go.behindthemarkets.com Open in urlscan Pro
35.202.21.90 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://links.that.etf-alerts.com/u/click?_t=3bd7f30ef73f48d3a68ad6a4e011fcb9&_m=33cac7f4b5614d498b5eea1acb47fba6&_e=7GSXQRNDnKzVB...
Effective URL:
https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=ba766aceb5964166a6e332b579ab4f37&utm_source=82&utm_campa...
Submission: On April 14 via manual (April 14th 2022, 5:02:45 pm UTC) from US — Scanned from DE

Summary HTTP 118 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 23 IPs in 5 countries across 24 domains to perform 118 HTTP transactions. The main IP is 35.202.21.90, located in Council Bluffs, United States and belongs to GOOGLE, US. The main domain is go.behindthemarkets.com.
TLS certificate: Issued by R3 on April 5th 2022. Valid for: 3 months.

This is the only time go.behindthemarkets.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2600:9000:223... 2600:9000:223f:7a00:f:c018:2840:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	2606:4700:303... 2606:4700:3034::6815:2fe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	50.97.212.250 50.97.212.250	36351 (SOFTLAYER) (SOFTLAYER)
1 3	2a06:98c1:312... 2a06:98c1:3120::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	35.202.21.90 35.202.21.90	15169 (GOOGLE) (GOOGLE)
4	34.107.203.240 34.107.203.240	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
1	34.120.142.1 34.120.142.1	15169 (GOOGLE) (GOOGLE)
57	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:831::2013	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
6	35.192.151.63 35.192.151.63	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	178.250.0.147 178.250.0.147	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
14	84.17.46.53 84.17.46.53	60068 (CDN77 ^_^) (CDN77 ^_^)
1	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c01::9c	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a03:2880:f12... 2a03:2880:f12d:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 2	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5	52.38.14.212 52.38.14.212	16509 (AMAZON-02) (AMAZON-02)
118	23

1 2600:9000:223f:7a00:f:c018:2840:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

links.that.etf-alerts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3034::6815:2fe (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.smrtnonesecure.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.97.212.250 (San Jose, United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: fa.d4.6132.ip4.static.sl-reverse.com

www.clkmg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a06:98c1:3120::7 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.behindthemarkets-btm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.202.21.90 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 90.21.202.35.bc.googleusercontent.com

go.behindthemarkets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
btm-btm-btm.lpages.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.107.203.240 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 240.203.107.34.bc.googleusercontent.com

static.leadpages.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
embed.lpcontent.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.142.1 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 1.142.120.34.bc.googleusercontent.com

www.behind-the-markets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

57 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

js.center.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.192.151.63 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 63.151.192.35.bc.googleusercontent.com

api.leadpages.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.147 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dynamic.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 84.17.46.53 (Amsterdam, Netherlands)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-84-17-46-53.cdn77.com

load.sumo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c01::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::13 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.38.14.212 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-38-14-212.us-west-2.compute.amazonaws.com

sumo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
57	googleusercontent.com lh3.googleusercontent.com — Cisco Umbrella Rank: 69	768 KB
19	sumo.com load.sumo.com — Cisco Umbrella Rank: 10863 sumo.com — Cisco Umbrella Rank: 9710	447 KB
6	leadpages.io api.leadpages.io — Cisco Umbrella Rank: 33440	3 KB
4	criteo.com 1 redirects dynamic.criteo.com — Cisco Umbrella Rank: 4695 gum.criteo.com — Cisco Umbrella Rank: 383 mug.criteo.com — Cisco Umbrella Rank: 2668	7 KB
4	center.io js.center.io — Cisco Umbrella Rank: 38274	15 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 37	20 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 46	3 KB
3	leadpages.net static.leadpages.net — Cisco Umbrella Rank: 36130	107 KB
3	behindthemarkets-btm.com 1 redirects www.behindthemarkets-btm.com	21 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	388 B
2	google.de www.google.de — Cisco Umbrella Rank: 5383	608 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 95	503 B
2	google.com analytics.google.com — Cisco Umbrella Rank: 724 www.google.com — Cisco Umbrella Rank: 4	853 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 138	114 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 71	123 KB
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 632	13 KB
1	lpages.co btm-btm-btm.lpages.co	38 KB
1	gstatic.com fonts.gstatic.com	25 KB
1	lpcontent.net embed.lpcontent.net — Cisco Umbrella Rank: 48333	15 KB
1	behind-the-markets.com www.behind-the-markets.com	18 KB
1	behindthemarkets.com go.behindthemarkets.com	49 KB
1	clkmg.com 1 redirects www.clkmg.com — Cisco Umbrella Rank: 100233	487 B
1	smrtnonesecure.com 1 redirects www.smrtnonesecure.com	753 B
1	etf-alerts.com 1 redirects links.that.etf-alerts.com	1 KB
118	24

	Domain	Requested by
57	lh3.googleusercontent.com	go.behindthemarkets.com btm-btm-btm.lpages.co
14	load.sumo.com	go.behindthemarkets.com load.sumo.com
6	api.leadpages.io	embed.lpcontent.net js.center.io
5	sumo.com	load.sumo.com
4	js.center.io	go.behindthemarkets.com js.center.io btm-btm-btm.lpages.co
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com go.behindthemarkets.com
3	fonts.googleapis.com	go.behindthemarkets.com btm-btm-btm.lpages.co client
3	static.leadpages.net	go.behindthemarkets.com static.leadpages.net btm-btm-btm.lpages.co
3	www.behindthemarkets-btm.com	1 redirects www.googletagmanager.com www.behindthemarkets-btm.com
2	gum.criteo.com	1 redirects static.criteo.net
2	www.facebook.com	go.behindthemarkets.com
2	www.google.de	go.behindthemarkets.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	connect.facebook.net	go.behindthemarkets.com connect.facebook.net
2	www.googletagmanager.com	go.behindthemarkets.com www.googletagmanager.com
1	mug.criteo.com
1	static.criteo.net	dynamic.criteo.com
1	www.google.com	go.behindthemarkets.com
1	analytics.google.com	www.googletagmanager.com
1	dynamic.criteo.com	www.googletagmanager.com
1	btm-btm-btm.lpages.co	embed.lpcontent.net
1	fonts.gstatic.com	fonts.googleapis.com
1	embed.lpcontent.net	go.behindthemarkets.com
1	www.behind-the-markets.com	go.behindthemarkets.com
1	go.behindthemarkets.com
1	www.clkmg.com	1 redirects
1	www.smrtnonesecure.com	1 redirects
1	links.that.etf-alerts.com	1 redirects
118	28

This site contains links to these domains. Also see Links.

Domain
behindthemarkets.com

Subject Issuer	Validity	Valid
go.behindthemarkets.com R3	`2022-04-05` - `2022-07-04`	3 months	crt.sh
static.leadpages.net GTS CA 1D4	`2022-03-05` - `2022-06-03`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
behind-the-markets.com Starfield Secure Certificate Authority - G2	`2022-01-28` - `2023-01-28`	a year	crt.sh
*.googleusercontent.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.center.io Go Daddy Secure Certificate Authority - G2	`2021-11-22` - `2022-12-24`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
embed.lpcontent.net GTS CA 1D4	`2022-02-28` - `2022-05-29`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.lpages.co R3	`2022-02-15` - `2022-05-16`	3 months	crt.sh
*.leadpages.io Go Daddy Secure Certificate Authority - G2	`2021-10-22` - `2022-11-23`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-02-08` - `2023-02-08`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-01-22` - `2022-04-22`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-11` - `2022-07-07`	3 months	crt.sh
*.sumo.com Sectigo RSA Domain Validation Secure Server CA	`2022-04-05` - `2023-04-05`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-11` - `2022-07-13`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=ba766aceb5964166a6e332b579ab4f37&utm_source=82&utm_campaign=&utm_medium=&id=mwoodward421%40gmail.com&iocid=&aff=82
Frame ID: 628D855E8DF038D54C002D4B8A5A36B3
Requests: 106 HTTP requests in this frame

Frame: https://js.center.io/identify.html
Frame ID: 0B2AC595CB57A5645EC47D26B305A2A0
Requests: 1 HTTP requests in this frame

Frame: https://btm-btm-btm.lpages.co/serve-leadbox/FjFUq5PRsDsC6qkECuCTPG/?_ef_transaction_id=ba766aceb5964166a6e332b579ab4f37&aff=82&id=mwoodward421%40gmail.com&iocid=&utm_campaign=&utm_medium=&utm_source=82
Frame ID: 7F10771DCE729FDF2CB4AB0204C821C9
Requests: 6 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=go.behindthemarkets.com&origin=onetag
Frame ID: A83D91FC9EF305E7325D49D96ECE41D4
Requests: 2 HTTP requests in this frame

Frame: https://js.center.io/identify.html
Frame ID: 8D82E1F029112E7CA7E7F46BE9984601
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

World War 5G

Page URL History Show full URLs

https://links.that.etf-alerts.com/u/click?_t=3bd7f30ef73f48d3a68ad6a4e011fcb9&_m=33cac7f4b5614d498b5eea1acb47f... HTTP 303
https://www.smrtnonesecure.com/WMT0111/mwoodward421@gmail.com/etf-alerts.com/B/BTSL8 HTTP 302
https://www.clkmg.com/arz1b1t/WMT0111/mwoodward421@gmail.com/etf-alerts.com/B/BTSL8 HTTP 302
https://www.behindthemarkets-btm.com/4P7M9M/55M6S/?sub1=mwoodward421@gmail.com&sub2=etf-alerts.com&sub3=B&sub4=BT... HTTP 302
https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=ba766aceb5964166a6e332b579ab4f37&utm... Page URL

Detected technologies

Criteo (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

//static\.criteo\.net/js/ld/ld\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

118
Requests

99 %
HTTPS

65 %
IPv6

24
Domains

28
Subdomains

23
IPs

5
Countries

1788 kB
Transfer

4969 kB
Size

20
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://behindthemarkets.com/p/terms
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://behindthemarkets.com/p/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://links.that.etf-alerts.com/u/click?_t=3bd7f30ef73f48d3a68ad6a4e011fcb9&_m=33cac7f4b5614d498b5eea1acb47fba6&_e=7GSXQRNDnKzVBijg7kn3rxNS4JraPaguyD4ZTdxGr5lkAT_k_Hanyw7liukO2btHEW5ANPbnYv3y6MqBAnSlthaURV0g-rF4ck-pNxSIi1b8w5LDhizYEnI1hvf9xb6IDMFiqXFSgeoZMxBXU3nhtUS1igqcIgdlZ1r4KX5FnTWYa_LS8i_CYQ8AS7AUmk3C4zqlNbjwksbSo-qaTd4CIj9e6O7i-3zpieYk-p5Z_S_RNAyPrkh47A9pF0r1lm7t8rzVzU2CN-g9QXlqiMNbiMSg1exC833N-nFTZ9I4hBNnQzZuE2Z-Gqg98Y1OtTXZjU0-yd2Vb8v0DuX5n-Ob3g%3D%3D HTTP 303
https://www.smrtnonesecure.com/WMT0111/mwoodward421@gmail.com/etf-alerts.com/B/BTSL8 HTTP 302
https://www.clkmg.com/arz1b1t/WMT0111/mwoodward421@gmail.com/etf-alerts.com/B/BTSL8 HTTP 302
https://www.behindthemarkets-btm.com/4P7M9M/55M6S/?sub1=mwoodward421@gmail.com&sub2=etf-alerts.com&sub3=B&sub4=BTSL8&sub5= HTTP 302
https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=ba766aceb5964166a6e332b579ab4f37&utm_source=82&utm_campaign=&utm_medium=&id=mwoodward421%40gmail.com&iocid=&aff=82 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 94

https://gum.criteo.com/sid/json?origin=onetag&domain=behindthemarkets.com&sn=ChromeSyncframe&so=0&topUrl=go.behindthemarkets.com&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=W9b5iHw2b2xkQ3ZENElYaG5lUXpHVXRBUTFoeHdtSE5GNGttaWlpdUVZVEJrNkhZNmJ6UDJrRkdQcGJEREkzYUxZTnVsQytkeEVoK2tlaGljK1V6N2daTXRIb1o3N2FuVitTaGNROE1sS0pVSzd0VEQzbGswdFNTWHVEek5FUDI5eHFWeXRXNjFEOXlSeDQ2SmVmMjMxVy9MNHJiOWs1T0Nta3BSUXdlUjhYbWtFY1pUb1FMUnpXNU9SekRSVmkxQ3dGOEs0UDV6SDJpN1ZmbmNvcmJMaWoxSE51WHAvckQ4Y3ZJTi9vcVU1bWh0TTRsYUhPZWsyb25YRVJmQ0RFMDNNNkNnalBVWlNHOWNCRFJVSjk3Wm03eHdLc21tR2JCc2ZSNUpmd0o1MzV5RG9wYz18&cppv=2

118 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
go.behindthemarkets.com/btm-5g-arrow-sandia/
Redirect Chain

https://links.that.etf-alerts.com/u/click?_t=3bd7f30ef73f48d3a68ad6a4e011fcb9&_m=33cac7f4b5614d498b5eea1acb47fba6&_e=7GSXQRNDnKzVBijg7kn3rxNS4JraPaguyD4ZTdxGr5lkAT_k_Hanyw7liukO2btHEW5ANPbnYv3y6MqB...
https://www.smrtnonesecure.com/WMT0111/mwoodward421@gmail.com/etf-alerts.com/B/BTSL8
https://www.clkmg.com/arz1b1t/WMT0111/mwoodward421@gmail.com/etf-alerts.com/B/BTSL8
https://www.behindthemarkets-btm.com/4P7M9M/55M6S/?sub1=mwoodward421@gmail.com&sub2=etf-alerts.com&sub3=B&sub4=BTSL8&sub5=
https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=ba766aceb5964166a6e332b579ab4f37&utm_source=82&utm_campaign=&utm_medium=&id=mwoodward421%40gmail.com&iocid=&aff=82

301 KB
49 KB

634ms
250ms

Document
text/html

35.202.21.90
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=ba766aceb5964166a6e332b579ab4f37&utm_source=82&utm_campaign=&utm_medium=&id=mwoodward421%40gmail.com&iocid=&aff=82

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.202.21.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

90.21.202.35.bc.googleusercontent.com

Software

Leadpages /

Resource Hash

54700d9ee9a1c09e3d345f5ae504039e0b912b2f731b38fce2bf06a9f0c061b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-encoding: br
content-type: text/html
date: Thu, 14 Apr 2022 17:02:38 GMT
etag: W/"e9384630c2f7b074dd2f080bc54299da"
last-modified: Thu, 24 Feb 2022 20:09:14 GMT
server: Leadpages
strict-transport-security: max-age=15768000
vary: Accept-Encoding
x-cache: MISS, HIT

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 6fbe02a1a9bf901e-FRA
content-type: text/html; charset=utf-8
date: Thu, 14 Apr 2022 17:02:38 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=ba766aceb5964166a6e332b579ab4f37&utm_source=82&utm_campaign=&utm_medium=&id=mwoodward421%40gmail.com&iocid=&aff=82
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U2xtFVci44KZ0Xdg1JQtrU%2FmfkOlXIENMWsEqblimq3%2FUHdpc7llJpP0ryIDVcQ%2F33pMaxc40lIlRKmjs84JX5200RQBREiAoqOyFPAQmx%2BnbqADAWU6qpbWewzRmUrJhBe9cXPXrf%2Bwxpppx1uD81eAkyDK4Ht4yUbl"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
via: 1.1 google
x-eflow-request-id: e1d230a5-ff3a-450b-b459-bf31e64814fa

GET
H2 200 all.min.css
static.leadpages.net/fonts/font-awesome/5.14.0/css/ 58 KB
14 KB 82ms
19ms Stylesheet
text/css 34.107.203.240
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=ba766aceb5964166a6e332b579ab4f37&utm_source=82&utm_campaign=&utm_medium=&id=mwoodward421%40gmail.com&iocid=&aff=82
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.203.240 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 240.203.107.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sun, 10 Apr 2022 13:57:48 GMT
content-encoding: gzip
server: Google Frontend
age: 356691
etag: "bDGV3w"
content-type: text/css
access-control-allow-origin: *
x-cloud-trace-context: 94b615fb1b3a4b28aadc33925ea591d8
cache-control: public, max-age=31536000
alt-svc: clear
content-length: 14628
via: 1.1 google
expires: Mon, 10 Apr 2023 13:57:48 GMT

GET
H2 200 css
fonts.googleapis.com/ 6 KB
1 KB 78ms
28ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald:300,400,500,700

Requested by

Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=ba766aceb5964166a6e332b579ab4f37&utm_source=82&utm_campaign=&utm_medium=&id=mwoodward421%40gmail.com&iocid=&aff=82

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1d669802adf1cb3b8210ed01ed9d83e6b43d6fed8fa6716aaba241ccc0669b2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 14 Apr 2022 16:52:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 14 Apr 2022 17:02:39 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 14 Apr 2022 17:02:39 GMT

GET
H2 200 everflow.js Show response
www.behind-the-markets.com/scripts/sdk/ 58 KB
18 KB 198ms
120ms Script
text/javascript 34.120.142.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.behind-the-markets.com/scripts/sdk/everflow.js
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=ba766aceb5964166a6e332b579ab4f37&utm_source=82&utm_campaign=&utm_medium=&id=mwoodward421%40gmail.com&iocid=&aff=82
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.142.1 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 1.142.120.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8f3fe0606a82e44431a7b066692d17ba287c1f2e8e4b3050556807575a1fe33f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:39 GMT
via: 1.1 google
server: nginx
vary: Origin
content-type: text/javascript
content-encoding: gzip
cache-control: max-age=14400
x-eflow-request-id: d8885d37-99dd-4ad1-a286-5dca0236f1e4
alt-svc: clear

GET
H2 200 AQ5VUH0Nj14Mgaeh1JQWi7IerYk_Qp25RCGdYpoSG3G65ryIg9qYk1-B59c270Q4CLJd4bexRVFR7E1Dag4g=s0
lh3.googleusercontent.com/ 45 KB
46 KB 71ms
23ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/AQ5VUH0Nj14Mgaeh1JQWi7IerYk_Qp25RCGdYpoSG3G65ryIg9qYk1-B59c270Q4CLJd4bexRVFR7E1Dag4g=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7bd10dcd45b27f8c416e2963cbec082c8beb2b653a0002d67bf0857b2db95c9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:27 GMT
x-content-type-options: nosniff
age: 10752
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46568
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:35 GMT

GET
H2 200 yOJm_1ADzLe0AP2tlMvRVmjvDvM4wuDBpf_D2GXgbrW1LjjlVfWT2a4bPWUBlmt6Op-h_UYvBregPOnqv7qbkezGchYraY5fqEY=w16
lh3.googleusercontent.com/ 988 B
1 KB 19ms
18ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/yOJm_1ADzLe0AP2tlMvRVmjvDvM4wuDBpf_D2GXgbrW1LjjlVfWT2a4bPWUBlmt6Op-h_UYvBregPOnqv7qbkezGchYraY5fqEY=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ba398c4073f3dde850f04637918764494bad50499536ad1781113c66ec325eae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:04:34 GMT
x-content-type-options: nosniff
age: 10685
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 988
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 04 Apr 2022 18:02:01 GMT

GET
H2 200 vJLWFRfsRIbtTQe5ow6pPnxzogPou4F7w1zGmiCK5FUmc5RgMeDgt4K9Qdu8JhfN-FxJsqTDhYGJWoptSUSjOauZ1fcMgpl4Djw=w16
lh3.googleusercontent.com/ 3 KB
4 KB 20ms
20ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/vJLWFRfsRIbtTQe5ow6pPnxzogPou4F7w1zGmiCK5FUmc5RgMeDgt4K9Qdu8JhfN-FxJsqTDhYGJWoptSUSjOauZ1fcMgpl4Djw=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f962a0a8539cb44fb06a4494ffc65fa38369085603acf1a4b96adb8fb164e0d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:04:34 GMT
x-content-type-options: nosniff
age: 10685
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3560
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 09 Apr 2022 11:57:39 GMT

GET
H2 200 TYG-SIkPivIE5orrrQrIgOtWIrd8L7hXmRVfJmUGMzWvkFEK8SJ843iruoRXWwSOKm9PTjBNWclEGepvwB1m=w16
lh3.googleusercontent.com/ 3 KB
4 KB 24ms
16ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/TYG-SIkPivIE5orrrQrIgOtWIrd8L7hXmRVfJmUGMzWvkFEK8SJ843iruoRXWwSOKm9PTjBNWclEGepvwB1m=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b3fdac93d880353fc983f82b9ed6fa62e54d755e05c1ee51020d98e95e35cb1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:28 GMT
x-content-type-options: nosniff
age: 10751
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3563
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:35 GMT

GET
H2 200 6myFPUmx_vo2b82wPBofB04jE0A4gUoQ-2fFegRtVv--YqAD5NK5VSEJMIzKJHUV2Co96Fzc2zm7SxWs6WS1eXo=w16
lh3.googleusercontent.com/ 371 B
434 B 29ms
19ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/6myFPUmx_vo2b82wPBofB04jE0A4gUoQ-2fFegRtVv--YqAD5NK5VSEJMIzKJHUV2Co96Fzc2zm7SxWs6WS1eXo=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f99dac30c7093e8b1c2689aef392938701193512f32b6a919249821c6ba5a353

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:28 GMT
x-content-type-options: nosniff
age: 10751
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 371
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:35 GMT

GET
H2 200 nY0taz2--WWs6OFQDTSywKwMQ6DSZgLRZyH-x1oSMA81PwJQeNsr4p6WuxhL-TJM7iD7alDVt1larTI6sKUB7Q=w16
lh3.googleusercontent.com/ 4 KB
4 KB 31ms
22ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/nY0taz2--WWs6OFQDTSywKwMQ6DSZgLRZyH-x1oSMA81PwJQeNsr4p6WuxhL-TJM7iD7alDVt1larTI6sKUB7Q=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

96ad5f56a00803d62c47a3d21d9017916e470ab35935361f0f822af42d559d62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:29 GMT
x-content-type-options: nosniff
age: 10750
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3598
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:35 GMT

GET
H2 200 PyuiAcJjDOAwY-Gf3RK4alIBQMlJze68clTwJQuigHj7hqAj4YxOm6ge5P8b7hZVavNgwTkqhzah7RVCamu0W8xKy8k7rQQeGQ=s0
lh3.googleusercontent.com/ 26 KB
26 KB 31ms
22ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/PyuiAcJjDOAwY-Gf3RK4alIBQMlJze68clTwJQuigHj7hqAj4YxOm6ge5P8b7hZVavNgwTkqhzah7RVCamu0W8xKy8k7rQQeGQ=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3cf85ecb4a6becc6460dc3e65472ca30c4ea836366cd3d6bd54e315c6f7c31e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 15:39:50 GMT
x-content-type-options: nosniff
age: 4969
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26391
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 29 Jan 2022 12:53:20 GMT

GET
H2 200 _x-gHJ-aGYkeRc1NWopMbRlCWSQGhtjX4HGUpZu9ytTeHF1njf4pswrGxQpUmFdsYU_G8lUCoNvDBIQmiVlPNcc=w16
lh3.googleusercontent.com/ 4 KB
4 KB 29ms
21ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/_x-gHJ-aGYkeRc1NWopMbRlCWSQGhtjX4HGUpZu9ytTeHF1njf4pswrGxQpUmFdsYU_G8lUCoNvDBIQmiVlPNcc=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

73c42500e4af90ca921ec406fd0cb6af6a43fe78d1eda3de7d655aa215565a60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:29 GMT
x-content-type-options: nosniff
age: 10750
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3594
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:35 GMT

GET
H2 200 e61vc2JIp4aDz2gLNZyUwUYw8MnRuJCZJVA4wAXQU0yyDdI7x5LIulZihIch2VM6h5Lju7t_YUb9m8HyBTr4dg=w16
lh3.googleusercontent.com/ 4 KB
4 KB 60ms
48ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/e61vc2JIp4aDz2gLNZyUwUYw8MnRuJCZJVA4wAXQU0yyDdI7x5LIulZihIch2VM6h5Lju7t_YUb9m8HyBTr4dg=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e17f0091bbce5eb0f3a8b1dd678af32261ad748c55714bb69cafa60c0be90489

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:32 GMT
x-content-type-options: nosniff
age: 10747
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3599
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:36 GMT

GET
H2 200 8Gnfn0msMSt74DBVKaEf6nfEaikytFY4aY6Eyq_CbaVEvIpCTZiWhm4VJ_VcoFkQ3vr5I9nf83QW5yPVwyPkXg=w16
lh3.googleusercontent.com/ 4 KB
4 KB 60ms
49ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/8Gnfn0msMSt74DBVKaEf6nfEaikytFY4aY6Eyq_CbaVEvIpCTZiWhm4VJ_VcoFkQ3vr5I9nf83QW5yPVwyPkXg=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7ddf07e39d31b21a32b5a04ed372affc2622e4cb8faa706f17bb91178c3e2d76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:32 GMT
x-content-type-options: nosniff
age: 10747
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3596
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:36 GMT

GET
H2 200 O7WsSQohc9dtDn5dYay1RhrvymCogFg7Tp8VmR7adUk9M-nHdHIr4NO2oZ0inQ4CUoUVWEl2aUadPa_9F3l28A=w16
lh3.googleusercontent.com/ 4 KB
4 KB 60ms
49ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/O7WsSQohc9dtDn5dYay1RhrvymCogFg7Tp8VmR7adUk9M-nHdHIr4NO2oZ0inQ4CUoUVWEl2aUadPa_9F3l28A=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e99b1332226c6486a8a20ed70dabcb018e623a70cca29e202a48d653a486161c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:32 GMT
x-content-type-options: nosniff
age: 10747
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3599
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:35 GMT

GET
H2 200 fyRqwcDnIibGy3o7IqvRbsTOLREQrtdPL3l3jepDEXw7wgcxDUl36Y1TOwtQmuyPROeiDvqrZRSJnVWd0fRa=w16
lh3.googleusercontent.com/ 1 KB
1 KB 82ms
71ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/fyRqwcDnIibGy3o7IqvRbsTOLREQrtdPL3l3jepDEXw7wgcxDUl36Y1TOwtQmuyPROeiDvqrZRSJnVWd0fRa=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

75a75114a3326f64b66896b4e47f2ebe985c53caab85e17814eaa17ed216005a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:32 GMT
x-content-type-options: nosniff
age: 10747
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1024
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:35 GMT

GET
H2 200 BjDwHsLmymS2nVWzOsmC-qqAJizm0t7WYi__LBNYx8y0X920MgB2Xek0yTPaFj8AOKYwvU3tKRIUkB-st55uXg=s0
lh3.googleusercontent.com/ 43 KB
43 KB 68ms
57ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/BjDwHsLmymS2nVWzOsmC-qqAJizm0t7WYi__LBNYx8y0X920MgB2Xek0yTPaFj8AOKYwvU3tKRIUkB-st55uXg=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

132ff663ec567f9ae205298aaf3d6d16048f20750616d8b3ea174fdc4cb3ff0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:32 GMT
x-content-type-options: nosniff
age: 10747
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43586
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:35 GMT

GET
H2 200 NgXG61t76q3vKpGkhuO3Ty72J8rvFyvSRG47iSXVPrUHCcgJhf55_ACxz5jAWP8vQjPdrFvGjGWjMHIH8SrO=w16
lh3.googleusercontent.com/ 4 KB
4 KB 82ms
72ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/NgXG61t76q3vKpGkhuO3Ty72J8rvFyvSRG47iSXVPrUHCcgJhf55_ACxz5jAWP8vQjPdrFvGjGWjMHIH8SrO=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

72b95405e006370e34ac6d7be5f4b185fe0d1058d43b576136d0ac5eddd88562

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:32 GMT
x-content-type-options: nosniff
age: 10747
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3599
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:36 GMT

GET
H2 200 leiJwM0fehZ7GJnjZ3RF4K1wEYqTavDcCW2UwICye682ACJ-uFPSNLw9SBFSofITFP_b-wXkDSWbpBejDhWWdg=w16
lh3.googleusercontent.com/ 4 KB
4 KB 82ms
71ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/leiJwM0fehZ7GJnjZ3RF4K1wEYqTavDcCW2UwICye682ACJ-uFPSNLw9SBFSofITFP_b-wXkDSWbpBejDhWWdg=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6de05c135e09807c1a50d1e68453a011f56ad6797d38712af1534e9343b89346

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:32 GMT
x-content-type-options: nosniff
age: 10747
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3599
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 04 Apr 2022 18:02:01 GMT

GET
H2 200 tekYqT59tex3u7_KW2vKQ7p1NVn76NHX9FXJrSeD6CrEjhkltn3fw9pXFiNdMqjHzCi39qtXxWSnRS-P_u-u=w16
lh3.googleusercontent.com/ 4 KB
4 KB 80ms
70ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/tekYqT59tex3u7_KW2vKQ7p1NVn76NHX9FXJrSeD6CrEjhkltn3fw9pXFiNdMqjHzCi39qtXxWSnRS-P_u-u=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

fe4a6e0c7220b1a9ce45b621a0e9844db3f75b359050882bcfc3ac2f5bb9ad51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:32 GMT
x-content-type-options: nosniff
age: 10747
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3597
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:35 GMT

GET
H3 200 e3F9X055zl41kZMMX8voWduaoJUNvhyOsAVH9dwhaNY2o0TNuQg5i-ICcJ-oVJEQsnMJB8-zPBDa5YZYhQbOBw=w16
lh3.googleusercontent.com/ 4 KB
4 KB 31ms
24ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/e3F9X055zl41kZMMX8voWduaoJUNvhyOsAVH9dwhaNY2o0TNuQg5i-ICcJ-oVJEQsnMJB8-zPBDa5YZYhQbOBw=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d0a6684633c6ab8da1971668ea1691819ac386ff1fe02a5ce18926028a02b726

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:32 GMT
x-content-type-options: nosniff
age: 10747
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3603
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:36 GMT

GET
H3 200 vtqMDLzgHZOOZVOEr15Ir9n3EzJt5gMaYi4YggOL1nq-WRYMPoHbhAfHOYocHhxXiqgpciYJ_FTJxFnPDmNZKA=w16
lh3.googleusercontent.com/ 4 KB
4 KB 37ms
30ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/vtqMDLzgHZOOZVOEr15Ir9n3EzJt5gMaYi4YggOL1nq-WRYMPoHbhAfHOYocHhxXiqgpciYJ_FTJxFnPDmNZKA=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ca5e8198626ecded4b40a5e264d6fca7d1b4663db1fdd1032b3755aeb5ccd297

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:32 GMT
x-content-type-options: nosniff
age: 10747
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3600
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:35 GMT

GET
H3 200 A9m2vigCxUkRSdPxWFO2fx6wQGn0S6H-5Q5RdxEJ1VFyG6FIcmBBtiLsUMNZsZcMHL36jG5rSUUyH8x2p_k-=w16
lh3.googleusercontent.com/ 4 KB
4 KB 40ms
33ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/A9m2vigCxUkRSdPxWFO2fx6wQGn0S6H-5Q5RdxEJ1VFyG6FIcmBBtiLsUMNZsZcMHL36jG5rSUUyH8x2p_k-=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2e42ee85db205de7ee6b3e254523c734643431764b9bbc87c058e89cf474c5c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:32 GMT
x-content-type-options: nosniff
age: 10747
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3594
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 04 Apr 2022 18:02:01 GMT

GET
H3 200 MJe7EHJPAO6wgcW3Nsb89tFvZI5pFDmomAy4BoMmsivqJwfMU0Zi6GMsouhfIVlIMXtAlKhxm-7A0eMqQhxm1kQ=w16
lh3.googleusercontent.com/ 4 KB
4 KB 31ms
24ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/MJe7EHJPAO6wgcW3Nsb89tFvZI5pFDmomAy4BoMmsivqJwfMU0Zi6GMsouhfIVlIMXtAlKhxm-7A0eMqQhxm1kQ=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2b89ce6bb6c3037d363dcfa4470f124a6647374c3cce4bdaf0bf07ab001b2464

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:33 GMT
x-content-type-options: nosniff
age: 10746
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3597
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:35 GMT

GET
H3 200 9Ics_1K6PKq9CtKSDHVgud5pwA-8sS-RZjhIis1pVaSYEqkYqzRSqvC08IOdg4pI4R6s6R7egJH8J4rzMHTmf20=w16
lh3.googleusercontent.com/ 4 KB
4 KB 36ms
29ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/9Ics_1K6PKq9CtKSDHVgud5pwA-8sS-RZjhIis1pVaSYEqkYqzRSqvC08IOdg4pI4R6s6R7egJH8J4rzMHTmf20=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2c0e68c05ab8a290014b40f848b639d52adb1eeaffebe207124f2174f60f7add

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:33 GMT
x-content-type-options: nosniff
age: 10746
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3597
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 04 Apr 2022 18:02:01 GMT

GET
H3 200 OFff5EAVQQVU2QxAObZB_PDzvjfcrPVXpGvJgTIVUbOgmughp99vBFa9JHg97uL2Kgiwilck3yzyl3a7_KEl2A=w16
lh3.googleusercontent.com/ 3 KB
4 KB 70ms
63ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/OFff5EAVQQVU2QxAObZB_PDzvjfcrPVXpGvJgTIVUbOgmughp99vBFa9JHg97uL2Kgiwilck3yzyl3a7_KEl2A=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

5c3a00eb37ad8e96072e58f6dd7ab2e708ce6406b766d71e207d46ee97aa8512

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:33 GMT
x-content-type-options: nosniff
age: 10746
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3561
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 11 Apr 2022 06:56:21 GMT

GET
H3 200 abQAPI6AZOQHN0aR7dfAOCWgC2ydOCtbriJVzo3PDZIm4pEGHOaPcmTPyeVRHNN7qBxuqlpuAkeU7x3_3pa0HjFAf1yVzGh8lHg=s0
lh3.googleusercontent.com/ 28 KB
28 KB 51ms
44ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/abQAPI6AZOQHN0aR7dfAOCWgC2ydOCtbriJVzo3PDZIm4pEGHOaPcmTPyeVRHNN7qBxuqlpuAkeU7x3_3pa0HjFAf1yVzGh8lHg=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

55f1deb0d20b8ef2b1b728e9c536647f1895355b61bef28abb41eb6dcec41411

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:04:36 GMT
x-content-type-options: nosniff
age: 10683
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28253
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 15 Apr 2022 14:04:36 GMT

GET
H3 200 XtEJ2erPL3329e6piL_frCo-mHblFLj1t6iaRboik1yGovshR1yh3oriE4wTnCZYujRZA0M2WuO2kTzNU9q4GuOLd1IgPk_0Pg=s0
lh3.googleusercontent.com/ 20 KB
20 KB 50ms
43ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/XtEJ2erPL3329e6piL_frCo-mHblFLj1t6iaRboik1yGovshR1yh3oriE4wTnCZYujRZA0M2WuO2kTzNU9q4GuOLd1IgPk_0Pg=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

79e703e37d0c5dbedbfad7f3f3c9607a616174a1ce152ff230895cd2062e1f33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:04:36 GMT
x-content-type-options: nosniff
age: 10683
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20964
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 06 Apr 2022 05:33:02 GMT

GET
H3 200 NvgCQWni5zDRr3EKaDSN9UiHbYNhMqlulG7-NZWNeqftQGIykcW4Ke_wq8PW0QwomH9_suRnI97yY-ltZLyVScocKnLoPdjeC2o=s0
lh3.googleusercontent.com/ 30 KB
30 KB 56ms
49ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/NvgCQWni5zDRr3EKaDSN9UiHbYNhMqlulG7-NZWNeqftQGIykcW4Ke_wq8PW0QwomH9_suRnI97yY-ltZLyVScocKnLoPdjeC2o=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a8eaf699085189552bba8f5057bcf969e3087d39f7830bd20c31a767f47c4dc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:04:36 GMT
x-content-type-options: nosniff
age: 10683
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30776
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 15 Apr 2022 14:04:36 GMT

GET
H3 200 JSGTkDAlJ4brk4ot67-NKL0HtwrkgMOPcSglhblhJKRpE-FePkqJHgYn50dIJfL-OlyQsw4A5iSHLj85EtLRybGPXxLbPu1PaJc=s0
lh3.googleusercontent.com/ 23 KB
23 KB 62ms
55ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/JSGTkDAlJ4brk4ot67-NKL0HtwrkgMOPcSglhblhJKRpE-FePkqJHgYn50dIJfL-OlyQsw4A5iSHLj85EtLRybGPXxLbPu1PaJc=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

592e4d1835429b83456573242ac88bb14dac49923173813eeaa78537bb7620f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:04:36 GMT
x-content-type-options: nosniff
age: 10683
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23305
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 09 Apr 2022 11:57:40 GMT

GET
H3 200 A-nZaVZS7eiJsOYD1iA4s72u_0-KUry9T0MxSfFDW-Y1ZnLFYNOZWPha-9RbbbhCcSkIoUq4zRosq2JCXCN9MjU=s0
lh3.googleusercontent.com/ 11 KB
11 KB 68ms
61ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/A-nZaVZS7eiJsOYD1iA4s72u_0-KUry9T0MxSfFDW-Y1ZnLFYNOZWPha-9RbbbhCcSkIoUq4zRosq2JCXCN9MjU=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

1b54b66edcb0c239350b409ff86ba3195fa5c6455b0251e76d910ba4fc091be1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:36 GMT
x-content-type-options: nosniff
age: 10743
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11370
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:36 GMT

GET
H3 200 4Ucgojd1zcp6yuO2c_wauKtFgWTowULeUMseH4CrMyondFLM9ja5W1n7Ri43PaIsYCO3tZn9ENQN6NixM7FExjc=w16
lh3.googleusercontent.com/ 470 B
495 B 49ms
42ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/4Ucgojd1zcp6yuO2c_wauKtFgWTowULeUMseH4CrMyondFLM9ja5W1n7Ri43PaIsYCO3tZn9ENQN6NixM7FExjc=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6d5dce43acba1416db19f39d22d8db0dd7dd366ff39b15ca5f1752e8d7ec5d7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:36 GMT
x-content-type-options: nosniff
age: 10743
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 470
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:36 GMT

GET
H3 200 2aQfFx7V0PzCB3KbXxSufzBHIvQk3PeN8oFw7f_2QGIaPk5tYEgK4minX5s9PrNyY5YDcK1AlHQ6ofOs3BSgFa8=s0
lh3.googleusercontent.com/ 11 KB
11 KB 83ms
76ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/2aQfFx7V0PzCB3KbXxSufzBHIvQk3PeN8oFw7f_2QGIaPk5tYEgK4minX5s9PrNyY5YDcK1AlHQ6ofOs3BSgFa8=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7d5beae7ebc2c7ce5cb8e194dd48e0229ab6f36e09623713865cceaac4bb4b08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:37 GMT
x-content-type-options: nosniff
age: 10742
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11685
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 27 Mar 2022 11:54:51 GMT

GET
H3 200 PwS1lUC3pTSJsQ9h1n9Odg_T2NC6uOiAnzrk4Vrii1mF8jK-A175kIc7009Hfw1o9PP29SA_GsWGWyshxeEZOg=w16
lh3.googleusercontent.com/ 359 B
384 B 43ms
37ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/PwS1lUC3pTSJsQ9h1n9Odg_T2NC6uOiAnzrk4Vrii1mF8jK-A175kIc7009Hfw1o9PP29SA_GsWGWyshxeEZOg=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

53d57168540bb85fb843de9e649053e8fbf95a30d151b5cc30c7e704b7669a69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:37 GMT
x-content-type-options: nosniff
age: 10742
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 359
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:35 GMT

GET
H3 200 Mo0R9Kck1-TrUbpY-BtG8gsXL3gIjG3i38himnwoP62f_0ju1o6CqN-IjmHobFiAgOdjMMx2riIYuVDsm1fytQ=s0
lh3.googleusercontent.com/ 11 KB
11 KB 69ms
63ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/Mo0R9Kck1-TrUbpY-BtG8gsXL3gIjG3i38himnwoP62f_0ju1o6CqN-IjmHobFiAgOdjMMx2riIYuVDsm1fytQ=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

96fe92f97fc2c54b47fc3a8b6ab7788ea64be5925bfeb8378cf7753b397a2778

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:37 GMT
x-content-type-options: nosniff
age: 10742
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11700
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 27 Mar 2022 11:54:51 GMT

GET
H3 200 FpuR4uiuKkfBQT_GxFHYR0FlEFmf_u-p4VfuisNGkerYP9DGW0pNWiu0IrHp1SH2rbgNn2Tj2lyl5z84_X3fAw=w16
lh3.googleusercontent.com/ 372 B
397 B 43ms
37ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/FpuR4uiuKkfBQT_GxFHYR0FlEFmf_u-p4VfuisNGkerYP9DGW0pNWiu0IrHp1SH2rbgNn2Tj2lyl5z84_X3fAw=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b494764a83e1a3fb8c887deedf8c8a87edf40697e45f21a357fcf61d6a55c5c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:37 GMT
x-content-type-options: nosniff
age: 10742
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 372
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 04 Apr 2022 18:02:01 GMT

GET
H3 200 QPG4qMIXZUmQTcJ4D9xgWlLfOBJ2MKL1OO6jkx6_wpV4dGHyQg02zzKQrMc8l2uus8DJQ1Nf55YsRuyeGfBl0Q=w16
lh3.googleusercontent.com/ 4 KB
4 KB 39ms
32ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/QPG4qMIXZUmQTcJ4D9xgWlLfOBJ2MKL1OO6jkx6_wpV4dGHyQg02zzKQrMc8l2uus8DJQ1Nf55YsRuyeGfBl0Q=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c9944716a10b83ea2b631e2fc091a3f4a289cdf835abcaab5b694065808092f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:37 GMT
x-content-type-options: nosniff
age: 10742
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3595
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 04 Apr 2022 18:02:01 GMT

GET
H3 200 cCFO7yLkSa-ts_arhdZf_aC1sOLc9hLocIvcxiHbbkrrpveLMWcf9C_H_jAEul0gdsfjzRmfW7Gs2vKgBQhr=w16
lh3.googleusercontent.com/ 4 KB
4 KB 39ms
33ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/cCFO7yLkSa-ts_arhdZf_aC1sOLc9hLocIvcxiHbbkrrpveLMWcf9C_H_jAEul0gdsfjzRmfW7Gs2vKgBQhr=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b7893a230766dd48285139bdfe35565e504f0b3b68cfc856da3dc81db307569a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:37 GMT
x-content-type-options: nosniff
age: 10742
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3590
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:36 GMT

GET
H3 200 D7z2zipPmglmhTjJwZwKvXJPE-V5Rq132DXiglIwCYAMGbDn_5Rk3nGdchi8DbhhvgV0Xga_xM0HALbQJTsWJg=w16
lh3.googleusercontent.com/ 4 KB
4 KB 85ms
78ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/D7z2zipPmglmhTjJwZwKvXJPE-V5Rq132DXiglIwCYAMGbDn_5Rk3nGdchi8DbhhvgV0Xga_xM0HALbQJTsWJg=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

36dc7363f42099049f12e0c5c85c0f016832875021ba68c3d2f83045594ffac4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:37 GMT
x-content-type-options: nosniff
age: 10742
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3603
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:35 GMT

GET
H3 200 vVYmxK2XMUedNe4YRIfjrD_s0BT-rQJSlpuzAkX70jh8ZlmIa6UEsXe9uEj01ByAcEU6BBzoArj1ilGlQaIfNU8=w16
lh3.googleusercontent.com/ 989 B
1014 B 83ms
77ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/vVYmxK2XMUedNe4YRIfjrD_s0BT-rQJSlpuzAkX70jh8ZlmIa6UEsXe9uEj01ByAcEU6BBzoArj1ilGlQaIfNU8=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2dcf66df3032042a56e661d5be35ba4f3af5328d29e4698ee8fd0ba4b88cc932

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:28 GMT
x-content-type-options: nosniff
age: 10751
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 989
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:35 GMT

GET
H3 200 j_BOK0pGtIfJaRfyaVlqkJ4pXPlmfovvMhRTqPSiSOzDb7IUlPTD-jr8gbzx59rEn1f9rWVuzi_6mKak7gBIcg=w16
lh3.googleusercontent.com/ 4 KB
4 KB 40ms
34ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/j_BOK0pGtIfJaRfyaVlqkJ4pXPlmfovvMhRTqPSiSOzDb7IUlPTD-jr8gbzx59rEn1f9rWVuzi_6mKak7gBIcg=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

1e843b8b1f0971ce91d1d7e45e35e23dbb6008cdc3a859f9d42e384cf05650fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:04:36 GMT
x-content-type-options: nosniff
age: 10683
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3635
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 09 Apr 2022 11:57:40 GMT

GET
H3 200 XxHiFvI9dKr750--158mq_MUk86yNI22Sy6M-6moaf52Sf1OySQYP206ajfjJ7ZU7xthndzwAl_S3u1d_mlifg=w16
lh3.googleusercontent.com/ 4 KB
4 KB 86ms
80ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/XxHiFvI9dKr750--158mq_MUk86yNI22Sy6M-6moaf52Sf1OySQYP206ajfjJ7ZU7xthndzwAl_S3u1d_mlifg=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8e689d74f8c13a43ef8a9c23c84db00756e7841b4e5e56267ad7216d8509fabe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:04:36 GMT
x-content-type-options: nosniff
age: 10683
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3637
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 15 Apr 2022 14:04:36 GMT

GET
H3 200 ibR-_UQ2KTi-8-dRq9XizRZ_OHJJAIukkqinGXXBY_dw40KzH8mN7u3xcdVpOz3BfgSGHdbu4k51Dcq8NGvdfw=w16
lh3.googleusercontent.com/ 4 KB
4 KB 77ms
71ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ibR-_UQ2KTi-8-dRq9XizRZ_OHJJAIukkqinGXXBY_dw40KzH8mN7u3xcdVpOz3BfgSGHdbu4k51Dcq8NGvdfw=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

9ca8a06fa36760ac11757bf1454f1a8dfd50150e294520a91e6864d29f7fde8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:28 GMT
x-content-type-options: nosniff
age: 10751
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3590
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:35 GMT

GET
H3 200 kl8d1RT9PzBbw8I_a2DAJq5k2hQCCoPa4z_JXEd3ob4F3Y8ZZJnQDHjm-vf1CSpDz8GGu3KjjTGBrXoDDmR-tA=w16
lh3.googleusercontent.com/ 4 KB
4 KB 86ms
79ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/kl8d1RT9PzBbw8I_a2DAJq5k2hQCCoPa4z_JXEd3ob4F3Y8ZZJnQDHjm-vf1CSpDz8GGu3KjjTGBrXoDDmR-tA=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b860877347b5fb701c185e3040e04fecca7506822e712f1a8074554ef513925d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:28 GMT
x-content-type-options: nosniff
age: 10751
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3633
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 04 Apr 2022 18:02:01 GMT

GET
H3 200 KNxVkBE3HuxDJCQRRN0d5xhxT1HvdQWWdDnL6V__s4PKXbWyzHa-vjT3YJ3ffPEhr4BFVPT_jFY-vwJ911Pvgg=s0
lh3.googleusercontent.com/ 40 KB
40 KB 71ms
65ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/KNxVkBE3HuxDJCQRRN0d5xhxT1HvdQWWdDnL6V__s4PKXbWyzHa-vjT3YJ3ffPEhr4BFVPT_jFY-vwJ911Pvgg=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

94052c1920fe8b6b2e791f362c8a4247e50f0abcab5e61225d3f3a2414c73a43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:37 GMT
x-content-type-options: nosniff
age: 10742
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40953
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:36 GMT

GET
H3 200 xcKH-psfmH3qKpC_YGzD-RPgBOp44oRUHeUCTLvbu5SPEQgqSHJe30QmAiO1S89OPrP3HazPzNmXkx08sYax=w16
lh3.googleusercontent.com/ 3 KB
3 KB 79ms
73ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/xcKH-psfmH3qKpC_YGzD-RPgBOp44oRUHeUCTLvbu5SPEQgqSHJe30QmAiO1S89OPrP3HazPzNmXkx08sYax=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3705afa2ba67e76379c851b704bb0db8ed87656a819209c28b63d2321343fcd8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:04:36 GMT
x-content-type-options: nosniff
age: 10683
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3558
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 09 Apr 2022 11:57:40 GMT

GET
H3 200 jFaEUoP8X9vaRZw6RGfJQkvUEoyN77j7jL1a2A3D7fDmi2T1hVfFiosQx1fVTMbE11R78C2crAdZN4U6jb2qpw=w16
lh3.googleusercontent.com/ 609 B
634 B 76ms
70ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/jFaEUoP8X9vaRZw6RGfJQkvUEoyN77j7jL1a2A3D7fDmi2T1hVfFiosQx1fVTMbE11R78C2crAdZN4U6jb2qpw=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

64369b56b87a6a6a37ce6c800d296e77b379c49fff9cb2a556c5f8ad3ccb4b36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:28 GMT
x-content-type-options: nosniff
age: 10751
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 609
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 04 Apr 2022 18:02:01 GMT

GET
H3 200 elbvmbwpfj9i1ySvIdthV664QtJNM-G-UCu-3dvhJWkwIH6Uk9jTHUmHcFymUPuRYw8IJ_5JK7VzfDGUtVIC=w16
lh3.googleusercontent.com/ 3 KB
4 KB 69ms
63ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/elbvmbwpfj9i1ySvIdthV664QtJNM-G-UCu-3dvhJWkwIH6Uk9jTHUmHcFymUPuRYw8IJ_5JK7VzfDGUtVIC=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

fdeca2cfc516555aacf01d48f855898eaddc3467cbb92d8b8e30e91a61a3e409

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:37 GMT
x-content-type-options: nosniff
age: 10742
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3565
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:35 GMT

GET
H3 200 IefkQHAicGwTOCYg6VK3TQ6XWkKQJ_p70pZapTxpg24fxFMlOgigjkKOrxOisX-416NhZm87f4g8VdXFlfSgaQ=w16
lh3.googleusercontent.com/ 4 KB
4 KB 75ms
69ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/IefkQHAicGwTOCYg6VK3TQ6XWkKQJ_p70pZapTxpg24fxFMlOgigjkKOrxOisX-416NhZm87f4g8VdXFlfSgaQ=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

908362cc3d83780a006474ebea417be9ff9e9f92175e4295c990747e211507d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:37 GMT
x-content-type-options: nosniff
age: 10742
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3759
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:36 GMT

GET
H2 200 center.js Show response
js.center.io/ 12 KB
5 KB 136ms
25ms Script
application/javascript 2a00:1450:4001:831::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.center.io/center.js
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=ba766aceb5964166a6e332b579ab4f37&utm_source=82&utm_campaign=&utm_medium=&id=mwoodward421%40gmail.com&iocid=&aff=82
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:01:14 GMT
content-encoding: gzip
server: Google Frontend
age: 85
etag: "OMWYXg"
content-type: application/javascript
x-cloud-trace-context: a02be0496f7642ff04001d73f5940211
cache-control: public, max-age=300
content-length: 5417
expires: Thu, 14 Apr 2022 17:06:14 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 177 KB
57 KB 612ms
44ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

18cd8b680be7d2eac588b3ac96ff459d48d23a4526343cc6c473995d3153af3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:39 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58321
x-xss-protection: 0
last-modified: Thu, 14 Apr 2022 16:15:41 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 14 Apr 2022 17:02:39 GMT

GET
H3 200 hhvF0o8vq1JU8Su47GsC5kYltqwZopzco6fj8KYORAgpWwoAG_g1_T7C48ffpWXbrKQZ4E4DJNDLdCqyljY-=w16
lh3.googleusercontent.com/ 1001 B
1 KB 78ms
74ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/hhvF0o8vq1JU8Su47GsC5kYltqwZopzco6fj8KYORAgpWwoAG_g1_T7C48ffpWXbrKQZ4E4DJNDLdCqyljY-=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

38ce40f41757c9b666dbd3594af6fb2a4910f7521da1d65e697af42e6cdad7d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:37 GMT
x-content-type-options: nosniff
age: 10742
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1001
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 04 Apr 2022 18:02:01 GMT

GET
H3 200 uHBZZEw-Dy6jrRw8PLd2KK4ileLESptFfgRyi_eWfQSJO7O5awMFsWXdZDXBbzJFjnIdD_-KtmJytRYsFDXCc5Q=w16
lh3.googleusercontent.com/ 992 B
1017 B 79ms
74ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/uHBZZEw-Dy6jrRw8PLd2KK4ileLESptFfgRyi_eWfQSJO7O5awMFsWXdZDXBbzJFjnIdD_-KtmJytRYsFDXCc5Q=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

cdf6aa48e94cc037d933692c5de29571fe81e66b73a9cc57f82614dcd25806a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:37 GMT
x-content-type-options: nosniff
age: 10742
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 992
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 24 Mar 2022 10:05:36 GMT

GET
H3 200 HDRZ7c0fpyrR3bPB7JuIhUELHJefeLGMFgyW2C8gvyJbxP-7kNCkwm_t9dj6walSbl6mVxQG-Rl7AnG6oM2e=w16
lh3.googleusercontent.com/ 1003 B
1 KB 77ms
72ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/HDRZ7c0fpyrR3bPB7JuIhUELHJefeLGMFgyW2C8gvyJbxP-7kNCkwm_t9dj6walSbl6mVxQG-Rl7AnG6oM2e=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c99e1eaa85d260995d9712261a68944fbf1501210fc0b72fd69286218c58a39e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:37 GMT
x-content-type-options: nosniff
age: 10742
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1003
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 04 Apr 2022 18:02:01 GMT

GET
H3 200 69sR3zl7OQXHha5zISOT9Qs_uPsC2eWA24Uz9jHOlC0EQ7m2eXpdFA16yOsiJi4VUouyBI5hnOAkNv6I336wk0ZjxlYKzsv0AQ=w16
lh3.googleusercontent.com/ 402 B
429 B 127ms
122ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/69sR3zl7OQXHha5zISOT9Qs_uPsC2eWA24Uz9jHOlC0EQ7m2eXpdFA16yOsiJi4VUouyBI5hnOAkNv6I336wk0ZjxlYKzsv0AQ=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

4ebd979a9f0a79ff0d1526188ba0b95a5d36751f01fd16d1082779f2d11321b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:39 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 402
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 01 Apr 2022 11:40:12 GMT

GET
H3 200 ywepIvZWgcttUdC8IQpQqjtwTb4Xsin1ylNVOVfr8PFIslp83xYxlJQ0wu9l2xNq8m9ls_9oP4IbdNABkeG4_hltjwBeDAZ2vlU=s0
lh3.googleusercontent.com/ 22 KB
22 KB 125ms
120ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ywepIvZWgcttUdC8IQpQqjtwTb4Xsin1ylNVOVfr8PFIslp83xYxlJQ0wu9l2xNq8m9ls_9oP4IbdNABkeG4_hltjwBeDAZ2vlU=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

dff5c7a61358f77654f6f3c48ba16e33a4315bb57389075f380c408b250c73b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:39 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22076
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 01 Apr 2022 11:40:12 GMT

GET
H3 200 e-cxxgIJnJYF5UUFPHCqxuUprD6vZN1q1-4dG1G2n84yArjC-kQnnCHfiQhmXAF0pI4Gfbo_kDBAVyYgMk06qvdi5MWrFIiwwF8=w16
lh3.googleusercontent.com/ 402 B
429 B 127ms
123ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/e-cxxgIJnJYF5UUFPHCqxuUprD6vZN1q1-4dG1G2n84yArjC-kQnnCHfiQhmXAF0pI4Gfbo_kDBAVyYgMk06qvdi5MWrFIiwwF8=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

4ebd979a9f0a79ff0d1526188ba0b95a5d36751f01fd16d1082779f2d11321b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:39 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 402
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 01 Apr 2022 11:40:12 GMT

GET
H3 200 ZPiXT_syxe3P562Qx0SCYAlvVY6OlKnTOzMWR7E97WpuNu8ec68AMttCQCBOW3d_qtq5wmnwzckoMhSbrpC6nT9LkEXXNfxEx3I=s0
lh3.googleusercontent.com/ 39 KB
39 KB 121ms
117ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ZPiXT_syxe3P562Qx0SCYAlvVY6OlKnTOzMWR7E97WpuNu8ec68AMttCQCBOW3d_qtq5wmnwzckoMhSbrpC6nT9LkEXXNfxEx3I=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

12ad026eace6494ff61e221807c55802f6c7384c69f79439ff9765c3a3420abc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:39 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39437
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 01 Apr 2022 11:40:12 GMT

GET
H2 200 embed.js Show response
embed.lpcontent.net/leadboxes/current/ 42 KB
15 KB 108ms
20ms Script
application/javascript 34.107.203.240
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://embed.lpcontent.net/leadboxes/current/embed.js
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=ba766aceb5964166a6e332b579ab4f37&utm_source=82&utm_campaign=&utm_medium=&id=mwoodward421%40gmail.com&iocid=&aff=82
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.203.240 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 240.203.107.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 5590f038f87169772f0bb512d942481838ac73230926fb92c4ff8db9a19b2296

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:00:22 GMT
content-encoding: gzip
server: Google Frontend
age: 137
etag: "bDGV3w"
content-type: application/javascript
access-control-allow-origin: *
x-cloud-trace-context: a75115b85cd395386add2cdfccb364fa
cache-control: public, max-age=300
alt-svc: clear
content-length: 14811
via: 1.1 google
expires: Thu, 14 Apr 2022 17:05:22 GMT

GET
H3 200 iS2ge-KgqHQ8_ZvAsS2DQpcNU1Izc--5dzCcuRMuTrmH0FPjtF8clVexp-l-2L5laaJqcoBCHSl8l3e7zYGKEQ=s16
lh3.googleusercontent.com/ 406 B
431 B 73ms
69ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/iS2ge-KgqHQ8_ZvAsS2DQpcNU1Izc--5dzCcuRMuTrmH0FPjtF8clVexp-l-2L5laaJqcoBCHSl8l3e7zYGKEQ=s16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

48e6569cf06d8b950da3926d80fe1528f7ebaf32cd060d43ee3d79a722cb5387

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:31 GMT
x-content-type-options: nosniff
age: 10748
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 406
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 04 Apr 2022 18:02:01 GMT

GET
H2 200 TK3iWkUHHAIjg752GT8G.woff2
fonts.gstatic.com/s/oswald/v47/ 25 KB
25 KB 585ms
20ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v47/TK3iWkUHHAIjg752GT8G.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oswald:300,400,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63e0f1d4d244fa557ae96c648168b0620a4f5ad3dbb653fc979a1b3ea0000699

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 23:30:17 GMT
x-content-type-options: nosniff
age: 581542
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25384
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 18:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 07 Apr 2023 23:30:17 GMT

GET
H2 200 fa-solid-900.woff2
static.leadpages.net/fonts/font-awesome/5.14.0/webfonts/ 78 KB
79 KB 59ms
21ms Font
font/woff2 34.107.203.240
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.leadpages.net/fonts/font-awesome/5.14.0/webfonts/fa-solid-900.woff2
Requested by: Host: static.leadpages.net
URL: https://static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.203.240 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 240.203.107.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: cfe3b7382e477059da11be2099914b94f0e2a4f08240c60542c376957b8d9658

Request headers

Referer: https://static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css
Origin: https://go.behindthemarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 20:22:49 GMT
via: 1.1 google
server: Google Frontend
age: 2407190
etag: "uPB0kA"
content-type: font/woff2
access-control-allow-origin: *
x-cloud-trace-context: a37a3484c24aa693beff6d1343fc6f89
cache-control: public, max-age=31536000
alt-svc: clear
content-length: 80148
expires: Fri, 17 Mar 2023 20:22:49 GMT

GET
H3 200 yOJm_1ADzLe0AP2tlMvRVmjvDvM4wuDBpf_D2GXgbrW1LjjlVfWT2a4bPWUBlmt6Op-h_UYvBregPOnqv7qbkezGchYraY5fqEY=w470
lh3.googleusercontent.com/ 123 KB
123 KB 28ms
27ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/yOJm_1ADzLe0AP2tlMvRVmjvDvM4wuDBpf_D2GXgbrW1LjjlVfWT2a4bPWUBlmt6Op-h_UYvBregPOnqv7qbkezGchYraY5fqEY=w470

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d6c652b770391aba1eb4c71ad06b1b858ee1f8d13152aef29cab9cd2f4e3c2b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 15:24:40 GMT
x-content-type-options: nosniff
age: 5879
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126204
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 15 Apr 2022 15:24:40 GMT

GET
H3 200 vJLWFRfsRIbtTQe5ow6pPnxzogPou4F7w1zGmiCK5FUmc5RgMeDgt4K9Qdu8JhfN-FxJsqTDhYGJWoptSUSjOauZ1fcMgpl4Djw=w696
lh3.googleusercontent.com/ 44 KB
44 KB 270ms
269ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/vJLWFRfsRIbtTQe5ow6pPnxzogPou4F7w1zGmiCK5FUmc5RgMeDgt4K9Qdu8JhfN-FxJsqTDhYGJWoptSUSjOauZ1fcMgpl4Djw=w696

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

255f497324a8823e617af3b9135771124c5a124b3d2d77ddae68e9b6a780d049

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:39 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44913
x-xss-protection: 0
expires: Fri, 15 Apr 2022 17:02:39 GMT

GET
H3 200 iS2ge-KgqHQ8_ZvAsS2DQpcNU1Izc--5dzCcuRMuTrmH0FPjtF8clVexp-l-2L5laaJqcoBCHSl8l3e7zYGKEQ=w1600
lh3.googleusercontent.com/ 149 KB
149 KB 510ms
509ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/iS2ge-KgqHQ8_ZvAsS2DQpcNU1Izc--5dzCcuRMuTrmH0FPjtF8clVexp-l-2L5laaJqcoBCHSl8l3e7zYGKEQ=w1600

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7b93501d3965ccc6d249f71312e04eebbab373bf305e1af92c2c668dd6eb3bdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:40 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 152335
x-xss-protection: 0
expires: Fri, 15 Apr 2022 17:02:40 GMT

GET
H2 200 identify.html Show response
js.center.io/ Frame 0B2A 4 KB
2 KB 29ms
29ms Document
text/html 2a00:1450:4001:831::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.center.io/identify.html
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 0efa1e4687032588dae8d6d3a00a92e504a3a14b9d1bb23c19670a47c9792110

Request headers

Referer: https://go.behindthemarkets.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 150
cache-control: public, max-age=300
content-encoding: gzip
content-length: 2016
content-type: text/html
date: Thu, 14 Apr 2022 17:00:09 GMT
etag: "OMWYXg"
expires: Thu, 14 Apr 2022 17:05:09 GMT
server: Google Frontend
x-cloud-trace-context: ea0402cea96d6c31d22654d97a70b1f6

GET
H2 200 / Show response
btm-btm-btm.lpages.co/serve-leadbox/FjFUq5PRsDsC6qkECuCTPG/ Frame 7F10 173 KB
38 KB 561ms
245ms Document
text/html 35.202.21.90
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://btm-btm-btm.lpages.co/serve-leadbox/FjFUq5PRsDsC6qkECuCTPG/?_ef_transaction_id=ba766aceb5964166a6e332b579ab4f37&aff=82&id=mwoodward421%40gmail.com&iocid=&utm_campaign=&utm_medium=&utm_source=82

Requested by

Host: embed.lpcontent.net
URL: https://embed.lpcontent.net/leadboxes/current/embed.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.202.21.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

90.21.202.35.bc.googleusercontent.com

Software

Leadpages /

Resource Hash

71a5816340231851f4659bf5812a7f16a27f08912668864b9b69f6167f749c65

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://go.behindthemarkets.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-encoding: br
content-type: text/html
date: Thu, 14 Apr 2022 17:02:40 GMT
etag: W/"3b8e6caf9a05092bd8a03f1d8f4ea743"
last-modified: Fri, 01 Apr 2022 00:06:44 GMT
server: Leadpages
strict-transport-security: max-age=15768000
vary: Accept-Encoding
x-cache: MISS, HIT

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/observations/ 35 B
448 B 510ms
128ms XHR
image/gif 35.192.151.63
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=sQaW2eaTqEsLo64apHTVQL&kind=timer,counter,text&label=lb_embed_embed_script_load,lb_embed_exit-intent_tigger_queue,lb_embed_leadbox_embedded&value=226.9000015258789,1,FjFUq5PRsDsC6qkECuCTPG
Requested by: Host: embed.lpcontent.net
URL: https://embed.lpcontent.net/leadboxes/current/embed.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Thu, 14 Apr 2022 17:02:40 GMT
Server: Stargate
Transfer-Encoding: chunked
X-Forwarded-For: 217.114.215.132
Content-Type: image/gif
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
access-control-max-age: 600
Connection: keep-alive
x-request-id: 00r2cokkvfgcmgpj6l40

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/events/ 35 B
686 B 480ms
130ms XHR
image/gif 35.192.151.63
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/events/capture?k=view&a=leadpage&l=hZGr8CiB4GvxgUHU6eUyhA&v=&e=&st=&lc=en-US&pid=bb4wMKcXKB896PwqF4vMVT-default-prop&uid=x3UhDA4YqtFfKBvoQSGVa7&sid=pBHpvhAP7BrzhTcvGWN7Ja&cid=lp-hZGr8CiB4GvxgUHU6eUyhA&uri=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-5g-arrow-sandia%2F%3F_ef_transaction_id%3Dba766aceb5964166a6e332b579ab4f37%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Dmwoodward421%2540gmail.com%26iocid%3D%26aff%3D82&rf=&rx=1600&ry=1200&tz=%2B00%3A00
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Thu, 14 Apr 2022 17:02:40 GMT
Server: Stargate
Transfer-Encoding: chunked
X-Forwarded-For: 217.114.215.132
Content-Type: image/gif
access-control-allow-origin: https://go.behindthemarkets.com
access-control-max-age: 600
access-control-allow-credentials: true
Connection: keep-alive
x-request-id: 00r2537nnhndfq66ckng
access-control-expose-headers: LP-Security-Token

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 180 KB
66 KB 66ms
40ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4a15c711d1a44a22b910a61d75826e7e3515d4abb0241324c12c42848326bc25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:40 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67368
x-xss-protection: 0
expires: Thu, 14 Apr 2022 17:02:40 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 70ms
21ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 2729
date: Thu, 14 Apr 2022 16:17:11 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 14 Apr 2022 18:17:11 GMT

GET
H3 200 everflow.js Show response
www.behindthemarkets-btm.com/scripts/sdk/ 58 KB
19 KB 65ms
38ms Script
text/javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.behindthemarkets-btm.com/scripts/sdk/everflow.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f5bd189979d955106dcb369a6b77e4b7b57dfa2fa177bad6a0558fce4f00cf9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:40 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5413
cf-ray: 6fbe02ad2b929bac-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 14 Apr 2022 15:32:27 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T12Wk05SXsfM0DdFl8gS60OZ3TODTK01%2BrWcA9obILu%2FKEJCYSsuMYuNySQOkwWif7ZPCWpzsaJuy4ZT6qxGaGXndwdE6XFzkCJqDde1%2FPNLwUcJ7ir%2BDIkGOjEzi8A3E0tZmP1EnU9vCfCOZpraEFm8yHupMf8VIhR0"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
x-eflow-request-id: eb9ff7ab-bf62-4176-8bb0-1225e6baa694

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 60ms
20ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26311
x-xss-protection: 0
pragma: public
x-fb-debug: qmZIl44SCZ1D1CMgYhXSQ+VNEDlFqT35OzcEsLuEJM97m7D5xssPuyFa86i7duAcwZNm+/xwfqsenPL+vff/EA==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Thu, 14 Apr 2022 17:02:40 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ld.js Show response
dynamic.criteo.com/js/ld/ 523 B
644 B 222ms
27ms Script
application/javascript 178.250.0.147
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://dynamic.criteo.com/js/ld/ld.js?a=93258

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.147 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

878ae62b8a42d7ac04f49be49345a3df4dd03938d6cebb5961cc1ac23c967cb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:39 GMT
content-encoding: br
server: Kestrel
vary: Origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public,max-age=10800
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H2 200 / Show response
load.sumo.com/ 2 KB
2 KB 92ms
25ms Script
text/javascript 84.17.46.53
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=ba766aceb5964166a6e332b579ab4f37&utm_source=82&utm_campaign=&utm_medium=&id=mwoodward421%40gmail.com&iocid=&aff=82
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-84-17-46-53.cdn77.com
Software: BunnyCDN-AMS1-879 /
Resource Hash: 75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:40 GMT
content-encoding: br
cdn-edgestorageid: 459
x-amz-request-id: 71WYV26C47R06WZS
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 04/10/2022 02:10:48
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: zLRF2E/7czV722NdLw15HOtrEntcFjzO51hK58DlZRrxFus8uYCeYuLM1HJ+Bs5ZeDDGaVj5fKY=
server: BunnyCDN-AMS1-879
access-control-allow-origin: *
last-modified: Fri, 25 Mar 2022 15:23:03 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"415c9608bc47ee8a16b3a2f2c0aee7b0"
vary: Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=600
cdn-requestid: 433c71bd74b139d07de4c7bcb47f43bc
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 3070500746422546 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 181ms
160ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/3070500746422546?v=2.9.57&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

817122a72f27d68da5af46cd6e79d8975b1127203ec2a0843582c5b50905d714

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: +VaaRanHdrIH1cicdTujbEF39UTQ9zv7xlN1je9k7TEijoP9AyKp66PhnWp47HUJwX8ECezrtYf5O0ss336UBQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 14 Apr 2022 17:02:40 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 51ms
24ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=494574740&t=pageview&_s=1&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-5g-arrow-sandia%2F%3F_ef_transaction_id%3Dba766aceb5964166a6e332b579ab4f37%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Dmwoodward421%2540gmail.com%26iocid%3D%26aff%3D82&ul=en-us&de=UTF-8&dt=World%20War%205G&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=202753999&gjid=729608564&cid=792281362.1649955760&tid=UA-102395123-1&_gid=2018084736.1649955760&_r=1&gtm=2wg460WNRH3TX&cd1=82&cd2=ba766aceb5964166a6e332b579ab4f37&cd3=false&cd4=false&cd5=false&cd6=false&cd7=false&z=1372014631

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.behindthemarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 14 Apr 2022 17:02:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 41ms
17ms Image
image/gif 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=494574740&t=pageview&_s=1&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-5g-arrow-sandia%2F%3F_ef_transaction_id%3Dba766aceb5964166a6e332b579ab4f37%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Dmwoodward421%2540gmail.com%26iocid%3D%26aff%3D82&ul=en-us&de=UTF-8&dt=World%20War%205G&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAEABAAAAAC~&jid=&gjid=&cid=792281362.1649955760&tid=UA-102395123-1&_gid=2018084736.1649955760&gtm=2wg460WNRH3TX&cd1=82&cd2=ba766aceb5964166a6e332b579ab4f37&cd3=false&cd4=false&cd5=false&cd6=false&cd7=false&z=2130446342

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Apr 2022 14:02:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 10833
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
352 B 70ms
25ms Ping
text/plain 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-8R6YNFMJ23&gtm=2oe460&_p=494574740&_z=ccd.NLB&_gaz=1&cid=792281362.1649955760&ul=en-us&sr=1600x1200&_s=1&sid=1649955760&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-5g-arrow-sandia%2F%3F_ef_transaction_id%3Dba766aceb5964166a6e332b579ab4f37%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Dmwoodward421%2540gmail.com%26iocid%3D%26aff%3D82&dt=World%20War%205G&uid=false&en=page_view&_fv=1&_ss=1&ep.debug_mode=true&up.customer_id=false&up.customer_total_orders=false&up.customer_all_ordersvalue=false&up.customer_email_hash=false&up.affiliate_id=82&up.login_status=false
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Apr 2022 17:02:40 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
56 B 76ms
25ms Ping
text/plain 2a00:1450:400c:c01::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-8R6YNFMJ23&cid=792281362.1649955760&gtm=2oe460&aip=1&uid=false
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c01::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Apr 2022 17:02:40 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 86ms
43ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8R6YNFMJ23&cid=792281362.1649955760&gtm=2oe460&aip=1&uid=false&z=1961315168

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Apr 2022 17:02:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 72.0a035390359aab65eb82.js Show response
load.sumo.com/ 131 KB
44 KB 95ms
94ms Script
text/javascript 84.17.46.53
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/72.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-84-17-46-53.cdn77.com
Software: BunnyCDN-AMS1-879 /
Resource Hash: 73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:40 GMT
content-encoding: br
cdn-edgestorageid: 549
x-amz-request-id: 0XPNF8DMEJ6W2XCT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 02/08/2022 16:56:04
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: fRyRZPznrdNCv6h7ET6s4hxYavl5uQTCIw4k+SNx+rjjWJ+d+NyHOuNYYlwtWDhVTfTilutE/G8=
server: BunnyCDN-AMS1-879
access-control-allow-origin: *
last-modified: Mon, 10 Jan 2022 18:22:32 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"a1c4ecc2ca5bc12d61068cd427f9729f"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 975587a837a72611bb07f1ce0fd5e21e
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 73.0a035390359aab65eb82.js Show response
load.sumo.com/ 289 KB
100 KB 24ms
24ms Script
text/javascript 84.17.46.53
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/73.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-84-17-46-53.cdn77.com
Software: BunnyCDN-AMS1-879 /
Resource Hash: f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:40 GMT
content-encoding: br
cdn-edgestorageid: 883
x-amz-request-id: 9N84X4YRM21X08T5
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 03/10/2022 13:34:18
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: oBS1PkrTXAnH8s3caBjTTV5L90IZsuK5pg1OeS7uUquH6t3b+uNjsnqRi1r23MOIUSMtIk0jATI=
server: BunnyCDN-AMS1-879
access-control-allow-origin: *
last-modified: Mon, 10 Jan 2022 18:22:33 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"ad6f2454f01de902ffd473d51c1207bf"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 067749e7bb42315328afa679e94e3ddc
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
447 B 46ms
24ms XHR
text/plain 2a00:1450:400c:c01::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-102395123-1&cid=792281362.1649955760&jid=202753999&gjid=729608564&_gid=2018084736.1649955760&_u=YEBAAEAAAAAAAC~&z=1148668102

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c01::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.behindthemarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 14 Apr 2022 17:02:40 GMT
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 172ms
42ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-102395123-1&cid=792281362.1649955760&jid=202753999&_u=YEBAAEAAAAAAAC~&z=71795159

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Apr 2022 17:02:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 44ms
44ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-102395123-1&cid=792281362.1649955760&jid=202753999&_u=YEBAAEAAAAAAAC~&z=71795159

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Apr 2022 17:02:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ld.js Show response
static.criteo.net/js/ld/ 40 KB
13 KB 140ms
34ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/ld.js

Requested by

Host: dynamic.criteo.com
URL: https://dynamic.criteo.com/js/ld/ld.js?a=93258

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

e17cc900f2c3e8e09d3a2d454c231fccc85c4d1c6164b05c1d5c482a51d21190

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:40 GMT
content-encoding: gzip
last-modified: Wed, 30 Mar 2022 22:51:55 GMT
server: nginx
etag: W/"6244df0b-a0be"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 15 Apr 2022 17:02:40 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 58ms
19ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=3070500746422546&ev=PageView&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-5g-arrow-sandia%2F%3F_ef_transaction_id%3Dba766aceb5964166a6e332b579ab4f37%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Dmwoodward421%2540gmail.com%26iocid%3D%26aff%3D82&rl=&if=false&ts=1649955760540&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.1.1649955760539.1403132793&it=1649955760224&coo=false&exp=p1&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:40 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Thu, 14 Apr 2022 17:02:40 GMT

GET
H2 200 all.min.css
static.leadpages.net/fonts/font-awesome/5.14.0/css/ Frame 7F10 58 KB
14 KB 18ms
17ms Stylesheet
text/css 34.107.203.240
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css
Requested by: Host: btm-btm-btm.lpages.co
URL: https://btm-btm-btm.lpages.co/serve-leadbox/FjFUq5PRsDsC6qkECuCTPG/?_ef_transaction_id=ba766aceb5964166a6e332b579ab4f37&aff=82&id=mwoodward421%40gmail.com&iocid=&utm_campaign=&utm_medium=&utm_source=82
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.203.240 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 240.203.107.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sun, 10 Apr 2022 13:57:48 GMT
content-encoding: gzip
server: Google Frontend
age: 356692
etag: "bDGV3w"
content-type: text/css
access-control-allow-origin: *
x-cloud-trace-context: 94b615fb1b3a4b28aadc33925ea591d8
cache-control: public, max-age=31536000
alt-svc: clear
content-length: 14628
via: 1.1 google
expires: Mon, 10 Apr 2023 13:57:48 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 7F10 10 KB
752 B 55ms
27ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,500,700

Requested by

Host: btm-btm-btm.lpages.co
URL: https://btm-btm-btm.lpages.co/serve-leadbox/FjFUq5PRsDsC6qkECuCTPG/?_ef_transaction_id=ba766aceb5964166a6e332b579ab4f37&aff=82&id=mwoodward421%40gmail.com&iocid=&utm_campaign=&utm_medium=&utm_source=82

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7a6f1b0ec5b4496dd25750d34190630825040571c4056b094acde5987f01dbb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://btm-btm-btm.lpages.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 14 Apr 2022 15:44:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 14 Apr 2022 17:02:40 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 14 Apr 2022 17:02:40 GMT

GET
H3 200 VLgIlRWwyuqrKOm736AjXTjkROiss352Mgs5-M-Ui16nTG9YsmHhynwbjI8-yA2ZV0iHc0AuC-swQE2K7juRgCDf5-ERBRM-rU8E=w16
lh3.googleusercontent.com/ Frame 7F10 305 B
337 B 18ms
18ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/VLgIlRWwyuqrKOm736AjXTjkROiss352Mgs5-M-Ui16nTG9YsmHhynwbjI8-yA2ZV0iHc0AuC-swQE2K7juRgCDf5-ERBRM-rU8E=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d56ad0781875c34060e15e238f8f8cb621c132675a63e3b90ffe23a2918e4639

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://btm-btm-btm.lpages.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:03:41 GMT
x-content-type-options: nosniff
age: 10739
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 305
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 01 Apr 2022 11:40:13 GMT

GET
H3 200 click Show response
www.behindthemarkets-btm.com/sdk/ 85 B
866 B 154ms
154ms Fetch
application/json 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.behindthemarkets-btm.com/sdk/click?effp=0b69cb7a29a0eb3437d82f41fc7c1688&_ef_transaction_id=ba766aceb5964166a6e332b579ab4f37&oid=&affid=82&__cc=&async=json
Requested by: Host: www.behindthemarkets-btm.com
URL: https://www.behindthemarkets-btm.com/scripts/sdk/everflow.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb8cf8fdc6a1bda51075ce4c25fc209881cfc591bcdaa5ad138694804f24f890

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:40 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-eflow-request-id: e2267985-e424-48a8-a0de-3d88158a9ffc
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gpkkZmugRBDfWP1dBum6P7LO3eEgSqFsS8Vg%2Fph50go7QL3qjxk%2F1hKb%2FJ4N3NGz%2FQBbpUyeQ8DH1t4TNpFaQn65sEODm%2FsImiSuhUJdRPk5hMTXuc82EbD%2BdEGeEBTWXZCgzTksegLif5SjTB5qJQ%2BQeDVYNjtIW%2Frl"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
content-encoding: br
access-control-allow-credentials: true
cf-ray: 6fbe02af88a09bac-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame A83D 13 KB
5 KB 109ms
37ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=go.behindthemarkets.com&origin=onetag

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/ld.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

08f727d493d0590199568403e67b29c88db5b674e90532f49d013e6e233224fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://go.behindthemarkets.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-length: 5134
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 14 Apr 2022 17:02:40 GMT
server-processing-duration-in-ticks: 1959
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 center.js Show response
js.center.io/ Frame 7F10 12 KB
5 KB 28ms
27ms Script
application/javascript 2a00:1450:4001:831::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.center.io/center.js
Requested by: Host: btm-btm-btm.lpages.co
URL: https://btm-btm-btm.lpages.co/serve-leadbox/FjFUq5PRsDsC6qkECuCTPG/?_ef_transaction_id=ba766aceb5964166a6e332b579ab4f37&aff=82&id=mwoodward421%40gmail.com&iocid=&utm_campaign=&utm_medium=&utm_source=82
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://btm-btm-btm.lpages.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:00:29 GMT
content-encoding: gzip
server: Google Frontend
age: 131
etag: "OMWYXg"
content-type: application/javascript
x-cloud-trace-context: f297826e2e7d953a0837dca0286cbdf8
cache-control: public, max-age=300
content-length: 5417
expires: Thu, 14 Apr 2022 17:05:29 GMT

GET
H2 200 identify.html Show response
js.center.io/ Frame 8D82 4 KB
2 KB 26ms
26ms Document
text/html 2a00:1450:4001:831::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.center.io/identify.html
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 0efa1e4687032588dae8d6d3a00a92e504a3a14b9d1bb23c19670a47c9792110

Request headers

Referer: https://btm-btm-btm.lpages.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 220
cache-control: public, max-age=300
content-encoding: gzip
content-length: 2016
content-type: text/html
date: Thu, 14 Apr 2022 16:59:00 GMT
etag: "OMWYXg"
expires: Thu, 14 Apr 2022 17:04:00 GMT
server: Google Frontend
x-cloud-trace-context: a4e3c0eac391e99d775f63034991e5a5;o=1

GET
H2

200

sid Show response
mug.criteo.com/ Frame A83D
Redirect Chain

https://gum.criteo.com/sid/json?origin=onetag&domain=behindthemarkets.com&sn=ChromeSyncframe&so=0&topUrl=go.behindthemarkets.com&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=W9b5iHw2b2xkQ3ZENElYaG5lUXpHVXRBUTFoeHdtSE5GNGttaWlpdUVZVEJrNkhZNmJ6UDJrRkdQcGJEREkzYUxZTnVsQytkeEVoK2tlaGljK1V6N2daTXRIb1o3N2FuVitTaGNROE1sS0pVSzd0VEQzbGswdFNTWHVEek...

459 B
651 B

81ms
28ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=W9b5iHw2b2xkQ3ZENElYaG5lUXpHVXRBUTFoeHdtSE5GNGttaWlpdUVZVEJrNkhZNmJ6UDJrRkdQcGJEREkzYUxZTnVsQytkeEVoK2tlaGljK1V6N2daTXRIb1o3N2FuVitTaGNROE1sS0pVSzd0VEQzbGswdFNTWHVEek5FUDI5eHFWeXRXNjFEOXlSeDQ2SmVmMjMxVy9MNHJiOWs1T0Nta3BSUXdlUjhYbWtFY1pUb1FMUnpXNU9SekRSVmkxQ3dGOEs0UDV6SDJpN1ZmbmNvcmJMaWoxSE51WHAvckQ4Y3ZJTi9vcVU1bWh0TTRsYUhPZWsyb25YRVJmQ0RFMDNNNkNnalBVWlNHOWNCRFJVSjk3Wm03eHdLc21tR2JCc2ZSNUpmd0o1MzV5RG9wYz18&cppv=2

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

d714d3212f582f4f13d0d636c88d73345e85d1671d69e47a8633f002dfd9bc34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Apr 2022 17:02:40 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 4308
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 14 Apr 2022 17:02:40 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=W9b5iHw2b2xkQ3ZENElYaG5lUXpHVXRBUTFoeHdtSE5GNGttaWlpdUVZVEJrNkhZNmJ6UDJrRkdQcGJEREkzYUxZTnVsQytkeEVoK2tlaGljK1V6N2daTXRIb1o3N2FuVitTaGNROE1sS0pVSzd0VEQzbGswdFNTWHVEek5FUDI5eHFWeXRXNjFEOXlSeDQ2SmVmMjMxVy9MNHJiOWs1T0Nta3BSUXdlUjhYbWtFY1pUb1FMUnpXNU9SekRSVmkxQ3dGOEs0UDV6SDJpN1ZmbmNvcmJMaWoxSE51WHAvckQ4Y3ZJTi9vcVU1bWh0TTRsYUhPZWsyb25YRVJmQ0RFMDNNNkNnalBVWlNHOWNCRFJVSjk3Wm03eHdLc21tR2JCc2ZSNUpmd0o1MzV5RG9wYz18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1810
content-length: 567
expires: 0

POST
H2 200 / Show response
sumo.com/api/load/ 876 B
1 KB 578ms
180ms XHR
application/json 52.38.14.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/load/

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.38.14.212 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-38-14-212.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

9d2e3e5a962cb3a75e08cea4327e73dba87d114aeb6a012b76b19a91aeb96f8e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://go.behindthemarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 14 Apr 2022 17:02:41 GMT
vary: Origin, Accept-Encoding
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 876

GET
H/1.1 200
OK capture
api.leadpages.io/analytics/v1/observations/ 35 B
357 B 124ms
123ms Image
image/gif 35.192.151.63
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?version=1.7.13&origin=page-speed&kind=timer,timer,timer,timer,timer,timer,timer,timer,timer,timer&label=domain-lookup,connect,request,ttfb,response,loading,interactive,content-loaded,complete,load&value=44,340,250,635,135,638,1003,1004,2265,2270
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Thu, 14 Apr 2022 17:02:40 GMT
Server: Stargate
Transfer-Encoding: chunked
X-Forwarded-For: 217.114.215.132
Content-Type: image/gif
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
Connection: keep-alive
x-request-id: 00r2539smvt47e05qr70

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 37ms
17ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=3070500746422546&ev=Microdata&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-5g-arrow-sandia%2F%3F_ef_transaction_id%3Dba766aceb5964166a6e332b579ab4f37%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Dmwoodward421%2540gmail.com%26iocid%3D%26aff%3D82&rl=&if=false&ts=1649955761049&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22World%20War%205G%22%2C%22meta%3Akeywords%22%3A%22%22%2C%22meta%3Adescription%22%3A%22%22%7D&cd[OpenGraph]=%7B%22og%3Atype%22%3A%22website%22%2C%22og%3Atitle%22%3A%22World%20War%205G%22%2C%22og%3Adescription%22%3A%22%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.57&r=stable&ec=1&o=30&fbp=fb.1.1649955760539.1403132793&it=1649955760224&coo=false&es=automatic&tm=3&exp=p1&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:41 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Thu, 14 Apr 2022 17:02:41 GMT

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/observations/ 35 B
448 B 125ms
125ms XHR
image/gif 35.192.151.63
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=sQaW2eaTqEsLo64apHTVQL&kind=timer&label=lb_embed_leadbox_load&value=1079.8999977111816
Requested by: Host: embed.lpcontent.net
URL: https://embed.lpcontent.net/leadboxes/current/embed.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Thu, 14 Apr 2022 17:02:41 GMT
Server: Stargate
Transfer-Encoding: chunked
X-Forwarded-For: 217.114.215.132
Content-Type: image/gif
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
access-control-max-age: 600
Connection: keep-alive
x-request-id: 00r2coq7tc8v19qottvg

OPTIONS
H2 204 services
sumo.com/ Frame 0
0 178ms
177ms Preflight 52.38.14.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sumo.com/services
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.38.14.212 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-38-14-212.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: x-sumo-auth
Access-Control-Request-Method: POST
Origin: https://go.behindthemarkets.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-origin: https://go.behindthemarkets.com
access-control-max-age: 2592000
date: Thu, 14 Apr 2022 17:02:41 GMT
server: nginx

POST
H2 200 services Show response
sumo.com/ 205 B
604 B 183ms
183ms XHR
application/json 52.38.14.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/services

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.38.14.212 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-38-14-212.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

c5265b2a343e05fcaf0cd05b0dd03975c4d83e4168eafea7236a99ee46caf79e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
X-Sumo-Auth: OGcBzy8HOZgwFS8zA2gTTEwd
Referer: https://go.behindthemarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 14 Apr 2022 17:02:41 GMT
vary: Origin, Accept-Encoding
server: nginx
x-frame-options: SAMEORIGIN
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 205

GET
H2 200 7.0a035390359aab65eb82.js Show response
load.sumo.com/ 97 KB
33 KB 27ms
26ms Script
text/javascript 84.17.46.53
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/7.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-84-17-46-53.cdn77.com
Software: BunnyCDN-AMS1-879 /
Resource Hash: c60b93effcbac344d2c30270e0d97323af0f64f43f3ac4d8abd486a875477169

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:41 GMT
content-encoding: br
cdn-edgestorageid: 879
x-amz-request-id: R59R751Y36Y2YGZ2
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2022-04-04 21:19:57
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: nlHQOwcQykynKR98Vzn1jRBmxrw+AUpS19ErRz+dGrQFwLxqkodi/zZdIXSx6EFeseh8wp/Nu9c=
access-control-allow-origin: *
last-modified: Fri, 25 Mar 2022 15:22:41 GMT
server: BunnyCDN-AMS1-879
cdn-requestpullcode: 200
etag: W/"3fa9c18f727d4b42fb894fda90a374e1"
vary: Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 8a2fee0f43712a499e284b38b97bab2a
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 4.0a035390359aab65eb82.js Show response
load.sumo.com/ 5 KB
3 KB 27ms
26ms Script
text/javascript 84.17.46.53
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/4.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-84-17-46-53.cdn77.com
Software: BunnyCDN-AMS1-879 /
Resource Hash: 3f351eef4b0a3ccd70ff9d4239851252a0a6eba79471e530f9deec0b3421d132

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:41 GMT
content-encoding: br
cdn-edgestorageid: 883
x-amz-request-id: 3MXMWWC3SXXPQ4N7
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 03/10/2022 13:34:18
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: SsbbbrHcQpTxaBTnlrGkAJkmCMlnAWmCdB4HuKzp+JrSOyw/PzRRmYEVSQA13HslDaHoaAZPIKY=
server: BunnyCDN-AMS1-879
access-control-allow-origin: *
last-modified: Mon, 10 Jan 2022 18:22:05 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"a39d043b7c7bba70750cf288ee5ef71a"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 9dd72791cc953e574e1228977b385bad
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 2.0a035390359aab65eb82.js Show response
load.sumo.com/ 3 KB
2 KB 28ms
26ms Script
text/javascript 84.17.46.53
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/2.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-84-17-46-53.cdn77.com
Software: BunnyCDN-AMS1-879 /
Resource Hash: 5dc9d61931a73fa03b59af510868b7e89e4523df5a53935212ca8a9b31af0b8d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:41 GMT
content-encoding: br
cdn-edgestorageid: 883
x-amz-request-id: 3MXYGK4VVCRHBWYQ
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 03/10/2022 13:34:18
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: 4+uoCiy/Oc0oxD3aOkvom9QKfHhfSqpQdBQDY/pE+4zg3YwAIyF23zDIohF4Z1aOv3pm19tY5kM=
server: BunnyCDN-AMS1-879
access-control-allow-origin: *
last-modified: Mon, 10 Jan 2022 18:21:48 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"6bfdf1ae8492f107706ac037915be663"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: d6aaa4db141053de4f2aa47d493aa8f5
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 10.0a035390359aab65eb82.js Show response
load.sumo.com/ 11 KB
5 KB 28ms
27ms Script
text/javascript 84.17.46.53
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/10.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-84-17-46-53.cdn77.com
Software: BunnyCDN-AMS1-879 /
Resource Hash: 4b6753aef2f81a4813434523b259d9d19f368ae41cd40162bf0897bc4e334cb9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:41 GMT
content-encoding: br
cdn-edgestorageid: 883
x-amz-request-id: 3MXVTK6MK3X175SW
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 03/10/2022 13:34:18
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: 58/FQpUWYSJvibzPqHC5rbQk2AxMFvvNpMm44k4LSOWyHhiwEAsceVuek9mcf6UypMkCnP4xEJQ=
server: BunnyCDN-AMS1-879
access-control-allow-origin: *
last-modified: Mon, 10 Jan 2022 18:21:34 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"fc263e7087822a0b00ff93677d6df4ea"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 81f32619d1fc5c4a5ed0421cadfc3cac
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 22.0a035390359aab65eb82.js Show response
load.sumo.com/ 92 KB
25 KB 28ms
27ms Script
text/javascript 84.17.46.53
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/22.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-84-17-46-53.cdn77.com
Software: BunnyCDN-AMS1-879 /
Resource Hash: 4c2a0a41bdbc55f5d0f74f367110639cb7fe35122a7a140846d1395d21609a6d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:41 GMT
content-encoding: br
cdn-edgestorageid: 883
x-amz-request-id: 3MXSG5DTZ4T28R3D
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 03/10/2022 13:34:18
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: SVNzSqVw61dbP081yogLQDU90hMK8kFH9HlJMyR5tAiyKOI0W7n1JXZLLybyIuJqjYwIQL+Fi+w=
server: BunnyCDN-AMS1-879
access-control-allow-origin: *
last-modified: Mon, 10 Jan 2022 18:21:50 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"8af82c4c30a069f66de02526c2f332af"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 98231b237032ef5706c6acb0b7ae3b74
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 23.0a035390359aab65eb82.js Show response
load.sumo.com/ 329 KB
94 KB 32ms
31ms Script
text/javascript 84.17.46.53
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/23.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-84-17-46-53.cdn77.com
Software: BunnyCDN-AMS1-879 /
Resource Hash: 36aecd4542cf4c62f3d0b0517e0e560aabd649e4efcfce254a95c5adeb388a5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:41 GMT
content-encoding: br
cdn-edgestorageid: 883
x-amz-request-id: 3MXMZMP86TXKDAFS
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 03/10/2022 13:34:18
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: W7c7Kx+sGvt/zpp9JIB7eEEXLEBbPllJA063NTuQ+l5H/yN5QLF21IIaGTCI9EsMT5IK8QANua8=
server: BunnyCDN-AMS1-879
access-control-allow-origin: *
last-modified: Mon, 10 Jan 2022 18:21:51 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"be0b945be6cafa91f6fd4efdfc8268f8"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 308145df75c56abcd40ccdeb206e773e
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 21.0a035390359aab65eb82.js Show response
load.sumo.com/ 179 KB
51 KB 50ms
49ms Script
text/javascript 84.17.46.53
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/21.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-84-17-46-53.cdn77.com
Software: BunnyCDN-AMS1-879 /
Resource Hash: 967ff48c41053bf7c36f819b71ee6b509bd9971857397d74b41c75acc5bd27ae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:41 GMT
content-encoding: br
cdn-edgestorageid: 879
x-amz-request-id: A4BMB1NEVBDB9YNC
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2022-04-04 21:19:56
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: OA3dmaNc/17nMOUlNEc06l/bwI3h5D5/zu35pphT0mvNQp/XqcR8LI1Xp1xsiWTMHBziJbA/GyA=
access-control-allow-origin: *
last-modified: Fri, 25 Mar 2022 15:22:07 GMT
server: BunnyCDN-AMS1-879
cdn-requestpullcode: 200
etag: W/"beda094dfc3b530efd0d2d83c5a0280c"
vary: Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 3c126a05995c88375e382e9fb9490b9f
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 64.0a035390359aab65eb82.js Show response
load.sumo.com/ 1 KB
1 KB 50ms
49ms Script
text/javascript 84.17.46.53
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/64.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-84-17-46-53.cdn77.com
Software: BunnyCDN-AMS1-879 /
Resource Hash: fe39eced72c33ae4c1b3bdd9843bc853265b9909040d41555faa02f62cb29ef2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:41 GMT
content-encoding: br
cdn-edgestorageid: 879
x-amz-request-id: ME7V9369K6M0HK13
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 04/11/2022 09:58:31
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: N8XYu0vRehUsJlHTn9rG9jtKXnVuWdxMzFCMgBm3IplNMDhiMIOH8U4KpG3O3lJVOoX0wjWeW3w=
server: BunnyCDN-AMS1-879
access-control-allow-origin: *
last-modified: Fri, 25 Mar 2022 15:22:38 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"d200986501135078d1fbd7f480e7bb08"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: d0501c54e5a005acd2fd54ced5066d66
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 0.0a035390359aab65eb82.js Show response
load.sumo.com/ 5 KB
3 KB 28ms
27ms Script
text/javascript 84.17.46.53
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/0.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-84-17-46-53.cdn77.com
Software: BunnyCDN-AMS1-879 /
Resource Hash: dd9c85c873b9b644468988e8165e079b0e747a550ce13fa3f7d0c1839b0fd503

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:41 GMT
content-encoding: br
cdn-edgestorageid: 883
x-amz-request-id: 9N8059Y7FWGQNSKC
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 03/10/2022 13:34:18
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: JcWiXLMaGZ3r5bdOY2Dl8NwGgfpzNEzBYHi7D8NSiX8HJLUfwx5pIGk4mdPnO4Wb73yCs01PQgc=
server: BunnyCDN-AMS1-879
access-control-allow-origin: *
last-modified: Mon, 10 Jan 2022 18:21:33 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"31baf056af3800bbd6e4f9e8b445d052"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: c7bddd9d4f382050d8d52296b087eb16
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 96.0a035390359aab65eb82.js Show response
load.sumo.com/ 1 MB
80 KB 29ms
28ms Script
text/javascript 84.17.46.53
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/96.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-84-17-46-53.cdn77.com
Software: BunnyCDN-AMS1-879 /
Resource Hash: 535f84cffe4a18de721d24bd0f6a46f059068d48daf2327d143e0397431cbb14

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:41 GMT
content-encoding: br
cdn-edgestorageid: 883
x-amz-request-id: 9N8CTSV9P4ZYPHP1
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 03/10/2022 13:34:18
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: yynHPbWMQSjrThWJDpQ+j/JD5LJ4rqazkIxwE8zY4IbeaAqegPVPhHIDgq4CsmjLvMZcxFDte88=
server: BunnyCDN-AMS1-879
access-control-allow-origin: *
last-modified: Mon, 10 Jan 2022 18:22:52 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"f33273f5c8e8dd3d010a11b209891b91"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 9fb57e6f44cf82b796ce30d8913ab18e
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 97.0a035390359aab65eb82.js Show response
load.sumo.com/ 221 B
994 B 30ms
30ms Script
text/javascript 84.17.46.53
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/97.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-84-17-46-53.cdn77.com
Software: BunnyCDN-AMS1-879 /
Resource Hash: 71b3e9761dec1834f8152f030e564ed3ccee88e6f133764557faadbebf869c2d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 17:02:41 GMT
content-encoding: br
cdn-edgestorageid: 879
x-amz-request-id: 1BFFT2SXF5KZ2523
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 03/30/2022 06:58:37
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: DGCBSsGxdNOfqc7Z/DlOzS/6ARBqOPcgj+aA5Y/lS0xUSgIDt3DWypWVV3SrdbGOb8IukqAI8Z4=
server: BunnyCDN-AMS1-879
access-control-allow-origin: *
last-modified: Fri, 25 Mar 2022 15:23:00 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"857476cf6e94c14c223d4481353b4c19"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 8ae69341338bf9073efb95b233738e3c
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 css
fonts.googleapis.com/ 31 KB
1 KB 30ms
30ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:200italic,300italic,400italic,500italic,600italic,700italic,800italic,900italic,200,300,400,500,600,700,800

Requested by

Host: client
URL: about:client

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dc3eefe6b1857505fcff69054bb2c7381a95448d621179e0df280cc3859413c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 14 Apr 2022 15:34:06 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 14 Apr 2022 17:02:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 14 Apr 2022 17:02:41 GMT

GET
H2 200 features Show response
sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/ 3 KB
1 KB 188ms
187ms XHR
application/json 52.38.14.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/features?site_id=7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.38.14.212 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-38-14-212.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

058f76d93a417240888fe7522aca5a1322f3ff8f86ddc950a3c347f0a1ac57da

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://go.behindthemarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
X-Sumo-Auth: OGcBzy8HOZgwFS8zA2gTTEwd

Response headers

date: Thu, 14 Apr 2022 17:02:42 GMT
content-encoding: gzip
vary: Origin, Accept-Encoding
server: nginx
etag: "-362431178"
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow

OPTIONS
H2 204 features
sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/ Frame 0
0 177ms
177ms Preflight 52.38.14.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/features?site_id=7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.38.14.212 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-38-14-212.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: x-sumo-auth
Access-Control-Request-Method: GET
Origin: https://go.behindthemarkets.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-origin: https://go.behindthemarkets.com
access-control-max-age: 2592000
date: Thu, 14 Apr 2022 17:02:42 GMT
server: nginx

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/observations/ 35 B
448 B 124ms
124ms XHR
image/gif 35.192.151.63
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?version=1.8.6&correlateBy=fphNqvbjpNNUYtB7osX8HV&origin=center-js&kind=timer,timer,counter,timer&label=load-center,load-identify,ident-new,send-events&value=271,602.9000015258789,1,480.79999923706055
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Thu, 14 Apr 2022 17:02:44 GMT
Server: Stargate
Transfer-Encoding: chunked
X-Forwarded-For: 217.114.215.132
Content-Type: image/gif
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
access-control-max-age: 600
Connection: keep-alive
x-request-id: 00r2548307f362gkhev0

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/observations/ Frame 7F10 35 B
446 B 191ms
137ms XHR
image/gif 35.192.151.63
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?version=1.8.6&correlateBy=T9KSwpneGuKdE3mmUAU7cR&origin=center-js&kind=timer,timer,counter&label=load-center,load-identify,ident-exists&value=30.699996948242188,35.20000076293945,1
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://btm-btm-btm.lpages.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Thu, 14 Apr 2022 17:02:44 GMT
Server: Stargate
Transfer-Encoding: chunked
X-Forwarded-For: 217.114.215.132
Content-Type: image/gif
access-control-allow-origin: https://btm-btm-btm.lpages.co
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
access-control-max-age: 600
Connection: keep-alive
x-request-id: 00r25492tut9gq84ti60

Verdicts & Comments Add Verdict or Comment

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

20 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.api.leadpages.io/analytics/v1/events/capture	1970-01-20 02:20:42	Name: view.bb4wMKcXKB896PwqF4vMVT-default-prop.hZGr8CiB4GvxgUHU6eUyhA Value: 1649955761000
go.behindthemarkets.com/btm-5g-arrow-sandia	1970-01-20 03:02:27	Name: __smVID Value: ec79fa860bfa23df989c38fec5de3ead8d7da1a0a1a075d212d8867c70b03587
.etf-alerts.com/	1970-01-20 11:04:51	Name: iterableEndUserId Value: mwoodward421%40gmail.com
.etf-alerts.com/	1970-01-20 02:20:42	Name: iterableEmailCampaignId Value: 4077309
.etf-alerts.com/	1970-01-20 02:20:42	Name: iterableTemplateId Value: 5550818
.etf-alerts.com/	1970-01-20 02:20:42	Name: iterableMessageId Value: 33cac7f4b5614d498b5eea1acb47fba6
links.that.etf-alerts.com/	1969-12-31 23:59:59	Name: XSRF-TOKEN Value: e88472d647b3a2cae36c2a562da1710ec3c21568-1649955757043-5ed6ca8a04cdc73d28bf51cf
.clkmg.com/	1970-01-20 11:04:51	Name: vid Value: 729988357
js.center.io/	1978-01-11 21:31:40	Name: centerVisitorId Value: x3UhDA4YqtFfKBvoQSGVa7
.behindthemarkets.com/	1970-01-20 04:28:51	Name: _gcl_au Value: 1.1.334097751.1649955760
.behindthemarkets.com/	1970-01-20 02:20:42	Name: _gid Value: GA1.2.2018084736.1649955760
.behindthemarkets.com/	1970-01-20 02:19:15	Name: _gat_UA-102395123-1 Value: 1
.behindthemarkets.com/	1970-01-20 19:50:27	Name: _ga_8R6YNFMJ23 Value: GS1.1.1649955760.1.0.1649955760.60
.behindthemarkets.com/	1970-01-20 19:50:27	Name: _ga Value: GA1.1.792281362.1649955760
.behindthemarkets.com/	1970-01-20 04:28:51	Name: _fbp Value: fb.1.1649955760539.1403132793
go.behindthemarkets.com/	1970-01-20 03:02:27	Name: ef_tid_c_o_3 Value: ba766aceb5964166a6e332b579ab4f37
go.behindthemarkets.com/	1970-01-20 03:02:27	Name: ef_tid_c_a_2 Value: ba766aceb5964166a6e332b579ab4f37
.criteo.com/	1970-01-20 11:40:51	Name: uid Value: 0a4f6493-9cb0-45dc-b6b7-3ff06b834adb
.behindthemarkets.com/	1970-01-20 11:48:39	Name: cto_bundle Value: hBLo519CZSUyQnpzM3lmS21lY0NVMlEyMm9KSHd6bXB0VElwQjMlMkJ2bVRnc1NsanpRdWhLaU5RJTJGNWNiUWdwVzNoVkN4Z3JVbEVnaUZZcFpqTzRDelBSMzZOdjh6SFJxdTFUUWEwT2toN09OcTh2NzVsVVdYRkFRT2ZhSWdsS29TZktLaEdIM1NERGhRWFpEbSUyRkJuTW9Tc0dnMWxzMjRHdDNyMXJwSnZxekh4ZzJTN2UlMkI0JTNE
go.behindthemarkets.com/	1970-01-20 11:04:51	Name: __smToken Value: OGcBzy8HOZgwFS8zA2gTTEwd

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
api.leadpages.io
btm-btm-btm.lpages.co
connect.facebook.net
dynamic.criteo.com
embed.lpcontent.net
fonts.googleapis.com
fonts.gstatic.com
go.behindthemarkets.com
gum.criteo.com
js.center.io
lh3.googleusercontent.com
links.that.etf-alerts.com
load.sumo.com
mug.criteo.com
static.criteo.net
static.leadpages.net
stats.g.doubleclick.net
sumo.com
www.behind-the-markets.com
www.behindthemarkets-btm.com
www.clkmg.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.smrtnonesecure.com
178.250.0.147
178.250.0.157
2600:9000:223f:7a00:f:c018:2840:93a1
2606:4700:3034::6815:2fe
2a00:1450:4001:810::2004
2a00:1450:4001:810::2008
2a00:1450:4001:812::200a
2a00:1450:4001:813::200e
2a00:1450:4001:828::2003
2a00:1450:4001:82a::2003
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2001
2a00:1450:4001:831::2013
2a00:1450:400c:c01::9c
2a02:2638:1::13
2a02:2638:1::3
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
2a06:98c1:3120::7
34.107.203.240
34.120.142.1
35.192.151.63
35.202.21.90
50.97.212.250
52.38.14.212
84.17.46.53
058f76d93a417240888fe7522aca5a1322f3ff8f86ddc950a3c347f0a1ac57da
086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e
08f727d493d0590199568403e67b29c88db5b674e90532f49d013e6e233224fc
0efa1e4687032588dae8d6d3a00a92e504a3a14b9d1bb23c19670a47c9792110
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12ad026eace6494ff61e221807c55802f6c7384c69f79439ff9765c3a3420abc
132ff663ec567f9ae205298aaf3d6d16048f20750616d8b3ea174fdc4cb3ff0c
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7
18cd8b680be7d2eac588b3ac96ff459d48d23a4526343cc6c473995d3153af3e
1b54b66edcb0c239350b409ff86ba3195fa5c6455b0251e76d910ba4fc091be1
1d669802adf1cb3b8210ed01ed9d83e6b43d6fed8fa6716aaba241ccc0669b2b
1e843b8b1f0971ce91d1d7e45e35e23dbb6008cdc3a859f9d42e384cf05650fb
255f497324a8823e617af3b9135771124c5a124b3d2d77ddae68e9b6a780d049
2b89ce6bb6c3037d363dcfa4470f124a6647374c3cce4bdaf0bf07ab001b2464
2c0e68c05ab8a290014b40f848b639d52adb1eeaffebe207124f2174f60f7add
2dcf66df3032042a56e661d5be35ba4f3af5328d29e4698ee8fd0ba4b88cc932
2e42ee85db205de7ee6b3e254523c734643431764b9bbc87c058e89cf474c5c5
36aecd4542cf4c62f3d0b0517e0e560aabd649e4efcfce254a95c5adeb388a5c
36dc7363f42099049f12e0c5c85c0f016832875021ba68c3d2f83045594ffac4
3705afa2ba67e76379c851b704bb0db8ed87656a819209c28b63d2321343fcd8
38ce40f41757c9b666dbd3594af6fb2a4910f7521da1d65e697af42e6cdad7d7
3cf85ecb4a6becc6460dc3e65472ca30c4ea836366cd3d6bd54e315c6f7c31e3
3f351eef4b0a3ccd70ff9d4239851252a0a6eba79471e530f9deec0b3421d132
48e6569cf06d8b950da3926d80fe1528f7ebaf32cd060d43ee3d79a722cb5387
4a15c711d1a44a22b910a61d75826e7e3515d4abb0241324c12c42848326bc25
4b6753aef2f81a4813434523b259d9d19f368ae41cd40162bf0897bc4e334cb9
4c2a0a41bdbc55f5d0f74f367110639cb7fe35122a7a140846d1395d21609a6d
4ebd979a9f0a79ff0d1526188ba0b95a5d36751f01fd16d1082779f2d11321b9
4f5bd189979d955106dcb369a6b77e4b7b57dfa2fa177bad6a0558fce4f00cf9
535f84cffe4a18de721d24bd0f6a46f059068d48daf2327d143e0397431cbb14
53d57168540bb85fb843de9e649053e8fbf95a30d151b5cc30c7e704b7669a69
54700d9ee9a1c09e3d345f5ae504039e0b912b2f731b38fce2bf06a9f0c061b5
5590f038f87169772f0bb512d942481838ac73230926fb92c4ff8db9a19b2296
55f1deb0d20b8ef2b1b728e9c536647f1895355b61bef28abb41eb6dcec41411
592e4d1835429b83456573242ac88bb14dac49923173813eeaa78537bb7620f2
5c3a00eb37ad8e96072e58f6dd7ab2e708ce6406b766d71e207d46ee97aa8512
5dc9d61931a73fa03b59af510868b7e89e4523df5a53935212ca8a9b31af0b8d
63e0f1d4d244fa557ae96c648168b0620a4f5ad3dbb653fc979a1b3ea0000699
64369b56b87a6a6a37ce6c800d296e77b379c49fff9cb2a556c5f8ad3ccb4b36
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d5dce43acba1416db19f39d22d8db0dd7dd366ff39b15ca5f1752e8d7ec5d7e
6de05c135e09807c1a50d1e68453a011f56ad6797d38712af1534e9343b89346
71a5816340231851f4659bf5812a7f16a27f08912668864b9b69f6167f749c65
71b3e9761dec1834f8152f030e564ed3ccee88e6f133764557faadbebf869c2d
72b95405e006370e34ac6d7be5f4b185fe0d1058d43b576136d0ac5eddd88562
73c42500e4af90ca921ec406fd0cb6af6a43fe78d1eda3de7d655aa215565a60
73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759
75a75114a3326f64b66896b4e47f2ebe985c53caab85e17814eaa17ed216005a
75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86
79e703e37d0c5dbedbfad7f3f3c9607a616174a1ce152ff230895cd2062e1f33
7a6f1b0ec5b4496dd25750d34190630825040571c4056b094acde5987f01dbb7
7b93501d3965ccc6d249f71312e04eebbab373bf305e1af92c2c668dd6eb3bdf
7bd10dcd45b27f8c416e2963cbec082c8beb2b653a0002d67bf0857b2db95c9b
7d5beae7ebc2c7ce5cb8e194dd48e0229ab6f36e09623713865cceaac4bb4b08
7ddf07e39d31b21a32b5a04ed372affc2622e4cb8faa706f17bb91178c3e2d76
817122a72f27d68da5af46cd6e79d8975b1127203ec2a0843582c5b50905d714
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
878ae62b8a42d7ac04f49be49345a3df4dd03938d6cebb5961cc1ac23c967cb0
8e689d74f8c13a43ef8a9c23c84db00756e7841b4e5e56267ad7216d8509fabe
8f3fe0606a82e44431a7b066692d17ba287c1f2e8e4b3050556807575a1fe33f
908362cc3d83780a006474ebea417be9ff9e9f92175e4295c990747e211507d8
94052c1920fe8b6b2e791f362c8a4247e50f0abcab5e61225d3f3a2414c73a43
967ff48c41053bf7c36f819b71ee6b509bd9971857397d74b41c75acc5bd27ae
96ad5f56a00803d62c47a3d21d9017916e470ab35935361f0f822af42d559d62
96fe92f97fc2c54b47fc3a8b6ab7788ea64be5925bfeb8378cf7753b397a2778
9ca8a06fa36760ac11757bf1454f1a8dfd50150e294520a91e6864d29f7fde8a
9d2e3e5a962cb3a75e08cea4327e73dba87d114aeb6a012b76b19a91aeb96f8e
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a8eaf699085189552bba8f5057bcf969e3087d39f7830bd20c31a767f47c4dc7
b3fdac93d880353fc983f82b9ed6fa62e54d755e05c1ee51020d98e95e35cb1a
b494764a83e1a3fb8c887deedf8c8a87edf40697e45f21a357fcf61d6a55c5c6
b7893a230766dd48285139bdfe35565e504f0b3b68cfc856da3dc81db307569a
b860877347b5fb701c185e3040e04fecca7506822e712f1a8074554ef513925d
ba398c4073f3dde850f04637918764494bad50499536ad1781113c66ec325eae
c5265b2a343e05fcaf0cd05b0dd03975c4d83e4168eafea7236a99ee46caf79e
c60b93effcbac344d2c30270e0d97323af0f64f43f3ac4d8abd486a875477169
c9944716a10b83ea2b631e2fc091a3f4a289cdf835abcaab5b694065808092f3
c99e1eaa85d260995d9712261a68944fbf1501210fc0b72fd69286218c58a39e
ca5e8198626ecded4b40a5e264d6fca7d1b4663db1fdd1032b3755aeb5ccd297
cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42
cdf6aa48e94cc037d933692c5de29571fe81e66b73a9cc57f82614dcd25806a7
cfe3b7382e477059da11be2099914b94f0e2a4f08240c60542c376957b8d9658
d0a6684633c6ab8da1971668ea1691819ac386ff1fe02a5ce18926028a02b726
d56ad0781875c34060e15e238f8f8cb621c132675a63e3b90ffe23a2918e4639
d6c652b770391aba1eb4c71ad06b1b858ee1f8d13152aef29cab9cd2f4e3c2b3
d714d3212f582f4f13d0d636c88d73345e85d1671d69e47a8633f002dfd9bc34
dc3eefe6b1857505fcff69054bb2c7381a95448d621179e0df280cc3859413c6
dd9c85c873b9b644468988e8165e079b0e747a550ce13fa3f7d0c1839b0fd503
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dff5c7a61358f77654f6f3c48ba16e33a4315bb57389075f380c408b250c73b0
e17cc900f2c3e8e09d3a2d454c231fccc85c4d1c6164b05c1d5c482a51d21190
e17f0091bbce5eb0f3a8b1dd678af32261ad748c55714bb69cafa60c0be90489
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e99b1332226c6486a8a20ed70dabcb018e623a70cca29e202a48d653a486161c
eb8cf8fdc6a1bda51075ce4c25fc209881cfc591bcdaa5ad138694804f24f890
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f
f962a0a8539cb44fb06a4494ffc65fa38369085603acf1a4b96adb8fb164e0d2
f99dac30c7093e8b1c2689aef392938701193512f32b6a919249821c6ba5a353
fdeca2cfc516555aacf01d48f855898eaddc3467cbb92d8b8e30e91a61a3e409
fe39eced72c33ae4c1b3bdd9843bc853265b9909040d41555faa02f62cb29ef2
fe4a6e0c7220b1a9ce45b621a0e9844db3f75b359050882bcfc3ac2f5bb9ad51

go.behindthemarkets.com Open in urlscan Pro 35.202.21.90 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

118 Requests

99 %HTTPS

65 %IPv6

24 Domains

28 Subdomains

23 IPs

5 Countries

1788 kBTransfer

4969 kBSize

20 Cookies

2 Outgoing links

Page URL History

Redirected requests

118 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

go.behindthemarkets.com Open in urlscan Pro
35.202.21.90 Public Scan

Screenshot
Live screenshot

Full Image

118
Requests

99 %
HTTPS

65 %
IPv6

24
Domains

28
Subdomains

23
IPs

5
Countries

1788 kB
Transfer

4969 kB
Size

20
Cookies

118 HTTP transactions
0 data transactions