Report - 12ft.io/https://sofiahalbofanimeworld.blogspot.com/search/label/verytenoi

Report Overview

Visited public
2025-03-26 16:42:42
Tags
URL
12ft.io/https://sofiahalbofanimeworld.blogspot.com/search/label/verytenoi
Finishing URL
12ft.io/proxy
IP / ASN
5.161.99.118
#213230 Hetzner Online GmbH
Title
12ft

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ads-bitcoin.com	194941	2021-08-16	2021-08-16	2025-03-20	1.5 kB	42 kB	172.67.209.12
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-03-26	471 B	11 kB	142.250.74.10
ad.a-ads.com	26970	2012-07-07	2013-04-19	2025-03-25	532 B	14 kB	136.243.11.250
script.monerominer.rocks	unknown	2017-09-29	2025-03-12	2025-03-24	413 B	187 kB	172.67.145.205
video.agenteimmobiliare.info	unknown	2024-07-15	2024-07-17	2025-03-26	4.8 kB	198 kB	104.21.96.1
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-03-26	1.1 kB	99 kB	142.250.74.35
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-03-26	864 B	700 kB	142.250.74.136
ny1.xmrminingproxy.com	unknown	2017-12-22	2024-03-27	2025-03-24	561 B	819 B	172.67.135.46
csi.gstatic.com	unknown	2008-02-11	2017-01-29	2025-03-25	2.2 kB	3.3 kB	142.250.181.131
resources.blogblog.com	13274	2000-09-15	2017-01-30	2025-03-20	894 B	1.6 kB	172.217.21.169
free-btc.org	455829	2022-01-30	2019-07-17	2025-03-25	991 B	95 kB	185.216.13.18
bonus-ads.top	unknown	2024-09-01	2024-12-01	2025-02-25	437 B	96 kB	213.32.25.28
static1.freebitco.in	148898	2013-10-10	2013-11-30	2025-03-20	454 B	44 kB	172.66.41.13
12ft.io	230021	2020-12-31	2020-12-31	2025-03-13	3.8 kB	234 kB	5.161.99.118
www.blogger.com	8975	1999-06-22	2012-05-22	2025-03-20	1.5 kB	44 kB	172.217.21.169
crypto-fire.website	564407	2021-10-30	2021-10-30	2025-03-20	1.0 kB	304 kB	5.180.55.119
imasdk.googleapis.com	11661	2005-01-25	2014-02-25	2025-03-21	2.0 kB	2.6 MB	142.250.74.42
ad2bitcoin.com	232350	2019-01-29	2017-05-24	2025-03-25	1.1 kB	2.9 kB	162.0.208.108
cryptocoinsad.com	136627	2018-04-11	2018-04-17	2025-03-20	4.0 kB	1.3 MB	104.21.32.1
traffic2bitcoin.com	410320	2016-05-18	2016-05-20	2025-03-20	1.1 kB	2.8 kB	162.0.208.108

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-03-26 16:42:23	medium	Client IP	172.67.135.46	ET MALWARE Observed CoinMiner Proxy Domain (xmrminingproxy .com in TLS SNI)
2025-03-26 16:42:23	medium	Client IP	172.67.135.46	ET MALWARE Observed CoinMiner Proxy Domain (xmrminingproxy .com in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-26	medium	xmrminingproxy.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (24)

	URL	From	Size	First Seen	Last Seen
	video.agenteimmobiliare.info/d-video.js?b=31	ScriptElement	94 kB	2024-06-14	2025-06-18
Pretty URL video.agenteimmobiliare.info/d-video.js?b=31 IP 104.21.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-14 12:46 Last Seen2025-06-18 02:24 Times Seen361 Hash 7b18d87a47cc8a096a36dab505b6e2ba bf73e07f466c958a822dddc556a4d2c22b13663e 384ff56fdeb622e9782341f4c0af0d8a9d945e9e390d8433a2febf7a5482fc7a Loading...

	imasdk.googleapis.com/js/sdkloader/ima3.js	ScriptElement	454 kB	2025-03-26	2025-03-26
Pretty URL imasdk.googleapis.com/js/sdkloader/ima3.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-26 16:24 Last Seen2025-03-26 16:42 Times Seen3 Hash c7798bc33ef51d22dcf6cc702715cb89 be5e8bb4b1d7862de44520307049e1c5a2b1836e 3dc57f88095df1fae2b22d78d6754d1a566720a2a5d0660f831882b2759fd06d Loading...

	ads-bitcoin.com/app/codes/banner?rcd=OTQ1	ScriptElement	167 B	2025-03-24	2025-03-27
Pretty URL ads-bitcoin.com/app/codes/banner?rcd=OTQ1 IP 172.67.209.12 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-24 16:26 Last Seen2025-03-27 18:47 Times Seen6 Hash 7f65b17827d1c8bcd0584b5da7c1fa9d 61691a28bca9a8f561169f2972fca302b62651a7 beea54034c3c02ca9bc00e56f5663d69cf0bac049053bcb52e663072880cb52e Loading...

	12ft.io/api/proxy?q=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2Fsearch%2Flabel%2Fverytenoi	EventHandler	27 B	2023-04-10	2025-06-18
Pretty URL 12ft.io/api/proxy?q=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2Fsearch%2Flabel%2Fverytenoi IP 5.161.99.118 ASN #213230 Hetzner Online GmbH Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-10 15:53 Last Seen2025-06-18 05:16 Times Seen25606 Hash 7688ca9eb3ca1c878821b1e3fe2c23d7 2c41fd7e9f8312d6fed18b21e1a0589413e35553 793bae9539499e6e02187febbd2e20fd17dd40260033f5175dbfc2f294440d9a Loading...

	video.agenteimmobiliare.info/d-video.js?b=31	ScriptElement	94 kB	2024-06-14	2025-06-18
Pretty URL video.agenteimmobiliare.info/d-video.js?b=31 IP 104.21.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-14 12:46 Last Seen2025-06-18 02:24 Times Seen361 Hash 7b18d87a47cc8a096a36dab505b6e2ba bf73e07f466c958a822dddc556a4d2c22b13663e 384ff56fdeb622e9782341f4c0af0d8a9d945e9e390d8433a2febf7a5482fc7a Loading...

	imasdk.googleapis.com/js/sdkloader/ima3.js	ScriptElement	454 kB	2025-03-26	2025-03-26
Pretty URL imasdk.googleapis.com/js/sdkloader/ima3.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-26 15:54 Last Seen2025-03-26 16:42 Times Seen3 Hash 2355bf139556cb4af4ea1d322f1ac832 375eeda3df7d97830626a52f73abdb1502f73cd2 a4c57b1b00ad2d3187fc50943dbfb08c3764eae954380485209bff3afedccd59 Loading...

	imasdk.googleapis.com/js/core/bridge3.689.6_en.html?gdpr=1#fid=goog_29898449	ScriptElement	789 kB	2025-03-24	2025-03-26
Pretty URL imasdk.googleapis.com/js/core/bridge3.689.6_en.html?gdpr=1#fid=goog_29898449 IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-24 16:03 Last Seen2025-03-26 22:25 Times Seen20 Hash 9b5331cf409dfa156c09905881b69a78 d5e22be1e67d5e6b297dd07eca2234d794a042e0 97bcc98904ee8042f83743f39c6af54ace7776c5bbfe0593782050a0c955ca33 Loading...

	12ft.io/proxy?q=https://sofiahalbofanimeworld.blogspot.com/search/label/verytenoi	ScriptElement	173 B	2024-08-19	2025-04-21
Pretty URL 12ft.io/proxy?q=https://sofiahalbofanimeworld.blogspot.com/search/label/verytenoi IP 5.161.99.118 ASN #213230 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 22:19 Last Seen2025-04-21 14:32 Times Seen10 Hash 5df3ff6e652aedf1d8e284fd672d6b5d 06937e84b63b8a87d55f4514da48e62ebe3873ee 3c9a90197f703f0876fa47cd95d387eaaa470f24db242b52bc6d71c7c4294be8 Loading...

	12ft.io/proxy?q=https://sofiahalbofanimeworld.blogspot.com/search/label/verytenoi	ScriptElement	678 B	2024-11-08	2025-04-04
Pretty URL 12ft.io/proxy?q=https://sofiahalbofanimeworld.blogspot.com/search/label/verytenoi IP 5.161.99.118 ASN #213230 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-11-08 19:59 Last Seen2025-04-04 16:54 Times Seen7 Hash 30bd33e38a085b64402d8997117df1d0 36117334fc3275d2c25940c90a0e7292173faef6 468a7b2092743170d169c579916451ae1907fe7e435d93a58b95395bb15b04c3 Loading...

	crypto-fire.website/mine/partner/sofiahalbof	ScriptElement	701 B	2025-03-20	2025-04-13
Pretty URL crypto-fire.website/mine/partner/sofiahalbof IP 5.180.55.119 ASN #44477 Stark Industries Solutions Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-20 18:06 Last Seen2025-04-13 18:21 Times Seen29 Hash bba894e02637220c642e7dc7e02582e9 8987deb28524f0d5b078738dbaf6e9b2104b9d3a f93bae1502f65dbae83afd50317f0f431fecf175f7e51e39e9ce45f472e2dd35 Loading...

	ad2bitcoin.com/ad.php?ref=sofiahalbof&width=300	ScriptElement	358 B	2025-03-02	2025-06-18
Pretty URL ad2bitcoin.com/ad.php?ref=sofiahalbof&width=300 IP 162.0.208.108 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-02 22:24 Last Seen2025-06-18 02:24 Times Seen154 Hash deec427270c647b4d8cfe82f8f5cc0e7 eece3d25ce9c863de1a4e33fe5e7ef2dd139c452 41fdbd769ff310fb9a9fb1bcb83cb507a7a322fccaca76eed9e9ace64715e698 Loading...

	ads-bitcoin.com/app/codes/banner?rcd=OTQ1	ScriptElement	153 B	2025-03-04	2025-05-24
Pretty URL ads-bitcoin.com/app/codes/banner?rcd=OTQ1 IP 172.67.209.12 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-04 03:41 Last Seen2025-05-24 22:59 Times Seen50 Hash dcc3dfc5d7cb3e8f183366f14dc1f136 d176e080954271ccd8a4116d63ce7e48744e2e55 f7f31227d0d7e6ce102ba75ac24c00e06418769d87652d0804c51c9088847232 Loading...

	www.googletagmanager.com/gtag/js?id=G-WS6LLVVENM	ScriptElement	356 kB	2025-03-26	2025-03-26
Pretty URL www.googletagmanager.com/gtag/js?id=G-WS6LLVVENM IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-26 16:42 Last Seen2025-03-26 16:42 Times Seen1 Hash 3815e4fa32c20807ded5a9a1ec4360c6 e6239bcfa70a76f65c7e1449ab7df8901ba05439 b5f767b3d45f5a3df384cfe8c65725828b0663ec630885d3e025fa6d2ca562ab Loading...

	wasm:script.monerominer.rocks/%20line%201%20%3E%20WebAssembly.Module	Wasm	0 B	0001-01-01	2025-06-18
Pretty URL wasm:script.monerominer.rocks/%20line%201%20%3E%20WebAssembly.Module IP 0.0.0.0 ASN #0 Introduced by wasm Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-06-18 05:24 Times Seen4999612 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	script.monerominer.rocks/	ScriptElement	186 kB	2023-03-07	2025-04-08
Pretty URL script.monerominer.rocks/ IP 172.67.145.205 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:18 Last Seen2025-04-08 15:39 Times Seen51 Hash bd3020c46557808be407a218b73082d6 694412169ab82e2d56f7c77c84f83b64f07c18fb eb4384ea3845a4d57607cfaab74d3375112e021c3ce7e4e7a94cfc9ff9d8fc7f Loading...

	12ft.io/assets/app-2f4eeb613965956fb8b68d387bd72f27.js?vsn=d	ScriptElement	106 kB	2024-08-19	2025-04-21
Pretty URL 12ft.io/assets/app-2f4eeb613965956fb8b68d387bd72f27.js?vsn=d IP 5.161.99.118 ASN #213230 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 22:19 Last Seen2025-04-21 14:32 Times Seen10 Hash 2f4eeb613965956fb8b68d387bd72f27 33c89a89f4d9559e78cb10d252a5c1f6a85af9cb 926377aeb130fd2825e9fd15351e1e624145fb5acdf5f0e637f63f9416d88390 Loading...

	free-btc.org/banner/u=sofiahalbof/size=728x90	ScriptElement	697 B	2025-03-19	2025-04-10
Pretty URL free-btc.org/banner/u=sofiahalbof/size=728x90 IP 185.216.13.18 ASN #44477 Stark Industries Solutions Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-19 19:01 Last Seen2025-04-10 22:59 Times Seen97 Hash 49bf792e23019ead05e712c9190dc660 392438cd03ab7c75f6b64faca13851e1b3b9ad1c 8f37e1f70b053def656313a12efcee0aa042eae30f1868c8ceb68a16734ad5fc Loading...

	free-btc.org/files/js/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-06-18
Pretty URL free-btc.org/files/js/jquery.min.js IP 185.216.13.18 ASN #44477 Stark Industries Solutions Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-18 05:24 Times Seen217210 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	free-btc.org/banner/u=sofiahalbof/size=728x90	ScriptElement	2.4 kB	2025-03-09	2025-04-04
Pretty URL free-btc.org/banner/u=sofiahalbof/size=728x90 IP 185.216.13.18 ASN #44477 Stark Industries Solutions Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-09 23:27 Last Seen2025-04-04 16:54 Times Seen3 Hash 864827a0a4b6d0834bb3facc9bc341fa 0879e7c23ec71943a9a2aff50483d15592b19c23 319adcf884ddd0256b0cc053bf31691ce98dbaccb1292069cd90a0e9970b4cb9 Loading...

	ads-bitcoin.com/app/codes/banner?rcd=OTQ1	ScriptElement	375 B	2025-03-26	2025-03-29
Pretty URL ads-bitcoin.com/app/codes/banner?rcd=OTQ1 IP 172.67.209.12 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-26 16:24 Last Seen2025-03-29 18:00 Times Seen12 Hash 6c7fc81b78f5b1ccd6e10e9c449a7d0c 9df3bafb36f8921d6a0bb6b63bd20630c20de699 a071f752d8289867392df53d53f5f65711023dff00405818d7d8f2c0b922afc9 Loading...

	www.googletagmanager.com/gtag/js?id=G-BLV8VETPEP	ScriptElement	342 kB	2025-03-26	2025-03-26
Pretty URL www.googletagmanager.com/gtag/js?id=G-BLV8VETPEP IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-26 16:42 Last Seen2025-03-26 16:42 Times Seen1 Hash f3c66253a4fd47b8c17d79ff473ac054 5b151071aadda2e64f422a77c8f88a296fada6c8 59daa38f67ec0d53300c187430f556d690b933c456e82e8cbde85aa778e544a2 Loading...

	imasdk.googleapis.com/js/core/bridge3.689.6_en.html?gdpr=1#fid=goog_29898449	ScriptElement	358 B	2025-02-20	2025-06-18
Pretty URL imasdk.googleapis.com/js/core/bridge3.689.6_en.html?gdpr=1#fid=goog_29898449 IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2025-02-20 21:14 Last Seen2025-06-18 05:19 Times Seen774 Hash 56b0d0e8272fed6b9a44d08c14e5b1be 0b2e66a7ca8c0319310adca7ba8d02b643526f9e b045c748093c314660ce2985a8dd0d6c3feb6af1026dc2b02229b2538c0da6ff Loading...

	imasdk.googleapis.com/js/core/bridge3.689.6_en.html?gdpr=1#fid=goog_1132152853	ScriptElement	789 kB	2025-03-24	2025-03-26
Pretty URL imasdk.googleapis.com/js/core/bridge3.689.6_en.html?gdpr=1#fid=goog_1132152853 IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-24 16:03 Last Seen2025-03-26 22:25 Times Seen20 Hash 9b5331cf409dfa156c09905881b69a78 d5e22be1e67d5e6b297dd07eca2234d794a042e0 97bcc98904ee8042f83743f39c6af54ace7776c5bbfe0593782050a0c955ca33 Loading...

	imasdk.googleapis.com/js/core/bridge3.689.6_en.html?gdpr=1#fid=goog_1132152853	ScriptElement	358 B	2025-02-20	2025-06-18
Pretty URL imasdk.googleapis.com/js/core/bridge3.689.6_en.html?gdpr=1#fid=goog_1132152853 IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2025-02-20 21:14 Last Seen2025-06-18 05:19 Times Seen774 Hash 56b0d0e8272fed6b9a44d08c14e5b1be 0b2e66a7ca8c0319310adca7ba8d02b643526f9e b045c748093c314660ce2985a8dd0d6c3feb6af1026dc2b02229b2538c0da6ff Loading...

HTTP Transactions (56)

URL IP Response Size

12ft.io/favicon.ico

5.161.99.118

200 OK

4.3 kB

URL GET
12ft.io/favicon.ico
IP
5.161.99.118:443
ASN
#213230 Hetzner Online GmbH

Requested by
https://12ft.io/proxy?q=https://sofiahalbofanimeworld.blogspot.com/search/label/verytenoi
Certificate
IssuerLet's Encrypt
Subject12ft.io
FingerprintAD:7C:C1:75:CB:23:74:A6:DD:98:37:17:0C:29:0F:F4:E4:B8:40:BB
ValiditySat, 22 Mar 2025 08:13:57 GMT - Fri, 20 Jun 2025 08:13:56 GMT

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Size
4.3 kB (4286 bytes)
Hash
f6e91215b1834823d8d471a266695ab6
ecd8e139e2e4379f03b46395f10ea0f278f60b72
59ae94c69d68ff785db9057b4b2c0af0e404453f8495cf89feb557ec75e835dc

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 12ft.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12ft.io/proxy
DNT: 1
Connection: keep-alive
Cookie: _twelvefoot_key=SFMyNTY.g3QAAAABbQAAAAtfY3NyZl90b2tlbm0AAAAYajdQUlMyWUU0VFR4VFFpWFVqUGZ4ZHR2.-2tvtXeRUjmcqo-U7FggLJ0oh6L5OWWBEWpRyn9jXsQ; _ga_BLV8VETPEP=GS1.1.1743007339.1.0.1743007339.0.0.0; _ga=GA1.1.1549606353.1743007339
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 26 Mar 2025 16:42:19 GMT
Content-Type: image/vnd.microsoft.icon
Content-Length: 4286
Connection: keep-alive
vary: Accept-Encoding
cache-control: public
etag: "737DFFA"
accept-ranges: bytes

www.googletagmanager.com/gtag/js?id=G-WS6LLVVENM

142.250.74.136

200 OK

356 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-WS6LLVVENM
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://ads-bitcoin.com/app/codes/banner?rcd=OTQ1
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint16:BA:A3:B5:22:51:BB:87:46:7F:17:3F:9D:14:B3:35:F0:FE:B1:8D
ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT

File type
JavaScript source, ASCII text, with very long lines (6129)
Size
356 kB (355644 bytes)
Hash
3815e4fa32c20807ded5a9a1ec4360c6
e6239bcfa70a76f65c7e1449ab7df8901ba05439
b5f767b3d45f5a3df384cfe8c65725828b0663ec630885d3e025fa6d2ca562ab

HTTP Headers

GET /gtag/js?id=G-WS6LLVVENM HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ads-bitcoin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 26 Mar 2025 16:42:20 GMT
expires: Wed, 26 Mar 2025 16:42:20 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1020:0
report-to: {"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
server: Google Tag Manager
content-length: 120872
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

script.monerominer.rocks/

172.67.145.205

200 OK

186 kB

URL GET
script.monerominer.rocks/
IP
172.67.145.205:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ads-bitcoin.com/app/codes/banner?rcd=OTQ1
Certificate
IssuerGoogle Trust Services
Subjectmonerominer.rocks
Fingerprint8F:B7:3C:6A:4B:00:5E:BD:B4:B9:1A:69:BF:8D:D1:C3:A0:98:FB:6B
ValidityFri, 07 Mar 2025 19:59:27 GMT - Thu, 05 Jun 2025 20:59:23 GMT

File type
JavaScript source, ASCII text, with very long lines (54857)
Size
186 kB (185672 bytes)
Hash
bd3020c46557808be407a218b73082d6
694412169ab82e2d56f7c77c84f83b64f07c18fb
eb4384ea3845a4d57607cfaab74d3375112e021c3ce7e4e7a94cfc9ff9d8fc7f

HTTP Headers

GET / HTTP/1.1
Host: script.monerominer.rocks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ads-bitcoin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 26 Mar 2025 16:42:21 GMT
content-type: text/javascript
cf-ray: 926819c9499ffea4-AMS
cf-cache-status: HIT
age: 1144
cache-control: public, max-age=14400
content-encoding: gzip
etag: W/"bd3020c46557808be407a218b73082d6"
last-modified: Fri, 07 Mar 2025 02:31:13 GMT
vary: Accept-Encoding
via: 1.1 3542cbb3a5773810405fca7ba271be44.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: kiabJJpSZZprK-FDy-4dOqiZEY-8tiYa3TWtvYV0LKCjlzGTbNr_gw==
x-amz-cf-pop: AMS54-C1
x-cache: Hit from cloudfront
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1mOa6HTiOU%2FXJcvIBChqZXc3RktmrgLGWxfoF59QBvjTgKrdV6mgFHHiiMAcmPSuGlzGAg66SLieF4epvOoi6iK7VCT2GSOHI3%2BRSeT2322knwWbb4jtVt7XR%2Bd7tsCI3wQLWzsDWnvNV94%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=20000&min_rtt=19894&rtt_var=3231&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3224&recv_bytes=1064&delivery_rate=218269&cwnd=226&unsent_bytes=0&cid=03f6776ae9d971c2&ts=71&x=0"
X-Firefox-Spdy: h2

video.agenteimmobiliare.info/api/video/tag?sourceId=56816&tmax=500&video-skipafter=5&count=3&tagId=u9ulkyimw6ahxd3m&site-domain=crypto-fire.website&site-page=https%3A%2F%2Fcrypto-fire.website%2Fmine%2Fpartner%2Fsofiahalbof

104.21.96.1

200 OK

42 B

URL GET
video.agenteimmobiliare.info/api/video/tag?sourceId=56816&tmax=500&video-skipafter=5&count=3&tagId=u9ulkyimw6ahxd3m&site-domain=crypto-fire.website&site-page=https%3A%2F%2Fcrypto-fire.website%2Fmine%2Fpartner%2Fsofiahalbof
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://imasdk.googleapis.com/js/core/bridge3.689.6_en.html?gdpr=1#fid=goog_29898449
Certificate
IssuerGoogle Trust Services
Subjectagenteimmobiliare.info
Fingerprint65:CE:B5:B3:06:6A:E6:66:55:C1:49:E1:0A:97:6C:C4:F2:DA:85:50
ValiditySat, 08 Mar 2025 10:05:37 GMT - Fri, 06 Jun 2025 11:03:43 GMT

File type
XML document, ASCII text, with no line terminators
Size
42 B (42 bytes)
Hash
f29fa95ad87f485f7035607dff300612
1ee041a8d8f667faf817150e7734bafe4d9d2665
1a500fd1728cc042f8211bf64027389d98b86df9253945cb7efc95f54f8e8b44

HTTP Headers

GET /api/video/tag?sourceId=56816&tmax=500&video-skipafter=5&count=3&tagId=u9ulkyimw6ahxd3m&site-domain=crypto-fire.website&site-page=https%3A%2F%2Fcrypto-fire.website%2Fmine%2Fpartner%2Fsofiahalbof HTTP/1.1
Host: video.agenteimmobiliare.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
DNT: 1
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 16:42:20 GMT
content-type: application/xml; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JaI%2FQ5H0u%2BmBVbLoKuPZLjIECznvTu4XEKQNFibwFm%2FerIoKX5pbZLzXuuddPBDi459sWwBMmqAfxSSqwvV61wEuZgkWi00UBVcJkChX1EhF43y%2BXxT9%2Fwc%2BGZvPwxeF6hf0lGQvP%2BWoBTnkv0B%2B"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://imasdk.googleapis.com
vary: -: Origin
access-control-allow-headers: Content-type
access-control-expose-headers: *
access-control-allow-credentials: true
set-cookie: d-vi-u-uni=811d9c3f940f9f397022db6df4758970a%3A2%3A%7Bi%3A0%3Bs%3A10%3A%22d-vi-u-uni%22%3Bi%3A1%3Bs%3A2%3A%22no%22%3B%7D; expires=Thu, 27 Mar 2025 16:42:20 GMT; Max-Age=86400; path=/; HttpOnly; SameSite=None
d-vi-u-id=614e1f817d64ecb698e6d01b1d9eb5fda%3A2%3A%7Bi%3A0%3Bs%3A9%3A%22d-vi-u-id%22%3Bi%3A1%3Bs%3A33%3A%22d51df7e4809ba95609f57f3dac95474df%22%3B%7D; expires=Mon, 25 Mar 2030 16:42:20 GMT; Max-Age=157680000; path=/; HttpOnly; SameSite=None
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 926819c908adffef-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400

www.blogger.com/static/v1/widgets/3566091532-css_bundle_v2.css

172.217.21.169

200 OK

36 kB

URL GET
www.blogger.com/static/v1/widgets/3566091532-css_bundle_v2.css
IP
172.217.21.169:443
ASN
#15169 GOOGLE

Requested by
https://12ft.io/api/proxy?q=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2Fsearch%2Flabel%2Fverytenoi
Certificate
IssuerGoogle Trust Services
Subject*.blogger.com
Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79
ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT

File type
ASCII text, with very long lines (35959)
Size
36 kB (35960 bytes)
Hash
1e32420a7b6ddbdcb7def8b3141c4d1e
a1be54d42ff1f95244c9653539f90318f5bc0580
a9ca837900b6ae007386d400f659c233120b8af7d93407fd6475c9180d9e83d2

HTTP Headers

GET /static/v1/widgets/3566091532-css_bundle_v2.css HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12ft.io/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 7756
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 09:14:33 GMT
expires: Fri, 20 Mar 2026 09:14:33 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 19 Mar 2025 19:54:16 GMT
content-type: text/css
vary: Accept-Encoding
age: 545266
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ads-bitcoin.com/favicon.png

172.67.209.12

200 OK

3.3 kB

URL GET
ads-bitcoin.com/favicon.png
IP
172.67.209.12:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ads-bitcoin.com/app/codes/banner?rcd=OTQ1
Certificate
IssuerGoogle Trust Services
Subjectads-bitcoin.com
Fingerprint48:B8:56:89:92:DF:B6:62:58:4D:AD:2C:A8:1A:E5:7B:BB:39:FA:F7
ValidityWed, 26 Feb 2025 12:23:53 GMT - Tue, 27 May 2025 13:21:31 GMT

File type
PNG image data, 69 x 102, 8-bit/color RGBA, non-interlaced
Size
3.3 kB (3257 bytes)
Hash
1235704055a890d125be139fae384407
1b73056d439aefe1370a63fe410aa47dad585c0f
03f261920c0f6dd5ef7b51e98d1a95a5bcb3b2dbc44d6d45593b873b1284fbec

HTTP Headers

GET /favicon.png HTTP/1.1
Host: ads-bitcoin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ads-bitcoin.com/app/codes/banner?rcd=OTQ1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 16:42:20 GMT
content-type: image/png
content-length: 3257
last-modified: Sat, 24 Dec 2022 14:34:52 GMT
etag: "cb9-5f093ce169b00"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2459
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=elrw6baIsVKOWZk94SnBoAm3lADTD72UCiScTAbIOpNmqdl%2F6sVtqXGdgqaXBE3iW7gaj6kDz615k%2Bnnm46zMAYzLQIc15NjCGsCqaouDG94OZ8H8nS7iaNfKniJvE9dOG0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 926819c88d03fffb-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=23847&min_rtt=21797&rtt_var=9638&sent=21&recv=6&lost=0&retrans=0&sent_bytes=16052&recv_bytes=1400&delivery_rate=27250&cwnd=12000&unsent_bytes=0&cid=106fc78207eebf80&ts=117&x=1", cfExtPri, cfHdrFlush;dur=31

video.agenteimmobiliare.info/api/video/tag?sourceId=56813&tmax=500&video-skipafter=5&count=3&tagId=je1ot46culf4u6xn&site-domain=free-btc.org&site-page=https%3A%2F%2Ffree-btc.org%2Fbanner%2Fu%3Dsofiahalbof%2Fsize%3D728x90&repeat=2

104.21.96.1

200 OK

42 B

URL GET
video.agenteimmobiliare.info/api/video/tag?sourceId=56813&tmax=500&video-skipafter=5&count=3&tagId=je1ot46culf4u6xn&site-domain=free-btc.org&site-page=https%3A%2F%2Ffree-btc.org%2Fbanner%2Fu%3Dsofiahalbof%2Fsize%3D728x90&repeat=2
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://imasdk.googleapis.com/js/core/bridge3.689.6_en.html?gdpr=1#fid=goog_1132152853
Certificate
IssuerGoogle Trust Services
Subjectagenteimmobiliare.info
Fingerprint65:CE:B5:B3:06:6A:E6:66:55:C1:49:E1:0A:97:6C:C4:F2:DA:85:50
ValiditySat, 08 Mar 2025 10:05:37 GMT - Fri, 06 Jun 2025 11:03:43 GMT

File type
XML document, ASCII text, with no line terminators
Size
42 B (42 bytes)
Hash
f29fa95ad87f485f7035607dff300612
1ee041a8d8f667faf817150e7734bafe4d9d2665
1a500fd1728cc042f8211bf64027389d98b86df9253945cb7efc95f54f8e8b44

HTTP Headers

GET /api/video/tag?sourceId=56813&tmax=500&video-skipafter=5&count=3&tagId=je1ot46culf4u6xn&site-domain=free-btc.org&site-page=https%3A%2F%2Ffree-btc.org%2Fbanner%2Fu%3Dsofiahalbof%2Fsize%3D728x90&repeat=2 HTTP/1.1
Host: video.agenteimmobiliare.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
DNT: 1
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 16:42:21 GMT
content-type: application/xml; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YYwJf3NXuE12IuLivxs40Thyqj5EJGz44oCgRjCb5EdiEABSH0W7Le8byL37gJ1ATVw242VhNfITTxto1xruEULdWzhMNr4iGcBow7l1WDvO5E5AfHGI%2Bdl%2FGOQm7TcOltfYTJa0kFYv4BwViMaZ"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://imasdk.googleapis.com
vary: -: Origin
access-control-allow-headers: Content-type
access-control-expose-headers: *
access-control-allow-credentials: true
set-cookie: d-vi-u-uni=811d9c3f940f9f397022db6df4758970a%3A2%3A%7Bi%3A0%3Bs%3A10%3A%22d-vi-u-uni%22%3Bi%3A1%3Bs%3A2%3A%22no%22%3B%7D; expires=Thu, 27-Mar-2025 16:42:21 GMT; Max-Age=86400; path=/; HttpOnly; SameSite=None
d-vi-u-id=614e1f817d64ecb698e6d01b1d9eb5fda%3A2%3A%7Bi%3A0%3Bs%3A9%3A%22d-vi-u-id%22%3Bi%3A1%3Bs%3A33%3A%22d51df7e4809ba95609f57f3dac95474df%22%3B%7D; expires=Mon, 25-Mar-2030 16:42:21 GMT; Max-Age=157680000; path=/; HttpOnly; SameSite=None
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 926819cba962ffef-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400

csi.gstatic.com/csi?v=2&s=ima&puid=1~m8q5kftu&c=3224260229168&slotId=1612130114584&eee=missing-element&bi=missing-id&vast_v=3.0&lima_p_ich=0&lima_p_icu=0

142.250.181.131

204 No Content

0 B

URL POST
csi.gstatic.com/csi?v=2&s=ima&puid=1~m8q5kftu&c=3224260229168&slotId=1612130114584&eee=missing-element&bi=missing-id&vast_v=3.0&lima_p_ich=0&lima_p_icu=0
IP
142.250.181.131:443
ASN
#15169 GOOGLE

Requested by
https://imasdk.googleapis.com/js/core/bridge3.689.6_en.html?gdpr=1#fid=goog_1132152853
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B
ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /csi?v=2&s=ima&puid=1~m8q5kftu&c=3224260229168&slotId=1612130114584&eee=missing-element&bi=missing-id&vast_v=3.0&lima_p_ich=0&lima_p_icu=0 HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
DNT: 1
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: *
date: Wed, 26 Mar 2025 16:42:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgcc:41:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgcc:41:0
report-to: {"group":"ascnsrsgcc:41:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgcc:41:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

resources.blogblog.com/img/icon18_email.gif

172.217.21.169

200 OK

164 B

URL GET
resources.blogblog.com/img/icon18_email.gif
IP
172.217.21.169:443
ASN
#15169 GOOGLE

Requested by
https://12ft.io/api/proxy?q=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2Fsearch%2Flabel%2Fverytenoi
Certificate
IssuerGoogle Trust Services
Subject*.blogger.com
Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79
ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT

File type
GIF image data, version 89a, 18 x 13
Size
164 B (164 bytes)
Hash
36b9f993db1b953f3b9b08040aaf9af4
18248661b307586dc291fd2dff4bb59cf7579475
1258cbe1e2900ec3df11a83a6bb6008d7a833f783a6df80b0d5d45a052ac1466

HTTP Headers

GET /img/icon18_email.gif HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12ft.io/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 164
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 09:36:01 GMT
expires: Thu, 27 Mar 2025 09:36:01 GMT
cache-control: public, max-age=604800
last-modified: Wed, 19 Mar 2025 19:54:16 GMT
content-type: image/gif
age: 543978
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

video.agenteimmobiliare.info/d-video.js?b=31

104.21.96.1

200 OK

94 kB

URL GET
video.agenteimmobiliare.info/d-video.js?b=31
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://crypto-fire.website/mine/partner/sofiahalbof
Certificate
IssuerGoogle Trust Services
Subjectagenteimmobiliare.info
Fingerprint65:CE:B5:B3:06:6A:E6:66:55:C1:49:E1:0A:97:6C:C4:F2:DA:85:50
ValiditySat, 08 Mar 2025 10:05:37 GMT - Fri, 06 Jun 2025 11:03:43 GMT

File type

Size
94 kB (94446 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /d-video.js?b=31 HTTP/1.1
Host: video.agenteimmobiliare.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crypto-fire.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 26 Mar 2025 16:42:19 GMT
content-type: application/javascript
last-modified: Thu, 06 Jun 2024 11:01:00 GMT
etag: W/"666196ec-170ee"
age: 2979
cache-control: max-age=14400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b4Ty3eBCkXdThvxv2j2U9rsLy2n31Y8s3zwKL2lsEmqY9bM3PGvmPIXdYTEuVbVOZ6HWk7cKx3l1VTJ5P7FNhbMHP4c60ZPm6TNy82b7VLXnsu6Vj9RtA%2B2nniuRh7sej9SKWUd4gqINFra6UhJC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 926819c15a9dfeb5-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19945&min_rtt=19850&rtt_var=3309&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3251&recv_bytes=1132&delivery_rate=218335&cwnd=255&unsent_bytes=0&cid=2305179e6e61d397&ts=56&x=0"
X-Firefox-Spdy: h2

cryptocoinsad.com/banner/ads_banner/29494.gif

104.21.32.1

200 OK

480 kB

URL GET
cryptocoinsad.com/banner/ads_banner/29494.gif
IP
104.21.32.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cryptocoinsad.com/ads/show.php?a=253469&b=398008
Certificate
IssuerGoogle Trust Services
Subjectcryptocoinsad.com
Fingerprint49:43:C9:E1:A7:26:72:FE:F8:54:F0:1A:87:11:ED:89:1D:78:F1:5C
ValidityThu, 13 Feb 2025 16:47:34 GMT - Wed, 14 May 2025 17:46:15 GMT

File type
GIF image data, version 89a, 728 x 90
Size
480 kB (480497 bytes)
Hash
33e3b07cdc9295aa1eaab759258abeba
d6eb08b69a2822bb016e86e5e2986a2081673422
71546e6f9f1a9f45c702bba500fd519f3cdf6112e85045ac77fa69b38e248545

HTTP Headers

GET /banner/ads_banner/29494.gif HTTP/1.1
Host: cryptocoinsad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptocoinsad.com/ads/show.php?a=253469&b=398008
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 16:42:20 GMT
content-type: image/gif
content-length: 480497
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zV5Uj3MZSxyfTwAYw7gDl1jb4CCiSYgRQ8jdDi3fYanllMhj8sNJIkO3bP23hQMZ09rZf8gufMHHOcxsm%2F37Qxvf%2F5f3KtRrZNVVv3CF%2FTWgQV%2BQTIbk%2BCkmIX2tURfpk48bSA%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Mon, 24 Mar 2025 10:11:47 GMT
etag: "67e12fe3-754f1"
cache-control: max-age=10800
cf-cache-status: HIT
age: 4906
accept-ranges: bytes
cf-ray: 926819c69f7dfeb8-AMS
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

cryptocoinsad.com/ads/show.php?a=253469&b=398008

104.21.32.1

200 OK

2.3 kB

URL GET
cryptocoinsad.com/ads/show.php?a=253469&b=398008
IP
104.21.32.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://free-btc.org/banner/u=sofiahalbof/size=728x90
Certificate
IssuerGoogle Trust Services
Subjectcryptocoinsad.com
Fingerprint49:43:C9:E1:A7:26:72:FE:F8:54:F0:1A:87:11:ED:89:1D:78:F1:5C
ValidityThu, 13 Feb 2025 16:47:34 GMT - Wed, 14 May 2025 17:46:15 GMT

File type
HTML document, ASCII text, with very long lines (2469), with no line terminators
Size
2.3 kB (2251 bytes)
Hash
6197257a660278a1191d3658bc8042f3
9e42c594ff1e1f97000cf944211d06065ed319c0
97595b0f4a726d97d90df3a91599a72a29110dff71e9b3f9e96286aa7e5ac461

HTTP Headers

GET /ads/show.php?a=253469&b=398008 HTTP/1.1
Host: cryptocoinsad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://free-btc.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 16:42:20 GMT
content-type: text/html; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zul3W0Z2ozmxVg%2BdxLO6di99DzAYQyNpFVoe58sAwVgWK4wWKdJwHSBBqBtKTme0mOu2i7BM%2F6bDNQ0Qd%2FB8Gu8laaW0uwbP8sNr0fDWnN697aU9IrRHVe3aHCrndU0v51XuvA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-powered-by: PHP/7.2.24-0ubuntu0.18.04.17
set-cookie: i_281883398008=1; expires=Wed, 26-Mar-2025 16:52:20 GMT; Max-Age=600
vary: Accept-Encoding
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 926819c55f3cfeb8-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400

free-btc.org/files/js/jquery.min.js

185.216.13.18

200 OK

90 kB

URL GET
free-btc.org/files/js/jquery.min.js
IP
185.216.13.18:443
ASN
#44477 Stark Industries Solutions Ltd

Requested by
https://free-btc.org/banner/u=sofiahalbof/size=728x90
Certificate
IssuerLet's Encrypt
Subjectfree-btc.org
FingerprintE5:92:9D:AC:C0:58:BC:5E:7E:65:E8:0C:DB:D7:50:0F:8C:F0:89:28
ValiditySun, 09 Feb 2025 01:08:42 GMT - Sat, 10 May 2025 01:08:41 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /files/js/jquery.min.js HTTP/1.1
Host: free-btc.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://free-btc.org/banner/u=sofiahalbof/size=728x90
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 26 Mar 2025 16:42:20 GMT
Content-Type: application/javascript
Last-Modified: Mon, 20 Dec 2021 12:24:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"61c07618-15d9d"
Expires: Thu, 27 Mar 2025 16:42:20 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

ads-bitcoin.com/app/advertiser/uploads/1742813815.png

172.67.209.12

200 OK

33 kB

URL GET
ads-bitcoin.com/app/advertiser/uploads/1742813815.png
IP
172.67.209.12:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ads-bitcoin.com/app/codes/banner?rcd=OTQ1
Certificate
IssuerGoogle Trust Services
Subjectads-bitcoin.com
Fingerprint48:B8:56:89:92:DF:B6:62:58:4D:AD:2C:A8:1A:E5:7B:BB:39:FA:F7
ValidityWed, 26 Feb 2025 12:23:53 GMT - Tue, 27 May 2025 13:21:31 GMT

File type
PNG image data, 300 x 228, 8-bit/color RGBA, non-interlaced
Size
33 kB (32787 bytes)
Hash
81de39c872d4d2b8416d5385bd3e5426
bb6a641ca8f25d6c3df30b7dbbc4c6b196244f74
790f1c6dbb1a9bcbe8810895a7d313434e0f7d1e7d94332c4b8add0eaad87d66

HTTP Headers

GET /app/advertiser/uploads/1742813815.png HTTP/1.1
Host: ads-bitcoin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ads-bitcoin.com/app/codes/banner?rcd=OTQ1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 16:42:20 GMT
content-type: image/png
content-length: 32787
last-modified: Mon, 24 Mar 2025 10:56:55 GMT
etag: "8013-63114765b227c"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5416
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=00RyBpfY2kbX5UaMJlPX9g8iZciMyOQUHDvlWBFF6E7pIco266jHUohW0GAUTTu7a5DtATc35VfI%2BhG4EA3L9t4JrKUO5Nf29MqQFFndvHEfVsj7i%2B0n6xLgYi7y5nKUVv4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 926819c88d04fffb-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=23847&min_rtt=21797&rtt_var=9638&sent=11&recv=6&lost=0&retrans=0&sent_bytes=4052&recv_bytes=1400&delivery_rate=27250&cwnd=12000&unsent_bytes=0&cid=106fc78207eebf80&ts=113&x=1", cfExtPri, cfHdrFlush;dur=0

104.21.96.1

200 OK

42 B

URL GET
video.agenteimmobiliare.info/api/video/tag?sourceId=56813&tmax=500&video-skipafter=5&count=3&tagId=je1ot46culf4u6xn&site-domain=free-btc.org&site-page=https%3A%2F%2Ffree-btc.org%2Fbanner%2Fu%3Dsofiahalbof%2Fsize%3D728x90&repeat=1
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://imasdk.googleapis.com/js/core/bridge3.689.6_en.html?gdpr=1#fid=goog_1132152853
Certificate
IssuerGoogle Trust Services
Subjectagenteimmobiliare.info
Fingerprint65:CE:B5:B3:06:6A:E6:66:55:C1:49:E1:0A:97:6C:C4:F2:DA:85:50
ValiditySat, 08 Mar 2025 10:05:37 GMT - Fri, 06 Jun 2025 11:03:43 GMT

File type
XML document, ASCII text, with no line terminators
Size
42 B (42 bytes)
Hash
f29fa95ad87f485f7035607dff300612
1ee041a8d8f667faf817150e7734bafe4d9d2665
1a500fd1728cc042f8211bf64027389d98b86df9253945cb7efc95f54f8e8b44

HTTP Headers

GET /api/video/tag?sourceId=56813&tmax=500&video-skipafter=5&count=3&tagId=je1ot46culf4u6xn&site-domain=free-btc.org&site-page=https%3A%2F%2Ffree-btc.org%2Fbanner%2Fu%3Dsofiahalbof%2Fsize%3D728x90&repeat=1 HTTP/1.1
Host: video.agenteimmobiliare.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
DNT: 1
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 16:42:21 GMT
content-type: application/xml; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RZDxitKMJvnxPQvm7MNzYfx01rsMuqWby6V9CoX6bAaEJiZ7YbbRGH%2BjNC2%2B6oBBNBCTxP5xbyYIIO03X5YmHeP4Zhm1tNk1X6ULem3fg8GrCR5TA4c07Zw9977O5X%2BqPG0n2c0pPWpvD0%2FxwyCA"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://imasdk.googleapis.com
vary: -: Origin
access-control-allow-headers: Content-type
access-control-expose-headers: *
access-control-allow-credentials: true
set-cookie: d-vi-u-uni=811d9c3f940f9f397022db6df4758970a%3A2%3A%7Bi%3A0%3Bs%3A10%3A%22d-vi-u-uni%22%3Bi%3A1%3Bs%3A2%3A%22no%22%3B%7D; expires=Thu, 27-Mar-2025 16:42:21 GMT; Max-Age=86400; path=/; HttpOnly; SameSite=None
d-vi-u-id=614e1f817d64ecb698e6d01b1d9eb5fda%3A2%3A%7Bi%3A0%3Bs%3A9%3A%22d-vi-u-id%22%3Bi%3A1%3Bs%3A33%3A%22d51df7e4809ba95609f57f3dac95474df%22%3B%7D; expires=Mon, 25-Mar-2030 16:42:21 GMT; Max-Age=157680000; path=/; HttpOnly; SameSite=None
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 926819cb293affef-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400

12ft.io/https://sofiahalbofanimeworld.blogspot.com/search/label/verytenoi

5.161.99.118

302 Found

14 kB

URL User Request GET
12ft.io/https://sofiahalbofanimeworld.blogspot.com/search/label/verytenoi
IP
5.161.99.118:443
ASN
#213230 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subject12ft.io
FingerprintAD:7C:C1:75:CB:23:74:A6:DD:98:37:17:0C:29:0F:F4:E4:B8:40:BB
ValiditySat, 22 Mar 2025 08:13:57 GMT - Fri, 20 Jun 2025 08:13:56 GMT

File type

Size
14 kB (14075 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /https://sofiahalbofanimeworld.blogspot.com/search/label/verytenoi HTTP/1.1
Host: 12ft.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 26 Mar 2025 16:42:18 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 132
Connection: keep-alive
vary: accept-encoding
content-encoding: gzip
cache-control: max-age=0, private, must-revalidate
x-request-id: GDBn8He-ow8jbRcAZv7h
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
location: /proxy?q=https://sofiahalbofanimeworld.blogspot.com/search/label/verytenoi

resources.blogblog.com/img/icon18_edit_allbkg.gif

172.217.21.169

200 OK

162 B

URL GET
resources.blogblog.com/img/icon18_edit_allbkg.gif
IP
172.217.21.169:443
ASN
#15169 GOOGLE

Requested by
https://12ft.io/api/proxy?q=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2Fsearch%2Flabel%2Fverytenoi
Certificate
IssuerGoogle Trust Services
Subject*.blogger.com
Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79
ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT

File type
GIF image data, version 89a, 18 x 18
Size
162 B (162 bytes)
Hash
c991641178ff05adf0d004298b5eafa9
d8f6ce8ecd92b86d49849360f6b81ceb10b4c941
ca9848e6006cfec8f9ffa29433ade8152204bdb95579200831c6dc0f53dff70b

HTTP Headers

GET /img/icon18_edit_allbkg.gif HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12ft.io/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 162
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 09:15:36 GMT
expires: Thu, 27 Mar 2025 09:15:36 GMT
cache-control: public, max-age=604800
last-modified: Wed, 19 Mar 2025 13:55:49 GMT
content-type: image/gif
age: 545203
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

12ft.io/api/proxy?q=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2Fsearch%2Flabel%2Fverytenoi

5.161.99.118

200 OK

49 kB

URL GET
12ft.io/api/proxy?q=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2Fsearch%2Flabel%2Fverytenoi
IP
5.161.99.118:443
ASN
#213230 Hetzner Online GmbH

Requested by
https://12ft.io/proxy?q=https://sofiahalbofanimeworld.blogspot.com/search/label/verytenoi
Certificate
IssuerLet's Encrypt
Subject12ft.io
FingerprintAD:7C:C1:75:CB:23:74:A6:DD:98:37:17:0C:29:0F:F4:E4:B8:40:BB
ValiditySat, 22 Mar 2025 08:13:57 GMT - Fri, 20 Jun 2025 08:13:56 GMT

File type

Size
49 kB (48987 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /api/proxy?q=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2Fsearch%2Flabel%2Fverytenoi HTTP/1.1
Host: 12ft.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12ft.io/proxy
DNT: 1
Connection: keep-alive
Cookie: _twelvefoot_key=SFMyNTY.g3QAAAABbQAAAAtfY3NyZl90b2tlbm0AAAAYajdQUlMyWUU0VFR4VFFpWFVqUGZ4ZHR2.-2tvtXeRUjmcqo-U7FggLJ0oh6L5OWWBEWpRyn9jXsQ
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 26 Mar 2025 16:42:19 GMT
Content-Type: text/html
Content-Length: 10051
Connection: keep-alive
vary: accept-encoding
content-encoding: gzip
cache-control: s-maxage=86400
x-request-id: GDBn8J1pvmPW1o8AXNuj
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none

traffic2bitcoin.com/ptp.php?ref=sofiahalbof&sitetype=1

162.0.208.108

200 OK

2.3 kB

URL GET
traffic2bitcoin.com/ptp.php?ref=sofiahalbof&sitetype=1
IP
162.0.208.108:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://12ft.io/api/proxy?q=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2Fsearch%2Flabel%2Fverytenoi
Certificate
IssuerLet's Encrypt
Subjecttraffic2bitcoin.com
FingerprintE4:6A:D3:99:30:13:FC:86:CF:5E:5E:80:7E:D9:52:CB:F5:E1:D0:4F
ValiditySun, 23 Mar 2025 09:58:46 GMT - Sat, 21 Jun 2025 09:58:45 GMT

File type
HTML document, ASCII text, with very long lines (2430), with no line terminators
Size
2.3 kB (2305 bytes)
Hash
8728d847be6229a005cf03bb39a0f2a1
976f0d8ca878c1309f224562c7ca078e797a9114
9704d334eee98d1bfa43816282b36d1d9a6e533cca9d048185176ff5a2f1f4f9

HTTP Headers

GET /ptp.php?ref=sofiahalbof&sitetype=1 HTTP/1.1
Host: traffic2bitcoin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12ft.io/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 26 Mar 2025 16:42:19 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 954
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ads-bitcoin.com/app/codes/banner?rcd=OTQ1

172.67.209.12

200 OK

3.2 kB

URL GET
ads-bitcoin.com/app/codes/banner?rcd=OTQ1
IP
172.67.209.12:443
ASN
#13335 CLOUDFLARENET

Requested by
https://12ft.io/api/proxy?q=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2Fsearch%2Flabel%2Fverytenoi
Certificate
IssuerGoogle Trust Services
Subjectads-bitcoin.com
Fingerprint48:B8:56:89:92:DF:B6:62:58:4D:AD:2C:A8:1A:E5:7B:BB:39:FA:F7
ValidityWed, 26 Feb 2025 12:23:53 GMT - Tue, 27 May 2025 13:21:31 GMT

File type
HTML document, ASCII text, with very long lines (3394), with no line terminators
Size
3.2 kB (3248 bytes)
Hash
b5d2aeaca3526a7c5a7307874dcda34c
9dc647f66ac922f0ef80096a579a28ea76782ead
5c3ab5a39e6622bc8e48ae799a44b873ce2445d532b2fc7d0a523fd85148c065

HTTP Headers

GET /app/codes/banner?rcd=OTQ1 HTTP/1.1
Host: ads-bitcoin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12ft.io/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 26 Mar 2025 16:42:20 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PROADS=593unkmvc1cfskuj6flb9gv1kj; path=/
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hcAoVszuUXZXIcc98GSQGg%2BRam8VG5g2MWIyF5CAHi5DP7fiarrKsThCosvSIvahXtz1gfX76kVkyHqBDt7%2Bv%2BLtGjQYUbJqYxGPFjNJMtMCzdTIqFJHTXgdXSB8UC%2FX7uo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 926819bf1e71fea2-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=25055&min_rtt=19794&rtt_var=12826&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3281&recv_bytes=1285&delivery_rate=217973&cwnd=195&unsent_bytes=0&cid=f8e75673a40966fd&ts=1424&x=0"
X-Firefox-Spdy: h2

www.blogger.com/img/share_buttons_20_3.png

172.217.21.169

200 OK

5.1 kB

URL GET
www.blogger.com/img/share_buttons_20_3.png
IP
172.217.21.169:443
ASN
#15169 GOOGLE

Requested by
https://12ft.io/api/proxy?q=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2Fsearch%2Flabel%2Fverytenoi
Certificate
IssuerGoogle Trust Services
Subject*.blogger.com
Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79
ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT

File type
PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced
Size
5.1 kB (5080 bytes)
Hash
ad9999106d5f550920b586e8e1704e5a
93fd02c51166402a41f96509cd0ca3fb917877dd
3829a5b2ade7cfc416c80b8f3df71e49e68672875f025d525223978f5cee3fd3

HTTP Headers

GET /img/share_buttons_20_3.png HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.blogger.com/static/v1/widgets/3566091532-css_bundle_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 5080
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 09:23:19 GMT
expires: Thu, 27 Mar 2025 09:23:19 GMT
cache-control: public, max-age=604800
last-modified: Thu, 20 Mar 2025 08:53:18 GMT
content-type: image/png
age: 544740
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cryptocoinsad.com/ads/show.php?a=252942&b=398013

104.21.32.1

200 OK

2.3 kB

URL GET
cryptocoinsad.com/ads/show.php?a=252942&b=398013
IP
104.21.32.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://crypto-fire.website/mine/partner/sofiahalbof
Certificate
IssuerGoogle Trust Services
Subjectcryptocoinsad.com
Fingerprint49:43:C9:E1:A7:26:72:FE:F8:54:F0:1A:87:11:ED:89:1D:78:F1:5C
ValidityThu, 13 Feb 2025 16:47:34 GMT - Wed, 14 May 2025 17:46:15 GMT

File type
HTML document, ASCII text, with very long lines (2469), with no line terminators
Size
2.3 kB (2251 bytes)
Hash
c212971847037d7f6dc6f07de5010dd2
dfcb2475d86cb59c968c05c56513b66b6df0783b
3a4d4bae22f5ac1f380867bf1a2f84ae7720ef49a97a113d89eba5ad2fc1ce22

HTTP Headers

GET /ads/show.php?a=252942&b=398013 HTTP/1.1
Host: cryptocoinsad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crypto-fire.website/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 26 Mar 2025 16:42:19 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.24-0ubuntu0.18.04.17
set-cookie: i_281888398013=1; expires=Wed, 26-Mar-2025 16:52:19 GMT; Max-Age=600
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BzUGUAxM9AoJkdXJqTTeUndAa1kRp9TTC6L0qEZAVTZ9heJsGWywlbsyY7qRvw9qDfj19w7A5u36OgKlx3zoa2H%2BUaun6g0VSByNAu16nTIobDIiTbizGz%2BemABNni7Bfo1M4A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 926819c1584efea4-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=25326&min_rtt=19774&rtt_var=13384&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3216&recv_bytes=1169&delivery_rate=217134&cwnd=227&unsent_bytes=0&cid=09fcb287b407bcaf&ts=181&x=0"
X-Firefox-Spdy: h2

traffic2bitcoin.com/qlt.php?ref=sofiahalbof&keycode=8419&type=

162.0.208.108

200 OK

0 B

URL GET
traffic2bitcoin.com/qlt.php?ref=sofiahalbof&keycode=8419&type=
IP
162.0.208.108:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://traffic2bitcoin.com/ptp.php?ref=sofiahalbof&sitetype=1
Certificate
IssuerLet's Encrypt
Subjecttraffic2bitcoin.com
FingerprintE4:6A:D3:99:30:13:FC:86:CF:5E:5E:80:7E:D9:52:CB:F5:E1:D0:4F
ValiditySun, 23 Mar 2025 09:58:46 GMT - Sat, 21 Jun 2025 09:58:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /qlt.php?ref=sofiahalbof&keycode=8419&type= HTTP/1.1
Host: traffic2bitcoin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://traffic2bitcoin.com/ptp.php?ref=sofiahalbof&sitetype=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 26 Mar 2025 16:42:19 GMT
Server: Apache
Vary: User-Agent
Content-Length: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

cryptocoinsad.com/ads/show/img/icon.png

104.21.32.1

200 OK

3.3 kB

URL GET
cryptocoinsad.com/ads/show/img/icon.png
IP
104.21.32.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cryptocoinsad.com/ads/show.php?a=252942&b=398013
Certificate
IssuerGoogle Trust Services
Subjectcryptocoinsad.com
Fingerprint49:43:C9:E1:A7:26:72:FE:F8:54:F0:1A:87:11:ED:89:1D:78:F1:5C
ValidityThu, 13 Feb 2025 16:47:34 GMT - Wed, 14 May 2025 17:46:15 GMT

File type
PNG image data, 435 x 435, 8-bit/color RGBA, non-interlaced
Size
3.3 kB (3309 bytes)
Hash
865296d690eff9da3a1bb21590faa79b
50fd13c32e6f6f0b5aa444c921c6241fcb41b5b3
b14ef09e5d084f7cb785998d54d37e486619c9b9527e72776a7c9d2b7e85c828

HTTP Headers

GET /ads/show/img/icon.png HTTP/1.1
Host: cryptocoinsad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptocoinsad.com/ads/show.php?a=252942&b=398013
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 16:42:20 GMT
content-type: image/png
content-length: 3309
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kUkYiEJVfJt3uESj4AseH3UNDjpdEnBDj%2BrZ0pZsIsYjyIp5eeu1Rv2H9%2BjbJthyij3vuFXFRro%2FWLuf%2FRtX7B7K%2FJT2NuRyEJtTD1zfSBC5BIrJ2dDhFQ%2Fi8n7HyCsSdqzbug%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 29 Jan 2022 11:54:52 GMT
etag: "61f52b0c-ced"
cache-control: max-age=10800
cf-cache-status: HIT
age: 386
accept-ranges: bytes
cf-ray: 926819c42ef7feb8-AMS
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=G-BLV8VETPEP

142.250.74.136

200 OK

342 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-BLV8VETPEP
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://12ft.io/proxy?q=https://sofiahalbofanimeworld.blogspot.com/search/label/verytenoi
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint16:BA:A3:B5:22:51:BB:87:46:7F:17:3F:9D:14:B3:35:F0:FE:B1:8D
ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT

File type
JavaScript source, ASCII text, with very long lines (5436)
Size
342 kB (341830 bytes)
Hash
f3c66253a4fd47b8c17d79ff473ac054
5b151071aadda2e64f422a77c8f88a296fada6c8
59daa38f67ec0d53300c187430f556d690b933c456e82e8cbde85aa778e544a2

HTTP Headers

GET /gtag/js?id=G-BLV8VETPEP HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12ft.io/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 26 Mar 2025 16:42:18 GMT
expires: Wed, 26 Mar 2025 16:42:18 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1020:0
report-to: {"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
server: Google Tag Manager
content-length: 117487
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

free-btc.org/banner/u=sofiahalbof/size=728x90

185.216.13.18

200 OK

4.4 kB

URL GET
free-btc.org/banner/u=sofiahalbof/size=728x90
IP
185.216.13.18:443
ASN
#44477 Stark Industries Solutions Ltd

Requested by
https://12ft.io/api/proxy?q=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2Fsearch%2Flabel%2Fverytenoi
Certificate
IssuerLet's Encrypt
Subjectfree-btc.org
FingerprintE5:92:9D:AC:C0:58:BC:5E:7E:65:E8:0C:DB:D7:50:0F:8C:F0:89:28
ValiditySun, 09 Feb 2025 01:08:42 GMT - Sat, 10 May 2025 01:08:41 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (4536), with no line terminators
Size
4.4 kB (4430 bytes)
Hash
13ab9983bf518e3f80fb7512d3986fba
5384017543f7218ed8ca63e105888fc3efcabc31
b5da57d5245c47a9625a7b5f3a36ddf2ea288851f4c918f6a7702a386eada9a0

HTTP Headers

GET /banner/u=sofiahalbof/size=728x90 HTTP/1.1
Host: free-btc.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12ft.io/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 26 Mar 2025 16:42:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=f895a6244db6fe7a429ecad74c954eb0; path=/
Vary: Accept-Encoding
Content-Encoding: gzip

crypto-fire.website/mine/partner/sofiahalbof

5.180.55.119

200 OK

1.2 kB

URL GET
crypto-fire.website/mine/partner/sofiahalbof
IP
5.180.55.119:443
ASN
#44477 Stark Industries Solutions Ltd

Requested by
https://12ft.io/api/proxy?q=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2Fsearch%2Flabel%2Fverytenoi
Certificate
IssuerLet's Encrypt
Subjectcrypto-fire.website
Fingerprint2F:1F:71:10:96:57:5E:F5:3C:7F:20:3D:14:2F:8F:43:8B:09:DC:2C
ValidityTue, 11 Feb 2025 01:18:42 GMT - Mon, 12 May 2025 01:18:41 GMT

File type
JavaScript source, ASCII text, with very long lines (1292), with no line terminators
Size
1.2 kB (1183 bytes)
Hash
a55e9eca15ab2384381a2e3d5f72d6f0
661d90eccf738247a2b35d138040f785424651bb
92b3483784c8e49ae3dbdb196b9a9960ae7c9b69c9fbeffc8b0840e93bcc8b9b

HTTP Headers

GET /mine/partner/sofiahalbof HTTP/1.1
Host: crypto-fire.website
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12ft.io/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 26 Mar 2025 16:42:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=657c77ec7669b9f864de2d1f5ca482fe; path=/
login=0; expires=Wed, 26-Mar-2025 17:42:19 GMT; Max-Age=3600; path=/; domain=crypto-fire.website
login=89bf6c90a31fa31f; expires=Sat, 21-Mar-2026 16:42:19 GMT; Max-Age=31104000; path=/; domain=crypto-fire.website
Vary: Accept-Encoding
Content-Encoding: gzip

imasdk.googleapis.com/js/core/bridge3.689.6_en.html?gdpr=1#fid=goog_1132152853

142.250.74.42

200 OK

838 kB

URL GET
imasdk.googleapis.com/js/core/bridge3.689.6_en.html?gdpr=1#fid=goog_1132152853
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://free-btc.org/banner/u=sofiahalbof/size=728x90
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint69:99:38:F9:7C:82:8E:AC:7D:DA:EA:3E:1C:E4:7F:52:1B:36:41:AA
ValidityMon, 10 Mar 2025 08:37:02 GMT - Mon, 02 Jun 2025 08:37:01 GMT

File type
HTML document, ASCII text, with very long lines (48645)
Size
838 kB (838352 bytes)
Hash
9bea88a905eb3314af41d750b7764338
435e23191ad2d170e904acc5def614e1349f3656
dba913de46e9892f29bae4a359f42056091986056070d00515d755abdd5c29ee

HTTP Headers

GET /js/core/bridge3.689.6_en.html?gdpr=1 HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://free-btc.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 264287
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Mar 2025 21:06:38 GMT
expires: Thu, 19 Mar 2026 21:06:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 19 Mar 2025 19:03:47 GMT
content-type: text/html
vary: Accept-Encoding
age: 588942
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ad2bitcoin.com/ad.php?ref=sofiahalbof&width=300

162.0.208.108

200 OK

2.5 kB

URL GET
ad2bitcoin.com/ad.php?ref=sofiahalbof&width=300
IP
162.0.208.108:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://12ft.io/api/proxy?q=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2Fsearch%2Flabel%2Fverytenoi
Certificate
IssuerLet's Encrypt
Subjectwww.ad2bitcoin.com.traffic2bitcoin.com
FingerprintEA:A9:21:E3:84:C6:CC:03:54:85:63:79:BD:54:DD:C9:F1:A9:17:93
ValidityThu, 20 Feb 2025 00:58:38 GMT - Wed, 21 May 2025 00:58:37 GMT

File type
JavaScript source, ASCII text, with very long lines (2548), with no line terminators
Size
2.5 kB (2466 bytes)
Hash
7398f0da4db51a05cdd8545d425af259
94fb74a783ae705164b438c7b8d0992fab4c7d6c
59487a02f816f9d931c49e4759927fdc3f3cf6510ddcafaaf49715e9a1ef4931

HTTP Headers

GET /ad.php?ref=sofiahalbof&width=300 HTTP/1.1
Host: ad2bitcoin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12ft.io/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 26 Mar 2025 16:42:19 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 1537
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

csi.gstatic.com/csi?v=2&s=ima&puid=1~m8q5kfj6&c=107594791402&slotId=53797395701&eee=missing-element&bi=missing-id&vast_v=3.0&lima_p_ich=0&lima_p_icu=0

142.250.181.131

204 No Content

0 B

URL POST
csi.gstatic.com/csi?v=2&s=ima&puid=1~m8q5kfj6&c=107594791402&slotId=53797395701&eee=missing-element&bi=missing-id&vast_v=3.0&lima_p_ich=0&lima_p_icu=0
IP
142.250.181.131:443
ASN
#15169 GOOGLE

Requested by
https://imasdk.googleapis.com/js/core/bridge3.689.6_en.html?gdpr=1#fid=goog_29898449
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B
ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /csi?v=2&s=ima&puid=1~m8q5kfj6&c=107594791402&slotId=53797395701&eee=missing-element&bi=missing-id&vast_v=3.0&lima_p_ich=0&lima_p_icu=0 HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
DNT: 1
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: *
date: Wed, 26 Mar 2025 16:42:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgcc:41:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgcc:41:0
report-to: {"group":"ascnsrsgcc:41:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgcc:41:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

csi.gstatic.com/csi?v=2&s=ima&puid=2~m8q5kfw9&c=107594791402&slotId=53797395701&ghmsh_eids=95322027%2C95326337%2C95331589%2C95332046%2C95353658

142.250.181.131

204 No Content

0 B

URL POST
csi.gstatic.com/csi?v=2&s=ima&puid=2~m8q5kfw9&c=107594791402&slotId=53797395701&ghmsh_eids=95322027%2C95326337%2C95331589%2C95332046%2C95353658
IP
142.250.181.131:443
ASN
#15169 GOOGLE

Requested by
https://imasdk.googleapis.com/js/core/bridge3.689.6_en.html?gdpr=1#fid=goog_29898449
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B
ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /csi?v=2&s=ima&puid=2~m8q5kfw9&c=107594791402&slotId=53797395701&ghmsh_eids=95322027%2C95326337%2C95331589%2C95332046%2C95353658 HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
DNT: 1
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: *
date: Wed, 26 Mar 2025 16:42:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgcc:41:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgcc:41:0
report-to: {"group":"ascnsrsgcc:41:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgcc:41:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

12ft.io/assets/app-9a2b651859a7f63b4a1fda01ae1ac5f3.css?vsn=d

5.161.99.118

200 OK

45 kB

URL GET
12ft.io/assets/app-9a2b651859a7f63b4a1fda01ae1ac5f3.css?vsn=d
IP
5.161.99.118:443
ASN
#213230 Hetzner Online GmbH

Requested by
https://12ft.io/proxy?q=https://sofiahalbofanimeworld.blogspot.com/search/label/verytenoi
Certificate
IssuerLet's Encrypt
Subject12ft.io
FingerprintAD:7C:C1:75:CB:23:74:A6:DD:98:37:17:0C:29:0F:F4:E4:B8:40:BB
ValiditySat, 22 Mar 2025 08:13:57 GMT - Fri, 20 Jun 2025 08:13:56 GMT

File type
ASCII text, with very long lines (44610), with no line terminators
Size
45 kB (44610 bytes)
Hash
9a2b651859a7f63b4a1fda01ae1ac5f3
a75b0adf0df1d9f9d10967fdabfce36c55ea2c9b
778e7c79d6f8750a7bead7fa3ded08c7331ebbc9c48a8c07fcfde7f718050458

HTTP Headers

GET /assets/app-9a2b651859a7f63b4a1fda01ae1ac5f3.css?vsn=d HTTP/1.1
Host: 12ft.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12ft.io/proxy?q=https://sofiahalbofanimeworld.blogspot.com/search/label/verytenoi
DNT: 1
Connection: keep-alive
Cookie: _twelvefoot_key=SFMyNTY.g3QAAAABbQAAAAtfY3NyZl90b2tlbm0AAAAYajdQUlMyWUU0VFR4VFFpWFVqUGZ4ZHR2.-2tvtXeRUjmcqo-U7FggLJ0oh6L5OWWBEWpRyn9jXsQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 26 Mar 2025 16:42:18 GMT
Content-Type: text/css
Content-Length: 8348
Connection: keep-alive
vary: Accept-Encoding
cache-control: public, max-age=31536000
accept-ranges: bytes
content-encoding: gzip

cryptocoinsad.com/banner/ads_banner/26808.png

104.21.32.1

200 OK

96 kB

URL GET
cryptocoinsad.com/banner/ads_banner/26808.png
IP
104.21.32.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://traffic2bitcoin.com/ptp.php?ref=sofiahalbof&sitetype=1
Certificate
IssuerGoogle Trust Services
Subjectcryptocoinsad.com
Fingerprint49:43:C9:E1:A7:26:72:FE:F8:54:F0:1A:87:11:ED:89:1D:78:F1:5C
ValidityThu, 13 Feb 2025 16:47:34 GMT - Wed, 14 May 2025 17:46:15 GMT

File type
PNG image data, 728 x 90, 8-bit/color RGB, non-interlaced
Size
96 kB (95524 bytes)
Hash
cd5574f378c32c035a610175f21167a3
8010950ce0d3efe9326de4d3cf7f3694f366a118
114ce79e036b95d2e5554e584a7eae34bb536052f58fb4f384c5cf98096a1874

HTTP Headers

GET /banner/ads_banner/26808.png HTTP/1.1
Host: cryptocoinsad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://traffic2bitcoin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 26 Mar 2025 16:42:19 GMT
content-type: image/png
content-length: 95524
last-modified: Thu, 31 Aug 2023 15:30:24 GMT
etag: "64f0b210-17524"
accept-ranges: bytes
age: 3069
cache-control: max-age=10800
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2FEfnI2RPNfG2cibOB%2BcGAAjDFcEZSC%2FOIAnbi44ixDx1%2BFH2V5IvqOnnHe6Qaii94slD9XOrUOSx0UIrxPJd7r7fgWIcnQqvUQYEqekQPbIBesgmJsI2hGufWrHbXaDrtmrFg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 926819c24aa4fea4-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=23516&min_rtt=19774&rtt_var=8370&sent=57&recv=16&lost=0&retrans=0&sent_bytes=68300&recv_bytes=1398&delivery_rate=218236&cwnd=230&unsent_bytes=31856&cid=09fcb287b407bcaf&ts=203&x=0"
X-Firefox-Spdy: h2

104.21.96.1

200 OK

42 B

URL GET
video.agenteimmobiliare.info/api/video/tag?sourceId=56816&tmax=500&video-skipafter=5&count=3&tagId=u9ulkyimw6ahxd3m&site-domain=crypto-fire.website&site-page=https%3A%2F%2Fcrypto-fire.website%2Fmine%2Fpartner%2Fsofiahalbof&repeat=1
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://imasdk.googleapis.com/js/core/bridge3.689.6_en.html?gdpr=1#fid=goog_29898449
Certificate
IssuerGoogle Trust Services
Subjectagenteimmobiliare.info
Fingerprint65:CE:B5:B3:06:6A:E6:66:55:C1:49:E1:0A:97:6C:C4:F2:DA:85:50
ValiditySat, 08 Mar 2025 10:05:37 GMT - Fri, 06 Jun 2025 11:03:43 GMT

File type
XML document, ASCII text, with no line terminators
Size
42 B (42 bytes)
Hash
f29fa95ad87f485f7035607dff300612
1ee041a8d8f667faf817150e7734bafe4d9d2665
1a500fd1728cc042f8211bf64027389d98b86df9253945cb7efc95f54f8e8b44

HTTP Headers

GET /api/video/tag?sourceId=56816&tmax=500&video-skipafter=5&count=3&tagId=u9ulkyimw6ahxd3m&site-domain=crypto-fire.website&site-page=https%3A%2F%2Fcrypto-fire.website%2Fmine%2Fpartner%2Fsofiahalbof&repeat=1 HTTP/1.1
Host: video.agenteimmobiliare.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
DNT: 1
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 16:42:21 GMT
content-type: application/xml; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YT3Eipx%2BeKRtvxZpxDxvvX6PZzYdzDvQKAdaKZ%2FBe87kHWIxuem59e0gqLitD0hlY4qlcB8nwUkvMb9ba1GTQnChWHfr2eR2lzaNf1rekoMo2abGP5bHDiLtjixPmFM3D4rUID4ACG3cTy%2B%2BWzte"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://imasdk.googleapis.com
vary: -: Origin
access-control-allow-headers: Content-type
access-control-expose-headers: *
access-control-allow-credentials: true
set-cookie: d-vi-u-uni=811d9c3f940f9f397022db6df4758970a%3A2%3A%7Bi%3A0%3Bs%3A10%3A%22d-vi-u-uni%22%3Bi%3A1%3Bs%3A2%3A%22no%22%3B%7D; expires=Thu, 27 Mar 2025 16:42:21 GMT; Max-Age=86400; path=/; HttpOnly; SameSite=None
d-vi-u-id=614e1f817d64ecb698e6d01b1d9eb5fda%3A2%3A%7Bi%3A0%3Bs%3A9%3A%22d-vi-u-id%22%3Bi%3A1%3Bs%3A33%3A%22d51df7e4809ba95609f57f3dac95474df%22%3B%7D; expires=Mon, 25 Mar 2030 16:42:21 GMT; Max-Age=157680000; path=/; HttpOnly; SameSite=None
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 926819caa908ffef-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400

104.21.96.1

200 OK

42 B

URL GET
video.agenteimmobiliare.info/api/video/tag?sourceId=56816&tmax=500&video-skipafter=5&count=3&tagId=u9ulkyimw6ahxd3m&site-domain=crypto-fire.website&site-page=https%3A%2F%2Fcrypto-fire.website%2Fmine%2Fpartner%2Fsofiahalbof&repeat=2
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://imasdk.googleapis.com/js/core/bridge3.689.6_en.html?gdpr=1#fid=goog_29898449
Certificate
IssuerGoogle Trust Services
Subjectagenteimmobiliare.info
Fingerprint65:CE:B5:B3:06:6A:E6:66:55:C1:49:E1:0A:97:6C:C4:F2:DA:85:50
ValiditySat, 08 Mar 2025 10:05:37 GMT - Fri, 06 Jun 2025 11:03:43 GMT

File type
XML document, ASCII text, with no line terminators
Size
42 B (42 bytes)
Hash
f29fa95ad87f485f7035607dff300612
1ee041a8d8f667faf817150e7734bafe4d9d2665
1a500fd1728cc042f8211bf64027389d98b86df9253945cb7efc95f54f8e8b44

HTTP Headers

GET /api/video/tag?sourceId=56816&tmax=500&video-skipafter=5&count=3&tagId=u9ulkyimw6ahxd3m&site-domain=crypto-fire.website&site-page=https%3A%2F%2Fcrypto-fire.website%2Fmine%2Fpartner%2Fsofiahalbof&repeat=2 HTTP/1.1
Host: video.agenteimmobiliare.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
DNT: 1
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 16:42:21 GMT
content-type: application/xml; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e%2Fipd1TW%2BlG4yqnjmbsbputn3aspcFmllkMmUV2euvsBShCaxQ4VF8rvyaDoo8P7gJf6%2FkmkjGtUewgaMkcm1vHg7YSV%2F7PzJ%2BUXjyZTNmctRVPxVE%2FLZYMrJyiiT7kQUeAKBM4mInKaX4cqTvEF"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://imasdk.googleapis.com
vary: -: Origin
access-control-allow-headers: Content-type
access-control-expose-headers: *
access-control-allow-credentials: true
set-cookie: d-vi-u-uni=811d9c3f940f9f397022db6df4758970a%3A2%3A%7Bi%3A0%3Bs%3A10%3A%22d-vi-u-uni%22%3Bi%3A1%3Bs%3A2%3A%22no%22%3B%7D; expires=Thu, 27-Mar-2025 16:42:21 GMT; Max-Age=86400; path=/; HttpOnly; SameSite=None
d-vi-u-id=614e1f817d64ecb698e6d01b1d9eb5fda%3A2%3A%7Bi%3A0%3Bs%3A9%3A%22d-vi-u-id%22%3Bi%3A1%3Bs%3A33%3A%22d51df7e4809ba95609f57f3dac95474df%22%3B%7D; expires=Mon, 25-Mar-2030 16:42:21 GMT; Max-Age=157680000; path=/; HttpOnly; SameSite=None
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 926819cb393cffef-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400

wss://ny1.xmrminingproxy.com/

172.67.135.46

101 Switching Protocols

0 B

URL GET
wss://ny1.xmrminingproxy.com/
IP
172.67.135.46:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ads-bitcoin.com/app/codes/banner?rcd=OTQ1
Certificate
IssuerGoogle Trust Services
Subjectxmrminingproxy.com
Fingerprint03:06:1B:BE:9D:51:CC:82:7E:32:0B:B8:52:70:80:75:55:13:6C:6A
ValidityWed, 05 Mar 2025 16:42:19 GMT - Tue, 03 Jun 2025 17:40:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: ny1.xmrminingproxy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://ads-bitcoin.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: emQUaczNk42FHzIat9QnAA==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Wed, 26 Mar 2025 16:42:23 GMT
Connection: upgrade
Sec-Websocket-Accept: /9zz0iAakcBnOXZQ5ROk8OMaCos=
Upgrade: websocket
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mSsSzwEsAVQjvRfwujW2HA9n69BApamWtGVzD52Q9VUPjfEfCx94VEb%2BZudzBPkL9912NEhsirP9IMtmFWsBjiCtBaxzNdpsTCk4D1%2FiM5I7WvNN5m%2BJwWWbwKfjvdlMyTztDKTVgr8D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 926819d7ec2557f0-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19851&min_rtt=19833&rtt_var=4195&sent=5&recv=8&lost=0&retrans=0&sent_bytes=3135&recv_bytes=1164&delivery_rate=218797&cwnd=200&unsent_bytes=0&cid=caa79678725a01b0&ts=291&x=0"

fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap

142.250.74.10

200 OK

10 kB

URL GET
fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://ad.a-ads.com/2370865?size=728x90
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint69:99:38:F9:7C:82:8E:AC:7D:DA:EA:3E:1C:E4:7F:52:1B:36:41:AA
ValidityMon, 10 Mar 2025 08:37:02 GMT - Mon, 02 Jun 2025 08:37:01 GMT

File type
ASCII text
Size
10 kB (10108 bytes)
Hash
ac9cc59aa5362fbdf77e40cde49f0d56
be28a1f46f6e8f49bf0fdb0902fda03d15c0a97e
6077f728b7de97728b0ee9201adb3b4c798af167869fef07caaa2b01c397d4c6

HTTP Headers

GET /css2?family=Inter:wght@400;500;600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad.a-ads.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 26 Mar 2025 16:42:23 GMT
date: Wed, 26 Mar 2025 16:42:23 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.blogger.com/dyn-css/authorization.css?targetBlogID=3405693820859981231&zx=49f9b75b-d849-4df2-b9fa-b732ea846629

172.217.21.169

200 OK

1 B

URL GET
www.blogger.com/dyn-css/authorization.css?targetBlogID=3405693820859981231&zx=49f9b75b-d849-4df2-b9fa-b732ea846629
IP
172.217.21.169:443
ASN
#15169 GOOGLE

Requested by
https://12ft.io/api/proxy?q=https%3A%2F%2Fsofiahalbofanimeworld.blogspot.com%2Fsearch%2Flabel%2Fverytenoi
Certificate
IssuerGoogle Trust Services
Subject*.blogger.com
Fingerprint17:C8:7D:9B:00:26:E2:B9:81:6A:91:17:CF:BD:91:40:EA:9E:C2:79
ValidityMon, 10 Mar 2025 08:35:46 GMT - Mon, 02 Jun 2025 08:35:45 GMT

File type
ASCII text, with no line terminators
Size
1 B (1 bytes)
Hash
1d78758685e5e2f4efeeb490f8521abd
ef7e6794ca9c6a06b54b66f279237fb8daaaeea8
a80e516bfb196e1c48a9acbe39da8fceb6bc82e0d991b8a990b8f3239c7efaed

HTTP Headers

GET /dyn-css/authorization.css?targetBlogID=3405693820859981231&zx=49f9b75b-d849-4df2-b9fa-b732ea846629 HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12ft.io/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src   'self' *.google.com *.google-analytics.com 'unsafe-inline'   'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com   *.googleapis.com uds.googleusercontent.com https://s.ytimg.com   https://i18n-cloud.appspot.com   https://www.youtube.com   www-onepick-opensocial.googleusercontent.com   www-bloggervideo-opensocial.googleusercontent.com   www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 26 Mar 2025 16:42:20 GMT
last-modified: Wed, 26 Mar 2025 16:42:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 21
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

video.agenteimmobiliare.info/d-video.js?b=31

104.21.96.1

200 OK

94 kB

URL GET
video.agenteimmobiliare.info/d-video.js?b=31
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://free-btc.org/banner/u=sofiahalbof/size=728x90
Certificate
IssuerGoogle Trust Services
Subjectagenteimmobiliare.info
Fingerprint65:CE:B5:B3:06:6A:E6:66:55:C1:49:E1:0A:97:6C:C4:F2:DA:85:50
ValiditySat, 08 Mar 2025 10:05:37 GMT - Fri, 06 Jun 2025 11:03:43 GMT

File type

Size
94 kB (94446 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /d-video.js?b=31 HTTP/1.1
Host: video.agenteimmobiliare.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://free-btc.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 16:42:20 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oph2Wm4qLQItfFpV6sbmA7rUu1galwO9cB8AspCjjMbykdAxFXpxLx%2BgOJjbBWUwc3M3wF7o5ryMzWSOguOputjLOiNHKJtb6Vc408LbrfGa3yHqP4LAy5hoAuTbQsa3Et7bT2zH93tIrC%2BF%2Fs6i"}],"group":"cf-nel","max_age":604800}
last-modified: Thu, 06 Jun 2024 11:01:00 GMT
etag: W/"666196ec-170ee"
age: 2980
cache-control: max-age=14400
cf-cache-status: HIT
content-encoding: br
cf-ray: 926819c56f5effef-AMS
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

104.21.96.1

200 OK

42 B

URL GET
video.agenteimmobiliare.info/api/video/tag?sourceId=56813&tmax=500&video-skipafter=5&count=3&tagId=je1ot46culf4u6xn&site-domain=free-btc.org&site-page=https%3A%2F%2Ffree-btc.org%2Fbanner%2Fu%3Dsofiahalbof%2Fsize%3D728x90
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://imasdk.googleapis.com/js/core/bridge3.689.6_en.html?gdpr=1#fid=goog_1132152853
Certificate
IssuerGoogle Trust Services
Subjectagenteimmobiliare.info
Fingerprint65:CE:B5:B3:06:6A:E6:66:55:C1:49:E1:0A:97:6C:C4:F2:DA:85:50
ValiditySat, 08 Mar 2025 10:05:37 GMT - Fri, 06 Jun 2025 11:03:43 GMT

File type
XML document, ASCII text, with no line terminators
Size
42 B (42 bytes)
Hash
f29fa95ad87f485f7035607dff300612
1ee041a8d8f667faf817150e7734bafe4d9d2665
1a500fd1728cc042f8211bf64027389d98b86df9253945cb7efc95f54f8e8b44

HTTP Headers

GET /api/video/tag?sourceId=56813&tmax=500&video-skipafter=5&count=3&tagId=je1ot46culf4u6xn&site-domain=free-btc.org&site-page=https%3A%2F%2Ffree-btc.org%2Fbanner%2Fu%3Dsofiahalbof%2Fsize%3D728x90 HTTP/1.1
Host: video.agenteimmobiliare.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
DNT: 1
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 16:42:21 GMT
content-type: application/xml; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OtCuDFrBvqaI%2FZtcTYpbR%2FUUr02%2BvYl8ESItEpbDdwgDwcpM0GyPmesTWstKmsB7xHxsHvP1QeKLdoOxxbHed3%2BZboeN3uUeIyKmsgIF%2FKYhK5kIahuc%2F4IrdNvPZrSVraaL9ABSLctp%2F7wfBKvZ"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://imasdk.googleapis.com
vary: -: Origin
access-control-allow-headers: Content-type
access-control-expose-headers: *
access-control-allow-credentials: true
set-cookie: d-vi-u-uni=811d9c3f940f9f397022db6df4758970a%3A2%3A%7Bi%3A0%3Bs%3A10%3A%22d-vi-u-uni%22%3Bi%3A1%3Bs%3A2%3A%22no%22%3B%7D; expires=Thu, 27-Mar-2025 16:42:21 GMT; Max-Age=86400; path=/; HttpOnly; SameSite=None
d-vi-u-id=614e1f817d64ecb698e6d01b1d9eb5fda%3A2%3A%7Bi%3A0%3Bs%3A9%3A%22d-vi-u-id%22%3Bi%3A1%3Bs%3A33%3A%22d51df7e4809ba95609f57f3dac95474df%22%3B%7D; expires=Mon, 25-Mar-2030 16:42:21 GMT; Max-Age=157680000; path=/; HttpOnly; SameSite=None
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 926819ca8902ffef-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400

bonus-ads.top/img/300x250.png

213.32.25.28

200 OK

96 kB

URL GET
bonus-ads.top/img/300x250.png
IP
213.32.25.28:443
ASN
#16276 OVH SAS

Requested by
https://ad2bitcoin.com/ad.php?ref=sofiahalbof&width=300
Certificate
IssuerLet's Encrypt
Subjectbonus-ads.top
FingerprintAD:8D:32:11:84:4E:DD:C0:BA:B0:E7:FA:AB:E7:D9:48:A9:32:60:99
ValidityMon, 17 Mar 2025 01:48:36 GMT - Sun, 15 Jun 2025 01:48:35 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Size
96 kB (95902 bytes)
Hash
417735338342c64c0dcd66be9847bc1d
1c054b1dd51a023e9b1f84a0b4fc7b21aa58408b
18d01fa489e0fa309cb7b9b55293675a6682b0d1d9a2967e4e344469bc8904c4

HTTP Headers

GET /img/300x250.png HTTP/1.1
Host: bonus-ads.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad2bitcoin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 02 Apr 2025 16:42:20 GMT
content-type: image/png
last-modified: Thu, 29 Aug 2024 10:36:52 GMT
accept-ranges: bytes
content-length: 95902
date: Wed, 26 Mar 2025 16:42:20 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

ad2bitcoin.com/adqlt.php?ref=sofiahalbof&keycode=8419

162.0.208.108

200 OK

0 B

URL GET
ad2bitcoin.com/adqlt.php?ref=sofiahalbof&keycode=8419
IP
162.0.208.108:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://ad2bitcoin.com/ad.php?ref=sofiahalbof&width=300
Certificate
IssuerLet's Encrypt
Subjectwww.ad2bitcoin.com.traffic2bitcoin.com
FingerprintEA:A9:21:E3:84:C6:CC:03:54:85:63:79:BD:54:DD:C9:F1:A9:17:93
ValidityThu, 20 Feb 2025 00:58:38 GMT - Wed, 21 May 2025 00:58:37 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /adqlt.php?ref=sofiahalbof&keycode=8419 HTTP/1.1
Host: ad2bitcoin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad2bitcoin.com/ad.php?ref=sofiahalbof&width=300
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 26 Mar 2025 16:42:19 GMT
Server: Apache
Vary: User-Agent
Content-Length: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

12ft.io/proxy?q=https://sofiahalbofanimeworld.blogspot.com/search/label/verytenoi

5.161.99.118

200 OK

14 kB

URL User Request GET
12ft.io/proxy?q=https://sofiahalbofanimeworld.blogspot.com/search/label/verytenoi
IP
5.161.99.118:443
ASN
#213230 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subject12ft.io
FingerprintAD:7C:C1:75:CB:23:74:A6:DD:98:37:17:0C:29:0F:F4:E4:B8:40:BB
ValiditySat, 22 Mar 2025 08:13:57 GMT - Fri, 20 Jun 2025 08:13:56 GMT

File type
HTML document, ASCII text, with very long lines (7711)
Size
14 kB (14075 bytes)
Hash
57ff3906e6e44fb08c1ec5a8e17e6458
3549cd6e888bea271a7e6b758b0c6646f90b406c
9985742ee2a2b6fc07ccf6ffae0ebdd1fa825dc38827f34e495f2f5fafe3d8c3

HTTP Headers

GET /proxy?q=https://sofiahalbofanimeworld.blogspot.com/search/label/verytenoi HTTP/1.1
Host: 12ft.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 26 Mar 2025 16:42:18 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 5333
Connection: keep-alive
vary: accept-encoding
content-encoding: gzip
set-cookie: _twelvefoot_key=SFMyNTY.g3QAAAABbQAAAAtfY3NyZl90b2tlbm0AAAAYajdQUlMyWUU0VFR4VFFpWFVqUGZ4ZHR2.-2tvtXeRUjmcqo-U7FggLJ0oh6L5OWWBEWpRyn9jXsQ; path=/; HttpOnly; SameSite=Lax
cache-control: max-age=0, private, must-revalidate
x-request-id: GDBn8H2d4mUFIoYAXNrj
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none

12ft.io/assets/app-2f4eeb613965956fb8b68d387bd72f27.js?vsn=d

5.161.99.118

200 OK

106 kB

URL GET
12ft.io/assets/app-2f4eeb613965956fb8b68d387bd72f27.js?vsn=d
IP
5.161.99.118:443
ASN
#213230 Hetzner Online GmbH

Requested by
https://12ft.io/proxy?q=https://sofiahalbofanimeworld.blogspot.com/search/label/verytenoi
Certificate
IssuerLet's Encrypt
Subject12ft.io
FingerprintAD:7C:C1:75:CB:23:74:A6:DD:98:37:17:0C:29:0F:F4:E4:B8:40:BB
ValiditySat, 22 Mar 2025 08:13:57 GMT - Fri, 20 Jun 2025 08:13:56 GMT

File type
JavaScript source, ASCII text, with very long lines (24807)
Size
106 kB (105657 bytes)
Hash
2f4eeb613965956fb8b68d387bd72f27
33c89a89f4d9559e78cb10d252a5c1f6a85af9cb
926377aeb130fd2825e9fd15351e1e624145fb5acdf5f0e637f63f9416d88390

HTTP Headers

GET /assets/app-2f4eeb613965956fb8b68d387bd72f27.js?vsn=d HTTP/1.1
Host: 12ft.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12ft.io/proxy?q=https://sofiahalbofanimeworld.blogspot.com/search/label/verytenoi
DNT: 1
Connection: keep-alive
Cookie: _twelvefoot_key=SFMyNTY.g3QAAAABbQAAAAtfY3NyZl90b2tlbm0AAAAYajdQUlMyWUU0VFR4VFFpWFVqUGZ4ZHR2.-2tvtXeRUjmcqo-U7FggLJ0oh6L5OWWBEWpRyn9jXsQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 26 Mar 2025 16:42:18 GMT
Content-Type: text/javascript
Content-Length: 33129
Connection: keep-alive
vary: Accept-Encoding
cache-control: public, max-age=31536000
accept-ranges: bytes
content-encoding: gzip

imasdk.googleapis.com/js/sdkloader/ima3.js

142.250.74.42

200 OK

454 kB

URL GET
imasdk.googleapis.com/js/sdkloader/ima3.js
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://crypto-fire.website/mine/partner/sofiahalbof
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint69:99:38:F9:7C:82:8E:AC:7D:DA:EA:3E:1C:E4:7F:52:1B:36:41:AA
ValidityMon, 10 Mar 2025 08:37:02 GMT - Mon, 02 Jun 2025 08:37:01 GMT

File type
JavaScript source, ASCII text, with very long lines (3073)
Size
454 kB (453462 bytes)
Hash
c7798bc33ef51d22dcf6cc702715cb89
be5e8bb4b1d7862de44520307049e1c5a2b1836e
3dc57f88095df1fae2b22d78d6754d1a566720a2a5d0660f831882b2759fd06d

HTTP Headers

GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crypto-fire.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 26 Mar 2025 16:42:20 GMT
expires: Wed, 26 Mar 2025 16:42:20 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 2082449136498197381
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 143230
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

csi.gstatic.com/csi?v=2&s=ima&puid=2~m8q5kfy7&c=3224260229168&slotId=1612130114584&ghmsh_eids=95322027%2C95326337%2C95331589%2C95332046%2C95351091

142.250.181.131

204 No Content

0 B

URL POST
csi.gstatic.com/csi?v=2&s=ima&puid=2~m8q5kfy7&c=3224260229168&slotId=1612130114584&ghmsh_eids=95322027%2C95326337%2C95331589%2C95332046%2C95351091
IP
142.250.181.131:443
ASN
#15169 GOOGLE

Requested by
https://imasdk.googleapis.com/js/core/bridge3.689.6_en.html?gdpr=1#fid=goog_1132152853
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B
ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /csi?v=2&s=ima&puid=2~m8q5kfy7&c=3224260229168&slotId=1612130114584&ghmsh_eids=95322027%2C95326337%2C95331589%2C95332046%2C95351091 HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
DNT: 1
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: *
date: Wed, 26 Mar 2025 16:42:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgcc:41:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgcc:41:0
report-to: {"group":"ascnsrsgcc:41:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgcc:41:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ad.a-ads.com/2370865?size=728x90

136.243.11.250

200 OK

14 kB

URL GET
ad.a-ads.com/2370865?size=728x90
IP
136.243.11.250:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://ad2bitcoin.com/ad.php?ref=sofiahalbof&width=300
Certificate
IssuerSectigo Limited
Subject*.a-ads.com
Fingerprint29:38:CF:C5:B7:11:ED:58:BF:D9:11:7B:D8:5E:88:8A:48:33:9A:23
ValiditySun, 05 Jan 2025 00:00:00 GMT - Tue, 09 Dec 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (11031)
Size
14 kB (13501 bytes)
Hash
6c77acc4a4ce4a9a09e8dd388590ec94
0b0315cf91e8608c3a8e2c454cf1429544757327
0c0ce862468de666900ade650e78d8b9e246f42a6c869606e7a1675a922859ce

HTTP Headers

GET /2370865?size=728x90 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad2bitcoin.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 26 Mar 2025 16:42:23 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://ad2bitcoin.com/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
content-encoding: gzip
X-Firefox-Spdy: h2

imasdk.googleapis.com/js/sdkloader/ima3.js

142.250.74.42

200 OK

454 kB

URL GET
imasdk.googleapis.com/js/sdkloader/ima3.js
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://free-btc.org/banner/u=sofiahalbof/size=728x90
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint69:99:38:F9:7C:82:8E:AC:7D:DA:EA:3E:1C:E4:7F:52:1B:36:41:AA
ValidityMon, 10 Mar 2025 08:37:02 GMT - Mon, 02 Jun 2025 08:37:01 GMT

File type
JavaScript source, ASCII text, with very long lines (3073)
Size
454 kB (453455 bytes)
Hash
2355bf139556cb4af4ea1d322f1ac832
375eeda3df7d97830626a52f73abdb1502f73cd2
a4c57b1b00ad2d3187fc50943dbfb08c3764eae954380485209bff3afedccd59

HTTP Headers

GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://free-btc.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 26 Mar 2025 16:42:20 GMT
expires: Wed, 26 Mar 2025 16:42:20 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 7052830723077895324
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 143242
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

imasdk.googleapis.com/js/core/bridge3.689.6_en.html?gdpr=1#fid=goog_29898449

142.250.74.42

200 OK

838 kB

URL GET
imasdk.googleapis.com/js/core/bridge3.689.6_en.html?gdpr=1#fid=goog_29898449
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://crypto-fire.website/mine/partner/sofiahalbof
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint69:99:38:F9:7C:82:8E:AC:7D:DA:EA:3E:1C:E4:7F:52:1B:36:41:AA
ValidityMon, 10 Mar 2025 08:37:02 GMT - Mon, 02 Jun 2025 08:37:01 GMT

File type
HTML document, ASCII text, with very long lines (48645)
Size
838 kB (838352 bytes)
Hash
9bea88a905eb3314af41d750b7764338
435e23191ad2d170e904acc5def614e1349f3656
dba913de46e9892f29bae4a359f42056091986056070d00515d755abdd5c29ee

HTTP Headers

GET /js/core/bridge3.689.6_en.html?gdpr=1 HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crypto-fire.website/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 264287
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Mar 2025 21:06:38 GMT
expires: Thu, 19 Mar 2026 21:06:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 19 Mar 2025 19:03:47 GMT
content-type: text/html
vary: Accept-Encoding
age: 588942
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cryptocoinsad.com/banner/ads_banner/29496.gif

104.21.32.1

200 OK

574 kB

URL GET
cryptocoinsad.com/banner/ads_banner/29496.gif
IP
104.21.32.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cryptocoinsad.com/ads/show.php?a=252942&b=398013
Certificate
IssuerGoogle Trust Services
Subjectcryptocoinsad.com
Fingerprint49:43:C9:E1:A7:26:72:FE:F8:54:F0:1A:87:11:ED:89:1D:78:F1:5C
ValidityThu, 13 Feb 2025 16:47:34 GMT - Wed, 14 May 2025 17:46:15 GMT

File type
GIF image data, version 89a, 728 x 90
Size
574 kB (573458 bytes)
Hash
fbe8cff656536a9f1189c2c1a43b77f5
c6aebe56ad6cca203bf88acc1acca55d3d27c340
e9f90b87c066af212cf0902bfafab37b62749e2c576d14e670d5463435cb1ee9

HTTP Headers

GET /banner/ads_banner/29496.gif HTTP/1.1
Host: cryptocoinsad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptocoinsad.com/ads/show.php?a=252942&b=398013
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 16:42:20 GMT
content-type: image/gif
content-length: 573458
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6hvB8rwOTcGxsIzRorLkZNI%2BH6vxwG3950ApsfesoYuPAlxkZlgd6gI70U2kXo5mSnuvJWVaUNjqJOQy6tS44ecVUfBaLUU3gjxKPIJbFkwvJVtxqxXiAdTjCSDggeLPvJ4SnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 25 Mar 2025 07:58:48 GMT
etag: "67e26238-8c012"
cache-control: max-age=10800
cf-cache-status: HIT
age: 4272
accept-ranges: bytes
cf-ray: 926819c36edcfeb8-AMS
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

cryptocoinsad.com/ads/show/img/icon.png

104.21.32.1

200 OK

3.3 kB

URL GET
cryptocoinsad.com/ads/show/img/icon.png
IP
104.21.32.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cryptocoinsad.com/ads/show.php?a=253469&b=398008
Certificate
IssuerGoogle Trust Services
Subjectcryptocoinsad.com
Fingerprint49:43:C9:E1:A7:26:72:FE:F8:54:F0:1A:87:11:ED:89:1D:78:F1:5C
ValidityThu, 13 Feb 2025 16:47:34 GMT - Wed, 14 May 2025 17:46:15 GMT

File type
PNG image data, 435 x 435, 8-bit/color RGBA, non-interlaced
Size
3.3 kB (3309 bytes)
Hash
865296d690eff9da3a1bb21590faa79b
50fd13c32e6f6f0b5aa444c921c6241fcb41b5b3
b14ef09e5d084f7cb785998d54d37e486619c9b9527e72776a7c9d2b7e85c828

HTTP Headers

GET /ads/show/img/icon.png HTTP/1.1
Host: cryptocoinsad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cryptocoinsad.com/ads/show.php?a=253469&b=398008
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 16:42:20 GMT
content-type: image/png
content-length: 3309
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J%2FsEffYQHlwGTlr0pishDObim0I441OSfXqz%2B9vElGqHC98uC0NL4fLUlKK6uJDNYqXYbwmkBtVCuqGVq14g4f%2Fk5sbo0EqAvA4xfGrZ2MOuBnkomWoSkWlq0E26TOwVtcR2zA%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 29 Jan 2022 11:54:52 GMT
etag: "61f52b0c-ced"
cache-control: max-age=10800
cf-cache-status: HIT
age: 386
accept-ranges: bytes
cf-ray: 926819c6cf8ffeb8-AMS
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2

142.250.74.35

200 OK

48 kB

URL GET
fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://ad.a-ads.com/2370865?size=728x90
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B
ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48496, version 1.0
Size
48 kB (48496 bytes)
Hash
8b7943a41013101d892c4684617ed41d
1853b95f5ae2cc51c89edf6f2c44a676efe31f3b
9d9e7b21769c8048b64fbdc1743c32641c3aa1c70c37197987ffe14d0f0508cd

HTTP Headers

GET /s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ad.a-ads.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48496
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 10:09:01 GMT
expires: Fri, 20 Mar 2026 10:09:01 GMT
cache-control: public, max-age=31536000
age: 542002
last-modified: Mon, 29 Jul 2024 22:47:09 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

crypto-fire.website/728.gif

5.180.55.119

200 OK

302 kB

URL GET
crypto-fire.website/728.gif
IP
5.180.55.119:443
ASN
#44477 Stark Industries Solutions Ltd

Requested by
https://crypto-fire.website/mine/partner/sofiahalbof
Certificate
IssuerLet's Encrypt
Subjectcrypto-fire.website
Fingerprint2F:1F:71:10:96:57:5E:F5:3C:7F:20:3D:14:2F:8F:43:8B:09:DC:2C
ValidityTue, 11 Feb 2025 01:18:42 GMT - Mon, 12 May 2025 01:18:41 GMT

File type
GIF image data, version 89a, 728 x 90
Size
302 kB (302355 bytes)
Hash
bb5114db1ce20913c61f30d8f954d81c
04f21529e26dd0cd96b9a9359ca1f4ea1393c435
a0e08e64ac34d8a6b70a3947a0c231dbc7e6413ab4ef8e62903be8c399ce00de

HTTP Headers

GET /728.gif HTTP/1.1
Host: crypto-fire.website
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crypto-fire.website/mine/partner/sofiahalbof
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 26 Mar 2025 16:42:19 GMT
Content-Type: image/gif
Content-Length: 302355
Last-Modified: Wed, 12 Jun 2024 09:10:58 GMT
Connection: keep-alive
ETag: "66696622-49d13"
Expires: Thu, 27 Mar 2025 16:42:19 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

cryptocoinsad.com/banner/ads_banner/26834.png

104.21.32.1

200 OK

142 kB

URL GET
cryptocoinsad.com/banner/ads_banner/26834.png
IP
104.21.32.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://traffic2bitcoin.com/ptp.php?ref=sofiahalbof&sitetype=1
Certificate
IssuerGoogle Trust Services
Subjectcryptocoinsad.com
Fingerprint49:43:C9:E1:A7:26:72:FE:F8:54:F0:1A:87:11:ED:89:1D:78:F1:5C
ValidityThu, 13 Feb 2025 16:47:34 GMT - Wed, 14 May 2025 17:46:15 GMT

File type
PNG image data, 728 x 90, 8-bit/color RGB, non-interlaced
Size
142 kB (142047 bytes)
Hash
6d7c8bb7928ac90e0ee70a9a275fb443
ef6cf54cbe7da434b38a0070c507ebccc6b8ee46
7f3c2228c96253957b887ecf5e5300d625f04068d11dd31442d98052b3fb23cb

HTTP Headers

GET /banner/ads_banner/26834.png HTTP/1.1
Host: cryptocoinsad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://traffic2bitcoin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 26 Mar 2025 16:42:19 GMT
content-type: image/png
content-length: 142047
last-modified: Sun, 03 Sep 2023 23:14:51 GMT
etag: "64f5136b-22adf"
cache-control: max-age=10800
cf-cache-status: HIT
age: 331
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b2iXteagqQb69CkwZxAC0v4a4n2wl%2FArhx4kHVvSm6PD7xcLr5dMEZrkhsteifVcThCrJODilxKrkuAhSXlBaqXEP21Nxqb0X5%2FR6ut5wVMetFyUjaEOKt5GRlz9457aVT5d%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 926819c24a9efea4-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=23516&min_rtt=19774&rtt_var=8370&sent=11&recv=16&lost=0&retrans=0&sent_bytes=4812&recv_bytes=1398&delivery_rate=218236&cwnd=230&unsent_bytes=0&cid=09fcb287b407bcaf&ts=202&x=0"
X-Firefox-Spdy: h2

static1.freebitco.in/banners/728x90-3.png

172.66.41.13

200 OK

44 kB

URL GET
static1.freebitco.in/banners/728x90-3.png
IP
172.66.41.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://traffic2bitcoin.com/ptp.php?ref=sofiahalbof&sitetype=1
Certificate
IssuerLet's Encrypt
Subjectfreebitco.in
Fingerprint96:43:F0:29:AD:55:B5:CA:3E:E4:3A:40:7D:20:8C:32:3D:0E:D4:AD
ValiditySun, 23 Feb 2025 20:01:38 GMT - Sat, 24 May 2025 20:01:37 GMT

File type
RIFF (little-endian) data, Web/P image
Size
44 kB (43968 bytes)
Hash
2b3356c4e6170940ce2bf538c7b55a26
782268c3c692056f005a041b2f95a6675f276799
b83b40d396539bb0eea0cd3fc9d496c4847a6242b95e11748d0b4eeb24745064

HTTP Headers

GET /banners/728x90-3.png HTTP/1.1
Host: static1.freebitco.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://traffic2bitcoin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 26 Mar 2025 16:42:19 GMT
content-type: image/webp
content-length: 43968
cache-control: max-age=315360000
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=60358
content-disposition: inline; filename="728x90-3.webp"
expires: Thu, 31 Dec 2037 23:55:55 GMT
vary: Accept
last-modified: Wed, 05 Feb 2025 01:03:10 GMT
cf-cache-status: HIT
age: 1201408
accept-ranges: bytes
server: cloudflare
cf-ray: 926819c29f77b4ee-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2

142.250.74.35

200 OK

48 kB

URL GET
fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://ad.a-ads.com/2370865?size=728x90
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B
ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48496, version 1.0
Size
48 kB (48496 bytes)
Hash
8b7943a41013101d892c4684617ed41d
1853b95f5ae2cc51c89edf6f2c44a676efe31f3b
9d9e7b21769c8048b64fbdc1743c32641c3aa1c70c37197987ffe14d0f0508cd

HTTP Headers

GET /s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ad.a-ads.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48496
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Mar 2025 10:09:01 GMT
expires: Fri, 20 Mar 2026 10:09:01 GMT
cache-control: public, max-age=31536000
age: 542002
last-modified: Mon, 29 Jul 2024 22:47:09 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (24)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML