&k=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu&co=aHR0cHM6Ly93d3cuYmxvZ2dlci5jb206NDQz&hl=en&v=bUO1BXI8H9PgjAPSW9hwuSeI&size=invisible&cb=hnl8na299a3m HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}, {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 22 Mar 2025 19:51:12 GMT
content-security-policy: script-src 'nonce-WwHP_rjaz2poeqouOXqhNA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| imageshare.eti.pw/i/af9aa660c4287d4b190003cc5ccbe6ab.jpg | 85.130.81.193 | 200 OK | 23 kB |
URL GET imageshare.eti.pw/i/af9aa660c4287d4b190003cc5ccbe6ab.jpg IP85.130.81.193:443 ASN#13124 A1 Bulgaria EAD
Requested byhttps://ads.eti.pw/300x250banners CertificateIssuerLet's Encrypt Subjecteti.pw Fingerprint39:F1:E5:BF:E3:BF:59:E4:5A:D6:3E:DD:20:31:DA:BC:DA:87:6F:26 ValidityThu, 13 Mar 2025 13:26:20 GMT - Wed, 11 Jun 2025 13:26:19 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x250, components 3 Hashaf9aa660c4287d4b190003cc5ccbe6ab 6b0246fa10a8007d72b812f15d5571a54b926d9a 74f67ab8ed89c832ff46693e801b4007804d05dfd082949d7fece06a665b38b6
GET /i/af9aa660c4287d4b190003cc5ccbe6ab.jpg HTTP/1.1
Host: imageshare.eti.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ads.eti.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:14 GMT
Server: Apache
Last-Modified: Thu, 18 Jan 2024 17:13:49 GMT
ETag: "5821-60f3b7cb1ce1a"
Accept-Ranges: bytes
Content-Length: 22561
Keep-Alive: timeout=5, max=50000
Connection: Keep-Alive
Content-Type: image/jpeg
|
|
| directurl.link/images/39386751_icon.png |  185.26.107.57 | 200 OK | 633 B |
URL GET directurl.link/images/39386751_icon.png IP185.26.107.57:443 ASN#24935 Eurofiber France SAS
Requested byhttps://zerads.com/ad/ad.php?width=468&ref=524 CertificateIssuerLet's Encrypt Subjectdirecturl.link FingerprintBA:AF:CD:75:CA:69:D3:F9:F9:12:16:1E:62:25:CF:CB:24:DE:09:75 ValidityThu, 13 Mar 2025 21:30:28 GMT - Wed, 11 Jun 2025 21:30:27 GMT
File typePNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced Hashe866d373f3711721ba5cb478a4d25a86 0db08f52fba2ab0bcde38da6d131c252bd26ccb3 58eb80fa685f79fb1ab96256b36b9753dd4b2d678f97d1f5b6bfb6b9fe5c3f7c
GET /images/39386751_icon.png HTTP/1.1
Host: directurl.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zerads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 22 Mar 2025 19:51:13 GMT
content-type: image/png
content-length: 633
last-modified: Fri, 03 Jan 2025 06:16:25 GMT
etag: "279-62ac737ed1347"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| sur.ly/stat.php?id=1888&r=26926 | 54.173.41.122 | 200 OK | 43 B |
URL GET sur.ly/stat.php?id=1888&r=26926 IP54.173.41.122:443
Requested byhttps://safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 CertificateIssuerLet's Encrypt Subjectsur.ly Fingerprint1B:0E:89:02:7C:6B:FA:4E:B9:60:89:BE:37:EB:A6:AD:B6:80:88:72 ValiditySun, 23 Feb 2025 17:39:40 GMT - Sat, 24 May 2025 17:39:39 GMT
File typeGIF image data, version 89a, 1 x 1 Hash325472601571f31e1bf00674c368d335 2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /stat.php?id=1888&r=26926 HTTP/1.1
Host: sur.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://safe.sur.ly/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.14.2
date: Sat, 22 Mar 2025 19:51:05 GMT
content-type: image/gif
content-length: 43
x-powered-by: PHP/8.3.16
referrer-policy: origin-when-cross-origin
X-Firefox-Spdy: h2
|
|
| sur.ly/stat.php?id=5893&r=25141 | 54.173.41.122 | 200 OK | 43 B |
URL GET sur.ly/stat.php?id=5893&r=25141 IP54.173.41.122:443
Requested byhttps://safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 CertificateIssuerLet's Encrypt Subjectsur.ly Fingerprint1B:0E:89:02:7C:6B:FA:4E:B9:60:89:BE:37:EB:A6:AD:B6:80:88:72 ValiditySun, 23 Feb 2025 17:39:40 GMT - Sat, 24 May 2025 17:39:39 GMT
File typeGIF image data, version 89a, 1 x 1 Hash325472601571f31e1bf00674c368d335 2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /stat.php?id=5893&r=25141 HTTP/1.1
Host: sur.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://safe.sur.ly/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.14.2
date: Sat, 22 Mar 2025 19:51:05 GMT
content-type: image/gif
content-length: 43
x-powered-by: PHP/8.3.16
referrer-policy: origin-when-cross-origin
X-Firefox-Spdy: h2
|
|
| www.linkslot.ru/uploads/478951bba290a29542e0204fa53f8fc0.gif | 104.21.96.1 | 200 OK | 448 kB |
URL GET www.linkslot.ru/uploads/478951bba290a29542e0204fa53f8fc0.gif IP104.21.96.1:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerGoogle Trust Services Subjectlinkslot.ru Fingerprint0A:9F:00:33:A7:81:5A:68:3E:08:73:80:E1:6C:7F:B7:1E:95:04:47 ValidityWed, 05 Feb 2025 18:17:51 GMT - Tue, 06 May 2025 19:12:32 GMT
File typeGIF image data, version 89a, 468 x 60 Size448 kB (448476 bytes) Hash478951bba290a29542e0204fa53f8fc0 57e10ca08a836228ee1f27687c5f03cc5b837a26 0d14edc1caf086261709d03a4533213ef8e917de2d055b2f8ba81bf623e53f89
GET /uploads/478951bba290a29542e0204fa53f8fc0.gif HTTP/1.1
Host: www.linkslot.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:10 GMT
content-type: image/gif
content-length: 448476
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tgtJaz54r0yoXe7HMEsCu%2B%2FVB10DZpjHPS%2FSDLZlmGnTgoN%2FyDGcunpAYvTzQoW2hzU7WBh1o1jeLfckgCaPBKUs7R5Iu1jWHDN4EIEcHjdGHTT1kssFVGlqeTamPScZ1F0%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Mar 2025 07:48:20 GMT
etag: "67d530c4-6d7dc"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5782
accept-ranges: bytes
cf-ray: 924838e32c69f5b1-AMS
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
|
|
| pastead.com/ban | 162.0.208.108 | 200 OK | 1.9 kB |
IP162.0.208.108:443
Requested byhttps://cryptofaucets.eti.pw/ CertificateIssuerLet's Encrypt Subject*.pastead.com FingerprintE6:EE:6B:13:B5:2C:76:90:A5:1B:F8:D5:51:45:A4:1A:37:6E:A1:8D ValidityMon, 27 Jan 2025 12:58:36 GMT - Sun, 27 Apr 2025 12:58:35 GMT
File typeHTML document, ASCII text, with very long lines (1975), with no line terminators Hashd6cf23af7eadaf855daa33fdb06da650 b23b12a225a8668b2445484a68f29e9b0595e7c5 fe3d523565be0cde5b6572910ddc81babc5e01cbcc007b87cb0af52265fc74b0
GET /ban HTTP/1.1
Host: pastead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptofaucets.eti.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:13 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 748
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| webcounter.eti.pw/styles/96/2.png | 85.130.81.193 | 200 OK | 76 B |
URL GET webcounter.eti.pw/styles/96/2.png IP85.130.81.193:443 ASN#13124 A1 Bulgaria EAD
Requested byhttps://cryptofaucets.eti.pw/ CertificateIssuerLet's Encrypt Subjecteti.pw Fingerprint39:F1:E5:BF:E3:BF:59:E4:5A:D6:3E:DD:20:31:DA:BC:DA:87:6F:26 ValidityThu, 13 Mar 2025 13:26:20 GMT - Wed, 11 Jun 2025 13:26:19 GMT
File typePNG image data, 5 x 7, 1-bit grayscale, non-interlaced Hashba479fe26203d9b97cb18b3bf082537f 0e3f0c9ac681b6246abdd5727f57aad05b8d146c ec2164813e24116c7b0d9fbc893af75714b70dfe349e0436b16f28a493f81e31
GET /styles/96/2.png HTTP/1.1
Host: webcounter.eti.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptofaucets.eti.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:13 GMT
Server: Apache
Last-Modified: Tue, 30 Oct 2001 18:38:46 GMT
ETag: "4c-3918eba3bd980"
Accept-Ranges: bytes
Content-Length: 76
Keep-Alive: timeout=5, max=50000
Connection: Keep-Alive
Content-Type: image/png
|
|
| imgad.llsvr.com/sweden.a.141063.jpg | 104.21.80.1 | 200 OK | 30 kB |
URL GET imgad.llsvr.com/sweden.a.141063.jpg IP104.21.80.1:443
Requested byhttps://llclick.com/9cnxhff7/verytenoi CertificateIssuerGoogle Trust Services Subjectllsvr.com Fingerprint33:05:B0:89:29:B4:C7:19:B9:8C:D3:F7:38:EB:1E:CB:34:26:32:4E ValidityMon, 24 Feb 2025 12:10:45 GMT - Sun, 25 May 2025 13:07:07 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 375x250, components 3 Hashc1852931cae431917349d975d6446bd7 0916da897170e025c6c6d3bd976bc40f9ce15816 4c4679aae7f718f082ea69876bdb5ab4a85a4cff234f3f7215f9c4049f76e25f
GET /sweden.a.141063.jpg HTTP/1.1
Host: imgad.llsvr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llclick.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:07 GMT
content-type: image/jpeg
content-length: 29799
last-modified: Tue, 30 Jul 2024 05:15:21 GMT
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CLUm0WOMVWg0TWb5Sav6gYsK67D3JCo9CEeRPPtQlCX8LVM4tQKvJdr09wXdy7wvW7kL5UlaCymW%2FSxcQKoNxw3Pz7p4uKGGZycTgNu%2FYdkH%2FTMR8odNWrfd0I3PK81ei0Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 924838ca48b9f5ea-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=25126&min_rtt=19600&rtt_var=13181&sent=43&recv=13&lost=0&retrans=0&sent_bytes=50840&recv_bytes=1379&delivery_rate=220731&cwnd=255&unsent_bytes=4032&cid=224ef840a43a66ef&ts=599&x=0"
X-Firefox-Spdy: h2
|
|
| w.leadsleap.com/js.js | 104.26.10.93 | 200 OK | 4.1 kB |
IP104.26.10.93:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerGoogle Trust Services Subjectleadsleap.com Fingerprint10:EA:41:FC:2E:FB:E6:41:B7:72:BE:34:5B:5B:77:F1:F5:D0:15:F0 ValidityWed, 26 Feb 2025 15:57:55 GMT - Tue, 27 May 2025 16:57:50 GMT
File typeJavaScript source, ASCII text, with very long lines (4270), with no line terminators Hash9c21f0177df1d5ece481a070dfddc7ed fa4dc4ca88810c64c92bfc81ffe9b8b14e4f26f7 7c28f5f21cec852ce1d9e44f26fd48856e2e9bee8837a73a609a720632f727a2
GET /js.js HTTP/1.1
Host: w.leadsleap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:09 GMT
content-type: application/javascript
last-modified: Wed, 15 May 2024 01:20:36 GMT
cache-control: max-age=5356800
cf-cache-status: HIT
age: 702
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AKgk%2B8Ff9fsbiIQ6xMZ6g8t5iHU0WFSNQWvu%2F9rv%2BNtHec3%2BryJ%2B2Vz58lBMvxjMEgmmC7RKGZxg7D%2BytyLSJOV69XDN8vD3YuOema6bD6dfFFglKD6UUS4qOf3lcIRvNw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 924838d9af6456a9-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=606&min_rtt=473&rtt_var=243&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3280&recv_bytes=1204&delivery_rate=6591805&cwnd=254&unsent_bytes=0&cid=689c4406ed4a1667&ts=43&x=0"
X-Firefox-Spdy: h2
|
|
| free-btc.org/banner/u=sofiahalbof/size=728x90 |  185.216.13.18 | 200 OK | 4.5 kB |
URL GET free-btc.org/banner/u=sofiahalbof/size=728x90 IP185.216.13.18:443 ASN#44477 Stark Industries Solutions Ltd
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerLet's Encrypt Subjectfree-btc.org FingerprintE5:92:9D:AC:C0:58:BC:5E:7E:65:E8:0C:DB:D7:50:0F:8C:F0:89:28 ValiditySun, 09 Feb 2025 01:08:42 GMT - Sat, 10 May 2025 01:08:41 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (4563), with no line terminators Hash90b2fb6085ece240d67faa9237d52576 ab92e718a0a3fd178eb5f014158958cfb10c9155 0abd272531414e535cdaa9bcc26185d7761ec6fb47d1fa62f6afd6397c166db5
GET /banner/u=sofiahalbof/size=728x90 HTTP/1.1
Host: free-btc.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 22 Mar 2025 19:51:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=fe901a7f59783dcd6845fe474b4086b1; path=/
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| api.fpadserver.com/image?img=66f95323d2677.gif | 104.21.32.41 | 200 OK | 208 kB |
URL GET api.fpadserver.com/image?img=66f95323d2677.gif IP104.21.32.41:443
Requested byhttps://api.fpadserver.com/banner?id=1753&size=728x90 CertificateIssuerGoogle Trust Services Subjectfpadserver.com Fingerprint59:27:DB:35:C6:E3:71:A1:65:B1:1D:AF:8A:AD:89:A8:E7:53:71:F8 ValidityWed, 19 Feb 2025 14:57:31 GMT - Tue, 20 May 2025 15:55:10 GMT
File typeGIF image data, version 89a, 728 x 90 Size208 kB (208451 bytes) Hash31932cffc7e210947d6f0399c49751dc 191f26231b4d1053d37671b27b4cedececbdf833 3c054e64e26cd280727d9dd4275085566cea83a2176deb470881f2ece41af8e5
GET /image?img=66f95323d2677.gif HTTP/1.1
Host: api.fpadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://api.fpadserver.com/banner?id=1753&size=728x90
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:11 GMT
content-type: image/jpeg
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Fu0AClKVciHbVc6HXD2Ej%2BDo0IVi5jnOR1FhkKGdBu%2BBtHhQsRw614BKBa1q9QyGqnkDus3R6MOsEaIwRYOLQbgP3cXTr4wjoqubcPg7H3vm4JI9vw0zTHJTtvxJ3gaWRCpDig%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-allow-headers: *
cache-control: no-cache
x-server: ADS-Server
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
cf-ray: 924838e96901f5bf-AMS
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
|
|
| sur.ly/stat.php?id=5212&r=39785 | 54.173.41.122 | 200 OK | 43 B |
URL GET sur.ly/stat.php?id=5212&r=39785 IP54.173.41.122:443
Requested byhttps://safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 CertificateIssuerLet's Encrypt Subjectsur.ly Fingerprint1B:0E:89:02:7C:6B:FA:4E:B9:60:89:BE:37:EB:A6:AD:B6:80:88:72 ValiditySun, 23 Feb 2025 17:39:40 GMT - Sat, 24 May 2025 17:39:39 GMT
File typeGIF image data, version 89a, 1 x 1 Hash325472601571f31e1bf00674c368d335 2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /stat.php?id=5212&r=39785 HTTP/1.1
Host: sur.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://safe.sur.ly/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.14.2
date: Sat, 22 Mar 2025 19:51:05 GMT
content-type: image/gif
content-length: 43
x-powered-by: PHP/8.3.16
referrer-policy: origin-when-cross-origin
X-Firefox-Spdy: h2
|
|
| use.fontawesome.com/releases/v5.15.4/css/v4-shims.css | 172.67.142.245 | 200 OK | 27 kB |
URL GET use.fontawesome.com/releases/v5.15.4/css/v4-shims.css IP172.67.142.245:443
Requested byhttps://llclick.com/9cnxhff7/verytenoi CertificateIssuerGoogle Trust Services Subjectuse.fontawesome.com Fingerprint35:EC:02:D7:73:13:A8:D4:94:28:42:85:E4:B3:7F:06:4F:C4:1B:CE ValidityThu, 06 Mar 2025 00:21:22 GMT - Wed, 04 Jun 2025 01:21:21 GMT
File typeASCII text, with very long lines (26516) Hasha034d3c71bee546f625877d7932917f8 f217d4ded0bc9f786bd9ba1c09ce88aedbaed76e 8fe2f1cb7bc41c640ad3ea24449cfa1ba5291e16dbbbab0ef61bfe43f3212910
GET /releases/v5.15.4/css/v4-shims.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llclick.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:06 GMT
content-type: text/css
cache-control: max-age=31556926
etag: W/"a034d3c71bee546f625877d7932917f8"
last-modified: Fri, 22 Sep 2023 01:45:24 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 2552331
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lDfYXCZRs9VsxpDhLkC745cu2mZ9WHxT6k1bmrtbx6ZZABTy8oOk7dwNw50KbbQmX6o9L3NjmSudtQoZHrh7jOk6BF1qPK70HSJHdU0AYkoimBXd240Cp%2FnYziUrV6ZrO2O3Wmrg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924838ca6baefba7-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19509&min_rtt=19449&rtt_var=4194&sent=19&recv=10&lost=0&retrans=0&sent_bytes=17016&recv_bytes=1148&delivery_rate=221170&cwnd=253&unsent_bytes=0&cid=8cdaae43dbeabaa2&ts=62&x=0"
X-Firefox-Spdy: h2
|
|
| cryptofaucets.eti.pw/crypto-faucet.png | 85.130.81.193 | 200 OK | 6.8 kB |
URL GET cryptofaucets.eti.pw/crypto-faucet.png IP85.130.81.193:443 ASN#13124 A1 Bulgaria EAD
Requested byhttps://cryptofaucets.eti.pw/ CertificateIssuerLet's Encrypt Subjecteti.pw Fingerprint39:F1:E5:BF:E3:BF:59:E4:5A:D6:3E:DD:20:31:DA:BC:DA:87:6F:26 ValidityThu, 13 Mar 2025 13:26:20 GMT - Wed, 11 Jun 2025 13:26:19 GMT
File typePNG image data, 222 x 158, 8-bit/color RGBA, non-interlaced Hashe13aa83c41c702511b1409aa45508a2f 3cd801816b22dc9e614120b161978ace8c94a063 225a2f12017e87e01656b5dd5c531db1a60f950cd5bad632a3e90b2d5985a7a9
GET /crypto-faucet.png HTTP/1.1
Host: cryptofaucets.eti.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptofaucets.eti.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:11 GMT
Server: Apache
Last-Modified: Thu, 02 Dec 2021 18:40:38 GMT
ETag: "1aad-5d22e2072d0a4"
Accept-Ranges: bytes
Content-Length: 6829
Keep-Alive: timeout=5, max=49999
Connection: Keep-Alive
Content-Type: image/png
|
|
| webtrafbit.ru/js/socket.io.js | 185.105.111.32 | 200 OK | 112 kB |
URL GET webtrafbit.ru/js/socket.io.js IP185.105.111.32:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
File typeJavaScript source, ASCII text, with CRLF line terminators Size112 kB (111756 bytes) Hashf0be21890062da7a4ae4abfce085552a 1ca44ca0b825a674992d09265c78a27fc1f977bc c82d8c7b3b69832306dae2fbc090b4ffa5e2c4a93f7c1a83aa22a0587a0c56c8
GET /js/socket.io.js HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:09 GMT
Content-Type: application/javascript
Last-Modified: Thu, 05 Dec 2024 10:06:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"67517b41-1b48c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000;
Content-Encoding: gzip
|
|
| llsvr.com/imgad/msupplier.a.134532.jpg | 104.21.80.1 | 200 OK | 32 kB |
URL GET llsvr.com/imgad/msupplier.a.134532.jpg IP104.21.80.1:443
Requested byhttps://w.leadsleap.com/php.php?ll_r=sofiahalbof&ll_id=w38245&ll_sr=&ll_f=0&ll_tbo=&ll_hc=%23e22121&ll_tc=%23555a69&ll_cc=%238d9aa6&ll_bc=%23ffffff&ll_dc=%238891a8&ll_w=300&ll_fh=auto&ll_h=250&ll_b=&ll_n=6&ll_fs=&ll_ff=&ll_pa=0&ll_bgc=&ll_s=w&ll_br=&ll_cl=&ll_nc=1&ll_nf=0&ll_nh=0&ll_nm=0&ll_np=1&ll_fo=&ll_no=&ll_so=&ll_nt=0&ll_wt=1&ll_url=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F2021%2F07%2Fblog-post.html&ll_rf=https%3A%2F%2Fllclick.com%2F CertificateIssuerGoogle Trust Services Subjectllsvr.com Fingerprint33:05:B0:89:29:B4:C7:19:B9:8C:D3:F7:38:EB:1E:CB:34:26:32:4E ValidityMon, 24 Feb 2025 12:10:45 GMT - Sun, 25 May 2025 13:07:07 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 375x250, components 3 Hashfc14bd024166a8152d2fadc76a71ef28 ae36f50dcaf69fda9cd184fcb279232de707c569 5734bb67ca148f093f7f0dcbd8a0cba90ec465f3d8c29c5b9d908140949032a0
GET /imgad/msupplier.a.134532.jpg HTTP/1.1
Host: llsvr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://w.leadsleap.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:19 GMT
content-type: image/jpeg
content-length: 32239
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=agxqS8MAVvITDzSXXBjldoG3FEFY5DWR7NAkrlVoJI1Xq99Q2VQgbsyPW7ebxCD0pYvqGdpt60cy10NIpdHQjBT5hucHYjSBMO%2BgmmYmrEzTS7xrEqwYwINrvIs%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 20 Dec 2023 23:26:37 GMT
accept-ranges: bytes
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
cf-ray: 92483918df90f5ba-AMS
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
|
|
| www.blogger.com/dyn-css/authorization.css?targetBlogID=3405693820859981231&zx=20baa96b-9ece-4ce1-b4cf-3a50e4a39d51 | 172.217.21.169 | 200 OK | 1 B |
URL GET www.blogger.com/dyn-css/authorization.css?targetBlogID=3405693820859981231&zx=20baa96b-9ece-4ce1-b4cf-3a50e4a39d51 IP172.217.21.169:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerGoogle Trust Services Subject*.blogger.com Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79 ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT
File typeASCII text, with no line terminators Hash1d78758685e5e2f4efeeb490f8521abd ef7e6794ca9c6a06b54b66f279237fb8daaaeea8 a80e516bfb196e1c48a9acbe39da8fceb6bc82e0d991b8a990b8f3239c7efaed
GET /dyn-css/authorization.css?targetBlogID=3405693820859981231&zx=20baa96b-9ece-4ce1-b4cf-3a50e4a39d51 HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 22 Mar 2025 19:51:09 GMT
last-modified: Sat, 22 Mar 2025 19:51:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 21
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| directurl.link/images/39386751_icon.png | 185.26.107.57 | 200 OK | 633 B |
URL GET directurl.link/images/39386751_icon.png IP185.26.107.57:443 ASN#24935 Eurofiber France SAS
Requested byhttps://zerads.com/ad/ad.php?width=468&ref=524 CertificateIssuerLet's Encrypt Subjectdirecturl.link FingerprintBA:AF:CD:75:CA:69:D3:F9:F9:12:16:1E:62:25:CF:CB:24:DE:09:75 ValidityThu, 13 Mar 2025 21:30:28 GMT - Wed, 11 Jun 2025 21:30:27 GMT
File typePNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced Hashe866d373f3711721ba5cb478a4d25a86 0db08f52fba2ab0bcde38da6d131c252bd26ccb3 58eb80fa685f79fb1ab96256b36b9753dd4b2d678f97d1f5b6bfb6b9fe5c3f7c
GET /images/39386751_icon.png HTTP/1.1
Host: directurl.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zerads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 22 Mar 2025 19:51:13 GMT
content-type: image/png
content-length: 633
last-modified: Fri, 03 Jan 2025 06:16:25 GMT
etag: "279-62ac737ed1347"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| imasdk.googleapis.com/js/sdkloader/ima3.js | 142.250.74.42 | 200 OK | 444 kB |
URL GET imasdk.googleapis.com/js/sdkloader/ima3.js IP142.250.74.42:443
Requested byhttps://free-btc.org/banner/u=sofiahalbof/size=728x90 CertificateIssuerGoogle Trust Services Subjectupload.video.google.com Fingerprint69:99:38:F9:7C:82:8E:AC:7D:DA:EA:3E:1C:E4:7F:52:1B:36:41:AA ValidityMon, 10 Mar 2025 08:37:02 GMT - Mon, 02 Jun 2025 08:37:01 GMT
File typeJavaScript source, ASCII text, with very long lines (2579) Size444 kB (444475 bytes) Hash8efd13654a068d2c3dc044e4d0a16320 9a71760feeccf8b49b47e3cf120b83f2c61fe601 80342cb1003e014b7fa3959610eaebf5164cc24ae8d3563f3e2980eeaf8903e2
GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://free-btc.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 22 Mar 2025 19:51:11 GMT
expires: Sat, 22 Mar 2025 19:51:11 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 3164923972852679594
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 140721
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| bitpayz.me/images/banner/medium.jpg | 104.21.64.1 | 200 OK | 12 kB |
URL GET bitpayz.me/images/banner/medium.jpg IP104.21.64.1:443
Requested byhttps://zerads.com/ad/ad.php?width=468&ref=524 CertificateIssuerGoogle Trust Services Subjectbitpayz.me Fingerprint6F:A5:35:CD:26:23:0E:12:B0:3E:8E:3E:2C:61:B4:46:56:4C:98:83 ValidityFri, 07 Feb 2025 06:05:10 GMT - Thu, 08 May 2025 07:03:30 GMT
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 468x60, components 3 Hash497fe8cf604fbce7a7bc60ab892ebb35 dbfc5fe9b4816c31c6f457e5f4017f1164335382 c4c21ff678f442b304b0ca4683ad011ba4026c34ce6cb43abad559bf5599f927
GET /images/banner/medium.jpg HTTP/1.1
Host: bitpayz.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zerads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:13 GMT
content-type: image/jpeg
content-length: 11602
cache-control: public, max-age=31536000
expires: Tue, 17 Feb 2026 10:45:51 GMT
last-modified: Fri, 20 Sep 2024 14:56:46 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 2883922
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ifg6Ore8W6T9OreLMhXN%2BELms8Iw27dno%2B9c7hzKFrLv0bYPbbp94V0iOnvVw2jbOjRZYamH2Q9ryXLVjE6ZNY0SkLFxtgUEsFlB%2FKTvBN%2FL2iNfNDfPgYi1T5o5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 924838f26db6fb89-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19734&min_rtt=19702&rtt_var=3167&sent=6&recv=10&lost=0&retrans=0&sent_bytes=3269&recv_bytes=1208&delivery_rate=219849&cwnd=182&unsent_bytes=0&cid=9b0fe57fda702c8d&ts=84&x=0"
X-Firefox-Spdy: h2
|
|
| webtrafbit.ru/img/lang/lang__en.png | 185.105.111.32 | 200 OK | 1.2 kB |
URL GET webtrafbit.ru/img/lang/lang__en.png IP185.105.111.32:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
File typePNG image data, 22 x 15, 8-bit/color RGBA, non-interlaced Hash20000a1e2f493b2543950b265768d357 4085d759033dadd435717518d4e3f97384cdf9b0 270665a3d97e7d35e67813df4aef7c8dd7a31ba1795c72568a74e796337aa193
GET /img/lang/lang__en.png HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:10 GMT
Content-Type: image/png
Content-Length: 1237
Last-Modified: Thu, 05 Dec 2024 10:07:24 GMT
Connection: keep-alive
ETag: "67517b5c-4d5"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
|
|
| themes.googleusercontent.com/image?id=0BwVBOzw_-hbMMDZjM2Q4YjctMTY2OC00ZGU2LWJjZDYtODVjOGRiOThlMGQ3 | 142.250.74.33 | 200 OK | 43 kB |
URL GET themes.googleusercontent.com/image?id=0BwVBOzw_-hbMMDZjM2Q4YjctMTY2OC00ZGU2LWJjZDYtODVjOGRiOThlMGQ3 IP142.250.74.33:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerGoogle Trust Services Subject*.googleusercontent.com Fingerprint76:FD:48:21:91:D7:93:F0:95:A3:DA:6B:29:ED:D2:2A:3F:D2:DD:38 ValidityMon, 10 Mar 2025 08:36:57 GMT - Mon, 02 Jun 2025 08:36:56 GMT
File typePNG image data, 1515 x 971, 8-bit/color RGBA, non-interlaced Hash05d2738b4dc90530c7cfab2ec6a780bd f156f3f4d6b41803bcb8704a01e38623098f09af 919e34ec42b0b8a6f9754b9e33f9faba1c20a79bc151cc03009fc0e2bb17a922
GET /image?id=0BwVBOzw_-hbMMDZjM2Q4YjctMTY2OC00ZGU2LWJjZDYtODVjOGRiOThlMGQ3 HTTP/1.1
Host: themes.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
etag: "v1"
expires: Sun, 23 Mar 2025 19:51:10 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
x-content-type-options: nosniff
date: Sat, 22 Mar 2025 19:51:10 GMT
server: fife
content-length: 42869
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.420aGcKD8sw.L.F4.O/am=AAY/d=0/rs=AN8SPfpDPomKLlRjz0jYgLjosyLSbUir8w/m=el_main_css | 142.250.74.99 | 200 OK | 20 kB |
URL GET www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.420aGcKD8sw.L.F4.O/am=AAY/d=0/rs=AN8SPfpDPomKLlRjz0jYgLjosyLSbUir8w/m=el_main_css IP142.250.74.99:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerGoogle Trust Services Subject*.gstatic.com Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT
File typeASCII text, with very long lines (20367), with no line terminators Hash72d3a735ccca1027f6b3afba2c93e3a7 67f8eff8d17334c59c28fc1753bf451527c7490d c8c845f55e2346b89894ce0df8185ee182359e096bf29987d5cf1f8a7391bef1
GET /_/translate_http/_/ss/k=translate_http.tr.420aGcKD8sw.L.F4.O/am=AAY/d=0/rs=AN8SPfpDPomKLlRjz0jYgLjosyLSbUir8w/m=el_main_css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 3960
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 09:15:37 GMT
expires: Fri, 20 Mar 2026 09:15:37 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 25 Feb 2025 22:10:27 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
age: 210933
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| nanswap.com/logo/XNO.svg | 104.21.95.229 | 200 OK | 479 B |
IP104.21.95.229:443
Requested byhttps://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy CertificateIssuerGoogle Trust Services Subjectnanswap.com Fingerprint94:2A:7A:41:6D:BF:DA:41:BF:1A:3F:68:DF:5E:9F:40:4E:7C:CC:49 ValiditySat, 08 Feb 2025 13:38:27 GMT - Fri, 09 May 2025 14:36:29 GMT
File typeSVG Scalable Vector Graphics image Hashab594e63a424308c9b663a4f5e1fac70 44b6a2e7827713fa3e013cd7c10aa779f04018ad 4957ae19988e050abecc01ad8c6ff7d99d5a76ad6f805ffc30da706144ced4aa
GET /logo/XNO.svg HTTP/1.1
Host: nanswap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:12 GMT
content-type: image/svg+xml
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dUPdK%2F4hef4QwwShCqUESEuFDJ96ACDD4EiRZ0hQ3HHGpGlxzkQLCCFzI7DKg1YfIjiTsjCPpqH3NsM0ye0DkUPwzJuaX2M98Qzl7QoVmFmdQm%2BULfgsnOYEhndiXw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=14400, s-maxage=60, stale-while-revalidate=300
last-modified: Mon, 01 May 2023 01:21:22 GMT
etag: W/"1df-187d4e66968"
vary: Accept-Encoding
cf-cache-status: EXPIRED
content-encoding: br
cf-ray: 924838ee2e0af5b0-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400
|
|
| zerads.com/ad/ad.php?width=468&ref=7565 | 162.0.208.108 | 200 OK | 1.5 kB |
URL GET zerads.com/ad/ad.php?width=468&ref=7565 IP162.0.208.108:443
CertificateIssuerLet's Encrypt Subjectzerads.com Fingerprint84:5E:29:60:A2:00:90:F8:0F:6F:92:69:02:8F:0A:EB:BB:5A:17:CA ValidityThu, 20 Mar 2025 00:58:45 GMT - Wed, 18 Jun 2025 00:58:44 GMT
File typeHTML document, ASCII text, with very long lines (1590), with no line terminators Hash0e223fb5c7312c16ba490a214c73345e 4406f40d197df93e0019d3f6ad031831500b1ecd 38228a3fd41d40b73613533034a5e290a67a664529b993c0ff4f1993c13669cd
GET /ad/ad.php?width=468&ref=7565 HTTP/1.1
Host: zerads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pastead.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:13 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 699
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js | 151.101.65.229 | 200 OK | 2.1 kB |
URL GET cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js IP151.101.65.229:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT
File typeJavaScript source, ASCII text, with very long lines (2171), with no line terminators Hash5d29940309296e361167aee4bbb204f8 27d562f284a6538ebd03b1c96960dcea8bd4733f 40130a4d0efe0a53c3d75737e22e1e1278739307c9420e2e54a3783dcfc4582d
GET /npm/js-cookie@2/src/js.cookie.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.2.1
x-jsd-version-type: version
etag: W/"848-eCpL/NpO2wJcJLidpoZh2cYW9O4"
content-encoding: br
accept-ranges: bytes
date: Sat, 22 Mar 2025 19:51:09 GMT
age: 7302
x-served-by: cache-fra-eddf8230099-FRA, cache-hel1410021-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1060
X-Firefox-Spdy: h2
|
|
| free-btc.org/files/js/jquery.min.js | 185.216.13.18 | 200 OK | 90 kB |
URL GET free-btc.org/files/js/jquery.min.js IP185.216.13.18:443 ASN#44477 Stark Industries Solutions Ltd
Requested byhttps://free-btc.org/banner/u=sofiahalbof/size=728x90 CertificateIssuerLet's Encrypt Subjectfree-btc.org FingerprintE5:92:9D:AC:C0:58:BC:5E:7E:65:E8:0C:DB:D7:50:0F:8C:F0:89:28 ValiditySun, 09 Feb 2025 01:08:42 GMT - Sat, 10 May 2025 01:08:41 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /files/js/jquery.min.js HTTP/1.1
Host: free-btc.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://free-btc.org/banner/u=sofiahalbof/size=728x90
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 22 Mar 2025 19:51:10 GMT
Content-Type: application/javascript
Last-Modified: Mon, 20 Dec 2021 12:24:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"61c07618-15d9d"
Expires: Sun, 23 Mar 2025 19:51:10 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
|
|
| ad.a-ads.com/2370867?size=300x250 |  78.46.32.91 | 200 OK | 14 kB |
URL GET ad.a-ads.com/2370867?size=300x250 IP78.46.32.91:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://ad2bitcoin.com/ad.php?ref=sofiahalbof&width=300 CertificateIssuerSectigo Limited Subject*.a-ads.com Fingerprint29:38:CF:C5:B7:11:ED:58:BF:D9:11:7B:D8:5E:88:8A:48:33:9A:23 ValiditySun, 05 Jan 2025 00:00:00 GMT - Tue, 09 Dec 2025 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (11031) Hashf8c0cab077e19705c3bdcfcd61695083 dc8fc7984a641b2647db5f2e2dc1e21752ecd3ed 2c33d313784df520a7670941fddd7858781bd2d53332a1569a962ff851fe849a
GET /2370867?size=300x250 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad2bitcoin.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 22 Mar 2025 19:51:12 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://ad2bitcoin.com/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cashclix.ru/banner/468x60_3.gif | 104.21.32.1 | 200 OK | 433 kB |
URL GET cashclix.ru/banner/468x60_3.gif IP104.21.32.1:443
Requested byhttps://zerads.com/ad/ad.php?width=468&ref=524 CertificateIssuerGoogle Trust Services Subjectcashclix.ru FingerprintBE:52:B8:7C:6A:86:25:A5:EA:25:CF:36:DD:31:18:A0:C8:A0:29:52 ValidityFri, 07 Mar 2025 16:16:15 GMT - Thu, 05 Jun 2025 17:14:55 GMT
File typeGIF image data, version 89a, 468 x 60 Size433 kB (433077 bytes) Hash6dd2fd4faabf0aac39d1785b28797655 cb242e4f829016d0f7d0c717400289bde02a74bb 01d2090683e2a9335e478f61f1ec115c5d12e6f3593cef5820c072974d57a1fb
GET /banner/468x60_3.gif HTTP/1.1
Host: cashclix.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zerads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:13 GMT
content-type: image/gif
content-length: 433077
last-modified: Sun, 26 Jan 2025 10:09:34 GMT
etag: "679609de-69bb5"
expires: Wed, 26 Mar 2025 01:40:12 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 2311860
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1WtT8MQgGwnsJmzzAJZD0zNl5caOFdonWGwb7awckkB2ejPyP8Kk3ePdzlCASaoPHl2inOBbxsntjIn7QQwmaAO%2FTF7%2F3PNH8shj5iaXyWRINv%2Be7jYOQi6exKWpZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 924838f25bb9f5b9-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20255&min_rtt=19522&rtt_var=4519&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3218&recv_bytes=1132&delivery_rate=220765&cwnd=163&unsent_bytes=0&cid=84fb037dca151d8a&ts=73&x=0"
X-Firefox-Spdy: h2
|
|
| api.nanswap.com/get-limits?from=XNO&to=BAN | 51.15.19.228 | 200 OK | 62 B |
URL GET api.nanswap.com/get-limits?from=XNO&to=BAN IP51.15.19.228:443 ASN#12876 Scaleway S.a.s.
Requested byhttps://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy CertificateIssuerLet's Encrypt Subjectapi.nanswap.com Fingerprint25:45:A7:50:D8:1A:25:89:A7:B5:32:27:BC:2E:62:3F:75:24:25:69 ValidityWed, 12 Feb 2025 02:49:45 GMT - Tue, 13 May 2025 02:49:44 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash7e0062ac532afc48d5094aef558f073e 95992f91ac66d80d16f4484775dd28c4d0ed366b d5910cf9d5b83d50c891289c81bc7627423f1bd856d769547dbbdc3b6abde2c1
GET /get-limits?from=XNO&to=BAN HTTP/1.1
Host: api.nanswap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nanswap.com/
Origin: https://nanswap.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Sat, 22 Mar 2025 19:51:13 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
RateLimit-Limit: 180
RateLimit-Remaining: 177
RateLimit-Reset: 22
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Access-Control-Allow-Headers: X-Requested-With, content-type, csrf-token
Access-Control-Allow-Credentials: true
ETag: W/"3e-NF/I5H6IS2sUr86NsJW3rv/5KvQ"
Access-Control-Allow-Origin: https://nanswap.com
Content-Encoding: gzip
|
|
| w.leadsleap.com/php.php?ll_r=sofiahalbof&ll_id=w38245&ll_sr=&ll_f=0&ll_tbo=&ll_hc=%23e22121&ll_tc=%23555a69&ll_cc=%238d9aa6&ll_bc=%23ffffff&ll_dc=%238891a8&ll_w=300&ll_fh=auto&ll_h=250&ll_b=&ll_n=6&ll_fs=&ll_ff=&ll_pa=0&ll_bgc=&ll_s=w&ll_br=&ll_cl=&ll_nc=1&ll_nf=0&ll_nh=0&ll_nm=0&ll_np=1&ll_fo=&ll_no=&ll_so=&ll_nt=0&ll_wt=1&ll_url=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F2021%2F07%2Fblog-post.html&ll_rf=https%3A%2F%2Fllclick.com%2F | 104.26.10.93 | 200 OK | 20 kB |
URL GET w.leadsleap.com/php.php?ll_r=sofiahalbof&ll_id=w38245&ll_sr=&ll_f=0&ll_tbo=&ll_hc=%23e22121&ll_tc=%23555a69&ll_cc=%238d9aa6&ll_bc=%23ffffff&ll_dc=%238891a8&ll_w=300&ll_fh=auto&ll_h=250&ll_b=&ll_n=6&ll_fs=&ll_ff=&ll_pa=0&ll_bgc=&ll_s=w&ll_br=&ll_cl=&ll_nc=1&ll_nf=0&ll_nh=0&ll_nm=0&ll_np=1&ll_fo=&ll_no=&ll_so=&ll_nt=0&ll_wt=1&ll_url=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F2021%2F07%2Fblog-post.html&ll_rf=https%3A%2F%2Fllclick.com%2F IP104.26.10.93:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerGoogle Trust Services Subjectleadsleap.com Fingerprint10:EA:41:FC:2E:FB:E6:41:B7:72:BE:34:5B:5B:77:F1:F5:D0:15:F0 ValidityWed, 26 Feb 2025 15:57:55 GMT - Tue, 27 May 2025 16:57:50 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /php.php?ll_r=sofiahalbof&ll_id=w38245&ll_sr=&ll_f=0&ll_tbo=&ll_hc=%23e22121&ll_tc=%23555a69&ll_cc=%238d9aa6&ll_bc=%23ffffff&ll_dc=%238891a8&ll_w=300&ll_fh=auto&ll_h=250&ll_b=&ll_n=6&ll_fs=&ll_ff=&ll_pa=0&ll_bgc=&ll_s=w&ll_br=&ll_cl=&ll_nc=1&ll_nf=0&ll_nh=0&ll_nm=0&ll_np=1&ll_fo=&ll_no=&ll_so=&ll_nt=0&ll_wt=1&ll_url=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F2021%2F07%2Fblog-post.html&ll_rf=https%3A%2F%2Fllclick.com%2F HTTP/1.1
Host: w.leadsleap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:18 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BjRBDe3KZhHbfRyfsyDdW5Q5tEBZissvQpT9Mv669Xv3VOgijIda%2F2I7KabcMsQHU%2BwqW3FgYAdT3eJCnu2nFyvpgnK0c9obvxnshpA4b49h4v6kKoRsWSjP%2F4c%2Fb%2F%2F1yQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924839159d9e56a9-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=6302&min_rtt=473&rtt_var=11546&sent=11&recv=13&lost=0&retrans=0&sent_bytes=5552&recv_bytes=1695&delivery_rate=6591805&cwnd=257&unsent_bytes=0&cid=689c4406ed4a1667&ts=9948&x=0"
X-Firefox-Spdy: h2
|
|
| www.3x3x3.biz/click.php?id=1388 | 69.10.58.85 | 302 Moved Temporarily | 7.6 kB |
URL GET www.3x3x3.biz/click.php?id=1388 IP69.10.58.85:443
Requested byhttps://myadboardtraffic.com/click.php?id=41094 CertificateIssuerLet's Encrypt Subject*.3x3x3.biz FingerprintE5:3D:1B:67:C8:78:05:3D:FF:BB:FC:54:94:C1:39:D0:AB:43:F0:A7 ValiditySun, 23 Feb 2025 00:17:54 GMT - Sat, 24 May 2025 00:17:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click.php?id=1388 HTTP/1.1
Host: www.3x3x3.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://myadboardtraffic.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: frame
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Date: Sat, 22 Mar 2025 19:51:05 GMT
Server: Apache
Content-Encoding: gzip
Vary: Accept-Encoding
Location: https://llclick.com/9cnxhff7/verytenoi
Keep-Alive: timeout=35, max=5000
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
|
|
| sharemyads.com/view/468/fv.php?size=1&ison=1&user=24687&vt=6&dref=https://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html&scrw=1280&scrh=1024×tamp=1742673069604 | 170.249.194.154 | 200 OK | 1.9 kB |
URL GET sharemyads.com/view/468/fv.php?size=1&ison=1&user=24687&vt=6&dref=https://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html&scrw=1280&scrh=1024×tamp=1742673069604 IP170.249.194.154:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerLet's Encrypt Subjectmail.sharemyads.com FingerprintFC:E0:4A:23:95:FC:F1:24:F6:72:90:D0:8F:D5:B0:A1:93:14:97:5C ValidityTue, 04 Feb 2025 12:14:52 GMT - Mon, 05 May 2025 12:14:51 GMT
File typeHTML document, ASCII text, with very long lines (1918), with no line terminators Hashc54516291840d0e4c0f26ae56481d537 e6acdc3382ad65ffd2a55f546839406b55b1d024 57b5f4b94032d790a0ecd66571b72b07966d07e0b1a30805b5976ea8a8393d2c
GET /view/468/fv.php?size=1&ison=1&user=24687&vt=6&dref=https://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html&scrw=1280&scrh=1024×tamp=1742673069604 HTTP/1.1
Host: sharemyads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:09 GMT
server: Apache/2
cache-control: private, must-revalidate
expires: Mon, 21 Apr 2025 19:51:09 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
x-xss-protection: 1; mode=block
content-length: 938
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/npm/bootstrap-icons@1.6.0/font/bootstrap-icons.css | 151.101.65.229 | 200 OK | 67 kB |
URL GET cdn.jsdelivr.net/npm/bootstrap-icons@1.6.0/font/bootstrap-icons.css IP151.101.65.229:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT
Hashc5318bec20b21ee0d4a90a7a34954133 6d0e5b436f5c2659aeb60dbd35c6da285b87eb50 c48f6cbf13cd80834632e35ce93e29818e50377f39965009b68cb3b9fdeb71b2
GET /npm/bootstrap-icons@1.6.0/font/bootstrap-icons.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 1.6.0
x-jsd-version-type: version
etag: W/"106d9-bQ5bQ29cJlmutg29NcbaKFuH61A"
content-encoding: br
accept-ranges: bytes
date: Sat, 22 Mar 2025 19:51:10 GMT
age: 2217419
x-served-by: cache-fra-eddf8230038-FRA, cache-hel1410021-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 9094
X-Firefox-Spdy: h2
|
|
| www.blogger.com/_/scs/mss-static/_/js/k=boq-blogger.BloggerCommentUi.en.oKIMd9HUh2w.es5.O/ck=boq-blogger.BloggerCommentUi.BnO9S1S6xfw.L.F4.O/am=DYABzA/d=1/exm=A7fCU,BVgquf,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,LvGhrf,MI6k7c,MdUzUe,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,P6sQOc,PrPYRd,QIhFr,RMhBfe,RqjULd,RyvaUb,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VXdfxd,WO9ee,XVMNvd,YwHGTd,Z5uLle,ZDZcre,ZwDk9d,_b,_tp,aW3pY,byfTOb,e5qFLc,eD1YLc,fgib1c,gZjhIf,gychg,hKSk3e,hc6Ubd,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,p3hmRc,pjICDe,pw70Gc,pxq3x,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,zbML3c,zr1jrb/excm=_b,_tp,commentformiframeview/ed=1/wt=2/ujg=1/rs=AEy-KP3SZ2TDiTFHfl66VVVJknfv1Fi0gw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=Wt6vjf,hhhU8,FCpbqb,WhJNk | 172.217.21.169 | 200 OK | 3.3 kB |
URL GET www.blogger.com/_/scs/mss-static/_/js/k=boq-blogger.BloggerCommentUi.en.oKIMd9HUh2w.es5.O/ck=boq-blogger.BloggerCommentUi.BnO9S1S6xfw.L.F4.O/am=DYABzA/d=1/exm=A7fCU,BVgquf,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,LvGhrf,MI6k7c,MdUzUe,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,P6sQOc,PrPYRd,QIhFr,RMhBfe,RqjULd,RyvaUb,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VXdfxd,WO9ee,XVMNvd,YwHGTd,Z5uLle,ZDZcre,ZwDk9d,_b,_tp,aW3pY,byfTOb,e5qFLc,eD1YLc,fgib1c,gZjhIf,gychg,hKSk3e,hc6Ubd,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,p3hmRc,pjICDe,pw70Gc,pxq3x,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,zbML3c,zr1jrb/excm=_b,_tp,commentformiframeview/ed=1/wt=2/ujg=1/rs=AEy-KP3SZ2TDiTFHfl66VVVJknfv1Fi0gw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=Wt6vjf,hhhU8,FCpbqb,WhJNk IP172.217.21.169:443
Requested byhttps://www.blogger.com/comment/frame/3405693820859981231?po=4364866522047349775&hl=en&blogspotRpcToken=6538628#%7B%22color%22:%22rgb(102,%20102,%20102)%22,%22backgroundColor%22:%22rgb(61,%20133,%20198)%22,%22unvisitedLinkColor%22:%22rgb(61,%20116,%20165)%22,%22fontFamily%22:%22Arial,%20Tahoma,%20Helvetica,%20FreeSans,%20sans-serif%22%7D CertificateIssuerGoogle Trust Services Subject*.blogger.com Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79 ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT
File typeJavaScript source, ASCII text, with very long lines (3446), with no line terminators Hashc4af3a154682a18b5905c7a68a836141 dd79d1f36b389f96bf65eff0540dbb786625cd83 7838395a0c6737e3dedcd69c53e48a1cfa8c1cb7e4e81c3cafc4a49a57727cc6
GET /_/scs/mss-static/_/js/k=boq-blogger.BloggerCommentUi.en.oKIMd9HUh2w.es5.O/ck=boq-blogger.BloggerCommentUi.BnO9S1S6xfw.L.F4.O/am=DYABzA/d=1/exm=A7fCU,BVgquf,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,LvGhrf,MI6k7c,MdUzUe,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,P6sQOc,PrPYRd,QIhFr,RMhBfe,RqjULd,RyvaUb,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VXdfxd,WO9ee,XVMNvd,YwHGTd,Z5uLle,ZDZcre,ZwDk9d,_b,_tp,aW3pY,byfTOb,e5qFLc,eD1YLc,fgib1c,gZjhIf,gychg,hKSk3e,hc6Ubd,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,p3hmRc,pjICDe,pw70Gc,pxq3x,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,zbML3c,zr1jrb/excm=_b,_tp,commentformiframeview/ed=1/wt=2/ujg=1/rs=AEy-KP3SZ2TDiTFHfl66VVVJknfv1Fi0gw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=Wt6vjf,hhhU8,FCpbqb,WhJNk HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/blogger-boq-js-css-signers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="boq-infra/blogger-boq-js-css-signers"
report-to: {"group":"boq-infra/blogger-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/blogger-boq-js-css-signers"}]}
content-length: 1590
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 21 Mar 2025 03:01:33 GMT
expires: Sat, 21 Mar 2026 03:01:33 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 20 Mar 2025 05:08:43 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 146980
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| trafficadbar.com/bar/page.php?a=sofiahalbof&b=252&c=90&e=%23ffffff&f=%23AC0101&g=%23f8f8f8&h=%23000000&i=%237c8e06&d=https%3A//sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html&ref1=https%3A//llclick.com/&stg=2&ww=252&wh=90&ref=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F | 3.229.155.117 | 302 Found | 1.2 kB |
URL GET trafficadbar.com/bar/page.php?a=sofiahalbof&b=252&c=90&e=%23ffffff&f=%23AC0101&g=%23f8f8f8&h=%23000000&i=%237c8e06&d=https%3A//sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html&ref1=https%3A//llclick.com/&stg=2&ww=252&wh=90&ref=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F IP3.229.155.117:443
Requested byhttps://trafficadbar.com/bar/page.php?a=sofiahalbof&b=252&c=90&e=%23ffffff&f=%23AC0101&g=%23f8f8f8&h=%23000000&i=%237c8e06&d=https%3A//sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html&ref1=https%3A//llclick.com/ CertificateIssuerAmazon Subjecttrafficadbar.com Fingerprint4A:C5:E8:C2:D5:BE:F7:04:3C:95:C0:E9:E0:CF:50:81:F5:34:41:D9 ValidityFri, 30 Aug 2024 00:00:00 GMT - Sat, 27 Sep 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bar/page.php?a=sofiahalbof&b=252&c=90&e=%23ffffff&f=%23AC0101&g=%23f8f8f8&h=%23000000&i=%237c8e06&d=https%3A//sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html&ref1=https%3A//llclick.com/&stg=2&ww=252&wh=90&ref=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F HTTP/1.1
Host: trafficadbar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://trafficadbar.com/bar/page.php?a=sofiahalbof&b=252&c=90&e=%23ffffff&f=%23AC0101&g=%23f8f8f8&h=%23000000&i=%237c8e06&d=https%3A//sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html&ref1=https%3A//llclick.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Sat, 22 Mar 2025 19:51:09 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.26.1
set-cookie: sou=eyJyIjoiaHR0cHM6XC9cL3NvZmlhaGFsYm9mYW5pbWV3b3JsZC5ibG9nc3BvdC5jb21cLzIwMjFcLzA3XC9ibG9nLXBvc3QuaHRtbCIsInUiOiJzb2ZpYWhhbGJvZiJ9; expires=Mon, 21-Apr-2025 19:51:09 GMT; Max-Age=2592000; secure; SameSite=None
location: /bar/page2.php?a=sofiahalbof&b=252&c=90&d=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F2021%2F07%2Fblog-post.html&e=%23ffffff&f=%23AC0101&g=%23f8f8f8&h=%23000000&i=%237c8e06&ref1=https%3A%2F%2Fllclick.com%2F&stg=2&ww=252&wh=90&ref=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F
X-Firefox-Spdy: h2
|
|
| adslinks.ru/img/buyb.png | 172.67.150.197 | 200 OK | 2.2 kB |
IP172.67.150.197:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerGoogle Trust Services Subjectadslinks.ru FingerprintE5:AB:5F:73:2A:B4:51:A1:F2:CD:78:BA:7B:6F:34:6F:3D:10:FB:4C ValidityMon, 03 Mar 2025 08:33:04 GMT - Sun, 01 Jun 2025 09:30:26 GMT
File typePNG image data, 130 x 16, 8-bit/color RGBA, non-interlaced Hash42d9cb7ef6aaa706d6ee50727e66facd 8d19638ad3b880c78b8d65c0db9a042048dd0495 e2e6be0c95e9a6c9a34386d0ef160d3336be6d918a304605da107a6497bb3b7a
GET /img/buyb.png HTTP/1.1
Host: adslinks.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:10 GMT
content-type: image/png
content-length: 2221
last-modified: Wed, 05 Mar 2025 10:38:00 GMT
etag: "67c82988-8ad"
alt-svc: h3=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: HIT
age: 227
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=84UcRx6%2BiG6KqJI2Ormkyar2Ymd863e6FdNOOPl8ah7uXXXZ5ig1RLuolWzh1o3jdwX1hjYAbKCUea4ddtczo%2BCblljJd3B9qDXb89cetyNpZo1oFzKjF7FbK4%2Bm%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 924838e31a7bfba1-AMS
server-timing: cfL4;desc="?proto=QUIC&rtt=22656&min_rtt=20934&rtt_var=9080&sent=11&recv=7&lost=0&retrans=0&sent_bytes=4092&recv_bytes=1398&delivery_rate=30666&cwnd=12000&unsent_bytes=0&cid=2a122c196912ecf7&ts=356&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| trafficadbar.com/assets/home_logo_88.png | 3.229.155.117 | 200 OK | 2.2 kB |
URL GET trafficadbar.com/assets/home_logo_88.png IP3.229.155.117:443
Requested byhttps://trafficadbar.com/bar/page2.php?a=sofiahalbof&b=252&c=90&d=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F2021%2F07%2Fblog-post.html&e=%23ffffff&f=%23AC0101&g=%23f8f8f8&h=%23000000&i=%237c8e06&ref1=https%3A%2F%2Fllclick.com%2F&stg=2&ww=252&wh=90&ref=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F CertificateIssuerAmazon Subjecttrafficadbar.com Fingerprint4A:C5:E8:C2:D5:BE:F7:04:3C:95:C0:E9:E0:CF:50:81:F5:34:41:D9 ValidityFri, 30 Aug 2024 00:00:00 GMT - Sat, 27 Sep 2025 23:59:59 GMT
File typePNG image data, 88 x 20, 8-bit/color RGB, non-interlaced Hashe32231d6c050d289b4abc24163617287 b3185ea592a78f28ad8543388156af875fce42e0 2c15259de59047326d7db87fbe6911873f8ef8e7ae27fd52a78cb626cd6e9a9e
GET /assets/home_logo_88.png HTTP/1.1
Host: trafficadbar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://trafficadbar.com/bar/page2.php?a=sofiahalbof&b=252&c=90&d=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F2021%2F07%2Fblog-post.html&e=%23ffffff&f=%23AC0101&g=%23f8f8f8&h=%23000000&i=%237c8e06&ref1=https%3A%2F%2Fllclick.com%2F&stg=2&ww=252&wh=90&ref=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:10 GMT
content-type: image/png
server: nginx/1.26.1
last-modified: Sun, 21 Jul 2024 12:41:40 GMT
vary: Accept-Encoding
etag: W/"669d0204-881"
expires: Wed, 21 May 2025 19:51:10 GMT
pragma: public
cache-control: max-age=5184000, public
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| apis.google.com/js/platform.js | 142.250.74.110 | 200 OK | 64 kB |
URL GET apis.google.com/js/platform.js IP142.250.74.110:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerGoogle Trust Services Subject*.apis.google.com Fingerprint0F:74:56:17:68:7A:52:CA:F8:05:9C:EC:1E:6E:4C:12:3A:9A:6C:A9 ValidityMon, 10 Mar 2025 08:37:51 GMT - Mon, 02 Jun 2025 08:37:50 GMT
File typeJavaScript source, ASCII text, with very long lines (1863) Hasha10d5d12a3e433e8e5f7babdf44869d0 24fcca2e68f5484023728989d7b09bfa10bff9e1 31caaf7eba748feb06dfcf722f5e4a466bb3522ee596443b8ba6a63d2876e25f
GET /js/platform.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 24165
date: Sat, 22 Mar 2025 19:51:09 GMT
expires: Sat, 22 Mar 2025 19:51:09 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "43cfb061bc5ea6c2"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| video.agenteimmobiliare.info/d-video.js?b=31 | 104.21.112.1 | 200 OK | 94 kB |
URL GET video.agenteimmobiliare.info/d-video.js?b=31 IP104.21.112.1:443
Requested byhttps://free-btc.org/banner/u=sofiahalbof/size=728x90 CertificateIssuerGoogle Trust Services Subjectagenteimmobiliare.info Fingerprint65:CE:B5:B3:06:6A:E6:66:55:C1:49:E1:0A:97:6C:C4:F2:DA:85:50 ValiditySat, 08 Mar 2025 10:05:37 GMT - Fri, 06 Jun 2025 11:03:43 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /d-video.js?b=31 HTTP/1.1
Host: video.agenteimmobiliare.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://free-btc.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:10 GMT
content-type: application/javascript
last-modified: Thu, 06 Jun 2024 11:00:31 GMT
etag: W/"666196cf-170ee"
age: 7155
cache-control: max-age=14400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ohpMh2x8yf3u0GSJu8RgKop0ohqXX9SBfdaucQyVpPcQwNmjA3Gv6bDStLnd6uZw5TgG5feRaA4jFTBIfaWjpTEdMvx79v%2BUTVQMsRkbbNJVRs9CUHqB89bhvdkJa17DwNAsVOejeE6EMglj7CoN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 924838e4ed10fb83-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=24724&min_rtt=19496&rtt_var=13482&sent=9&recv=12&lost=0&retrans=1&sent_bytes=3321&recv_bytes=1127&delivery_rate=222723&cwnd=229&unsent_bytes=0&cid=989edd877a082f12&ts=137&x=0"
X-Firefox-Spdy: h2
|
|
| cdn.sur.ly/surly/images/platforms/jml.png | 188.114.97.1 | 200 OK | 11 kB |
URL GET cdn.sur.ly/surly/images/platforms/jml.png IP188.114.97.1:443
Requested byhttps://safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 CertificateIssuerGoogle Trust Services Subjectsur.ly Fingerprint17:2E:23:F4:D1:D3:72:DA:15:57:5C:15:19:57:02:1C:54:E7:BF:EA ValidityWed, 29 Jan 2025 22:49:29 GMT - Tue, 29 Apr 2025 23:47:50 GMT
File typePNG image data, 197 x 125, 8-bit/color RGBA, non-interlaced Hash19d27007325b542d03ed84114c05a3db 6ba9d5f6006fd0f2e46ed0198636ddd614adaa8c 9334526aab708c62fb488a186ca20acb8fb27e092c377e121ce59c33bf4917f3
GET /surly/images/platforms/jml.png HTTP/1.1
Host: cdn.sur.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://safe.sur.ly/
DNT: 1
Connection: keep-alive
Cookie: _ga_L04HQHN9RZ=GS1.1.1742673065.1.0.1742673065.0.0.0; _ga=GA1.1.1027815748.1742673065
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:05 GMT
content-type: image/png
content-length: 10602
last-modified: Mon, 13 Jun 2022 04:23:22 GMT
etag: "62a6bbba-296a"
expires: Sat, 22 Mar 2025 06:48:32 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 2300440
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qhv4a28EYXOwRQqw4NBXvvdeglhkEWaZz%2Bdtkz35mX3loarSeSaT%2Bd76XOPag1XOBrni5JQxQE8IbWNItOJcR0Lc84j0RTSSoNcm7FxzMmB0QkxWNhnfsFfwmfGG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 924838c0fa31fba6-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24491&min_rtt=20621&rtt_var=8399&sent=25&recv=10&lost=0&retrans=0&sent_bytes=17166&recv_bytes=1820&delivery_rate=397417&cwnd=12000&unsent_bytes=0&cid=e2e5f9f35026950d&ts=443&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| www.gstatic.com/recaptcha/releases/bUO1BXI8H9PgjAPSW9hwuSeI/recaptcha__en.js | 142.250.74.99 | 200 OK | 561 kB |
URL GET www.gstatic.com/recaptcha/releases/bUO1BXI8H9PgjAPSW9hwuSeI/recaptcha__en.js IP142.250.74.99:443
Requested byhttps://www.google.com/recaptcha/api2/webworker.js?hl=en&v=bUO1BXI8H9PgjAPSW9hwuSeI CertificateIssuerGoogle Trust Services Subject*.gstatic.com Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT
Size561 kB (560963 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /recaptcha/releases/bUO1BXI8H9PgjAPSW9hwuSeI/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
timing-allow-origin: *
content-length: 220514
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 22 Mar 2025 08:50:15 GMT
expires: Sun, 22 Mar 2026 08:50:15 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 17 Mar 2025 04:01:22 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 39658
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| data.nanswap.com/get-markets | 172.67.171.131 | 200 OK | 935 B |
URL GET data.nanswap.com/get-markets IP172.67.171.131:443
Requested byhttps://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy CertificateIssuerGoogle Trust Services Subjectnanswap.com Fingerprint94:2A:7A:41:6D:BF:DA:41:BF:1A:3F:68:DF:5E:9F:40:4E:7C:CC:49 ValiditySat, 08 Feb 2025 13:38:27 GMT - Fri, 09 May 2025 14:36:29 GMT
File typeASCII text, with very long lines (1015), with no line terminators Hashe1eb9b75242f14bc8610cf5ceeeeb5e0 7cac37a0ea3c1871dfb8ccbf5afb71d7833269a5 642d29ffc34478f3b24b0efd9ce12db05adb1315c2c490093b7a7c7675fb3d39
GET /get-markets HTTP/1.1
Host: data.nanswap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nanswap.com/
Origin: https://nanswap.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:13 GMT
content-type: application/json; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With,content-type
access-control-allow-credentials: true
etag: W/"3a7-B9MjpAy2w5+APBU/honfbYXj760"
cache-control: max-age=10
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CRv7AzMhRb0HRivQl0iHF%2F8KwC6RXH7F3IlXLAhwYhCgUWYpNWYXucPpAu9TAUrXY4O0Qt%2FX4OrHdX4LxgKQAXYQRb5xoGPyqqqzWIX8vActZXTYk1wze5Qhr87bzTGEqNYx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924838f59cbff5cb-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19583&min_rtt=19499&rtt_var=3199&sent=10&recv=12&lost=0&retrans=0&sent_bytes=4068&recv_bytes=1288&delivery_rate=219649&cwnd=254&unsent_bytes=0&cid=5daf4b043b55cded&ts=244&x=0"
X-Firefox-Spdy: h2
|
|
| safe.sur.ly/external?url=myadboardtraffic.com%2Fclick.php%253Fid%253D41094&forceHttps=0&panel_lang=en | 54.173.41.122 | 302 Found | 264 B |
URL GET safe.sur.ly/external?url=myadboardtraffic.com%2Fclick.php%253Fid%253D41094&forceHttps=0&panel_lang=en IP54.173.41.122:443
Requested byhttps://safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 CertificateIssuerLet's Encrypt Subjectsafe.sur.ly Fingerprint4D:74:5A:BA:CC:00:FB:97:33:C1:73:06:D0:2D:75:2E:76:64:F8:27 ValidityTue, 21 Jan 2025 17:57:33 GMT - Mon, 21 Apr 2025 17:57:32 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /external?url=myadboardtraffic.com%2Fclick.php%253Fid%253D41094&forceHttps=0&panel_lang=en HTTP/1.1
Host: safe.sur.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094
DNT: 1
Connection: keep-alive
Cookie: visitor_id=3a4473efc7989f27891b2c15f6b4ac18aeda9bdd; surl_panel=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx/1.14.2
date: Sat, 22 Mar 2025 19:51:04 GMT
content-type: text/html; charset=utf-8
location: https://myadboardtraffic.com/click.php?id=41094
referrer-policy: origin-when-cross-origin
X-Firefox-Spdy: h2
|
|
| zerads.com/ad/ad.php?width=468&ref=524 | 162.0.208.108 | 200 OK | 1.5 kB |
URL GET zerads.com/ad/ad.php?width=468&ref=524 IP162.0.208.108:443
Requested byhttps://cryptofaucets.eti.pw/ CertificateIssuerLet's Encrypt Subjectzerads.com Fingerprint84:5E:29:60:A2:00:90:F8:0F:6F:92:69:02:8F:0A:EB:BB:5A:17:CA ValidityThu, 20 Mar 2025 00:58:45 GMT - Wed, 18 Jun 2025 00:58:44 GMT
File typeHTML document, ASCII text, with very long lines (1592), with no line terminators Hashdc1d753a24099e53f85ae7117d0cca12 7145d3d504841c09d6194ea6b1ca54a9adb45f98 1eb5b609821fb5404cd802fec112ddc20a35b9abed2b4b0816bde9f05732ba05
GET /ad/ad.php?width=468&ref=524 HTTP/1.1
Host: zerads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptofaucets.eti.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:12 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 696
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| ads.eti.pw/banners | 85.130.81.193 | 200 OK | 5.5 kB |
IP85.130.81.193:443 ASN#13124 A1 Bulgaria EAD
Requested byhttps://cryptofaucets.eti.pw/ CertificateIssuerLet's Encrypt Subjecteti.pw Fingerprint39:F1:E5:BF:E3:BF:59:E4:5A:D6:3E:DD:20:31:DA:BC:DA:87:6F:26 ValidityThu, 13 Mar 2025 13:26:20 GMT - Wed, 11 Jun 2025 13:26:19 GMT
File typeHTML document, ASCII text, with very long lines (5589), with no line terminators Hash8e7abd929b4dbb6b52e67f0e842006ed 218806d482a2a9712872680507953b49f401a83b 06c219dea8ec263c344086865ea52cc875e0d03ed4610915725efa78b29b0dcf
GET /banners HTTP/1.1
Host: ads.eti.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptofaucets.eti.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:12 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1746
Keep-Alive: timeout=5, max=50000
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| trafstock.ru/ads/api.php | 185.114.245.108 | 200 OK | 35 B |
IP185.114.245.108:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerLet's Encrypt Subjecttrafstock.ru Fingerprint1C:0B:08:C6:45:5A:1E:30:2E:64:86:C8:AD:B0:6C:84:E4:DE:B6:E4 ValidityFri, 28 Feb 2025 16:40:26 GMT - Thu, 29 May 2025 16:40:25 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash5a38e6d0aa8d50cedd56b72b43932d08 d86b64f04831518ccb7bff99aa0d5a870ed18b68 dfdc717bbc3bb339945b2ef730af31ae663d8d56cea9cc230e6d34072d989f48
POST /ads/api.php HTTP/1.1
Host: trafstock.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 43
Origin: https://sofiahalbofanimeworld.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.26.3
date: Sat, 22 Mar 2025 19:51:09 GMT
content-type: text/html; charset=UTF-8
content-length: 35
access-control-allow-headers: *
access-control-allow-origin: *
x-frame-options: DENY
access-control-allow-methods: GET, POST, OPTIONS,JSON
set-cookie: PHPSESSID=330efe322a7dfba13543a3445b2212d8; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
X-Firefox-Spdy: h2
|
|
| trafficadbar.com/bar/page2.php?a=sofiahalbof&b=252&c=90&d=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F2021%2F07%2Fblog-post.html&e=%23ffffff&f=%23AC0101&g=%23f8f8f8&h=%23000000&i=%237c8e06&ref1=https%3A%2F%2Fllclick.com%2F&stg=2&ww=252&wh=90&ref=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F | 3.229.155.117 | 200 OK | 1.2 kB |
URL GET trafficadbar.com/bar/page2.php?a=sofiahalbof&b=252&c=90&d=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F2021%2F07%2Fblog-post.html&e=%23ffffff&f=%23AC0101&g=%23f8f8f8&h=%23000000&i=%237c8e06&ref1=https%3A%2F%2Fllclick.com%2F&stg=2&ww=252&wh=90&ref=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F IP3.229.155.117:443
Requested byhttps://trafficadbar.com/bar/page.php?a=sofiahalbof&b=252&c=90&e=%23ffffff&f=%23AC0101&g=%23f8f8f8&h=%23000000&i=%237c8e06&d=https%3A//sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html&ref1=https%3A//llclick.com/ CertificateIssuerAmazon Subjecttrafficadbar.com Fingerprint4A:C5:E8:C2:D5:BE:F7:04:3C:95:C0:E9:E0:CF:50:81:F5:34:41:D9 ValidityFri, 30 Aug 2024 00:00:00 GMT - Sat, 27 Sep 2025 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (1211), with no line terminators Hasha85b7fad6173c639d249c619c4555f5d a41c8efdffa8f8edd65c3fb0eb2b1d3c080433c7 1f783c367c940f323524055f68357cbdc03e8e540b80e299e1e215587c6f77a8
GET /bar/page2.php?a=sofiahalbof&b=252&c=90&d=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F2021%2F07%2Fblog-post.html&e=%23ffffff&f=%23AC0101&g=%23f8f8f8&h=%23000000&i=%237c8e06&ref1=https%3A%2F%2Fllclick.com%2F&stg=2&ww=252&wh=90&ref=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F HTTP/1.1
Host: trafficadbar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://trafficadbar.com/bar/page.php?a=sofiahalbof&b=252&c=90&e=%23ffffff&f=%23AC0101&g=%23f8f8f8&h=%23000000&i=%237c8e06&d=https%3A//sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html&ref1=https%3A//llclick.com/
DNT: 1
Connection: keep-alive
Cookie: sou=eyJyIjoiaHR0cHM6XC9cL3NvZmlhaGFsYm9mYW5pbWV3b3JsZC5ibG9nc3BvdC5jb21cLzIwMjFcLzA3XC9ibG9nLXBvc3QuaHRtbCIsInUiOiJzb2ZpYWhhbGJvZiJ9
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:10 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.26.1
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: referrer_username=sofiahalbof; expires=Fri, 02-Jan-1970 03:46:40 GMT; Max-Age=0; path=/; secure; httponly; samesite=none
referred_from_website=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F2021%2F07%2Fblog-post.html; expires=Fri, 02-Jan-1970 03:46:40 GMT; Max-Age=0; path=/; secure; httponly; samesite=none
referrer_source=wbar; expires=Fri, 02-Jan-1970 03:46:40 GMT; Max-Age=0; path=/; secure; httponly; samesite=none
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| webtrafbit.ru/img/payment-sprite.png | 185.105.111.32 | 200 OK | 139 kB |
URL GET webtrafbit.ru/img/payment-sprite.png IP185.105.111.32:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
File typePNG image data, 1400 x 70, 8-bit/color RGBA, interlaced Size139 kB (138784 bytes) Hash193cb4a59b8b5764ad631dd2575bafed 2fc5a48f6cdb79f1a82a523a6e695e2c88ea6bf2 2f11bf69ce4f2b9be935990d6d9eb1798aa4a50771cfc5e7df43247f19a15cb1
GET /img/payment-sprite.png HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/css/main.css?v=9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:10 GMT
Content-Type: image/png
Content-Length: 138784
Last-Modified: Thu, 05 Dec 2024 10:07:24 GMT
Connection: keep-alive
ETag: "67517b5c-21e20"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
|
|
| imageshare.eti.pw/i/6353a96adb84afbb1e47a79d963df08c.png | 85.130.81.193 | 200 OK | 24 kB |
URL GET imageshare.eti.pw/i/6353a96adb84afbb1e47a79d963df08c.png IP85.130.81.193:443 ASN#13124 A1 Bulgaria EAD
Requested byhttps://ads.eti.pw/300x250banners CertificateIssuerLet's Encrypt Subjecteti.pw Fingerprint39:F1:E5:BF:E3:BF:59:E4:5A:D6:3E:DD:20:31:DA:BC:DA:87:6F:26 ValidityThu, 13 Mar 2025 13:26:20 GMT - Wed, 11 Jun 2025 13:26:19 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Hash6353a96adb84afbb1e47a79d963df08c 220e3d062d686da5b51d8666c459c1f95b9520b7 0a52f05e6f7f93764479bc29b33df4760e7f5ca8801a83d7e778a1f7783d6591
GET /i/6353a96adb84afbb1e47a79d963df08c.png HTTP/1.1
Host: imageshare.eti.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ads.eti.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:14 GMT
Server: Apache
Last-Modified: Wed, 28 Aug 2024 20:20:06 GMT
ETag: "5e04-620c4157b3234"
Accept-Ranges: bytes
Content-Length: 24068
Keep-Alive: timeout=5, max=50000
Connection: Keep-Alive
Content-Type: image/png
|
|
| cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js | 104.17.24.14 | 200 OK | 86 kB |
URL GET cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js IP104.17.24.14:443
Requested byhttps://llclick.com/9cnxhff7/verytenoi CertificateIssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32 ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT
File typeJavaScript source, ASCII text, with very long lines (32065) Hash2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llclick.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:06 GMT
content-type: application/javascript; charset=utf-8
content-length: 26909
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-14e4a"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 744226
expires: Thu, 12 Mar 2026 19:51:06 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=55dVezgfm4lNIwZDBnz7rEJRQcCkFzMlWssrZ08G5nj4N33yp98kv1MYFBF2IsLeT6tpJP%2B06OfhKV8ZZXNn2NAjas7R%2Fy9vYsOGRFQcuIGjWyLoYXDQtqZuykfsskWLekR2ECND"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 924838c9a939b50b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.blogger.com/_/scs/mss-static/_/js/k=boq-blogger.BloggerCommentUi.en.oKIMd9HUh2w.es5.O/ck=boq-blogger.BloggerCommentUi.BnO9S1S6xfw.L.F4.O/am=DYABzA/d=1/exm=A7fCU,BVgquf,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,PrPYRd,QIhFr,RMhBfe,RyvaUb,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,WO9ee,XVMNvd,Z5uLle,ZDZcre,ZwDk9d,_b,_tp,aW3pY,byfTOb,e5qFLc,eD1YLc,gZjhIf,gychg,hKSk3e,hc6Ubd,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,pjICDe,pw70Gc,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,zbML3c,zr1jrb/excm=_b,_tp,commentformiframeview/ed=1/wt=2/ujg=1/rs=AEy-KP3SZ2TDiTFHfl66VVVJknfv1Fi0gw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=VXdfxd,fgib1c,YwHGTd,pxq3x | 172.217.21.169 | 200 OK | 203 B |
URL GET www.blogger.com/_/scs/mss-static/_/js/k=boq-blogger.BloggerCommentUi.en.oKIMd9HUh2w.es5.O/ck=boq-blogger.BloggerCommentUi.BnO9S1S6xfw.L.F4.O/am=DYABzA/d=1/exm=A7fCU,BVgquf,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,PrPYRd,QIhFr,RMhBfe,RyvaUb,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,WO9ee,XVMNvd,Z5uLle,ZDZcre,ZwDk9d,_b,_tp,aW3pY,byfTOb,e5qFLc,eD1YLc,gZjhIf,gychg,hKSk3e,hc6Ubd,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,pjICDe,pw70Gc,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,zbML3c,zr1jrb/excm=_b,_tp,commentformiframeview/ed=1/wt=2/ujg=1/rs=AEy-KP3SZ2TDiTFHfl66VVVJknfv1Fi0gw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=VXdfxd,fgib1c,YwHGTd,pxq3x IP172.217.21.169:443
Requested byhttps://www.blogger.com/comment/frame/3405693820859981231?po=4364866522047349775&hl=en&blogspotRpcToken=6538628#%7B%22color%22:%22rgb(102,%20102,%20102)%22,%22backgroundColor%22:%22rgb(61,%20133,%20198)%22,%22unvisitedLinkColor%22:%22rgb(61,%20116,%20165)%22,%22fontFamily%22:%22Arial,%20Tahoma,%20Helvetica,%20FreeSans,%20sans-serif%22%7D CertificateIssuerGoogle Trust Services Subject*.blogger.com Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79 ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT
File typeJavaScript source, ASCII text, with no line terminators Hash4fac8a14ab29f3fdbc4905d73fc77f4e 85d176a41900f661e8593ff37c5690842c3dd6b8 2be2be9c47ada590ed1f8121c40233de29ec09f72e24c15eeca6b9d1e8c6ec80
GET /_/scs/mss-static/_/js/k=boq-blogger.BloggerCommentUi.en.oKIMd9HUh2w.es5.O/ck=boq-blogger.BloggerCommentUi.BnO9S1S6xfw.L.F4.O/am=DYABzA/d=1/exm=A7fCU,BVgquf,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,PrPYRd,QIhFr,RMhBfe,RyvaUb,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,WO9ee,XVMNvd,Z5uLle,ZDZcre,ZwDk9d,_b,_tp,aW3pY,byfTOb,e5qFLc,eD1YLc,gZjhIf,gychg,hKSk3e,hc6Ubd,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,pjICDe,pw70Gc,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,zbML3c,zr1jrb/excm=_b,_tp,commentformiframeview/ed=1/wt=2/ujg=1/rs=AEy-KP3SZ2TDiTFHfl66VVVJknfv1Fi0gw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=VXdfxd,fgib1c,YwHGTd,pxq3x HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/blogger-boq-js-css-signers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="boq-infra/blogger-boq-js-css-signers"
report-to: {"group":"boq-infra/blogger-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/blogger-boq-js-css-signers"}]}
content-length: 154
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 21 Mar 2025 03:01:31 GMT
expires: Sat, 21 Mar 2026 03:01:31 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 20 Mar 2025 05:08:43 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 146980
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| nanswap.com/_next/static/css/a9d4dbf3782267d5.css | 104.21.95.229 | 200 OK | 563 kB |
URL GET nanswap.com/_next/static/css/a9d4dbf3782267d5.css IP104.21.95.229:443
Requested byhttps://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy CertificateIssuerGoogle Trust Services Subjectnanswap.com Fingerprint94:2A:7A:41:6D:BF:DA:41:BF:1A:3F:68:DF:5E:9F:40:4E:7C:CC:49 ValiditySat, 08 Feb 2025 13:38:27 GMT - Fri, 09 May 2025 14:36:29 GMT
Size563 kB (562739 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /_next/static/css/a9d4dbf3782267d5.css HTTP/1.1
Host: nanswap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:12 GMT
content-type: text/css; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n%2BwKa3csZTHuibMdElhg5fbDIpr5vibm%2FiIn8MIR4cWypI7cCWtvijF2vXY7xls9E7vZZUp%2BvCLVMMs3udiHK0DC1h9DLS2A%2BZllgcUQIhoAeqA89ifwn613cUU%2FdA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000, immutable
last-modified: Sun, 16 Mar 2025 11:06:16 GMT
etag: W/"89633-1959ea21115"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 549772
cf-ray: 924838ededf9f5b0-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400
|
|
| directurl.link/images/39386751_icon.png | 185.26.107.57 | 200 OK | 633 B |
URL GET directurl.link/images/39386751_icon.png IP185.26.107.57:443 ASN#24935 Eurofiber France SAS
Requested byhttps://zerads.com/ad/ad.php?width=300&ref=524 CertificateIssuerLet's Encrypt Subjectdirecturl.link FingerprintBA:AF:CD:75:CA:69:D3:F9:F9:12:16:1E:62:25:CF:CB:24:DE:09:75 ValidityThu, 13 Mar 2025 21:30:28 GMT - Wed, 11 Jun 2025 21:30:27 GMT
File typePNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced Hashe866d373f3711721ba5cb478a4d25a86 0db08f52fba2ab0bcde38da6d131c252bd26ccb3 58eb80fa685f79fb1ab96256b36b9753dd4b2d678f97d1f5b6bfb6b9fe5c3f7c
GET /images/39386751_icon.png HTTP/1.1
Host: directurl.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zerads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 22 Mar 2025 19:51:13 GMT
content-type: image/png
content-length: 633
last-modified: Fri, 03 Jan 2025 06:16:25 GMT
etag: "279-62ac737ed1347"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| llsvr.com/imgad/digidave.a.121751.jpg | 104.21.80.1 | 200 OK | 28 kB |
URL GET llsvr.com/imgad/digidave.a.121751.jpg IP104.21.80.1:443
Requested byhttps://w.leadsleap.com/php.php?ll_r=sofiahalbof&ll_id=w38245&ll_sr=&ll_f=0&ll_tbo=&ll_hc=%23e22121&ll_tc=%23555a69&ll_cc=%238d9aa6&ll_bc=%23ffffff&ll_dc=%238891a8&ll_w=300&ll_fh=auto&ll_h=250&ll_b=&ll_n=6&ll_fs=&ll_ff=&ll_pa=0&ll_bgc=&ll_s=w&ll_br=&ll_cl=&ll_nc=1&ll_nf=0&ll_nh=0&ll_nm=0&ll_np=1&ll_fo=&ll_no=&ll_so=&ll_nt=0&ll_wt=1&ll_url=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F2021%2F07%2Fblog-post.html&ll_rf=https%3A%2F%2Fllclick.com%2F CertificateIssuerGoogle Trust Services Subjectllsvr.com Fingerprint33:05:B0:89:29:B4:C7:19:B9:8C:D3:F7:38:EB:1E:CB:34:26:32:4E ValidityMon, 24 Feb 2025 12:10:45 GMT - Sun, 25 May 2025 13:07:07 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 375x250, components 3 Hash0c3616198d39e561c560b9b431cf91af 11d70b05859d1cb2fd8c35c39f11b071d1ccfae3 14ee035ecd1efb53459db77f3c6c5e4437f4dff02e7a581901c7d3fbe129f3b9
GET /imgad/digidave.a.121751.jpg HTTP/1.1
Host: llsvr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://w.leadsleap.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:19 GMT
content-type: image/jpeg
content-length: 28499
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VMUNiqqcF60EjwKrRElGvwQa3fIYvaC8J%2BUA555%2Fcjjv36K8XVuY5kBzoMtUjgL9IwNQ63dObMAhOtcdBJjEVG7%2FV2QNG3htB2l84AFtTIYaLgsWgfNS4epHy6k%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 29 Aug 2023 10:59:35 GMT
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
cf-ray: 92483918df8df5ba-AMS
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
|
|
| cdn.sur.ly/css/panel.css | 188.114.97.1 | 200 OK | 16 kB |
IP188.114.97.1:443
Requested byhttps://safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 CertificateIssuerGoogle Trust Services Subjectsur.ly Fingerprint17:2E:23:F4:D1:D3:72:DA:15:57:5C:15:19:57:02:1C:54:E7:BF:EA ValidityWed, 29 Jan 2025 22:49:29 GMT - Tue, 29 Apr 2025 23:47:50 GMT
Hashdabd7914201c99152ade8ffba66e9a94 8f82f969612e5bf02ac3b28bc8dfe0b2d726020c 4b749eab2e9b2bf389141ac68a0fa8fb0c68cef26733b27f6dfc03ad72ea0d4e
GET /css/panel.css HTTP/1.1
Host: cdn.sur.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://safe.sur.ly/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:04 GMT
content-type: text/css
last-modified: Mon, 13 Jun 2022 04:23:22 GMT
vary: Accept-Encoding
etag: W/"62a6bbba-4026"
expires: Sun, 23 Mar 2025 06:12:49 GMT
cache-control: max-age=2592000
content-encoding: gzip
cf-cache-status: HIT
age: 120100
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MtKHInFdXfEGE%2BVbK7MHIxBGD1TL2IaNM6uTq4gISm3l1aI9chOgZjbnaIq9aChXGfwxi7RVm2Trt71U1H5kE4LPEMWi053fWBz%2F4iK4GAsKHGpFU1Iz6UMRj%2Ft9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924838be2a39f5d1-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19867&min_rtt=19634&rtt_var=1212&sent=43&recv=18&lost=0&retrans=0&sent_bytes=42788&recv_bytes=1633&delivery_rate=1084675&cwnd=194&unsent_bytes=0&cid=61cff6960f508c98&ts=73&x=0"
X-Firefox-Spdy: h2
|
|
| cryptocoinsad.com/banner/ads_banner/26834.png | 104.21.16.1 | 200 OK | 142 kB |
URL GET cryptocoinsad.com/banner/ads_banner/26834.png IP104.21.16.1:443
Requested byhttps://traffic2bitcoin.com/ptp.php?ref=sofiahalbof&sitetype=1 CertificateIssuerGoogle Trust Services Subjectcryptocoinsad.com Fingerprint49:43:C9:E1:A7:26:72:FE:F8:54:F0:1A:87:11:ED:89:1D:78:F1:5C ValidityThu, 13 Feb 2025 16:47:34 GMT - Wed, 14 May 2025 17:46:15 GMT
File typePNG image data, 728 x 90, 8-bit/color RGB, non-interlaced Size142 kB (142047 bytes) Hash6d7c8bb7928ac90e0ee70a9a275fb443 ef6cf54cbe7da434b38a0070c507ebccc6b8ee46 7f3c2228c96253957b887ecf5e5300d625f04068d11dd31442d98052b3fb23cb
GET /banner/ads_banner/26834.png HTTP/1.1
Host: cryptocoinsad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://traffic2bitcoin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:10 GMT
content-type: image/png
content-length: 142047
last-modified: Sun, 03 Sep 2023 23:14:51 GMT
etag: "64f5136b-22adf"
cache-control: max-age=10800
cf-cache-status: HIT
age: 4556
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AWuzxqM06H4ujISbfDmtS4Al7yXFTsp4tcrjBKvrZBwNOCNF8hZv0eWXnBo2D5h%2B9lRrhANXpf%2BH2rT2LpvLvOlem2KMALF3ZRZHvflafcJhtndMByYNrwYzYGdC7hgR6ZVedw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 924838e4aa41f5e3-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19499&min_rtt=19398&rtt_var=2431&sent=54&recv=14&lost=0&retrans=0&sent_bytes=67419&recv_bytes=1524&delivery_rate=222575&cwnd=184&unsent_bytes=31856&cid=8ce5d9622f073f54&ts=196&x=0"
X-Firefox-Spdy: h2
|
|
| www.google.com/recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu | 142.250.74.68 | 200 OK | 1.1 kB |
URL GET www.google.com/recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu IP142.250.74.68:443
Requested byhttps://www.blogger.com/comment/frame/3405693820859981231?po=4364866522047349775&hl=en&blogspotRpcToken=6538628#%7B%22color%22:%22rgb(102,%20102,%20102)%22,%22backgroundColor%22:%22rgb(61,%20133,%20198)%22,%22unvisitedLinkColor%22:%22rgb(61,%20116,%20165)%22,%22fontFamily%22:%22Arial,%20Tahoma,%20Helvetica,%20FreeSans,%20sans-serif%22%7D CertificateIssuerGoogle Trust Services Subjectwww.google.com Fingerprint2F:CC:05:C5:14:C4:CD:A4:26:05:31:F9:67:40:7C:D3:39:74:34:0C ValidityMon, 10 Mar 2025 08:37:46 GMT - Mon, 02 Jun 2025 08:37:45 GMT
File typeJavaScript source, ASCII text, with very long lines (1095), with no line terminators Hash933fc61e44dd71a33f2d50be85770ace 39b9c83ba9b8b30c913acb13d9a77185c4b256f2 62b69fc798d497fb232da2a1c73d0e5bfae5600636b9b0d36ab9babb6f37d162
GET /recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Sat, 22 Mar 2025 19:51:11 GMT
date: Sat, 22 Mar 2025 19:51:11 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.sur.ly/js/device.js | 188.114.97.1 | 200 OK | 2.6 kB |
IP188.114.97.1:443
Requested byhttps://safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 CertificateIssuerGoogle Trust Services Subjectsur.ly Fingerprint17:2E:23:F4:D1:D3:72:DA:15:57:5C:15:19:57:02:1C:54:E7:BF:EA ValidityWed, 29 Jan 2025 22:49:29 GMT - Tue, 29 Apr 2025 23:47:50 GMT
File typeJavaScript source, ASCII text, with very long lines (2688), with no line terminators Hashb99ae096a7ca18cf25779b46633302d1 a98bac1fb5869f6ad563f34745ae8d113d51b8cb 9aebe89f9facc5765d7280e7110ca6d296f661791b78c691ea502a7d13fc3d91
GET /js/device.js HTTP/1.1
Host: cdn.sur.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://safe.sur.ly/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:04 GMT
content-type: application/javascript
last-modified: Mon, 13 Jun 2022 04:23:22 GMT
vary: Accept-Encoding
etag: W/"62a6bbba-a2d"
expires: Thu, 27 Mar 2025 09:16:08 GMT
cache-control: max-age=2592000
content-encoding: gzip
cf-cache-status: HIT
age: 231364
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RVosDv1xqNPcArM9Hlpgn3bZFXXvfJM9JRMCcA9DHnAaFcmItzIAeUaZAWX6kL7QUJ8lmYkK1ldE2n2%2B4yg%2BGEXyfDWl%2FtTthzquMfKumk2l7KgeunUfsHXWL4W1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924838be2a22f5d1-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19862&min_rtt=19634&rtt_var=2675&sent=37&recv=15&lost=0&retrans=0&sent_bytes=39992&recv_bytes=1633&delivery_rate=219526&cwnd=192&unsent_bytes=0&cid=61cff6960f508c98&ts=68&x=0"
X-Firefox-Spdy: h2
|
|
| trafstock.ru/ads/new_js.js | 185.114.245.108 | 200 OK | 4.2 kB |
URL GET trafstock.ru/ads/new_js.js IP185.114.245.108:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerLet's Encrypt Subjecttrafstock.ru Fingerprint1C:0B:08:C6:45:5A:1E:30:2E:64:86:C8:AD:B0:6C:84:E4:DE:B6:E4 ValidityFri, 28 Feb 2025 16:40:26 GMT - Thu, 29 May 2025 16:40:25 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (4104), with no line terminators Hash97c14bd21b51fd881fc8ea2757a5d018 2aadacdd5db26e8c19cf16c019c638d90ad0ff15 fcbc7bbfc1c1fb6f46aec64b6e8b614b6c61735ccab21fc594de66f939359790
GET /ads/new_js.js HTTP/1.1
Host: trafstock.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.26.3
date: Sat, 22 Mar 2025 19:51:09 GMT
content-type: application/x-javascript
last-modified: Tue, 18 Mar 2025 13:59:15 GMT
vary: Accept-Encoding
etag: W/"67d97c33-1074"
expires: Sun, 22 Mar 2026 19:51:09 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| webtrafbit.ru/css/main.css?v=9 | 185.105.111.32 | 200 OK | 10 kB |
URL GET webtrafbit.ru/css/main.css?v=9 IP185.105.111.32:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /css/main.css?v=9 HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:09 GMT
Content-Type: text/css
Last-Modified: Sat, 08 Mar 2025 08:12:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"67cbfbd1-281c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000;
Content-Encoding: gzip
|
|
| cryptocoinsad.com/ads/show.php?a=253469&b=398008 | 104.21.16.1 | 200 OK | 418 B |
URL GET cryptocoinsad.com/ads/show.php?a=253469&b=398008 IP104.21.16.1:443
Requested byhttps://free-btc.org/banner/u=sofiahalbof/size=728x90 CertificateIssuerGoogle Trust Services Subjectcryptocoinsad.com Fingerprint49:43:C9:E1:A7:26:72:FE:F8:54:F0:1A:87:11:ED:89:1D:78:F1:5C ValidityThu, 13 Feb 2025 16:47:34 GMT - Wed, 14 May 2025 17:46:15 GMT
File typeHTML document, ASCII text, with very long lines (448), with no line terminators Hashbf4cc96dbe853f796c5835edad22d19b 46bf3ff9d5645687abcd1727a9f9cf7d0e254429 abe03d6cab2ce1f32ce090ffb306106f28a454a09df27b5dd259b4d501b0ab47
GET /ads/show.php?a=253469&b=398008 HTTP/1.1
Host: cryptocoinsad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://free-btc.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:10 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.24-0ubuntu0.18.04.17
set-cookie: i_b398008=1; expires=Sat, 22-Mar-2025 20:01:10 GMT; Max-Age=600
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dmTErm59Ku4KtQSDlujMqHuTVRDgscX0cPPtrjphtVWUf0NEpY4SHShdRzzqZqME36VLhwMSrN66aC7U4swLE0l3QI8B3fiCgIZQypS4W%2B1wd8vKFvAtMycURPfhZuwqD9160w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924838e4794ef5e3-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20434&min_rtt=19398&rtt_var=1047&sent=185&recv=64&lost=0&retrans=0&sent_bytes=244058&recv_bytes=1524&delivery_rate=4656884&cwnd=237&unsent_bytes=0&cid=8ce5d9622f073f54&ts=320&x=0"
X-Firefox-Spdy: h2
|
|
| ads.eti.pw/300x250banners | 85.130.81.193 | 200 OK | 5.5 kB |
URL GET ads.eti.pw/300x250banners IP85.130.81.193:443 ASN#13124 A1 Bulgaria EAD
Requested byhttps://cryptofaucets.eti.pw/ CertificateIssuerLet's Encrypt Subjecteti.pw Fingerprint39:F1:E5:BF:E3:BF:59:E4:5A:D6:3E:DD:20:31:DA:BC:DA:87:6F:26 ValidityThu, 13 Mar 2025 13:26:20 GMT - Wed, 11 Jun 2025 13:26:19 GMT
File typeHTML document, ASCII text, with very long lines (5524), with no line terminators Hash9a1a9ff1c0bba7a8bba360a33dc81b00 03ddcd8eaa5afe78c57d732151aeca052698cc82 0509f11d2f75e29976bba8ffb331871a1c51a1c6fd9d409fc0a0aed4b7b0d41f
GET /300x250banners HTTP/1.1
Host: ads.eti.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptofaucets.eti.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:12 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1712
Keep-Alive: timeout=5, max=50000
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| video.agenteimmobiliare.info/api/video/tag?sourceId=56813&tmax=500&video-skipafter=5&count=3&tagId=n2j4699ef2ieak92&site-domain=free-btc.org&site-page=https%3A%2F%2Ffree-btc.org%2Fbanner%2Fu%3Dsofiahalbof%2Fsize%3D728x90 | 104.21.112.1 | 200 OK | 21 B |
URL GET video.agenteimmobiliare.info/api/video/tag?sourceId=56813&tmax=500&video-skipafter=5&count=3&tagId=n2j4699ef2ieak92&site-domain=free-btc.org&site-page=https%3A%2F%2Ffree-btc.org%2Fbanner%2Fu%3Dsofiahalbof%2Fsize%3D728x90 IP104.21.112.1:443
Requested byhttps://imasdk.googleapis.com/js/core/bridge3.688.0_en.html?gdpr=1#fid=goog_1371763289 CertificateIssuerGoogle Trust Services Subjectagenteimmobiliare.info Fingerprint65:CE:B5:B3:06:6A:E6:66:55:C1:49:E1:0A:97:6C:C4:F2:DA:85:50 ValiditySat, 08 Mar 2025 10:05:37 GMT - Fri, 06 Jun 2025 11:03:43 GMT
File typeASCII text, with no line terminators Hash7d077ebc812e4e0ba4afd3325b2568b1 2f3651ce87cb48b97f70e99f53b04c342af19ea2 c00ccd1f6b5e5b2eb8decd90f039fdb5b98419620d3c11668326870eeb9297f4
GET /api/video/tag?sourceId=56813&tmax=500&video-skipafter=5&count=3&tagId=n2j4699ef2ieak92&site-domain=free-btc.org&site-page=https%3A%2F%2Ffree-btc.org%2Fbanner%2Fu%3Dsofiahalbof%2Fsize%3D728x90 HTTP/1.1
Host: video.agenteimmobiliare.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
DNT: 1
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:13 GMT
content-type: text/xml
content-length: 21
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pNIrU6RQ9030GjYbM%2BFgJy8ElXRdMoJxQi0OMbZtKb4LZ4bKk%2B08Vqiw2GpHBMuXgquBMJ%2BvF3V6zOB5DjZ%2BeasnXa8N1XbdL7oQsSMWznvYeJGHf0QFBTBUl6GWlfPJxiqJHY1FBrHQUBb3KQBZ"}],"group":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
cf-ray: 924838f3cddbf5e2-AMS
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
|
|
| cdn.sur.ly/surly/images/platforms/php.png | 188.114.97.1 | 200 OK | 8.9 kB |
URL GET cdn.sur.ly/surly/images/platforms/php.png IP188.114.97.1:443
Requested byhttps://safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 CertificateIssuerGoogle Trust Services Subjectsur.ly Fingerprint17:2E:23:F4:D1:D3:72:DA:15:57:5C:15:19:57:02:1C:54:E7:BF:EA ValidityWed, 29 Jan 2025 22:49:29 GMT - Tue, 29 Apr 2025 23:47:50 GMT
File typePNG image data, 197 x 125, 8-bit/color RGBA, non-interlaced Hash2c23080e5e2e39ec3fc99129296d0509 83c46996d56692638169f141d15ad2aa896d4a20 e9ef34893838925145587ebbe5b08934b1347536adcdadfbb1cf59086fdb1bd5
GET /surly/images/platforms/php.png HTTP/1.1
Host: cdn.sur.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://safe.sur.ly/
DNT: 1
Connection: keep-alive
Cookie: _ga_L04HQHN9RZ=GS1.1.1742673065.1.0.1742673065.0.0.0; _ga=GA1.1.1027815748.1742673065
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:05 GMT
content-type: image/png
content-length: 8876
last-modified: Mon, 13 Jun 2022 04:23:22 GMT
etag: "62a6bbba-22ac"
expires: Wed, 26 Mar 2025 06:13:51 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 853348
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0BoICO%2FpNSJGtyEyxFq62io%2BtVU%2B9AlBtZVxxDGMOhYnqwvQYo3vhaUvaphFbnRouX0XLv8hBnm1OwQPqnH1CtPv13o2kKoBg%2Fendz%2BswP252gpy%2BFSW3m4Me1UO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 924838c1ed07fba6-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24492&min_rtt=20621&rtt_var=6582&sent=45&recv=14&lost=0&retrans=0&sent_bytes=37415&recv_bytes=2610&delivery_rate=415753&cwnd=12000&unsent_bytes=0&cid=e2e5f9f35026950d&ts=593&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| 4.bp.blogspot.com/-3dtLoTEiEng/ZL2Kv4Wp5ZI/AAAAAAABV3E/kYEcmDIMY1AEZprbAHdYD2vbFzr_Q2l9wCK4BGAYYCw/s35/401576_104778249658503_100003789847581_16554_1991487789_n.jpg | 142.250.74.97 | 200 OK | 1.4 kB |
URL GET 4.bp.blogspot.com/-3dtLoTEiEng/ZL2Kv4Wp5ZI/AAAAAAABV3E/kYEcmDIMY1AEZprbAHdYD2vbFzr_Q2l9wCK4BGAYYCw/s35/401576_104778249658503_100003789847581_16554_1991487789_n.jpg IP142.250.74.97:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerGoogle Trust Services Subjectmisc-sni.blogspot.com FingerprintEE:A5:D6:A7:7C:19:95:69:19:BA:C1:C3:58:8B:D0:60:33:9E:21:A8 ValidityMon, 10 Mar 2025 08:36:41 GMT - Mon, 02 Jun 2025 08:36:40 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 35x35, components 3 Hashb4de74217e89f1eab2cd656533624d22 208f0c84d9436c7255244a3e63c8b818457b1218 4fd8eda9fa4f6ace2fe9270198af1dbbacdf0115088f1d4d608ea7002f40d93d
GET /-3dtLoTEiEng/ZL2Kv4Wp5ZI/AAAAAAABV3E/kYEcmDIMY1AEZprbAHdYD2vbFzr_Q2l9wCK4BGAYYCw/s35/401576_104778249658503_100003789847581_16554_1991487789_n.jpg HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="401576_104778249658503_100003789847581_16554_1991487789_n.jpg"
x-content-type-options: nosniff
server: fife
content-length: 1442
x-xss-protection: 0
date: Sat, 22 Mar 2025 19:36:34 GMT
expires: Sun, 23 Mar 2025 19:36:34 GMT
cache-control: public, max-age=86400, no-transform
age: 875
etag: "v15773"
content-type: image/jpeg
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ad2bitcoin.com/adqlt.php?ref=sofiahalbof&keycode=7303 | 162.0.208.108 | 200 OK | 0 B |
URL GET ad2bitcoin.com/adqlt.php?ref=sofiahalbof&keycode=7303 IP162.0.208.108:443
Requested byhttps://ad2bitcoin.com/ad.php?ref=sofiahalbof&width=300 CertificateIssuerLet's Encrypt Subjectwww.ad2bitcoin.com.traffic2bitcoin.com FingerprintEA:A9:21:E3:84:C6:CC:03:54:85:63:79:BD:54:DD:C9:F1:A9:17:93 ValidityThu, 20 Feb 2025 00:58:38 GMT - Wed, 21 May 2025 00:58:37 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /adqlt.php?ref=sofiahalbof&keycode=7303 HTTP/1.1
Host: ad2bitcoin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad2bitcoin.com/ad.php?ref=sofiahalbof&width=300
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:10 GMT
Server: Apache
Vary: User-Agent
Content-Length: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| webtrafbit.ru/banners/cafbc2f5106f0d96a1ccb2fb3a995982.gif | 185.105.111.32 | 200 OK | 206 kB |
URL GET webtrafbit.ru/banners/cafbc2f5106f0d96a1ccb2fb3a995982.gif IP185.105.111.32:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
File typeGIF image data, version 89a, 468 x 60 Size206 kB (206227 bytes) Hashfe7bef93a400dceefd9ea6f41ab0bcad 95bb45e86c8b525207939ba5b873b4eab318ea69 0cce3573abd4dd324e0316000f39be783c1bc470f2a0a2b499ef32cc724e2bff
GET /banners/cafbc2f5106f0d96a1ccb2fb3a995982.gif HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:09 GMT
Content-Type: image/gif
Content-Length: 206227
Last-Modified: Tue, 18 Mar 2025 16:32:30 GMT
Connection: keep-alive
ETag: "67d9a01e-32593"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
|
|
| api.nanswap.com/get-currencies-partner | 51.15.19.228 | 200 OK | 417 kB |
URL GET api.nanswap.com/get-currencies-partner IP51.15.19.228:443 ASN#12876 Scaleway S.a.s.
Requested byhttps://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy CertificateIssuerLet's Encrypt Subjectapi.nanswap.com Fingerprint25:45:A7:50:D8:1A:25:89:A7:B5:32:27:BC:2E:62:3F:75:24:25:69 ValidityWed, 12 Feb 2025 02:49:45 GMT - Tue, 13 May 2025 02:49:44 GMT
Size417 kB (417182 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /get-currencies-partner HTTP/1.1
Host: api.nanswap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nanswap.com/
Origin: https://nanswap.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Sat, 22 Mar 2025 19:51:13 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
RateLimit-Limit: 180
RateLimit-Remaining: 179
RateLimit-Reset: 22
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Access-Control-Allow-Headers: X-Requested-With, content-type, csrf-token
Access-Control-Allow-Credentials: true
Cache-Control: public, max-age=300, s-maxage=300
ETag: W/"65d9e-E2KbaBcwUVd4FdLBJfL6FovfUJo"
Access-Control-Allow-Origin: https://nanswap.com
Content-Encoding: gzip
|
|
| cdn.sur.ly/js/panel.js | 188.114.97.1 | 200 OK | 3.7 kB |
IP188.114.97.1:443
Requested byhttps://safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 CertificateIssuerGoogle Trust Services Subjectsur.ly Fingerprint17:2E:23:F4:D1:D3:72:DA:15:57:5C:15:19:57:02:1C:54:E7:BF:EA ValidityWed, 29 Jan 2025 22:49:29 GMT - Tue, 29 Apr 2025 23:47:50 GMT
File typeJavaScript source, ASCII text, with very long lines (3827), with no line terminators Hashfcc58284ff63be991cfb8964019aa20e 4519dd0f11dfc271c67c53011718510216656451 ba4825e605d3fbaf5d3c4bea15876bf4d8945bd051e8bfcb8cf1f4dc0f576064
GET /js/panel.js HTTP/1.1
Host: cdn.sur.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://safe.sur.ly/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:04 GMT
content-type: application/javascript
last-modified: Mon, 13 Jun 2022 04:23:22 GMT
vary: Accept-Encoding
etag: W/"62a6bbba-e5b"
expires: Thu, 27 Mar 2025 12:32:49 GMT
cache-control: max-age=2592000
content-encoding: gzip
cf-cache-status: HIT
age: 2138975
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=blpqZe504GQd3EI1n%2FQC5QuyHnwzEcFQoE5xVNt5V3UV31R4rOxlZ1ADLX8cJ5rJetMzbYh05GVZvQH1qpZ%2F46VeAFTqOXgWvtqO38ScgHkzeqsD0VHhWG2mAM1P"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924838be3a41f5d1-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19847&min_rtt=19634&rtt_var=2035&sent=40&recv=16&lost=0&retrans=0&sent_bytes=41265&recv_bytes=1633&delivery_rate=219526&cwnd=194&unsent_bytes=0&cid=61cff6960f508c98&ts=73&x=0"
X-Firefox-Spdy: h2
|
|
| myadboardtraffic.com/banner_frame.php | 207.244.71.147 | 200 OK | 300 B |
URL GET myadboardtraffic.com/banner_frame.php IP207.244.71.147:443 ASN#30633 LEASEWEB-USA-WDC
Requested byhttps://myadboardtraffic.com/click.php?id=41094 CertificateIssuerLet's Encrypt Subject*.myadboardtraffic.com FingerprintFA:59:A1:92:50:AC:86:CE:7A:5C:E9:B6:FE:42:5C:12:0E:A5:42:B2 ValidityWed, 19 Mar 2025 13:20:43 GMT - Tue, 17 Jun 2025 13:20:42 GMT
File typeHTML document, ASCII text, with very long lines (314), with no line terminators Hashc045edb1ae2dd168dfa5fc8628da2e0b fa7b21d300b00d63a65cbed9eaca35fca2834ba1 c376a507f44ad4633485c51a4bd71cff0962a7cd52f70d8e9c682dd5272dee45
GET /banner_frame.php HTTP/1.1
Host: myadboardtraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://myadboardtraffic.com/click.php?id=41094
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: frame
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:05 GMT
Server: Apache
Keep-Alive: timeout=5, max=499
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
|
|
| use.fontawesome.com/releases/v5.15.4/css/all.css | 172.67.142.245 | 200 OK | 59 kB |
URL GET use.fontawesome.com/releases/v5.15.4/css/all.css IP172.67.142.245:443
Requested byhttps://llclick.com/9cnxhff7/verytenoi CertificateIssuerGoogle Trust Services Subjectuse.fontawesome.com Fingerprint35:EC:02:D7:73:13:A8:D4:94:28:42:85:E4:B3:7F:06:4F:C4:1B:CE ValidityThu, 06 Mar 2025 00:21:22 GMT - Wed, 04 Jun 2025 01:21:21 GMT
File typeASCII text, with very long lines (59119) Hashecd507b3125edc4d2a03aa6ae5d07da9 a57ee68d11601b0fd8e5037fc241ff65a754473c 99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
GET /releases/v5.15.4/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llclick.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:06 GMT
content-type: text/css
cache-control: max-age=31556926
etag: W/"ecd507b3125edc4d2a03aa6ae5d07da9"
last-modified: Fri, 22 Sep 2023 01:45:24 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 116188
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tB0tB5esoHBn7G7yu1PF2LOvSjL%2BSlef876noCP2yz4Ps8xLHwyCMmfn1pJvaQWzLvaTglkDjGWQjcYyWEVhztp8kD5xNIuL04yzW4%2BqYw0jeTVSLdgiFUxkHVp6NOj3%2B4WKufbr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924838ca5b90fba7-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19509&min_rtt=19449&rtt_var=4194&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3201&recv_bytes=1148&delivery_rate=221170&cwnd=253&unsent_bytes=0&cid=8cdaae43dbeabaa2&ts=62&x=0"
X-Firefox-Spdy: h2
|
|
| zerads.com/ad/ad.php?width=300&ref=524 | 162.0.208.108 | 200 OK | 1.5 kB |
URL GET zerads.com/ad/ad.php?width=300&ref=524 IP162.0.208.108:443
Requested byhttps://cryptofaucets.eti.pw/ CertificateIssuerLet's Encrypt Subjectzerads.com Fingerprint84:5E:29:60:A2:00:90:F8:0F:6F:92:69:02:8F:0A:EB:BB:5A:17:CA ValidityThu, 20 Mar 2025 00:58:45 GMT - Wed, 18 Jun 2025 00:58:44 GMT
File typeHTML document, ASCII text, with very long lines (1587), with no line terminators Hash1a464243773f32688d7297799f52172f 01695c5f227b2a5a620f33bbb487f264dc6a581f ff7c604cb030e45b0ccb5161931e9083861ef8780ff01987d88fc740dc0c244c
GET /ad/ad.php?width=300&ref=524 HTTP/1.1
Host: zerads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptofaucets.eti.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:12 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 697
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| sharemyads.com/view/468/?uid=24687 | 170.249.194.154 | 200 OK | 1.1 kB |
URL GET sharemyads.com/view/468/?uid=24687 IP170.249.194.154:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerLet's Encrypt Subjectmail.sharemyads.com FingerprintFC:E0:4A:23:95:FC:F1:24:F6:72:90:D0:8F:D5:B0:A1:93:14:97:5C ValidityTue, 04 Feb 2025 12:14:52 GMT - Mon, 05 May 2025 12:14:51 GMT
File typeASCII text, with very long lines (1260), with no line terminators Hashb0ca20c5656b3f4104a9dacee8522e34 2492d3b18bacdef8ae2c5bc6076791da0647f449 07d65d843c7299693cd27939803ce9eac033992a671fbf8ad88186f802950bc7
GET /view/468/?uid=24687 HTTP/1.1
Host: sharemyads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:09 GMT
server: Apache/2
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
vary: Accept-Encoding,User-Agent
content-encoding: gzip
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, must-revalidate, private, must-revalidate
content-length: 566
content-type: text/javascript;charset=UTF-8
X-Firefox-Spdy: h2
|
|
| imgad.llsvr.com/mlabiuk.a.170097.jpg | 104.21.80.1 | 200 OK | 15 kB |
URL GET imgad.llsvr.com/mlabiuk.a.170097.jpg IP104.21.80.1:443
Requested byhttps://llclick.com/9cnxhff7/verytenoi CertificateIssuerGoogle Trust Services Subjectllsvr.com Fingerprint33:05:B0:89:29:B4:C7:19:B9:8C:D3:F7:38:EB:1E:CB:34:26:32:4E ValidityMon, 24 Feb 2025 12:10:45 GMT - Sun, 25 May 2025 13:07:07 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 375x250, components 3 Hash8f2b4a11295dc715b04b1a438b6321fa 3552d2e8052eaec71dd815c979982a318d3c590f eabd7e26a30546e735827fb43d8d8cfb516e0a62780c599f49c0f509933df821
GET /mlabiuk.a.170097.jpg HTTP/1.1
Host: imgad.llsvr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llclick.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:07 GMT
content-type: image/jpeg
content-length: 14869
last-modified: Thu, 06 Mar 2025 22:40:06 GMT
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kwHPOqlZGbYjpYO%2FSoGv9kUnV8XpqoqmLRK472SztYOVwCE89v4JAuXbDiUyFVOb10%2F8sm%2BfAKM0V52owwASfB2IeRKyJf1t6c05r61sbUXqcsP9e4NP9Y%2BTIBZoc6fkShQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 924838ca38b5f5ea-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=25126&min_rtt=19600&rtt_var=13181&sent=34&recv=13&lost=0&retrans=0&sent_bytes=39256&recv_bytes=1379&delivery_rate=220731&cwnd=255&unsent_bytes=0&cid=224ef840a43a66ef&ts=597&x=0"
X-Firefox-Spdy: h2
|
|
| nanswap.com/_next/static/GLvWkfZLRwmGsylhz2Gat/_buildManifest.js | 104.21.95.229 | 200 OK | 11 kB |
URL GET nanswap.com/_next/static/GLvWkfZLRwmGsylhz2Gat/_buildManifest.js IP104.21.95.229:443
Requested byhttps://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy CertificateIssuerGoogle Trust Services Subjectnanswap.com Fingerprint94:2A:7A:41:6D:BF:DA:41:BF:1A:3F:68:DF:5E:9F:40:4E:7C:CC:49 ValiditySat, 08 Feb 2025 13:38:27 GMT - Fri, 09 May 2025 14:36:29 GMT
File typeASCII text, with very long lines (10635), with no line terminators Hash0e93fd81d61ed8eab5e653ccba759c62 a29dd9f6cd7908dccb352ba689e102348b591c05 2909a0b99453432d9b0f63244a1c3d702a33dfbb83500600316abd476e3b91b6
GET /_next/static/GLvWkfZLRwmGsylhz2Gat/_buildManifest.js HTTP/1.1
Host: nanswap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:12 GMT
content-type: application/javascript; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lg%2FnNy4f%2BoMvNXF6iHG3mW93aXHiD%2F%2BFPaEDTJqkvS1HYl7aSV5LV%2FpmP%2B0QW9X4%2BWx3KrEhpBA1PxHduXOLsy%2Blm23XtF70UX7Vaj9Imz0GRDUDz7FN3OqcRTxBvA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 21 Mar 2025 20:40:22 GMT
etag: W/"298b-195ba6f7a54"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 83439
cf-ray: 924838ee1e07f5b0-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400
|
|
| www.gstatic.com/recaptcha/api2/logo_48.png | 142.250.74.99 | 200 OK | 2.2 kB |
URL GET www.gstatic.com/recaptcha/api2/logo_48.png IP142.250.74.99:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu&co=aHR0cHM6Ly93d3cuYmxvZ2dlci5jb206NDQz&hl=en&v=bUO1BXI8H9PgjAPSW9hwuSeI&size=invisible&cb=hnl8na299a3m CertificateIssuerGoogle Trust Services Subject*.gstatic.com Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT
File typePNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced Hashef9941290c50cd3866e2ba6b793f010d 4736508c795667dcea21f8d864233031223b7832 1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
GET /recaptcha/api2/logo_48.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/bUO1BXI8H9PgjAPSW9hwuSeI/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 2228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 09:12:16 GMT
expires: Thu, 27 Mar 2025 09:12:16 GMT
cache-control: public, max-age=604800
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
age: 211137
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| cdn.sur.ly/surly/images/platforms/wp.png | 188.114.97.1 | 200 OK | 11 kB |
URL GET cdn.sur.ly/surly/images/platforms/wp.png IP188.114.97.1:443
Requested byhttps://safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 CertificateIssuerGoogle Trust Services Subjectsur.ly Fingerprint17:2E:23:F4:D1:D3:72:DA:15:57:5C:15:19:57:02:1C:54:E7:BF:EA ValidityWed, 29 Jan 2025 22:49:29 GMT - Tue, 29 Apr 2025 23:47:50 GMT
File typePNG image data, 197 x 125, 8-bit/color RGBA, non-interlaced Hasha9d4428a3455b3dcbd29eb5859c25de8 1aa18f4338fc3cc2c3064e53e7117345e2217c78 1e084569927237870fa12bbf1ff34affb621f3495ab50da96cb9fbfdd71a7034
GET /surly/images/platforms/wp.png HTTP/1.1
Host: cdn.sur.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://safe.sur.ly/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:05 GMT
content-type: image/png
content-length: 10554
last-modified: Mon, 13 Jun 2022 04:23:22 GMT
etag: "62a6bbba-293a"
expires: Thu, 27 Mar 2025 11:35:21 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 205989
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JGDSCafomKhBIA8zydYUF4ZJf%2FklSuP1NKctX3V45EvA%2BwIoQoCbr1woyePxp8CtSof2fdedMU3%2BeF5zkhEok2A8t9WKm2yC8vS7%2F5c71JQtisBiutm98c3p626l"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 924838c0a935fba6-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=23957&min_rtt=20621&rtt_var=9773&sent=14&recv=8&lost=0&retrans=0&sent_bytes=5632&recv_bytes=1425&delivery_rate=6702&cwnd=12000&unsent_bytes=0&cid=e2e5f9f35026950d&ts=388&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| llclick.com/trackr.js?v=54 | 104.21.32.55 | 200 OK | 16 kB |
URL GET llclick.com/trackr.js?v=54 IP104.21.32.55:443
Requested byhttps://llclick.com/9cnxhff7/verytenoi CertificateIssuerGoogle Trust Services Subjectllclick.com Fingerprint6C:41:DC:AD:3C:BB:07:16:48:DB:B8:F7:02:35:C1:F9:E1:D0:DC:29 ValiditySun, 09 Mar 2025 21:10:53 GMT - Sat, 07 Jun 2025 22:08:36 GMT
File typeJavaScript source, ASCII text, with very long lines (691), with CRLF line terminators Hashcae7407d803b90a1d537ee03f3cfeb7d e31f3463cd2903b22665122727788cded63318be fa01f1b8ef84da403bb77aefef3a90054d649c79466614757d19370183fe963e
GET /trackr.js?v=54 HTTP/1.1
Host: llclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llclick.com/9cnxhff7/verytenoi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:06 GMT
content-type: application/javascript
last-modified: Wed, 09 Oct 2024 07:36:45 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 1202
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xsquGESoM8M3D%2BqVL8s7GIinxTo3sEIjcGD5SAGK657uTq9ofeZJA3cRWoPPD4BYJfce62oE1nCYoBsRxx%2FYPPMTYaFBprMSF2fBiZXK%2Bv1ubZYXksgD5EqTREgxBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 924838c9acfdfb8d-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=22902&min_rtt=19597&rtt_var=7321&sent=17&recv=17&lost=0&retrans=0&sent_bytes=10458&recv_bytes=1392&delivery_rate=294638&cwnd=224&unsent_bytes=0&cid=888e3c21b99211fa&ts=714&x=0"
X-Firefox-Spdy: h2
|
|
| ads.eti.pw/banners | 85.130.81.193 | 200 OK | 5.5 kB |
IP85.130.81.193:443 ASN#13124 A1 Bulgaria EAD
Requested byhttps://cryptofaucets.eti.pw/ CertificateIssuerLet's Encrypt Subjecteti.pw Fingerprint39:F1:E5:BF:E3:BF:59:E4:5A:D6:3E:DD:20:31:DA:BC:DA:87:6F:26 ValidityThu, 13 Mar 2025 13:26:20 GMT - Wed, 11 Jun 2025 13:26:19 GMT
File typeHTML document, ASCII text, with very long lines (5521), with no line terminators Hashb48fda144e693682ae211fa9c31486f8 c24dbffb93420ea5b95a6a896a010bec4eac9e16 cdd75ec2aa97977dc4b250184a24c33577e8c29fb72f52ad354cc0ab703f3cc1
GET /banners HTTP/1.1
Host: ads.eti.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptofaucets.eti.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:12 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1656
Keep-Alive: timeout=5, max=50000
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| ads.eti.pw/300x250banners | 85.130.81.193 | 200 OK | 5.4 kB |
URL GET ads.eti.pw/300x250banners IP85.130.81.193:443 ASN#13124 A1 Bulgaria EAD
Requested byhttps://cryptofaucets.eti.pw/ CertificateIssuerLet's Encrypt Subjecteti.pw Fingerprint39:F1:E5:BF:E3:BF:59:E4:5A:D6:3E:DD:20:31:DA:BC:DA:87:6F:26 ValidityThu, 13 Mar 2025 13:26:20 GMT - Wed, 11 Jun 2025 13:26:19 GMT
File typeHTML document, ASCII text, with very long lines (5463), with no line terminators Hash556d6db0161fb9d2867f59a074d173a2 5ebd23a72889291af77451828fa45bbc71325d78 fba933a81d120068cbee6bad5f98abe754d0ee59edc4e6729eb0477e021fc04b
GET /300x250banners HTTP/1.1
Host: ads.eti.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptofaucets.eti.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:12 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1634
Keep-Alive: timeout=5, max=50000
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| neoflojdbank.com/img/promo/468.gif | 104.21.80.1 | 200 OK | 219 kB |
URL GET neoflojdbank.com/img/promo/468.gif IP104.21.80.1:443
Requested byhttps://zerads.com/ad/ad.php?width=468&ref=7565 CertificateIssuerCLOUDFLARE, INC. Subjectneoflojdbank.com FingerprintDF:28:ED:6A:07:C7:05:A9:6A:F2:A0:57:DD:B7:31:42:7A:C0:46:F1 ValidityWed, 05 Feb 2025 14:16:28 GMT - Tue, 06 May 2025 14:24:41 GMT
File typeGIF image data, version 89a, 468 x 60 Size219 kB (218833 bytes) Hashfe964f688666b5c30f0bac5ac5117978 20accb012c150842c978ca594a955835a1a7ce24 3477a38289f55114fbbde3b613bd0db90c8e2be379a3f58a0307de40b39d4726
GET /img/promo/468.gif HTTP/1.1
Host: neoflojdbank.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zerads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:14 GMT
content-type: image/gif
content-length: 218833
last-modified: Fri, 07 Feb 2025 16:41:38 GMT
etag: "67a637c2-356d1"
accept-ranges: bytes
age: 1836
cache-control: max-age=14400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yuT%2F%2F5ALm7d%2FwRIfeh2brPoIovcb%2Bb8Zf1Q5JLA%2BZUjLsuwEsMqwqzLGDEVeKlDr%2BSap42sT98fUYmQLAbu967wYhclHHJ2nwbezbK2iFZtoLseN1DDEiY6lKltKe2RoqJ%2B7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 924838f92938f5ec-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19588&min_rtt=19518&rtt_var=4162&sent=7&recv=9&lost=0&retrans=0&sent_bytes=3565&recv_bytes=1182&delivery_rate=222040&cwnd=138&unsent_bytes=0&cid=942b9d7fa3281610&ts=59&x=0"
X-Firefox-Spdy: h2
|
|
| sur.ly/surly/images/platforms/jml.png | 54.173.41.122 | 301 Moved Permanently | 11 kB |
URL GET sur.ly/surly/images/platforms/jml.png IP54.173.41.122:443
Requested byhttps://safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 CertificateIssuerLet's Encrypt Subjectsur.ly Fingerprint1B:0E:89:02:7C:6B:FA:4E:B9:60:89:BE:37:EB:A6:AD:B6:80:88:72 ValiditySun, 23 Feb 2025 17:39:40 GMT - Sat, 24 May 2025 17:39:39 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /surly/images/platforms/jml.png HTTP/1.1
Host: sur.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Referer: https://safe.sur.ly/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
server: nginx/1.14.2
date: Sat, 22 Mar 2025 19:51:05 GMT
content-type: text/html
content-length: 185
location: https://cdn.sur.ly/surly/images/platforms/jml.png
referrer-policy: origin-when-cross-origin
X-Firefox-Spdy: h2
|
|
| cdn.sur.ly/font/surly.ttf | 188.114.97.1 | 200 OK | 2.4 kB |
URL GET cdn.sur.ly/font/surly.ttf IP188.114.97.1:443
Requested byhttps://safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 CertificateIssuerGoogle Trust Services Subjectsur.ly Fingerprint17:2E:23:F4:D1:D3:72:DA:15:57:5C:15:19:57:02:1C:54:E7:BF:EA ValidityWed, 29 Jan 2025 22:49:29 GMT - Tue, 29 Apr 2025 23:47:50 GMT
File typeTrueType Font data, 13 tables, 1st "FFTM", 12 names, Macintosh, type 1 string Hash210ba5a80f391a507dde440730f248ce 9cbc55238682a9b21378e9a163825d718fe4a4fc 893f9fbf43e5c59e7f3fde7dc3e3596bca16a8e1e02e0972d456fba3a67cb20a
GET /font/surly.ttf HTTP/1.1
Host: cdn.sur.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://safe.sur.ly
DNT: 1
Connection: keep-alive
Referer: https://cdn.sur.ly/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:04 GMT
content-type: application/octet-stream
content-length: 2440
last-modified: Mon, 13 Jun 2022 04:23:22 GMT
etag: "62a6bbba-988"
expires: Fri, 21 Mar 2025 10:53:25 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1944601
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HI2QjZqzi%2BVZGHk0G0MgYotJLkCErgmmmSbUOHJccWdubKpjcmb28qCEEOQwpSgVqv8v5EtRjtfHIDPqY%2BMkXyI8G9wRYUFVmjc5nnyApsQUYb2N8Xe5RHB05pzN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 924838bfaccefb97-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24408&min_rtt=24408&rtt_var=12204&sent=11&recv=5&lost=0&retrans=0&sent_bytes=4067&recv_bytes=1093&delivery_rate=128619&cwnd=12000&unsent_bytes=0&cid=95892f91d86dbaac&ts=52&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| webtrafbit.ru/js/google-translate.js?v=3 | 185.105.111.32 | 200 OK | 3.8 kB |
URL GET webtrafbit.ru/js/google-translate.js?v=3 IP185.105.111.32:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
File typeUnicode text, UTF-8 text, with very long lines (3515), with no line terminators Hashe2c448092deca1c4a6c5a8055349efb0 d9c59cc5491f49115335f86c4d74addf55ffbeb2 e7d5f484a4ed6f9fe58079b54a21d31fbd20e4bbd266dbd1a03121d66ba0fb23
GET /js/google-translate.js?v=3 HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:09 GMT
Content-Type: application/javascript
Last-Modified: Sat, 08 Mar 2025 07:44:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"67cbf56d-ef7"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000;
Content-Encoding: gzip
|
|
| static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 | 104.16.80.73 | 200 OK | 20 kB |
URL GET static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 IP104.16.80.73:443
Requested byhttps://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy CertificateIssuerGoogle Trust Services Subjectcloudflareinsights.com FingerprintAD:90:D1:30:C9:77:BF:DE:1F:AB:8C:0D:6E:67:CB:6A:E8:42:DB:18 ValidityThu, 27 Feb 2025 14:42:34 GMT - Wed, 28 May 2025 15:42:17 GMT
File typeJavaScript source, ASCII text, with very long lines (19948), with no line terminators Hashec18af6d41f6f278b6aed3bdabffa7bc 62c9e2cab76b888829f3c5335e91c320b22329ae 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nanswap.com
DNT: 1
Connection: keep-alive
Referer: https://nanswap.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:12 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.6.1"
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 924838ee2bc2b518-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| resources.blogblog.com/img/icon18_edit_allbkg.gif | 172.217.21.169 | 200 OK | 162 B |
URL GET resources.blogblog.com/img/icon18_edit_allbkg.gif IP172.217.21.169:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerGoogle Trust Services Subject*.blogger.com Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79 ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT
File typeGIF image data, version 89a, 18 x 18 Hashc991641178ff05adf0d004298b5eafa9 d8f6ce8ecd92b86d49849360f6b81ceb10b4c941 ca9848e6006cfec8f9ffa29433ade8152204bdb95579200831c6dc0f53dff70b
GET /img/icon18_edit_allbkg.gif HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 162
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 09:15:36 GMT
expires: Thu, 27 Mar 2025 09:15:36 GMT
cache-control: public, max-age=604800
last-modified: Wed, 19 Mar 2025 13:55:49 GMT
content-type: image/gif
age: 210933
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| nanswap.com/_next/static/chunks/webpack-4d549912f62f7f8e.js | 104.21.95.229 | 200 OK | 4.1 kB |
URL GET nanswap.com/_next/static/chunks/webpack-4d549912f62f7f8e.js IP104.21.95.229:443
Requested byhttps://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy CertificateIssuerGoogle Trust Services Subjectnanswap.com Fingerprint94:2A:7A:41:6D:BF:DA:41:BF:1A:3F:68:DF:5E:9F:40:4E:7C:CC:49 ValiditySat, 08 Feb 2025 13:38:27 GMT - Fri, 09 May 2025 14:36:29 GMT
File typeJavaScript source, ASCII text, with very long lines (4235), with no line terminators Hash4adf07f5af81013667405f81ae4a34ca d8b04c3e117a7e5df6d376e8abb62551165aabcc 6b91c635ddb4886c231e17fbf5c28b3e067dbf932dfdce7dd78b1f4c13a9758b
GET /_next/static/chunks/webpack-4d549912f62f7f8e.js HTTP/1.1
Host: nanswap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:12 GMT
content-type: application/javascript; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=skiKfslaFMU4d3obw%2FsqDawtGsMSqeFuAvmcE3tBPpd9%2F09yeja6SQ%2FX4rliFYLbrnI1SNi4C3UNsD4Mg5KTSMtHpbEKqkyVAuo8d3oS7Iex8BHGAULlHQrYe%2F1tRA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 04 Mar 2025 16:09:59 GMT
etag: W/"1030-19561ebd1de"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 1568469
cf-ray: 924838edfdfaf5b0-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400
|
|
| www.gstatic.com/recaptcha/releases/bUO1BXI8H9PgjAPSW9hwuSeI/styles__ltr.css | 142.250.74.99 | 200 OK | 79 kB |
URL GET www.gstatic.com/recaptcha/releases/bUO1BXI8H9PgjAPSW9hwuSeI/styles__ltr.css IP142.250.74.99:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu&co=aHR0cHM6Ly93d3cuYmxvZ2dlci5jb206NDQz&hl=en&v=bUO1BXI8H9PgjAPSW9hwuSeI&size=invisible&cb=hnl8na299a3m CertificateIssuerGoogle Trust Services Subject*.gstatic.com Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hash018091787dddee5a6875f94365cf788f 6067d5b8ab62b31fcaf4889de51c1d66e84c4ae7 ad13459d8bc3401ceb6e2ac3062fc1c48ea7ed6058e63f4e643f1a83b9d4c3cb
GET /recaptcha/releases/bUO1BXI8H9PgjAPSW9hwuSeI/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
timing-allow-origin: *
content-length: 42056
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 21 Mar 2025 11:13:01 GMT
expires: Sat, 21 Mar 2026 11:13:01 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 17 Mar 2025 04:01:22 GMT
content-type: text/css
vary: Accept-Encoding
age: 117492
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.blogger.com/static/v1/widgets/1812387825-widgets.js | 172.217.21.169 | 200 OK | 145 kB |
URL GET www.blogger.com/static/v1/widgets/1812387825-widgets.js IP172.217.21.169:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerGoogle Trust Services Subject*.blogger.com Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79 ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT
File typeJavaScript source, ASCII text, with very long lines (4033) Size145 kB (145268 bytes) Hashc1a609b94b623a7b5701acd0fcd554e3 c5f87beb8efcd99d65dda11fbe92d9b77d37e08a b424ef4483b24f05a8052086178c39e39b1815f514e9bb8213c357f7581ded54
GET /static/v1/widgets/1812387825-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 51267
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 09:17:15 GMT
expires: Fri, 20 Mar 2026 09:17:15 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 17 Mar 2025 05:51:46 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 210834
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| trafstock.ru/ads/api.php | 185.114.245.108 | 200 OK | 35 B |
IP185.114.245.108:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerLet's Encrypt Subjecttrafstock.ru Fingerprint1C:0B:08:C6:45:5A:1E:30:2E:64:86:C8:AD:B0:6C:84:E4:DE:B6:E4 ValidityFri, 28 Feb 2025 16:40:26 GMT - Thu, 29 May 2025 16:40:25 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash5a38e6d0aa8d50cedd56b72b43932d08 d86b64f04831518ccb7bff99aa0d5a870ed18b68 dfdc717bbc3bb339945b2ef730af31ae663d8d56cea9cc230e6d34072d989f48
OPTIONS /ads/api.php HTTP/1.1
Host: trafstock.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://sofiahalbofanimeworld.blogspot.com/
Origin: https://sofiahalbofanimeworld.blogspot.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.26.3
date: Sat, 22 Mar 2025 19:51:09 GMT
content-type: text/html; charset=UTF-8
content-length: 35
access-control-allow-headers: *
access-control-allow-origin: *
x-frame-options: DENY
access-control-allow-methods: GET, POST, OPTIONS,JSON
set-cookie: PHPSESSID=0f7b00ee235c7971d2d870ce63fbc20d; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
X-Firefox-Spdy: h2
|
|
| webtrafbit.ru/img/lang/lang__ar.png | 185.105.111.32 | 200 OK | 1.2 kB |
URL GET webtrafbit.ru/img/lang/lang__ar.png IP185.105.111.32:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
File typePNG image data, 22 x 15, 8-bit/color RGB, non-interlaced Hash4df9f8ae2c48fd0538654a5a1c0cca06 79d22fdcf0968981d0f84ac4a82303e07a135a14 1566247e66b46645c1bf31aa31efb5d2d5c12395a9ac5d48466bb66db8ebf67e
GET /img/lang/lang__ar.png HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:10 GMT
Content-Type: image/png
Content-Length: 1217
Last-Modified: Thu, 05 Dec 2024 10:07:24 GMT
Connection: keep-alive
ETag: "67517b5c-4c1"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
|
|
| www.gstatic.com/recaptcha/releases/bUO1BXI8H9PgjAPSW9hwuSeI/recaptcha__en.js | 142.250.74.99 | 200 OK | 561 kB |
URL GET www.gstatic.com/recaptcha/releases/bUO1BXI8H9PgjAPSW9hwuSeI/recaptcha__en.js IP142.250.74.99:443
Requested byhttps://www.blogger.com/comment/frame/3405693820859981231?po=4364866522047349775&hl=en&blogspotRpcToken=6538628#%7B%22color%22:%22rgb(102,%20102,%20102)%22,%22backgroundColor%22:%22rgb(61,%20133,%20198)%22,%22unvisitedLinkColor%22:%22rgb(61,%20116,%20165)%22,%22fontFamily%22:%22Arial,%20Tahoma,%20Helvetica,%20FreeSans,%20sans-serif%22%7D CertificateIssuerGoogle Trust Services Subject*.gstatic.com Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT
Size561 kB (560963 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /recaptcha/releases/bUO1BXI8H9PgjAPSW9hwuSeI/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
Origin: https://www.blogger.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
timing-allow-origin: *
content-length: 220514
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 22 Mar 2025 08:50:15 GMT
expires: Sun, 22 Mar 2026 08:50:15 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 17 Mar 2025 04:01:22 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 39656
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| webtrafbit.ru/img/lang/lang__zh.png | 185.105.111.32 | 200 OK | 1.3 kB |
URL GET webtrafbit.ru/img/lang/lang__zh.png IP185.105.111.32:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
File typePNG image data, 22 x 15, 8-bit/color RGB, non-interlaced Hash34b03a2c31d849e1e53fafbede202281 5780d00f4fa25802758b031865e6b60f0f7410fa 5b585ea7c894c20dfe06b0482d86ead523f772a38318c1607886b21e972d5a61
GET /img/lang/lang__zh.png HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:10 GMT
Content-Type: image/png
Content-Length: 1313
Last-Modified: Thu, 05 Dec 2024 10:07:24 GMT
Connection: keep-alive
ETag: "67517b5c-521"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
|
|
| translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.lGT6JbtYGvM.O/am=ACA/d=1/exm=el_conf/ed=1/rs=AN8SPfr4f5-IShEFQyTPSHrJQsJdQeJg4g/m=el_main | 142.250.74.138 | 200 OK | 218 kB |
URL GET translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.lGT6JbtYGvM.O/am=ACA/d=1/exm=el_conf/ed=1/rs=AN8SPfr4f5-IShEFQyTPSHrJQsJdQeJg4g/m=el_main IP142.250.74.138:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerGoogle Trust Services Subjectupload.video.google.com Fingerprint69:99:38:F9:7C:82:8E:AC:7D:DA:EA:3E:1C:E4:7F:52:1B:36:41:AA ValidityMon, 10 Mar 2025 08:37:02 GMT - Mon, 02 Jun 2025 08:37:01 GMT
File typeJavaScript source, ASCII text, with very long lines (2403) Size218 kB (218353 bytes) Hash28703017667eb423254f5c743d1749eb d7e14956685f2a0b7d9aaf13aa64cb5d74208fed 741659df4cadb02b340b7dac16abc1f5f1466a21f5e2f8dde28fdf5f00f0b2b3
GET /_/translate_http/_/js/k=translate_http.tr.no.lGT6JbtYGvM.O/am=ACA/d=1/exm=el_conf/ed=1/rs=AN8SPfr4f5-IShEFQyTPSHrJQsJdQeJg4g/m=el_main HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 75210
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 17:13:04 GMT
expires: Fri, 20 Mar 2026 17:13:04 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 19 Mar 2025 01:11:53 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 182287
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 | 142.250.74.35 | 200 OK | 16 kB |
URL GET fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 IP142.250.74.35:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu&co=aHR0cHM6Ly93d3cuYmxvZ2dlci5jb206NDQz&hl=en&v=bUO1BXI8H9PgjAPSW9hwuSeI&size=invisible&cb=hnl8na299a3m CertificateIssuerGoogle Trust Services Subject*.gstatic.com Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15552, version 1.0 Hash285467176f7fe6bb6a9c6873b3dad2cc ea04e4ff5142ddd69307c183def721a160e0a64e 5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 09:18:45 GMT
expires: Fri, 20 Mar 2026 09:18:45 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
age: 210748
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| ad2bitcoin.com/ad.php?ref=sofiahalbof&width=300 | 162.0.208.108 | 200 OK | 2.5 kB |
URL GET ad2bitcoin.com/ad.php?ref=sofiahalbof&width=300 IP162.0.208.108:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerLet's Encrypt Subjectwww.ad2bitcoin.com.traffic2bitcoin.com FingerprintEA:A9:21:E3:84:C6:CC:03:54:85:63:79:BD:54:DD:C9:F1:A9:17:93 ValidityThu, 20 Feb 2025 00:58:38 GMT - Wed, 21 May 2025 00:58:37 GMT
File typeJavaScript source, ASCII text, with very long lines (2587), with no line terminators Hash9ae37336ef07ebc6bf3f1120dc49ea89 e00d2674eef5394d53a654091d9ba4c7810f2590 e58fdcedfdff912df3c8ba7a5055bcd939192cb65fd66b521ce237e9c4920039
GET /ad.php?ref=sofiahalbof&width=300 HTTP/1.1
Host: ad2bitcoin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:09 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 1563
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| www.vipsavingsclub.com/images/BANNER2.gif | 107.190.135.178 | 200 OK | 88 kB |
URL GET www.vipsavingsclub.com/images/BANNER2.gif IP107.190.135.178:443
Requested byhttps://sharemyads.com/view/468/fv.php?size=1&ison=1&user=24687&vt=6&dref=https://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html&scrw=1280&scrh=1024×tamp=1742673069604 CertificateIssuerLet's Encrypt Subject*.vipsavingsclub.com Fingerprint54:70:31:AF:48:0C:BC:26:33:AF:FB:E8:89:1F:37:81:30:F1:45:29 ValidityFri, 07 Feb 2025 00:09:13 GMT - Thu, 08 May 2025 00:09:12 GMT
File typeGIF image data, version 89a, 468 x 60 Hash50f5911d28e312e8443b92f76df782d6 494f1df79137ef08997e11c18e265875b924126d 219175c88351001e4a26585ed616029428ff121b065db3ee31d571c76c9ef410
GET /images/BANNER2.gif HTTP/1.1
Host: www.vipsavingsclub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sharemyads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
last-modified: Fri, 15 Nov 2024 15:55:48 GMT
accept-ranges: bytes
content-length: 87612
content-type: image/gif
date: Sat, 22 Mar 2025 19:51:20 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.blogger.com/_/scs/mss-static/_/js/k=boq-blogger.BloggerCommentUi.en.oKIMd9HUh2w.es5.O/ck=boq-blogger.BloggerCommentUi.BnO9S1S6xfw.L.F4.O/am=DYABzA/d=1/exm=A7fCU,BVgquf,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,PrPYRd,QIhFr,RMhBfe,RyvaUb,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VXdfxd,WO9ee,XVMNvd,YwHGTd,Z5uLle,ZDZcre,ZwDk9d,_b,_tp,aW3pY,byfTOb,e5qFLc,eD1YLc,fgib1c,gZjhIf,gychg,hKSk3e,hc6Ubd,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,pjICDe,pw70Gc,pxq3x,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,zbML3c,zr1jrb/excm=_b,_tp,commentformiframeview/ed=1/wt=2/ujg=1/rs=AEy-KP3SZ2TDiTFHfl66VVVJknfv1Fi0gw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=p3hmRc,LvGhrf,RqjULd | 172.217.21.169 | 200 OK | 21 kB |
URL GET www.blogger.com/_/scs/mss-static/_/js/k=boq-blogger.BloggerCommentUi.en.oKIMd9HUh2w.es5.O/ck=boq-blogger.BloggerCommentUi.BnO9S1S6xfw.L.F4.O/am=DYABzA/d=1/exm=A7fCU,BVgquf,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,PrPYRd,QIhFr,RMhBfe,RyvaUb,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VXdfxd,WO9ee,XVMNvd,YwHGTd,Z5uLle,ZDZcre,ZwDk9d,_b,_tp,aW3pY,byfTOb,e5qFLc,eD1YLc,fgib1c,gZjhIf,gychg,hKSk3e,hc6Ubd,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,pjICDe,pw70Gc,pxq3x,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,zbML3c,zr1jrb/excm=_b,_tp,commentformiframeview/ed=1/wt=2/ujg=1/rs=AEy-KP3SZ2TDiTFHfl66VVVJknfv1Fi0gw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=p3hmRc,LvGhrf,RqjULd IP172.217.21.169:443
Requested byhttps://www.blogger.com/comment/frame/3405693820859981231?po=4364866522047349775&hl=en&blogspotRpcToken=6538628#%7B%22color%22:%22rgb(102,%20102,%20102)%22,%22backgroundColor%22:%22rgb(61,%20133,%20198)%22,%22unvisitedLinkColor%22:%22rgb(61,%20116,%20165)%22,%22fontFamily%22:%22Arial,%20Tahoma,%20Helvetica,%20FreeSans,%20sans-serif%22%7D CertificateIssuerGoogle Trust Services Subject*.blogger.com Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79 ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT
File typeJavaScript source, ASCII text, with very long lines (3444) Hashf00b474f8242418699276b31da411b0c be4065510e6979ab53801107a7de5fd80055f8c7 8f9aefab274ca372616b14bfcb7d0e9393626502de898104cb9614a05a868245
GET /_/scs/mss-static/_/js/k=boq-blogger.BloggerCommentUi.en.oKIMd9HUh2w.es5.O/ck=boq-blogger.BloggerCommentUi.BnO9S1S6xfw.L.F4.O/am=DYABzA/d=1/exm=A7fCU,BVgquf,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,PrPYRd,QIhFr,RMhBfe,RyvaUb,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VXdfxd,WO9ee,XVMNvd,YwHGTd,Z5uLle,ZDZcre,ZwDk9d,_b,_tp,aW3pY,byfTOb,e5qFLc,eD1YLc,fgib1c,gZjhIf,gychg,hKSk3e,hc6Ubd,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,pjICDe,pw70Gc,pxq3x,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,zbML3c,zr1jrb/excm=_b,_tp,commentformiframeview/ed=1/wt=2/ujg=1/rs=AEy-KP3SZ2TDiTFHfl66VVVJknfv1Fi0gw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=p3hmRc,LvGhrf,RqjULd HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/blogger-boq-js-css-signers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="boq-infra/blogger-boq-js-css-signers"
report-to: {"group":"boq-infra/blogger-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/blogger-boq-js-css-signers"}]}
content-length: 7396
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 21 Mar 2025 03:01:31 GMT
expires: Sat, 21 Mar 2026 03:01:31 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 20 Mar 2025 05:08:43 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 146980
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| crypto-faucet.ch/wp-content/uploads/2025/02/Logo_Crypto-Faucet.webp | 92.113.28.186 | 200 OK | 27 kB |
URL GET crypto-faucet.ch/wp-content/uploads/2025/02/Logo_Crypto-Faucet.webp IP92.113.28.186:443 ASN#47583 Hostinger International Limited
Requested byhttps://ad2bitcoin.com/ad.php?ref=sofiahalbof&width=300 CertificateIssuerGoogle Trust Services Subjectcrypto-faucet.ch FingerprintC3:DB:95:01:27:B1:38:7E:C9:40:3A:9E:12:D6:12:86:46:18:4F:64 ValiditySat, 08 Mar 2025 13:37:54 GMT - Fri, 06 Jun 2025 13:37:53 GMT
File typeRIFF (little-endian) data, Web/P image Hashbca27e6f748536c95e44bf75a8aef3cc bfbf0188b0cffe65935cf51a0d933d1bf0ff1fbd 3f1f1c7ef1369275d1543668c6a985d4a8d7a9a64d4442070a2f9af5c6b5b2a3
GET /wp-content/uploads/2025/02/Logo_Crypto-Faucet.webp HTTP/1.1
Host: crypto-faucet.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad2bitcoin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 29 Mar 2025 19:51:11 GMT
content-type: image/webp
last-modified: Mon, 03 Feb 2025 12:25:06 GMT
etag: "680a-67a0b5a2-c46bb6252e517a46;;;"
accept-ranges: bytes
content-length: 26634
date: Sat, 22 Mar 2025 19:51:11 GMT
server: LiteSpeed
platform: hostinger
panel: hpanel
content-security-policy: upgrade-insecure-requests
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
|
|
| cryptocoinsad.com/banner/ads_banner/26806.png | 104.21.16.1 | 200 OK | 89 kB |
URL GET cryptocoinsad.com/banner/ads_banner/26806.png IP104.21.16.1:443
Requested byhttps://zerads.com/ad/ad.php?width=300&ref=524 CertificateIssuerGoogle Trust Services Subjectcryptocoinsad.com Fingerprint49:43:C9:E1:A7:26:72:FE:F8:54:F0:1A:87:11:ED:89:1D:78:F1:5C ValidityThu, 13 Feb 2025 16:47:34 GMT - Wed, 14 May 2025 17:46:15 GMT
File typePNG image data, 300 x 250, 8-bit/color RGB, non-interlaced Hashf84ca46c6449229cf4e7f12f669ded1f 26de25d5592956b58ee89bb3fb8d3ebe17e6e824 40f62dfd6fc563671edee14a64c628ce282c2fa5f5dfeed1cd8cafd87fc9260b
GET /banner/ads_banner/26806.png HTTP/1.1
Host: cryptocoinsad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zerads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:12 GMT
content-type: image/png
content-length: 89170
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6iJlh547hlAFMJ2YwILNjjoslabhGkN0YdTZfsoyhcOu0iNFACzT7qWvvN%2F%2B6it%2FGNWIpCy6b5S3jJi9FnxcdjVW0612AYyEelchOuMny048wi9Y7pR6be75lAxMHQIjPgXwNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Thu, 31 Aug 2023 15:30:24 GMT
etag: "64f0b210-15c52"
cache-control: max-age=10800
cf-cache-status: HIT
age: 4472
accept-ranges: bytes
cf-ray: 924838f12b0afb81-AMS
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
|
|
| fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap | 142.250.74.10 | 200 OK | 10 kB |
URL GET fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap IP142.250.74.10:443
Requested byhttps://ad.a-ads.com/2370867?size=300x250 CertificateIssuerGoogle Trust Services Subjectupload.video.google.com Fingerprint69:99:38:F9:7C:82:8E:AC:7D:DA:EA:3E:1C:E4:7F:52:1B:36:41:AA ValidityMon, 10 Mar 2025 08:37:02 GMT - Mon, 02 Jun 2025 08:37:01 GMT
Hashac9cc59aa5362fbdf77e40cde49f0d56 be28a1f46f6e8f49bf0fdb0902fda03d15c0a97e 6077f728b7de97728b0ee9201adb3b4c798af167869fef07caaa2b01c397d4c6
GET /css2?family=Inter:wght@400;500;600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad.a-ads.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 22 Mar 2025 19:51:13 GMT
date: Sat, 22 Mar 2025 19:51:13 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| use.fontawesome.com/releases/v5.0.9/js/all.js | 172.67.142.245 | 200 OK | 699 kB |
URL GET use.fontawesome.com/releases/v5.0.9/js/all.js IP172.67.142.245:443
Requested byhttps://w.leadsleap.com/php.php?ll_r=sofiahalbof&ll_id=w38245&ll_sr=&ll_f=0&ll_tbo=&ll_hc=%23e22121&ll_tc=%23555a69&ll_cc=%238d9aa6&ll_bc=%23ffffff&ll_dc=%238891a8&ll_w=300&ll_fh=auto&ll_h=250&ll_b=&ll_n=6&ll_fs=&ll_ff=&ll_pa=0&ll_bgc=&ll_s=w&ll_br=&ll_cl=&ll_nc=1&ll_nf=0&ll_nh=0&ll_nm=0&ll_np=1&ll_fo=&ll_no=&ll_so=&ll_nt=0&ll_wt=1&ll_url=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F2021%2F07%2Fblog-post.html&ll_rf=https%3A%2F%2Fllclick.com%2F CertificateIssuerGoogle Trust Services Subjectuse.fontawesome.com Fingerprint35:EC:02:D7:73:13:A8:D4:94:28:42:85:E4:B3:7F:06:4F:C4:1B:CE ValidityThu, 06 Mar 2025 00:21:22 GMT - Wed, 04 Jun 2025 01:21:21 GMT
File typeJavaScript source, ASCII text, with very long lines (65356) Size699 kB (698780 bytes) Hashbffc6023835e717c0348c41583e56eba 5eeeca669e300c13ef45b44e2322ea154a1d17d5 d2fec0e2942f49dd3cad4650431d550d761f11dded17834d4835768c2ca730c0
GET /releases/v5.0.9/js/all.js HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://w.leadsleap.com
DNT: 1
Connection: keep-alive
Referer: https://w.leadsleap.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:19 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556926
etag: W/"bffc6023835e717c0348c41583e56eba"
last-modified: Fri, 22 Sep 2023 01:44:12 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 232395
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gwDp3WBfIpJFsyott7VdPX3lwdbY563y7VcFJmhDnjFzaNUKc5iqvD3Q%2Fgvm5G8zymSgMmLNdqg%2F%2FX6DiGaAY1UqVOge4OY%2Fcomf3bLCKnTpmBalbt2WnRvMjoqafy5nVTyRmww2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92483918a914fba7-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20846&min_rtt=19449&rtt_var=4290&sent=26&recv=14&lost=0&retrans=0&sent_bytes=21806&recv_bytes=1324&delivery_rate=844107&cwnd=257&unsent_bytes=0&cid=8cdaae43dbeabaa2&ts=12595&x=0"
X-Firefox-Spdy: h2
|
|
| sur.ly/stat.php?id=9726&r=5316 | 54.173.41.122 | 200 OK | 43 B |
URL GET sur.ly/stat.php?id=9726&r=5316 IP54.173.41.122:443
Requested byhttps://safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 CertificateIssuerLet's Encrypt Subjectsur.ly Fingerprint1B:0E:89:02:7C:6B:FA:4E:B9:60:89:BE:37:EB:A6:AD:B6:80:88:72 ValiditySun, 23 Feb 2025 17:39:40 GMT - Sat, 24 May 2025 17:39:39 GMT
File typeGIF image data, version 89a, 1 x 1 Hash325472601571f31e1bf00674c368d335 2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /stat.php?id=9726&r=5316 HTTP/1.1
Host: sur.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://safe.sur.ly/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.14.2
date: Sat, 22 Mar 2025 19:51:05 GMT
content-type: image/gif
content-length: 43
x-powered-by: PHP/8.3.16
referrer-policy: origin-when-cross-origin
X-Firefox-Spdy: h2
|
|
| webtrafbit.ru/bootstrap-5.1.1-dist/js/bootstrap.bundle.min.js | 185.105.111.32 | 200 OK | 79 kB |
URL GET webtrafbit.ru/bootstrap-5.1.1-dist/js/bootstrap.bundle.min.js IP185.105.111.32:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
File typeJavaScript source, ASCII text, with very long lines (65294), with CRLF line terminators Hashc9ab1de2dec5a357ff7b7e23c010b056 75b35617d99941a6292cd860898e060c14b9f91a 1393487891744a8512f6fae46254e76b6deab94b6fbbf9aa479da980bb98ddf6
GET /bootstrap-5.1.1-dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:09 GMT
Content-Type: application/javascript
Last-Modified: Thu, 05 Dec 2024 10:07:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"67517b45-1341d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000;
Content-Encoding: gzip
|
|
| openinapp.link/0fdpg | 104.21.80.1 | 200 OK | 22 kB |
IP104.21.80.1:443
Requested byhttps://traffic2bitcoin.com/ptp.php?ref=sofiahalbof&sitetype=1 CertificateIssuerGoogle Trust Services Subjectopeninapp.link Fingerprint4C:84:C2:D3:E4:D0:7F:85:CB:B4:29:3F:97:02:86:23:34:9A:C3:4F ValiditySun, 09 Feb 2025 18:05:45 GMT - Sat, 10 May 2025 19:03:54 GMT
File typeJavaScript source, ASCII text, with very long lines (1188) Hash1557abb8e8f9ebb58a13d86dce5381c8 0318022baaa30c1bbf4dfc8329625c667fbb9fb9 a08519e00013d8d989f0b5e3068ce4b9478f6fd202c95c202e4b0a3c9e3b83c5
GET /0fdpg HTTP/1.1
Host: openinapp.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://traffic2bitcoin.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:11 GMT
content-type: text/html; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L5nLbPm3Xm%2Fp1cw2jtZTz3fLiEI9f61v52pE403pGeR7Xvb8sR2k9oGvh22Fva2sV0dxEkRepKUGQK4yaGCNK9fZXJsmbqfbIlo0htPF9XvdE39iNtBy0cfsINGKCP%2BDDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924838e3e8cdf5c7-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfCacheStatus;desc="DYNAMIC", cfL4;desc="?proto=TCP&rtt=19999&min_rtt=19667&rtt_var=2970&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3283&recv_bytes=1276&delivery_rate=220574&cwnd=249&unsent_bytes=0&cid=f729502aa039f4b8&ts=797&x=0"
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 | 142.250.74.35 | 200 OK | 15 kB |
URL GET fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 IP142.250.74.35:443
Requested byhttps://www.blogger.com/comment/frame/3405693820859981231?po=4364866522047349775&hl=en&blogspotRpcToken=6538628#%7B%22color%22:%22rgb(102,%20102,%20102)%22,%22backgroundColor%22:%22rgb(61,%20133,%20198)%22,%22unvisitedLinkColor%22:%22rgb(61,%20116,%20165)%22,%22fontFamily%22:%22Arial,%20Tahoma,%20Helvetica,%20FreeSans,%20sans-serif%22%7D CertificateIssuerGoogle Trust Services Subject*.gstatic.com Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15344, version 1.0 Hash5d4aeb4e5f5ef754e307d7ffaef688bd 06db651cdf354c64a7383ea9c77024ef4fb4cef8 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://www.blogger.com/
Origin: https://www.blogger.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 09:35:39 GMT
expires: Fri, 20 Mar 2026 09:35:39 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
age: 209731
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 | 142.250.74.35 | 200 OK | 48 kB |
URL GET fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 IP142.250.74.35:443
Requested byhttps://ad.a-ads.com/2370867?size=300x250 CertificateIssuerGoogle Trust Services Subject*.gstatic.com Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 48496, version 1.0 Hash8b7943a41013101d892c4684617ed41d 1853b95f5ae2cc51c89edf6f2c44a676efe31f3b 9d9e7b21769c8048b64fbdc1743c32641c3aa1c70c37197987ffe14d0f0508cd
GET /s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ad.a-ads.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48496
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 10:09:01 GMT
expires: Fri, 20 Mar 2026 10:09:01 GMT
cache-control: public, max-age=31536000
age: 207732
last-modified: Mon, 29 Jul 2024 22:47:09 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| llsvr.com/imgad/georgekosch.a.73419.jpg | 104.21.80.1 | 200 OK | 21 kB |
URL GET llsvr.com/imgad/georgekosch.a.73419.jpg IP104.21.80.1:443
Requested byhttps://w.leadsleap.com/php.php?ll_r=sofiahalbof&ll_id=w38245&ll_sr=&ll_f=0&ll_tbo=&ll_hc=%23e22121&ll_tc=%23555a69&ll_cc=%238d9aa6&ll_bc=%23ffffff&ll_dc=%238891a8&ll_w=300&ll_fh=auto&ll_h=250&ll_b=&ll_n=6&ll_fs=&ll_ff=&ll_pa=0&ll_bgc=&ll_s=w&ll_br=&ll_cl=&ll_nc=1&ll_nf=0&ll_nh=0&ll_nm=0&ll_np=1&ll_fo=&ll_no=&ll_so=&ll_nt=0&ll_wt=1&ll_url=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F2021%2F07%2Fblog-post.html&ll_rf=https%3A%2F%2Fllclick.com%2F CertificateIssuerGoogle Trust Services Subjectllsvr.com Fingerprint33:05:B0:89:29:B4:C7:19:B9:8C:D3:F7:38:EB:1E:CB:34:26:32:4E ValidityMon, 24 Feb 2025 12:10:45 GMT - Sun, 25 May 2025 13:07:07 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 375x250, components 3 Hashf96b0ff9dfca802b2ac8138771ca6d1c 3ea491f548f281724707b7021fd04314c8517834 aaae818d2b78efaaa0b391b8c01b93fa2fa873d743f4e729f7bc7db105c845e1
GET /imgad/georgekosch.a.73419.jpg HTTP/1.1
Host: llsvr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://w.leadsleap.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:19 GMT
content-type: image/jpeg
content-length: 21092
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LL92hMi2DM9i2oUo7HTtmm%2FovC2ODtnSEfa8GDRbfAs8KBS77aB7PLZ5IzK2EbE%2FHxJn2K3DEIv8FvAsko5sFjwn81n6kzAdApQnU%2BUlD9FFtWIbQxur2vTgj7o%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 24 Oct 2023 14:13:33 GMT
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
cf-ray: 92483918df8ff5ba-AMS
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
|
|
| sur.ly/stat.php?id=5055&r=97573 | 54.173.41.122 | 200 OK | 43 B |
URL GET sur.ly/stat.php?id=5055&r=97573 IP54.173.41.122:443
Requested byhttps://safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 CertificateIssuerLet's Encrypt Subjectsur.ly Fingerprint1B:0E:89:02:7C:6B:FA:4E:B9:60:89:BE:37:EB:A6:AD:B6:80:88:72 ValiditySun, 23 Feb 2025 17:39:40 GMT - Sat, 24 May 2025 17:39:39 GMT
File typeGIF image data, version 89a, 1 x 1 Hash325472601571f31e1bf00674c368d335 2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /stat.php?id=5055&r=97573 HTTP/1.1
Host: sur.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://safe.sur.ly/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.14.2
date: Sat, 22 Mar 2025 19:51:05 GMT
content-type: image/gif
content-length: 43
x-powered-by: PHP/8.3.16
referrer-policy: origin-when-cross-origin
X-Firefox-Spdy: h2
|
|
| webtrafbit.ru/img/lang/lang__pt.png | 185.105.111.32 | 200 OK | 1.6 kB |
URL GET webtrafbit.ru/img/lang/lang__pt.png IP185.105.111.32:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
File typePNG image data, 22 x 15, 8-bit/color RGBA, non-interlaced Hashc0ca42cece062f459e2bc8ad118668af 6d161a964a4176f3416cd3ec296eaabe9085c22c 51c13c97400af32f974e0b5c938ccb7e2af6a7a59205c61b3ac34baa66f20258
GET /img/lang/lang__pt.png HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:10 GMT
Content-Type: image/png
Content-Length: 1581
Last-Modified: Thu, 05 Dec 2024 10:07:24 GMT
Connection: keep-alive
ETag: "67517b5c-62d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
|
|
| cryptofaucets.eti.pw/ | 85.130.81.193 | 200 OK | 59 kB |
IP85.130.81.193:443 ASN#13124 A1 Bulgaria EAD
Requested byhttps://traffic2bitcoin.com/ptp.php?ref=sofiahalbof&sitetype=1 CertificateIssuerLet's Encrypt Subjecteti.pw Fingerprint39:F1:E5:BF:E3:BF:59:E4:5A:D6:3E:DD:20:31:DA:BC:DA:87:6F:26 ValidityThu, 13 Mar 2025 13:26:20 GMT - Wed, 11 Jun 2025 13:26:19 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: cryptofaucets.eti.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://traffic2bitcoin.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:11 GMT
Server: Apache
Last-Modified: Fri, 21 Mar 2025 18:03:54 GMT
ETag: "e73c-630de13db7f21-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9947
Keep-Alive: timeout=5, max=50000
Connection: Keep-Alive
Content-Type: text/html
|
|
| webtrafbit.ru/?ref=4 | 185.105.111.32 | 200 OK | 14 kB |
IP185.105.111.32:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?ref=4 HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=380ea1fddcb221fc751e7db52890bc4e; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Strict-Transport-Security: max-age=31536000;
Content-Encoding: gzip
|
|
| api.nanswap.com/get-estimate?from=XNO&to=BAN&amount=100&fromNetwork=undefined&toNetwork=undefined | 51.15.19.228 | 200 OK | 71 B |
URL GET api.nanswap.com/get-estimate?from=XNO&to=BAN&amount=100&fromNetwork=undefined&toNetwork=undefined IP51.15.19.228:443 ASN#12876 Scaleway S.a.s.
Requested byhttps://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy CertificateIssuerLet's Encrypt Subjectapi.nanswap.com Fingerprint25:45:A7:50:D8:1A:25:89:A7:B5:32:27:BC:2E:62:3F:75:24:25:69 ValidityWed, 12 Feb 2025 02:49:45 GMT - Tue, 13 May 2025 02:49:44 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash8c7190ec8b792433e8d4f7b43da5ffb0 ebb38acd2b27fb5ed1666cbf8733e5fc76526d8f e68cd2d02fcaaa3cd437b77f23bcd7adabcc34d01e713a84b0e0157d1382c3b0
GET /get-estimate?from=XNO&to=BAN&amount=100&fromNetwork=undefined&toNetwork=undefined HTTP/1.1
Host: api.nanswap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nanswap.com/
Origin: https://nanswap.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Sat, 22 Mar 2025 19:51:13 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
RateLimit-Limit: 180
RateLimit-Remaining: 178
RateLimit-Reset: 22
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Access-Control-Allow-Headers: X-Requested-With, content-type, csrf-token
Access-Control-Allow-Credentials: true
ETag: W/"47-v+FwoEjm3hPzEPWhnAvrpQj6TYk"
Access-Control-Allow-Origin: https://nanswap.com
Content-Encoding: gzip
|
|
| btc.eti.pw/images/bitcoin-faucet-banner.jpg | 85.130.81.193 | 200 OK | 16 kB |
URL GET btc.eti.pw/images/bitcoin-faucet-banner.jpg IP85.130.81.193:443 ASN#13124 A1 Bulgaria EAD
Requested byhttps://cryptofaucets.eti.pw/ CertificateIssuerLet's Encrypt Subjecteti.pw Fingerprint39:F1:E5:BF:E3:BF:59:E4:5A:D6:3E:DD:20:31:DA:BC:DA:87:6F:26 ValidityThu, 13 Mar 2025 13:26:20 GMT - Wed, 11 Jun 2025 13:26:19 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 320x50, components 3 Hash769398f616e6203e309689cfe15116a5 366e0f1f428ad7416279a3b464f591bb1f92863b 5fc4ae5b137919599b7093b35a21661104433001c2bde7eae5144412778903e6
GET /images/bitcoin-faucet-banner.jpg HTTP/1.1
Host: btc.eti.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptofaucets.eti.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:12 GMT
Server: Apache
Last-Modified: Tue, 14 Feb 2023 17:12:50 GMT
ETag: "3eaf-5f4ac12c4e880"
Accept-Ranges: bytes
Content-Length: 16047
Keep-Alive: timeout=5, max=50000
Connection: Keep-Alive
Content-Type: image/jpeg
|
|
| directurl.link/images/39386751_icon.png | 185.26.107.57 | 200 OK | 633 B |
URL GET directurl.link/images/39386751_icon.png IP185.26.107.57:443 ASN#24935 Eurofiber France SAS
Requested byhttps://zerads.com/ad/ad.php?width=468&ref=7565 CertificateIssuerLet's Encrypt Subjectdirecturl.link FingerprintBA:AF:CD:75:CA:69:D3:F9:F9:12:16:1E:62:25:CF:CB:24:DE:09:75 ValidityThu, 13 Mar 2025 21:30:28 GMT - Wed, 11 Jun 2025 21:30:27 GMT
File typePNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced Hashe866d373f3711721ba5cb478a4d25a86 0db08f52fba2ab0bcde38da6d131c252bd26ccb3 58eb80fa685f79fb1ab96256b36b9753dd4b2d678f97d1f5b6bfb6b9fe5c3f7c
GET /images/39386751_icon.png HTTP/1.1
Host: directurl.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zerads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 22 Mar 2025 19:51:14 GMT
content-type: image/png
content-length: 633
last-modified: Fri, 03 Jan 2025 06:16:25 GMT
etag: "279-62ac737ed1347"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.sur.ly/favicon_sur.ly_white_32px.png | 188.114.97.1 | 200 OK | 1.2 kB |
URL GET cdn.sur.ly/favicon_sur.ly_white_32px.png IP188.114.97.1:443
Requested byhttps://safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 CertificateIssuerGoogle Trust Services Subjectsur.ly Fingerprint17:2E:23:F4:D1:D3:72:DA:15:57:5C:15:19:57:02:1C:54:E7:BF:EA ValidityWed, 29 Jan 2025 22:49:29 GMT - Tue, 29 Apr 2025 23:47:50 GMT
File typePNG image data, 32 x 32, 8-bit colormap, non-interlaced Hash4b1c97502eb3ba360de346708a28894b d1d1896ec7c25c63815836161016644d6e6087b2 a564ec942cbcfa490ed50ea86db279f91784f5d0de8b9df0dcd7294287223252
GET /favicon_sur.ly_white_32px.png HTTP/1.1
Host: cdn.sur.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://safe.sur.ly/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:04 GMT
content-type: image/png
content-length: 1177
last-modified: Mon, 13 Jun 2022 04:23:22 GMT
etag: "62a6bbba-499"
expires: Fri, 21 Mar 2025 07:21:04 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 353861
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b88h33xlE%2BybOh%2FbYfDVF%2FJSnqyW8P5RZgtaUbPVGAeJ%2FT3wDgFcBmfdCSgil1mOdNXD1%2FYox3EJhkQKEAHUc7qPe%2BOW4nYYTd493je5Voi%2BnnabT50cH5U61H7Q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 924838be19bff5d1-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19675&min_rtt=19634&rtt_var=4209&sent=33&recv=10&lost=0&retrans=0&sent_bytes=38268&recv_bytes=1271&delivery_rate=219526&cwnd=190&unsent_bytes=0&cid=61cff6960f508c98&ts=54&x=0"
X-Firefox-Spdy: h2
|
|
| cryptocoinsad.com/banner/ads_banner/26808.png | 104.21.16.1 | 200 OK | 96 kB |
URL GET cryptocoinsad.com/banner/ads_banner/26808.png IP104.21.16.1:443
Requested byhttps://traffic2bitcoin.com/ptp.php?ref=sofiahalbof&sitetype=1 CertificateIssuerGoogle Trust Services Subjectcryptocoinsad.com Fingerprint49:43:C9:E1:A7:26:72:FE:F8:54:F0:1A:87:11:ED:89:1D:78:F1:5C ValidityThu, 13 Feb 2025 16:47:34 GMT - Wed, 14 May 2025 17:46:15 GMT
File typePNG image data, 728 x 90, 8-bit/color RGB, non-interlaced Hashcd5574f378c32c035a610175f21167a3 8010950ce0d3efe9326de4d3cf7f3694f366a118 114ce79e036b95d2e5554e584a7eae34bb536052f58fb4f384c5cf98096a1874
GET /banner/ads_banner/26808.png HTTP/1.1
Host: cryptocoinsad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://traffic2bitcoin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:10 GMT
content-type: image/png
content-length: 95524
last-modified: Thu, 31 Aug 2023 15:30:24 GMT
etag: "64f0b210-17524"
accept-ranges: bytes
age: 65
cache-control: max-age=10800
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8kXc1Hlmk%2BNE%2B8l0HmGVwLhV2GSPA9w1vxBwoJ6LXlq95EMRdGUo2Qs92xwO7BsAGyzuBR2iW%2FPX554vzwzghDPVjTSwHGM4e2qNuWtx8lf%2FxR1FY2X%2BSsm8O%2FAdywXI94nkHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 924838e489a8f5e3-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19499&min_rtt=19398&rtt_var=2431&sent=8&recv=13&lost=0&retrans=0&sent_bytes=3291&recv_bytes=1437&delivery_rate=222575&cwnd=184&unsent_bytes=0&cid=8ce5d9622f073f54&ts=184&x=0"
X-Firefox-Spdy: h2
|
|
| data.nanswap.com/nano-price | 172.67.171.131 | 200 OK | 6 B |
URL GET data.nanswap.com/nano-price IP172.67.171.131:443
Requested byhttps://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy CertificateIssuerGoogle Trust Services Subjectnanswap.com Fingerprint94:2A:7A:41:6D:BF:DA:41:BF:1A:3F:68:DF:5E:9F:40:4E:7C:CC:49 ValiditySat, 08 Feb 2025 13:38:27 GMT - Fri, 09 May 2025 14:36:29 GMT
File typeASCII text, with no line terminators Hash843526517a3543069fa536aa1cc98c9a 9999c03eab8835d855bcb3f65b00b0db5838ea7c c224e72da9f86b75b665a133f9115ce78e285328a1a4857129f0da95eaa77eb8
GET /nano-price HTTP/1.1
Host: data.nanswap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nanswap.com/
Origin: https://nanswap.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:13 GMT
content-type: application/json; charset=utf-8
content-length: 6
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With,content-type
access-control-allow-credentials: true
etag: W/"6-mZnAPquINdhVvLP2WwCw21g46nw"
cache-control: max-age=10
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AhwMxjKCIFDF9dX5DeDl3bPkAw9hTrD1L07%2F7YKI%2FQsCnT70VL6vL0wx7OaVruz1Pf0sfYNiwHLlnDJbgsPIzr0Drk05ytzbnrrAX%2FIrhf2RY%2FRhOBXfz8eNrRlHAtZQgLq0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924838f58c89f5cb-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19583&min_rtt=19499&rtt_var=3199&sent=7&recv=12&lost=0&retrans=0&sent_bytes=3272&recv_bytes=1288&delivery_rate=219649&cwnd=254&unsent_bytes=0&cid=5daf4b043b55cded&ts=241&x=0"
X-Firefox-Spdy: h2
|
|
| trafficadbar.com/bar/show.js | 3.229.155.117 | 200 OK | 686 B |
URL GET trafficadbar.com/bar/show.js IP3.229.155.117:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerAmazon Subjecttrafficadbar.com Fingerprint4A:C5:E8:C2:D5:BE:F7:04:3C:95:C0:E9:E0:CF:50:81:F5:34:41:D9 ValidityFri, 30 Aug 2024 00:00:00 GMT - Sat, 27 Sep 2025 23:59:59 GMT
File typeASCII text, with very long lines (778), with no line terminators Hash9b384386d23d3ed1d5d90bf3b3c4ad1b 888713f2cc4e4236f3eb9b2b699a343e162670eb a97b2759722d2936066948f792e08af614db96c05bc1e3cf8d3ddfef86c04c5b
GET /bar/show.js HTTP/1.1
Host: trafficadbar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:09 GMT
content-type: application/javascript
content-length: 686
server: nginx/1.26.1
last-modified: Sun, 21 Jul 2024 12:41:40 GMT
etag: "669d0204-2ae"
expires: Wed, 21 May 2025 19:51:09 GMT
pragma: public
cache-control: max-age=5184000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| traffic2bitcoin.com/ptp.php?ref=sofiahalbof&sitetype=1 | 162.0.208.108 | 200 OK | 2.8 kB |
URL GET traffic2bitcoin.com/ptp.php?ref=sofiahalbof&sitetype=1 IP162.0.208.108:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerLet's Encrypt Subject*.traffic2bitcoin.com Fingerprint3F:B6:35:07:FD:3D:DB:C4:2B:B1:75:D5:04:91:0C:03:A8:4B:A2:A2 ValidityTue, 21 Jan 2025 09:58:46 GMT - Mon, 21 Apr 2025 09:58:45 GMT
File typeHTML document, ASCII text, with very long lines (2965), with no line terminators Hash2d1c699f8aadf74fa3605cacfdb68d54 f4a0fa2d2b5283edb755c7806127c7618601096e aa081ee474a92d944d453ed800d1b8fed70e20a4a8ec772551abb016575fb5db
GET /ptp.php?ref=sofiahalbof&sitetype=1 HTTP/1.1
Host: traffic2bitcoin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:09 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 1043
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| directurl.link/images/39386751_icon.png | 185.26.107.57 | 200 OK | 633 B |
URL GET directurl.link/images/39386751_icon.png IP185.26.107.57:443 ASN#24935 Eurofiber France SAS
Requested byhttps://zerads.com/ad/ad.php?width=300&ref=524 CertificateIssuerLet's Encrypt Subjectdirecturl.link FingerprintBA:AF:CD:75:CA:69:D3:F9:F9:12:16:1E:62:25:CF:CB:24:DE:09:75 ValidityThu, 13 Mar 2025 21:30:28 GMT - Wed, 11 Jun 2025 21:30:27 GMT
File typePNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced Hashe866d373f3711721ba5cb478a4d25a86 0db08f52fba2ab0bcde38da6d131c252bd26ccb3 58eb80fa685f79fb1ab96256b36b9753dd4b2d678f97d1f5b6bfb6b9fe5c3f7c
GET /images/39386751_icon.png HTTP/1.1
Host: directurl.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zerads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 22 Mar 2025 19:51:13 GMT
content-type: image/png
content-length: 633
last-modified: Fri, 03 Jan 2025 06:16:25 GMT
etag: "279-62ac737ed1347"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| www.blogger.com/_/scs/mss-static/_/js/k=boq-blogger.BloggerCommentUi.en.oKIMd9HUh2w.es5.O/am=DYABzA/d=1/excm=_b,_tp,commentformiframeview/ed=1/dg=0/wt=2/ujg=1/rs=AEy-KP2CM5kqCnwdFJMcNqpAHZK0uqQYSw/m=_b,_tp | 172.217.21.169 | 200 OK | 200 kB |
URL GET www.blogger.com/_/scs/mss-static/_/js/k=boq-blogger.BloggerCommentUi.en.oKIMd9HUh2w.es5.O/am=DYABzA/d=1/excm=_b,_tp,commentformiframeview/ed=1/dg=0/wt=2/ujg=1/rs=AEy-KP2CM5kqCnwdFJMcNqpAHZK0uqQYSw/m=_b,_tp IP172.217.21.169:443
Requested byhttps://www.blogger.com/comment/frame/3405693820859981231?po=4364866522047349775&hl=en&blogspotRpcToken=6538628#%7B%22color%22:%22rgb(102,%20102,%20102)%22,%22backgroundColor%22:%22rgb(61,%20133,%20198)%22,%22unvisitedLinkColor%22:%22rgb(61,%20116,%20165)%22,%22fontFamily%22:%22Arial,%20Tahoma,%20Helvetica,%20FreeSans,%20sans-serif%22%7D CertificateIssuerGoogle Trust Services Subject*.blogger.com Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79 ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT
File typeJavaScript source, ASCII text, with very long lines (958) Size200 kB (199966 bytes) Hash32b49ef22f2e54043da103882a90c175 13867aade689c73f22119b263c95156a85b8c048 ca075844964fcd8c304beb272902ef50a675e679f7a77a1aa7b19ddb689c93de
GET /_/scs/mss-static/_/js/k=boq-blogger.BloggerCommentUi.en.oKIMd9HUh2w.es5.O/am=DYABzA/d=1/excm=_b,_tp,commentformiframeview/ed=1/dg=0/wt=2/ujg=1/rs=AEy-KP2CM5kqCnwdFJMcNqpAHZK0uqQYSw/m=_b,_tp HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/blogger-boq-js-css-signers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="boq-infra/blogger-boq-js-css-signers"
report-to: {"group":"boq-infra/blogger-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/blogger-boq-js-css-signers"}]}
content-length: 70389
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 21 Mar 2025 02:16:40 GMT
expires: Sat, 21 Mar 2026 02:16:40 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 20 Mar 2025 07:12:13 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 149670
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| zerads.com/ad/ad.php?width=468&ref=524 | 162.0.208.108 | 200 OK | 1.5 kB |
URL GET zerads.com/ad/ad.php?width=468&ref=524 IP162.0.208.108:443
Requested byhttps://cryptofaucets.eti.pw/ CertificateIssuerLet's Encrypt Subjectzerads.com Fingerprint84:5E:29:60:A2:00:90:F8:0F:6F:92:69:02:8F:0A:EB:BB:5A:17:CA ValidityThu, 20 Mar 2025 00:58:45 GMT - Wed, 18 Jun 2025 00:58:44 GMT
File typeHTML document, ASCII text, with very long lines (1589), with no line terminators Hashcca519f2a01faeff252b3110dc5d3216 bd3b941b94fc95e14827a2bb2c72a1a8b9dd5086 472a9b9dba71880d20356b604cecfc72361423cf6a7f68b92dab116d97332174
GET /ad/ad.php?width=468&ref=524 HTTP/1.1
Host: zerads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptofaucets.eti.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:12 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 697
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy | 104.21.95.229 | 200 OK | 11 kB |
URL GET nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy IP104.21.95.229:443
Requested byhttps://cryptofaucets.eti.pw/ CertificateIssuerGoogle Trust Services Subjectnanswap.com Fingerprint94:2A:7A:41:6D:BF:DA:41:BF:1A:3F:68:DF:5E:9F:40:4E:7C:CC:49 ValiditySat, 08 Feb 2025 13:38:27 GMT - Fri, 09 May 2025 14:36:29 GMT
File typeHTML document, ASCII text, with very long lines (11395) Hash4236bcde61710022244d6e548bee3e12 30924cc8981018d21c1008a0ec89ee991d3e1181 a23a68db8d85ce2c50c03640ab2d70709567897b2eae8773c770eb01ecfc10d3
GET /iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy HTTP/1.1
Host: nanswap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptofaucets.eti.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:11 GMT
content-type: text/html; charset=utf-8
cf-ray: 924838eaabc7f5e8-AMS
cf-cache-status: HIT
age: 32
cache-control: public, max-age=14400, s-maxage=60, stale-while-revalidate=300
vary: Accept-Encoding
x-powered-by: Next.js
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8oD2EhQi4bJ6I10tloi8tzyoKETBOrOXB8yZnKSE6WV7ZgQUpTpawrNOrgW2L0bSA0zBAQgZg%2FqsZ0OZeFxsOJnweXrRvuE%2B6PmTxdM6jBamD962LUWN1INO85jyLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfCacheStatus;desc="HIT", cfL4;desc="?proto=TCP&rtt=19754&min_rtt=19744&rtt_var=4181&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3197&recv_bytes=1261&delivery_rate=219560&cwnd=198&unsent_bytes=0&cid=55c873acca3ed717&ts=67&x=0"
X-Firefox-Spdy: h2
|
|
| traffic2bitcoin.com/qlt.php?ref=sofiahalbof&keycode=7303&type= | 162.0.208.108 | 200 OK | 0 B |
URL GET traffic2bitcoin.com/qlt.php?ref=sofiahalbof&keycode=7303&type= IP162.0.208.108:443
Requested byhttps://traffic2bitcoin.com/ptp.php?ref=sofiahalbof&sitetype=1 CertificateIssuerLet's Encrypt Subject*.traffic2bitcoin.com Fingerprint3F:B6:35:07:FD:3D:DB:C4:2B:B1:75:D5:04:91:0C:03:A8:4B:A2:A2 ValidityTue, 21 Jan 2025 09:58:46 GMT - Mon, 21 Apr 2025 09:58:45 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /qlt.php?ref=sofiahalbof&keycode=7303&type= HTTP/1.1
Host: traffic2bitcoin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://traffic2bitcoin.com/ptp.php?ref=sofiahalbof&sitetype=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:10 GMT
Server: Apache
Vary: User-Agent
Content-Length: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| zerads.com/ad/ad.php?width=300&ref=524 | 162.0.208.108 | 200 OK | 1.5 kB |
URL GET zerads.com/ad/ad.php?width=300&ref=524 IP162.0.208.108:443
Requested byhttps://cryptofaucets.eti.pw/ CertificateIssuerLet's Encrypt Subjectzerads.com Fingerprint84:5E:29:60:A2:00:90:F8:0F:6F:92:69:02:8F:0A:EB:BB:5A:17:CA ValidityThu, 20 Mar 2025 00:58:45 GMT - Wed, 18 Jun 2025 00:58:44 GMT
File typeHTML document, ASCII text, with very long lines (1566), with no line terminators Hash5099e1492b6008fde0d2bd6ca210ebbb e7e8b507890af623da22f1b248d93027b794ebeb 49e62fb49595c1d9358e917295b08e7eb76f269228905dbdc78207e59c327bdb
GET /ad/ad.php?width=300&ref=524 HTTP/1.1
Host: zerads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptofaucets.eti.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:12 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 686
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| imgad.llsvr.com/rockyjc1.a.132373.jpg | 104.21.80.1 | 200 OK | 35 kB |
URL GET imgad.llsvr.com/rockyjc1.a.132373.jpg IP104.21.80.1:443
Requested byhttps://llclick.com/9cnxhff7/verytenoi CertificateIssuerGoogle Trust Services Subjectllsvr.com Fingerprint33:05:B0:89:29:B4:C7:19:B9:8C:D3:F7:38:EB:1E:CB:34:26:32:4E ValidityMon, 24 Feb 2025 12:10:45 GMT - Sun, 25 May 2025 13:07:07 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 375x250, components 3 Hashf14a82b53c6337f7383cc5e462641c51 70f40f1a6b28c943178d78f20bce100bacdf9b56 6a6139601c7207de59c002b98f73ba9de338ca426bd034b09f9e30d6b9ce5922
GET /rockyjc1.a.132373.jpg HTTP/1.1
Host: imgad.llsvr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llclick.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:07 GMT
content-type: image/jpeg
content-length: 34695
last-modified: Thu, 30 Nov 2023 10:07:54 GMT
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JftPZgQ9qlDxWVihn5yBOX8ag6SQRooKo8at6VufpkpJZJLvcDMhd7ZgV58Q8Mvo48TDQO9lEpg4dIG1tktqTF0DoHue7y%2FUZqvLJwzPzSqHQHCJNUzhAWDj0Ye%2B%2Fu9gzf0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 924838ca48c0f5ea-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=25126&min_rtt=19600&rtt_var=13181&sent=8&recv=13&lost=0&retrans=0&sent_bytes=3266&recv_bytes=1379&delivery_rate=220731&cwnd=255&unsent_bytes=0&cid=224ef840a43a66ef&ts=585&x=0"
X-Firefox-Spdy: h2
|
|
| blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeaoNsjDNQ-ft3m51CUPvtToBCbzwdc07wA-SfDPeT-QYmEmsTDzvY8IT9fbty0vA7cQw0i0FVu0FF2ondR7f191Nf0ZSiKTH-boMuR4uzVZYnx-uy132RLaT3OwItBoytd6eLbHjhJnk/s1600/tumblr_p9sx9t6ITy1tji7wmo1_640.png | 142.250.74.33 | 200 OK | 19 kB |
URL GET blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeaoNsjDNQ-ft3m51CUPvtToBCbzwdc07wA-SfDPeT-QYmEmsTDzvY8IT9fbty0vA7cQw0i0FVu0FF2ondR7f191Nf0ZSiKTH-boMuR4uzVZYnx-uy132RLaT3OwItBoytd6eLbHjhJnk/s1600/tumblr_p9sx9t6ITy1tji7wmo1_640.png IP142.250.74.33:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerGoogle Trust Services Subject*.googleusercontent.com Fingerprint76:FD:48:21:91:D7:93:F0:95:A3:DA:6B:29:ED:D2:2A:3F:D2:DD:38 ValidityMon, 10 Mar 2025 08:36:57 GMT - Mon, 02 Jun 2025 08:36:56 GMT
File typePNG image data, 627 x 348, 8-bit/color RGB, non-interlaced Hash08b8c241415eb845471a6cdc24e86d3d 4a67fd9185985c5eb0f690a81e4723e9fd10991e e20d7cd5eded37c6539062e9a67b2674b0c52f8149c9880c8ea6ca366fe7df00
GET /img/b/R29vZ2xl/AVvXsEgeaoNsjDNQ-ft3m51CUPvtToBCbzwdc07wA-SfDPeT-QYmEmsTDzvY8IT9fbty0vA7cQw0i0FVu0FF2ondR7f191Nf0ZSiKTH-boMuR4uzVZYnx-uy132RLaT3OwItBoytd6eLbHjhJnk/s1600/tumblr_p9sx9t6ITy1tji7wmo1_640.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v358"
expires: Sun, 23 Mar 2025 19:51:10 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="tumblr_p9sx9t6ITy1tji7wmo1_640.png"
x-content-type-options: nosniff
date: Sat, 22 Mar 2025 19:51:10 GMT
server: fife
content-length: 19422
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.sur.ly/js/jquery.min.js | 188.114.97.1 | 200 OK | 93 kB |
URL GET cdn.sur.ly/js/jquery.min.js IP188.114.97.1:443
Requested byhttps://safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 CertificateIssuerGoogle Trust Services Subjectsur.ly Fingerprint17:2E:23:F4:D1:D3:72:DA:15:57:5C:15:19:57:02:1C:54:E7:BF:EA ValidityWed, 29 Jan 2025 22:49:29 GMT - Tue, 29 Apr 2025 23:47:50 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /js/jquery.min.js HTTP/1.1
Host: cdn.sur.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://safe.sur.ly/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:04 GMT
content-type: application/javascript
last-modified: Mon, 13 Jun 2022 04:23:22 GMT
vary: Accept-Encoding
etag: W/"62a6bbba-16cfb"
expires: Tue, 25 Mar 2025 10:59:17 GMT
cache-control: max-age=2592000
content-encoding: gzip
cf-cache-status: HIT
age: 2305030
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hs93P%2Bv31Gy4dF%2BABJmVnA9VOfhe3xfn8mLuZ3%2Bz3T7p6enmsrL90zmlPVS2uoEq7GP2QrwzQtCLCTGDqtfApcTPadMH1VUFEx1fql8uc9Qvy69p3jUQ5ud4E1YR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924838be09bbf5d1-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19675&min_rtt=19634&rtt_var=4209&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3253&recv_bytes=1271&delivery_rate=219526&cwnd=190&unsent_bytes=0&cid=61cff6960f508c98&ts=53&x=0"
X-Firefox-Spdy: h2
|
|
| sur.ly/surly/images/platforms/php.png | 54.173.41.122 | 301 Moved Permanently | 8.9 kB |
URL GET sur.ly/surly/images/platforms/php.png IP54.173.41.122:443
Requested byhttps://safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 CertificateIssuerLet's Encrypt Subjectsur.ly Fingerprint1B:0E:89:02:7C:6B:FA:4E:B9:60:89:BE:37:EB:A6:AD:B6:80:88:72 ValiditySun, 23 Feb 2025 17:39:40 GMT - Sat, 24 May 2025 17:39:39 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /surly/images/platforms/php.png HTTP/1.1
Host: sur.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Referer: https://safe.sur.ly/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
server: nginx/1.14.2
date: Sat, 22 Mar 2025 19:51:05 GMT
content-type: text/html
content-length: 185
location: https://cdn.sur.ly/surly/images/platforms/php.png
referrer-policy: origin-when-cross-origin
X-Firefox-Spdy: h2
|
|
| webtrafbit.ru/img/lang/lang__ru.png | 185.105.111.32 | 200 OK | 899 B |
URL GET webtrafbit.ru/img/lang/lang__ru.png IP185.105.111.32:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
File typePNG image data, 22 x 15, 8-bit/color RGBA, non-interlaced Hashfa57d43ba1417bf41ad68ba291c3e9b3 7936bf1f4ae4a8d24c0cb1789651b68725fbc1f9 73ba093d2e134bee9f470147aad2521ef9ee5d6a48e32dc6377553546a7ce628
GET /img/lang/lang__ru.png HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:10 GMT
Content-Type: image/png
Content-Length: 899
Last-Modified: Thu, 05 Dec 2024 10:07:24 GMT
Connection: keep-alive
ETag: "67517b5c-383"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
|
|
| sur.ly/surly/images/platforms/wp.png | 54.173.41.122 | 301 Moved Permanently | 11 kB |
URL GET sur.ly/surly/images/platforms/wp.png IP54.173.41.122:443
Requested byhttps://safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 CertificateIssuerLet's Encrypt Subjectsur.ly Fingerprint1B:0E:89:02:7C:6B:FA:4E:B9:60:89:BE:37:EB:A6:AD:B6:80:88:72 ValiditySun, 23 Feb 2025 17:39:40 GMT - Sat, 24 May 2025 17:39:39 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /surly/images/platforms/wp.png HTTP/1.1
Host: sur.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Referer: https://safe.sur.ly/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
server: nginx/1.14.2
date: Sat, 22 Mar 2025 19:51:04 GMT
content-type: text/html
content-length: 185
location: https://cdn.sur.ly/surly/images/platforms/wp.png
referrer-policy: origin-when-cross-origin
X-Firefox-Spdy: h2
|
|
| webtrafbit.ru/js/main.js?v=9 | 185.105.111.32 | 200 OK | 6.9 kB |
URL GET webtrafbit.ru/js/main.js?v=9 IP185.105.111.32:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (7283), with no line terminators Hashc5e23e104789d8e8ab86848813591245 3f00e6257a224ac9c81b36bcc8ca1627aa027966 17e62fb9b0410eb18f4b26e3ed1bfc6f20593e4c15cdbb50a2a5aa11aaecfa27
GET /js/main.js?v=9 HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:09 GMT
Content-Type: application/javascript
Last-Modified: Thu, 05 Dec 2024 10:06:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"67517b41-1adb"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000;
Content-Encoding: gzip
|
|
| play.google.com/log?format=json&hasfast=true&authuser=0 | 142.250.74.142 | 200 OK | 131 B |
URL POST play.google.com/log?format=json&hasfast=true&authuser=0 IP142.250.74.142:443
Requested byhttps://www.blogger.com/comment/frame/3405693820859981231?po=4364866522047349775&hl=en&blogspotRpcToken=6538628#%7B%22color%22:%22rgb(102,%20102,%20102)%22,%22backgroundColor%22:%22rgb(61,%20133,%20198)%22,%22unvisitedLinkColor%22:%22rgb(61,%20116,%20165)%22,%22fontFamily%22:%22Arial,%20Tahoma,%20Helvetica,%20FreeSans,%20sans-serif%22%7D CertificateIssuerGoogle Trust Services Subject*.google.com FingerprintB5:4D:C5:27:B4:49:22:F3:21:DF:88:3D:E6:05:D6:A1:02:98:C7:E2 ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash4928468ff9f752fe3ddf481c1e2f1282 988c036163ea4b95e4cec093bd2da5974c084dd1 66f1113291b30076f0933ab7cc82b4a553753db51681ca344af7c20f7cc14f5d
POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: play.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
X-Goog-AuthUser: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 581
Origin: https://www.blogger.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
access-control-allow-origin: https://www.blogger.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Sat, 22 Mar 2025 19:51:12 GMT
server: Playlog
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| webcounter.eti.pw/styles/96/9.png | 85.130.81.193 | 200 OK | 76 B |
URL GET webcounter.eti.pw/styles/96/9.png IP85.130.81.193:443 ASN#13124 A1 Bulgaria EAD
Requested byhttps://cryptofaucets.eti.pw/ CertificateIssuerLet's Encrypt Subjecteti.pw Fingerprint39:F1:E5:BF:E3:BF:59:E4:5A:D6:3E:DD:20:31:DA:BC:DA:87:6F:26 ValidityThu, 13 Mar 2025 13:26:20 GMT - Wed, 11 Jun 2025 13:26:19 GMT
File typePNG image data, 5 x 7, 1-bit grayscale, non-interlaced Hash667dd242d0bc5084d212bcc528340c97 c2a27a42d8f7d5b58600f57f09327e438dc383a8 cc760415af42ca3be16b94a1932cf7dbc1d489cb0c484cb0b7395c4b435b508e
GET /styles/96/9.png HTTP/1.1
Host: webcounter.eti.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptofaucets.eti.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:13 GMT
Server: Apache
Last-Modified: Tue, 30 Oct 2001 18:38:46 GMT
ETag: "4c-3918eba3bd980"
Accept-Ranges: bytes
Content-Length: 76
Keep-Alive: timeout=5, max=50000
Connection: Keep-Alive
Content-Type: image/png
|
|
| imageshare.eti.pw/i/6cbd1125f36a78a968c76e9fbde2c563.png | 85.130.81.193 | 200 OK | 19 kB |
URL GET imageshare.eti.pw/i/6cbd1125f36a78a968c76e9fbde2c563.png IP85.130.81.193:443 ASN#13124 A1 Bulgaria EAD
Requested byhttps://ads.eti.pw/banners CertificateIssuerLet's Encrypt Subjecteti.pw Fingerprint39:F1:E5:BF:E3:BF:59:E4:5A:D6:3E:DD:20:31:DA:BC:DA:87:6F:26 ValidityThu, 13 Mar 2025 13:26:20 GMT - Wed, 11 Jun 2025 13:26:19 GMT
File typePNG image data, 320 x 50, 8-bit/color RGBA, non-interlaced Hash6cbd1125f36a78a968c76e9fbde2c563 44084d1e2379f105196c533bdf203077cd2cb9a6 253866da7b89ec9a7f1e9f562130d4143a8a240091507c75da032390177f3994
GET /i/6cbd1125f36a78a968c76e9fbde2c563.png HTTP/1.1
Host: imageshare.eti.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ads.eti.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:12 GMT
Server: Apache
Last-Modified: Sat, 13 Apr 2024 12:31:44 GMT
ETag: "4a91-615f99240599e"
Accept-Ranges: bytes
Content-Length: 19089
Keep-Alive: timeout=5, max=49999
Connection: Keep-Alive
Content-Type: image/png
|
|
| sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html | 142.250.74.161 | 200 OK | 64 kB |
URL GET sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html IP142.250.74.161:443
Requested byhttps://llclick.com/9cnxhff7/verytenoi CertificateIssuerGoogle Trust Services Subjectmisc-sni.blogspot.com FingerprintEE:A5:D6:A7:7C:19:95:69:19:BA:C1:C3:58:8B:D0:60:33:9E:21:A8 ValidityMon, 10 Mar 2025 08:36:41 GMT - Mon, 02 Jun 2025 08:36:40 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /2021/07/blog-post.html HTTP/1.1
Host: sofiahalbofanimeworld.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://llclick.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Sat, 22 Mar 2025 19:51:08 GMT
date: Sat, 22 Mar 2025 19:51:08 GMT
cache-control: private, max-age=0
last-modified: Sat, 22 Mar 2025 19:46:23 GMT
etag: W/"7329b7e4c22d768ae2f59baff206f9c656a9e634020c71132947f92d056c3dc4"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 16402
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| webtrafbit.ru/img/lang/lang__es.png | 185.105.111.32 | 200 OK | 1.4 kB |
URL GET webtrafbit.ru/img/lang/lang__es.png IP185.105.111.32:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
File typePNG image data, 22 x 15, 8-bit/color RGB, non-interlaced Hash0d3ec8042de0f05d08982ec6cc21ef94 7c524a5c397dccdc5ec80b7159700fddeb4cef24 81323484fb01528c9ac56bc226165b30a712823a85d9a7b7ac59e77ce1b6810f
GET /img/lang/lang__es.png HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:10 GMT
Content-Type: image/png
Content-Length: 1361
Last-Modified: Thu, 05 Dec 2024 10:07:24 GMT
Connection: keep-alive
ETag: "67517b5c-551"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
|
|
| fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 | 142.250.74.35 | 200 OK | 48 kB |
URL GET fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 IP142.250.74.35:443
Requested byhttps://ad.a-ads.com/2370867?size=300x250 CertificateIssuerGoogle Trust Services Subject*.gstatic.com Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 48496, version 1.0 Hash8b7943a41013101d892c4684617ed41d 1853b95f5ae2cc51c89edf6f2c44a676efe31f3b 9d9e7b21769c8048b64fbdc1743c32641c3aa1c70c37197987ffe14d0f0508cd
GET /s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ad.a-ads.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48496
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 10:09:01 GMT
expires: Fri, 20 Mar 2026 10:09:01 GMT
cache-control: public, max-age=31536000
age: 207732
last-modified: Mon, 29 Jul 2024 22:47:09 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| myadboardtraffic.com/click.php?id=41094 | 207.244.71.147 | 200 OK | 264 B |
URL GET myadboardtraffic.com/click.php?id=41094 IP207.244.71.147:443 ASN#30633 LEASEWEB-USA-WDC
Requested byhttps://safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 CertificateIssuerLet's Encrypt Subject*.myadboardtraffic.com FingerprintFA:59:A1:92:50:AC:86:CE:7A:5C:E9:B6:FE:42:5C:12:0E:A5:42:B2 ValidityWed, 19 Mar 2025 13:20:43 GMT - Tue, 17 Jun 2025 13:20:42 GMT
File typeASCII text, with no line terminators Hash3dc09d23e19ede099c6e2dc64ab2b3ae 2935fcefe941c559d63917bb1c1ab2e4df9741f4 356ac9eed8cda7e00f5e30edc9d014f32df43324e84c3b8f0ef802e6aa802d8a
GET /click.php?id=41094 HTTP/1.1
Host: myadboardtraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://safe.sur.ly/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:05 GMT
Server: Apache
Keep-Alive: timeout=5, max=500
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
|
|
| webtrafbit.ru/banner.php?user=186 | 185.105.111.32 | 200 OK | 1.7 kB |
URL GET webtrafbit.ru/banner.php?user=186 IP185.105.111.32:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (1682), with no line terminators Hashafa8284faada6ee7a6a5e984d7fb8e76 33a720efa6d8cb5e2066ca4ed82d3178cf21f826 b65e016581a0d583d547403c04e3cda1ba97fac1fcb38e4d9a3b48cc94ff0b6e
GET /banner.php?user=186 HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sofiahalbofanimeworld.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Set-Cookie: PHPSESSID=cea26c2917c841d12243ee721386020c; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Strict-Transport-Security: max-age=31536000;
Content-Encoding: gzip
|
|
| cdn.surdotly.com/js/Surly.min.js | 54.173.41.122 | 200 OK | 2.9 kB |
URL GET cdn.surdotly.com/js/Surly.min.js IP54.173.41.122:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerLet's Encrypt Subjectcdn.surdotly.com Fingerprint43:86:F9:10:6C:25:81:7E:C4:FF:CA:DF:12:4C:8F:76:17:04:7A:4A ValidityThu, 13 Mar 2025 12:41:04 GMT - Wed, 11 Jun 2025 12:41:03 GMT
File typeJavaScript source, ASCII text, with very long lines (3093), with no line terminators Hash9e7527f0087921d70256dbf09361b372 0fa2c03bc74d4e7c40dff663ae39a32fd04c3252 38b3236be1134358a2d94635e894b53c93083633d99bf55b9f027faefe174f32
GET /js/Surly.min.js HTTP/1.1
Host: cdn.surdotly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.14.2
date: Sat, 22 Mar 2025 19:51:09 GMT
content-type: application/javascript
last-modified: Mon, 13 Jun 2022 04:23:22 GMT
vary: Accept-Encoding
etag: W/"62a6bbba-b7a"
expires: Mon, 21 Apr 2025 19:51:09 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.blogger.com/img/logo-16.png | 172.217.21.169 | 200 OK | 279 B |
URL GET www.blogger.com/img/logo-16.png IP172.217.21.169:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerGoogle Trust Services Subject*.blogger.com Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79 ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT
File typePNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced Hash5ffecab6c722bb0adc3fce8d83b27993 0e59b05d3da526e82bb4f5d47c5d94e2a318dafb cca664ca16fde285160e80eae6ba4501c27b1dd1ce09aec1e84caa74b5baff53
GET /img/logo-16.png HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 279
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 09:28:05 GMT
expires: Thu, 27 Mar 2025 09:28:05 GMT
cache-control: public, max-age=604800
last-modified: Wed, 19 Mar 2025 14:51:59 GMT
content-type: image/png
age: 210184
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| play.google.com/log?format=json&hasfast=true&authuser=0 | 142.250.74.142 | 200 OK | 0 B |
URL OPTIONS play.google.com/log?format=json&hasfast=true&authuser=0 IP142.250.74.142:443
Requested byhttps://www.blogger.com/comment/frame/3405693820859981231?po=4364866522047349775&hl=en&blogspotRpcToken=6538628#%7B%22color%22:%22rgb(102,%20102,%20102)%22,%22backgroundColor%22:%22rgb(61,%20133,%20198)%22,%22unvisitedLinkColor%22:%22rgb(61,%20116,%20165)%22,%22fontFamily%22:%22Arial,%20Tahoma,%20Helvetica,%20FreeSans,%20sans-serif%22%7D CertificateIssuerGoogle Trust Services Subject*.google.com FingerprintB5:4D:C5:27:B4:49:22:F3:21:DF:88:3D:E6:05:D6:A1:02:98:C7:E2 ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: play.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Referer: https://www.blogger.com/
Origin: https://www.blogger.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: https://www.blogger.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Sat, 22 Mar 2025 19:51:11 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| nanswap.com/_next/static/chunks/pages/_app-9bd6d88b9262caa0.js | 104.21.95.229 | 200 OK | 1.2 MB |
URL GET nanswap.com/_next/static/chunks/pages/_app-9bd6d88b9262caa0.js IP104.21.95.229:443
Requested byhttps://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy CertificateIssuerGoogle Trust Services Subjectnanswap.com Fingerprint94:2A:7A:41:6D:BF:DA:41:BF:1A:3F:68:DF:5E:9F:40:4E:7C:CC:49 ValiditySat, 08 Feb 2025 13:38:27 GMT - Fri, 09 May 2025 14:36:29 GMT
Size1.2 MB (1218032 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /_next/static/chunks/pages/_app-9bd6d88b9262caa0.js HTTP/1.1
Host: nanswap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nanswap.com/iframe-swap/swap?defaultFrom=XNO&defaultTo=BAN&mode=swap&invitationId=nano_1inikx1a41i7974uh9y4tpajgh8ou91gyhk5c8m3qieqyn6s8u4rky91czkf&hideExtra=hide%20Buy/Sell%20button&hidePoweredBy=hidePoweredBy
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:12 GMT
content-type: application/javascript; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=76vpiswbJWIqbMZ75%2Fg8Dlb8uNjtryc%2FJS9eJkBdCDs%2FGMEBYj04GAVbNQPnlibiewzrrr%2FllhVv9p%2F4jPQiwrj%2F%2FcpzpwSqSLOKQxkhqFr4W1yD%2FLmZSvo3RUffKA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000, immutable
last-modified: Sun, 16 Mar 2025 11:06:16 GMT
etag: W/"1295f0-1959ea21075"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 390891
cf-ray: 924838ee1e02f5b0-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400
|
|
| cdn.sur.ly/surly/images/platforms/drpl.png | 188.114.97.1 | 200 OK | 7.7 kB |
URL GET cdn.sur.ly/surly/images/platforms/drpl.png IP188.114.97.1:443
Requested byhttps://safe.sur.ly/o/https://www.myadboardtraffic.com/click.php?id=41094 CertificateIssuerGoogle Trust Services Subjectsur.ly Fingerprint17:2E:23:F4:D1:D3:72:DA:15:57:5C:15:19:57:02:1C:54:E7:BF:EA ValidityWed, 29 Jan 2025 22:49:29 GMT - Tue, 29 Apr 2025 23:47:50 GMT
File typePNG image data, 197 x 125, 8-bit/color RGBA, non-interlaced Hash6f36a046dca910c56d066c3528f5142b c3d99b6aae29f56fb6c855ef75b1f01a589934dd ff83f3c2977b3b195ded8087efa82f7dc808615eba9be46201bb3bf247442bfb
GET /surly/images/platforms/drpl.png HTTP/1.1
Host: cdn.sur.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://safe.sur.ly/
DNT: 1
Connection: keep-alive
Cookie: _ga_L04HQHN9RZ=GS1.1.1742673065.1.0.1742673065.0.0.0; _ga=GA1.1.1027815748.1742673065
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:05 GMT
content-type: image/png
content-length: 7732
last-modified: Mon, 13 Jun 2022 04:23:22 GMT
etag: "62a6bbba-1e34"
expires: Fri, 21 Mar 2025 11:11:03 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 396669
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vEYK8GCZZwVvQVaGTfe8l1bHcIkHg0XdHy7Qh8jfWQH%2Ff%2Fl5lFOJ9zTY%2F5ohu4x4s69qn5x9wmozcbO4DiC5LuY1LQlVSgGKqLe%2F0K1j%2FbuM6yTlvRU7p60YbUEU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 924838c10a62fba6-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24491&min_rtt=20621&rtt_var=8399&sent=36&recv=11&lost=0&retrans=0&sent_bytes=28750&recv_bytes=2171&delivery_rate=397417&cwnd=12000&unsent_bytes=0&cid=e2e5f9f35026950d&ts=452&x=1", cfExtPri, cfHdrFlush;dur=12
|
|
| laytroops.com/pc4pc2i5fv?key=6237db3a651b2d9c2ac035f8734261eb |  192.243.59.12 | 200 OK | 118 B |
URL GET laytroops.com/pc4pc2i5fv?key=6237db3a651b2d9c2ac035f8734261eb IP192.243.59.12:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://traffic2bitcoin.com/ptp.php?ref=sofiahalbof&sitetype=1 CertificateIssuerLet's Encrypt Subjectlaytroops.com FingerprintE9:B9:E1:90:77:A2:4F:3F:5F:6C:A4:BB:43:24:19:C1:7E:49:EC:5F ValiditySat, 22 Feb 2025 21:59:52 GMT - Fri, 23 May 2025 21:59:51 GMT
File typeHTML document, ASCII text, with no line terminators Hashf27a6605cecb455a5e513507b214304b 8acbe09daafdc3adc0d57c5f5d8f93cd6186d55c f5cd5731dbf2e0185b4161ba81031fe68d04849a91d1a0ff8c713d6077292266
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /pc4pc2i5fv?key=6237db3a651b2d9c2ac035f8734261eb HTTP/1.1
Host: laytroops.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://openinapp.link/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 22 Mar 2025 19:51:12 GMT
Content-Type: text/html
Content-Length: 118
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: laytroops.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 3d9189daef4321a5c027ad11fb5cf338
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| trafficadbar.com/bar/page.php?a=sofiahalbof&b=252&c=90&e=%23ffffff&f=%23AC0101&g=%23f8f8f8&h=%23000000&i=%237c8e06&d=https%3A//sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html&ref1=https%3A//llclick.com/ | 3.229.155.117 | 200 OK | 693 B |
URL GET trafficadbar.com/bar/page.php?a=sofiahalbof&b=252&c=90&e=%23ffffff&f=%23AC0101&g=%23f8f8f8&h=%23000000&i=%237c8e06&d=https%3A//sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html&ref1=https%3A//llclick.com/ IP3.229.155.117:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerAmazon Subjecttrafficadbar.com Fingerprint4A:C5:E8:C2:D5:BE:F7:04:3C:95:C0:E9:E0:CF:50:81:F5:34:41:D9 ValidityFri, 30 Aug 2024 00:00:00 GMT - Sat, 27 Sep 2025 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (701), with no line terminators Hash5967f67cdaa61a3a6d40216b911071e4 0038e43d6f47aa8a766563aea16327e42d2cfce4 96900458153165e3899e5192feae2d8f83149458ad1104ad71ae76e0905881fe
GET /bar/page.php?a=sofiahalbof&b=252&c=90&e=%23ffffff&f=%23AC0101&g=%23f8f8f8&h=%23000000&i=%237c8e06&d=https%3A//sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html&ref1=https%3A//llclick.com/ HTTP/1.1
Host: trafficadbar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:09 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.26.1
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| api.fpadserver.com/banner?id=1753&size=728x90 | 104.21.32.41 | 200 OK | 2.4 kB |
URL GET api.fpadserver.com/banner?id=1753&size=728x90 IP104.21.32.41:443
Requested byhttps://cryptocoinsad.com/ads/show.php?a=253469&b=398008 CertificateIssuerGoogle Trust Services Subjectfpadserver.com Fingerprint59:27:DB:35:C6:E3:71:A1:65:B1:1D:AF:8A:AD:89:A8:E7:53:71:F8 ValidityWed, 19 Feb 2025 14:57:31 GMT - Tue, 20 May 2025 15:55:10 GMT
File typeHTML document, ASCII text, with very long lines (2546), with no line terminators Hash5a585d3990d1ef5235bf276c7423f444 1ce7aea9cee9b1e63a722f6823c33cc69ec76028 62bfa53b3251c8200a60e23c76f98518aaf335d6d0bd5b920d530e90dc3c9e13
GET /banner?id=1753&size=728x90 HTTP/1.1
Host: api.fpadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptocoinsad.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:11 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-allow-headers: *
cache-control: no-cache
x-server: ADS-Server
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DkDEbb5p4NRjtU6DhWKt9P201HhcCyWt1ETe%2B6cKFpCt3FGIXnf0%2B8zy9BdaELRWBWXNoDD%2Bui7as5F0ZeirSk2rhsDiYkSv9P1vuTB%2FJqN%2BBJ3bxs4xXNNSxkOACeNVLANvwcg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924838e788adf5d1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19475&min_rtt=19463&rtt_var=4125&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3281&recv_bytes=1267&delivery_rate=222643&cwnd=190&unsent_bytes=0&cid=a1145dd09b54f633&ts=55&x=0"
X-Firefox-Spdy: h2
|
|
| webtrafbit.ru/img/lang/lang__sv.png | 185.105.111.32 | 200 OK | 1.3 kB |
URL GET webtrafbit.ru/img/lang/lang__sv.png IP185.105.111.32:443
Requested bymoz-nullprincipal:{4855464b-84d1-4890-8e9e-fac3a607b68e}?https://webtrafbit.ru CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
File typePNG image data, 22 x 15, 8-bit/color RGB, non-interlaced Hash3ab68e3070eada6a93697d0d02222ac1 57aa3e381e5595ee43f0261ee7b4cdadd59cf559 7546f4a0d26eb4f5b653ce957356380849d80382a4cdb7521cd9923f05b87286
GET /img/lang/lang__sv.png HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webtrafbit.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:10 GMT
Content-Type: image/png
Content-Length: 1264
Last-Modified: Thu, 05 Dec 2024 10:07:24 GMT
Connection: keep-alive
ETag: "67517b5c-4f0"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
|
|
| llsvr.com/imgad/anabell56.a.88135.jpg | 104.21.80.1 | 200 OK | 18 kB |
URL GET llsvr.com/imgad/anabell56.a.88135.jpg IP104.21.80.1:443
Requested byhttps://w.leadsleap.com/php.php?ll_r=sofiahalbof&ll_id=w38245&ll_sr=&ll_f=0&ll_tbo=&ll_hc=%23e22121&ll_tc=%23555a69&ll_cc=%238d9aa6&ll_bc=%23ffffff&ll_dc=%238891a8&ll_w=300&ll_fh=auto&ll_h=250&ll_b=&ll_n=6&ll_fs=&ll_ff=&ll_pa=0&ll_bgc=&ll_s=w&ll_br=&ll_cl=&ll_nc=1&ll_nf=0&ll_nh=0&ll_nm=0&ll_np=1&ll_fo=&ll_no=&ll_so=&ll_nt=0&ll_wt=1&ll_url=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F2021%2F07%2Fblog-post.html&ll_rf=https%3A%2F%2Fllclick.com%2F CertificateIssuerGoogle Trust Services Subjectllsvr.com Fingerprint33:05:B0:89:29:B4:C7:19:B9:8C:D3:F7:38:EB:1E:CB:34:26:32:4E ValidityMon, 24 Feb 2025 12:10:45 GMT - Sun, 25 May 2025 13:07:07 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 375x250, components 3 Hashd6ca15326793023bc007d2dd8b859da3 ca23a2e2dfafb4819f8fc963e08b050fdc9bd725 d44df5ddd174519e7255c65ef96290ca9c41a1a7bbc01aeeb75ab6aad79d422a
GET /imgad/anabell56.a.88135.jpg HTTP/1.1
Host: llsvr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://w.leadsleap.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:19 GMT
content-type: image/jpeg
content-length: 17501
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4k8Qulvhy1aNeBI24X8mG1pkI9QxxQGuxRk4wtmGbu6eq9JSgLHRIriy%2BFhfE7jAOWX9%2BpmozSesv9U2f0MhNVhuX0fGGrep%2Bsb2syntbZX3Vsjwd57xf9k3ynY%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Thu, 22 Jun 2023 09:59:43 GMT
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
cf-ray: 92483918df8bf5ba-AMS
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
|
|
| webtrafbit.ru/img/logo.png | 185.105.111.32 | 200 OK | 430 B |
URL GET webtrafbit.ru/img/logo.png IP185.105.111.32:443
Requested byhttps://sofiahalbofanimeworld.blogspot.com/2021/07/blog-post.html CertificateIssuerLet's Encrypt Subjectwebtrafbit.ru FingerprintCA:15:F6:47:7D:93:59:2E:E7:E0:40:C5:F8:21:9A:E4:7C:64:B8:BD ValidityFri, 07 Mar 2025 18:25:42 GMT - Thu, 05 Jun 2025 18:25:41 GMT
File typePNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced Hash384ec5459a1d2d1c8ad7fb7238c6d3a4 285bc1f66827e0bada4af2cd0e12abdd64be135b 7be71bcfc259d0a7f63b1debbc56306ec2a652533a3fbcef37867969b07bd116
GET /img/logo.png HTTP/1.1
Host: webtrafbit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sofiahalbofanimeworld.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Mar 2025 19:51:09 GMT
Content-Type: image/png
Content-Length: 430
Last-Modified: Mon, 10 Mar 2025 12:07:57 GMT
Connection: keep-alive
ETag: "67ced61d-1ae"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
|
|
| ads.eti.pw/img/mp3search.eti.pw.png | 85.130.81.193 | 200 OK | 15 kB |
URL GET ads.eti.pw/img/mp3search.eti.pw.png IP85.130.81.193:443 ASN#13124 A1 Bulgaria EAD
Requested byhttps://ads.eti.pw/banners CertificateIssuerLet's Encrypt Subjecteti.pw Fingerprint39:F1:E5:BF:E3:BF:59:E4:5A:D6:3E:DD:20:31:DA:BC:DA:87:6F:26 ValidityThu, 13 Mar 2025 13:26:20 GMT - Wed, 11 Jun 2025 13:26:19 GMT
File typePNG image data, 320 x 50, 8-bit/color RGBA, non-interlaced Hash676ea14895f4edd3d47ec00e29ae8f9b 0c8c10c0a36ff426394b6e34546d23b2a80697f3 6f1106ae786ddf470c5a55436ba14fe35af008ec072f064cf4241124ded887a0
GET /img/mp3search.eti.pw.png HTTP/1.1
Host: ads.eti.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ads.eti.pw/banners
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2025 19:51:13 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 13:48:32 GMT
ETag: "392d-5ec2ca14bc9a3"
Accept-Ranges: bytes
Content-Length: 14637
Keep-Alive: timeout=5, max=49998
Connection: Keep-Alive
Content-Type: image/png
|
|
| directurl.link/images/44883098_Background01.jpg | 185.26.107.57 | 200 OK | 234 kB |
URL GET directurl.link/images/44883098_Background01.jpg IP185.26.107.57:443 ASN#24935 Eurofiber France SAS
CertificateIssuerLet's Encrypt Subjectdirecturl.link FingerprintBA:AF:CD:75:CA:69:D3:F9:F9:12:16:1E:62:25:CF:CB:24:DE:09:75 ValidityThu, 13 Mar 2025 21:30:28 GMT - Wed, 11 Jun 2025 21:30:27 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, copyright=Freepik Company S.L. - www.freepik.com], baseline, precision 8, 3000x2000, components 3 Size234 kB (234282 bytes) Hashf16b14b76a8f83be60f6bf54a23e35dc 6caef1fe305f71c5baf613abd9bbd762632a0892 d0edf9c11fe3b38213e8e9698285550846a5eb7d41d43a55757977b5feb268a7
GET /images/44883098_Background01.jpg HTTP/1.1
Host: directurl.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pastead.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 22 Mar 2025 19:51:13 GMT
content-type: image/jpeg
content-length: 234282
last-modified: Wed, 19 Feb 2025 10:11:54 GMT
etag: "3932a-62e7bfca03b56"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| llsvr.com/imgad/altagold.a.153694.jpg | 104.21.80.1 | 200 OK | 33 kB |
URL GET llsvr.com/imgad/altagold.a.153694.jpg IP104.21.80.1:443
Requested byhttps://w.leadsleap.com/php.php?ll_r=sofiahalbof&ll_id=w38245&ll_sr=&ll_f=0&ll_tbo=&ll_hc=%23e22121&ll_tc=%23555a69&ll_cc=%238d9aa6&ll_bc=%23ffffff&ll_dc=%238891a8&ll_w=300&ll_fh=auto&ll_h=250&ll_b=&ll_n=6&ll_fs=&ll_ff=&ll_pa=0&ll_bgc=&ll_s=w&ll_br=&ll_cl=&ll_nc=1&ll_nf=0&ll_nh=0&ll_nm=0&ll_np=1&ll_fo=&ll_no=&ll_so=&ll_nt=0&ll_wt=1&ll_url=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2F2021%2F07%2Fblog-post.html&ll_rf=https%3A%2F%2Fllclick.com%2F CertificateIssuerGoogle Trust Services Subjectllsvr.com Fingerprint33:05:B0:89:29:B4:C7:19:B9:8C:D3:F7:38:EB:1E:CB:34:26:32:4E ValidityMon, 24 Feb 2025 12:10:45 GMT - Sun, 25 May 2025 13:07:07 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 375x250, components 3 Hash98197b4c86249e4a6187bb6e49029afe cdab65d28dd70e109cad55f7322467412e085bf7 fb1b3525f7e641be65a38399f03599ba774ebe8c9476a220032d18d2717ec862
GET /imgad/altagold.a.153694.jpg HTTP/1.1
Host: llsvr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://w.leadsleap.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 22 Mar 2025 19:51:19 GMT
content-type: image/jpeg
content-length: 32745
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hgPsNjDaOHu4kr3a2VHtHPpR%2BYWEAIBlDNjILa5YOyR92BwQYAgfALo3VS7PfDghVXaOSLpWs7fQgwBEuec4O13nYkf9n7fpecRH3boAtxfglYuV8zMOqn3T7T8%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Fri, 26 Jul 2024 07:38:06 GMT
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
cf-ray: 92483918df8cf5ba-AMS
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
|
|
| llclick.com/9cnxhff7/verytenoi | 104.21.32.55 | 200 OK | 7.6 kB |
URL GET llclick.com/9cnxhff7/verytenoi IP104.21.32.55:443
Requested byhttps://myadboardtraffic.com/click.php?id=41094 CertificateIssuerGoogle Trust Services Subjectllclick.com Fingerprint6C:41:DC:AD:3C:BB:07:16:48:DB:B8:F7:02:35:C1:F9:E1:D0:DC:29 ValiditySun, 09 Mar 2025 21:10:53 GMT - Sat, 07 Jun 2025 22:08:36 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (8386), with no line terminators Hash7d34041a9f6fa46f1c0c5b5cd85106ef 25f9f29f72ce4e35ad4f85ca8463a7d120332a9d c3ab0ada9ebfff98c0e3881d27b9bbc4f85da754c40ae31c038470fc815d04dd
GET /9cnxhff7/verytenoi HTTP/1.1
Host: llclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://myadboardtraffic.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: frame
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:06 GMT
content-type: text/html; charset=UTF-8
set-cookie: lltkrl274900=1; expires=Sun, 23-Mar-2025 19:51:06 GMT; Max-Age=86400; path=/; SameSite=Lax
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UMWzuIl1oZOxCSI9%2Bd7z6ecIyZzvSLxMy63gmyIvuR%2FJ6UvfpWmf7jfVi3bN4N1a9oEhCYD80NfPe%2F%2FED%2BwbQoLAKTSo3mRZXdO34dBr0Uxham8LaE9E2A7h%2BnzBIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924838c56930fb8d-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=25227&min_rtt=19597&rtt_var=13551&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3199&recv_bytes=1156&delivery_rate=220698&cwnd=221&unsent_bytes=0&cid=888e3c21b99211fa&ts=543&x=0"
X-Firefox-Spdy: h2
|
|
| llclick.com/trackr.css?v=29 | 104.21.32.55 | 200 OK | 12 kB |
URL GET llclick.com/trackr.css?v=29 IP104.21.32.55:443
Requested byhttps://llclick.com/9cnxhff7/verytenoi CertificateIssuerGoogle Trust Services Subjectllclick.com Fingerprint6C:41:DC:AD:3C:BB:07:16:48:DB:B8:F7:02:35:C1:F9:E1:D0:DC:29 ValiditySun, 09 Mar 2025 21:10:53 GMT - Sat, 07 Jun 2025 22:08:36 GMT
File typeASCII text, with CRLF line terminators Hash633924a33000d47502174c617a7ae947 aa8eab69455481fe5350e112ba8d4558e7783594 b38ab2de11a1a397dec1d84475a85d88dc39709d0bebf2290e0fbb35d4649422
GET /trackr.css?v=29 HTTP/1.1
Host: llclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://llclick.com/9cnxhff7/verytenoi
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 22 Mar 2025 19:51:06 GMT
content-type: text/css
last-modified: Thu, 31 Aug 2023 06:32:40 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4170
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xsx%2BDAqjUD9IBxfXim02b0kyw%2BUkG6N27orY399rZN%2FEp%2BzAgDjXpXyfZq2sSyHSV9xAoq4jDH1zAvSBkPd6eb6ZPPWlUuMXKBD5IMtHPdwW%2FPUIHl2OZOuJz0ya8A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 924838c99cdbfb8d-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=22902&min_rtt=19597&rtt_var=7321&sent=12&recv=17&lost=0&retrans=0&sent_bytes=6615&recv_bytes=1392&delivery_rate=294638&cwnd=224&unsent_bytes=0&cid=888e3c21b99211fa&ts=706&x=0"
X-Firefox-Spdy: h2
|
|
| code.jquery.com/ui/1.11.4/jquery-ui.min.js | 151.101.66.137 | 200 OK | 240 kB |
URL GET code.jquery.com/ui/1.11.4/jquery-ui.min.js IP151.101.66.137:443
Requested byhttps://llclick.com/9cnxhff7/verytenoi CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5 ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (32035) Size240 kB (240427 bytes) Hashd935d506ae9c8dd9e0f96706fbb91f65 7f650ee30c6a4d3eea04032039b20ff72997559b c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c
GET /ui/1.11.4/jquery-ui.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://llclick.com
DNT: 1
Connection: keep-alive
Referer: https://llclick.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-3ab2b"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 22 Mar 2025 19:51:06 GMT
age: 2724885
x-served-by: cache-lga21924-LGA, cache-hel1410034-HEL
x-cache: HIT, HIT
x-cache-hits: 11, 60936
x-timer: S1742673067.623497,VS0,VE0
vary: Accept-Encoding
content-length: 64296
X-Firefox-Spdy: h2
|
|
0.0.0.0