da.off3riz.com/aff_c?offer_id=1543&aff_id=3764&aff_sub2=663bee914435bc00011ba153&source=54_52027
34.248.244.161 304 B URL da.off3riz.com/aff_c?offer_id=1543&aff_id=3764&aff_sub2=663bee914435bc00011ba153&source=54_52027
IP 34.248.244.161:0
File type HTML document, ASCII text
Hash 78f184b6537945bdab162ae860ac04b1
1df971979405029e2001ebe826a0c7c3c7d5dce5
aa1aa2f42cc82540ce44c0c1b76eac0acebf5ba54602f2346bc514cb9f61e2c3
GET /aff_c?offer_id=1543&aff_id=3764&aff_sub2=663bee914435bc00011ba153&source=54_52027 HTTP/1.1
Host: da.off3riz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 08 May 2024 21:29:13 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 304
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Location: https://www.h-trck.com/9W598/3QQG7/?sub1={email}&sub2=3764&sub3=54_52027&sub5=102e21b9932490ebd00a71c056b640
P3p: CP="NOI CUR OUR NOR INT"
Pragma: no-cache
Set-Cookie: enc_aff_session_1543=ENC036af51a5d6de9a371b1ca0dabe0fb9705a97ac8c6ca948bbc1418ef69021f802951c9ea083141200a8702c71f78d3998b0705d41eb9855de9d8f1b46ea076c6717cd0c03c3144bb231496077ecfbb082f6d6b2e0f25134a8833ddf995e1ba22c65093aa37be430bb12a3e1196bd7a42e3b41aaee8e97541527a5b3147254819bccccac33cbcc7d31fa2579fac2c8074e76670277c9fd056dcbdb93e26ec53b31522547960; expires=Thu, 08 May 2025 21:29:13 GMT; path=/; SameSite=None; Secure
ho_mob=eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJGaXJlZm94IiwibW9iaWxlX2RldmljZV9icmFuZCI6Ik1vemlsbGEiLCJtb2JpbGVfYnJvd3NlciI6IkZpcmVmb3ggRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiI5Ni4wIiwibW9iaWxlX2NhcnJpZXIiOiI/IiwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IFg4Nl82NDsgUnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wIiwiYWNjZXB0X2xhbmd1YWdlIjoiZW4tVVMsZW47cT0wLjUiLCJjb25uZWN0aW9uX3NwZWVkIjoiYnJvYWRiYW5kIn0=; expires=Sat, 03 Apr 2027 08:09:13 GMT; path=/; SameSite=None; Secure
Tracking_id: 102e21b9932490ebd00a71c056b640
X-Robots-Tag: noindex, nofollow
Access-Control-Allow-Origin: *
X-Request-Id: b2dfe3f73bf446d9a88dbdf876f893e7
Access-Control-Allow-Headers: Tune-SDK-Version
www.h-trck.com/9W598/3QQG7/?sub1={email}&sub2=3764&sub3=54_52027&sub5=102e21b9932490ebd00a71c056b640
34.160.108.161 153 B URL www.h-trck.com/9W598/3QQG7/?sub1={email}&sub2=3764&sub3=54_52027&sub5=102e21b9932490ebd00a71c056b640
IP 34.160.108.161:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document, ASCII text
Hash fe435323d216a1a5b507fa13b2350edd
013e493b1f5fca549019cd36248ef5d6c966e092
2afd38ee41ecbbbce8abff305e5ecf8baa545760533001048a0d4d698fc5332c
GET /9W598/3QQG7/?sub1={email}&sub2=3764&sub3=54_52027&sub5=102e21b9932490ebd00a71c056b640 HTTP/1.1
Host: www.h-trck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Wed, 08 May 2024 21:29:14 GMT
content-type: text/html; charset=utf-8
content-length: 153
accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
location: https://harem-smrt.com/offers/?id=39&affid=7&source=3764&clickid=887bd782ffe041ddaefebe70f1c5f5c3&mail=%7Bemail%7D
set-cookie: uniqueClick_3QQG7=e75baa8d-fcc5-470b-ae28-e1675b4b5762:1715203754; Path=/; Expires=Thu, 09 May 2024 21:29:14 GMT; Secure; SameSite=None
transaction_id=887bd782ffe041ddaefebe70f1c5f5c3; Path=/; Expires=Tue, 06 Aug 2024 21:29:14 GMT; Secure; SameSite=None
vary: Origin
x-eflow-request-id: 4a8cf00e-a62a-47e9-81d5-e7e17e1bdf95
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/platform/1.3.6/platform.min.js
104.17.25.14 5.6 kB URL cdnjs.cloudflare.com/ajax/libs/platform/1.3.6/platform.min.js
IP 104.17.25.14:0
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (14512), with no line terminators
Hash b21b9f252fb6c5c25ac24ab2fd546a32
d2492374ec69b82b349a693c6b3818defce02001
8c039b6e245af3041933a2e283eb929be6c05618616e34ef2b8e3ca2bb368007
GET /ajax/libs/platform/1.3.6/platform.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harem-smrt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 21:29:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 5648
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f006e5f-38b2"
last-modified: Sat, 04 Jul 2020 11:56:15 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 190710
expires: Mon, 28 Apr 2025 21:29:15 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gz6QX%2BlJns5X6jr1gnDnjm4Y77RVhWezhELgV6wVN59XGlJpCpHIVN09bmg8wAxmmKxxiELTYPazuObm1wgjDK0pStnDtGtA9GDIVq%2FG3C%2BNTbQsCGsQNC%2FUBfP1YBVmRx2z8kFm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 880c8b4ebfd67130-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
rdvsecret.com/plancul/1/lp12/css
188.114.96.1200 OK 2.7 kB URL GET HTTP/3 rdvsecret.com/plancul/1/lp12/css
IP 188.114.96.1:443
Requested by https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Certificate IssuerGoogle Trust Services LLC
Subjectrdvsecret.com
FingerprintA5:FA:CC:94:93:C5:E5:D6:B1:BF:1F:14:33:D8:7E:42:77:6C:7C:26
ValidityMon, 25 Mar 2024 08:08:38 GMT - Sun, 23 Jun 2024 08:08:37 GMT
Hash 5cabc11da05d6d79dcb9b7e08fc5822e
2cbf1f6e3430e0d472476564916fef3b430b35dd
68668bd8f029c3e6b6bd1fbcd92b676def3edaa7c2f92bbeb7424f778b9c7c6f
GET /plancul/1/lp12/css HTTP/1.1
Host: rdvsecret.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Cookie: PHPSESSID=jlcabfamb1sss6rtqfveemlbe2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:29:16 GMT
content-length: 2690
last-modified: Tue, 03 Sep 2019 14:18:19 GMT
etag: "a82-591a6c299a0c0"
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zQrGo7qcI7oCVaXLfAEe9zV8M5CpeC6a8xkeyNx1%2F2mPlioyXrWaqimDFGkDHKmVp0Lo1IjQuoDjY5E7BbP%2BFMNWK7jqsKSAFQzPLYo%2Buj%2BbC7D4jIeaX8jEaLmP7fpw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880c8b535e971bfe-OSL
alt-svc: h3=":443"; ma=86400
code.jquery.com/ui/1.12.1/jquery-ui.min.js
151.101.2.137200 OK 68 kB URL GET HTTP/2 code.jquery.com/ui/1.12.1/jquery-ui.min.js
IP 151.101.2.137:443
Requested by https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Certificate IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (32073)
Hash 0a497d4661df7b82feee14332ce0bdaf
f77d06b0c5dedef1f1db051a44a2b0d7f233ba3a
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
GET /ui/1.12.1/jquery-ui.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rdvsecret.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-3dee4"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 08 May 2024 21:29:16 GMT
age: 20401556
x-served-by: cache-lga13623-LGA, cache-hel1410026-HEL
x-cache: HIT, HIT
x-cache-hits: 39, 481627
x-timer: S1715203756.157895,VS0,VE0
vary: Accept-Encoding
content-length: 67751
X-Firefox-Spdy: h2
code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css
151.101.2.137200 OK 8.3 kB URL GET HTTP/2 code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css
IP 151.101.2.137:443
Requested by https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Certificate IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (2363)
Hash c4a88ec0cb998929a670c0c58d7dc526
03135a88e8dbc36020dd453d1e7407ce9a3a2cc2
44f8a56d427917b5fa0dd7933ba545679be5e6b3b93099e64a4e29c2159f57c0
GET /ui/1.12.1/themes/base/jquery-ui.css HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rdvsecret.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: text/css
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-8c85"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 08 May 2024 21:29:16 GMT
age: 20401559
x-served-by: cache-lga13627-LGA, cache-hel1410026-HEL
x-cache: HIT, HIT
x-cache-hits: 42, 350043
x-timer: S1715203756.158856,VS0,VE0
vary: Accept-Encoding
content-length: 8323
X-Firefox-Spdy: h2
code.jquery.com/jquery-3.6.0.min.js
151.101.2.137200 OK 31 kB URL GET HTTP/2 code.jquery.com/jquery-3.6.0.min.js
IP 151.101.2.137:443
Requested by https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Certificate IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rdvsecret.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 08 May 2024 21:29:16 GMT
age: 1059937
x-served-by: cache-lga21931-LGA, cache-hel1410026-HEL
x-cache: HIT, HIT
x-cache-hits: 3, 823407
x-timer: S1715203756.164843,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js
216.58.211.10200 OK 30 kB URL GET HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js
IP 216.58.211.10:443
Requested by https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File type JavaScript source, ASCII text, with very long lines (32014)
Hash 05e51b1db558320f1939f9789ccf5c8f
c72c1735b4d903d90dd51225ebefb8c74ebbc51f
702b9e051e82b32038ffdb33a4f7eb5f7b38f4cf6f514e4182d8898f4eb0b7fb
GET /ajax/libs/jquery/3.1.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rdvsecret.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30211
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 23:30:26 GMT
expires: Tue, 06 May 2025 23:30:26 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 165530
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
harem-smrt.com/offers/index.php?id=39&affid=7&source=3764&clickid=887bd782ffe041ddaefebe70f1c5f5c3&mail=%7Bemail%7D&r=1&ua=Mozilla/5.0%20(X11;%20Linux%20x86_64;%20rv:96.0)%20Gecko/20100101%20Firefox/96.0&ua_pm=Linux&fw=1280&fh=1024&wdw_d={%22name%22:%22%22,%22status%22:%22%22,%22closed%22:false,%22length%22:0,%22innerWidth%22:1280,%22innerHeight%22:1024,%22scrollX%22:0,%22pageXOffset%22:0,%22scrollY%22:0,%22pageYOffset%22:0,%22screenLeft%22:0,%22screenTop%22:0,%22screenX%22:0,%22screenY%22:0,%22outerWidth%22:1280,%22outerHeight%22:1024,%22mozInnerScreenX%22:0,%22mozInnerScreenY%22:0,%22devicePixelRatio%22:1,%22scrollMaxX%22:0,%22scrollMaxY%22:0,%22fullScreen%22:true,%22origin%22:%22https://harem-smrt.com%22,%22crossOriginIsolated%22:false,%22isSecureContext%22:true,%22fhe%22:%22UTC%22,%22prop%22:%22prop%22}&ngt_d={%22permissions%22:{},%22mimeTypes%22:{%220%22:{},%221%22:{}},%22plugins%22:{%220%22:{%220%22:{},%221%22:{}},%221%22:{%220%22:{},%221%22:{}},%222%22:{%220%22:{},%221%22:{}},%223%22:{%220%22:{},%221%22:{}},%224%22:{%220%22:{},%221%22:{}}},%22pdfViewerEnabled%22:true,%22doNotTrack%22:%221%22,%22maxTouchPoints%22:0,%22mediaCapabilities%22:{},%22oscpu%22:%22Linux%20x86_64%22,%22vendor%22:%22%22,%22vendorSub%22:%22%22,%22productSub%22:%2220100101%22,%22cookieEnabled%22:true,%22buildID%22:%2220181001000000%22,%22mediaDevices%22:{},%22credentials%22:{},%22clipboard%22:{},%22mediaSession%22:{},%22webdriver%22:false,%22hardwareConcurrency%22:48,%22appCodeName%22:%22Mozilla%22,%22appName%22:%22Netscape%22,%22appVersion%22:%225.0%20(X11)%22,%22platform%22:%22Linux%20x86_64%22,%22userAgent%22:%22Mozilla/5.0%20(X11;%20Linux%20x86_64;%20rv:96.0)%20Gecko/20100101%20Firefox/96.0%22,%22product%22:%22Gecko%22,%22language%22:%22en-US%22,%22languages%22:[%22en-US%22,%22en%22],%22locks%22:{},%22onLine%22:true,%22storage%22:{}}&hs_d={%22length%22:2,%22scrollRestoration%22:%22auto%22,%22state%22:null}&sc_d={%22availWidth%22:1280,%22availHeight%22:1024,%22width%22:1280,%22height%22:1024,%22colorDepth%22:24,%22pixelDepth%22:24,%22top%22:0,%22left%22:0,%22availTop%22:0,%22availLeft%22:0,%22mozOrientation%22:%22landscape-primary%22,%22onmozorientationchange%22:null,%22orientation%22:{}}&fhe_d=UTC&plg_d=[%22PDF%20Viewer%22,%22Chrome%20PDF%20Viewer%22,%22Chromium%20PDF%20Viewer%22,%22Microsoft%20Edge%20PDF%20Viewer%22,%22WebKit%20built-in%20PDF%22]
188.114.97.1302 Found 37 kB URL User Request GET HTTP/3 harem-smrt.com/offers/index.php?id=39&affid=7&source=3764&clickid=887bd782ffe041ddaefebe70f1c5f5c3&mail=%7Bemail%7D&r=1&ua=Mozilla/5.0%20(X11;%20Linux%20x86_64;%20rv:96.0)%20Gecko/20100101%20Firefox/96.0&ua_pm=Linux&fw=1280&fh=1024&wdw_d={%22name%22:%22%22,%22status%22:%22%22,%22closed%22:false,%22length%22:0,%22innerWidth%22:1280,%22innerHeight%22:1024,%22scrollX%22:0,%22pageXOffset%22:0,%22scrollY%22:0,%22pageYOffset%22:0,%22screenLeft%22:0,%22screenTop%22:0,%22screenX%22:0,%22screenY%22:0,%22outerWidth%22:1280,%22outerHeight%22:1024,%22mozInnerScreenX%22:0,%22mozInnerScreenY%22:0,%22devicePixelRatio%22:1,%22scrollMaxX%22:0,%22scrollMaxY%22:0,%22fullScreen%22:true,%22origin%22:%22https://harem-smrt.com%22,%22crossOriginIsolated%22:false,%22isSecureContext%22:true,%22fhe%22:%22UTC%22,%22prop%22:%22prop%22}&ngt_d={%22permissions%22:{},%22mimeTypes%22:{%220%22:{},%221%22:{}},%22plugins%22:{%220%22:{%220%22:{},%221%22:{}},%221%22:{%220%22:{},%221%22:{}},%222%22:{%220%22:{},%221%22:{}},%223%22:{%220%22:{},%221%22:{}},%224%22:{%220%22:{},%221%22:{}}},%22pdfViewerEnabled%22:true,%22doNotTrack%22:%221%22,%22maxTouchPoints%22:0,%22mediaCapabilities%22:{},%22oscpu%22:%22Linux%20x86_64%22,%22vendor%22:%22%22,%22vendorSub%22:%22%22,%22productSub%22:%2220100101%22,%22cookieEnabled%22:true,%22buildID%22:%2220181001000000%22,%22mediaDevices%22:{},%22credentials%22:{},%22clipboard%22:{},%22mediaSession%22:{},%22webdriver%22:false,%22hardwareConcurrency%22:48,%22appCodeName%22:%22Mozilla%22,%22appName%22:%22Netscape%22,%22appVersion%22:%225.0%20(X11)%22,%22platform%22:%22Linux%20x86_64%22,%22userAgent%22:%22Mozilla/5.0%20(X11;%20Linux%20x86_64;%20rv:96.0)%20Gecko/20100101%20Firefox/96.0%22,%22product%22:%22Gecko%22,%22language%22:%22en-US%22,%22languages%22:[%22en-US%22,%22en%22],%22locks%22:{},%22onLine%22:true,%22storage%22:{}}&hs_d={%22length%22:2,%22scrollRestoration%22:%22auto%22,%22state%22:null}&sc_d={%22availWidth%22:1280,%22availHeight%22:1024,%22width%22:1280,%22height%22:1024,%22colorDepth%22:24,%22pixelDepth%22:24,%22top%22:0,%22left%22:0,%22availTop%22:0,%22availLeft%22:0,%22mozOrientation%22:%22landscape-primary%22,%22onmozorientationchange%22:null,%22orientation%22:{}}&fhe_d=UTC&plg_d=[%22PDF%20Viewer%22,%22Chrome%20PDF%20Viewer%22,%22Chromium%20PDF%20Viewer%22,%22Microsoft%20Edge%20PDF%20Viewer%22,%22WebKit%20built-in%20PDF%22]
IP 188.114.97.1:443
Certificate IssuerLet's Encrypt
Subjectharem-smrt.com
FingerprintB6:AD:43:9F:9E:20:45:C0:21:39:AC:C7:A7:35:52:95:33:95:51:37
ValidityMon, 25 Mar 2024 08:17:28 GMT - Sun, 23 Jun 2024 08:17:27 GMT
Hash 785b76208170fbdb099b4dce14cb0f33
2733a8e30d245e1a35b0712e6995c02cfc9544c7
84f6623d9e2ab01b690a9e05031b930501b07e959b30f354dfc887676c8e8980
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /offers/index.php?id=39&affid=7&source=3764&clickid=887bd782ffe041ddaefebe70f1c5f5c3&mail=%7Bemail%7D&r=1&ua=Mozilla/5.0%20(X11;%20Linux%20x86_64;%20rv:96.0)%20Gecko/20100101%20Firefox/96.0&ua_pm=Linux&fw=1280&fh=1024&wdw_d={%22name%22:%22%22,%22status%22:%22%22,%22closed%22:false,%22length%22:0,%22innerWidth%22:1280,%22innerHeight%22:1024,%22scrollX%22:0,%22pageXOffset%22:0,%22scrollY%22:0,%22pageYOffset%22:0,%22screenLeft%22:0,%22screenTop%22:0,%22screenX%22:0,%22screenY%22:0,%22outerWidth%22:1280,%22outerHeight%22:1024,%22mozInnerScreenX%22:0,%22mozInnerScreenY%22:0,%22devicePixelRatio%22:1,%22scrollMaxX%22:0,%22scrollMaxY%22:0,%22fullScreen%22:true,%22origin%22:%22https://harem-smrt.com%22,%22crossOriginIsolated%22:false,%22isSecureContext%22:true,%22fhe%22:%22UTC%22,%22prop%22:%22prop%22}&ngt_d={%22permissions%22:{},%22mimeTypes%22:{%220%22:{},%221%22:{}},%22plugins%22:{%220%22:{%220%22:{},%221%22:{}},%221%22:{%220%22:{},%221%22:{}},%222%22:{%220%22:{},%221%22:{}},%223%22:{%220%22:{},%221%22:{}},%224%22:{%220%22:{},%221%22:{}}},%22pdfViewerEnabled%22:true,%22doNotTrack%22:%221%22,%22maxTouchPoints%22:0,%22mediaCapabilities%22:{},%22oscpu%22:%22Linux%20x86_64%22,%22vendor%22:%22%22,%22vendorSub%22:%22%22,%22productSub%22:%2220100101%22,%22cookieEnabled%22:true,%22buildID%22:%2220181001000000%22,%22mediaDevices%22:{},%22credentials%22:{},%22clipboard%22:{},%22mediaSession%22:{},%22webdriver%22:false,%22hardwareConcurrency%22:48,%22appCodeName%22:%22Mozilla%22,%22appName%22:%22Netscape%22,%22appVersion%22:%225.0%20(X11)%22,%22platform%22:%22Linux%20x86_64%22,%22userAgent%22:%22Mozilla/5.0%20(X11;%20Linux%20x86_64;%20rv:96.0)%20Gecko/20100101%20Firefox/96.0%22,%22product%22:%22Gecko%22,%22language%22:%22en-US%22,%22languages%22:[%22en-US%22,%22en%22],%22locks%22:{},%22onLine%22:true,%22storage%22:{}}&hs_d={%22length%22:2,%22scrollRestoration%22:%22auto%22,%22state%22:null}&sc_d={%22availWidth%22:1280,%22availHeight%22:1024,%22width%22:1280,%22height%22:1024,%22colorDepth%22:24,%22pixelDepth%22:24,%22top%22:0,%22left%22:0,%22availTop%22:0,%22availLeft%22:0,%22mozOrientation%22:%22landscape-primary%22,%22onmozorientationchange%22:null,%22orientation%22:{}}&fhe_d=UTC&plg_d=[%22PDF%20Viewer%22,%22Chrome%20PDF%20Viewer%22,%22Chromium%20PDF%20Viewer%22,%22Microsoft%20Edge%20PDF%20Viewer%22,%22WebKit%20built-in%20PDF%22] HTTP/1.1
Host: harem-smrt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://harem-smrt.com/offers/?id=39&affid=7&source=3764&clickid=887bd782ffe041ddaefebe70f1c5f5c3&mail=%7Bemail%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Wed, 08 May 2024 21:29:15 GMT
content-type: text/html; charset=UTF-8
location: https://rdvsecret.com/offer/?id=1&lp=0&affid=vpn&source=vpn&clickid=81916554
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Model, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-Prefers-Color-Scheme, Sec-CH-Viewport-Width, Sec-CH-DPR, Sec-CH-Width
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vy3yb2P8%2F3ofK49%2BZksZukHWb1fy5hpWhq6Gw0G6W%2BVAo6pYNXtJBRN30dQo0h07gRPKVEDI0BCQMGgLkEq0vavGOvOd7Lg%2FWHr5%2B39LefJbZuRpr962VR8lQM1ZC2iBhg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880c8b4f7f5556c9-OSL
alt-svc: h3=":443"; ma=86400
ads.adextrem.com/detect.js
3.120.49.152200 OK 91 B URL GET HTTP/1.1 ads.adextrem.com/detect.js
IP 3.120.49.152:443
Requested by https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Certificate IssuerAmazon
Subject*.adextrem.com
Fingerprint72:E2:BD:3D:B2:61:02:09:94:5C:82:B9:C0:D7:26:15:73:EA:E5:27
ValidityWed, 03 Jan 2024 00:00:00 GMT - Thu, 30 Jan 2025 23:59:59 GMT
File type HTML document, ASCII text, with no line terminators
Hash 930ed77ba801241388e63e415d49b1c3
8ecf9e0626099865750d9ee4555ab8400ac0406f
1fab08ee7301c1c5676fa683c923e47681d2b1ec4fd396045937e8fb6befa7c8
GET /detect.js HTTP/1.1
Host: ads.adextrem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rdvsecret.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-control: no-cache="set-cookie"
Content-Encoding: gzip
Content-Type: application/javascript
Date: Wed, 08 May 2024 21:29:16 GMT
ETag: "4e-559751641a5c0-gzip"
Last-Modified: Mon, 18 Sep 2017 11:31:43 GMT
Server: Apache/2.4.10 (Debian)
Set-Cookie: AWSELB=671BC5111EC8C439EC6ECDAADF42C2FCC39A19517227BECBED123D3D2F3DC41482870D4994B37D6077B69EB708D166F78C41FFE40B0DFE41232F657531F899994E4ECE06A6;PATH=/;MAX-AGE=900
AWSELBCORS=671BC5111EC8C439EC6ECDAADF42C2FCC39A19517227BECBED123D3D2F3DC41482870D4994B37D6077B69EB708D166F78C41FFE40B0DFE41232F657531F899994E4ECE06A6;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
Vary: Accept-Encoding
Content-Length: 91
Connection: keep-alive
rdvsecret.com/plancul/1/lp12/style(1).css
188.114.96.1200 OK 29 kB URL GET HTTP/3 rdvsecret.com/plancul/1/lp12/style(1).css
IP 188.114.96.1:443
Requested by https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Certificate IssuerGoogle Trust Services LLC
Subjectrdvsecret.com
FingerprintA5:FA:CC:94:93:C5:E5:D6:B1:BF:1F:14:33:D8:7E:42:77:6C:7C:26
ValidityMon, 25 Mar 2024 08:08:38 GMT - Sun, 23 Jun 2024 08:08:37 GMT
File type ASCII text, with very long lines (65333)
Hash acf52c1ab4544b35ac9bb2dd86083f1d
1909533d06619d74818df9546d73bd34e3cbf8de
1b17d0c9d8b2e8521b032581bc7c2064c37b890ad99eba5138cc80e2d86a9664
GET /plancul/1/lp12/style(1).css HTTP/1.1
Host: rdvsecret.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Cookie: PHPSESSID=jlcabfamb1sss6rtqfveemlbe2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:29:16 GMT
content-type: text/css
last-modified: Tue, 03 Sep 2019 14:18:22 GMT
etag: W/"2be0d-591a6c2c76780-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KzDYhKZYpMRWXoy5sqbyq0vgPW9eu%2FeQCWVlhandUWTKkrMg8g0%2FiYqmsaVv9Tmkq3BTOFG9MJUEYUdI%2FQji9mzoQNLqdagqhuEGYXUxfxSLA%2BQYZjK1ubjNpqWsksgC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880c8b535e9b1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
rdvsecret.com/plancul/1/lp12/style.css
188.114.96.1200 OK 2.1 kB URL GET HTTP/3 rdvsecret.com/plancul/1/lp12/style.css
IP 188.114.96.1:443
Requested by https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Certificate IssuerGoogle Trust Services LLC
Subjectrdvsecret.com
FingerprintA5:FA:CC:94:93:C5:E5:D6:B1:BF:1F:14:33:D8:7E:42:77:6C:7C:26
ValidityMon, 25 Mar 2024 08:08:38 GMT - Sun, 23 Jun 2024 08:08:37 GMT
Hash 3f90bfceb17c24432dba68eff8438453
ae69f7a819e3c046626ce91f01562af8554d9672
82a477f3c687b374aa6dabc8415396a0055e9d091b3acb2617b53026756abbd8
GET /plancul/1/lp12/style.css HTTP/1.1
Host: rdvsecret.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Cookie: PHPSESSID=jlcabfamb1sss6rtqfveemlbe2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:29:16 GMT
content-type: text/css
last-modified: Wed, 14 Feb 2024 11:54:40 GMT
etag: W/"2b24-611562d075fd1-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nCHaHoCqfMET%2Fj8U5ueWivaM%2B71C%2BolwTcXsfNtR3KxDlL02VD7gSpfTsEuLQ8qfWHf5kIo3VH1a2oieJmq2IC1gLh%2Fs1iZJstbmGAdE7Fbsa53a7lJDiixTzfDTs1VO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880c8b535e961bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
ads.adextrem.com/push/loader.php
3.120.49.152 1.6 kB URL GET ads.adextrem.com/push/loader.php
IP 3.120.49.152:0
Requested by https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Certificate IssuerAmazon
Subject*.adextrem.com
Fingerprint72:E2:BD:3D:B2:61:02:09:94:5C:82:B9:C0:D7:26:15:73:EA:E5:27
ValidityWed, 03 Jan 2024 00:00:00 GMT - Thu, 30 Jan 2025 23:59:59 GMT
File type ASCII text, with CRLF line terminators
Hash 1bb8f56cb141bd8e138dd6065ebc0b8a
6e300cc7f916be6cf751f99dde56490f53710f9b
8b9ea8752caa6b5eb8b322494a98677a062c9e3175c254280b72a0133a567943
GET /push/loader.php HTTP/1.1
Host: ads.adextrem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rdvsecret.com/
Cookie: AWSELBCORS=671BC5111EC8C439EC6ECDAADF42C2FCC39A19517227BECBED123D3D2F3DC41482870D4994B37D6077B69EB708D166F78C41FFE40B0DFE41232F657531F899994E4ECE06A6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 08 May 2024 21:29:16 GMT
Pragma: no-cache
Server: Apache/2.4.10 (Debian)
Vary: Accept-Encoding
Content-Length: 1561
Connection: keep-alive
ads.adextrem.com/push/ifp.php?slot=4
3.120.49.152200 OK 1.1 kB URL GET HTTP/1.1 ads.adextrem.com/push/ifp.php?slot=4
IP 3.120.49.152:443
Requested by https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Certificate IssuerAmazon
Subject*.adextrem.com
Fingerprint72:E2:BD:3D:B2:61:02:09:94:5C:82:B9:C0:D7:26:15:73:EA:E5:27
ValidityWed, 03 Jan 2024 00:00:00 GMT - Thu, 30 Jan 2025 23:59:59 GMT
File type HTML document, ASCII text, with CRLF line terminators
Hash 2f582da0b0f795b12add06a5db7ebee7
f43bbee0ba16aee2b9764a14747b499fdc700b3a
52472c419a117dd251379d60c1724f0b14b2eb3e475d329ab7c614cb0333150d
GET /push/ifp.php?slot=4 HTTP/1.1
Host: ads.adextrem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rdvsecret.com/
Cookie: AWSELBCORS=671BC5111EC8C439EC6ECDAADF42C2FCC39A19517227BECBED123D3D2F3DC41482870D4994B37D6077B69EB708D166F78C41FFE40B0DFE41232F657531F899994E4ECE06A6
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 08 May 2024 21:29:16 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: Apache/2.4.10 (Debian)
Set-Cookie: PHPSESSID=id2575rmrsh5i5dmf650fpmp93; path=/
Vary: Accept-Encoding
Content-Length: 1052
Connection: keep-alive
ads.adextrem.com/delivery/plugindetect.js
3.120.49.152 9.9 kB URL ads.adextrem.com/delivery/plugindetect.js
IP 3.120.49.152:0
Certificate IssuerAmazon
Subject*.adextrem.com
Fingerprint72:E2:BD:3D:B2:61:02:09:94:5C:82:B9:C0:D7:26:15:73:EA:E5:27
ValidityWed, 03 Jan 2024 00:00:00 GMT - Thu, 30 Jan 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (30545), with CRLF line terminators
Hash ac0325acde0b385f05cddc712211522d
588e27a4ea5af1e91d39fa51152e8b0b54a95b96
229cd6de3803504ccd895d2c6de028bf9ffe6cd2e7cf0ac107eb382086a7be65
GET /delivery/plugindetect.js HTTP/1.1
Host: ads.adextrem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ads.adextrem.com/push/ifp.php?slot=4
Cookie: AWSELBCORS=671BC5111EC8C439EC6ECDAADF42C2FCC39A19517227BECBED123D3D2F3DC41482870D4994B37D6077B69EB708D166F78C41FFE40B0DFE41232F657531F899994E4ECE06A6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Type: application/javascript
Date: Wed, 08 May 2024 21:29:16 GMT
ETag: "7847-5287d68deacc0-gzip"
Last-Modified: Mon, 04 Jan 2016 07:52:59 GMT
Server: Apache/2.4.10 (Debian)
Vary: Accept-Encoding
Content-Length: 9907
Connection: keep-alive
rdvsecret.com/plancul/1/lp12/jquery.cycle2.min.js
188.114.96.1200 OK 7.3 kB URL GET HTTP/3 rdvsecret.com/plancul/1/lp12/jquery.cycle2.min.js
IP 188.114.96.1:443
Requested by https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Certificate IssuerGoogle Trust Services LLC
Subjectrdvsecret.com
FingerprintA5:FA:CC:94:93:C5:E5:D6:B1:BF:1F:14:33:D8:7E:42:77:6C:7C:26
ValidityMon, 25 Mar 2024 08:08:38 GMT - Sun, 23 Jun 2024 08:08:37 GMT
File type JavaScript source, ASCII text, with very long lines (10280)
Hash b9bef20cec2d668923eb248733b3955e
8bbbca8502749ad9d770717c8dc39cf2892ea730
87a1a7e65f6ceed57d27b07cac22836a7682617932fc9d4376887b0ae1754a35
GET /plancul/1/lp12/jquery.cycle2.min.js HTTP/1.1
Host: rdvsecret.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Cookie: PHPSESSID=jlcabfamb1sss6rtqfveemlbe2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:29:16 GMT
content-type: application/javascript
last-modified: Tue, 03 Sep 2019 14:18:20 GMT
etag: W/"599c-591a6c2a8e300-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tgSk%2FKleZ8jWNpJJJx67JoZz3bLqt3QnNzH4W%2BxkSs%2BD5k8neuhD4TjotvuvkoSY0O8lMBLFJmSPP83llxmbcvg7Y51Grz5nVlxfw%2BDETULC348FC4LQWgaY0A1qdR1b"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880c8b536ea31bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
ocsp.starfieldtech.com/
192.124.249.41 2.1 kB IP 192.124.249.41:0
Hash 771deb4c0a0cbd379f7b36fc747a18fd
51560f41df06ebb4ff41b853a58d4becbaab32a1
6fe108ad97aa64713601cb4ff8314772530d2507dac4ede3f471e89fc450dd09
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 08 May 2024 21:29:16 GMT
Content-Type: application/ocsp-response
Content-Length: 2148
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 08 May 2024 19:38:47 GMT
Expires: Thu, 09 May 2024 19:38:47 GMT
ETag: "51560f41df06ebb4ff41b853a58d4becbaab32a1"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.starfieldtech.com/
192.124.249.24 2.1 kB IP 192.124.249.24:0
Hash 771deb4c0a0cbd379f7b36fc747a18fd
51560f41df06ebb4ff41b853a58d4becbaab32a1
6fe108ad97aa64713601cb4ff8314772530d2507dac4ede3f471e89fc450dd09
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 08 May 2024 21:29:17 GMT
Content-Type: application/ocsp-response
Content-Length: 2148
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 08 May 2024 19:38:47 GMT
Expires: Thu, 09 May 2024 19:38:47 GMT
ETag: "51560f41df06ebb4ff41b853a58d4becbaab32a1"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
harem-smrt.com/offers/?id=39&affid=7&source=3764&clickid=887bd782ffe041ddaefebe70f1c5f5c3&mail=%7Bemail%7D
188.114.97.1 3.9 kB URL harem-smrt.com/offers/?id=39&affid=7&source=3764&clickid=887bd782ffe041ddaefebe70f1c5f5c3&mail=%7Bemail%7D
IP 188.114.97.1:0
Certificate IssuerLet's Encrypt
Subjectharem-smrt.com
FingerprintB6:AD:43:9F:9E:20:45:C0:21:39:AC:C7:A7:35:52:95:33:95:51:37
ValidityMon, 25 Mar 2024 08:17:28 GMT - Sun, 23 Jun 2024 08:17:27 GMT
File type JavaScript source, ASCII text, with very long lines (584), with CRLF line terminators
Hash eafee30a9d0e4856ab452a6c26ff7c45
da10af762d2306f26bc48f8e49541c9afd1e86b1
6adaf1902b402837132f47c43d9e28dec93a674621c7892892f2f8511ffe9213
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /offers/?id=39&affid=7&source=3764&clickid=887bd782ffe041ddaefebe70f1c5f5c3&mail=%7Bemail%7D HTTP/1.1
Host: harem-smrt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 21:29:15 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Model, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-Prefers-Color-Scheme, Sec-CH-Viewport-Width, Sec-CH-DPR, Sec-CH-Width
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wtZ7Ejr10%2F4lnAfoaXFiZu%2F7zzoWOZNNI34gO3Phd9SotSKJj%2BHBhRbb0kqPqtJEKgQOChOejPF5fcS6YQI4B5mVC56nm2Hsb6Vq5CMQXw3hba4QreRrjwFWf%2BI6wFyx5g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880c8b4c9e43b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
rdvsecret.com/plancul/1/lp1.php?pt=auto&id=1&lp=0&affid=vpn&source=vpn&clickid=81916554
188.114.96.1302 Found 17 kB URL User Request GET HTTP/2 rdvsecret.com/plancul/1/lp1.php?pt=auto&id=1&lp=0&affid=vpn&source=vpn&clickid=81916554
IP 188.114.96.1:443
Certificate IssuerGoogle Trust Services LLC
Subjectrdvsecret.com
FingerprintA5:FA:CC:94:93:C5:E5:D6:B1:BF:1F:14:33:D8:7E:42:77:6C:7C:26
ValidityMon, 25 Mar 2024 08:08:38 GMT - Sun, 23 Jun 2024 08:08:37 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /plancul/1/lp1.php?pt=auto&id=1&lp=0&affid=vpn&source=vpn&clickid=81916554 HTTP/1.1
Host: rdvsecret.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://harem-smrt.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Wed, 08 May 2024 21:29:15 GMT
content-type: text/html; charset=UTF-8
location: https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=jlcabfamb1sss6rtqfveemlbe2; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FBA874%2BygoHM4V1%2BQ47EEP5JV6yB8M9YQ4BA6DOJ%2Ff5H1hv3FDLjWlaKIBHQnuo4bHeFkirTlQ0VblKrA0tTpVqTGuu0y3GtYtAKv4Q1JTOIYKgqStbr60Et0oP8T7%2BV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880c8b5168ddb529-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
rdvsecret.com/favicon.ico
188.114.96.1404 Not Found 196 B URL GET HTTP/3 rdvsecret.com/favicon.ico
IP 188.114.96.1:443
Requested by https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Certificate IssuerGoogle Trust Services LLC
Subjectrdvsecret.com
FingerprintA5:FA:CC:94:93:C5:E5:D6:B1:BF:1F:14:33:D8:7E:42:77:6C:7C:26
ValidityMon, 25 Mar 2024 08:08:38 GMT - Sun, 23 Jun 2024 08:08:37 GMT
File type HTML document, ASCII text, with no line terminators
Hash 4c2721a6662ce6d1ac5be54d16d51d12
a1541245769dedbff563e4ff40a83cb8d675e6e8
d3887c1020b92158055e9155e606f4cb8bed040d5a67e7550e74e8efbe649f8b
GET /favicon.ico HTTP/1.1
Host: rdvsecret.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Cookie: PHPSESSID=jlcabfamb1sss6rtqfveemlbe2; fw=1280; fh=1024; fua=Mozilla/5.0 (X11
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Wed, 08 May 2024 21:29:16 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v%2FS6%2FYhKDOgqOlUvzuMIjxQOulip7H2opdj1XQswi2XgrVYkTd0lbOlR8skUzD%2F1M2GU7SM73WnXgH4t%2BpYH7QbcqjXFhkCRMe1M4xEEXbPjqsEVfjweyOoKPWt4HaHo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880c8b57dba21bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
rdvsecret.com/plancul/1/lp12/loading.svg
188.114.96.1200 OK 2.5 kB URL GET HTTP/3 rdvsecret.com/plancul/1/lp12/loading.svg
IP 188.114.96.1:443
Requested by https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Certificate IssuerGoogle Trust Services LLC
Subjectrdvsecret.com
FingerprintA5:FA:CC:94:93:C5:E5:D6:B1:BF:1F:14:33:D8:7E:42:77:6C:7C:26
ValidityMon, 25 Mar 2024 08:08:38 GMT - Sun, 23 Jun 2024 08:08:37 GMT
File type SVG Scalable Vector Graphics image
Hash 15454f31ba166226cd96473cb6b21ca5
6344c5693ed195c29d9335cb0df249ed77e73675
2d5a8b2b131d803f3cd5629e3b1c85e0c3117c9c0f2191a599f1c568c0a765e8
GET /plancul/1/lp12/loading.svg HTTP/1.1
Host: rdvsecret.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Cookie: PHPSESSID=jlcabfamb1sss6rtqfveemlbe2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:29:16 GMT
content-type: image/svg+xml
last-modified: Tue, 03 Sep 2019 14:18:21 GMT
etag: W/"9e0-591a6c2b82540"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NSDlCF47HpaDHvqJ6xHSq3IoR39VPSVNivnrNvjzDp9znYItg1Mk%2B7JBVn88Jf3WCaHM%2FtNGAwpS2YKjTe2vh5kcE1yUKWa4K6qrBlHWt03JG8lTdS3EtEDxkUZuDQUK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880c8b536e9f1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
rdvsecret.com/plancul/1/lp12/mailcheck.min.js
188.114.96.1200 OK 3.6 kB URL GET HTTP/3 rdvsecret.com/plancul/1/lp12/mailcheck.min.js
IP 188.114.96.1:443
Requested by https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Certificate IssuerGoogle Trust Services LLC
Subjectrdvsecret.com
FingerprintA5:FA:CC:94:93:C5:E5:D6:B1:BF:1F:14:33:D8:7E:42:77:6C:7C:26
ValidityMon, 25 Mar 2024 08:08:38 GMT - Sun, 23 Jun 2024 08:08:37 GMT
File type JavaScript source, ASCII text, with very long lines (3853), with no line terminators
Hash 0795c2385c7be32e183d62aa67d91c0b
791bcc87e220aea876b414a87b294fd7b547841f
d347984c385819a787735fc1a8a25359f8cef6d78070dc7785804baeca372b62
GET /plancul/1/lp12/mailcheck.min.js HTTP/1.1
Host: rdvsecret.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Cookie: PHPSESSID=jlcabfamb1sss6rtqfveemlbe2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:29:16 GMT
content-type: application/javascript
last-modified: Tue, 03 Sep 2019 14:18:19 GMT
etag: W/"e3d-591a6c299a0c0-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZUtWQBTWlPmG14A8ExrBIEgQizPVWQSruc4WLYJ78uZawn%2BGjPdgyEIp%2FbCqTPowhc3wTqE2BCggcazwo13UsyaEY4gJOmO%2B%2F44hIq0RT9GVFD42YR8B1ux3ngzVQECv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880c8b536ea01bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
188.114.96.1200 OK 17 kB URL User Request GET HTTP/3 rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
IP 188.114.96.1:443
Certificate IssuerGoogle Trust Services LLC
Subjectrdvsecret.com
FingerprintA5:FA:CC:94:93:C5:E5:D6:B1:BF:1F:14:33:D8:7E:42:77:6C:7C:26
ValidityMon, 25 Mar 2024 08:08:38 GMT - Sun, 23 Jun 2024 08:08:37 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail= HTTP/1.1
Host: rdvsecret.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://harem-smrt.com/
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=jlcabfamb1sss6rtqfveemlbe2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:29:15 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PFm9oRD0983P4rdFGYmJ12iXGwcZ9V%2FziXgzbvmEMZADKh%2BAqJg1voqtA51Ymvf8JBAvNrpA5h%2FgmE1x2Dkm4m2v83zK%2B3QQXlIIYjiSDYJjX20M5PY0OkAq5BeL6pnO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880c8b51cd091bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
rdvsecret.com/plancul/1/lp12/jquery-2.2.4.min.js
188.114.96.1200 OK 86 kB URL GET HTTP/3 rdvsecret.com/plancul/1/lp12/jquery-2.2.4.min.js
IP 188.114.96.1:443
Requested by https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Certificate IssuerGoogle Trust Services LLC
Subjectrdvsecret.com
FingerprintA5:FA:CC:94:93:C5:E5:D6:B1:BF:1F:14:33:D8:7E:42:77:6C:7C:26
ValidityMon, 25 Mar 2024 08:08:38 GMT - Sun, 23 Jun 2024 08:08:37 GMT
File type JavaScript source, ASCII text, with very long lines (32065)
Hash 2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
GET /plancul/1/lp12/jquery-2.2.4.min.js HTTP/1.1
Host: rdvsecret.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Cookie: PHPSESSID=jlcabfamb1sss6rtqfveemlbe2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:29:16 GMT
content-type: application/javascript
last-modified: Tue, 03 Sep 2019 14:18:20 GMT
etag: W/"14e4a-591a6c2a8e300-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tqBaT8LeRJ89WjJ904atu62YC1rLyhoO1j390OEobgUqWBEu%2FynjXn6i%2FGqrXRBIQyc1K3MRcldX4CAYh79eawCxzD8t3kC1OZko6pZIXzjap9x8tZW%2FmzdDy%2Bmagh%2Bq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880c8b535e981bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
rdvsecret.com/plancul/1/lp12/script.js
188.114.96.1200 OK 1.2 MB URL GET HTTP/3 rdvsecret.com/plancul/1/lp12/script.js
IP 188.114.96.1:443
Requested by https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Certificate IssuerGoogle Trust Services LLC
Subjectrdvsecret.com
FingerprintA5:FA:CC:94:93:C5:E5:D6:B1:BF:1F:14:33:D8:7E:42:77:6C:7C:26
ValidityMon, 25 Mar 2024 08:08:38 GMT - Sun, 23 Jun 2024 08:08:37 GMT
Size 1.2 MB (1238490 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /plancul/1/lp12/script.js HTTP/1.1
Host: rdvsecret.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Cookie: PHPSESSID=jlcabfamb1sss6rtqfveemlbe2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:29:16 GMT
content-type: application/javascript
last-modified: Tue, 03 Sep 2019 14:18:21 GMT
etag: W/"12e5da-591a6c2b82540-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qJKwThGlCPBfRHNAwRC%2B4DTtAOpHZfBRagHty5UID5RXLQvzkhAQ8A2NR6XjqPOUIHEhquhtuyN%2F%2FRIuseuzbZYvfkFt2nRCzeQiN3K4vwJGLlOkmvyPnqUyJeZYBgNW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880c8b535e9d1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
rdvsecret.com/offer/?id=1&lp=0&affid=vpn&source=vpn&clickid=81916554
188.114.96.1302 Found 17 kB URL User Request GET HTTP/2 rdvsecret.com/offer/?id=1&lp=0&affid=vpn&source=vpn&clickid=81916554
IP 188.114.96.1:443
Certificate IssuerGoogle Trust Services LLC
Subjectrdvsecret.com
FingerprintA5:FA:CC:94:93:C5:E5:D6:B1:BF:1F:14:33:D8:7E:42:77:6C:7C:26
ValidityMon, 25 Mar 2024 08:08:38 GMT - Sun, 23 Jun 2024 08:08:37 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /offer/?id=1&lp=0&affid=vpn&source=vpn&clickid=81916554 HTTP/1.1
Host: rdvsecret.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://harem-smrt.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Wed, 08 May 2024 21:29:15 GMT
content-type: text/html; charset=UTF-8
location: https://rdvsecret.com/plancul/1/lp1.php?pt=auto&id=1&lp=0&affid=vpn&source=vpn&clickid=81916554
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m6hpsqED6lHAlYKZjEzRqWXoJEUEkbCklBIkqv0n%2FhIcEn%2FfggvnouW3ELZboHObpKXqoyOF%2FVsl9obY32KBOLl8J3OedplJ8UfKrbcWsg%2Fq9tVx36HP%2FTL%2BidHChd1H"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880c8b50b82fb529-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
rdvsecret.com/plancul/1/lp12/mailcheckPG.js
188.114.96.1200 OK 1.8 kB URL GET HTTP/3 rdvsecret.com/plancul/1/lp12/mailcheckPG.js
IP 188.114.96.1:443
Requested by https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Certificate IssuerGoogle Trust Services LLC
Subjectrdvsecret.com
FingerprintA5:FA:CC:94:93:C5:E5:D6:B1:BF:1F:14:33:D8:7E:42:77:6C:7C:26
ValidityMon, 25 Mar 2024 08:08:38 GMT - Sun, 23 Jun 2024 08:08:37 GMT
File type JavaScript source, ASCII text, with very long lines (2138), with no line terminators
Hash 1c8b1629c60522c37d484f32347a593d
8436131dcfe2f24e0a3687f91edac0a40f62d764
444b38c13e8bd05f5fae69fd0cc36e99688c75a266c1402b0b0ab96473fd77a9
GET /plancul/1/lp12/mailcheckPG.js HTTP/1.1
Host: rdvsecret.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Cookie: PHPSESSID=jlcabfamb1sss6rtqfveemlbe2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:29:16 GMT
content-type: application/javascript
last-modified: Tue, 03 Sep 2019 14:18:19 GMT
etag: W/"719-591a6c299a0c0-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zONJshp01ozvz8Upmr2C7JLnOY3lZaSxC50zS2EjhzgwsdVfvY%2FIOZKLQNeuVpuscWf0d%2FXUhX9yPe0mV4N9HMy2bCQy%2FofK0UsFRTOKfo7eZB4dVc%2BEH3wM8E9La7sr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880c8b536ea11bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
ads.adextrem.com/detect.php
3.120.49.152200 OK 34 B URL GET HTTP/1.1 ads.adextrem.com/detect.php
IP 3.120.49.152:443
Requested by https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Certificate IssuerAmazon
Subject*.adextrem.com
Fingerprint72:E2:BD:3D:B2:61:02:09:94:5C:82:B9:C0:D7:26:15:73:EA:E5:27
ValidityWed, 03 Jan 2024 00:00:00 GMT - Thu, 30 Jan 2025 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 93a48a3b4ce933acad307ab93e31bca9
43c07d6bf28d2fc06547711cea060b5aa0df56f3
6ab2b9bf505bf16efda449af810081478279b4b4151996c66cfccdbc8cd33175
GET /detect.php HTTP/1.1
Host: ads.adextrem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rdvsecret.com/
Cookie: AWSELBCORS=671BC5111EC8C439EC6ECDAADF42C2FCC39A19517227BECBED123D3D2F3DC41482870D4994B37D6077B69EB708D166F78C41FFE40B0DFE41232F657531F899994E4ECE06A6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Wed, 08 May 2024 21:29:16 GMT
Server: Apache/2.4.10 (Debian)
Content-Length: 34
Connection: keep-alive
ads.adextrem.com/push/ifp.php?slot=4&fp2=AX1|tz:0|w:1280|h:1024|ua:Mozilla/5.0%20(X11;%20Linux%20x86_64;%20rv:96.0)%20Gecko/20100101%20Firefox/96.0|lng:en-US,en;q=0.5|PDF%20Viewer|Chrome%20PDF%20Viewer|Chromium%20PDF%20Viewer|Microsoft%20Edge%20PDF%20Viewer|WebKit%20built-in%20PDF|IP:91.90.42.154&allowcookie=true&setreferrer=https%3A%2F%2Frdvsecret.com%2F
3.120.49.152200 OK 0 B URL GET HTTP/1.1 ads.adextrem.com/push/ifp.php?slot=4&fp2=AX1|tz:0|w:1280|h:1024|ua:Mozilla/5.0%20(X11;%20Linux%20x86_64;%20rv:96.0)%20Gecko/20100101%20Firefox/96.0|lng:en-US,en;q=0.5|PDF%20Viewer|Chrome%20PDF%20Viewer|Chromium%20PDF%20Viewer|Microsoft%20Edge%20PDF%20Viewer|WebKit%20built-in%20PDF|IP:91.90.42.154&allowcookie=true&setreferrer=https%3A%2F%2Frdvsecret.com%2F
IP 3.120.49.152:443
Requested by https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Certificate IssuerAmazon
Subject*.adextrem.com
Fingerprint72:E2:BD:3D:B2:61:02:09:94:5C:82:B9:C0:D7:26:15:73:EA:E5:27
ValidityWed, 03 Jan 2024 00:00:00 GMT - Thu, 30 Jan 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /push/ifp.php?slot=4&fp2=AX1|tz:0|w:1280|h:1024|ua:Mozilla/5.0%20(X11;%20Linux%20x86_64;%20rv:96.0)%20Gecko/20100101%20Firefox/96.0|lng:en-US,en;q=0.5|PDF%20Viewer|Chrome%20PDF%20Viewer|Chromium%20PDF%20Viewer|Microsoft%20Edge%20PDF%20Viewer|WebKit%20built-in%20PDF|IP:91.90.42.154&allowcookie=true&setreferrer=https%3A%2F%2Frdvsecret.com%2F HTTP/1.1
Host: ads.adextrem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ads.adextrem.com/push/ifp.php?slot=4
Cookie: AWSELBCORS=671BC5111EC8C439EC6ECDAADF42C2FCC39A19517227BECBED123D3D2F3DC41482870D4994B37D6077B69EB708D166F78C41FFE40B0DFE41232F657531F899994E4ECE06A6
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Content-Type: text/html; charset=UTF-8
Date: Wed, 08 May 2024 21:29:16 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: Apache/2.4.10 (Debian)
Set-Cookie: PHPSESSID=96kftc94h3qh9hqienmarln9u7; path=/
fp2=6a3ae072c99271382845eaab78866bd5; expires=Wed, 15-May-2024 21:29:16 GMT; Max-Age=604800; path=/;samesite=None; domain=ads.adextrem.com; secure
Content-Length: 0
Connection: keep-alive
rdvsecret.com/plancul/1/lp12/jquery.min.js
188.114.96.1200 OK 86 kB URL GET HTTP/3 rdvsecret.com/plancul/1/lp12/jquery.min.js
IP 188.114.96.1:443
Requested by https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Certificate IssuerGoogle Trust Services LLC
Subjectrdvsecret.com
FingerprintA5:FA:CC:94:93:C5:E5:D6:B1:BF:1F:14:33:D8:7E:42:77:6C:7C:26
ValidityMon, 25 Mar 2024 08:08:38 GMT - Sun, 23 Jun 2024 08:08:37 GMT
File type JavaScript source, ASCII text, with very long lines (32069)
Hash 6fc159d00dc3cea4153c038739683f93
5d7e5bbfa540f0e53bd599e4305e1a4e815b5dd1
8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce
GET /plancul/1/lp12/jquery.min.js HTTP/1.1
Host: rdvsecret.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Cookie: PHPSESSID=jlcabfamb1sss6rtqfveemlbe2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:29:16 GMT
content-type: application/javascript
last-modified: Tue, 03 Sep 2019 14:18:21 GMT
etag: W/"14e55-591a6c2b82540-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W4RI7I4Q7Wtv%2B40BbvIL%2Bxz3VAdqTerFgS3sCn2tUfK6lqqrzIcjK7rapsdM5B25n8euQvkZEJLspopGtcf3cVpPR6F1ccgUbYB0T7ygzqpwWDCrkutG60Hm5zk6Pt94"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880c8b535e941bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
rdvsecret.com/plancul/1/lp12/sprite.png
188.114.96.1404 Not Found 196 B URL GET HTTP/3 rdvsecret.com/plancul/1/lp12/sprite.png
IP 188.114.96.1:443
Requested by https://rdvsecret.com/plancul/1/lp12.php?pt=auto&lp=12&id=1&affid=vpn&source=vpn&clickid=81916554&mail=
Certificate IssuerGoogle Trust Services LLC
Subjectrdvsecret.com
FingerprintA5:FA:CC:94:93:C5:E5:D6:B1:BF:1F:14:33:D8:7E:42:77:6C:7C:26
ValidityMon, 25 Mar 2024 08:08:38 GMT - Sun, 23 Jun 2024 08:08:37 GMT
File type HTML document, ASCII text, with no line terminators
Hash 4c2721a6662ce6d1ac5be54d16d51d12
a1541245769dedbff563e4ff40a83cb8d675e6e8
d3887c1020b92158055e9155e606f4cb8bed040d5a67e7550e74e8efbe649f8b
GET /plancul/1/lp12/sprite.png HTTP/1.1
Host: rdvsecret.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rdvsecret.com/plancul/1/lp12/style.css
Cookie: PHPSESSID=jlcabfamb1sss6rtqfveemlbe2; fw=1280; fh=1024; fua=Mozilla/5.0 (X11
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Wed, 08 May 2024 21:29:16 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YDiHzPd4YHxGS9hFYcJi%2BBqtGzXVwBNnHRxeS3vGw%2F72ElnNd2n3Lr05dZw0uNoeXwxWLg8AJPtt29YPWvb6QkHZuHd%2Bn%2FIoIrg0rEkmpRDgfC9wCcBlzBeIo7h4oPX2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880c8b573af21bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400