go.savethereef.xyz/redirect?feed=557030&url=t3.hightid.com&subid=8063a697&query=&pub_clickid=64d7b2c1c809e50b696a27d7&default_url=https://t2.blowingwnd.com/i.php?p=c:n534zxkba54lmrgsv&d=64d0bc6d3d658b55ac1eb5c4&s=du.{pubfeed}&d2={referrer_domain}
0 B URL go.savethereef.xyz/redirect?feed=557030&url=t3.hightid.com&subid=8063a697&query=&pub_clickid=64d7b2c1c809e50b696a27d7&default_url=https://t2.blowingwnd.com/i.php?p=c:n534zxkba54lmrgsv&d=64d0bc6d3d658b55ac1eb5c4&s=du.{pubfeed}&d2={referrer_domain}
IP
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=557030&url=t3.hightid.com&subid=8063a697&query=&pub_clickid=64d7b2c1c809e50b696a27d7&default_url=https://t2.blowingwnd.com/i.php?p=c:n534zxkba54lmrgsv&d=64d0bc6d3d658b55ac1eb5c4&s=du.{pubfeed}&d2={referrer_domain} HTTP/1.1
Host: go.savethereef.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 12 Aug 2023 16:27:04 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://t2.blowingwnd.com/i.php?p=c:n534zxkba54lmrgsv
Pragma: no-cache
t2.blowingwnd.com/i.php?p=c:n534zxkba54lmrgsv
0 B URL t2.blowingwnd.com/i.php?p=c:n534zxkba54lmrgsv
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /i.php?p=c:n534zxkba54lmrgsv HTTP/1.1
Host: t2.blowingwnd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 12 Aug 2023 16:27:04 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round:
Raund:
Location: https://popmyads.com/serve/52264/48075/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxLmNvbQ==
302 Found 0 B URL User Request POST HTTP/3 IP
Certificate IssuerGoogle Trust Services LLC
Subjectpopmyads.com
Fingerprint0A:5D:4D:A2:8A:45:F7:DC:B0:BF:1D:E9:89:6C:CB:E2:C9:13:3E:B0
ValiditySat, 01 Jul 2023 08:17:59 GMT - Fri, 29 Sep 2023 08:17:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /gget HTTP/1.1
Host: popmyads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 475
Origin: https://popmyads.com
DNT: 1
Connection: keep-alive
Referer: https://popmyads.com/serve/52264/48075/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxLmNvbQ==
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Sat, 12 Aug 2023 16:27:05 GMT
content-type: text/html; charset=UTF-8
location: http://c0cd2idcl5.com/nz6esmv0fb?key=6c0f8fcd2b34a93c8297778070710660&psid=0480754100
x-powered-by: PHP/7.1.33
set-cookie: wGprrBLT=2; expires=Sat, 12-Aug-2023 16:27:07 GMT; Max-Age=2; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=45AhST%2FNTIl0ALP%2F6JbJ4gwKh3Qkl8PWWQFdzgPQsN%2BIzSr4IBm2Rcrp4N%2F6Qp%2FqSWcIq5PWVARZTI9B7TVlBt95gBWHR36FZSnCNEpA5vq%2FfcDQSci%2FwkYHN%2FU4YFA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7f5a156f18fe24e4-LHR
alt-svc: h3=":443"; ma=86400
press-here-to-continue.com/proxy/captcha/
200 OK 6.0 kB URL User Request GET HTTP/2 press-here-to-continue.com/proxy/captcha/
IP
Certificate IssuerGoogle Trust Services LLC
Subjectpress-here-to-continue.com
Fingerprint1E:6F:7B:27:D6:62:17:24:FF:6E:68:ED:69:00:61:CA:3F:CF:F9:CD
ValiditySun, 06 Aug 2023 08:35:19 GMT - Sat, 04 Nov 2023 08:35:18 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash afd80269d19849aa5ad31db8a85abf53
9c6aa956c5d83f5c401374fa5ff6482f2b1c3e44
c27c528c8dc494f661e6904e6d9a311bac5a169fd6b55cfd2e0c0e160c13ad6f
GET /proxy/captcha/ HTTP/1.1
Host: press-here-to-continue.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 12 Aug 2023 16:27:06 GMT
content-type: text/html
last-modified: Sat, 27 May 2023 14:23:21 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FJjZwiNptnqZlEukVJMRY%2F6lrV4yRryYy8LLhA8rRJjLFbn97cNy%2B5xEFH4ZJ%2BCOmDHO4G2eFfN6TOY04xdYPe%2Bb06GcCIVwsZG6AbyITADQNoin%2FfJvpuYenZ8oT29tQW9b%2FRbZWjg9Rji8uw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7f5a1573efeb0b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
c0cd2idcl5.com/nz6esmv0fb?key=6c0f8fcd2b34a93c8297778070710660&psid=0480754100
302 Found 1.3 kB URL User Request GET HTTP/1.1 c0cd2idcl5.com/nz6esmv0fb?key=6c0f8fcd2b34a93c8297778070710660&psid=0480754100
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /nz6esmv0fb?key=6c0f8fcd2b34a93c8297778070710660&psid=0480754100 HTTP/1.1
Host: c0cd2idcl5.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Sat, 12 Aug 2023 16:27:06 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://press-here-to-continue.com/proxy/captcha/
Set-Cookie: u_pl=14565158; expires=Sun, 13 Aug 2023 16:27:06 GMT
backurled=6c0f8fcd2b34a93c8297778070710660; expires=Sat, 12 Aug 2023 16:28:06 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b609494f7345366475b4c74fd66b7a4e
Strict-Transport-Security: max-age=0; includeSubdomains
press-here-to-continue.com/proxy/captcha/img/fav.ico
200 OK 4.3 kB URL GET HTTP/3 press-here-to-continue.com/proxy/captcha/img/fav.ico
IP
Requested by https://press-here-to-continue.com/proxy/captcha/
Certificate IssuerGoogle Trust Services LLC
Subjectpress-here-to-continue.com
Fingerprint1E:6F:7B:27:D6:62:17:24:FF:6E:68:ED:69:00:61:CA:3F:CF:F9:CD
ValiditySun, 06 Aug 2023 08:35:19 GMT - Sat, 04 Nov 2023 08:35:18 GMT
File type MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\012- data
Hash 704039590191bddf83770dd730c87c93
99e463a9b316e5e9d0a18d897ad01edb88f7c742
ebfa4ad85fa67e7c217f3c4d4564ba2c0e2e41d6498fbcddfc382a1c7f7332d9
GET /proxy/captcha/img/fav.ico HTTP/1.1
Host: press-here-to-continue.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://press-here-to-continue.com/proxy/captcha/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 12 Aug 2023 16:27:06 GMT
content-type: image/x-icon
last-modified: Fri, 05 May 2023 14:56:12 GMT
etag: W/"6455190c-10be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 7366299
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g54gCZemuGIJjCkaBKMTDy%2By2BcXQHSN12LnHC89fezHG8fhniKdlMiHK9kcmhkMcvugQHauMILLevA6czOwMGPuJ58rKsgrPIm3orFftDen4FyuR0ECcjA9iY4tVrh3SjwI%2FT3XI3oG32ZCSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7f5a15770ae1b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
press-here-to-continue.com/proxy/captcha/style.min.css
200 OK 4.7 kB URL GET HTTP/3 press-here-to-continue.com/proxy/captcha/style.min.css
IP
Requested by https://press-here-to-continue.com/proxy/captcha/
Certificate IssuerGoogle Trust Services LLC
Subjectpress-here-to-continue.com
Fingerprint1E:6F:7B:27:D6:62:17:24:FF:6E:68:ED:69:00:61:CA:3F:CF:F9:CD
ValiditySun, 06 Aug 2023 08:35:19 GMT - Sat, 04 Nov 2023 08:35:18 GMT
File type ASCII text, with very long lines (5171), with no line terminators
Hash 42d2987024b20d48ddb405d6efbf43b0
cc6d2588db542d6dd7aa35c21c228e9e5fae841a
a493be7915762eb7fd5454e83131404c0a0d87f743f57c598a1e1ea64d215205
GET /proxy/captcha/style.min.css HTTP/1.1
Host: press-here-to-continue.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://press-here-to-continue.com/proxy/captcha/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 12 Aug 2023 16:27:06 GMT
content-type: text/css
last-modified: Fri, 05 May 2023 14:56:11 GMT
etag: W/"6455190b-1237"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 7369978
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W9p1l5RQUkhWBwETRlM7W7MYsOB4S%2B86lgtrEZgZQ8MS7KajKcxt%2BvF8JgSUqLI9taWBH5ZNW1dxXtcMN7v4HY1AHGfl%2F4UAvnHp7C9OLULAKOyMXdnXmvjMW7iWxK7%2ByGfwi3MHXuIAbF%2BCcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7f5a15769a4ab512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
press-here-to-continue.com/proxy/captcha/img/captcha.png
200 OK 5.4 kB URL GET HTTP/3 press-here-to-continue.com/proxy/captcha/img/captcha.png
IP
Requested by https://press-here-to-continue.com/proxy/captcha/
Certificate IssuerGoogle Trust Services LLC
Subjectpress-here-to-continue.com
Fingerprint1E:6F:7B:27:D6:62:17:24:FF:6E:68:ED:69:00:61:CA:3F:CF:F9:CD
ValiditySun, 06 Aug 2023 08:35:19 GMT - Sat, 04 Nov 2023 08:35:18 GMT
File type PNG image data, 85 x 85, 8-bit/color RGBA, non-interlaced\012- data
Hash 8e0202bd42439b428a06b1657f8fe154
e2fa0bb6101f99965668a4cae9e7b9f117b16982
a642f0373f8b800dac68954ba976cc8ae0e4352e8e443d5b23f996c08725074f
GET /proxy/captcha/img/captcha.png HTTP/1.1
Host: press-here-to-continue.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://press-here-to-continue.com/proxy/captcha/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 12 Aug 2023 16:27:06 GMT
content-type: image/png
content-length: 5416
last-modified: Fri, 05 May 2023 14:56:12 GMT
etag: "6455190c-1528"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 7369978
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E8Ink83ba40lkSfM6bMVbcq4zO0YjKK%2FC37UFw7Ed%2Fi%2B8MtlPPjEiAKGrs7SNibhi8PkDEYdaWraM2IiDjr%2Fm14P9r5Kx8uS%2BKZmksGFFt5TF4YbSA7or5DJYyf8Ym6wi%2F5rBhX9nX%2FbmbMbkg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7f5a15769a4bb512-OSL
alt-svc: h3=":443"; ma=86400
press-here-to-continue.com/proxy/captcha/script.js
200 OK 370 B URL GET HTTP/3 press-here-to-continue.com/proxy/captcha/script.js
IP
Requested by https://press-here-to-continue.com/proxy/captcha/
Certificate IssuerGoogle Trust Services LLC
Subjectpress-here-to-continue.com
Fingerprint1E:6F:7B:27:D6:62:17:24:FF:6E:68:ED:69:00:61:CA:3F:CF:F9:CD
ValiditySun, 06 Aug 2023 08:35:19 GMT - Sat, 04 Nov 2023 08:35:18 GMT
File type ASCII text, with very long lines (388), with no line terminators
Hash 8e869a9b961d01e5d7b45df334fc9d38
03c4d27fcd423e3b6eb6086070262d63d8bd720f
b08a8dbfcf5a02ec3302b5253e8a80ae49a6b67e6a16147a0e21d554eff30704
GET /proxy/captcha/script.js HTTP/1.1
Host: press-here-to-continue.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://press-here-to-continue.com/proxy/captcha/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 12 Aug 2023 16:27:06 GMT
content-type: application/javascript
last-modified: Fri, 19 May 2023 08:02:02 GMT
etag: W/"64672cfa-172"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 7369976
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hHz66KhBJFwYjIpBvlw7H7m3y%2FY29qexFeItxXXRIXRbe3IpNnsaGDsIQjwixYAEAgtLrPiUuSVTm%2BopwUqf9E%2Fsv5%2FBc%2FEcCery4LIfzUKl9a9qxqVbSCLKuiJCRBRiCR34ETB%2BRRwvJSzb4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7f5a1576aa4cb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
198.134.116.30
51.161.115.163
188.114.96.1