urlscan.io logo urlscan.io
SecurityTrails logo

services.demogronomics.com Open in urlscan Pro
35.202.21.90  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://wrcclientreview.com/
Effective URL: https://services.demogronomics.com/truwindingcparev/
Submission Tags: suspect
Submission: On November 26 via api from BR — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 14 IPs in 3 countries across 14 domains to perform 32 HTTP transactions. The main IP is 35.202.21.90, located in Council Bluffs, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is services.demogronomics.com.
TLS certificate: Issued by R10 on October 10th 2024. Valid for: 3 months.
This is the only time services.demogronomics.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 216.40.34.41 15348 (TUCOWS)
1 35.202.21.90 396982 (GOOGLE-CL...)
2 34.107.203.240 396982 (GOOGLE-CL...)
1 2607:f8b0:400... 15169 (GOOGLE)
8 2607:f8b0:400... 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
2 2a04:4e42::644 54113 (FASTLY)
5 142.251.16.94 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
2 31.13.66.19 32934 (FACEBOOK)
1 104.18.26.50 13335 (CLOUDFLAR...)
3 35.192.151.63 396982 (GOOGLE-CL...)
1 2607:f8b0:400... 15169 (GOOGLE)
2 31.13.66.35 32934 (FACEBOOK)
32 14
1    216.40.34.41 (Canada)

ASN15348 (TUCOWS, CA)
wrcclientreview.com
1    35.202.21.90 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 90.21.202.35.bc.googleusercontent.com
services.demogronomics.com
2    34.107.203.240 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 240.203.107.34.bc.googleusercontent.com
static.leadpages.net
1    2607:f8b0:4004:c0b::5f (Washington, United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
8    2607:f8b0:4004:c1f::84 (Washington, United States)

ASN15169 (GOOGLE, US)
lh3.googleusercontent.com
1    2001:4860:4802:38::15 (United States)

ASN15169 (GOOGLE, US)
js.center.io
2    2607:f8b0:4004:c19::61 (Washington, United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a04:4e42::644 (United States)

ASN54113 (FASTLY, US)
fast.wistia.net
5    142.251.16.94 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f94.1e100.net
fonts.gstatic.com
1    2001:4860:4802:32::15 (United States)

ASN15169 (GOOGLE, US)
js.center.io
2    31.13.66.19 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-iad3.fbcdn.net
connect.facebook.net
1    104.18.26.50 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.mouseflow.com
3    35.192.151.63 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 63.151.192.35.bc.googleusercontent.com
api.leadpages.io
1    2607:f8b0:4004:c1f::66 (Washington, United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    31.13.66.35 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-iad3.facebook.com
www.facebook.com
Apex Domain
Subdomains		 Transfer
8 googleusercontent.com
lh3.googleusercontent.com — Cisco Umbrella Rank: 45
4 MB
5 gstatic.com
fonts.gstatic.com
101 KB
3 leadpages.io
api.leadpages.io — Cisco Umbrella Rank: 49126
1 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 120
214 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 192
74 KB
2 wistia.net
fast.wistia.net — Cisco Umbrella Rank: 9224
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
193 KB
2 center.io
js.center.io — Cisco Umbrella Rank: 57623
5 KB
2 leadpages.net
static.leadpages.net — Cisco Umbrella Rank: 57331
29 KB
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 36
1 mouseflow.com
cdn.mouseflow.com — Cisco Umbrella Rank: 7737
868 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
2 KB
1 demogronomics.com
services.demogronomics.com
20 KB
1 wrcclientreview.com
wrcclientreview.com
470 B
32 14
Domain Requested by
8 lh3.googleusercontent.com services.demogronomics.com
5 fonts.gstatic.com fonts.googleapis.com
3 api.leadpages.io js.center.io
2 www.facebook.com services.demogronomics.com
2 connect.facebook.net services.demogronomics.com
connect.facebook.net
2 fast.wistia.net services.demogronomics.com
2 www.googletagmanager.com services.demogronomics.com
www.googletagmanager.com
2 js.center.io services.demogronomics.com
js.center.io
2 static.leadpages.net services.demogronomics.com
1 www.google-analytics.com www.googletagmanager.com
1 cdn.mouseflow.com services.demogronomics.com
1 fonts.googleapis.com services.demogronomics.com
1 services.demogronomics.com
1 wrcclientreview.com 1 redirects
32 14

This site contains links to these domains. Also see Links.

Domain
windingriverconsulting.com
Subject Issuer Validity Valid
services.demogronomics.com
R10		 2024-10-10 -
2025-01-08		 3 months crt.sh
static.leadpages.net
WR3		 2024-09-30 -
2024-12-29		 3 months crt.sh
upload.video.google.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.googleusercontent.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
js.center.io
WR3		 2024-10-16 -
2025-01-14		 3 months crt.sh
*.google-analytics.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
fast.wistia.net
GlobalSign Atlas R3 DV TLS CA 2024 Q1		 2024-04-04 -
2025-05-06		 a year crt.sh
*.gstatic.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-09-04 -
2024-12-03		 3 months crt.sh
cdn.mouseflow.com
WE1		 2024-11-21 -
2025-02-19		 3 months crt.sh
*.leadpages.io
E5		 2024-10-29 -
2025-01-27		 3 months crt.sh

This page contains 4 frames:

Primary Page: https://services.demogronomics.com/truwindingcparev/
Frame ID: D298EC0DD64FB038836A7E556D4A4357
Requests: 29 HTTP requests in this frame

Frame: https://fast.wistia.net/embed/iframe/j1dg2hrkhs?videoFoam=true
Frame ID: 9B9CEC8A40207D7614BD0F65AB1EA213
Requests: 1 HTTP requests in this frame

Frame: https://fast.wistia.net/embed/iframe/b7oopqm8h2?videoFoam=true
Frame ID: 4E0FA3B29FABB7336E417DB150389875
Requests: 1 HTTP requests in this frame

Frame: https://js.center.io/identify.html
Frame ID: 657E0293C6C6C1604786F57B19BFA6D2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

TRUWindingCPARev

Page URL History Show full URLs

  1. http://wrcclientreview.com/ HTTP 307
    https://wrcclientreview.com/ HTTP 307
    http://wrcclientreview.com/ HTTP 303
    https://services.demogronomics.com/truwindingcparev/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • cdn\.mouseflow\.com

Page Statistics

32
Requests

100 %
HTTPS

47 %
IPv6

14
Domains

14
Subdomains

14
IPs

3
Countries

4045 kB
Transfer

4845 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://wrcclientreview.com/ HTTP 307
    https://wrcclientreview.com/ HTTP 307
    http://wrcclientreview.com/ HTTP 303
    https://services.demogronomics.com/truwindingcparev/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

32 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
services.demogronomics.com/truwindingcparev/
Redirect Chain
  • http://wrcclientreview.com/
  • https://wrcclientreview.com/
  • http://wrcclientreview.com/
  • https://services.demogronomics.com/truwindingcparev/
100 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://services.demogronomics.com/truwindingcparev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.202.21.90 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
90.21.202.35.bc.googleusercontent.com
Software
Leadpages /
Resource Hash
efce1da5d4b6e714bddcf0fcad8ca968f5f800ee3d827afc8d1998734b51adfb
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

cache-control
no-cache
content-encoding
br
content-type
text/html
date
Tue, 26 Nov 2024 21:29:07 GMT
etag
W/"52240504de2701cbf34bd9cb76082094"
last-modified
Wed, 19 Jun 2024 12:17:52 GMT
server
Leadpages
strict-transport-security
max-age=15768000
vary
Accept-Encoding
x-cache
MISS, HIT

Redirect headers

cache-control
no-cache
content-type
text/html; charset=utf-8
location
https://services.demogronomics.com/truwindingcparev/
referrer-policy
strict-origin-when-cross-origin
transfer-encoding
chunked
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
75349228-af16-4614-a424-5e6e631705b8
x-runtime
0.003645
x-xss-protection
1; mode=block
all.min.css
static.leadpages.net/fonts/font-awesome/6.4.2/css/ 		100 KB
26 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.leadpages.net/fonts/font-awesome/6.4.2/css/all.min.css
Requested by
Host: services.demogronomics.com
URL: https://services.demogronomics.com/truwindingcparev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.203.240 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.203.107.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer

Response headers

cache-control
public, max-age=31536000
content-encoding
gzip
etag
"_RHgfQ"
age
133970
via
1.1 google
expires
Tue, 25 Nov 2025 08:16:17 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
26836
date
Mon, 25 Nov 2024 08:16:17 GMT
x-cloud-trace-context
b78b226afe9f41b9dc258aabcc614420
content-type
text/css
server
Google Frontend
vary
Accept-Encoding
css
fonts.googleapis.com/ 		26 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Libre+Franklin:300,400,500,700|Titillium+Web:300,400,500,700|Montserrat:300,400,500,700
Requested by
Host: services.demogronomics.com
URL: https://services.demogronomics.com/truwindingcparev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c0b::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7167759b503bf34abc53c8f84ecee5dc4e64e75502bbb87afd1cc935d778368f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer
https://services.demogronomics.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Tue, 26 Nov 2024 21:29:07 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 26 Nov 2024 21:29:07 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
DaovaSC2W17HLs3cNnD09yzdkzE2eQC_eWMOHmPql_LnmZfxhNtYc-0Ced0wsrIkmkcgX8-GgHLJ1DGK-uujmWHxVIEn53-8m9g=w16
lh3.googleusercontent.com/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/DaovaSC2W17HLs3cNnD09yzdkzE2eQC_eWMOHmPql_LnmZfxhNtYc-0Ced0wsrIkmkcgX8-GgHLJ1DGK-uujmWHxVIEn53-8m9g=w16
Requested by
Host: services.demogronomics.com
URL: https://services.demogronomics.com/truwindingcparev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1f::84 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
87a5839dd5cb26c69d2daf5549b125234009d07070c82e68f9498e35892b13f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer
https://services.demogronomics.com/

Response headers

access-control-expose-headers
Content-Length
timing-allow-origin
*
cache-control
public, max-age=86400, no-transform
etag
"v1"
x-content-type-options
nosniff
expires
Wed, 27 Nov 2024 21:29:07 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3596
date
Tue, 26 Nov 2024 21:29:07 GMT
x-xss-protection
0
content-type
image/png
vary
Origin
server
fife
content-disposition
inline;filename="unnamed.png"
center.js
js.center.io/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.center.io/center.js
Requested by
Host: services.demogronomics.com
URL: https://services.demogronomics.com/truwindingcparev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:38::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer
https://services.demogronomics.com/

Response headers

cache-control
public, max-age=300
content-encoding
gzip
etag
"OMWYXg"
age
38
expires
Tue, 26 Nov 2024 21:33:29 GMT
content-length
5417
date
Tue, 26 Nov 2024 21:28:29 GMT
x-cloud-trace-context
16719b00869554710608edc12917654f
content-type
application/javascript
server
Google Frontend
gtm.js
www.googletagmanager.com/ 		232 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5SWR9HL
Requested by
Host: services.demogronomics.com
URL: https://services.demogronomics.com/truwindingcparev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f502374c782831424b416156536413098d4d235197bbeeb25548a58f2c263d59
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer
https://services.demogronomics.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Tue, 26 Nov 2024 21:29:07 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 26 Nov 2024 21:29:07 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Tue, 26 Nov 2024 21:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
83099
x-xss-protection
0
server
Google Tag Manager
j1dg2hrkhs
fast.wistia.net/embed/iframe/ Frame 9B9C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://fast.wistia.net/embed/iframe/j1dg2hrkhs?videoFoam=true
Requested by
Host: services.demogronomics.com
URL: https://services.demogronomics.com/truwindingcparev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::644 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff

Request headers

Referer
https://services.demogronomics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
0
cache-control
public, no-cache
content-encoding
br
content-length
2507
content-type
text/html; charset=utf-8
date
Tue, 26 Nov 2024 21:29:07 GMT
etag
W/"1551828f67bbc1848bfbb2d1f790d899"
server
envoy
strict-transport-security
max-age=0
timing-allow-origin
*
vary
Accept-Encoding,Referer,X-Forwarded-Proto,X-Normalized-User-Agent,X-ECMA-Override
via
1.1 b530298a539e971cee361eb408cead3a.cloudfront.net (CloudFront), 1.1 varnish, 1.1 varnish
x-amz-cf-id
qfvOW26QPbLdh_hjHgcmuWEwS1OmhE6iyBPXBB6WPRSRc-3k0GtoNg==
x-amz-cf-pop
IAD61-P4
x-browser
firefox
x-browser-version
112
x-cache
Miss from cloudfront, HIT, MISS
x-cache-hits
10, 0
x-content-type-options
nosniff
x-ecma-v
modern
x-envoy-upstream-service-time
62
x-permitted-cross-domain-policies
none
x-request-id
e7e3e8f8-dba5-4f20-b2d0-001ebe578c57
x-runtime
0.060502
x-served-by
cache-iad-kiad7000146-IAD, cache-yul1970043-YUL
x-timer
S1732656548.640242,VS0,VE83
b7oopqm8h2
fast.wistia.net/embed/iframe/ Frame 4E0F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://fast.wistia.net/embed/iframe/b7oopqm8h2?videoFoam=true
Requested by
Host: services.demogronomics.com
URL: https://services.demogronomics.com/truwindingcparev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::644 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff

Request headers

Referer
https://services.demogronomics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
87009
cache-control
public, no-cache
content-encoding
br
content-length
2612
content-type
text/html; charset=utf-8
date
Tue, 26 Nov 2024 21:29:07 GMT
etag
W/"db229dca242151244477f05606f698c2"
server
envoy
strict-transport-security
max-age=0
timing-allow-origin
*
vary
Accept-Encoding,Referer,X-Forwarded-Proto,X-Normalized-User-Agent,X-ECMA-Override
via
1.1 fc3a0acebfeebc65f60bb3804fd1a4a4.cloudfront.net (CloudFront), 1.1 varnish, 1.1 varnish
x-amz-cf-id
z-UkY5ml5hCV0DChRtVsowCS9KSkqd09yshBqsjq-ivDexv6UPRhBQ==
x-amz-cf-pop
IAD61-P4
x-browser
firefox
x-browser-version
112
x-cache
Miss from cloudfront, HIT, MISS
x-cache-hits
6, 0
x-content-type-options
nosniff
x-ecma-v
modern
x-envoy-upstream-service-time
59
x-permitted-cross-domain-policies
none
x-request-id
cfef8d08-01f1-4690-8f7d-37f0153a6c7a
x-runtime
0.057015
x-served-by
cache-iad-kiad7000036-IAD, cache-yul1970043-YUL
x-timer
S1732656548.640118,VS0,VE17
rliv7GtcojVq0jPGbGxY0TWIQtMIa3veZ1c0eZ0b0_XiiMlLXPoOqzx_N7gK6HyxreeXeBgztuZm8csrA7twbe8NUXQV8plb1g=w16
lh3.googleusercontent.com/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/rliv7GtcojVq0jPGbGxY0TWIQtMIa3veZ1c0eZ0b0_XiiMlLXPoOqzx_N7gK6HyxreeXeBgztuZm8csrA7twbe8NUXQV8plb1g=w16
Requested by
Host: services.demogronomics.com
URL: https://services.demogronomics.com/truwindingcparev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1f::84 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
1d775b6a2fff29b5fbdb9762381e7fa14acd701ef7a4b2f1751c32aaf94d448c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer
https://services.demogronomics.com/

Response headers

access-control-expose-headers
Content-Length
timing-allow-origin
*
cache-control
public, max-age=86400, no-transform
etag
"v1"
x-content-type-options
nosniff
expires
Wed, 27 Nov 2024 21:29:07 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4468
date
Tue, 26 Nov 2024 21:29:07 GMT
x-xss-protection
0
content-type
image/jpeg
vary
Origin
server
fife
content-disposition
inline;filename="unnamed.jpg"
W63Fg1Oay94oHNZ3q8mWsFbqqD57Aq1FI1a77aYMXrlXAn2PAXWsZlE4AJBx_0o6Lnxr-bWmBnE6owq0tz-tvQ=w16
lh3.googleusercontent.com/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/W63Fg1Oay94oHNZ3q8mWsFbqqD57Aq1FI1a77aYMXrlXAn2PAXWsZlE4AJBx_0o6Lnxr-bWmBnE6owq0tz-tvQ=w16
Requested by
Host: services.demogronomics.com
URL: https://services.demogronomics.com/truwindingcparev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1f::84 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
00f2605183f3829cd2c2d655470c23538bd35e44208563001dcfbbf306cfeed0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer
https://services.demogronomics.com/

Response headers

access-control-expose-headers
Content-Length
timing-allow-origin
*
cache-control
public, max-age=86400, no-transform
etag
"v1"
x-content-type-options
nosniff
expires
Wed, 27 Nov 2024 21:29:07 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3386
date
Tue, 26 Nov 2024 21:29:07 GMT
x-xss-protection
0
content-type
image/png
vary
Origin
server
fife
content-disposition
inline;filename="unnamed.png"
KyTfX5akKJUIeRpVp_bQrsLdW7zxvyY43uQeunOx1Ito6ByZVOepQZheYbEDP3pcNtBJ5YRX7UEcHoCARtp95dU=w16
lh3.googleusercontent.com/ 		472 B
575 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/KyTfX5akKJUIeRpVp_bQrsLdW7zxvyY43uQeunOx1Ito6ByZVOepQZheYbEDP3pcNtBJ5YRX7UEcHoCARtp95dU=w16
Requested by
Host: services.demogronomics.com
URL: https://services.demogronomics.com/truwindingcparev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1f::84 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
9f6ba2a1bb04fb4ebe36dc8814e5c9c1d820cbb60da0a73b30b748434ecc4812
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer
https://services.demogronomics.com/

Response headers

access-control-expose-headers
Content-Length
timing-allow-origin
*
cache-control
public, max-age=86400, no-transform
etag
"v1"
x-content-type-options
nosniff
expires
Wed, 27 Nov 2024 21:29:07 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
472
date
Tue, 26 Nov 2024 21:29:07 GMT
x-xss-protection
0
content-type
image/jpeg
vary
Origin
server
fife
content-disposition
inline;filename="unnamed.jpg"
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v32/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Libre+Franklin:300,400,500,700|Titillium+Web:300,400,500,700|Montserrat:300,400,500,700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.16.94 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f94.1e100.net
Software
sffe /
Resource Hash
bf9cfe01317e3758dd38982921dc1f26cc7243237d02e7ed90d3830b6f4e8ed0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Origin
https://services.demogronomics.com
Referer
https://fonts.googleapis.com/

Response headers

age
413594
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sat, 22 Nov 2025 02:35:53 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 22 Nov 2024 02:35:53 GMT
last-modified
Thu, 01 Aug 2024 20:41:22 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
13388
x-xss-protection
0
server
sffe
jizDREVItHgc8qDIbSTKq4XkRiUf2zcZiVbJ.woff2
fonts.gstatic.com/s/librefranklin/v18/ 		29 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/librefranklin/v18/jizDREVItHgc8qDIbSTKq4XkRiUf2zcZiVbJ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Libre+Franklin:300,400,500,700|Titillium+Web:300,400,500,700|Montserrat:300,400,500,700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.16.94 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f94.1e100.net
Software
sffe /
Resource Hash
d21d1545591ddfa2ce9c208879298e9086b1a8dba7c81d50b686c70a259e91e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Origin
https://services.demogronomics.com
Referer
https://fonts.googleapis.com/

Response headers

age
390841
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sat, 22 Nov 2025 08:55:06 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 22 Nov 2024 08:55:06 GMT
last-modified
Thu, 26 Sep 2024 23:07:27 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
29336
x-xss-protection
0
server
sffe
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v32/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Libre+Franklin:300,400,500,700|Titillium+Web:300,400,500,700|Montserrat:300,400,500,700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.16.94 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f94.1e100.net
Software
sffe /
Resource Hash
0a7fc3de6341e5ab2853f213dbf792903cd35039daa9530a649a20a877ccac8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Origin
https://services.demogronomics.com
Referer
https://fonts.googleapis.com/

Response headers

age
405582
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sat, 22 Nov 2025 04:49:25 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 22 Nov 2024 04:49:25 GMT
last-modified
Thu, 01 Aug 2024 20:41:26 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
13408
x-xss-protection
0
server
sffe
NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzY5abuWI.woff2
fonts.gstatic.com/s/titilliumweb/v17/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/titilliumweb/v17/NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzY5abuWI.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Libre+Franklin:300,400,500,700|Titillium+Web:300,400,500,700|Montserrat:300,400,500,700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.16.94 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f94.1e100.net
Software
sffe /
Resource Hash
74048eb074a46e6d72738535563ed48e7ea08fd46fff17018b76027e1f0eec80
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Origin
https://services.demogronomics.com
Referer
https://fonts.googleapis.com/

Response headers

age
459497
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Fri, 21 Nov 2025 13:50:50 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 21 Nov 2024 13:50:50 GMT
last-modified
Thu, 24 Aug 2023 20:30:16 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
11708
x-xss-protection
0
server
sffe
JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2
fonts.gstatic.com/s/montserrat/v29/ 		35 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v29/JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Libre+Franklin:300,400,500,700|Titillium+Web:300,400,500,700|Montserrat:300,400,500,700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.16.94 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f94.1e100.net
Software
sffe /
Resource Hash
1fa9166e5c7342af403e851b0dc9cba7bfe829ccdc9bbef32ee24da7fe66215d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Origin
https://services.demogronomics.com
Referer
https://fonts.googleapis.com/

Response headers

age
432920
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Fri, 21 Nov 2025 21:13:47 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 21 Nov 2024 21:13:47 GMT
last-modified
Wed, 06 Nov 2024 17:30:47 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
35468
x-xss-protection
0
server
sffe
rliv7GtcojVq0jPGbGxY0TWIQtMIa3veZ1c0eZ0b0_XiiMlLXPoOqzx_N7gK6HyxreeXeBgztuZm8csrA7twbe8NUXQV8plb1g=w1600
lh3.googleusercontent.com/ 		511 KB
512 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/rliv7GtcojVq0jPGbGxY0TWIQtMIa3veZ1c0eZ0b0_XiiMlLXPoOqzx_N7gK6HyxreeXeBgztuZm8csrA7twbe8NUXQV8plb1g=w1600
Requested by
Host: services.demogronomics.com
URL: https://services.demogronomics.com/truwindingcparev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1f::84 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
98f7235735ce61dff27df4db08c45c1e30a2090b12c3332acad653ff97b265f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer
https://services.demogronomics.com/

Response headers

access-control-expose-headers
Content-Length
timing-allow-origin
*
cache-control
public, max-age=86400, no-transform
etag
"v1"
x-content-type-options
nosniff
expires
Wed, 27 Nov 2024 21:29:07 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
523715
date
Tue, 26 Nov 2024 21:29:07 GMT
x-xss-protection
0
content-type
image/jpeg
vary
Origin
server
fife
content-disposition
inline;filename="unnamed.jpg"
W63Fg1Oay94oHNZ3q8mWsFbqqD57Aq1FI1a77aYMXrlXAn2PAXWsZlE4AJBx_0o6Lnxr-bWmBnE6owq0tz-tvQ=w1600
lh3.googleusercontent.com/ 		3 MB
3 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/W63Fg1Oay94oHNZ3q8mWsFbqqD57Aq1FI1a77aYMXrlXAn2PAXWsZlE4AJBx_0o6Lnxr-bWmBnE6owq0tz-tvQ=w1600
Requested by
Host: services.demogronomics.com
URL: https://services.demogronomics.com/truwindingcparev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1f::84 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
d16f39837bdf6f8dbe65ecf3dd283cbb7bfd3623ad4f73dc33eda181313f83f2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer
https://services.demogronomics.com/

Response headers

access-control-expose-headers
Content-Length
timing-allow-origin
*
cache-control
public, max-age=86400, no-transform
etag
"v1"
x-content-type-options
nosniff
expires
Wed, 27 Nov 2024 21:29:07 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2707968
date
Tue, 26 Nov 2024 21:29:07 GMT
x-xss-protection
0
content-type
image/png
vary
Origin
server
fife
content-disposition
inline;filename="unnamed.png"
KyTfX5akKJUIeRpVp_bQrsLdW7zxvyY43uQeunOx1Ito6ByZVOepQZheYbEDP3pcNtBJ5YRX7UEcHoCARtp95dU=w1600
lh3.googleusercontent.com/ 		410 KB
411 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/KyTfX5akKJUIeRpVp_bQrsLdW7zxvyY43uQeunOx1Ito6ByZVOepQZheYbEDP3pcNtBJ5YRX7UEcHoCARtp95dU=w1600
Requested by
Host: services.demogronomics.com
URL: https://services.demogronomics.com/truwindingcparev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1f::84 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
01178ebe2fbf7dfaea067e312d8685e1e2adb90d4ad576353bd02536cee039b4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer
https://services.demogronomics.com/

Response headers

access-control-expose-headers
Content-Length
timing-allow-origin
*
cache-control
public, max-age=86400, no-transform
etag
"v1"
x-content-type-options
nosniff
expires
Wed, 27 Nov 2024 21:29:07 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
420201
date
Tue, 26 Nov 2024 21:29:07 GMT
x-xss-protection
0
content-type
image/jpeg
vary
Origin
server
fife
content-disposition
inline;filename="unnamed.jpg"
DaovaSC2W17HLs3cNnD09yzdkzE2eQC_eWMOHmPql_LnmZfxhNtYc-0Ced0wsrIkmkcgX8-GgHLJ1DGK-uujmWHxVIEn53-8m9g=w431
lh3.googleusercontent.com/ 		37 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/DaovaSC2W17HLs3cNnD09yzdkzE2eQC_eWMOHmPql_LnmZfxhNtYc-0Ced0wsrIkmkcgX8-GgHLJ1DGK-uujmWHxVIEn53-8m9g=w431
Requested by
Host: services.demogronomics.com
URL: https://services.demogronomics.com/truwindingcparev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1f::84 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
27b1647aa43f928ef6d99b5bae8e1b91f58126a2f57059687fe7f4e00686aebd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer
https://services.demogronomics.com/

Response headers

access-control-expose-headers
Content-Length
timing-allow-origin
*
cache-control
public, max-age=86400, no-transform
etag
"v1"
x-content-type-options
nosniff
expires
Wed, 27 Nov 2024 21:29:07 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
38190
date
Tue, 26 Nov 2024 21:29:07 GMT
x-xss-protection
0
content-type
image/png
vary
Origin
server
fife
content-disposition
inline;filename="unnamed.png"
identify.html
js.center.io/ Frame 657E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.center.io/identify.html
Requested by
Host: js.center.io
URL: https://js.center.io/center.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash

Request headers

Referer
https://services.demogronomics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

age
172
cache-control
public, max-age=300
content-encoding
gzip
content-length
2016
content-type
text/html
date
Tue, 26 Nov 2024 21:26:15 GMT
etag
"OMWYXg"
expires
Tue, 26 Nov 2024 21:31:15 GMT
server
Google Frontend
x-cloud-trace-context
9a4d6418d8ccfc1a00bf8f9cb8fb9659
fbevents.js
connect.facebook.net/en_US/ 		239 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: services.demogronomics.com
URL: https://services.demogronomics.com/truwindingcparev/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-iad3.fbcdn.net
Software
/
Resource Hash
527bf3dacc5eb62211130fe4bf315c682861320ab25b4aa2efe6ea87a760db8c
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-sjpJkk17' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer
https://services.demogronomics.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Tue, 26 Nov 2024 21:29:07 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-sjpJkk17' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=31, rtx=0, c=23, mss=1232, tbw=4469, tp=9, tpl=0, uplat=1, ullat=-1
pragma
public
x-fb-debug
Ufw7Ad8WC0jVAjgO4k290sf+83qEWi+ZoFILlYtWq4c+Y/RQ98ffqN3lJmpYaIjZiU/PjI9W+sGPPMb05toQhw==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
62107
x-xss-protection
0
origin-agent-cluster
?1
js
www.googletagmanager.com/gtag/ 		337 KB
111 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-90TT6RDKM9&l=dataLayer&cx=c&gtm=45He4bk0v834287066za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SWR9HL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
23d26f39a9bc92e98803284145482ba403adfc46d5f0119212442b81269404a9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer
https://services.demogronomics.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Tue, 26 Nov 2024 21:29:07 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 26 Nov 2024 21:29:07 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
112975
x-xss-protection
0
server
Google Tag Manager
fbff2f53-0173-4f20-b739-422a8d90bee2.js
cdn.mouseflow.com/projects/ 		764 B
868 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.mouseflow.com/projects/fbff2f53-0173-4f20-b739-422a8d90bee2.js
Requested by
Host: services.demogronomics.com
URL: https://services.demogronomics.com/truwindingcparev/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.26.50 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f943eacfc483576eb7ca68a1fc5a4251614669e60ff2de262c16a2fd5ca9ce12
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer
https://services.demogronomics.com/

Response headers

access-control-expose-headers
*
content-encoding
gzip
cf-cache-status
HIT
etag
W/"1a27417fac3fd71:0"
x-mf-country
CA
x-content-type-options
nosniff
expires
Wed, 27 Nov 2024 21:29:07 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Tue, 26 Nov 2024 21:29:07 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding, Accept-Encoding
last-modified
Sun, 02 May 2021 23:40:13 GMT
priority
u=3,i=?0
x-cache-status
MISS
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-mf-continent
NA
cache-control
public, max-age=86400
cf-ray
8e8cf8e00ecb36b5-YYZ
access-control-allow-origin
*
x-mf-script-region
non-enforced-privacy
server
cloudflare
capture
api.leadpages.io/analytics/v1/events/ 		35 B
676 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.leadpages.io/analytics/v1/events/capture?k=view&a=leadpage&l=Ztdw3RQALwDqatqnitEzLa&v=&e=&st=&lc=en-CA&pid=VnVpdMA597KGHr9coptsk4&uid=mqhKcaqWPCsvFkiZ852WWB&sid=AAMw2RGe3cVyLPGPDUrsRi&cid=lp-Ztdw3RQALwDqatqnitEzLa&uri=https%3A%2F%2Fservices.demogronomics.com%2Ftruwindingcparev%2F&rf=&rx=1600&ry=1200&tz=-08%3A00
Requested by
Host: js.center.io
URL: https://js.center.io/center.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.192.151.63 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
63.151.192.35.bc.googleusercontent.com
Software
Stargate /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer
https://services.demogronomics.com/

Response headers

Transfer-Encoding
chunked
access-control-max-age
600
x-request-id
00d1nud2r19u5uon5oi0
access-control-expose-headers
LP-Security-Token
X-Forwarded-For
167.114.209.103
Connection
keep-alive
access-control-allow-credentials
true
access-control-allow-origin
https://services.demogronomics.com
Date
Tue, 26 Nov 2024 21:29:08 GMT
Content-Type
image/gif
Server
Stargate
collect
www.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-90TT6RDKM9&gtm=45je4bk0v887184653z8834287066za200zb834287066&_p=1732656547505&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&cid=1588386454.1732656548&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1732656547&sct=1&seg=0&dl=https%3A%2F%2Fservices.demogronomics.com%2Ftruwindingcparev%2F&dt=TRUWindingCPARev&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=3904
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-90TT6RDKM9&l=dataLayer&cx=c&gtm=45He4bk0v834287066za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1f::66 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer
https://services.demogronomics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://services.demogronomics.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 26 Nov 2024 21:29:08 GMT
content-type
text/plain
server
Golfe2
9117070991650743
connect.facebook.net/signals/config/ 		67 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/9117070991650743?v=2.9.176&r=stable&domain=services.demogronomics.com&hme=872f04a0547459b3285cb03b0d7a47bfde40628f4b386809918a621e2688602f&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-iad3.fbcdn.net
Software
/
Resource Hash
40ff79cb6e74310d1ac7bc9dfb00b7b627593bbac35ea5ef9d4c7d6eb9b82d29
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-FCPJwci4' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer
https://services.demogronomics.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Tue, 26 Nov 2024 21:29:08 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-FCPJwci4' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=37, rtx=0, c=77, mss=1232, tbw=70979, tp=68, tpl=0, uplat=109, ullat=0
pragma
public
x-fb-debug
WSjJXrCZjoMkmXVVbnYVpI+3lTHYPYGhUXV3dZdkq7NDVRzRRDjAGfAYUUrR+CafUQT7VkJfJzeefh+xKI+Sow==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
/
www.facebook.com/tr/ 		0
19 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=9117070991650743&ev=PageView&dl=https%3A%2F%2Fservices.demogronomics.com&rl=&if=false&ts=1732656548142&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=12316&fbp=fb.1.1732656548136.867965684572324132&pm=1&hrl=472bae&ler=empty&cdl=API_unavailable&it=1732656547932&coo=false&cs_cc=1&cs_cc=1&cas=27571008595847267&cas=27571008595847267&chmd=&chpv=&chfv=undefined&rqm=GET
Requested by
Host: services.demogronomics.com
URL: https://services.demogronomics.com/truwindingcparev/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-iad3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer
https://services.demogronomics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=34, rtx=0, c=23, mss=1232, tbw=5714, tp=11, tpl=0, uplat=61, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Tue, 26 Nov 2024 21:29:08 GMT
content-type
text/plain
server
proxygen-bolt
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
195 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=9117070991650743&ev=PageView&dl=https%3A%2F%2Fservices.demogronomics.com&rl=&if=false&ts=1732656548142&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=12316&fbp=fb.1.1732656548136.867965684572324132&pm=1&hrl=472bae&ler=empty&cdl=API_unavailable&it=1732656547932&coo=false&cs_cc=1&cs_cc=1&cas=27571008595847267&cas=27571008595847267&chmd=&chpv=&chfv=undefined&rqm=FGET
Requested by
Host: services.demogronomics.com
URL: https://services.demogronomics.com/truwindingcparev/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-iad3.facebook.com
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer
https://services.demogronomics.com/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Tue, 26 Nov 2024 21:29:08 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
NW+/IDZdU6f2XrU2JUfgA7GFvoZXEdzVWj50fGe1X2QSDrrbKztGxywx/vQMMsYnxys5hcEY++Ay0QjslbXpbg==
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=34, rtx=0, c=23, mss=1232, tbw=6066, tp=13, tpl=0, uplat=85, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
capture
api.leadpages.io/analytics/v1/observations/ 		35 B
357 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.leadpages.io/analytics/v1/observations/capture?version=1.7.13&origin=page-speed&kind=timer,timer,timer,timer,timer,timer,timer,timer,timer,timer&label=domain-lookup,connect,request,ttfb,response,loading,interactive,content-loaded,complete,load&value=104,102,93,301,5,316,487,488,1244,1244
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.192.151.63 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
63.151.192.35.bc.googleusercontent.com
Software
Stargate /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer
https://services.demogronomics.com/

Response headers

Transfer-Encoding
chunked
x-request-id
00d1nuflsmg73jnalc2g
access-control-expose-headers
LP-Security-Token
X-Forwarded-For
167.114.209.103
Connection
keep-alive
access-control-allow-credentials
true
Date
Tue, 26 Nov 2024 21:29:08 GMT
Content-Type
image/gif
Server
Stargate
favicon.ico
static.leadpages.net/images/ 		15 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://static.leadpages.net/images/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.203.240 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.203.107.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
76da9be859d0d9cd9ffa30b9aa9d07a34164acba1ec512c61bd1b7854c1fab7b

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer
https://services.demogronomics.com/

Response headers

cache-control
public, max-age=300
content-encoding
gzip
etag
"_RHgfQ"
age
277
via
1.1 google
expires
Tue, 26 Nov 2024 21:29:31 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2594
date
Tue, 26 Nov 2024 21:24:31 GMT
x-cloud-trace-context
cc208ce1c6200907e594188e33fe9f19
content-type
image/vnd.microsoft.icon
server
Google Frontend
vary
Accept-Encoding
capture
api.leadpages.io/analytics/v1/observations/ 		35 B
451 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.leadpages.io/analytics/v1/observations/capture?version=1.8.6&correlateBy=we4cMmGZdjXkQvFMoSjGXo&origin=center-js&kind=timer,timer,counter,timer&label=load-center,load-identify,ident-new,send-events&value=167.10000038146973,147.39999961853027,1,207.60000038146973
Requested by
Host: js.center.io
URL: https://js.center.io/center.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.192.151.63 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
63.151.192.35.bc.googleusercontent.com
Software
Stargate /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

User-Agent
Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0
Referer
https://services.demogronomics.com/

Response headers

Transfer-Encoding
chunked
access-control-max-age
600
x-request-id
00d1nvcpirnk97mufv10
access-control-expose-headers
LP-Security-Token
X-Forwarded-For
167.114.209.103
Connection
keep-alive
access-control-allow-credentials
true
access-control-allow-origin
https://services.demogronomics.com
Date
Tue, 26 Nov 2024 21:29:12 GMT
Content-Type
image/gif
Server
Stargate

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 string| LeadPagesCenterObject function| center object| dataLayer object| sup object| google_tag_manager object| google_tag_data function| fbq function| _fbq object| _mfq function| onYouTubeIframeAPIReady object| gaGlobal object| mouseflow

4 Cookies

Domain/Path Name / Value
.api.leadpages.io/analytics/v1/events/capture Name: view.VnVpdMA597KGHr9coptsk4.Ztdw3RQALwDqatqnitEzLa
Value: 1732656548000
.demogronomics.com/ Name: _ga_90TT6RDKM9
Value: GS1.1.1732656547.1.0.1732656547.0.0.0
.demogronomics.com/ Name: _ga
Value: GA1.1.1588386454.1732656548
.demogronomics.com/ Name: _fbp
Value: fb.1.1732656548136.867965684572324132

1 Console Messages

Source Level URL
Text
other warning URL: https://services.demogronomics.com/truwindingcparev/(Line 45)
Message:
Allow attribute will take precedence over 'allowfullscreen'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15768000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.leadpages.io
cdn.mouseflow.com
connect.facebook.net
fast.wistia.net
fonts.googleapis.com
fonts.gstatic.com
js.center.io
lh3.googleusercontent.com
services.demogronomics.com
static.leadpages.net
wrcclientreview.com
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
104.18.26.50
142.251.16.94
2001:4860:4802:32::15
2001:4860:4802:38::15
216.40.34.41
2607:f8b0:4004:c0b::5f
2607:f8b0:4004:c19::61
2607:f8b0:4004:c1f::66
2607:f8b0:4004:c1f::84
2a04:4e42::644
31.13.66.19
31.13.66.35
34.107.203.240
35.192.151.63
35.202.21.90
00f2605183f3829cd2c2d655470c23538bd35e44208563001dcfbbf306cfeed0
01178ebe2fbf7dfaea067e312d8685e1e2adb90d4ad576353bd02536cee039b4
0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5
0a7fc3de6341e5ab2853f213dbf792903cd35039daa9530a649a20a877ccac8a
1d775b6a2fff29b5fbdb9762381e7fa14acd701ef7a4b2f1751c32aaf94d448c
1fa9166e5c7342af403e851b0dc9cba7bfe829ccdc9bbef32ee24da7fe66215d
23d26f39a9bc92e98803284145482ba403adfc46d5f0119212442b81269404a9
27b1647aa43f928ef6d99b5bae8e1b91f58126a2f57059687fe7f4e00686aebd
40ff79cb6e74310d1ac7bc9dfb00b7b627593bbac35ea5ef9d4c7d6eb9b82d29
527bf3dacc5eb62211130fe4bf315c682861320ab25b4aa2efe6ea87a760db8c
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
7167759b503bf34abc53c8f84ecee5dc4e64e75502bbb87afd1cc935d778368f
74048eb074a46e6d72738535563ed48e7ea08fd46fff17018b76027e1f0eec80
76da9be859d0d9cd9ffa30b9aa9d07a34164acba1ec512c61bd1b7854c1fab7b
87a5839dd5cb26c69d2daf5549b125234009d07070c82e68f9498e35892b13f3
98f7235735ce61dff27df4db08c45c1e30a2090b12c3332acad653ff97b265f6
9f6ba2a1bb04fb4ebe36dc8814e5c9c1d820cbb60da0a73b30b748434ecc4812
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
bf9cfe01317e3758dd38982921dc1f26cc7243237d02e7ed90d3830b6f4e8ed0
cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42
d16f39837bdf6f8dbe65ecf3dd283cbb7bfd3623ad4f73dc33eda181313f83f2
d21d1545591ddfa2ce9c208879298e9086b1a8dba7c81d50b686c70a259e91e8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
efce1da5d4b6e714bddcf0fcad8ca968f5f800ee3d827afc8d1998734b51adfb
f502374c782831424b416156536413098d4d235197bbeeb25548a58f2c263d59
f943eacfc483576eb7ca68a1fc5a4251614669e60ff2de262c16a2fd5ca9ce12