urlscan.io logo urlscan.io
SecurityTrails logo

dem509.com Open in urlscan Pro
47.79.48.233  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://dem509.com/0.4734680090552701
Effective URL: https://dem509.com/0.4734680090552701
Submission: On October 28 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 2 countries across 9 domains to perform 27 HTTP transactions. The main IP is 47.79.48.233, located in United States and belongs to ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN. The main domain is dem509.com.
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G2 on October 22nd 2024. Valid for: 3 months.
This is the only time dem509.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
7 47.79.48.233 45102 (ALIBABA-C...)
2 2404:2280:1b2... 24429 (TAOBAO Zh...)
3 142.251.40.226 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
4 142.250.80.34 15169 (GOOGLE)
2 142.250.80.66 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
1 142.251.35.162 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
1 142.251.32.100 15169 (GOOGLE)
27 12
7    47.79.48.233 (United States)

ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)
dem509.com
2    2404:2280:1b2:0:3::3fb (Singapore)

ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)
g.alicdn.com
3    142.251.40.226 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s39-in-f2.1e100.net
securepubads.g.doubleclick.net
1    2607:f8b0:4006:823::200a (United States)

ASN15169 (GOOGLE, US)
imasdk.googleapis.com
4    142.250.80.34 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s34-in-f2.1e100.net
pagead2.googlesyndication.com
2    142.250.80.66 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f2.1e100.net
googleads.g.doubleclick.net
1    2607:f8b0:4006:820::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2607:f8b0:4006:80f::200e (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    142.251.35.162 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s78-in-f2.1e100.net
ep1.adtrafficquality.google
2    2607:f8b0:4006:80e::2001 (United States)

ASN15169 (GOOGLE, US)
ep2.adtrafficquality.google
1    142.251.32.100 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s77-in-f4.1e100.net
www.google.com
Apex Domain
Subdomains		 Transfer
7 dem509.com
dem509.com
714 KB
5 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 215
googleads.g.doubleclick.net — Cisco Umbrella Rank: 42
182 KB
4 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 116
197 KB
3 adtrafficquality.google
ep1.adtrafficquality.google — Cisco Umbrella Rank: 233245
ep2.adtrafficquality.google — Cisco Umbrella Rank: 204383
19 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 34
2 alicdn.com
g.alicdn.com — Cisco Umbrella Rank: 9917
177 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 3
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
107 KB
1 googleapis.com
imasdk.googleapis.com — Cisco Umbrella Rank: 501
145 KB
27 9
Domain Requested by
7 dem509.com dem509.com
4 pagead2.googlesyndication.com dem509.com
pagead2.googlesyndication.com
3 securepubads.g.doubleclick.net dem509.com
imasdk.googleapis.com
securepubads.g.doubleclick.net
2 ep2.adtrafficquality.google pagead2.googlesyndication.com
ep2.adtrafficquality.google
2 www.google-analytics.com www.googletagmanager.com
2 googleads.g.doubleclick.net pagead2.googlesyndication.com
2 g.alicdn.com dem509.com
1 www.google.com ep2.adtrafficquality.google
1 ep1.adtrafficquality.google pagead2.googlesyndication.com
1 www.googletagmanager.com dem509.com
1 imasdk.googleapis.com dem509.com
27 11

This site contains no links.

Subject Issuer Validity Valid
dem509.com
Encryption Everywhere DV TLS CA - G2		 2024-10-22 -
2025-01-19		 3 months crt.sh
*.tbcdn.cn
GlobalSign Organization Validation CA - SHA256 - G3		 2024-06-19 -
2025-07-21		 a year crt.sh
*.g.doubleclick.net
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
upload.video.google.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
*.google-analytics.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
adtrafficquality.google
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
*.google.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh

This page contains 5 frames:

Primary Page: https://dem509.com/0.4734680090552701
Frame ID: B5FAF87F1E7C32DDD80CD3D30F54AF5F
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20241023/r20190131/zrt_lookup_fy2021.html
Frame ID: 52DC1F86B57E5BE4CD75B273E6FB9659
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3192222450513945&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1729845235&plaf=7%3A2&plat=3%3A128%2C4%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32%2C41%3A32%2C42%3A32&plas=404x1080_l%7C404x1080_r&format=0x0&url=https%3A%2F%2Fdem509.com%2F0.4734680090552701&pra=5&wgl=1&aihb=0&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aifxl=29_18~30_19&aiixl=29_5~30_6&aslmct=0.7&asamct=0.7&aipaq=1&aiapm=0.20295&aiapmi=0.24446&aiombap=1&aief=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1730073798555&bpp=6&bdt=1210&idt=269&shv=r20241023&mjsv=m202410230101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=630418095625&frm=20&pv=2&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31088327%2C95332586%2C95344189%2C95344788%2C95345270%2C31088451%2C95335246%2C95344978%2C95345789&oid=2&pvsid=98362802571261&tmod=1675210877&uas=0&nvt=1&fsapi=1&fc=1920&brdim=230%2C230%2C230%2C230%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=296
Frame ID: 2FA8BC85EC7968CD6A4C25EE93F58799
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: 6FE62595AB210465C254B8053DD3FB3F
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9611525C11320BBCDC724BF9EDEB7915
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Mini drama

Page URL History Show full URLs

  1. http://dem509.com/0.4734680090552701 HTTP 307
    https://dem509.com/0.4734680090552701 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <(?:div|button) class="el-(?:table-column|table-filter|popper|pagination|pager|select-group|form|form-item|color-predefine|color-hue-slider|color-svpanel|color-alpha-slider|color-dropdown|color-picker|badge|tree|tree-node|select|message|dialog|checkbox|checkbox-button|checkbox-group|container|steps|carousel|menu|menu-item|submenu|menu-item-group|button|button-group|card|table|select-dropdown|row|tabs|notification|radio|progress|progress-bar|tag|popover|tooltip|cascader|cascader-menus|cascader-menu|time-spinner|spinner|spinner-inner|transfer|transfer-panel|rate|slider|dropdown|dropdown-menu|textarea|input|input-group|popup-parent|radio-group|main|breadcrumb|time-range-picker|date-range-picker|year-table|date-editor|range-editor|time-spinner|date-picker|time-panel|date-table|month-table|picker-panel|collapse|collapse-item|alert|select-dropdown|select-dropdown__empty|select-dropdown__wrap|select-dropdown__list|scrollbar|switch|carousel|upload|upload-dragger|upload-list|upload-cover|aside|input-number|header|message-box|footer|radio-button|step|autocomplete|autocomplete-suggestion|loading-parent|loading-mask|loading-spinner|)
Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

27
Requests

96 %
HTTPS

45 %
IPv6

9
Domains

11
Subdomains

12
IPs

2
Countries

1541 kB
Transfer

5253 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://dem509.com/0.4734680090552701 HTTP 307
    https://dem509.com/0.4734680090552701 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 0.4734680090552701
dem509.com/
Redirect Chain
  • http://dem509.com/0.4734680090552701
  • https://dem509.com/0.4734680090552701
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dem509.com/0.4734680090552701
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.79.48.233 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
0b4c8fcf56b6965444c71ca0f93d9113018dd5a6f28cba70ecf927608c215034

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-MD5
cikMQExUv0nn2rBhrIrXeA==
Content-Type
text/html
Date
Mon, 28 Oct 2024 00:03:17 GMT
Last-Modified
Fri, 25 Oct 2024 08:33:55 GMT
Server
AliyunOSS
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-oss-hash-crc64ecma
4156910927900054987
x-oss-object-type
Normal
x-oss-request-id
671ED4C57CC7753734260FB8
x-oss-server-time
3
x-oss-storage-class
Standard

Redirect headers

Location
https://dem509.com/0.4734680090552701
Non-Authoritative-Reason
HttpsUpgrades
aliplayer-min.css
g.alicdn.com/apsara-media-box/imp-web-player/2.25.1/skins/default/ 		28 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://g.alicdn.com/apsara-media-box/imp-web-player/2.25.1/skins/default/aliplayer-min.css
Requested by
Host: dem509.com
URL: https://dem509.com/0.4734680090552701
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2404:2280:1b2:0:3::3fb , Singapore, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software
Tengine /
Resource Hash
34bfb65968aaf89a898885e7b3fc1a314b603519049404e77033441297336614

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dem509.com/

Response headers

content-md5
ADRh6V2H/7LWU2bm3jalJA==
x-oss-storage-class
Standard
content-encoding
gzip
age
3686
x-oss-object-type
Normal
x-cache
HIT TCP_MEM_HIT dirn:-2:-2
date
Sun, 27 Oct 2024 23:01:51 GMT
x-oss-server-time
123
content-type
text/css
vary
Accept-Encoding
x-bucket-code
3
cache-control
max-age=2592000,s-maxage=86400
x-swift-cachetime
84221
timing-allow-origin
*
x-oss-hash-crc64ecma
14302592516470138963
via
cache30.l2us2[0,0,200-0,H], cache8.l2us2[1,0], cache8.l2us2[1,0], ens-cache17.us19[0,0,200-0,H], ens-cache3.us19[2,0]
ali-swift-global-savetime
1730070111
x-swift-savetime
Sun, 27 Oct 2024 23:38:10 GMT
access-control-allow-origin
*
eagleid
082d349717300737979248727e
content-length
4864
x-oss-request-id
671EC65FAF49DB373149BD44
server
Tengine
settingData.js
dem509.com/ 		680 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dem509.com/settingData.js
Requested by
Host: dem509.com
URL: https://dem509.com/0.4734680090552701
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.79.48.233 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
203f467afa5ce7c913dc4ac384e51f819da1808c0a12f0e6ddd2832af49edcab

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dem509.com/0.4734680090552701

Response headers

Content-MD5
tR65h4fV2w/Vg9ahgIgL9g==
x-oss-storage-class
Standard
ETag
"B51EB98787D5DB0FD583D6A180880BF6"
x-oss-hash-crc64ecma
17469124874250353546
x-oss-object-type
Normal
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
680
x-oss-request-id
671ED4C57CC7753734740FB8
Date
Mon, 28 Oct 2024 00:03:17 GMT
x-oss-server-time
2
Content-Type
application/javascript
Last-Modified
Fri, 25 Oct 2024 07:33:14 GMT
Server
AliyunOSS
aliplayer-min.js
g.alicdn.com/apsara-media-box/imp-web-player/2.25.1/ 		644 KB
171 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://g.alicdn.com/apsara-media-box/imp-web-player/2.25.1/aliplayer-min.js
Requested by
Host: dem509.com
URL: https://dem509.com/0.4734680090552701
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2404:2280:1b2:0:3::3fb , Singapore, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software
Tengine /
Resource Hash
88d5ac7073c22f3d6612fed2f1135c05fc37da0de492904f17f697ee52ea7764

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dem509.com/

Response headers

content-md5
JhMnzQIREm7WNjMsZ+N/dw==
x-oss-storage-class
Standard
content-encoding
gzip
age
53389
x-oss-object-type
Normal
x-cache
HIT TCP_MEM_HIT dirn:-2:-2
date
Sun, 27 Oct 2024 09:13:28 GMT
x-oss-server-time
50
content-type
application/javascript
vary
Accept-Encoding
x-bucket-code
3
cache-control
max-age=2592000,s-maxage=86400
x-swift-cachetime
85731
timing-allow-origin
*
x-oss-hash-crc64ecma
11150815101259881301
via
cache35.l2us2[0,0,200-0,H], cache6.l2us2[0,0], cache6.l2us2[1,0], ens-cache17.us19[0,0,200-0,H], ens-cache3.us19[1,0]
ali-swift-global-savetime
1730020408
x-swift-savetime
Sun, 27 Oct 2024 09:24:37 GMT
access-control-allow-origin
*
eagleid
082d349717300737979258729e
content-length
175003
x-oss-request-id
671E04384650AD3739F54060
server
Tengine
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		104 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: dem509.com
URL: https://dem509.com/0.4734680090552701
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f2.1e100.net
Software
cafe /
Resource Hash
edee785848b2aa2c0b8b9a0ae866c976c964271c58519f8812439fbeffebfe3e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dem509.com/

Response headers

content-encoding
br
etag
569 / 20024 / m202410210101 / config-hash: 7111543634931288829
x-content-type-options
nosniff
expires
Mon, 28 Oct 2024 00:03:18 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Mon, 28 Oct 2024 00:03:18 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
33371
x-xss-protection
0
server
cafe
ima3.js
imasdk.googleapis.com/js/sdkloader/ 		423 KB
145 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: dem509.com
URL: https://dem509.com/0.4734680090552701
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c782c22111e19f40582e08353f33f78fc0b10bbaeec1a782636838b416851b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dem509.com/

Response headers

cache-control
private, max-age=900, stale-while-revalidate=3600
content-encoding
gzip
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
x-content-type-options
nosniff
expires
Mon, 28 Oct 2024 00:03:17 GMT
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
147824
date
Mon, 28 Oct 2024 00:03:17 GMT
x-xss-protection
0
content-type
text/javascript
vary
Accept-Encoding
server
sffe
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		155 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3192222450513945
Requested by
Host: dem509.com
URL: https://dem509.com/0.4734680090552701
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
cafe /
Resource Hash
174200f6e392b551fb3375fc01eaf303ef404cfb9d0f6fb08e1f751bb399c75d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://dem509.com
Referer
https://dem509.com/

Response headers

content-encoding
br
etag
9711802822480907623
x-content-type-options
nosniff
expires
Mon, 28 Oct 2024 00:03:18 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Mon, 28 Oct 2024 00:03:18 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
53387
x-xss-protection
0
server
cafe
chunk-vendors.8ee4333e.js
dem509.com/js/ 		2 MB
560 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dem509.com/js/chunk-vendors.8ee4333e.js
Requested by
Host: dem509.com
URL: https://dem509.com/0.4734680090552701
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.79.48.233 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
e927f0218f99c48549e31d0a49e5a9dc78efdda87142b8ca27f08c0e37a243f4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dem509.com/0.4734680090552701

Response headers

Transfer-Encoding
chunked
Content-MD5
efzYK7Qhv+RD7uQeKMDRnw==
x-oss-storage-class
Standard
Content-Encoding
gzip
x-oss-hash-crc64ecma
5092248342516500767
x-oss-object-type
Normal
Connection
keep-alive
x-oss-request-id
671ED4C67CC77537345B10B8
Date
Mon, 28 Oct 2024 00:03:18 GMT
x-oss-server-time
2
Last-Modified
Fri, 25 Oct 2024 08:34:27 GMT
Content-Type
application/javascript
Vary
Accept-Encoding
Server
AliyunOSS
app.2f0a271e.js
dem509.com/js/ 		366 KB
102 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dem509.com/js/app.2f0a271e.js
Requested by
Host: dem509.com
URL: https://dem509.com/0.4734680090552701
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.79.48.233 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
54c5ae2cb7b9fc1c3bffa59e73719e8f21a0f4be292ce6beea9a919404148db2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dem509.com/0.4734680090552701

Response headers

Transfer-Encoding
chunked
Content-MD5
OaE59rkqT6UG1mD3L/AFZA==
x-oss-storage-class
Standard
Content-Encoding
gzip
x-oss-hash-crc64ecma
13042372045287731610
x-oss-object-type
Normal
Connection
keep-alive
x-oss-request-id
671ED4C6AA02983232C77B1D
Date
Mon, 28 Oct 2024 00:03:18 GMT
x-oss-server-time
1
Last-Modified
Fri, 25 Oct 2024 08:33:57 GMT
Content-Type
application/javascript
Vary
Accept-Encoding
Server
AliyunOSS
chunk-vendors.10dd4e95.css
dem509.com/css/ 		206 KB
34 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://dem509.com/css/chunk-vendors.10dd4e95.css
Requested by
Host: dem509.com
URL: https://dem509.com/0.4734680090552701
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.79.48.233 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
fa6f1d96e529b170226115b7eb039ed98b1c74687495207ff4bf95a8a2ced3bc

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dem509.com/0.4734680090552701

Response headers

Transfer-Encoding
chunked
Content-MD5
IULvjhLuo+047b89ZZq0/g==
x-oss-storage-class
Standard
Content-Encoding
gzip
x-oss-hash-crc64ecma
8478411404194719791
x-oss-object-type
Normal
Connection
keep-alive
x-oss-request-id
671ED4C5AA02983232957A1D
Date
Mon, 28 Oct 2024 00:03:17 GMT
x-oss-server-time
24
Last-Modified
Fri, 25 Oct 2024 08:34:00 GMT
Content-Type
text/css
Vary
Accept-Encoding
Server
AliyunOSS
app.01d680a3.css
dem509.com/css/ 		17 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://dem509.com/css/app.01d680a3.css
Requested by
Host: dem509.com
URL: https://dem509.com/0.4734680090552701
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.79.48.233 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
f63eee4474d7710992c937e22f3f6be2be47472d002d7bad15462dc2ae490687

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dem509.com/0.4734680090552701

Response headers

Transfer-Encoding
chunked
Content-MD5
Rr0qOwihIejq0tV6XilP+A==
x-oss-storage-class
Standard
Content-Encoding
gzip
x-oss-hash-crc64ecma
2103482111928273972
x-oss-object-type
Normal
Connection
keep-alive
x-oss-request-id
671ED4C57CC7753734B60FB8
Date
Mon, 28 Oct 2024 00:03:17 GMT
x-oss-server-time
19
Last-Modified
Fri, 25 Oct 2024 08:33:58 GMT
Content-Type
text/css
Vary
Accept-Encoding
Server
AliyunOSS
ima_ppub_config
securepubads.g.doubleclick.net/pagead/ 		73 B
62 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ima_ppub_config?ippd=https%3A%2F%2Fdem509.com%2F0.4734680090552701
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f2.1e100.net
Software
cafe /
Resource Hash
0e8e20df70e9e8d317ec232b3ef4c5a1caa3d92f94d9e1327755ff6ce199b5ba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dem509.com/

Response headers

cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Mon, 28 Oct 2024 00:03:18 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
38
date
Mon, 28 Oct 2024 00:03:18 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410210101/ 		481 KB
149 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410210101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f2.1e100.net
Software
cafe /
Resource Hash
dad10a832ba51b5db08691887a58b582022dd25c7849e0dd70f1ff8484d74a2c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dem509.com/

Response headers

content-encoding
br
etag
14283833466912019972
age
58
x-content-type-options
nosniff
expires
Tue, 28 Oct 2025 00:02:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Mon, 28 Oct 2024 00:02:20 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
152738
x-xss-protection
0
server
cafe
show_ads_impl_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202410230101/ 		435 KB
145 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202410230101/show_ads_impl_fy2021.js?bust=31088451
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3192222450513945
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
cafe /
Resource Hash
b491ff82334ffa83fb2cb7c7a7b2b5afe5134e7f639000561c450388cf5fa04a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dem509.com/

Response headers

content-encoding
br
etag
11047730251644598058
x-content-type-options
nosniff
expires
Mon, 28 Oct 2024 00:03:18 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Mon, 28 Oct 2024 00:03:18 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
148296
x-xss-protection
0
server
cafe
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20241023/r20190131/ Frame 52DC 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20241023/r20190131/zrt_lookup_fy2021.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202410230101/show_ads_impl_fy2021.js?bust=31088451
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.66 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s35-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://dem509.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

age
8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4121
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 28 Oct 2024 00:03:11 GMT
etag
13108003645644964576
expires
Mon, 11 Nov 2024 00:03:11 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 2FA8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3192222450513945&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1729845235&plaf=7%3A2&plat=3%3A128%2C4%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32%2C41%3A32%2C42%3A32&plas=404x1080_l%7C404x1080_r&format=0x0&url=https%3A%2F%2Fdem509.com%2F0.4734680090552701&pra=5&wgl=1&aihb=0&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aifxl=29_18~30_19&aiixl=29_5~30_6&aslmct=0.7&asamct=0.7&aipaq=1&aiapm=0.20295&aiapmi=0.24446&aiombap=1&aief=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1730073798555&bpp=6&bdt=1210&idt=269&shv=r20241023&mjsv=m202410230101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=630418095625&frm=20&pv=2&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31088327%2C95332586%2C95344189%2C95344788%2C95345270%2C31088451%2C95335246%2C95344978%2C95345789&oid=2&pvsid=98362802571261&tmod=1675210877&uas=0&nvt=1&fsapi=1&fc=1920&brdim=230%2C230%2C230%2C230%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=296
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202410230101/show_ads_impl_fy2021.js?bust=31088451
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.66 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s35-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://dem509.com/
Sec-Browsing-Topics
();p=P0000000000000000000000000000000
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
5220
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 28 Oct 2024 00:03:19 GMT
expires
Mon, 28 Oct 2024 00:03:19 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ping
pagead2.googlesyndication.com/pagead/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202410230101/show_ads_impl_fy2021.js?bust=31088451
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://dem509.com/

Response headers
js
www.googletagmanager.com/gtag/ 		321 KB
107 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-CQTK4WHR6D
Requested by
Host: dem509.com
URL: https://dem509.com/js/app.2f0a271e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a480ff27728c177d6b1717cc322e7e347226e77e82c119208f0dca67a341ede1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dem509.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Mon, 28 Oct 2024 00:03:19 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 28 Oct 2024 00:03:19 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
108824
x-xss-protection
0
server
Google Tag Manager
collect
www.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-CQTK4WHR6D&gtm=45je4ao0v9198581687za200&_p=1730073799676&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101533422~101823848&cid=1999988694.1730073800&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1730073800&sct=1&seg=0&dl=https%3A%2F%2Fdem509.com%2F0.4734680090552701&dt=Mini%20drama&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=4205
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CQTK4WHR6D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dem509.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://dem509.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 28 Oct 2024 00:03:20 GMT
content-type
text/plain
server
Golfe2
sodar
ep1.adtrafficquality.google/getconfig/ 		17 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gda&tv=r20241023&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202410230101/show_ads_impl_fy2021.js?bust=31088451
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.35.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f2.1e100.net
Software
cafe /
Resource Hash
d1b1e6e006583959075194222e521b7574cb24bd0a23d0943334c6a754633782
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dem509.com/

Response headers

timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
12945
date
Mon, 28 Oct 2024 00:03:20 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
favicon.ico
dem509.com/ 		12 KB
12 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://dem509.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.79.48.233 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
9eca378d744c7c81c823903bb566a99e50e048b8bdbe939f8065b14f8f37629f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dem509.com/0.4734680090552701

Response headers

Content-MD5
+kX3loETZRCR5NJjRWy3bA==
x-oss-storage-class
Standard
ETag
"FA45F7968113651091E4D263456CB76C"
x-oss-hash-crc64ecma
17562430322641726612
x-oss-object-type
Normal
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
12050
x-oss-request-id
671ED4C87CC77537344A12B8
Date
Mon, 28 Oct 2024 00:03:20 GMT
x-oss-server-time
25
Content-Type
image/x-icon
Last-Modified
Fri, 25 Oct 2024 03:57:43 GMT
Server
AliyunOSS
sodar2.js
ep2.adtrafficquality.google/sodar/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202410230101/show_ads_impl_fy2021.js?bust=31088451
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dem509.com/

Response headers

content-encoding
gzip
etag
"1727224258380615"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Mon, 28 Oct 2024 00:03:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 28 Oct 2024 00:03:20 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
private, max-age=3000
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
6445
x-xss-protection
0
server
sffe
runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame 6FE6 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://dem509.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
1146
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000
content-encoding
gzip
content-length
5005
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 27 Oct 2024 23:44:14 GMT
expires
Mon, 28 Oct 2024 00:34:14 GMT
last-modified
Mon, 23 Sep 2024 18:12:21 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 9611 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.32.100 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f4.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-pWLy4oB2UJQxcpfU0PD1wg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://dem509.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-pWLy4oB2UJQxcpfU0PD1wg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Mon, 28 Oct 2024 00:03:20 GMT
expires
Mon, 28 Oct 2024 00:03:20 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_stats&wpc=ca-pub-3192222450513945&su=dem509.com&eid=44759876%2C44759927%2C31088327%2C95332586%2C95344189%2C95344788%2C95345270%2C31088451%2C95335246%2C95344978%2C95345789&doc=complete&pg_h=1200&pg_w=1600&pg_hs=1200&c=0&aa_c=0&d=0&all_d=0&ard=0&all_ard=0&dt=d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dem509.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Mon, 28 Oct 2024 00:03:21 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
sodar
ep1.adtrafficquality.google/pagead/ 		0
0
collect
www.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-CQTK4WHR6D&gtm=45je4ao0v9198581687za200&_p=1730073799676&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101533422~101823848&cid=1999988694.1730073800&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1730073800&sct=1&seg=0&dl=https%3A%2F%2Fdem509.com%2F0.4734680090552701&dt=Mini%20drama&en=scroll&epn.percent_scrolled=90&_et=15&tfd=9232
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CQTK4WHR6D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://dem509.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://dem509.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 28 Oct 2024 00:03:25 GMT
content-type
text/plain
server
Golfe2

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
ep1.adtrafficquality.google
URL
https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gda_r20241023&jk=98362802571261&bg=!Hh2lHVLNAAZ-RxQpXkc7ADQBe5WfOMED4_kmg5-4xtmZR0LBC0jfTecmUZ9v0bVx0FFmIzPz7ZkVHlTH59w8A4GGWzOdAgAAAGRSAAAABGgBB34ANj0usqDh1vs_dlUuxlshIAP8GCvtJ8a3wtdCe_yV5Ck7gYQu6EXgIXBGj5xGVSHNPVffw2xKsZkChYPrqcXP75PIMAu4SwjYK_XDdohXPKT-6thCGoK7t3xJ5ycHNFfFttts3lo1Vj34GO3I2j5BEzwKFCXpo11CFqv9weuH6PSyE7Gl36s3PTw7EQF9tq08ONx07wpcomiUAxt7ixy_dSw60_U8p7riuxwR5Ow68rsRpe14gxXj5aS7BqVd0EGzBJhTIV_NKAEqFNJukjx_SPzAmvDYgveqjcRbbah3BALjCwUeWEcerKZnUrxUGhBfD8j8ScLrXgf5KQayzQJNGQckVcrrn56AeynqPgTG3qnri4hcIfAO53WUn2cTUFw_DxdKnG3IcI0zIMldIqx9FeYZ1jNecPq67YLeooHudZv7ZvRT1l1A0CIcb3DbqLhuYfrcO0DnwVE-oqSwybbXZ3CM2mzXcPSxQqhTxtlw7S0LKtTG93lizQ_gonfuFJQQwJylTy96-SBeBqaIkmFMMp4RPE48SfTKIpH8qpBPYxdWZ1CVhrnSg74MY6on_KpS9ffgHIRiMhZBvi1dLQOQYF64WdkJJxeJWDGprM7bUo0nU1H_KU1pj3x2SKuLH2rIiOkjffGaNgv8CMtS0E3bVfL0zgb0QNeBA-OqMwYufAhNO7VpSYcKtM9Y_h3stGFJpgf2RH7rhGtBUcqoHCIl33JClrvUUoQnU0MQwEEjqr9EXdBYWVBMyU-JoQZjv72Tx0IG2C4a5iz05EBj0ZtZ98cX0vuj3i_RL1F9RRSWU5n8Lv0AWyQb7o2jiDkFQxG1mo9v7yzZVsyB8cTVJomrE6_ca_YiRKPMuktJpKIMmwRz85itlQMDu2BvH_hoUJlP53w5REKtTJyZqpRpLJcqelLZQBNf0Wwm4brMc00tUw

Verdicts & Comments Add Verdict or Comment

60 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| settingData string| aliplayer_lang object| aliplayer_lang_data_h5_2_25_1_en-us object| __devtoolsDetector function| Aliplayer object| _google_rum_ns_ object| google_persistent_state_async number| google_global_correlator object| ggeac object| google_js_reporting_queue function| Goog_AdSense_Lidar_sendVastEvent function| Goog_AdSense_Lidar_getViewability function| Goog_AdSense_Lidar_getUrlSignalsArray function| Goog_AdSense_Lidar_getUrlSignalsList number| google_srt object| google object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$companion_ad_selection_settings object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$ads_rendering_settings object| ima object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$ad_error object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$ad_error_event object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$ad_event object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$ads_manager_loaded_event object| googletag object| google_tag_data object| google_reactive_ads_global_state object| google_logging_queue object| google_ad_modifications object| adsbygoogle object| google_sa_queue function| google_process_slots object| google_ama_state function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter string| google_user_agent_client_hint function| google_sa_impl object| googPageScrollPreventerInfo object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages function| a1_0x5df3f6 function| a1_0x41ff function| a1_0x1a9c object| webpackChunkplay_video_web function| a0_0x2de6 function| a0_0x3e87 function| clearImmediate function| setImmediate function| _ object| dataLayer object| google_tag_manager function| onYouTubeIframeAPIReady object| gaGlobal object| GoogleGcLKhOms object| google_image_requests

3 Cookies

Domain/Path Name / Value
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.dem509.com/ Name: _ga
Value: GA1.1.1999988694.1730073800
.dem509.com/ Name: _ga_CQTK4WHR6D
Value: GS1.1.1730073800.1.0.1730073800.0.0.0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dem509.com
ep1.adtrafficquality.google
ep2.adtrafficquality.google
g.alicdn.com
googleads.g.doubleclick.net
imasdk.googleapis.com
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
www.google-analytics.com
www.google.com
www.googletagmanager.com
ep1.adtrafficquality.google
142.250.80.34
142.250.80.66
142.251.32.100
142.251.35.162
142.251.40.226
2404:2280:1b2:0:3::3fb
2607:f8b0:4006:80e::2001
2607:f8b0:4006:80f::200e
2607:f8b0:4006:820::2008
2607:f8b0:4006:823::200a
47.79.48.233
0b4c8fcf56b6965444c71ca0f93d9113018dd5a6f28cba70ecf927608c215034
0e8e20df70e9e8d317ec232b3ef4c5a1caa3d92f94d9e1327755ff6ce199b5ba
174200f6e392b551fb3375fc01eaf303ef404cfb9d0f6fb08e1f751bb399c75d
203f467afa5ce7c913dc4ac384e51f819da1808c0a12f0e6ddd2832af49edcab
34bfb65968aaf89a898885e7b3fc1a314b603519049404e77033441297336614
3c782c22111e19f40582e08353f33f78fc0b10bbaeec1a782636838b416851b2
54c5ae2cb7b9fc1c3bffa59e73719e8f21a0f4be292ce6beea9a919404148db2
88d5ac7073c22f3d6612fed2f1135c05fc37da0de492904f17f697ee52ea7764
9eca378d744c7c81c823903bb566a99e50e048b8bdbe939f8065b14f8f37629f
a480ff27728c177d6b1717cc322e7e347226e77e82c119208f0dca67a341ede1
b491ff82334ffa83fb2cb7c7a7b2b5afe5134e7f639000561c450388cf5fa04a
d1b1e6e006583959075194222e521b7574cb24bd0a23d0943334c6a754633782
dad10a832ba51b5db08691887a58b582022dd25c7849e0dd70f1ff8484d74a2c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e927f0218f99c48549e31d0a49e5a9dc78efdda87142b8ca27f08c0e37a243f4
edee785848b2aa2c0b8b9a0ae866c976c964271c58519f8812439fbeffebfe3e
f63eee4474d7710992c937e22f3f6be2be47472d002d7bad15462dc2ae490687
fa6f1d96e529b170226115b7eb039ed98b1c74687495207ff4bf95a8a2ced3bc
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99