urlscan.io logo urlscan.io
SecurityTrails logo

www4a.rudyvalencia.pro Open in urlscan Pro
2606:4700:3033::681b:b68a  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www1a.michellehardin.pro/pushredirect/?site=adfly&network=1&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webprone...
Effective URL: https://www4a.rudyvalencia.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.we...
Submission: On September 05 via manual from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 1 countries across 8 domains to perform 36 HTTP transactions. The main IP is 2606:4700:3033::681b:b68a, located in United States and belongs to CLOUDFLARENET, US. The main domain is www4a.rudyvalencia.pro.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 23rd 2020. Valid for: a year.
This is the only time www4a.rudyvalencia.pro was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 2606:4700:303... 13335 (CLOUDFLAR...)
4 143.204.208.188 16509 (AMAZON-02)
3 52.206.71.220 14618 (AMAZON-AES)
11 143.204.201.122 16509 (AMAZON-02)
5 99.86.2.85 16509 (AMAZON-02)
2 2 198.134.116.29 27257 (WEBAIR-IN...)
2 151.139.128.11 20446 (HIGHWINDS3)
2 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
36 9
4    2606:4700:3035::6812:2fd8 (United States)

ASN13335 (CLOUDFLARENET, US)
www1a.michellehardin.pro
www2a.michellehardin.pro
4    143.204.208.188 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-208-188.fra53.r.cloudfront.net
dc5k8fg5ioc8s.cloudfront.net
3    52.206.71.220 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-206-71-220.compute-1.amazonaws.com
aphycolourses.info
11    143.204.201.122 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-122.fra53.r.cloudfront.net
ringassum.club
5    99.86.2.85 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-2-85.fra6.r.cloudfront.net
chardsreme.space
2    198.134.116.29 (Garden City, United States)

ASN27257 (WEBAIR-INTERNET, US)
xml.realtime-bid.com
2    151.139.128.11 (Dallas, United States)

ASN20446 (HIGHWINDS3, US)
static.realtime-bid.com
2    2606:4700:3034::681b:be7b (United States)

ASN13335 (CLOUDFLARENET, US)
www3a.delmarmora.pro
1    2606:4700:3033::681b:b68a (United States)

ASN13335 (CLOUDFLARENET, US)
www4a.rudyvalencia.pro
Domain Requested by
11 ringassum.club dc5k8fg5ioc8s.cloudfront.net
5 chardsreme.space www1a.michellehardin.pro
www2a.michellehardin.pro
www3a.delmarmora.pro
www4a.rudyvalencia.pro
4 dc5k8fg5ioc8s.cloudfront.net www1a.michellehardin.pro
www2a.michellehardin.pro
www3a.delmarmora.pro
www4a.rudyvalencia.pro
3 aphycolourses.info www1a.michellehardin.pro
www2a.michellehardin.pro
www3a.delmarmora.pro
2 www3a.delmarmora.pro aphycolourses.info
www3a.delmarmora.pro
2 static.realtime-bid.com
2 xml.realtime-bid.com
2 www2a.michellehardin.pro aphycolourses.info
www2a.michellehardin.pro
2 www1a.michellehardin.pro www1a.michellehardin.pro
1 www4a.rudyvalencia.pro aphycolourses.info
www4a.rudyvalencia.pro
36 10

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-08-23 -
2021-08-23		 a year crt.sh
*.cloudfront.net
DigiCert Global CA G2		 2020-05-26 -
2021-04-21		 a year crt.sh
aphycolourses.info
Let's Encrypt Authority X3		 2020-07-14 -
2020-10-12		 3 months crt.sh
ringassum.club
Amazon		 2020-08-19 -
2021-09-18		 a year crt.sh
chardsreme.space
Amazon		 2020-07-13 -
2021-08-13		 a year crt.sh
*.realtime-bid.com
AlphaSSL CA - SHA256 - G2		 2019-03-20 -
2021-03-20		 2 years crt.sh

This page contains 7 frames:

Primary Page: https://www4a.rudyvalencia.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
Frame ID: BD8A3EDC8C36094E5161E7F5F08A6035
Requests: 34 HTTP requests in this frame

Frame: https://ringassum.club/a1hDMUIKOiBcfQplIRc3GTR+FHAtfXF3JghtKAkkDG0qXiFTK21SLgQtJ1cwBDY3HywOLGYDBAE7BmMNCDYgZQkSGRZiAzosCFp7Owktc3Q5DRFmDgFoJ3YTKW0KVgMxHTpVZ1keC2MXXxo6Xi8kMxp5IyoBDXcKB2AVczE5EypdEj4KFkAOPmEEZys+KQZ0Mi4BKV4BLBo3BA0TLxd3ESI2C3MLPgEpQhY4MHNDDCkrIXkBPSoSdQQtOS0EGjkNAUILExUWdhEEbgtgEzIBGwE1PjMJAQgTLwd3EQMqEnQhDxIQABo5DQJDEj08BWAGEyoSdCYpPAEcBC8JOgg6MWkndxMoDWYDACowMGcPEisSeQAALyIBAxMKG1V3Mx0RdhszIABpOhgrDFl6CQ4baAw9aBVwCSg7GXQuPWolWRc4HToJKjxpCXImKGgicxBTKAgAJi0WLUl7Mx0nVCEjYQBjBF4hJQAmLQkHUjQtGhpyDjwsAnwXPWsmZzouCi54dT8vZVsxBDYzDC4ZNiBScwQ6C3ImPxV1cg
Frame ID: 9BD419A9B3C71CD086A73A3FC972944E
Requests: 1 HTTP requests in this frame

Frame: https://ringassum.club/UWVIZ3QwBysKSzBYKkEBIwl1QkYXQHohEDJQI18SNlAhCBdpFmYEGD4QLAEGPgs8SRo0EW1VMmQqD1YhBiAsBTU7Cm1VNjQgPyI5FjNtVTISCSQAFmI0LSUNMlYDMhwAIzFfHwUJGR09BTMtMCYIECswQR0sCy4eEzNxHjoSPx8kGT1AeiU9PTwHBiM9DR82H2M/ECoRFjYZVDgQMBEoHiYMEAAlZzUbKhEWIR4LPz0GEDcgABcfMhw8LSYuIwk9DhYQKSQJKSAiEB4PH2YuMV8QCQ0SXhAAAg0oHSYMHiIcPAQLFy4VCw4WEGAGLQQjIVYZIhw8BAA+PRwIZTEHFiR5IhcGFXswJmEOBiQ+ASYMPg4dDjAuLjlQMSRFIVMpVDE1PXo1Ax0jCT07BTchJB1kHSkJEAQnDF9NCAI4AzkrVSMyAxtcLj8hGCEiEAUaIx0uFwYKCiYyZFMpIB8cPQ81BjA0fQQXBhV7NAMmHAczIgM2Dz4RMgI8BhE8ETAvHDkVbg0HPgs4WjcmBj5eEygXLlM2J1Me
Frame ID: 6A4534D0779D93CD556E0846894FA868
Requests: 1 HTTP requests in this frame

Frame: https://static.realtime-bid.com/n337/ad/192x192_0MghJPOUArM0HDecXW2X.jpeg
Frame ID: BCD4237AE670515AFDFD1D2E23DF22CE
Requests: 2 HTTP requests in this frame

Frame: https://ringassum.club/WXVvYk04FwwPcjhIDUQ4KxlSR38fUF0kKTpABForPkAGDS5hBkEBITYACwQ/NhsbTCM8AUpQCx0jXBIiF0c6UgsILz01JBQhKyM9PS86Vy4YMzUaCBsBNiE0PT0uNwQ/LwUoLgMdNjIICC8HOgUcOioOAwAvORUIDxIcFR9pQDwhNws9ODAIHDgXChsYRSIIDj4RDDUOECArJAQdJQczAwxFIgsKaCMOISRpIS0kPhwWBAU4GB4bDBVoGic2GTYXLFN5FTwXNy8BRS0JAhxFKTQZbSAnJAQTFgQKFA4SPlIVaBonISQLEzgFLj0WBAoUGxk6Kx5oWBcNGBFACTUqOjAlFSIcIAcrNB40IQcIAT8mLioTIjYkHzs0OiAhCh4tAQkKODcgDxMtKSR0ODcYCWhrNyozfQojXQEpHSM+LQIfOyEgGwxFKgo9ADYrKCsOGykGFx8nNiUbHxg8Dj4DIF04Kw4SDDUDMQIlMBwhDDwheRojAiAYDgIpJgQyFkkIPjYbH18kLA9eKnkIBjcJIw9M
Frame ID: 91E86B0CF4DAA2003946B189C920F01E
Requests: 1 HTTP requests in this frame

Frame: https://static.realtime-bid.com/n337/ad/192x192_9uJa3R6abTxBxiPPc8Fs.jpeg
Frame ID: 08A990B26B14B792F442971707FF0457
Requests: 2 HTTP requests in this frame

Frame: https://ringassum.club/T2NKTEguASkhdy5eKGo9PQ93aXoJRngKLCxWIXQuKFYjIyt3EGQvJCAWLio6IA0+YiYqF29+DnoBDRYEAVE5HAscNRgaCigzBjs4GzsmBm19JQsKIAQnDiQRDTEyLgkYUwMCL3sbGAh8DjYtfBoHGxMPLCg1BA0JLA8fChIEIjMaHRkPew0DIy4AGR4FFxs0OwsnEhYLDTItCAQZVwwPGQUXGys4HSAzHgYOBAsHAycpEAckAQ8IfH0qNScCKQwEchwCGi4PBD96FggPJAU1AjgtDTEtCAI3KRAUCTwSHAl9KjUjHg0bD38bBTcpEBQOK1QrCjgWLBJhfCo3JnkfBAgpLgkOLnIZLyQrDjZwHDQZPBwqIggKEH4hPw4eOyYOHwYLIS0ODCo7GAMQIzokFC8OKRt/IwcnCycOBiUiDxsZMX0aCQIGCR8SHDcmeC8sFBgKEAoLb34ODQ8+KhsHUw0YJHo0BQoRAScYHSEKDyE9HXwECx4edjIoGQIYRSA/JyETdwYSLDkiNjsaD34K
Frame ID: 040314E141545E3AC93FF94D97F29209
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://www1a.michellehardin.pro/pushredirect/?site=adfly&network=1&ppi=621&pci=15379&t=1599350236&dest=http%... Page URL
  2. https://www2a.michellehardin.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest... Page URL
  3. https://www3a.delmarmora.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest... Page URL
  4. https://www4a.rudyvalencia.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

36
Requests

89 %
HTTPS

33 %
IPv6

8
Domains

10
Subdomains

9
IPs

1
Countries

373 kB
Transfer

950 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www1a.michellehardin.pro/pushredirect/?site=adfly&network=1&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs Page URL
  2. https://www2a.michellehardin.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs Page URL
  3. https://www3a.delmarmora.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs Page URL
  4. https://www4a.rudyvalencia.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18
  • https://xml.realtime-bid.com/thumbnail?i=Bvie2bLTVmU_0&imgt=icon HTTP 302
  • https://static.realtime-bid.com/n337/ad/192x192_0MghJPOUArM0HDecXW2X.jpeg
Request Chain 30
  • https://xml.realtime-bid.com/thumbnail?i=YeFYabzE7Sk_0&imgt=icon HTTP 302
  • https://static.realtime-bid.com/n337/ad/192x192_9uJa3R6abTxBxiPPc8Fs.jpeg

36 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
www1a.michellehardin.pro/pushredirect/ 		18 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www1a.michellehardin.pro/pushredirect/?site=adfly&network=1&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6812:2fd8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.19
Resource Hash
51e4f252c1ab3b6b852df85affccf351beefc0c111b9fc3429bd3d980a405420

Request headers

:method
GET
:authority
www1a.michellehardin.pro
:scheme
https
:path
/pushredirect/?site=adfly&network=1&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Sat, 05 Sep 2020 23:58:23 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d60bfa91089d1a183b35eb1f539f10b011599350303; expires=Mon, 05-Oct-20 23:58:23 GMT; path=/; domain=.michellehardin.pro; HttpOnly; SameSite=Lax
x-powered-by
PHP/7.3.19
vary
Accept-Encoding
x-turbo-charged-by
LiteSpeed
cf-cache-status
DYNAMIC
cf-request-id
05024e01f5000005bb44a6f200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5ce3e5e3290f05bb-FRA
content-encoding
br
am-push.796884.js
www1a.michellehardin.pro/ 		93 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www1a.michellehardin.pro/am-push.796884.js?puid=621&allb=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs&ob=https%3A%2F%2Fwww2a.michellehardin.pro%2Fpushredirect%2F%3Fnetwork%3D1%26ios%3D0%26site%3Dadfly%26ppi%3D621%26pci%3D15379%26t%3D1599350236%26dest%3Dhttp%253A%252F%252Fwww.webpronews.com%252Ftopnews%252F2009%252F05%252F14%252F150000-facebook-spoofs&clb=https%3A%2F%2Fwww2a.michellehardin.pro%2Fpushredirect%2F%3Fnetwork%3D1%26ios%3D0%26site%3Dadfly%26ppi%3D621%26pci%3D15379%26t%3D1599350236%26dest%3Dhttp%253A%252F%252Fwww.webpronews.com%252Ftopnews%252F2009%252F05%252F14%252F150000-facebook-spoofs&asb=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
Requested by
Host: www1a.michellehardin.pro
URL: https://www1a.michellehardin.pro/pushredirect/?site=adfly&network=1&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6812:2fd8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b9191f2cd7c6a9cca2907f04717014b91b655c4345169882578bfeffa4bc185

Request headers

Referer
https://www1a.michellehardin.pro/pushredirect/?site=adfly&network=1&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 05 Sep 2020 23:58:23 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Mon, 27 Jan 2020 18:17:06 GMT
server
cloudflare
etag
W/"175a3-5e2f2922-92729b5fff1c0890;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
5ce3e5e51bc905bb-FRA
cf-request-id
05024e0331000005bb44a81200000001
expires
Sat, 12 Sep 2020 23:58:23 GMT
/
dc5k8fg5ioc8s.cloudfront.net/ 		86 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Requested by
Host: www1a.michellehardin.pro
URL: https://www1a.michellehardin.pro/pushredirect/?site=adfly&network=1&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.208.188 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-208-188.fra53.r.cloudfront.net
Software
/
Resource Hash
12bd581ffc2e01dbaf18d12c1536901f1a1453894613012104dcd47d9dec0440

Request headers

Referer
https://www1a.michellehardin.pro/pushredirect/?site=adfly&network=1&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 05 Sep 2020 23:58:23 GMT
content-encoding
gzip
x-amz-cf-pop
FRA53-C1
status
200
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-length
31523
via
1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
x-amz-cf-id
OWYeKIceS_ymPRtQT_LSiOG1OAEjHJvKrkoHIw4L9YGv8POhQo_Etw==
TWd4bGc2RQsbODgVFE5dbw8MGBc%2BXVdDEDoQSQ1JIA4bBAIhCx0EBj8DEQJJPRUXQwYgSggZFCVJT1VRdV9MQg0%2BWAgZDilaTl5WawYUAAVwDwwYF2hUOUlVC0JKKhA6EFYbAi8XCgMJKBALQgQiCl1eITkICAICOhRdXiF%2FV0hVQn8hSFlCfyFJWEJ%2FI...
aphycolourses.info/ 		59 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aphycolourses.info/TWd4bGc2RQsbODgVFE5dbw8MGBc%2BXVdDEDoQSQ1JIA4bBAIhCx0EBj8DEQJJPRUXQwYgSggZFCVJT1VRdV9MQg0%2BWAgZDilaTl5WawYUAAVwDwwYF2hUOUlVC0JKKhA6EFYbAi8XCgMJKBALQgQiCl1eITkICAICOhRdXiF%2FV0hVQn8hSFlCfyFJWEJ%2FIUlZV31XSEEBLAQdDggiDFUfFyIIHh9BIgVFBBM5FwtJVAxCSipCfyEPGxB%2FBlYBDi4PHQALKA8ZHgMkCVYcFSJCSioXOBQQHgIpDgoJBDlCSipCfiEWCRM6CAoHQn4jSUlVew4XH0J%2BI0hJVXsUERgCaFQ8DQMrCwFJVXsXCAVCfiNOXlZoVU4cBCRCSyhWeFRPVUJ%2FUQxJVAlWTVVeflJIXlR7QkpaAygUDElUCQ8MGBdoVU1fJmhVTV4haFVNXiE6EA9CECgFCB4IIwIPH0kuCBVJVXhVPhgIPQkdGxRoVU1eIX9XSFVCf1JKKld4QkpZVQtWTElVeFU%2BXVJ9V0hcSisGGwkFIggTQRQ9CBcKFGsEFA5aJRMMHBRoVDlJVQtCSioQOhBKDUkgDhsEAiELHQQGPwMRAkk9FRdJVQsXDR8PPwIcBRUoBAxJVQtCSyoJKBMPAxUmQksoVmhVTgUIPkJLKFdoVU4fDjkCXV8jLAMeAB5oVU4cFyRCSyhRf1ZdXlE9BBFJVAlWTV9QdEJKWhNoVDxdUnReS1lXf1ROSVV7Ax0fE2hUPAQTORddXlJ%2BJl1eUn8hXV5SfyEPGxBjEB0OFz8IFgkQPkkbAwpoVU1eITkICAICOhRdXlJ%2FIUpcV3RCSllVC1dNSVV4VT5dU2hVTV4hfFJIXFd9Sh4NBCgFFwMMYBQIAwgrFF4NFC9aEBgTPUJLLUJ%2FIV1eIToQD0IQKAUIHggjAg8fSS4IFUlVCxMXHAkoEAtJVQtVSFxeaFU%2BXFJoVT5dU2hVPl1SfVdIXEorBhsJBSIIE0EUPQgXChRvS1ofCitFQl1LbxMZCzgkA1pWRXpeTlRfeUVUThQ4BScFA3xFQk5Rf1ZaQEU%2BEhozDilVWlZFLFRLCFB0BEhBAiwCHkFTdVVMQV8uXkxBBClVSQ8GdF4eDwV1RVROBiELGk5dbw8MGBd3SFcbEDpJDwkFPRUXAgI6FFYPCCBIDAMXIwIPH0h%2FV0hVSH1SV11TYlZNXFd9V1UKBi4CGgMIJkoLHAgiAQtOS28IGk5dbw8MGBc%2BXVdDEDoQSg1JIA4bBAIhCx0EBj8DEQJJPRUXQxc4FBAeAikOCgkEOUhHAgI5EBceDHBWXgUIPlpIShQkEx1RBikBFBVBPRcRUVF%2FVl4cBCRaSVlUel5eGFp8UkFVVHhXSl9RawMdHxNwDwwYF2hUOUlVC0JKKhA6EFYbAi8XCgMJKBALQgQiCl1eITkICAICOhRdXiF%2FV0hVQn8hSFlCfyFJWEJ%2FIUlZV31XSEEBLAQdDggiDFUfFyIIHh9FYUUbAAVvXVoEEzkXC1ZIYhAPG1UsSRUFBCUCFAACJQYKCA4jSQgeCGIXDR8PPwIcBRUoBAxDWCMCDBsIPwxFXUEkCAtRV2sUERgCcAYcCgs0QQgcDnBRSl1BPQQRUVZ4VE9VQTlaSVledFRNXFV%2BUV4IAj4TRQQTORddXyZoVT5JVQsQDxtJOgIaHBUiCR0bFGMEFwFCfyEMAxcjAg8fQn8hSlxXdEJKKld4QkoqVnlCSipWeFdIXFdgARkPAi8IFwdKPhcXAwE%2BRVROBj4FWlZFJRMMHF1iSA8bEGMQHQ4XPwgWCRA%2BSRsDCmITFxwJKBALQ1V9V0FDV3hISVhIfFJIXFd9Sh4NBCgFFwMMYBQIAwgrFFoR
Requested by
Host: www1a.michellehardin.pro
URL: https://www1a.michellehardin.pro/am-push.796884.js?puid=621&allb=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs&ob=https%3A%2F%2Fwww2a.michellehardin.pro%2Fpushredirect%2F%3Fnetwork%3D1%26ios%3D0%26site%3Dadfly%26ppi%3D621%26pci%3D15379%26t%3D1599350236%26dest%3Dhttp%253A%252F%252Fwww.webpronews.com%252Ftopnews%252F2009%252F05%252F14%252F150000-facebook-spoofs&clb=https%3A%2F%2Fwww2a.michellehardin.pro%2Fpushredirect%2F%3Fnetwork%3D1%26ios%3D0%26site%3Dadfly%26ppi%3D621%26pci%3D15379%26t%3D1599350236%26dest%3Dhttp%253A%252F%252Fwww.webpronews.com%252Ftopnews%252F2009%252F05%252F14%252F150000-facebook-spoofs&asb=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.206.71.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-206-71-220.compute-1.amazonaws.com
Software
/ Express
Resource Hash
0a69187857e1b6eac37b9b02dbacbbe07b8e3fb55da2f2635fc722eec6825230

Request headers

Referer
https://www1a.michellehardin.pro/pushredirect/?site=adfly&network=1&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-encoding
gzip
etag
W/"ed98-Iw4fcjOVCwGOxcsdnVv5elhGuZs"
status
200
x-powered-by
Express
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
X-Requested-With,content-type
utx
ringassum.club/ 		0
420 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ringassum.club/utx?cb=eTf95biVeFlN&top=www1a.michellehardin.pro&tid=824473
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.201.122 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-201-122.fra53.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www1a.michellehardin.pro/pushredirect/?site=adfly&network=1&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 05 Sep 2020 23:58:24 GMT
via
1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront)
server
openresty/1.17.8.2
x-amz-cf-pop
FRA53-C1
status
204
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
https://www1a.michellehardin.pro
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
x-amz-cf-id
zR6G512ysGUVEf_N0SzW1OeTEsFzc2Rx214LbFriDsRmZUam9cfgsg==
a1hDMUIKOiBcfQplIRc3GTR+FHAtfXF3JghtKAkkDG0qXiFTK21SLgQtJ1cwBDY3HywOLGYDBAE7BmMNCDYgZQkSGRZiAzosCFp7Owktc3Q5DRFmDgFoJ3YTKW0KVgMxHTpVZ1keC2MXXxo6Xi8kMxp5IyoBDXcKB2AVczE5EypdEj4KFkAOPmEEZys+KQZ0Mi4BK...
ringassum.club/ Frame 9BD4 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ringassum.club/a1hDMUIKOiBcfQplIRc3GTR+FHAtfXF3JghtKAkkDG0qXiFTK21SLgQtJ1cwBDY3HywOLGYDBAE7BmMNCDYgZQkSGRZiAzosCFp7Owktc3Q5DRFmDgFoJ3YTKW0KVgMxHTpVZ1keC2MXXxo6Xi8kMxp5IyoBDXcKB2AVczE5EypdEj4KFkAOPmEEZys+KQZ0Mi4BKV4BLBo3BA0TLxd3ESI2C3MLPgEpQhY4MHNDDCkrIXkBPSoSdQQtOS0EGjkNAUILExUWdhEEbgtgEzIBGwE1PjMJAQgTLwd3EQMqEnQhDxIQABo5DQJDEj08BWAGEyoSdCYpPAEcBC8JOgg6MWkndxMoDWYDACowMGcPEisSeQAALyIBAxMKG1V3Mx0RdhszIABpOhgrDFl6CQ4baAw9aBVwCSg7GXQuPWolWRc4HToJKjxpCXImKGgicxBTKAgAJi0WLUl7Mx0nVCEjYQBjBF4hJQAmLQkHUjQtGhpyDjwsAnwXPWsmZzouCi54dT8vZVsxBDYzDC4ZNiBScwQ6C3ImPxV1cg
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.201.122 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-201-122.fra53.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash

Request headers

:method
GET
:authority
ringassum.club
:scheme
https
:path
/a1hDMUIKOiBcfQplIRc3GTR+FHAtfXF3JghtKAkkDG0qXiFTK21SLgQtJ1cwBDY3HywOLGYDBAE7BmMNCDYgZQkSGRZiAzosCFp7Owktc3Q5DRFmDgFoJ3YTKW0KVgMxHTpVZ1keC2MXXxo6Xi8kMxp5IyoBDXcKB2AVczE5EypdEj4KFkAOPmEEZys+KQZ0Mi4BKV4BLBo3BA0TLxd3ESI2C3MLPgEpQhY4MHNDDCkrIXkBPSoSdQQtOS0EGjkNAUILExUWdhEEbgtgEzIBGwE1PjMJAQgTLwd3EQMqEnQhDxIQABo5DQJDEj08BWAGEyoSdCYpPAEcBC8JOgg6MWkndxMoDWYDACowMGcPEisSeQAALyIBAxMKG1V3Mx0RdhszIABpOhgrDFl6CQ4baAw9aBVwCSg7GXQuPWolWRc4HToJKjxpCXImKGgicxBTKAgAJi0WLUl7Mx0nVCEjYQBjBF4hJQAmLQkHUjQtGhpyDjwsAnwXPWsmZzouCi54dT8vZVsxBDYzDC4ZNiBScwQ6C3ImPxV1cg
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www1a.michellehardin.pro/pushredirect/?site=adfly&network=1&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www1a.michellehardin.pro/pushredirect/?site=adfly&network=1&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs

Response headers

status
200
content-type
text/html
content-length
1234
date
Sat, 05 Sep 2020 23:58:24 GMT
server
openresty/1.17.8.2
cache-control
no-store, no-cache, must-revalidate, no-transform
pragma
no-cache
p3p
CP="NID DSP ALL COR"
content-encoding
gzip
x-cache
Miss from cloudfront
via
1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
sbkqCrfjOtjFHr7VnswTBHGl0nxWFNIbCC1hCmNEYldW3nqVEUpD4w==
truncated
/ 		10 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
popunder.gif
chardsreme.space/ 		35 B
366 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://chardsreme.space/popunder.gif
Requested by
Host: www1a.michellehardin.pro
URL: https://www1a.michellehardin.pro/pushredirect/?site=adfly&network=1&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.2.85 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-2-85.fra6.r.cloudfront.net
Software
/
Resource Hash

Request headers

Referer
https://www1a.michellehardin.pro/pushredirect/?site=adfly&network=1&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
public
date
Sat, 05 Sep 2020 23:58:24 GMT
content-encoding
gzip
x-amz-cf-pop
FRA6-C1
status
200
x-cache
Miss from cloudfront
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=604800, immutable
content-length
58
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
x-amz-cf-id
WSYEuuN9bmpAjSt1KHcpK0NnqDY8uEQa194nz2Vb9z3KV2MiKmaKiA==
/
www2a.michellehardin.pro/pushredirect/ 		18 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www2a.michellehardin.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
Requested by
Host: aphycolourses.info
URL: https://aphycolourses.info/TWd4bGc2RQsbODgVFE5dbw8MGBc%2BXVdDEDoQSQ1JIA4bBAIhCx0EBj8DEQJJPRUXQwYgSggZFCVJT1VRdV9MQg0%2BWAgZDilaTl5WawYUAAVwDwwYF2hUOUlVC0JKKhA6EFYbAi8XCgMJKBALQgQiCl1eITkICAICOhRdXiF%2FV0hVQn8hSFlCfyFJWEJ%2FIUlZV31XSEEBLAQdDggiDFUfFyIIHh9BIgVFBBM5FwtJVAxCSipCfyEPGxB%2FBlYBDi4PHQALKA8ZHgMkCVYcFSJCSioXOBQQHgIpDgoJBDlCSipCfiEWCRM6CAoHQn4jSUlVew4XH0J%2BI0hJVXsUERgCaFQ8DQMrCwFJVXsXCAVCfiNOXlZoVU4cBCRCSyhWeFRPVUJ%2FUQxJVAlWTVVeflJIXlR7QkpaAygUDElUCQ8MGBdoVU1fJmhVTV4haFVNXiE6EA9CECgFCB4IIwIPH0kuCBVJVXhVPhgIPQkdGxRoVU1eIX9XSFVCf1JKKld4QkpZVQtWTElVeFU%2BXVJ9V0hcSisGGwkFIggTQRQ9CBcKFGsEFA5aJRMMHBRoVDlJVQtCSioQOhBKDUkgDhsEAiELHQQGPwMRAkk9FRdJVQsXDR8PPwIcBRUoBAxJVQtCSyoJKBMPAxUmQksoVmhVTgUIPkJLKFdoVU4fDjkCXV8jLAMeAB5oVU4cFyRCSyhRf1ZdXlE9BBFJVAlWTV9QdEJKWhNoVDxdUnReS1lXf1ROSVV7Ax0fE2hUPAQTORddXlJ%2BJl1eUn8hXV5SfyEPGxBjEB0OFz8IFgkQPkkbAwpoVU1eITkICAICOhRdXlJ%2FIUpcV3RCSllVC1dNSVV4VT5dU2hVTV4hfFJIXFd9Sh4NBCgFFwMMYBQIAwgrFF4NFC9aEBgTPUJLLUJ%2FIV1eIToQD0IQKAUIHggjAg8fSS4IFUlVCxMXHAkoEAtJVQtVSFxeaFU%2BXFJoVT5dU2hVPl1SfVdIXEorBhsJBSIIE0EUPQgXChRvS1ofCitFQl1LbxMZCzgkA1pWRXpeTlRfeUVUThQ4BScFA3xFQk5Rf1ZaQEU%2BEhozDilVWlZFLFRLCFB0BEhBAiwCHkFTdVVMQV8uXkxBBClVSQ8GdF4eDwV1RVROBiELGk5dbw8MGBd3SFcbEDpJDwkFPRUXAgI6FFYPCCBIDAMXIwIPH0h%2FV0hVSH1SV11TYlZNXFd9V1UKBi4CGgMIJkoLHAgiAQtOS28IGk5dbw8MGBc%2BXVdDEDoQSg1JIA4bBAIhCx0EBj8DEQJJPRUXQxc4FBAeAikOCgkEOUhHAgI5EBceDHBWXgUIPlpIShQkEx1RBikBFBVBPRcRUVF%2FVl4cBCRaSVlUel5eGFp8UkFVVHhXSl9RawMdHxNwDwwYF2hUOUlVC0JKKhA6EFYbAi8XCgMJKBALQgQiCl1eITkICAICOhRdXiF%2FV0hVQn8hSFlCfyFJWEJ%2FIUlZV31XSEEBLAQdDggiDFUfFyIIHh9FYUUbAAVvXVoEEzkXC1ZIYhAPG1UsSRUFBCUCFAACJQYKCA4jSQgeCGIXDR8PPwIcBRUoBAxDWCMCDBsIPwxFXUEkCAtRV2sUERgCcAYcCgs0QQgcDnBRSl1BPQQRUVZ4VE9VQTlaSVledFRNXFV%2BUV4IAj4TRQQTORddXyZoVT5JVQsQDxtJOgIaHBUiCR0bFGMEFwFCfyEMAxcjAg8fQn8hSlxXdEJKKld4QkoqVnlCSipWeFdIXFdgARkPAi8IFwdKPhcXAwE%2BRVROBj4FWlZFJRMMHF1iSA8bEGMQHQ4XPwgWCRA%2BSRsDCmITFxwJKBALQ1V9V0FDV3hISVhIfFJIXFd9Sh4NBCgFFwMMYBQIAwgrFFoR
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6812:2fd8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.19
Resource Hash
d1a1ebe06c37a325fe8763edb9c11bac90c461c2657f766fe5b570f47143506c

Request headers

:method
GET
:authority
www2a.michellehardin.pro
:scheme
https
:path
/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://www1a.michellehardin.pro/pushredirect/?site=adfly&network=1&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cfduid=d60bfa91089d1a183b35eb1f539f10b011599350303
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www1a.michellehardin.pro/pushredirect/?site=adfly&network=1&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs

Response headers

status
200
date
Sat, 05 Sep 2020 23:58:24 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.3.19
vary
Accept-Encoding
x-turbo-charged-by
LiteSpeed
cf-cache-status
DYNAMIC
cf-request-id
05024e0778000005bb44acb200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5ce3e5ebff3105bb-FRA
content-encoding
br
floater
ringassum.club/ 		0
0
/
dc5k8fg5ioc8s.cloudfront.net/ 		86 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Requested by
Host: www2a.michellehardin.pro
URL: https://www2a.michellehardin.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.208.188 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-208-188.fra53.r.cloudfront.net
Software
/
Resource Hash
12bd581ffc2e01dbaf18d12c1536901f1a1453894613012104dcd47d9dec0440

Request headers

Referer
https://www2a.michellehardin.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 05 Sep 2020 23:58:23 GMT
content-encoding
gzip
age
1
status
200
x-cache
Hit from cloudfront
access-control-allow-origin
*
cache-control
no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
x-amz-cf-pop
FRA53-C1
content-length
31523
via
1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
x-amz-cf-id
z6hVd006bTH5vDpgOHvw-qq0ZulWJP4rBJD4tYRFTe9_x0g6bqRgzw==
utx
ringassum.club/ 		0
422 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ringassum.club/utx?cb=FoEJDItymz87&top=www2a.michellehardin.pro&tid=824473
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.201.122 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-201-122.fra53.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www2a.michellehardin.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 05 Sep 2020 23:58:25 GMT
via
1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront)
server
openresty/1.17.8.2
x-amz-cf-pop
FRA53-C1
status
204
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
https://www2a.michellehardin.pro
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
x-amz-cf-id
4-DFY1JUPmJFbuQdip9J9nvdzpVweVXSVoj-pAFrSBFqNWqSxg2zOA==
ECoRFjYZVDgQMBEoHiYMEAAlZzUbKhEWIR4LPz0GEDcgABcfMhw8LSYuIwk9DhYQKSQJKSAiEB4PH2YuMV8QCQ0SXhAAAg0oHSYMHiIcPAQLFy4VCw4WEGAGLQQjIVYZIhw8BAA+PRwIZTEHFiR5IhcGFXswJmEOBiQ+ASYMPg4dDjAuLjlQMSRFIVMpVDE1PXo1A...
ringassum.club/UWVIZ3QwBysKSzBYKkEBIwl1QkYXQHohEDJQI18SNlAhCBdpFmYEGD4QLAEGPgs8SRo0EW1VMmQqD1YhBiAsBTU7Cm1VNjQgPyI5FjNtVTISCSQAFmI0LSUNMlYDMhwAIzFfHwUJGR09BTMtMCYIECswQR0sCy4eEzNxHjoSPx8kGT1AeiU9PT... Frame 6A45 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ringassum.club/UWVIZ3QwBysKSzBYKkEBIwl1QkYXQHohEDJQI18SNlAhCBdpFmYEGD4QLAEGPgs8SRo0EW1VMmQqD1YhBiAsBTU7Cm1VNjQgPyI5FjNtVTISCSQAFmI0LSUNMlYDMhwAIzFfHwUJGR09BTMtMCYIECswQR0sCy4eEzNxHjoSPx8kGT1AeiU9PTwHBiM9DR82H2M/ECoRFjYZVDgQMBEoHiYMEAAlZzUbKhEWIR4LPz0GEDcgABcfMhw8LSYuIwk9DhYQKSQJKSAiEB4PH2YuMV8QCQ0SXhAAAg0oHSYMHiIcPAQLFy4VCw4WEGAGLQQjIVYZIhw8BAA+PRwIZTEHFiR5IhcGFXswJmEOBiQ+ASYMPg4dDjAuLjlQMSRFIVMpVDE1PXo1Ax0jCT07BTchJB1kHSkJEAQnDF9NCAI4AzkrVSMyAxtcLj8hGCEiEAUaIx0uFwYKCiYyZFMpIB8cPQ81BjA0fQQXBhV7NAMmHAczIgM2Dz4RMgI8BhE8ETAvHDkVbg0HPgs4WjcmBj5eEygXLlM2J1Me
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.201.122 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-201-122.fra53.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash

Request headers

:method
GET
:authority
ringassum.club
:scheme
https
:path
/UWVIZ3QwBysKSzBYKkEBIwl1QkYXQHohEDJQI18SNlAhCBdpFmYEGD4QLAEGPgs8SRo0EW1VMmQqD1YhBiAsBTU7Cm1VNjQgPyI5FjNtVTISCSQAFmI0LSUNMlYDMhwAIzFfHwUJGR09BTMtMCYIECswQR0sCy4eEzNxHjoSPx8kGT1AeiU9PTwHBiM9DR82H2M/ECoRFjYZVDgQMBEoHiYMEAAlZzUbKhEWIR4LPz0GEDcgABcfMhw8LSYuIwk9DhYQKSQJKSAiEB4PH2YuMV8QCQ0SXhAAAg0oHSYMHiIcPAQLFy4VCw4WEGAGLQQjIVYZIhw8BAA+PRwIZTEHFiR5IhcGFXswJmEOBiQ+ASYMPg4dDjAuLjlQMSRFIVMpVDE1PXo1Ax0jCT07BTchJB1kHSkJEAQnDF9NCAI4AzkrVSMyAxtcLj8hGCEiEAUaIx0uFwYKCiYyZFMpIB8cPQ81BjA0fQQXBhV7NAMmHAczIgM2Dz4RMgI8BhE8ETAvHDkVbg0HPgs4WjcmBj5eEygXLlM2J1Me
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www2a.michellehardin.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www2a.michellehardin.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs

Response headers

status
200
content-type
text/html
content-length
1233
date
Sat, 05 Sep 2020 23:58:25 GMT
server
openresty/1.17.8.2
cache-control
no-store, no-cache, must-revalidate, no-transform
pragma
no-cache
p3p
CP="NID DSP ALL COR"
content-encoding
gzip
x-cache
Miss from cloudfront
via
1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
Xz-PfuDtv_IaKw6E4WWi2jHRIqYh3v4qXiXWvD90whfrGX_CV58Rxg==
truncated
/ 		10 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
popunder.gif
chardsreme.space/ 		35 B
367 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://chardsreme.space/popunder.gif
Requested by
Host: www2a.michellehardin.pro
URL: https://www2a.michellehardin.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.2.85 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-2-85.fra6.r.cloudfront.net
Software
/
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer
https://www2a.michellehardin.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
public
date
Sat, 05 Sep 2020 23:58:25 GMT
content-encoding
gzip
x-amz-cf-pop
FRA6-C1
status
200
x-cache
Miss from cloudfront
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=604800, immutable
content-length
58
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
x-amz-cf-id
n8LLspJUGGAL2FN1uW9tQvdA6PUrqo-AxDPEa4EZljXl7tM-tdMeNg==
floater
ringassum.club/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ringassum.club/floater?tid=824473&red=1&cs=VXg5QWxkTgpzXG0ZCSQKMEpcIFxl&abt=0&v=0.5.47.3&sm=83&k=&sts=0&prn=0&emb=0&fs=1&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww2a.michellehardin.pro%2Fpushredirect%2F%3Fnetwork%3D1%26ios%3D0%26site%3Dadfly%26ppi%3D621%26pci%3D15379%26t%3D1599350236%26dest%3Dhttp%253A%252F%252Fwww.webpronews.com%252Ftopnews%252F2009%252F05%252F14%252F150000-facebook-spoofs&osr=www1a.michellehardin.pro&jst=0&enr=0&lcua=mozilla%2F5.0%20(macintosh%3B%20intel%20mac%20os%20x%2010_14_5)%20applewebkit%2F537.36%20(khtml%2C%20like%20gecko)%20chrome%2F83.0.4103.61%20safari%2F537.36&tzd=2&uloc=&if=0&_5OGB=1599350305546&crc=1
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.201.122 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-201-122.fra53.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
629b3109127c9d8ee7e434b23b3b42e3ac733d5a7c5070c0fc5e2e0b49079e57

Request headers

Referer
https://www2a.michellehardin.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 05 Sep 2020 23:58:26 GMT
content-encoding
gzip
server
openresty/1.17.8.2
x-amz-cf-pop
FRA53-C1
status
200
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
https://www2a.michellehardin.pro
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
content-type
text/plain
content-length
1648
via
1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront)
x-amz-cf-id
B_-kuZsgSlF-c2Dt7VlEAIdo_ygoI6UFQbcvM4SfdrrWDzfO0tqsrg==
am-push.796884.js
www2a.michellehardin.pro/ 		93 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www2a.michellehardin.pro/am-push.796884.js?puid=621&allb=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs&ob=https%3A%2F%2Fwww3a.delmarmora.pro%2Fpushredirect%2F%3Fnetwork%3D1%26ios%3D0%26site%3Dadfly%26ppi%3D621%26pci%3D15379%26t%3D1599350236%26dest%3Dhttp%253A%252F%252Fwww.webpronews.com%252Ftopnews%252F2009%252F05%252F14%252F150000-facebook-spoofs&clb=https%3A%2F%2Fwww3a.delmarmora.pro%2Fpushredirect%2F%3Fnetwork%3D1%26ios%3D0%26site%3Dadfly%26ppi%3D621%26pci%3D15379%26t%3D1599350236%26dest%3Dhttp%253A%252F%252Fwww.webpronews.com%252Ftopnews%252F2009%252F05%252F14%252F150000-facebook-spoofs&asb=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
Requested by
Host: www2a.michellehardin.pro
URL: https://www2a.michellehardin.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6812:2fd8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b9191f2cd7c6a9cca2907f04717014b91b655c4345169882578bfeffa4bc185

Request headers

Referer
https://www2a.michellehardin.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 05 Sep 2020 23:58:28 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Mon, 27 Jan 2020 18:17:06 GMT
server
cloudflare
etag
W/"175a3-5e2f2922-92729b5fff1c0890;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
5ce3e60049ba05bb-FRA
cf-request-id
05024e142c000005bb44b89200000001
expires
Sat, 12 Sep 2020 23:58:28 GMT
thumbnail
xml.realtime-bid.com/ 		0
0
192x192_0MghJPOUArM0HDecXW2X.jpeg
static.realtime-bid.com/n337/ad/ Frame BCD4
Redirect Chain
  • https://xml.realtime-bid.com/thumbnail?i=Bvie2bLTVmU_0&imgt=icon
  • https://static.realtime-bid.com/n337/ad/192x192_0MghJPOUArM0HDecXW2X.jpeg
5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.realtime-bid.com/n337/ad/192x192_0MghJPOUArM0HDecXW2X.jpeg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 05 Sep 2020 23:58:28 GMT
last-modified
Fri, 07 Aug 2020 03:47:26 GMT
server
nginx
etag
"5f2ccece-15b4"
status
200
x-hw
1599350308.cds043.sk1.hn,1599350308.cds031.sk1.c
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
content-length
5556

Redirect headers

Location
https://static.realtime-bid.com/n337/ad/192x192_0MghJPOUArM0HDecXW2X.jpeg
Date
Sat, 05 Sep 2020 23:58:28 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
truncated
/ Frame BCD4 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
63a428de16700f13f745cca888ee6d19b8c9470c623116b647c2a0cb431549a0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
NE1MN3dPbz9AKEE%2FIBVNFiU4QwdHd2MYAEM6flZZWSQvXxJYISlfFkYpJVlZRD8jGBZZYDxCBFxjew5BDHV4GR1HcjxCHlBwegVGEiwgWxUJJThDBxF%2BDRJFcmh%2BcQBDOmJAElY9PlgZUTo%2FGRRbIGkFMUAiPFkSQz5pBTEGfXwOUgYLfAJSBgt9A1IGC...
aphycolourses.info/ 		59 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aphycolourses.info/NE1MN3dPbz9AKEE%2FIBVNFiU4QwdHd2MYAEM6flZZWSQvXxJYISlfFkYpJVlZRD8jGBZZYDxCBFxjew5BDHV4GR1HcjxCHlBwegVGEiwgWxUJJThDBxF%2BDRJFcmh%2BcQBDOmJAElY9PlgZUTo%2FGRRbIGkFMUAiPFkSQz5pBTEGfXwOUgYLfAJSBgt9A1IGC30CRwR9fBoRVS4pVRhbJmFEB1siKkRRWy9xXwNAPT8SRHVofnFSBgs7QAAHLGJTElggLUUaWz8tGQdGImkFMUQ4P18FUSklRRJXOWkFMRF%2BClkSQDojRRwRfggGUgZ7JVgEEX4IB1IGez9eA1Fof3MWUCsgTlIGezxHHhF%2BCAFFBWh%2BAQdXJGkEMwV4fwBOEX96Q1IHCX0CTg1%2BeQdFB3tpBUFQKD9DUgcJJEMDRGh%2BAkR1aH4CRXJofgJFcjo7QFlDKC5HBVsjKUAEGi4jWlIGeH5xA1s9IlIAR2h%2BAkVyf3wHThF%2FeQUxBHhpBUIGC30DUgZ4fnFGAX18B0cZKy1UElYiI1xaRz0jWBFHay9bFQklOEMHR2h%2FdlIGC2kFMUM6OwQWGikpWxpVPyFYBVVjPEUYEX8KRwJHJT5SE10%2FKVQDEX8KEkRyIylDAFs%2FJxJEcHxpBUFdIj8SRHB9aQVBRyQ4UlIHCS1TEVg0aQVBRD0lEkRwe34GUgZ7PFQeEX4IBkIHenUSRQI5aQQzBXh1DkQBfX4EQRF%2FelMSRzlpBDNcOThHUgZ4f3ZSBnh%2BcVIGeH5xAEM6YkASVj0%2BWBlROj8ZFFsgaQVCBgs4WAdaKDtEUgZ4fnFFBH11EkUBfwoHQhF%2FeQUxBXlpBUIGC30CRwR9fBoRVS4pVRhbJmFEB1siKkRRVT4uCh9AOTwSRHVofnFSBgs7QAAaOilVB0YiIlIAR2MvWBoRfwpDGEQjKUAEEX8KBUcEdGkFMQR4aQUxBXlpBTEFeHwHRwRgKlYUUS8jWBwZPjxYGFI%2BbhtVRyAqFU0FYW5DFlMSJVNVDm97DkEMdXgVWxY%2BOVUoXSl9FU0We34GVRhvP0IVayQoBVUOby0ERFB6dVRHGSgtUhEZeXQFQxl1Lw5DGS4oBUZXLHUOEVcvdBVbFiwgWxUWd25fA0A9dhhYQzo7GQBRLzxFGFooO0RZVyIhGANbPSJSAEdifgdHDWJ8AlgFeWMGQgR9fAdaUiwvUhVbIicaBEQiI1EEFmFuWBUWd25fA0A9Pw1YGzo7QERVYyhSG1ksPloYRixiRwVbYjxCBFw%2FKVMeRigvQ1gLIylDAFs%2FJwpGEiQjREoEaz9eA1FwLVMRWDRqRwddcHoFRhI9L15KBXh%2FAE4SOXEGQg10fwJHBn56ERNRPjgKH0A5PBJEdWh%2BcVIGCztAABo6KVUHRiIiUgBHYy9YGhF%2FCkMYRCMpQAQRfwoFRwR0aQUxBHhpBTEFeWkFMQV4fAdHBGAqVhRRLyNYHBk%2BPFgYUj5uG1VXIS4VTRYlOEMHR3djGABDOn9WWVAoIFoWRiAjRRYaPT5YWEQ4P18FUSklRRJXOWMIGVE5O1gFX3B9ER5bPnEHUUckOFJKVSkqWw4SPTxeSgJ%2FfREHVyRxBkIHenURAwl8eQ5OB3h8BUQCayhSBEBwJEMDRGh%2FdlIGC2kFMUM6OxkAUS88RRhaKDtEWVciIRJFcjkjRxlROj8SRXJ%2FfAdOEX8KB0IRfwoGQxF%2FCgZCBH18B1pSLC9SFVsiJxoERCIjUQQWYW5WBFZvdhUfQDk8DVgbOjtAWUMoLkcFWyMpQAQaLiNaWEAiPFkSQz5jBUcEdGMHQht8eBhGAX18B0cZKy1UElYiI1xaRz0jWBFHbzE
Requested by
Host: www2a.michellehardin.pro
URL: https://www2a.michellehardin.pro/am-push.796884.js?puid=621&allb=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs&ob=https%3A%2F%2Fwww3a.delmarmora.pro%2Fpushredirect%2F%3Fnetwork%3D1%26ios%3D0%26site%3Dadfly%26ppi%3D621%26pci%3D15379%26t%3D1599350236%26dest%3Dhttp%253A%252F%252Fwww.webpronews.com%252Ftopnews%252F2009%252F05%252F14%252F150000-facebook-spoofs&clb=https%3A%2F%2Fwww3a.delmarmora.pro%2Fpushredirect%2F%3Fnetwork%3D1%26ios%3D0%26site%3Dadfly%26ppi%3D621%26pci%3D15379%26t%3D1599350236%26dest%3Dhttp%253A%252F%252Fwww.webpronews.com%252Ftopnews%252F2009%252F05%252F14%252F150000-facebook-spoofs&asb=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.206.71.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-206-71-220.compute-1.amazonaws.com
Software
/ Express
Resource Hash
cd67cec1a6fcf5f7590bdcb31d397d6828c8bb78b7f5ed4f270d8aa0b2031631

Request headers

Referer
https://www2a.michellehardin.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-encoding
gzip
etag
W/"ed83-15p39tF1/dKFUpWrMpsbb1fOk4I"
status
200
x-powered-by
Express
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
X-Requested-With,content-type
/
www3a.delmarmora.pro/pushredirect/ 		18 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www3a.delmarmora.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
Requested by
Host: aphycolourses.info
URL: https://aphycolourses.info/NE1MN3dPbz9AKEE%2FIBVNFiU4QwdHd2MYAEM6flZZWSQvXxJYISlfFkYpJVlZRD8jGBZZYDxCBFxjew5BDHV4GR1HcjxCHlBwegVGEiwgWxUJJThDBxF%2BDRJFcmh%2BcQBDOmJAElY9PlgZUTo%2FGRRbIGkFMUAiPFkSQz5pBTEGfXwOUgYLfAJSBgt9A1IGC30CRwR9fBoRVS4pVRhbJmFEB1siKkRRWy9xXwNAPT8SRHVofnFSBgs7QAAHLGJTElggLUUaWz8tGQdGImkFMUQ4P18FUSklRRJXOWkFMRF%2BClkSQDojRRwRfggGUgZ7JVgEEX4IB1IGez9eA1Fof3MWUCsgTlIGezxHHhF%2BCAFFBWh%2BAQdXJGkEMwV4fwBOEX96Q1IHCX0CTg1%2BeQdFB3tpBUFQKD9DUgcJJEMDRGh%2BAkR1aH4CRXJofgJFcjo7QFlDKC5HBVsjKUAEGi4jWlIGeH5xA1s9IlIAR2h%2BAkVyf3wHThF%2FeQUxBHhpBUIGC30DUgZ4fnFGAX18B0cZKy1UElYiI1xaRz0jWBFHay9bFQklOEMHR2h%2FdlIGC2kFMUM6OwQWGikpWxpVPyFYBVVjPEUYEX8KRwJHJT5SE10%2FKVQDEX8KEkRyIylDAFs%2FJxJEcHxpBUFdIj8SRHB9aQVBRyQ4UlIHCS1TEVg0aQVBRD0lEkRwe34GUgZ7PFQeEX4IBkIHenUSRQI5aQQzBXh1DkQBfX4EQRF%2FelMSRzlpBDNcOThHUgZ4f3ZSBnh%2BcVIGeH5xAEM6YkASVj0%2BWBlROj8ZFFsgaQVCBgs4WAdaKDtEUgZ4fnFFBH11EkUBfwoHQhF%2FeQUxBXlpBUIGC30CRwR9fBoRVS4pVRhbJmFEB1siKkRRVT4uCh9AOTwSRHVofnFSBgs7QAAaOilVB0YiIlIAR2MvWBoRfwpDGEQjKUAEEX8KBUcEdGkFMQR4aQUxBXlpBTEFeHwHRwRgKlYUUS8jWBwZPjxYGFI%2BbhtVRyAqFU0FYW5DFlMSJVNVDm97DkEMdXgVWxY%2BOVUoXSl9FU0We34GVRhvP0IVayQoBVUOby0ERFB6dVRHGSgtUhEZeXQFQxl1Lw5DGS4oBUZXLHUOEVcvdBVbFiwgWxUWd25fA0A9dhhYQzo7GQBRLzxFGFooO0RZVyIhGANbPSJSAEdifgdHDWJ8AlgFeWMGQgR9fAdaUiwvUhVbIicaBEQiI1EEFmFuWBUWd25fA0A9Pw1YGzo7QERVYyhSG1ksPloYRixiRwVbYjxCBFw%2FKVMeRigvQ1gLIylDAFs%2FJwpGEiQjREoEaz9eA1FwLVMRWDRqRwddcHoFRhI9L15KBXh%2FAE4SOXEGQg10fwJHBn56ERNRPjgKH0A5PBJEdWh%2BcVIGCztAABo6KVUHRiIiUgBHYy9YGhF%2FCkMYRCMpQAQRfwoFRwR0aQUxBHhpBTEFeWkFMQV4fAdHBGAqVhRRLyNYHBk%2BPFgYUj5uG1VXIS4VTRYlOEMHR3djGABDOn9WWVAoIFoWRiAjRRYaPT5YWEQ4P18FUSklRRJXOWMIGVE5O1gFX3B9ER5bPnEHUUckOFJKVSkqWw4SPTxeSgJ%2FfREHVyRxBkIHenURAwl8eQ5OB3h8BUQCayhSBEBwJEMDRGh%2FdlIGC2kFMUM6OxkAUS88RRhaKDtEWVciIRJFcjkjRxlROj8SRXJ%2FfAdOEX8KB0IRfwoGQxF%2FCgZCBH18B1pSLC9SFVsiJxoERCIjUQQWYW5WBFZvdhUfQDk8DVgbOjtAWUMoLkcFWyMpQAQaLiNaWEAiPFkSQz5jBUcEdGMHQht8eBhGAX18B0cZKy1UElYiI1xaRz0jWBFHbzE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681b:be7b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.19
Resource Hash
6cb6ee5aac40325accbf137d8052c63e674dc6ab323667c158c19e0bf0a7d216

Request headers

:method
GET
:authority
www3a.delmarmora.pro
:scheme
https
:path
/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://www2a.michellehardin.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www2a.michellehardin.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs

Response headers

status
200
date
Sat, 05 Sep 2020 23:58:28 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=df8b4a484cb6a9c2a3c23a0e7ec2f74f81599350308; expires=Mon, 05-Oct-20 23:58:28 GMT; path=/; domain=.delmarmora.pro; HttpOnly; SameSite=Lax
x-powered-by
PHP/7.3.19
vary
Accept-Encoding
x-turbo-charged-by
LiteSpeed
cf-cache-status
DYNAMIC
cf-request-id
05024e17730000d72dd090f200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5ce3e6058af9d72d-FRA
content-encoding
br
/
dc5k8fg5ioc8s.cloudfront.net/ 		86 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Requested by
Host: www3a.delmarmora.pro
URL: https://www3a.delmarmora.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.208.188 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-208-188.fra53.r.cloudfront.net
Software
/
Resource Hash
12bd581ffc2e01dbaf18d12c1536901f1a1453894613012104dcd47d9dec0440

Request headers

Referer
https://www3a.delmarmora.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 05 Sep 2020 23:58:23 GMT
content-encoding
gzip
age
6
status
200
x-cache
Hit from cloudfront
access-control-allow-origin
*
cache-control
no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
x-amz-cf-pop
FRA53-C1
content-length
31523
via
1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
x-amz-cf-id
TBhpnMDOGh82LYbGwpnvpdR7P26fASXdrTnm9qdt-d9kKUSAd_gK2Q==
utx
ringassum.club/ 		0
419 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ringassum.club/utx?cb=gdxlmvZZwhte&top=www3a.delmarmora.pro&tid=824473
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.201.122 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-201-122.fra53.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www3a.delmarmora.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 05 Sep 2020 23:58:29 GMT
via
1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront)
server
openresty/1.17.8.2
x-amz-cf-pop
FRA53-C1
status
204
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
https://www3a.delmarmora.pro
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
x-amz-cf-id
pRUrOA0raPkBEiHo_eShgKirNj94Zfx7WSy81BvJ67_VzG8m9gtDXQ==
LwUoLgMdNjIICC8HOgUcOioOAwAvORUIDxIcFR9pQDwhNws9ODAIHDgXChsYRSIIDj4RDDUOECArJAQdJQczAwxFIgsKaCMOISRpIS0kPhwWBAU4GB4bDBVoGic2GTYXLFN5FTwXNy8BRS0JAhxFKTQZbSAnJAQTFgQKFA4SPlIVaBonISQLEzgFLj0WBAoUGxk6K...
ringassum.club/WXVvYk04FwwPcjhIDUQ4KxlSR38fUF0kKTpABForPkAGDS5hBkEBITYACwQ/NhsbTCM8AUpQCx0jXBIiF0c6UgsILz01JBQhKyM9PS86Vy4YMzUaCBsBNiE0PT0uNwQ/ Frame 91E8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ringassum.club/WXVvYk04FwwPcjhIDUQ4KxlSR38fUF0kKTpABForPkAGDS5hBkEBITYACwQ/NhsbTCM8AUpQCx0jXBIiF0c6UgsILz01JBQhKyM9PS86Vy4YMzUaCBsBNiE0PT0uNwQ/LwUoLgMdNjIICC8HOgUcOioOAwAvORUIDxIcFR9pQDwhNws9ODAIHDgXChsYRSIIDj4RDDUOECArJAQdJQczAwxFIgsKaCMOISRpIS0kPhwWBAU4GB4bDBVoGic2GTYXLFN5FTwXNy8BRS0JAhxFKTQZbSAnJAQTFgQKFA4SPlIVaBonISQLEzgFLj0WBAoUGxk6Kx5oWBcNGBFACTUqOjAlFSIcIAcrNB40IQcIAT8mLioTIjYkHzs0OiAhCh4tAQkKODcgDxMtKSR0ODcYCWhrNyozfQojXQEpHSM+LQIfOyEgGwxFKgo9ADYrKCsOGykGFx8nNiUbHxg8Dj4DIF04Kw4SDDUDMQIlMBwhDDwheRojAiAYDgIpJgQyFkkIPjYbH18kLA9eKnkIBjcJIw9M
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.201.122 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-201-122.fra53.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash

Request headers

:method
GET
:authority
ringassum.club
:scheme
https
:path
/WXVvYk04FwwPcjhIDUQ4KxlSR38fUF0kKTpABForPkAGDS5hBkEBITYACwQ/NhsbTCM8AUpQCx0jXBIiF0c6UgsILz01JBQhKyM9PS86Vy4YMzUaCBsBNiE0PT0uNwQ/LwUoLgMdNjIICC8HOgUcOioOAwAvORUIDxIcFR9pQDwhNws9ODAIHDgXChsYRSIIDj4RDDUOECArJAQdJQczAwxFIgsKaCMOISRpIS0kPhwWBAU4GB4bDBVoGic2GTYXLFN5FTwXNy8BRS0JAhxFKTQZbSAnJAQTFgQKFA4SPlIVaBonISQLEzgFLj0WBAoUGxk6Kx5oWBcNGBFACTUqOjAlFSIcIAcrNB40IQcIAT8mLioTIjYkHzs0OiAhCh4tAQkKODcgDxMtKSR0ODcYCWhrNyozfQojXQEpHSM+LQIfOyEgGwxFKgo9ADYrKCsOGykGFx8nNiUbHxg8Dj4DIF04Kw4SDDUDMQIlMBwhDDwheRojAiAYDgIpJgQyFkkIPjYbH18kLA9eKnkIBjcJIw9M
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www3a.delmarmora.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www3a.delmarmora.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs

Response headers

status
200
content-type
text/html
content-length
1229
date
Sat, 05 Sep 2020 23:58:29 GMT
server
openresty/1.17.8.2
cache-control
no-store, no-cache, must-revalidate, no-transform
pragma
no-cache
p3p
CP="NID DSP ALL COR"
content-encoding
gzip
x-cache
Miss from cloudfront
via
1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
_5XHg0yofBKjCDYNGBdRq_pXiWhMUXjufCOlCwXdwdbZydQuu0PGww==
truncated
/ 		10 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
popunder.gif
chardsreme.space/ 		35 B
366 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://chardsreme.space/popunder.gif
Requested by
Host: www3a.delmarmora.pro
URL: https://www3a.delmarmora.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.2.85 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-2-85.fra6.r.cloudfront.net
Software
/
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer
https://www3a.delmarmora.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
public
date
Sat, 05 Sep 2020 23:58:29 GMT
content-encoding
gzip
x-amz-cf-pop
FRA6-C1
status
200
x-cache
Miss from cloudfront
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=604800, immutable
content-length
58
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
x-amz-cf-id
34FnFsXybhuHNsglRK4t6bmRntpipNyHIZi85cv9oZWh44015NObzA==
floater
ringassum.club/ 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ringassum.club/floater?tid=824473&red=1&cs=aXRoVG5YQltmXlEVWTFZWEENYV5Z&abt=0&v=0.5.47.3&sm=83&k=&sts=0&prn=0&emb=0&fs=1&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww3a.delmarmora.pro%2Fpushredirect%2F%3Fnetwork%3D1%26ios%3D0%26site%3Dadfly%26ppi%3D621%26pci%3D15379%26t%3D1599350236%26dest%3Dhttp%253A%252F%252Fwww.webpronews.com%252Ftopnews%252F2009%252F05%252F14%252F150000-facebook-spoofs&osr=www2a.michellehardin.pro&jst=0&enr=0&lcua=mozilla%2F5.0%20(macintosh%3B%20intel%20mac%20os%20x%2010_14_5)%20applewebkit%2F537.36%20(khtml%2C%20like%20gecko)%20chrome%2F83.0.4103.61%20safari%2F537.36&tzd=2&uloc=&if=0&_LTpo=1599350309800&crc=1
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.201.122 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-201-122.fra53.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
c957813a549d402b0537a63b2eac4d045ec232153bcabd0478c35b24bcdb4eb7

Request headers

Referer
https://www3a.delmarmora.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 05 Sep 2020 23:58:30 GMT
content-encoding
gzip
server
openresty/1.17.8.2
x-amz-cf-pop
FRA53-C1
status
200
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
https://www3a.delmarmora.pro
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
content-type
text/plain
content-length
2030
via
1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront)
x-amz-cf-id
qzGu_fh03-kiJqpcR0Gir3FjVZ1wC47xvOOWLvS3hnaHkYZPnXUjhg==
am-push.796884.js
www3a.delmarmora.pro/ 		93 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www3a.delmarmora.pro/am-push.796884.js?puid=621&allb=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs&ob=https%3A%2F%2Fwww4a.rudyvalencia.pro%2Fpushredirect%2F%3Fnetwork%3D1%26ios%3D0%26site%3Dadfly%26ppi%3D621%26pci%3D15379%26t%3D1599350236%26dest%3Dhttp%253A%252F%252Fwww.webpronews.com%252Ftopnews%252F2009%252F05%252F14%252F150000-facebook-spoofs&clb=https%3A%2F%2Fwww4a.rudyvalencia.pro%2Fpushredirect%2F%3Fnetwork%3D1%26ios%3D0%26site%3Dadfly%26ppi%3D621%26pci%3D15379%26t%3D1599350236%26dest%3Dhttp%253A%252F%252Fwww.webpronews.com%252Ftopnews%252F2009%252F05%252F14%252F150000-facebook-spoofs&asb=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
Requested by
Host: www3a.delmarmora.pro
URL: https://www3a.delmarmora.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681b:be7b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b9191f2cd7c6a9cca2907f04717014b91b655c4345169882578bfeffa4bc185

Request headers

Referer
https://www3a.delmarmora.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 05 Sep 2020 23:58:32 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Mon, 27 Jan 2020 18:17:06 GMT
server
cloudflare
etag
W/"175a3-5e2f2922-2bbd2fd64583429c;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
5ce3e61a2ea5d72d-FRA
cf-request-id
05024e245d0000d72dd0996200000001
expires
Sat, 12 Sep 2020 23:58:32 GMT
thumbnail
xml.realtime-bid.com/ 		0
0
192x192_9uJa3R6abTxBxiPPc8Fs.jpeg
static.realtime-bid.com/n337/ad/ Frame 08A9
Redirect Chain
  • https://xml.realtime-bid.com/thumbnail?i=YeFYabzE7Sk_0&imgt=icon
  • https://static.realtime-bid.com/n337/ad/192x192_9uJa3R6abTxBxiPPc8Fs.jpeg
6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.realtime-bid.com/n337/ad/192x192_9uJa3R6abTxBxiPPc8Fs.jpeg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
73b03f67e39c4b6c04748068b83379e2205f322a2b520cae56bee4ee5cb73794

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 05 Sep 2020 23:58:32 GMT
last-modified
Fri, 07 Aug 2020 03:54:30 GMT
server
nginx
etag
"5f2cd076-19a4"
status
200
x-hw
1599350312.cds043.sk1.hn,1599350312.cds001.sk1.c
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
content-length
6564

Redirect headers

Location
https://static.realtime-bid.com/n337/ad/192x192_9uJa3R6abTxBxiPPc8Fs.jpeg
Date
Sat, 05 Sep 2020 23:58:32 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
truncated
/ Frame 08A9 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
63a428de16700f13f745cca888ee6d19b8c9470c623116b647c2a0cb431549a0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
YjFTaW4ZEyAeMRdDP0tUQFknHR4RC3xGGRVGYAhABlQ%2FBA8QXDwbD0xBIQZBA1x%2BGRsRWX1eV1QJa11ACEJsGRsLVW5fXFMXMgUCAAw7HRoSFGAoS1B3dlsoFUYkRxkHUyMbAQxUJBpAAV4%2BTFwkRTwZAAdGIExcJANjWVdHAxVZW0cDFVhaRwMVWFtSAWN...
aphycolourses.info/ 		59 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aphycolourses.info/YjFTaW4ZEyAeMRdDP0tUQFknHR4RC3xGGRVGYAhABlQ%2FBA8QXDwbD0xBIQZBA1x%2BGRsRWX1eV1QJa11ACEJsGRsLVW5fXFMXMgUCAAw7HRoSFGAoS1B3dlsoFUYkRxkHUyMbAQxUJBpAAV4%2BTFwkRTwZAAdGIExcJANjWVdHAxVZW0cDFVhaRwMVWFtSAWNZQwRQMAwMDV44RB0SXjwPHUReMVQGFkUjGktRcHZbKEcDFR4ZFQUyRxwXVSofDw5UPQoHAx8jGwFHAxUZGxFZIQwKC0M2ChpHAxVMXSRfNh0ZDUM4TF0mAHZbWAteIExdJgF2W1gRWCcMS1F1Mg0IDkh2W1gSQTpMXSYHYVhLUAcjCgdHAhdYW1EGakxcVEV2WipTBGpQXVcBYVpYRwNlDQsRRXZaKgpFJxlLUARgKEtQBGEvS1AEYS8ZFUZ9HgsAQSEGAAdGIEcNDVx2W1tQdycGHgxUJBpLUARhL1xSAWpMXFcDFVlbRwNmWyhTBXZbW1B3YlxeUgFjRAgDUjYLAQ1afhoeDV41GkgBXTFUBhZFIxpLUXB2WyhHAxUeGRUFMkccF1UqHw8OVD0KBwMfIxsBRwMVGRsRWSEMCgtDNgoaRwMVTF0kXzYdGQ1DOExdJgB2W1gLXiBMXSYBdltYEVgnDEtRdTINCA5IdltYEkE6TF0mB2FYS1AHIwoHRwIXWFtRBmpMXFRFdloqUwRqUF1XAWFaWEcDZQ0LEUV2WioKRScZS1AEYChLUARhL0tQBGEvGRVGfR4LAEEhBgAHRiBHDQ1cdltbUHcnBh4MVCQaS1AEYS9cUgFqTFxXAxVZW0cDZlsoUwV2W1tQd2JcXlIBY0QIA1I2CwENWn4aHg1eNRpIA0IxVAYWRSNMXSMUYS9LUHckHhlMRjYLHhBePQwZER8wBgNHAxUdARJfNh4dRwMVW15SCHZbKFIEdlsoUwV2WyhTBGNZXlIcNQgNB1M8BgVPQiMGAQRCcUVMEVw1S1RTHXEdDwVuOg1MWBNkUFhaCWdLQkBCJgsxC1ViS1RAB2FYTE4TIBwMPVg3W0xYEzJaXQYGagpeT1QyDAhPBWtbWk8JMFBaT1I3W18BUGpQCAFTa0tCQFA%2FBQxAC3EBGhZBaUZBFUYkRxkHUyMbAQxUJBpAAV4%2BRhoNQT0MGREeYVleWx5jXEFTBXxYW1IBY1lDBFAwDAwNXjhEHRJePA8dQB1xBgxAC3EBGhZBIFNBTUYkHloDHyEcChtHMgULDFI6CEASQzxGHhdCOxsLBlghDA0WHmwHCxZGPBsFXwB1AAERDGNPHQtFNlQPBlc%2FEEgSQTpUWFAAdRkNCwxiXF1VCHUdU1MEalBdVwFhWlhEVTYaGl9ZJx0eRwISTFwkFGEvGRVGfR4LAEEhBgAHRiBHDQ1cdlsoFl4jBwsVQnZbKFABY1BLUHdjXEtQd2JdS1B3YlxeUgFjRAgDUjYLAQ1afhoeDV41GkxOEzAFDEALcQEaFkEgU0FNRiQeWgMfIRwKG0cyBQsMUjoIQBJDPEYeF0I7GwsGWCEMDRYebAcLFkY8GwVfAHUAAREMY08dC0U2VA8GVz8QSBJBOlRYUAB1GQ0LDGJcXVUIdR1TUwRqUF1XAWFaWERVNhoaX1knHR5HAhJMXCQUYS8ZFUZ9HgsAQSEGAAdGIEcNDVx2WygWXiMHCxVCdlsoUAFjUEtQd2NcS1B3Yl1LUHdiXF5SAWNECANSNgsBDVp%2BGh4NXjUaTE4TMhoMQAtxARoWQWlGQRVGJEcZB1MjGwEMVCQaQAFePkYaDUE9DBkRHmFZXlseY1xBUwV8WFtSAWNZQwRQMAwMDV44RB0SXjwPHUBM
Requested by
Host: www3a.delmarmora.pro
URL: https://www3a.delmarmora.pro/am-push.796884.js?puid=621&allb=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs&ob=https%3A%2F%2Fwww4a.rudyvalencia.pro%2Fpushredirect%2F%3Fnetwork%3D1%26ios%3D0%26site%3Dadfly%26ppi%3D621%26pci%3D15379%26t%3D1599350236%26dest%3Dhttp%253A%252F%252Fwww.webpronews.com%252Ftopnews%252F2009%252F05%252F14%252F150000-facebook-spoofs&clb=https%3A%2F%2Fwww4a.rudyvalencia.pro%2Fpushredirect%2F%3Fnetwork%3D1%26ios%3D0%26site%3Dadfly%26ppi%3D621%26pci%3D15379%26t%3D1599350236%26dest%3Dhttp%253A%252F%252Fwww.webpronews.com%252Ftopnews%252F2009%252F05%252F14%252F150000-facebook-spoofs&asb=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.206.71.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-206-71-220.compute-1.amazonaws.com
Software
/ Express
Resource Hash
7d73da7ab1ee92ffdbacf300f75c42e5f404d41fbacfa1d53a6d1ec9d72bbd4b

Request headers

Referer
https://www3a.delmarmora.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-encoding
gzip
etag
W/"ed88-izH1b5riOh05F7sQOMCtUotaWpw"
status
200
x-powered-by
Express
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
X-Requested-With,content-type
Primary Request /
www4a.rudyvalencia.pro/pushredirect/ 		18 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www4a.rudyvalencia.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
Requested by
Host: aphycolourses.info
URL: https://aphycolourses.info/YjFTaW4ZEyAeMRdDP0tUQFknHR4RC3xGGRVGYAhABlQ%2FBA8QXDwbD0xBIQZBA1x%2BGRsRWX1eV1QJa11ACEJsGRsLVW5fXFMXMgUCAAw7HRoSFGAoS1B3dlsoFUYkRxkHUyMbAQxUJBpAAV4%2BTFwkRTwZAAdGIExcJANjWVdHAxVZW0cDFVhaRwMVWFtSAWNZQwRQMAwMDV44RB0SXjwPHUReMVQGFkUjGktRcHZbKEcDFR4ZFQUyRxwXVSofDw5UPQoHAx8jGwFHAxUZGxFZIQwKC0M2ChpHAxVMXSRfNh0ZDUM4TF0mAHZbWAteIExdJgF2W1gRWCcMS1F1Mg0IDkh2W1gSQTpMXSYHYVhLUAcjCgdHAhdYW1EGakxcVEV2WipTBGpQXVcBYVpYRwNlDQsRRXZaKgpFJxlLUARgKEtQBGEvS1AEYS8ZFUZ9HgsAQSEGAAdGIEcNDVx2W1tQdycGHgxUJBpLUARhL1xSAWpMXFcDFVlbRwNmWyhTBXZbW1B3YlxeUgFjRAgDUjYLAQ1afhoeDV41GkgBXTFUBhZFIxpLUXB2WyhHAxUeGRUFMkccF1UqHw8OVD0KBwMfIxsBRwMVGRsRWSEMCgtDNgoaRwMVTF0kXzYdGQ1DOExdJgB2W1gLXiBMXSYBdltYEVgnDEtRdTINCA5IdltYEkE6TF0mB2FYS1AHIwoHRwIXWFtRBmpMXFRFdloqUwRqUF1XAWFaWEcDZQ0LEUV2WioKRScZS1AEYChLUARhL0tQBGEvGRVGfR4LAEEhBgAHRiBHDQ1cdltbUHcnBh4MVCQaS1AEYS9cUgFqTFxXAxVZW0cDZlsoUwV2W1tQd2JcXlIBY0QIA1I2CwENWn4aHg1eNRpIA0IxVAYWRSNMXSMUYS9LUHckHhlMRjYLHhBePQwZER8wBgNHAxUdARJfNh4dRwMVW15SCHZbKFIEdlsoUwV2WyhTBGNZXlIcNQgNB1M8BgVPQiMGAQRCcUVMEVw1S1RTHXEdDwVuOg1MWBNkUFhaCWdLQkBCJgsxC1ViS1RAB2FYTE4TIBwMPVg3W0xYEzJaXQYGagpeT1QyDAhPBWtbWk8JMFBaT1I3W18BUGpQCAFTa0tCQFA%2FBQxAC3EBGhZBaUZBFUYkRxkHUyMbAQxUJBpAAV4%2BRhoNQT0MGREeYVleWx5jXEFTBXxYW1IBY1lDBFAwDAwNXjhEHRJePA8dQB1xBgxAC3EBGhZBIFNBTUYkHloDHyEcChtHMgULDFI6CEASQzxGHhdCOxsLBlghDA0WHmwHCxZGPBsFXwB1AAERDGNPHQtFNlQPBlc%2FEEgSQTpUWFAAdRkNCwxiXF1VCHUdU1MEalBdVwFhWlhEVTYaGl9ZJx0eRwISTFwkFGEvGRVGfR4LAEEhBgAHRiBHDQ1cdlsoFl4jBwsVQnZbKFABY1BLUHdjXEtQd2JdS1B3YlxeUgFjRAgDUjYLAQ1afhoeDV41GkxOEzAFDEALcQEaFkEgU0FNRiQeWgMfIRwKG0cyBQsMUjoIQBJDPEYeF0I7GwsGWCEMDRYebAcLFkY8GwVfAHUAAREMY08dC0U2VA8GVz8QSBJBOlRYUAB1GQ0LDGJcXVUIdR1TUwRqUF1XAWFaWERVNhoaX1knHR5HAhJMXCQUYS8ZFUZ9HgsAQSEGAAdGIEcNDVx2WygWXiMHCxVCdlsoUAFjUEtQd2NcS1B3Yl1LUHdiXF5SAWNECANSNgsBDVp%2BGh4NXjUaTE4TMhoMQAtxARoWQWlGQRVGJEcZB1MjGwEMVCQaQAFePkYaDUE9DBkRHmFZXlseY1xBUwV8WFtSAWNZQwRQMAwMDV44RB0SXjwPHUBM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681b:b68a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.19
Resource Hash
83d3ed57a5b54c0dd55113a43c3be48cd233865a561610c6b0f06065ff90f7f2

Request headers

:method
GET
:authority
www4a.rudyvalencia.pro
:scheme
https
:path
/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://www3a.delmarmora.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www3a.delmarmora.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs

Response headers

status
200
date
Sat, 05 Sep 2020 23:58:33 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d72d1a7cba885be2c109cc8cb85f236111599350312; expires=Mon, 05-Oct-20 23:58:32 GMT; path=/; domain=.rudyvalencia.pro; HttpOnly; SameSite=Lax
x-powered-by
PHP/7.3.19
vary
Accept-Encoding
x-turbo-charged-by
LiteSpeed
cf-cache-status
DYNAMIC
cf-request-id
05024e27dc000017722e38a200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5ce3e61fc9841772-FRA
content-encoding
br
/
dc5k8fg5ioc8s.cloudfront.net/ 		86 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Requested by
Host: www4a.rudyvalencia.pro
URL: https://www4a.rudyvalencia.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.208.188 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-208-188.fra53.r.cloudfront.net
Software
/
Resource Hash
12bd581ffc2e01dbaf18d12c1536901f1a1453894613012104dcd47d9dec0440

Request headers

Referer
https://www4a.rudyvalencia.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 05 Sep 2020 23:58:23 GMT
content-encoding
gzip
age
10
status
200
x-cache
Hit from cloudfront
access-control-allow-origin
*
cache-control
no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
x-amz-cf-pop
FRA53-C1
content-length
31523
via
1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
x-amz-cf-id
9o8JuF7LiB1d_izk7Zalxz4BzwSTfpNHCxUsEZcc1O_0dNcCRMzn4w==
utx
ringassum.club/ 		0
422 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ringassum.club/utx?cb=iR3vLQFzQchG&top=www4a.rudyvalencia.pro&tid=824473
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.201.122 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-201-122.fra53.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www4a.rudyvalencia.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 05 Sep 2020 23:58:33 GMT
via
1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront)
server
openresty/1.17.8.2
x-amz-cf-pop
FRA53-C1
status
204
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
https://www4a.rudyvalencia.pro
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
x-amz-cf-id
-0QrnzzyiI-OCwj8nA7FAAdtCdyZqWDyrOUOw-WI5LO_IDWMZYXBFw==
JyETdwYSLDkiNjsaD34K
ringassum.club/T2NKTEguASkhdy5eKGo9PQ93aXoJRngKLCxWIXQuKFYjIyt3EGQvJCAWLio6IA0+YiYqF29+DnoBDRYEAVE5HAscNRgaCigzBjs4GzsmBm19JQsKIAQnDiQRDTEyLgkYUwMCL3sbGAh8DjYtfBoHGxMPLCg1BA0JLA8fChIEIjMaHRkPew0DIy... Frame 0403 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ringassum.club/T2NKTEguASkhdy5eKGo9PQ93aXoJRngKLCxWIXQuKFYjIyt3EGQvJCAWLio6IA0+YiYqF29+DnoBDRYEAVE5HAscNRgaCigzBjs4GzsmBm19JQsKIAQnDiQRDTEyLgkYUwMCL3sbGAh8DjYtfBoHGxMPLCg1BA0JLA8fChIEIjMaHRkPew0DIy4AGR4FFxs0OwsnEhYLDTItCAQZVwwPGQUXGys4HSAzHgYOBAsHAycpEAckAQ8IfH0qNScCKQwEchwCGi4PBD96FggPJAU1AjgtDTEtCAI3KRAUCTwSHAl9KjUjHg0bD38bBTcpEBQOK1QrCjgWLBJhfCo3JnkfBAgpLgkOLnIZLyQrDjZwHDQZPBwqIggKEH4hPw4eOyYOHwYLIS0ODCo7GAMQIzokFC8OKRt/IwcnCycOBiUiDxsZMX0aCQIGCR8SHDcmeC8sFBgKEAoLb34ODQ8+KhsHUw0YJHo0BQoRAScYHSEKDyE9HXwECx4edjIoGQIYRSA/JyETdwYSLDkiNjsaD34K
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.201.122 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-201-122.fra53.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash

Request headers

:method
GET
:authority
ringassum.club
:scheme
https
:path
/T2NKTEguASkhdy5eKGo9PQ93aXoJRngKLCxWIXQuKFYjIyt3EGQvJCAWLio6IA0+YiYqF29+DnoBDRYEAVE5HAscNRgaCigzBjs4GzsmBm19JQsKIAQnDiQRDTEyLgkYUwMCL3sbGAh8DjYtfBoHGxMPLCg1BA0JLA8fChIEIjMaHRkPew0DIy4AGR4FFxs0OwsnEhYLDTItCAQZVwwPGQUXGys4HSAzHgYOBAsHAycpEAckAQ8IfH0qNScCKQwEchwCGi4PBD96FggPJAU1AjgtDTEtCAI3KRAUCTwSHAl9KjUjHg0bD38bBTcpEBQOK1QrCjgWLBJhfCo3JnkfBAgpLgkOLnIZLyQrDjZwHDQZPBwqIggKEH4hPw4eOyYOHwYLIS0ODCo7GAMQIzokFC8OKRt/IwcnCycOBiUiDxsZMX0aCQIGCR8SHDcmeC8sFBgKEAoLb34ODQ8+KhsHUw0YJHo0BQoRAScYHSEKDyE9HXwECx4edjIoGQIYRSA/JyETdwYSLDkiNjsaD34K
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www4a.rudyvalencia.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www4a.rudyvalencia.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs

Response headers

status
200
content-type
text/html
content-length
1223
date
Sat, 05 Sep 2020 23:58:33 GMT
server
openresty/1.17.8.2
cache-control
no-store, no-cache, must-revalidate, no-transform
pragma
no-cache
p3p
CP="NID DSP ALL COR"
content-encoding
gzip
x-cache
Miss from cloudfront
via
1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
W_5aEuD3rpdaqG8v8UxKICp6OE0CwymF3Vtj_YlhgmNVSSzbvrc_mw==
UmxdY3ZVbFtrNhIjD3BzRDIcOS5fc110e1F3WH5zUXBdeQ
chardsreme.space/aE1CYkJHciERfzkgLiETBgc4OnEuOhMMLSEuATsQIRwqGiFYBztENgEpf1pwXHl1UWQYJCZfcVprMRYjHDgxX3BYfXVEKwYrLV9wTjt/ 		0
212 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://chardsreme.space/aE1CYkJHciERfzkgLiETBgc4OnEuOhMMLSEuATsQIRwqGiFYBztENgEpf1pwXHl1UWQYJCZfcVprMRYjHDgxX3BYfXVEKwYrLV9wTjt/UmxdY3ZVbFtrNhIjD3BzRDIcOS5fc110e1F3WH5zUXBdeQ
Requested by
Host: www4a.rudyvalencia.pro
URL: https://www4a.rudyvalencia.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.2.85 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-2-85.fra6.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www4a.rudyvalencia.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
date
Sat, 05 Sep 2020 23:58:33 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
access-control-allow-origin
*
x-amz-cf-id
gVVWX0gGZ_kxDGgKoi2hI8SO5yf2OmE5saBGI1zb422rSV5-pWYv7g==
x-cache
Miss from cloudfront
truncated
/ 		10 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
popunder.gif
chardsreme.space/ 		35 B
367 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://chardsreme.space/popunder.gif
Requested by
Host: www4a.rudyvalencia.pro
URL: https://www4a.rudyvalencia.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.2.85 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-2-85.fra6.r.cloudfront.net
Software
/
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer
https://www4a.rudyvalencia.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
public
date
Sat, 05 Sep 2020 23:58:33 GMT
content-encoding
gzip
x-amz-cf-pop
FRA6-C1
status
200
x-cache
Miss from cloudfront
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=604800, immutable
content-length
58
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
x-amz-cf-id
bD0g9lEehMhlAql3OehNtwwUNS3Fb_GjAJWyTQP20MyBVl4mv0IwRw==
floater
ringassum.club/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ringassum.club/floater?tid=824473&red=1&cs=SE5hczl5eFJBCXAvUxdaKy9SQgl4&abt=0&v=0.5.47.3&sm=83&k=&sts=0&prn=0&emb=0&fs=1&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww4a.rudyvalencia.pro%2Fpushredirect%2F%3Fnetwork%3D1%26ios%3D0%26site%3Dadfly%26ppi%3D621%26pci%3D15379%26t%3D1599350236%26dest%3Dhttp%253A%252F%252Fwww.webpronews.com%252Ftopnews%252F2009%252F05%252F14%252F150000-facebook-spoofs&osr=www3a.delmarmora.pro&jst=0&enr=0&lcua=mozilla%2F5.0%20(macintosh%3B%20intel%20mac%20os%20x%2010_14_5)%20applewebkit%2F537.36%20(khtml%2C%20like%20gecko)%20chrome%2F83.0.4103.61%20safari%2F537.36&tzd=2&uloc=&if=0&_svr0=1599350313902&crc=1
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.201.122 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-201-122.fra53.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
49389c540626c87f7758d19c695c4b2f63d5874cbadec2e9a6893fe284ec0e72

Request headers

Referer
https://www4a.rudyvalencia.pro/pushredirect/?network=1&ios=0&site=adfly&ppi=621&pci=15379&t=1599350236&dest=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 05 Sep 2020 23:58:34 GMT
content-encoding
gzip
server
openresty/1.17.8.2
x-amz-cf-pop
FRA53-C1
status
200
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
https://www4a.rudyvalencia.pro
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
content-type
text/plain
content-length
1765
via
1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront)
x-amz-cf-id
C1JgKs0B8I6yKjQXqkdY8z5M6itnmMqosE-0vgc5DB8nYiN-tqfvdw==
am-push.796884.js
www4a.rudyvalencia.pro/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
ringassum.club
URL
https://ringassum.club/floater?tid=824473&red=1&cs=SWN2dDl4VUVGCXECRhYBflQTTAl5&abt=0&v=0.5.47.3&sm=83&k=&sts=0&prn=0&emb=0&fs=1&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww1a.michellehardin.pro%2Fpushredirect%2F%3Fsite%3Dadfly%26network%3D1%26ppi%3D621%26pci%3D15379%26t%3D1599350236%26dest%3Dhttp%253A%252F%252Fwww.webpronews.com%252Ftopnews%252F2009%252F05%252F14%252F150000-facebook-spoofs&jst=0&enr=0&lcua=mozilla%2F5.0%20(macintosh%3B%20intel%20mac%20os%20x%2010_14_5)%20applewebkit%2F537.36%20(khtml%2C%20like%20gecko)%20chrome%2F83.0.4103.61%20safari%2F537.36&tzd=2&uloc=&if=0&_w0dI=1599350304756&crc=1
Domain
xml.realtime-bid.com
URL
https://xml.realtime-bid.com/thumbnail?i=Bvie2bLTVmU_0&imgt=icon
Domain
xml.realtime-bid.com
URL
https://xml.realtime-bid.com/thumbnail?i=YeFYabzE7Sk_0&imgt=icon
Domain
www4a.rudyvalencia.pro
URL
https://www4a.rudyvalencia.pro/am-push.796884.js?puid=621&allb=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs&ob=https%3A%2F%2Fwww5a.michellehardin.pro%2Fpushredirect%2F%3Fnetwork%3D1%26ios%3D0%26site%3Dadfly%26ppi%3D621%26pci%3D15379%26t%3D1599350236%26dest%3Dhttp%253A%252F%252Fwww.webpronews.com%252Ftopnews%252F2009%252F05%252F14%252F150000-facebook-spoofs&clb=https%3A%2F%2Fwww5a.michellehardin.pro%2Fpushredirect%2F%3Fnetwork%3D1%26ios%3D0%26site%3Dadfly%26ppi%3D621%26pci%3D15379%26t%3D1599350236%26dest%3Dhttp%253A%252F%252Fwww.webpronews.com%252Ftopnews%252F2009%252F05%252F14%252F150000-facebook-spoofs&asb=http%3A%2F%2Fwww.webpronews.com%2Ftopnews%2F2009%2F05%2F14%2F150000-facebook-spoofs

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes number| LAST_CORRECT_EVENT_TIME number| _2256987490

1 Cookies

Domain/Path Name / Value
.rudyvalencia.pro/ Name: __cfduid
Value: d72d1a7cba885be2c109cc8cb85f236111599350312

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aphycolourses.info
chardsreme.space
dc5k8fg5ioc8s.cloudfront.net
ringassum.club
static.realtime-bid.com
www1a.michellehardin.pro
www2a.michellehardin.pro
www3a.delmarmora.pro
www4a.rudyvalencia.pro
xml.realtime-bid.com
ringassum.club
www4a.rudyvalencia.pro
xml.realtime-bid.com
143.204.201.122
143.204.208.188
151.139.128.11
198.134.116.29
2606:4700:3033::681b:b68a
2606:4700:3034::681b:be7b
2606:4700:3035::6812:2fd8
52.206.71.220
99.86.2.85
0a69187857e1b6eac37b9b02dbacbbe07b8e3fb55da2f2635fc722eec6825230
0b9191f2cd7c6a9cca2907f04717014b91b655c4345169882578bfeffa4bc185
12bd581ffc2e01dbaf18d12c1536901f1a1453894613012104dcd47d9dec0440
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a
49389c540626c87f7758d19c695c4b2f63d5874cbadec2e9a6893fe284ec0e72
51e4f252c1ab3b6b852df85affccf351beefc0c111b9fc3429bd3d980a405420
629b3109127c9d8ee7e434b23b3b42e3ac733d5a7c5070c0fc5e2e0b49079e57
63a428de16700f13f745cca888ee6d19b8c9470c623116b647c2a0cb431549a0
6cb6ee5aac40325accbf137d8052c63e674dc6ab323667c158c19e0bf0a7d216
73b03f67e39c4b6c04748068b83379e2205f322a2b520cae56bee4ee5cb73794
7d73da7ab1ee92ffdbacf300f75c42e5f404d41fbacfa1d53a6d1ec9d72bbd4b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83d3ed57a5b54c0dd55113a43c3be48cd233865a561610c6b0f06065ff90f7f2
c957813a549d402b0537a63b2eac4d045ec232153bcabd0478c35b24bcdb4eb7
cd67cec1a6fcf5f7590bdcb31d397d6828c8bb78b7f5ed4f270d8aa0b2031631
d1a1ebe06c37a325fe8763edb9c11bac90c461c2657f766fe5b570f47143506c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855