www.highcpmgate.com/zw5f52jfz?pst=1713979820&rmtc=t&uuid=&pii=&in=false&key=c9e349a4c909ce5f5254d7226d1e2a68&clickid=807018730117668864&shu=8285e79114498dde79b1149681af640be96eedb9e3a792498e574dba886985a26e13adc052605b9391b46562dc037f7bffd5828a71a7ba12d6d7166997021689693c9644b9990ef9ba4e6a7a250b79d89fed06e579a2f8c7cb4b88adce72683c45879b&fr=0&sw2=1366&sh2=768&sw3=1366&sh3=768&sw4=1366&sh4=768&sw5=1366&sh5=768&sw6=1366&sh6=768&sw7=1366&sh7=768
172.240.108.68307 Temporary Redirect 0 B URL User Request GET HTTP/1.1 www.highcpmgate.com/zw5f52jfz?pst=1713979820&rmtc=t&uuid=&pii=&in=false&key=c9e349a4c909ce5f5254d7226d1e2a68&clickid=807018730117668864&shu=8285e79114498dde79b1149681af640be96eedb9e3a792498e574dba886985a26e13adc052605b9391b46562dc037f7bffd5828a71a7ba12d6d7166997021689693c9644b9990ef9ba4e6a7a250b79d89fed06e579a2f8c7cb4b88adce72683c45879b&fr=0&sw2=1366&sh2=768&sw3=1366&sh3=768&sw4=1366&sh4=768&sw5=1366&sh5=768&sw6=1366&sh6=768&sw7=1366&sh7=768
IP 172.240.108.68:443
Certificate IssuerLet's Encrypt
Subjecthighcpmgate.com
FingerprintE7:53:32:23:DA:D6:BE:EB:98:90:05:4B:AC:AC:8C:89:F2:4D:FB:2E
ValidityFri, 19 Apr 2024 10:31:16 GMT - Thu, 18 Jul 2024 10:31:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /zw5f52jfz?pst=1713979820&rmtc=t&uuid=&pii=&in=false&key=c9e349a4c909ce5f5254d7226d1e2a68&clickid=807018730117668864&shu=8285e79114498dde79b1149681af640be96eedb9e3a792498e574dba886985a26e13adc052605b9391b46562dc037f7bffd5828a71a7ba12d6d7166997021689693c9644b9990ef9ba4e6a7a250b79d89fed06e579a2f8c7cb4b88adce72683c45879b&fr=0&sw2=1366&sh2=768&sw3=1366&sh3=768&sw4=1366&sh4=768&sw5=1366&sh5=768&sw6=1366&sh6=768&sw7=1366&sh7=768 HTTP/1.1
Host: www.highcpmgate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Wed, 24 Apr 2024 17:33:08 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://www.highcpmgate.com/zw5f52jfz?key=c9e349a4c909ce5f5254d7226d1e2a68&clickid=807018730117668864&fr=0&sw2=1366&sh2=768&sw3=1366&sh3=768&sw4=1366&sh4=768&sw5=1366&sh5=768&sw6=1366&sh6=768&sw7=1366&sh7=768&dlrt=t
Set-Cookie: u_pl=23031786; expires=Thu, 25 Apr 2024 17:33:08 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4ec92b979a05fc465b37419d950c520a
Strict-Transport-Security: max-age=0; includeSubdomains
www.highcpmgate.com/zw5f52jfz?key=c9e349a4c909ce5f5254d7226d1e2a68&clickid=807018730117668864&fr=0&sw2=1366&sh2=768&sw3=1366&sh3=768&sw4=1366&sh4=768&sw5=1366&sh5=768&sw6=1366&sh6=768&sw7=1366&sh7=768&dlrt=t
172.240.108.68302 Found 0 B URL User Request GET HTTP/1.1 www.highcpmgate.com/zw5f52jfz?key=c9e349a4c909ce5f5254d7226d1e2a68&clickid=807018730117668864&fr=0&sw2=1366&sh2=768&sw3=1366&sh3=768&sw4=1366&sh4=768&sw5=1366&sh5=768&sw6=1366&sh6=768&sw7=1366&sh7=768&dlrt=t
IP 172.240.108.68:443
Certificate IssuerLet's Encrypt
Subjecthighcpmgate.com
FingerprintE7:53:32:23:DA:D6:BE:EB:98:90:05:4B:AC:AC:8C:89:F2:4D:FB:2E
ValidityFri, 19 Apr 2024 10:31:16 GMT - Thu, 18 Jul 2024 10:31:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /zw5f52jfz?key=c9e349a4c909ce5f5254d7226d1e2a68&clickid=807018730117668864&fr=0&sw2=1366&sh2=768&sw3=1366&sh3=768&sw4=1366&sh4=768&sw5=1366&sh5=768&sw6=1366&sh6=768&sw7=1366&sh7=768&dlrt=t HTTP/1.1
Host: www.highcpmgate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: u_pl=23031786
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Wed, 24 Apr 2024 17:33:08 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://press-here-to-continue.com/proxy/captcha/
Set-Cookie: backurled=c9e349a4c909ce5f5254d7226d1e2a68; expires=Wed, 24 Apr 2024 17:34:08 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ce4a3b481f77d392502c1cf136db84b0
Strict-Transport-Security: max-age=0; includeSubdomains
press-here-to-continue.com/proxy/captcha/img/captcha.png
188.114.97.1200 OK 5.4 kB URL GET HTTP/3 press-here-to-continue.com/proxy/captcha/img/captcha.png
IP 188.114.97.1:443
Requested by https://press-here-to-continue.com/proxy/captcha/
Certificate IssuerGoogle Trust Services LLC
Subjectpress-here-to-continue.com
Fingerprint5E:23:8D:E1:26:2F:77:2A:64:FC:56:70:6D:47:AF:E3:F2:E0:D7:A9
ValidityFri, 29 Mar 2024 10:41:31 GMT - Thu, 27 Jun 2024 10:41:30 GMT
File type PNG image data, 85 x 85, 8-bit/color RGBA, non-interlaced
Hash 8e0202bd42439b428a06b1657f8fe154
e2fa0bb6101f99965668a4cae9e7b9f117b16982
a642f0373f8b800dac68954ba976cc8ae0e4352e8e443d5b23f996c08725074f
GET /proxy/captcha/img/captcha.png HTTP/1.1
Host: press-here-to-continue.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://press-here-to-continue.com/proxy/captcha/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 17:33:09 GMT
content-type: image/png
content-length: 5416
last-modified: Fri, 05 May 2023 14:56:12 GMT
etag: "6455190c-1528"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 13340882
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F0OoxbJWV3ccwcgvT7diM64Kb2RIFPBVHDjE%2BB2RWLz72LfNQGOriNT5P5zu%2FxkAuOyB36jA0mYCf9K4XwZVKgCTrecnrMPOOe2v2HMRNUAE%2B8T3b31Pw4XQeHWkOidwrHZDyZh0Jf%2FvfPKU1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8797d6354bb55695-OSL
alt-svc: h3=":443"; ma=86400
press-here-to-continue.com/proxy/captcha/style.min.css
188.114.97.1200 OK 5.0 kB URL GET HTTP/3 press-here-to-continue.com/proxy/captcha/style.min.css
IP 188.114.97.1:443
Requested by https://press-here-to-continue.com/proxy/captcha/
Certificate IssuerGoogle Trust Services LLC
Subjectpress-here-to-continue.com
Fingerprint5E:23:8D:E1:26:2F:77:2A:64:FC:56:70:6D:47:AF:E3:F2:E0:D7:A9
ValidityFri, 29 Mar 2024 10:41:31 GMT - Thu, 27 Jun 2024 10:41:30 GMT
File type ASCII text, with CRLF line terminators
Hash b59d2c407b8fe00626db2dab747c3b19
bad7ad70919b59d8096b2341a8b0f2a1f6fb0d51
a9fc2e5d2e333ec86d9cfcbd65935c405b7d68b8c8fa8f6f8d4fd26ecc47da97
GET /proxy/captcha/style.min.css HTTP/1.1
Host: press-here-to-continue.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://press-here-to-continue.com/proxy/captcha/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 17:33:09 GMT
content-type: text/css
last-modified: Fri, 05 May 2023 14:56:11 GMT
etag: W/"6455190b-1237"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4796540
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kb1%2F03bn5%2F7nJlg%2BNZvoX70z%2BAmE9G2%2BexZB8v0XuxPGC%2FKuvmfKBH%2B7u8kWAgsdQs6rs2nDd%2Fr6qTiInkHqR0y0fe4%2FhLQlpLYxlEzmKJsfvvh5d3d%2FdMR6ds%2Fn2tIMcbY8DGaSBrrllLPQFg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8797d6354bb35695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
press-here-to-continue.com/proxy/captcha/script.js
188.114.97.1200 OK 370 B URL GET HTTP/3 press-here-to-continue.com/proxy/captcha/script.js
IP 188.114.97.1:443
Requested by https://press-here-to-continue.com/proxy/captcha/
Certificate IssuerGoogle Trust Services LLC
Subjectpress-here-to-continue.com
Fingerprint5E:23:8D:E1:26:2F:77:2A:64:FC:56:70:6D:47:AF:E3:F2:E0:D7:A9
ValidityFri, 29 Mar 2024 10:41:31 GMT - Thu, 27 Jun 2024 10:41:30 GMT
File type ASCII text, with very long lines (388), with no line terminators
Hash 8e869a9b961d01e5d7b45df334fc9d38
03c4d27fcd423e3b6eb6086070262d63d8bd720f
b08a8dbfcf5a02ec3302b5253e8a80ae49a6b67e6a16147a0e21d554eff30704
GET /proxy/captcha/script.js HTTP/1.1
Host: press-here-to-continue.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://press-here-to-continue.com/proxy/captcha/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 17:33:09 GMT
content-type: application/javascript
last-modified: Fri, 19 May 2023 08:02:02 GMT
etag: W/"64672cfa-172"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 13351580
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OfWzI0voBaenbjEmRhYfESwBKjKOtVXdnt1UUhpwb3AT3dStPGCfnOOjK9VgK1iGoudTIgo1%2B9lroa1HJNTY4VLcZQCWQAkJf6FJdQYLUXyygjBmwM7gNkF%2BEDbZ%2FvaQNsLaKQDECK8HPQT7xg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8797d6354bb75695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
press-here-to-continue.com/proxy/captcha/img/fav.ico
188.114.97.1200 OK 4.3 kB URL GET HTTP/3 press-here-to-continue.com/proxy/captcha/img/fav.ico
IP 188.114.97.1:443
Requested by https://press-here-to-continue.com/proxy/captcha/
Certificate IssuerGoogle Trust Services LLC
Subjectpress-here-to-continue.com
Fingerprint5E:23:8D:E1:26:2F:77:2A:64:FC:56:70:6D:47:AF:E3:F2:E0:D7:A9
ValidityFri, 29 Mar 2024 10:41:31 GMT - Thu, 27 Jun 2024 10:41:30 GMT
File type MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Hash 704039590191bddf83770dd730c87c93
99e463a9b316e5e9d0a18d897ad01edb88f7c742
ebfa4ad85fa67e7c217f3c4d4564ba2c0e2e41d6498fbcddfc382a1c7f7332d9
GET /proxy/captcha/img/fav.ico HTTP/1.1
Host: press-here-to-continue.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://press-here-to-continue.com/proxy/captcha/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 17:33:09 GMT
content-type: image/x-icon
last-modified: Fri, 05 May 2023 14:56:12 GMT
etag: W/"6455190c-10be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 13351579
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=96ETPLeQxAmyDJEfYXiCkkxVPzv0wi3owEmCY9EPeyRkn86sNm7AkXutTnb2HSsN6k9%2FYeuof%2BCekzKn2zGzeEaWsoy2oFeDyiJOqHGaxaXs2ASA4a%2BrjMEej%2BzgI1jd0E6whsr1dYJLkbp5RA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8797d6356be65695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
press-here-to-continue.com/proxy/captcha/
188.114.97.1200 OK 1.3 kB URL User Request GET HTTP/2 press-here-to-continue.com/proxy/captcha/
IP 188.114.97.1:443
Certificate IssuerGoogle Trust Services LLC
Subjectpress-here-to-continue.com
Fingerprint5E:23:8D:E1:26:2F:77:2A:64:FC:56:70:6D:47:AF:E3:F2:E0:D7:A9
ValidityFri, 29 Mar 2024 10:41:31 GMT - Thu, 27 Jun 2024 10:41:30 GMT
File type Palm OS operating system patch data "<!DOCTYPE html>\n<html lang=\"en\">\n\n<head>\n <title>Captcha</title>\n <link rel=\"icon\" href=\"img/fav.ico\" type=\"i"
Hash dafb89db50412fae5a4ceee2d64c915c
cb121c230eeeadbde58c62f13fc04be37845aab9
802cc023425e0c825cc2d432d2fedc734f670c751ec7409b079f4ca55ccef725
GET /proxy/captcha/ HTTP/1.1
Host: press-here-to-continue.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 17:33:09 GMT
content-type: text/html
last-modified: Sat, 27 May 2023 14:23:21 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HwM2hOS4bqetOonMszG9YnzLMZ5k1hcKlD8Grq17WC0kLkk2k4Zq0ffTs4GSxh3cOnHnixXKDFvhF1lIv9maEDXZwCBp0ML4bmVvXzK0LBxNdr6gA5HXlcIPJgHcdlyK1temzlWSUf06%2B579Iw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8797d6324fbb7131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2