go.behindthemarkets.com Open in urlscan Pro
35.202.21.90 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://buf.soundestlink.com/link/652c36b3158204a15bb41940/652a88a698067a821833ec27/64ec9e4eafe59d6ca09d1dbb?signature=583b08...
Effective URL:
https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=da58832ef53445dcb0826992bdc6599a&utm_source=94&utm_campaign=2...
Submission: On November 08 via api (November 8th 2023, 8:40:15 am UTC) from BE — Scanned from DE

Summary HTTP 109 Redirects Behaviour Indicators

Summary

This website contacted 19 IPs in 4 countries across 22 domains to perform 109 HTTP transactions. The main IP is 35.202.21.90, located in Council Bluffs, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is go.behindthemarkets.com.
TLS certificate: Issued by R3 on September 27th 2023. Valid for: 3 months.

This is the only time go.behindthemarkets.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:440... 2606:4700:4400::6812:2ab2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	35.202.21.90 35.202.21.90	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	34.107.203.240 34.107.203.240	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
61	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
4	2001:4860:480... 2001:4860:4802:32::15	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
4	34.96.102.137 34.96.102.137	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
6	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
5	2a02:2638:3::e 2a02:2638:3::e	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	35.192.151.63 35.192.151.63	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c04::9b	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1 3	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:800::2004	15169 (GOOGLE) (GOOGLE)
3 6	2606:4700::68... 2606:4700::6810:7daf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6813:9308	13335 (CLOUDFLAR...) (CLOUDFLARENET)
109	19

1 2606:4700:4400::6812:2ab2 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

buf.soundestlink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3120::3 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

vinderocatchernwl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.behindthemarkets-btm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.202.21.90 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 90.21.202.35.bc.googleusercontent.com

go.behindthemarkets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
btm-btm-btm.lpages.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.107.203.240 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 240.203.107.34.bc.googleusercontent.com

static.leadpages.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
embed.lpcontent.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

61 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:4860:4802:32::15 (United States)

ASN15169 (GOOGLE, US)

js.center.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:2638:3::e (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dynamic.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.192.151.63 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 63.151.192.35.bc.googleusercontent.com

api.leadpages.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c04::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:3::c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6810:7daf (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9308 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
61	googleusercontent.com lh3.googleusercontent.com — Cisco Umbrella Rank: 49	776 KB
8	criteo.com 1 redirects dynamic.criteo.com — Cisco Umbrella Rank: 4133 gum.criteo.com — Cisco Umbrella Rank: 454 mug.criteo.com — Cisco Umbrella Rank: 2926	106 KB
6	unpkg.com 3 redirects unpkg.com — Cisco Umbrella Rank: 903	16 KB
6	gstatic.com fonts.gstatic.com	202 KB
4	leadpages.io api.leadpages.io — Cisco Umbrella Rank: 38466	2 KB
4	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 2958	57 KB
4	center.io js.center.io — Cisco Umbrella Rank: 45779	15 KB
2	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 2260	3 KB
2	google.de www.google.de — Cisco Umbrella Rank: 6862	515 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 78	410 B
2	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3040 www.google.com — Cisco Umbrella Rank: 2	667 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	21 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	185 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	3 KB
2	leadpages.net static.leadpages.net — Cisco Umbrella Rank: 44198	29 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 223	11 KB
1	lpages.co btm-btm-btm.lpages.co	19 KB
1	lpcontent.net embed.lpcontent.net — Cisco Umbrella Rank: 55474	15 KB
1	behindthemarkets.com go.behindthemarkets.com	73 KB
1	behindthemarkets-btm.com 1 redirects www.behindthemarkets-btm.com	849 B
1	vinderocatchernwl.com 1 redirects vinderocatchernwl.com	772 B
1	soundestlink.com 1 redirects buf.soundestlink.com	398 B
109	22

	Domain	Requested by
61	lh3.googleusercontent.com	go.behindthemarkets.com btm-btm-btm.lpages.co
6	unpkg.com	3 redirects btm-btm-btm.lpages.co
6	fonts.gstatic.com	fonts.googleapis.com
5	dynamic.criteo.com	www.googletagmanager.com
4	api.leadpages.io	js.center.io embed.lpcontent.net
4	dev.visualwebsiteoptimizer.com	go.behindthemarkets.com dev.visualwebsiteoptimizer.com
4	js.center.io	go.behindthemarkets.com js.center.io btm-btm-btm.lpages.co
2	script.crazyegg.com	btm-btm-btm.lpages.co script.crazyegg.com
2	gum.criteo.com	1 redirects dynamic.criteo.com
2	www.google.de	go.behindthemarkets.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.googletagmanager.com	go.behindthemarkets.com www.googletagmanager.com
2	fonts.googleapis.com	go.behindthemarkets.com btm-btm-btm.lpages.co
2	static.leadpages.net	go.behindthemarkets.com btm-btm-btm.lpages.co
1	cdnjs.cloudflare.com	btm-btm-btm.lpages.co
1	mug.criteo.com	go.behindthemarkets.com
1	www.google.com	go.behindthemarkets.com
1	region1.analytics.google.com	www.googletagmanager.com
1	btm-btm-btm.lpages.co	embed.lpcontent.net
1	embed.lpcontent.net	go.behindthemarkets.com
1	go.behindthemarkets.com
1	www.behindthemarkets-btm.com	1 redirects
1	vinderocatchernwl.com	1 redirects
1	buf.soundestlink.com	1 redirects
109	25

This site contains no links.

Subject Issuer	Validity	Valid
go.behindthemarkets.com R3	`2023-09-27` - `2023-12-26`	3 months	crt.sh
static.leadpages.net GTS CA 1D4	`2023-10-16` - `2024-01-14`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
js.center.io GTS CA 1D4	`2023-09-12` - `2023-12-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2023-07-06` - `2024-07-06`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
embed.lpcontent.net GTS CA 1D4	`2023-10-03` - `2024-01-01`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2023-12-23`	3 months	crt.sh
*.leadpages.io R3	`2023-09-28` - `2023-12-27`	3 months	crt.sh
*.lpages.co R3	`2023-09-26` - `2023-12-25`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=da58832ef53445dcb0826992bdc6599a&utm_source=94&utm_campaign=29&utm_medium=&id=&iocid=&aff=94&creative_id=29&oid=110&message_id=&link_id=
Frame ID: A476F4A3B0A6425B8B03533621E425B2
Requests: 94 HTTP requests in this frame

Frame: https://js.center.io/identify.html
Frame ID: BEF6F8CC5DC46FF71EBDD9420F7618B9
Requests: 1 HTTP requests in this frame

Frame: https://btm-btm-btm.lpages.co/serve-leadbox/VztjYisSWCcTkzp7kDtdHL/?_ef_transaction_id=da58832ef53445dcb0826992bdc6599a&aff=94&creative_id=29&id=&iocid=&link_id=&message_id=&oid=110&utm_campaign=29&utm_medium=&utm_source=94
Frame ID: BA2A7D5C0C376B7BA021BF03AFC1B6B5
Requests: 11 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=go.behindthemarkets.com&origin=onetag
Frame ID: 82D34E3498A3B755D4A0D3527BC15449
Requests: 2 HTTP requests in this frame

Frame: https://js.center.io/identify.html
Frame ID: 4957F18A8CE238C118F7D2B2662ACAFA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BTM UFO Weapon

Page URL History Show full URLs

https://buf.soundestlink.com/link/652c36b3158204a15bb41940/652a88a698067a821833ec27/64ec9e4eafe59d6ca09d1... HTTP 302
https://vinderocatchernwl.com/3J67C/ZGBDPC/?omnisendContactID=64ec9e4eafe59d6ca09d1dbb&source_id=BTMUfo1&s... HTTP 302
https://www.behindthemarkets-btm.com/58GQMR/6FQ5XR/?creative_id=29&sub5=a89286b9f5744fd7855a7951a42cdca4 HTTP 302
https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=da58832ef53445dcb0826992bdc6599a&utm_sour... Page URL

Detected technologies

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

109
Requests

96 %
HTTPS

81 %
IPv6

22
Domains

25
Subdomains

19
IPs

4
Countries

1533 kB
Transfer

3133 kB
Size

15
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://buf.soundestlink.com/link/652c36b3158204a15bb41940/652a88a698067a821833ec27/64ec9e4eafe59d6ca09d1dbb?signature=583b0830edb7f0d8f48d685f5aa9389018c5a4f71e7e4df03d2057ccadb23c87 HTTP 302
https://vinderocatchernwl.com/3J67C/ZGBDPC/?omnisendContactID=64ec9e4eafe59d6ca09d1dbb&source_id=BTMUfo1&sub1=1&sub2=omnimich&sub3=omnimich&sub4=wik&sub5=verdacht%40safeonweb.be&utm_campaign=campaign%3A+90d_op_2+%2B+new_all_2%2B5%3A+BTMUfo_1_1+%28652a8709d4cbad411b07dd7b%29&utm_medium=email&utm_source=omnisend HTTP 302
https://www.behindthemarkets-btm.com/58GQMR/6FQ5XR/?creative_id=29&sub5=a89286b9f5744fd7855a7951a42cdca4 HTTP 302
https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=da58832ef53445dcb0826992bdc6599a&utm_source=94&utm_campaign=29&utm_medium=&id=&iocid=&aff=94&creative_id=29&oid=110&message_id=&link_id= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 93

https://gum.criteo.com/sid/json?origin=onetag&domain=behindthemarkets.com&sn=ChromeSyncframe&so=0&topUrl=go.behindthemarkets.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=tGD1e3xIdU5lNE1uZjBWaThXTFRRcnY3MGE1MDkzbzJWSThzcERYUURyZXpKSXJ4SzE1RUFXZ1p5Z2l4Z0I2dEVxbUlTSVB0b1dRb29XZ2dSNkpJK0ptbE4rc0xDb3ZJSHZjb3U5TzUyRXg0TjVaY01sMXlCVGkxSFhwTHpjZFNBQ2trc3doczFvaUphcHRxWmIreDYxcUM3UDNpa1JERkpVSVRpek1BODhQbnMxUElGQk1pOWY3cjlvT3l0bUZsbkNUQk0yVDFvbDVwU25hTlh5bERlOHZwZFRHWVZBbHpSQUxLOUVPd0o3bnpRZ01CWWhRT1hkazZmdTcxNkM3akpCLzVRUVFCdGVoQi9jclZuajVJZVU4c3hiTllhZWpqZjBMY3pwMHRITzJ5NFJzWT18&cppv=2

Request Chain 97

https://unpkg.com/spectre.css/dist/spectre.min.css HTTP 302
https://unpkg.com/spectre.css@0.5.9/dist/spectre.min.css

Request Chain 98

https://unpkg.com/spectre.css/dist/spectre-exp.min.css HTTP 302
https://unpkg.com/spectre.css@0.5.9/dist/spectre-exp.min.css

Request Chain 99

https://unpkg.com/spectre.css/dist/spectre-icons.min.css HTTP 302
https://unpkg.com/spectre.css@0.5.9/dist/spectre-icons.min.css

109 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
go.behindthemarkets.com/btm-ufo-weapon/
Redirect Chain

https://buf.soundestlink.com/link/652c36b3158204a15bb41940/652a88a698067a821833ec27/64ec9e4eafe59d6ca09d1dbb?signature=583b0830edb7f0d8f48d685f5aa9389018c5a4f71e7e4df03d2057ccadb23c87
https://vinderocatchernwl.com/3J67C/ZGBDPC/?omnisendContactID=64ec9e4eafe59d6ca09d1dbb&source_id=BTMUfo1&sub1=1&sub2=omnimich&sub3=omnimich&sub4=wik&sub5=verdacht%40safeonweb.be&utm_campaign=campai...
https://www.behindthemarkets-btm.com/58GQMR/6FQ5XR/?creative_id=29&sub5=a89286b9f5744fd7855a7951a42cdca4
https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=da58832ef53445dcb0826992bdc6599a&utm_source=94&utm_campaign=29&utm_medium=&id=&iocid=&aff=94&creative_id=29&oid=110&message_id=&li...

640 KB
73 KB

584ms
253ms

Document
text/html

35.202.21.90
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=da58832ef53445dcb0826992bdc6599a&utm_source=94&utm_campaign=29&utm_medium=&id=&iocid=&aff=94&creative_id=29&oid=110&message_id=&link_id=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.202.21.90 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

90.21.202.35.bc.googleusercontent.com

Software

Leadpages /

Resource Hash

01e55dd1aa745de01aa72d41811a1fad24cf8a847ca376ae78738e1b3c6b3628

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-encoding: br
content-type: text/html
date: Wed, 08 Nov 2023 08:40:10 GMT
etag: W/"30c3c36b0c8da72037681621615641ad"
last-modified: Wed, 01 Nov 2023 13:14:48 GMT
server: Leadpages
strict-transport-security: max-age=15768000
vary: Accept-Encoding
x-cache: MISS, HIT

Redirect headers

accept-ch: Sec-Ch-Ua-Platform-Version
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 822c8276ebaa18c9-FRA
content-type: text/html; charset=utf-8
date: Wed, 08 Nov 2023 08:40:10 GMT
location: https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=da58832ef53445dcb0826992bdc6599a&utm_source=94&utm_campaign=29&utm_medium=&id=&iocid=&aff=94&creative_id=29&oid=110&message_id=&link_id=
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QIOve957KA97YBV4YK6cfYK1yUBs1p6ftSg%2Bp9wm6PyqnPtehZBG1rh8rGLuvZuCogR1h2PgO%2FRkLr1I3Sooe1URf%2BQaER1wBZLNMSPdQUwR%2FMWmuujIzFzq4dYy6veGBEgtpSIIWhgxPLnfV5xjC78kqbDAz7F4JDtP"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
via: 1.1 google
x-eflow-request-id: d1087d40-fa36-4554-9bdb-454312961474

GET
H2 200 all.min.css
static.leadpages.net/fonts/font-awesome/5.14.0/css/ 58 KB
15 KB 90ms
20ms Stylesheet
text/css 34.107.203.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=da58832ef53445dcb0826992bdc6599a&utm_source=94&utm_campaign=29&utm_medium=&id=&iocid=&aff=94&creative_id=29&oid=110&message_id=&link_id=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.203.240 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.203.107.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 18:48:42 GMT
content-encoding: gzip
via: 1.1 google
server: Google Frontend
age: 1086688
etag: "-Aynvg"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-cloud-trace-context: 02eeb32c592e0b750b97ade49c5c4f79
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14628
expires: Fri, 25 Oct 2024 18:48:42 GMT

GET
H2 200 css
fonts.googleapis.com/ 30 KB
2 KB 81ms
33ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Fjalla+One:300,400,500,700|Roboto:300,400,500,700|Roboto+Condensed:300,400,500,700|Playfair+Display:300,400,500,700|Exo+2:300,400,500,700

Requested by

Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=da58832ef53445dcb0826992bdc6599a&utm_source=94&utm_campaign=29&utm_medium=&id=&iocid=&aff=94&creative_id=29&oid=110&message_id=&link_id=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c865391244737b56f4a47ee897a14f540bf734ca5d784ab161995797e4635db6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 08 Nov 2023 08:40:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 08 Nov 2023 08:40:10 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 08 Nov 2023 08:40:10 GMT

GET
H2 200 QLt0EKD447EIlqoqDQJLlZpsslns1ROpdOJAIkMbponWSEhusQeZJrfrubkLV9HRfu0hPKsWyoDANrnzZPwy_m7M595zJWObbObA=w16
lh3.googleusercontent.com/ 289 B
585 B 82ms
30ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/QLt0EKD447EIlqoqDQJLlZpsslns1ROpdOJAIkMbponWSEhusQeZJrfrubkLV9HRfu0hPKsWyoDANrnzZPwy_m7M595zJWObbObA=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

09860b6bb23c1622b929cf82cec33520f81ea39b2e637ba62e79533e1d265015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 289
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 yxK08sBDcK1cCufaTrx-Mg6sc651s5_JJkFuAzE3dJ9O1Gc7veEdBewv-klKc9PixKfiiAefHnZr4j72Q-o66eLDAa6EXNyMN0M=s0
lh3.googleusercontent.com/ 15 KB
15 KB 84ms
32ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/yxK08sBDcK1cCufaTrx-Mg6sc651s5_JJkFuAzE3dJ9O1Gc7veEdBewv-klKc9PixKfiiAefHnZr4j72Q-o66eLDAa6EXNyMN0M=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d6e95baaa826fa0d183cf2cc4f8120dd6c4dba0f62e82de9b5d2d30595f1a7ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15447
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 wRCLDsfkIMmtWIP3l7eNMfWQFoU1CVBaoN4qNhQvjLxv1AYeZIad-WiKxstWIvoz7CNPRVxP-I4oXMl9nl-lrDpZi2pjH_XxYPnJ=w16
lh3.googleusercontent.com/ 528 B
591 B 33ms
29ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/wRCLDsfkIMmtWIP3l7eNMfWQFoU1CVBaoN4qNhQvjLxv1AYeZIad-WiKxstWIvoz7CNPRVxP-I4oXMl9nl-lrDpZi2pjH_XxYPnJ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

21ef52e0c141c5fbc0135c601113edde2e1d9fea1d454b0da3cb66fe2d6aa432

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 528
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 dpJ2gI5ZlfZ0UhHvlyr-UuQAzVSdgPwPMOvQidsBNvpHnw1UYSPtBl1rHbdb8O_ewQGqtXEHYfyIS1RzosrxgZbATGT3pixRLgM=s0
lh3.googleusercontent.com/ 29 KB
29 KB 30ms
30ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/dpJ2gI5ZlfZ0UhHvlyr-UuQAzVSdgPwPMOvQidsBNvpHnw1UYSPtBl1rHbdb8O_ewQGqtXEHYfyIS1RzosrxgZbATGT3pixRLgM=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

bc8d607824ba046ae56778998afe2e69219247957cc26951de824b138d011535

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29865
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 ajhTN-3YGhqmLg51AWwIRBHtnkdHslCZU8ESZX-Ri9ZtLNfbMVHmhJhdRqB4HlDyRsWxOoJAdHItysYrt9ti8HxbPHFRURsGWEA=s0
lh3.googleusercontent.com/ 32 KB
32 KB 62ms
55ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ajhTN-3YGhqmLg51AWwIRBHtnkdHslCZU8ESZX-Ri9ZtLNfbMVHmhJhdRqB4HlDyRsWxOoJAdHItysYrt9ti8HxbPHFRURsGWEA=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8117b595dbdc02ecef5f4341b481db3a46bbab0f8a86e79eb0b14578ea42a446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32291
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 SvT2JBmkRPEmyb5VuOl2U4HvS6g65aaz95BotwzhIqdtbzODvVgToTljNQTMm5-iT5gwgG90m46nTDzRbFedq7MF0DndwOPX7M8=s0
lh3.googleusercontent.com/ 33 KB
33 KB 41ms
33ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/SvT2JBmkRPEmyb5VuOl2U4HvS6g65aaz95BotwzhIqdtbzODvVgToTljNQTMm5-iT5gwgG90m46nTDzRbFedq7MF0DndwOPX7M8=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6eb79f030eca6548e428f1470c03d57c35fc82fd9b4ed915894f74bb8a4d1e19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34101
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 ABBojT1Nd5u_lCZNCn0JwUxW4s2Z-anLz_ApbgNC7XLMQIiXPm3_97_AJ2-OvC2STmqktqiJ5kSM1QpGOmC4boFPxT4wVrIbYz1y=w16
lh3.googleusercontent.com/ 452 B
515 B 40ms
33ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ABBojT1Nd5u_lCZNCn0JwUxW4s2Z-anLz_ApbgNC7XLMQIiXPm3_97_AJ2-OvC2STmqktqiJ5kSM1QpGOmC4boFPxT4wVrIbYz1y=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c02a537eec620de29094096c1517db5cd507af931d7d61ede3576ac4309c4946

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 452
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 CVMprulCSi7td0ZtwanQhhsrwi78yNQAny8ZLOydL5MX_6ZcJfcCmP0E4R9Wcy_-7N5sBywmazglmpxnEw6-rQYiLBxM1jQTga0=w16
lh3.googleusercontent.com/ 486 B
549 B 38ms
30ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/CVMprulCSi7td0ZtwanQhhsrwi78yNQAny8ZLOydL5MX_6ZcJfcCmP0E4R9Wcy_-7N5sBywmazglmpxnEw6-rQYiLBxM1jQTga0=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7d6465ff40cc8a253079809cfb86bda088de84e90677e0d0636ec6ffe065776f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 486
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 _M6FFmDmsF8L0M74UKdQ8Q8NhWcgq2yFcqxc0_4uc2R5r76ONJwfB_TzFywiY6AAG4Pa6Vi_ao-GQhkBVz-gB0vvHYKKatm25Rac=w16
lh3.googleusercontent.com/ 585 B
648 B 38ms
31ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/_M6FFmDmsF8L0M74UKdQ8Q8NhWcgq2yFcqxc0_4uc2R5r76ONJwfB_TzFywiY6AAG4Pa6Vi_ao-GQhkBVz-gB0vvHYKKatm25Rac=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7631fdde759575aded86b3d1ce65b7884706a678566834f6cb43c40d8f1e2c85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 585
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 TCW4RtnYS69HfgXvks8mLRxdCEmCNvqqzeu8aFjfwma7YemCn13jYaLCJgNbGWBR_YfnAMu08ttsm-IgAfuwmw7_BQwZo32CmMrt=s0
lh3.googleusercontent.com/ 30 KB
30 KB 53ms
46ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/TCW4RtnYS69HfgXvks8mLRxdCEmCNvqqzeu8aFjfwma7YemCn13jYaLCJgNbGWBR_YfnAMu08ttsm-IgAfuwmw7_BQwZo32CmMrt=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a5512781731b5b307ecf7b7a315d2e86150d976cdafd90452832a6fb28e4b7c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30807
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 H6t8ivg6l_8mCZMCBZsAyZ4N4Ozjg6ci7RY7jS91zkw9ETWd2HbCrYwpt69j8Nzx1ZalexUrQ8fYO6l1PVfnzrmDkxHAnT7XYRY=w16
lh3.googleusercontent.com/ 32 KB
32 KB 69ms
62ms Image
image/gif 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/H6t8ivg6l_8mCZMCBZsAyZ4N4Ozjg6ci7RY7jS91zkw9ETWd2HbCrYwpt69j8Nzx1ZalexUrQ8fYO6l1PVfnzrmDkxHAnT7XYRY=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

38c1d645f08cafe1e0c34cc16c9c9e95433775aca4e8b016fe23dc1913b40854

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.gif"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32704
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 KW7DqpaNI-KWZXsC3PytJUXmxLrtnbNo6bLKtTTWdUvJHS5e_Cxdcdj6zbB3pIc59ZZeyTg8lNUunXCdWlTSz3PL_mmHCHcNKw=s0
lh3.googleusercontent.com/ 37 KB
37 KB 73ms
66ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/KW7DqpaNI-KWZXsC3PytJUXmxLrtnbNo6bLKtTTWdUvJHS5e_Cxdcdj6zbB3pIc59ZZeyTg8lNUunXCdWlTSz3PL_mmHCHcNKw=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

12bb6250f9afe86162b02c690ee29b53261cdf7c0b324bbb58939816c36bd658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38151
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 3h3xQqxh45xpHWNXWClXwqdYOrdv4ftoDW-b7eSW-tT-uBVLKhsD1r9hQd2u-Ixcio5pudsaRKcvZowt9ltrK98meIXpn9H_rJM=w16
lh3.googleusercontent.com/ 357 B
420 B 51ms
44ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/3h3xQqxh45xpHWNXWClXwqdYOrdv4ftoDW-b7eSW-tT-uBVLKhsD1r9hQd2u-Ixcio5pudsaRKcvZowt9ltrK98meIXpn9H_rJM=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8e29f3e687fdc2aa47a5183200740ffc894cf469d1d0a5db7317392ab003c6ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 357
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 wiqgLWSDmGh6MRI--zDDK9vXSnZXdq46H6z4AgVpZEnTi33PhknXDIVmi25lGgpOb_X13vPkIshwDvFQ3S3Vw9l5p5yfwm6B9Hc=w16
lh3.googleusercontent.com/ 777 B
840 B 72ms
65ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/wiqgLWSDmGh6MRI--zDDK9vXSnZXdq46H6z4AgVpZEnTi33PhknXDIVmi25lGgpOb_X13vPkIshwDvFQ3S3Vw9l5p5yfwm6B9Hc=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3584c4b319d00a900259c554d8076927e2aaf3b60a6d41973ead57138070d706

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 777
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 To4oSf2cBoWEYk0XhtN0hPWGbJLu7IG6A8wepdCYxGYa8hgbFdV0vpLa3J12Bjm7dAeQEMVYLR3TuNeQypSdGI9lNCMjPxLfyCU=w16
lh3.googleusercontent.com/ 326 B
389 B 71ms
64ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/To4oSf2cBoWEYk0XhtN0hPWGbJLu7IG6A8wepdCYxGYa8hgbFdV0vpLa3J12Bjm7dAeQEMVYLR3TuNeQypSdGI9lNCMjPxLfyCU=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

843664caa06661a4c789fe642770690b9a6cec4ecfed6835a631632dcb98aa67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 326
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 ZuXjjC76PUiFkmhSAtOXENiGw4vgsuQ9izAlMU1L_pkV2ewHWDOa7BA2Bsc0R-n8pVrMtz2MoYdnKscJSc-wLA6my-GWisy4RKwW=w16
lh3.googleusercontent.com/ 343 B
406 B 68ms
61ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ZuXjjC76PUiFkmhSAtOXENiGw4vgsuQ9izAlMU1L_pkV2ewHWDOa7BA2Bsc0R-n8pVrMtz2MoYdnKscJSc-wLA6my-GWisy4RKwW=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

88804d6ebe9dae5ad41f997452c2edb43e0b07cdc7dab0a38cb8f62250ca692e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 343
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 OAlRGjccArdVTSlObYizvoVhAb_uZqDO_esSTFtxAmfbPjchMTA015Q9hzrcJthQus0T8ETnRzsDRZkoClDxz-8nF-_9QLZsTXM=w16
lh3.googleusercontent.com/ 320 B
382 B 72ms
65ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/OAlRGjccArdVTSlObYizvoVhAb_uZqDO_esSTFtxAmfbPjchMTA015Q9hzrcJthQus0T8ETnRzsDRZkoClDxz-8nF-_9QLZsTXM=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8144d33c5610d6e5a06a27cfec7163258f02d413b0befd187e399740b490a194

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 320
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 byURWe3nCJFW1ZeLeMS3pkLLQicrPPIEAjfYuk9Qw5KpIsGFJ1cuW6UqdU7ymztTFXvS3F55JEPi4XXqsAuc4Ttxq2-siyWC7mQ=w16
lh3.googleusercontent.com/ 318 B
381 B 52ms
46ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/byURWe3nCJFW1ZeLeMS3pkLLQicrPPIEAjfYuk9Qw5KpIsGFJ1cuW6UqdU7ymztTFXvS3F55JEPi4XXqsAuc4Ttxq2-siyWC7mQ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

0dc05bd8e6a23d3ce410b51ba0867a6613da4fd82014e88e2ffedcc07549bb05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 318
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 AQnxmIYnSr6z7Q1bA0-lXny19TrrFusc7eEAY_6j381h-1HTBKF72jfexw_rcQtlikJpyi5lBdscyeQ1GaAv3j-qy7IO5mi7UDkz=w16
lh3.googleusercontent.com/ 626 B
689 B 59ms
53ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/AQnxmIYnSr6z7Q1bA0-lXny19TrrFusc7eEAY_6j381h-1HTBKF72jfexw_rcQtlikJpyi5lBdscyeQ1GaAv3j-qy7IO5mi7UDkz=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8e8c63e762d334605b396e4bfacb8723fdfac07a2c77dfe9c57195658605dc00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 626
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 O_gVPVfqKt22o9ZRAfvtcr3TbOagF-f27DfAT4zacAEhSWepeV2OwHA0dLL99E3ujBN0Q9avqyn9X1BV1DgjMrO1CP1fRGqmQyM=w16
lh3.googleusercontent.com/ 771 B
834 B 51ms
45ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/O_gVPVfqKt22o9ZRAfvtcr3TbOagF-f27DfAT4zacAEhSWepeV2OwHA0dLL99E3ujBN0Q9avqyn9X1BV1DgjMrO1CP1fRGqmQyM=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2f007b53b0173b103df54f19e21bb1a020949e359a6c2493303c57c433285f71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 771
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 -FSVox_cdZtEOQdHPklDShgOnOEQieb4DYOFxJPQb9FT8WBYxOcC9qlCbguF6JYazBkL4aeUtWqHX3-XDcMzW4wbNHpqt8mb7tsQ=w16
lh3.googleusercontent.com/ 304 B
367 B 66ms
61ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/-FSVox_cdZtEOQdHPklDShgOnOEQieb4DYOFxJPQb9FT8WBYxOcC9qlCbguF6JYazBkL4aeUtWqHX3-XDcMzW4wbNHpqt8mb7tsQ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

653e57dace87f1578d47a3162639ab8754abddab7c8e37ed6420dd04fbd8ad2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 304
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 99Xxq-BxRy57nzWi9njtXvfStJLBukXgTJdjZKA-iUQSAcVn_RykSX9j1Xh5rAFfyVxew-8SHGlD4HzAP4IIUFNFbn4_i7ObiQ=w16
lh3.googleusercontent.com/ 298 B
361 B 63ms
58ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/99Xxq-BxRy57nzWi9njtXvfStJLBukXgTJdjZKA-iUQSAcVn_RykSX9j1Xh5rAFfyVxew-8SHGlD4HzAP4IIUFNFbn4_i7ObiQ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8d6f4e6b5613a9fa91abfe6587aa69327458bcfd17b484f254a7d0607808ceaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 298
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 uWPl7NSdKJhupbSWb4ZVelB3XItZGNTvztTDr5FaVrCcEISNPs1ZJd2maq5N4KWE6SSyQe2ytxOvlST70MQBghbn0T4YEcK4YA=w16
lh3.googleusercontent.com/ 313 B
376 B 80ms
76ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/uWPl7NSdKJhupbSWb4ZVelB3XItZGNTvztTDr5FaVrCcEISNPs1ZJd2maq5N4KWE6SSyQe2ytxOvlST70MQBghbn0T4YEcK4YA=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

9754b5f6ea5fe6139593a9d71354a602bd16baf749706d5ffc3882786fbb78a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 T1uV4k-ivk2FMHUXIFi-IvE2B8waeyCM1pMtAorOZ4bka7BYhLCEurKdRhpCzQjS0PQYvWYJNl-49DqRU8qWkRhtVCpc1xbPAL0=w16
lh3.googleusercontent.com/ 310 B
372 B 75ms
71ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/T1uV4k-ivk2FMHUXIFi-IvE2B8waeyCM1pMtAorOZ4bka7BYhLCEurKdRhpCzQjS0PQYvWYJNl-49DqRU8qWkRhtVCpc1xbPAL0=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

02ffe72a9c712b85c4cd1dc94c6c7d230842d2870ba1ae8c43ce12212d9934fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 310
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 ZDlPeBN0ZO_49NTQ7qCCErZIho5teOhPtSYhpG812HSGbV-nkdXuFtldu4i7wLQYgT0ZMY83scjQ07yzG0ylFZwzJxj9ldO4Ztg=w16
lh3.googleusercontent.com/ 306 B
369 B 78ms
74ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ZDlPeBN0ZO_49NTQ7qCCErZIho5teOhPtSYhpG812HSGbV-nkdXuFtldu4i7wLQYgT0ZMY83scjQ07yzG0ylFZwzJxj9ldO4Ztg=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c418f2192d7c27930706fe001f6d8225452e5bd9a11e4653d3b507161237359f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 306
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 JrGKx3Kp3wtZGdB5xfcXEobgZZIX4cEKUCZQHGD0dnZOMMxD6kRo5FSHnfZ5WKotNVS4aWqi9o62VWUc-CQkRRxCYzIogj_Dok0=w16
lh3.googleusercontent.com/ 292 B
354 B 78ms
74ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/JrGKx3Kp3wtZGdB5xfcXEobgZZIX4cEKUCZQHGD0dnZOMMxD6kRo5FSHnfZ5WKotNVS4aWqi9o62VWUc-CQkRRxCYzIogj_Dok0=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e2041219de8b785776118b7514cddfba1981a0b065c9f8ec9e6ee947f97a967b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 292
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 TMavxmDkfDrT1S00y2aX7MmUA1akzXMdPV9rB0R4atRtWtdh3DnwPoiyY659e755Wm2KPaPNPAbu0b-8xhmE8tkATYgbC9NHx-k_=w16
lh3.googleusercontent.com/ 312 B
374 B 79ms
75ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/TMavxmDkfDrT1S00y2aX7MmUA1akzXMdPV9rB0R4atRtWtdh3DnwPoiyY659e755Wm2KPaPNPAbu0b-8xhmE8tkATYgbC9NHx-k_=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d15036f4cafc9c5dc6eb94a34049e33fb834a2eb517401a9b858bf70a00c8e42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 312
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 jWkkqLM03dSIUglapeNu2Ps4TSpAVFrO66BFKxYPdm8pofB-USkI4N1Fzj5RJyEHwxu1HhreGg_aQp4yVmct1_idQ0OvL1IPUA=w16
lh3.googleusercontent.com/ 294 B
357 B 78ms
75ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/jWkkqLM03dSIUglapeNu2Ps4TSpAVFrO66BFKxYPdm8pofB-USkI4N1Fzj5RJyEHwxu1HhreGg_aQp4yVmct1_idQ0OvL1IPUA=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

21c96acbb335694cd65c8a0056e4e659dff4c337491c87dc877f54abc44fe625

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 294
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 OF9yEzuOIFdrl7il-crMaV4KXyVrXDY8NXfKY0c2OjnmjAuALFYw5Y6vT4U47KGcWrE2MYEym7T5siB6_1C1T_SEWzs7W6f4vM8=s0
lh3.googleusercontent.com/ 29 KB
29 KB 74ms
71ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/OF9yEzuOIFdrl7il-crMaV4KXyVrXDY8NXfKY0c2OjnmjAuALFYw5Y6vT4U47KGcWrE2MYEym7T5siB6_1C1T_SEWzs7W6f4vM8=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7fe0592011de0cc4c282a8523987e70c3209207703d39aa36d346e41db0c07ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29242
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 fYksF8Fa8U3z-FVpP1YGi-5vXuQKTViy7etG3JRXE54J1RZVd2J7LwZJUKBkFvG5J9xleVtheJYG5nSBiL-zKM8ZYGd8e30NgGK_=w16
lh3.googleusercontent.com/ 563 B
626 B 77ms
74ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/fYksF8Fa8U3z-FVpP1YGi-5vXuQKTViy7etG3JRXE54J1RZVd2J7LwZJUKBkFvG5J9xleVtheJYG5nSBiL-zKM8ZYGd8e30NgGK_=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3f1679187a03b9a16c963fc7b3919865a451739ac0d600d3101dbdbad7a7ba43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 563
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 fNA4zakg87CtdsN_GASRCR9zc5UTtM8B4t3c6fFTsarbADXY35CN3M1IXbQALddlC_FVmjQ78q02UjVsNh9eIhPuMVTAdBdslWA=w16
lh3.googleusercontent.com/ 539 B
602 B 76ms
73ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/fNA4zakg87CtdsN_GASRCR9zc5UTtM8B4t3c6fFTsarbADXY35CN3M1IXbQALddlC_FVmjQ78q02UjVsNh9eIhPuMVTAdBdslWA=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

91b27074116ac669b41c4650c11951613a2dc7d2a5336e93dd07ec38ad7ad03a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 539
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 56h9MSCp7xfgyYwEI7IhubN6GX2HzFlcwEsLlITGDdTuKpl8Ne8uNdV6fXu5dGiXjQMiRNNGr9gUEUg8rmgLnwTktDtOjbKksq0=w16
lh3.googleusercontent.com/ 299 B
362 B 73ms
70ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/56h9MSCp7xfgyYwEI7IhubN6GX2HzFlcwEsLlITGDdTuKpl8Ne8uNdV6fXu5dGiXjQMiRNNGr9gUEUg8rmgLnwTktDtOjbKksq0=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

0c8e060784765b186df12c3b49d58c1b6df180812c26cf625611d02cc62c2442

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 299
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H2 200 center.js Show response
js.center.io/ 12 KB
5 KB 120ms
29ms Script
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.center.io/center.js
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=da58832ef53445dcb0826992bdc6599a&utm_source=94&utm_campaign=29&utm_medium=&id=&iocid=&aff=94&creative_id=29&oid=110&message_id=&link_id=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:36:50 GMT
content-encoding: gzip
server: Google Frontend
age: 201
etag: "OMWYXg"
content-type: application/javascript
x-cloud-trace-context: bf2097e4a6b6af28ea46d2da97a2e7cf
cache-control: public, max-age=300
content-length: 5417
expires: Wed, 08 Nov 2023 08:41:50 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 292 KB
95 KB 110ms
41ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e6a73f917125c121475f89b1c9ca5197d550c5c999343f19e3c0fbacf5a43135

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 96677
x-xss-protection: 0
last-modified: Wed, 08 Nov 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 08 Nov 2023 08:40:11 GMT

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 9 KB
3 KB 97ms
22ms Script
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=601261&u=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-ufo-weapon%2F%3F_ef_transaction_id%3Dda58832ef53445dcb0826992bdc6599a%26utm_source%3D94%26utm_campaign%3D29%26utm_medium%3D%26id%3D%26iocid%3D%26aff%3D94%26creative_id%3D29%26oid%3D110%26message_id%3D%26link_id%3D&f=1&vn=1.5
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=da58832ef53445dcb0826992bdc6599a&utm_source=94&utm_campaign=29&utm_medium=&id=&iocid=&aff=94&creative_id=29&oid=110&message_id=&link_id=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 03d9a2edd6f5d8eceb5186424c3d9720ab8ca89fc3ddcd2fcd7fa2634b6ad3b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
content-encoding: gzip
via: 1.1 google
server: gfra1
etag: W/"1699383916"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, no-cache, must-revalidate
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
fonts.gstatic.com/s/playfairdisplay/v36/ 37 KB
37 KB 101ms
42ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/playfairdisplay/v36/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Fjalla+One:300,400,500,700|Roboto:300,400,500,700|Roboto+Condensed:300,400,500,700|Playfair+Display:300,400,500,700|Exo+2:300,400,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b06a5d272de6f4e0ba3f8db8338da394f8716987f7a7e764a22b6e903c0f94cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 19:40:19 GMT
x-content-type-options: nosniff
age: 133191
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37964
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 20:43:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Nov 2024 19:40:19 GMT

GET
H2 200 ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
fonts.gstatic.com/s/robotocondensed/v27/ 50 KB
50 KB 112ms
54ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

517edd119c5b2719e6ac4b30bf1fd864a6395179a41d273c0afc0696e7495d8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 18:07:48 GMT
x-content-type-options: nosniff
age: 570742
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51404
x-xss-protection: 0
last-modified: Wed, 18 Oct 2023 17:52:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Oct 2024 18:07:48 GMT

GET
H2 200 7cHmv4okm5zmbtYoK-4.woff2
fonts.gstatic.com/s/exo2/v21/ 39 KB
40 KB 123ms
64ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/exo2/v21/7cHmv4okm5zmbtYoK-4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9c1caceee24c82513919d61734ad3ccb66800fa0a92f71da617c49b8a872fb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 02:11:59 GMT
x-content-type-options: nosniff
age: 455291
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40316
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:31:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Nov 2024 02:11:59 GMT

GET
H2 200 Yq6R-LCAWCX3-6Ky7FAFrOF6kg.woff2
fonts.gstatic.com/s/fjallaone/v15/ 44 KB
44 KB 129ms
71ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/fjallaone/v15/Yq6R-LCAWCX3-6Ky7FAFrOF6kg.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

43a079fd739dffa727de659b5bbf44596031aa7542c8a8afbc54a243aab96b47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 21:51:08 GMT
x-content-type-options: nosniff
age: 298142
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44584
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 20:46:24 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 03 Nov 2024 21:51:08 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 79ms
21ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 18:18:43 GMT
x-content-type-options: nosniff
age: 138087
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Nov 2024 18:18:43 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 83ms
26ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 19:40:17 GMT
x-content-type-options: nosniff
age: 133193
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Nov 2024 19:40:17 GMT

GET
H3 200 WmNIZ4n_ZCTLaJxkRhndMi9dNNbdbKzB4zO5FIKhkf303CdWArV_3vvuTxHeNdIObyT0oI-v0TmD9EIq2bs6JQ6o6wMsjHKPGcA=s0
lh3.googleusercontent.com/ 13 KB
13 KB 42ms
31ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/WmNIZ4n_ZCTLaJxkRhndMi9dNNbdbKzB4zO5FIKhkf303CdWArV_3vvuTxHeNdIObyT0oI-v0TmD9EIq2bs6JQ6o6wMsjHKPGcA=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7db7a83e9efe934ad73ed22b476fdb78d1a9ff1e3a98cb5c15284f9417735b7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12815
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:10 GMT

GET
H3 200 cuKkebNfY8xkR9JhfDjxMX2lMZood_OGfHgiLDm-Qw6ufcSBI8N1TsJ1nIpFKU0laR5BkkFdF25oGW7U3S9110c2gCX4bUpcVA=s0
lh3.googleusercontent.com/ 14 KB
14 KB 89ms
74ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/cuKkebNfY8xkR9JhfDjxMX2lMZood_OGfHgiLDm-Qw6ufcSBI8N1TsJ1nIpFKU0laR5BkkFdF25oGW7U3S9110c2gCX4bUpcVA=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7da5cd5386454360f748cc2136fd37c038da4220770ed104f9630c06a0eab806

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14532
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 HmvH24Z0-WwV3ob4gJ1QwZ9Kz_O6PUJcqeN12J5xzKkAWr9kAvAttf8_q0l62JPxCjZ2oWbQcb7hEHoz6GD6U9L6ZGqnM5lFrrEV=s0
lh3.googleusercontent.com/ 15 KB
15 KB 98ms
83ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/HmvH24Z0-WwV3ob4gJ1QwZ9Kz_O6PUJcqeN12J5xzKkAWr9kAvAttf8_q0l62JPxCjZ2oWbQcb7hEHoz6GD6U9L6ZGqnM5lFrrEV=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e7c90c5bca22ce8622ad805b5dee3e93e40736e0b1bb2bb119560e7d4b52cca0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15380
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 VSJzHH06KJPjPotwxbbFYgBD0J3flSpjFHO4CmUvs23QDnIR9fccjyXQNWjhoyMjMm1semHMedNh0GL4g_XJ6I3G3CVLX8-K3Q=w16
lh3.googleusercontent.com/ 317 B
342 B 108ms
93ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/VSJzHH06KJPjPotwxbbFYgBD0J3flSpjFHO4CmUvs23QDnIR9fccjyXQNWjhoyMjMm1semHMedNh0GL4g_XJ6I3G3CVLX8-K3Q=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

02de1a932816d80b54e2b8094e150f1ec64a3aedc5c2c4a97925aafb9c95c5a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 317
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 0F5eiyxS3e6mVh3ZchMaEXRUsCRF-cyJLYm-6hTVx-mQzCE-_4z4LOXOFITRozVqtZYAyTZnvWaXZV002bNM7ERsIukzDwcv-lc_=w16
lh3.googleusercontent.com/ 315 B
340 B 113ms
98ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/0F5eiyxS3e6mVh3ZchMaEXRUsCRF-cyJLYm-6hTVx-mQzCE-_4z4LOXOFITRozVqtZYAyTZnvWaXZV002bNM7ERsIukzDwcv-lc_=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a66f203307e28e536d6aab551e7fb8d70414da2a0374c98aed0b0725f413199e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 315
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 MHiMiacCZOh6waPrCxoucBn8JaCRGOMsLbhaWxokjRXMwViSvUba_Dv-YBF6r2Bx9eXxuXoUrdfY9Yt7tq_5tM_LXuOGkKqutIU=s0
lh3.googleusercontent.com/ 38 KB
38 KB 78ms
64ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/MHiMiacCZOh6waPrCxoucBn8JaCRGOMsLbhaWxokjRXMwViSvUba_Dv-YBF6r2Bx9eXxuXoUrdfY9Yt7tq_5tM_LXuOGkKqutIU=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7d7b2eec122d8945398dde8bcbe491986698b328f086f6c1c83873d89b18a18e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38610
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 918qhe_GvTqP9WClvj9cBIQmUbO4m4mpNklTF99oE78V9U53zU2ss4Qapt0WpurejiEwX1AIVxjLlq7Ldr4LBWYxYqWeSL0LfQ=w16
lh3.googleusercontent.com/ 433 B
458 B 102ms
87ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/918qhe_GvTqP9WClvj9cBIQmUbO4m4mpNklTF99oE78V9U53zU2ss4Qapt0WpurejiEwX1AIVxjLlq7Ldr4LBWYxYqWeSL0LfQ=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

af07850bc2d128062164504811197c21b60ed42f88b326dd858394951b14dd02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 433
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 22NTvWRBmHQ-rrYZTXCSBuYh0wJWpINQsg6FZF73Ic7NdGtO77WND8196-XnStqpE3gwoui9tnjpvLbIgmavXeSaCsr7zz_eAqc=w16
lh3.googleusercontent.com/ 548 B
573 B 120ms
105ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/22NTvWRBmHQ-rrYZTXCSBuYh0wJWpINQsg6FZF73Ic7NdGtO77WND8196-XnStqpE3gwoui9tnjpvLbIgmavXeSaCsr7zz_eAqc=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

acf88b2da54aa12fbf7c5e89be9a84524811896fe2a46005a30dfa1b32789fb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 548
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 LXcMpGGbRkP7Gbo2T-NSujMqgOADRJJC0hZSajcBT0XAFEPN4Qu_uBjbkYHuVBC615MhzNLNL_eXL3nVEkRR6jjTHcoBvtf7_Po=w16
lh3.googleusercontent.com/ 458 B
483 B 117ms
103ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/LXcMpGGbRkP7Gbo2T-NSujMqgOADRJJC0hZSajcBT0XAFEPN4Qu_uBjbkYHuVBC615MhzNLNL_eXL3nVEkRR6jjTHcoBvtf7_Po=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b6da3cdb7cff4fa6ba59c573533db05bdf868830aeea5fdb400135b7b23ed597

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 458
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 bMGQ4yp4ZMlmkdosw487snZM3KCxv4eojdYcxvGnSUOEnkv09_STtmP_oKlXRCm3k1aZYahhk5C0ckrut9QdR9jQBP-437glxP4=s0
lh3.googleusercontent.com/ 34 KB
34 KB 117ms
104ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/bMGQ4yp4ZMlmkdosw487snZM3KCxv4eojdYcxvGnSUOEnkv09_STtmP_oKlXRCm3k1aZYahhk5C0ckrut9QdR9jQBP-437glxP4=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

0f9fd81a08eecb2018384c281acd08fa6add7ffee002123129ff7a546b82fa31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34662
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 AhvFgClQkCuXUZblpf5VCGEyQoJaUrIXJYuEABnn2bUgA77AvEQO8YehIVzPTKK53_ubxUUXWRWBoyYvHkNPoqxfL9k5aGbHdD5o=w16
lh3.googleusercontent.com/ 575 B
600 B 114ms
101ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/AhvFgClQkCuXUZblpf5VCGEyQoJaUrIXJYuEABnn2bUgA77AvEQO8YehIVzPTKK53_ubxUUXWRWBoyYvHkNPoqxfL9k5aGbHdD5o=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

1dd8c38f74756eeebe8302aa2f207760abe5b57133e7958931e78e4b2870181f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 575
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 XPEQuQzbQqwQS1g8iJ7BDcRryBgOyO1kJlafR8M2BdY76ZOKSzPbH1kIuElouHQENT2eO3dCkl4yiuefg2k3MzqwCu-XtqLK1OV0=w16
lh3.googleusercontent.com/ 575 B
600 B 94ms
81ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/XPEQuQzbQqwQS1g8iJ7BDcRryBgOyO1kJlafR8M2BdY76ZOKSzPbH1kIuElouHQENT2eO3dCkl4yiuefg2k3MzqwCu-XtqLK1OV0=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f80c4e842cf1cddf979cbf4cf904269dfd5e41ddcf1ef1da83a1bb848f835ec0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 575
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 TDAiEjekjRmzFHSJAEOsbixEV06UxsgGa8nX_VTyVsy5mJKw6XDJQL-sBoal2IWgklizL-p512b1zoqMcqPkmjHuqE5k_W7vClg=w16
lh3.googleusercontent.com/ 577 B
602 B 95ms
82ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/TDAiEjekjRmzFHSJAEOsbixEV06UxsgGa8nX_VTyVsy5mJKw6XDJQL-sBoal2IWgklizL-p512b1zoqMcqPkmjHuqE5k_W7vClg=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

31d9d4d853d7426533bea329d61e28677b7ffa078ae280290de50ad646ae6eba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 577
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 n-Y60a-YX5ixqNjX9ajXgF2dohGeyznFcDHi2JnB8ap2AlMLe89K25uZuCxpOVeVO-Mbb7aEEqYVCm5X6s60orNmTCHz9uE-TQ=w16
lh3.googleusercontent.com/ 660 B
685 B 93ms
80ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/n-Y60a-YX5ixqNjX9ajXgF2dohGeyznFcDHi2JnB8ap2AlMLe89K25uZuCxpOVeVO-Mbb7aEEqYVCm5X6s60orNmTCHz9uE-TQ=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

11a5066ce5aa1d4619f5582cffdcd559c9a1aae9de9b010984ec89d2d8b4762f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 660
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 HbycKGCVE6V83_ROXDUrfrlNF_wihoki9xGfd3Tne1Jwmq3QUxdFr6_cY3_Bh_97oIS1QSCMqT5SicZ1tmYhtZNK6deftMurtNCX=s0
lh3.googleusercontent.com/ 39 KB
39 KB 111ms
98ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/HbycKGCVE6V83_ROXDUrfrlNF_wihoki9xGfd3Tne1Jwmq3QUxdFr6_cY3_Bh_97oIS1QSCMqT5SicZ1tmYhtZNK6deftMurtNCX=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

5190abfe9f241dd6c5afbd313cecfe3bc1c2d3e5e0a6815c28c4b9942de6237e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40152
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 WpN8rlz3bVY_9beLlQDRHfhaYkZzP3wrfZJwoqzlND28c084Mx-v47YhQsEMxByA4FWkGB5r_h9MkVC88-h3soPEoVH1gj8AzRrK=w16
lh3.googleusercontent.com/ 4 KB
4 KB 91ms
79ms Image
image/jpeg 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/WpN8rlz3bVY_9beLlQDRHfhaYkZzP3wrfZJwoqzlND28c084Mx-v47YhQsEMxByA4FWkGB5r_h9MkVC88-h3soPEoVH1gj8AzRrK=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3a66772ffd6f1b6ba78ee300686bde088a30fa600165787a115262e1795553db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3774
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 zL0fUx2qiWCK833qDbtDyNS-4_VE82Z3vL0McM-i3xon5qenITbnq9CWPbOJMMvk42p3oyJ3mfa0rN3W-ghl5owH9XTALSGSHQ=s0
lh3.googleusercontent.com/ 43 KB
43 KB 105ms
93ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/zL0fUx2qiWCK833qDbtDyNS-4_VE82Z3vL0McM-i3xon5qenITbnq9CWPbOJMMvk42p3oyJ3mfa0rN3W-ghl5owH9XTALSGSHQ=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7ac8c0c398a8c50881f8df96030a9ed8442b654cb9d2e1a1877aebedd02023af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44083
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 yDg9XcrVlwn2g3OGWAN94ZbA0PW6hifx_0jaOf-XfciTso5dWRcuAx5HmroKvOx172KAIkaKePyppVOJRtORot_b2Ts4Dnl5bhmy=w16
lh3.googleusercontent.com/ 279 B
304 B 111ms
99ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/yDg9XcrVlwn2g3OGWAN94ZbA0PW6hifx_0jaOf-XfciTso5dWRcuAx5HmroKvOx172KAIkaKePyppVOJRtORot_b2Ts4Dnl5bhmy=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a39f6b6d8f73c27f9da666c425f6ba369004dc25e3cc8adef547612635e5e244

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 279
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 zFWAG1kxVcpHmOqQ5l6DZF2Lkdjfbl9P8f27igRvwiN5qxFWETIpL7A5__KGyc9IS1mtaEH049SbNHqoAGLMkdnHaip1YreWaQw=s0
lh3.googleusercontent.com/ 48 KB
48 KB 98ms
87ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/zFWAG1kxVcpHmOqQ5l6DZF2Lkdjfbl9P8f27igRvwiN5qxFWETIpL7A5__KGyc9IS1mtaEH049SbNHqoAGLMkdnHaip1YreWaQw=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7175f0fd288f011560ca785808341d055393c4d63055afa2d37627a8e76be19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48730
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 9koIo2pE2cX13hnh0Yl3g4aZqsRD6jqCxEqzzLNnS7QXXN4k0roYVsyLXTfaMaYubmF-ju_kuHTcA8S56ARkE3bhZ3B37AYhdxLW=w16
lh3.googleusercontent.com/ 291 B
316 B 92ms
80ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/9koIo2pE2cX13hnh0Yl3g4aZqsRD6jqCxEqzzLNnS7QXXN4k0roYVsyLXTfaMaYubmF-ju_kuHTcA8S56ARkE3bhZ3B37AYhdxLW=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

aba0f08dc1fa858dbd70d733fac29f07cd07816732bf498c9dda14d5d79dc93f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 291
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 7xyHhGbThSsKRvEtDDjjMRdkL9w3QSI5M3LFelMyqlZ0vlDwjG99RygiAhvwECfoTeQ7CnH9A9aKO4h2sMw9ZefbfYsx4htWdZM=w16
lh3.googleusercontent.com/ 272 B
297 B 108ms
97ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/7xyHhGbThSsKRvEtDDjjMRdkL9w3QSI5M3LFelMyqlZ0vlDwjG99RygiAhvwECfoTeQ7CnH9A9aKO4h2sMw9ZefbfYsx4htWdZM=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

214df72d9a3910941fda905199bc8069c6b298ce2b577c71c149773e9c64030f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 272
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 Y2qrJs3P1rwO6ZHL8EqhMx2C-zxwM3PlWdeJsqNzh4qhbfm9D5T28EMGlzGvyKLPv0W2LJydeaIR5mQNHDmLrezhlpm2150zGgto=w16
lh3.googleusercontent.com/ 286 B
311 B 101ms
92ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/Y2qrJs3P1rwO6ZHL8EqhMx2C-zxwM3PlWdeJsqNzh4qhbfm9D5T28EMGlzGvyKLPv0W2LJydeaIR5mQNHDmLrezhlpm2150zGgto=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

31b790b6aa4636b48813be238cfbd46163c06298333db50e03373fcd5d41e6ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 286
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 hKW7gTJR8ElpmAAkh7pmORjcOTmh384JZ6CW6zy6rFf2qyOmQX9tgey0wnIQH_-Sg3lKFojq4mJjI-sDSxM6rNJWJ9G4kLG5XQU=s0
lh3.googleusercontent.com/ 22 KB
22 KB 109ms
100ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/hKW7gTJR8ElpmAAkh7pmORjcOTmh384JZ6CW6zy6rFf2qyOmQX9tgey0wnIQH_-Sg3lKFojq4mJjI-sDSxM6rNJWJ9G4kLG5XQU=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

dff5c7a61358f77654f6f3c48ba16e33a4315bb57389075f380c408b250c73b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22076
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 6hpTXJbffjd5Fpw1Zjpa_ozkpY5TZBlKBIWoYhvlRPv8Om3nmEVYyur51wDgrX4pscVdQveDcHwnVXyxxYOGcMKCbL2Jv2-d=w16
lh3.googleusercontent.com/ 429 B
454 B 101ms
92ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/6hpTXJbffjd5Fpw1Zjpa_ozkpY5TZBlKBIWoYhvlRPv8Om3nmEVYyur51wDgrX4pscVdQveDcHwnVXyxxYOGcMKCbL2Jv2-d=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

1a0f2a08a2b4d9bb784e01f060be8ea8876609a18317ef83bc13899afd23d271

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 429
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 mWtM1znzWII_fSBzcwGx0qEmOb9lNDG24L1UIo3FlYAahkYfVpYtXH3z_eeT8jxWN0BPd6whHw4VfCgGaVcOX7YDhH7C-7tSTDU=w16
lh3.googleusercontent.com/ 691 B
716 B 110ms
101ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/mWtM1znzWII_fSBzcwGx0qEmOb9lNDG24L1UIo3FlYAahkYfVpYtXH3z_eeT8jxWN0BPd6whHw4VfCgGaVcOX7YDhH7C-7tSTDU=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f10ec21a492c33b4c6c6a6dac52a189d96560ce7b76595be7ab1f2890c2b41a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 691
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 sy7aFFVL8PFj10zRJ60Mk-d_V3jJe2MOJWlPv00Jy5xjjZECnkv9lRKBpaXlwMHN156vrvDyxR779isUa51aMgZrV0IuZUeg=w16
lh3.googleusercontent.com/ 284 B
309 B 108ms
100ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/sy7aFFVL8PFj10zRJ60Mk-d_V3jJe2MOJWlPv00Jy5xjjZECnkv9lRKBpaXlwMHN156vrvDyxR779isUa51aMgZrV0IuZUeg=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

cab0187e0daa40dcafa6ad301c50f0a2d35dd20299575b1e07ce89e00e585dbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 284
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H2 200 embed.js Show response
embed.lpcontent.net/leadboxes/current/ 42 KB
15 KB 82ms
21ms Script
application/javascript 34.107.203.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://embed.lpcontent.net/leadboxes/current/embed.js
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=da58832ef53445dcb0826992bdc6599a&utm_source=94&utm_campaign=29&utm_medium=&id=&iocid=&aff=94&creative_id=29&oid=110&message_id=&link_id=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.203.240 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.203.107.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 5590f038f87169772f0bb512d942481838ac73230926fb92c4ff8db9a19b2296

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:37:48 GMT
content-encoding: gzip
via: 1.1 google
server: Google Frontend
age: 143
etag: "-Aynvg"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-cloud-trace-context: cb4b40174a767ee7f0396674277ead97
cache-control: public, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14811
expires: Wed, 08 Nov 2023 08:42:48 GMT

GET
H3 200 QLt0EKD447EIlqoqDQJLlZpsslns1ROpdOJAIkMbponWSEhusQeZJrfrubkLV9HRfu0hPKsWyoDANrnzZPwy_m7M595zJWObbObA=w744
lh3.googleusercontent.com/ 33 KB
34 KB 71ms
71ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/QLt0EKD447EIlqoqDQJLlZpsslns1ROpdOJAIkMbponWSEhusQeZJrfrubkLV9HRfu0hPKsWyoDANrnzZPwy_m7M595zJWObbObA=w744

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

070f29ff60fae8b34203e5f7d5f7e0dc56dac780d8b3d1ba56760a768bbf48da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34273
x-xss-protection: 0
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 wRCLDsfkIMmtWIP3l7eNMfWQFoU1CVBaoN4qNhQvjLxv1AYeZIad-WiKxstWIvoz7CNPRVxP-I4oXMl9nl-lrDpZi2pjH_XxYPnJ=w600
lh3.googleusercontent.com/ 217 KB
217 KB 72ms
71ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/wRCLDsfkIMmtWIP3l7eNMfWQFoU1CVBaoN4qNhQvjLxv1AYeZIad-WiKxstWIvoz7CNPRVxP-I4oXMl9nl-lrDpZi2pjH_XxYPnJ=w600

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7caa39736388b58116f1d7318edb260aec86c94473cd8ad2ddcbb75c7e2b0f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 222462
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 08:40:11 GMT

GET
H3 200 tag-3bb657ae7ca1ad93e945962c1d2f5393.js Show response
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/ 181 KB
50 KB 46ms
22ms Script
text/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-3bb657ae7ca1ad93e945962c1d2f5393.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=601261&u=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-ufo-weapon%2F%3F_ef_transaction_id%3Dda58832ef53445dcb0826992bdc6599a%26utm_source%3D94%26utm_campaign%3D29%26utm_medium%3D%26id%3D%26iocid%3D%26aff%3D94%26creative_id%3D29%26oid%3D110%26message_id%3D%26link_id%3D&f=1&vn=1.5
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 5fbf1a4443a669b8578dc58529b1f02e03bf58c5aa395874ced94a53952a3745

Request headers

Referer: https://go.behindthemarkets.com/
Origin: https://go.behindthemarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
content-encoding: br
via: 1.1 google
last-modified: Tue, 07 Nov 2023 08:53:33 GMT
server: gfra1
etag: "6549fb0d-c986"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51590

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
151 B 108ms
108ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=601261&d=go.behindthemarkets.com&u=D7B41BA3681D459D60C9C7E3ED3FB34F7&h=8e05450cde8a9c3d88d8454e61c836ec&t=false

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv2c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv2c
content-type: image/gif
cache-control: public, max-age=43200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35

GET
H2 200 identify.html Show response
js.center.io/ Frame BEF6 4 KB
2 KB 32ms
27ms Document
text/html 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.center.io/identify.html
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 0efa1e4687032588dae8d6d3a00a92e504a3a14b9d1bb23c19670a47c9792110

Request headers

Referer: https://go.behindthemarkets.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 124
cache-control: public, max-age=300
content-encoding: gzip
content-length: 2016
content-type: text/html
date: Wed, 08 Nov 2023 08:38:07 GMT
etag: "OMWYXg"
expires: Wed, 08 Nov 2023 08:43:07 GMT
server: Google Frontend
x-cloud-trace-context: 04210c2e78d9e6bda0b69829332f537d

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 280 KB
90 KB 44ms
43ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a32b05beb3cc8b800bcba47a402f893ef2a14ca7c7e34b068d7525cc61b8670f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92305
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 08 Nov 2023 08:40:11 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 70ms
20ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 08 Nov 2023 07:49:42 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 3029
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 08 Nov 2023 09:49:42 GMT

GET
H2 200 ld.js Show response
dynamic.criteo.com/js/ld/ 46 KB
20 KB 81ms
26ms Script
application/javascript 2a02:2638:3::e
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://dynamic.criteo.com/js/ld/ld.js?a=93258

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::e , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e1593f989bc71975b054e1f520b562551eb15397a4ade1656b988a59e020dd0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
content-encoding: br
strict-transport-security: max-age=31536000; preload;
server: Kestrel
vary: Origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public,max-age=10800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

GET
H2 200 ld.js Show response
dynamic.criteo.com/js/ld/ 46 KB
20 KB 102ms
48ms Script
application/javascript 2a02:2638:3::e
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://dynamic.criteo.com/js/ld/ld.js?a=108898

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::e , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

007a4f37862f0939b008ddc457ce5f3ec02e6fe5cb2fb1f0f5fddc4e03170695

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
content-encoding: br
strict-transport-security: max-age=31536000; preload;
server: Kestrel
vary: Origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public,max-age=10800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

GET
H2 200 ld.js Show response
dynamic.criteo.com/js/ld/ 46 KB
20 KB 104ms
51ms Script
application/javascript 2a02:2638:3::e
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://dynamic.criteo.com/js/ld/ld.js?a=108895

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::e , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

fbd1f6154a86a6b879f908847dcabb938d6716b66df5e0a1c0aefe8f5e58cd02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
content-encoding: br
strict-transport-security: max-age=31536000; preload;
server: Kestrel
vary: Origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public,max-age=10800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

GET
H2 200 ld.js Show response
dynamic.criteo.com/js/ld/ 46 KB
20 KB 112ms
60ms Script
application/javascript 2a02:2638:3::e
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://dynamic.criteo.com/js/ld/ld.js?a=108896

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::e , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

df9dde0f6cd65bdb8fbfd852cc1a2b6a17a1600fdb29eec3ebd6d04368dd03c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
content-encoding: br
strict-transport-security: max-age=31536000; preload;
server: Kestrel
vary: Origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public,max-age=10800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

GET
H2 200 ld.js Show response
dynamic.criteo.com/js/ld/ 46 KB
20 KB 124ms
73ms Script
application/javascript 2a02:2638:3::e
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://dynamic.criteo.com/js/ld/ld.js?a=108897

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::e , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

530a8eecb4ed2f70062659424d6ae1b929319154d02c665e07686ce7348f2639

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:10 GMT
content-encoding: br
strict-transport-security: max-age=31536000; preload;
server: Kestrel
vary: Origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public,max-age=10800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/events/ 35 B
685 B 451ms
138ms XHR
image/gif 35.192.151.63
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/events/capture?k=view&a=leadpage&l=Gy3xzrFUCQo2QEFioeBcaF&v=&e=&st=&lc=en-US&pid=bb4wMKcXKB896PwqF4vMVT-default-prop&uid=qxt2Q3t8bxXcH7GvHwR68P&sid=3wW7jxjarP2qwoUVytJ8ao&cid=lp-Gy3xzrFUCQo2QEFioeBcaF&uri=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-ufo-weapon%2F%3F_ef_transaction_id%3Dda58832ef53445dcb0826992bdc6599a%26utm_source%3D94%26utm_campaign%3D29%26utm_medium%3D%26id%3D%26iocid%3D%26aff%3D94%26creative_id%3D29%26oid%3D110%26message_id%3D%26link_id%3D&rf=&rx=1600&ry=1200&tz=%2B01%3A00
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Wed, 08 Nov 2023 08:40:11 GMT
Server: Stargate
Transfer-Encoding: chunked
access-control-max-age: 600
Content-Type: image/gif
access-control-allow-origin: https://go.behindthemarkets.com
X-Forwarded-For: 217.114.218.29
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
Connection: keep-alive
x-request-id: 04ggh0qsc6mcbtj2d5q0

GET
H2 200 / Show response
btm-btm-btm.lpages.co/serve-leadbox/VztjYisSWCcTkzp7kDtdHL/ Frame BA2A 92 KB
19 KB 570ms
259ms Document
text/html 35.202.21.90
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://btm-btm-btm.lpages.co/serve-leadbox/VztjYisSWCcTkzp7kDtdHL/?_ef_transaction_id=da58832ef53445dcb0826992bdc6599a&aff=94&creative_id=29&id=&iocid=&link_id=&message_id=&oid=110&utm_campaign=29&utm_medium=&utm_source=94

Requested by

Host: embed.lpcontent.net
URL: https://embed.lpcontent.net/leadboxes/current/embed.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.202.21.90 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

90.21.202.35.bc.googleusercontent.com

Software

Leadpages /

Resource Hash

b43c59121bb7253a01d9d388cf9ad9cfd7b9201e8e50bbdecba0442233e73478

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://go.behindthemarkets.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-encoding: br
content-type: text/html
date: Wed, 08 Nov 2023 08:40:11 GMT
etag: W/"788292aadfc74229d977685ff440f6f8"
last-modified: Fri, 27 Oct 2023 15:06:52 GMT
server: Leadpages
strict-transport-security: max-age=15768000
vary: Accept-Encoding
x-cache: MISS, HIT

GET
H3 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 25 KB
3 KB 28ms
28ms Script
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=601261&settings_type=1&vn=7.0
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-3bb657ae7ca1ad93e945962c1d2f5393.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: b7ca37cbe6142c0d28468f82713bd163c1e45f1cd06edfd9ce8d5d02cdd6dfb2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
content-encoding: gzip
via: 1.1 google
server: gfra1
etag: W/"1699383916"
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 204 collect
region1.analytics.google.com/g/ 0
259 B 76ms
28ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-8R6YNFMJ23&gtm=45je3b60v874108444z8812088355&_p=1699432810907&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1742639445.1699432811&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1699432811&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-ufo-weapon%2F%3F_ef_transaction_id%3Dda58832ef53445dcb0826992bdc6599a%26utm_source%3D94%26utm_campaign%3D29%26utm_medium%3D%26id%3D%26iocid%3D%26aff%3D94%26creative_id%3D29%26oid%3D110%26message_id%3D%26link_id%3D&dt=BTM%20UFO%20Weapon&en=page_view&_fv=1&_nsi=1&_ss=1&epn.variant_id=0&tfd=1801
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 08:40:11 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
259 B 79ms
26ms Ping
text/plain 2a00:1450:400c:c04::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-8R6YNFMJ23&cid=1742639445.1699432811&gtm=45je3b60v874108444z8812088355&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c04::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 08:40:11 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 81ms
33ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8R6YNFMJ23&cid=1742639445.1699432811&gtm=45je3b60v874108444z8812088355&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=821827108

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
214 B 30ms
27ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1293629462&t=pageview&_s=1&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-ufo-weapon%2F%3F_ef_transaction_id%3Dda58832ef53445dcb0826992bdc6599a%26utm_source%3D94%26utm_campaign%3D29%26utm_medium%3D%26id%3D%26iocid%3D%26aff%3D94%26creative_id%3D29%26oid%3D110%26message_id%3D%26link_id%3D&ul=en-us&de=UTF-8&dt=BTM%20UFO%20Weapon&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=1598912968&gjid=99192367&cid=1742639445.1699432811&tid=UA-102395123-1&_gid=1920344171.1699432811&_r=1&_slc=1&gtm=45He3b60n81WNRH3TXv812088355&cd1=94&cd3=false&cd4=false&cd5=false&cd6=false&cd7=false&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=918786610

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.behindthemarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 82D3 15 KB
6 KB 80ms
26ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=go.behindthemarkets.com&origin=onetag

Requested by

Host: dynamic.criteo.com
URL: https://dynamic.criteo.com/js/ld/ld.js?a=93258

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://go.behindthemarkets.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 08 Nov 2023 08:40:10 GMT
server: Kestrel
server-processing-duration-in-ticks: 302798
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 28ms
27ms XHR
text/plain 2a00:1450:400c:c04::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-102395123-1&cid=1742639445.1699432811&jid=1598912968&gjid=99192367&_gid=1920344171.1699432811&_u=YADAAEAAAAAAACAAI~&z=490491535

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.behindthemarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 87ms
30ms Image
image/gif 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-102395123-1&cid=1742639445.1699432811&jid=1598912968&_u=YADAAEAAAAAAACAAI~&z=1366549651

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 31ms
30ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-102395123-1&cid=1742639445.1699432811&jid=1598912968&_u=YADAAEAAAAAAACAAI~&z=1366549651

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 08:40:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 82D3
Redirect Chain

https://gum.criteo.com/sid/json?origin=onetag&domain=behindthemarkets.com&sn=ChromeSyncframe&so=0&topUrl=go.behindthemarkets.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=tGD1e3xIdU5lNE1uZjBWaThXTFRRcnY3MGE1MDkzbzJWSThzcERYUURyZXpKSXJ4SzE1RUFXZ1p5Z2l4Z0I2dEVxbUlTSVB0b1dRb29XZ2dSNkpJK0ptbE4rc0xDb3ZJSHZjb3U5TzUyRXg0TjVaY01sMXlCVGkxSFhwTH...

451 B
665 B

27ms
26ms

Fetch
application/json

2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=tGD1e3xIdU5lNE1uZjBWaThXTFRRcnY3MGE1MDkzbzJWSThzcERYUURyZXpKSXJ4SzE1RUFXZ1p5Z2l4Z0I2dEVxbUlTSVB0b1dRb29XZ2dSNkpJK0ptbE4rc0xDb3ZJSHZjb3U5TzUyRXg0TjVaY01sMXlCVGkxSFhwTHpjZFNBQ2trc3doczFvaUphcHRxWmIreDYxcUM3UDNpa1JERkpVSVRpek1BODhQbnMxUElGQk1pOWY3cjlvT3l0bUZsbkNUQk0yVDFvbDVwU25hTlh5bERlOHZwZFRHWVZBbHpSQUxLOUVPd0o3bnpRZ01CWWhRT1hkazZmdTcxNkM3akpCLzVRUVFCdGVoQi9jclZuajVJZVU4c3hiTllhZWpqZjBMY3pwMHRITzJ5NFJzWT18&cppv=2

Requested by

Protocol

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ea5ed390a792c387320554cdfca3b7a5e3b72149f1ec09bc305e3894b5718cd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Nov 2023 08:40:11 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1071562
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 08 Nov 2023 08:40:10 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=tGD1e3xIdU5lNE1uZjBWaThXTFRRcnY3MGE1MDkzbzJWSThzcERYUURyZXpKSXJ4SzE1RUFXZ1p5Z2l4Z0I2dEVxbUlTSVB0b1dRb29XZ2dSNkpJK0ptbE4rc0xDb3ZJSHZjb3U5TzUyRXg0TjVaY01sMXlCVGkxSFhwTHpjZFNBQ2trc3doczFvaUphcHRxWmIreDYxcUM3UDNpa1JERkpVSVRpek1BODhQbnMxUElGQk1pOWY3cjlvT3l0bUZsbkNUQk0yVDFvbDVwU25hTlh5bERlOHZwZFRHWVZBbHpSQUxLOUVPd0o3bnpRZ01CWWhRT1hkazZmdTcxNkM3akpCLzVRUVFCdGVoQi9jclZuajVJZVU4c3hiTllhZWpqZjBMY3pwMHRITzJ5NFJzWT18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 266811
content-length: 0
expires: 0

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/observations/ 35 B
447 B 393ms
132ms XHR
image/gif 35.192.151.63
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=fqBQ9EnspaP7WHREyCMTN6&kind=timer,counter,text&label=lb_embed_embed_script_load,lb_embed_exit-intent_tigger_queue,lb_embed_leadbox_embedded&value=93.30000305175781,1,VztjYisSWCcTkzp7kDtdHL
Requested by: Host: embed.lpcontent.net
URL: https://embed.lpcontent.net/leadboxes/current/embed.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Wed, 08 Nov 2023 08:40:12 GMT
Server: Stargate
Transfer-Encoding: chunked
access-control-max-age: 600
Content-Type: image/gif
access-control-allow-origin: https://go.behindthemarkets.com
X-Forwarded-For: 217.114.218.29
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
Connection: keep-alive
x-request-id: 04ggh0ucqt9ntufi47gg

GET
H2 200 all.min.css
static.leadpages.net/fonts/font-awesome/5.14.0/css/ Frame BA2A 58 KB
14 KB 23ms
20ms Stylesheet
text/css 34.107.203.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css
Requested by: Host: btm-btm-btm.lpages.co
URL: https://btm-btm-btm.lpages.co/serve-leadbox/VztjYisSWCcTkzp7kDtdHL/?_ef_transaction_id=da58832ef53445dcb0826992bdc6599a&aff=94&creative_id=29&id=&iocid=&link_id=&message_id=&oid=110&utm_campaign=29&utm_medium=&utm_source=94
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.203.240 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.203.107.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 28 Oct 2023 14:27:32 GMT
content-encoding: gzip
via: 1.1 google
server: Google Frontend
age: 929559
etag: "-Aynvg"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-cloud-trace-context: d322f475444c40a171443032a2ed451d
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14628
expires: Sun, 27 Oct 2024 14:27:32 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame BA2A 11 KB
884 B 34ms
31ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,500,700

Requested by

Host: btm-btm-btm.lpages.co
URL: https://btm-btm-btm.lpages.co/serve-leadbox/VztjYisSWCcTkzp7kDtdHL/?_ef_transaction_id=da58832ef53445dcb0826992bdc6599a&aff=94&creative_id=29&id=&iocid=&link_id=&message_id=&oid=110&utm_campaign=29&utm_medium=&utm_source=94

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d99bb0bec8f0da24a623a96c8ec3af26b8168f70ff637e3bdbca0da2b20f096b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://btm-btm-btm.lpages.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 08 Nov 2023 08:40:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 08 Nov 2023 07:54:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 08 Nov 2023 08:40:11 GMT

GET
H2

200

spectre.min.css
unpkg.com/spectre.css@0.5.9/dist/ Frame BA2A
Redirect Chain

https://unpkg.com/spectre.css/dist/spectre.min.css
https://unpkg.com/spectre.css@0.5.9/dist/spectre.min.css

46 KB
10 KB

64ms
64ms

Stylesheet
text/css

2606:4700::6810:7daf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/spectre.css@0.5.9/dist/spectre.min.css

Requested by

Protocol

Server

2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

beb6e5817e7f1f16be8426abc571e4882ee5bfdbf3d24de63623ca5018d8f7aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://btm-btm-btm.lpages.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 26407930
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01FRR5RJ0QJRFQSW9JXJP05EMQ
server: cloudflare
etag: W/"b640-gQ07fCV82R4u/3QXaqBjXwq8x+8"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 822c82822c2c5c1a-FRA

Redirect headers

date: Wed, 08 Nov 2023 08:40:11 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
fly-request-id: 01HEQ1D3PB3NPWZKG2XXZB0HQN-fra
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 16
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /spectre.css@0.5.9/dist/spectre.min.css
cache-control: public, s-maxage=600, max-age=60
cf-ray: 822c8281eb915c1a-FRA

GET
H2

200

spectre-exp.min.css
unpkg.com/spectre.css@0.5.9/dist/ Frame BA2A
Redirect Chain

https://unpkg.com/spectre.css/dist/spectre-exp.min.css
https://unpkg.com/spectre.css@0.5.9/dist/spectre-exp.min.css

23 KB
4 KB

63ms
63ms

Stylesheet
text/css

2606:4700::6810:7daf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/spectre.css@0.5.9/dist/spectre-exp.min.css

Requested by

Protocol

Server

2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c53fc919da515cc21b389888f6d7a95f69303b518a7f735c11534473f4e2eec7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://btm-btm-btm.lpages.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 21853586
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01FWZWKJ9NJKC0VN5WTN7NETYY-fra
server: cloudflare
etag: W/"5c9f-xu4/dhgg88SClaf2EtNgCRsbXuA"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 822c82822c2e5c1a-FRA

Redirect headers

date: Wed, 08 Nov 2023 08:40:11 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
fly-request-id: 01HEQ0YYM2W3GH62RE75YKRNST-fra
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 479
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /spectre.css@0.5.9/dist/spectre-exp.min.css
cache-control: public, s-maxage=600, max-age=60
cf-ray: 822c8281eb965c1a-FRA

GET
H2

200

spectre-icons.min.css
unpkg.com/spectre.css@0.5.9/dist/ Frame BA2A
Redirect Chain

https://unpkg.com/spectre.css/dist/spectre-icons.min.css
https://unpkg.com/spectre.css@0.5.9/dist/spectre-icons.min.css

9 KB
2 KB

63ms
62ms

Stylesheet
text/css

2606:4700::6810:7daf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/spectre.css@0.5.9/dist/spectre-icons.min.css

Requested by

Protocol

Server

2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b9dbc4e3ab31dc403745b54ac6ca7f853ecd69084036b8be7de5a1890ccec49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://btm-btm-btm.lpages.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 4853346
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01FFEH2CK8ZTV28JEQHNJ2PZ5E
server: cloudflare
etag: W/"2296-zDQAAP+l3l3eglqbK/5ezmaPOAg"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 822c82822c2d5c1a-FRA

Redirect headers

date: Wed, 08 Nov 2023 08:40:11 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
fly-request-id: 01HEQ0YYM2DXKVNMCBM53NDS0W-fra
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 479
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /spectre.css@0.5.9/dist/spectre-icons.min.css
cache-control: public, s-maxage=600, max-age=60
cf-ray: 822c8281eb945c1a-FRA

GET
H2 200 validator.min.js Show response
cdnjs.cloudflare.com/ajax/libs/validator/10.8.0/ Frame BA2A 31 KB
11 KB 162ms
102ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/validator/10.8.0/validator.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e2c27b9ba576b52452df883ee0d1e4c2bcf284dd948611e484c1797a5b2ed0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://btm-btm-btm.lpages.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:11 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 10199
last-modified: Mon, 04 May 2020 16:17:27 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04017-7d11"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vC9MrDq6fMW%2BcrdqAntMstHRXqinZyLO%2BR%2FF%2B081ZtA5iv0VjVoa2u29STJjCr950phXQBNUAqyTLFeSq9Ip5%2FgYi1BYcCCuSwBSMo3gyNN4ZwJQcs0E7Zcc4AF63O83PI%2FS%2Fjunq4s%2FqnD%2B%2BzR4a6Wy"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 822c8281ff922baa-FRA
expires: Mon, 28 Oct 2024 08:40:11 GMT

GET
H2 200 3329.js Show response
script.crazyegg.com/pages/scripts/0075/ Frame BA2A 6 KB
2 KB 543ms
476ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0075/3329.js
Requested by: Host: btm-btm-btm.lpages.co
URL: https://btm-btm-btm.lpages.co/serve-leadbox/VztjYisSWCcTkzp7kDtdHL/?_ef_transaction_id=da58832ef53445dcb0826992bdc6599a&aff=94&creative_id=29&id=&iocid=&link_id=&message_id=&oid=110&utm_campaign=29&utm_medium=&utm_source=94
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2046e739bac868c0861b4fcb3e3842f2ec5a583b2770a8cee0847eba73821ad1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://btm-btm-btm.lpages.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:12 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Wed, 08 Nov 2023 08:40:12 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
ce-version: 11.5.145
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 822c8282ff7d1e6e-FRA
content-length: 2187

GET
H3 200 VLgIlRWwyuqrKOm736AjXTjkROiss352Mgs5-M-Ui16nTG9YsmHhynwbjI8-yA2ZV0iHc0AuC-swQE2K7juRgCDf5-ERBRM-rU8E=w16
lh3.googleusercontent.com/ Frame BA2A 305 B
330 B 20ms
20ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/VLgIlRWwyuqrKOm736AjXTjkROiss352Mgs5-M-Ui16nTG9YsmHhynwbjI8-yA2ZV0iHc0AuC-swQE2K7juRgCDf5-ERBRM-rU8E=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d56ad0781875c34060e15e238f8f8cb621c132675a63e3b90ffe23a2918e4639

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://btm-btm-btm.lpages.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 07:16:02 GMT
x-content-type-options: nosniff
age: 5049
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 305
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 09 Nov 2023 07:16:02 GMT

GET
H2 200 center.js Show response
js.center.io/ Frame BA2A 12 KB
5 KB 29ms
29ms Script
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.center.io/center.js
Requested by: Host: btm-btm-btm.lpages.co
URL: https://btm-btm-btm.lpages.co/serve-leadbox/VztjYisSWCcTkzp7kDtdHL/?_ef_transaction_id=da58832ef53445dcb0826992bdc6599a&aff=94&creative_id=29&id=&iocid=&link_id=&message_id=&oid=110&utm_campaign=29&utm_medium=&utm_source=94
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://btm-btm-btm.lpages.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:36:50 GMT
content-encoding: gzip
server: Google Frontend
age: 201
etag: "OMWYXg"
content-type: application/javascript
x-cloud-trace-context: bf2097e4a6b6af28ea46d2da97a2e7cf
cache-control: public, max-age=300
content-length: 5417
expires: Wed, 08 Nov 2023 08:41:50 GMT

GET
H2 200 identify.html Show response
js.center.io/ Frame 4957 4 KB
2 KB 30ms
29ms Document
text/html 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.center.io/identify.html
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 0efa1e4687032588dae8d6d3a00a92e504a3a14b9d1bb23c19670a47c9792110

Request headers

Referer: https://btm-btm-btm.lpages.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 241
cache-control: public, max-age=300
content-encoding: gzip
content-length: 2016
content-type: text/html
date: Wed, 08 Nov 2023 08:36:11 GMT
etag: "OMWYXg"
expires: Wed, 08 Nov 2023 08:41:11 GMT
server: Google Frontend
x-cloud-trace-context: 39ef3803ea7f2130cb749e4e18846553

GET
H2 200 btm-btm-btm.lpages.co.json Show response
script.crazyegg.com/pages/data-scripts/0075/3329/site/ Frame BA2A 961 B
713 B 83ms
35ms XHR
application/json 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0075/3329/site/btm-btm-btm.lpages.co.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0075/3329.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 62ddc86ea5f5cb1b3da49fd95590a3f9e5109ad05c70f2bd88525c228e276022

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://btm-btm-btm.lpages.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:40:12 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 43826
ce-version: 11.5.145
content-length: 441
last-modified: Tue, 07 Nov 2023 20:29:46 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 822c82863bb2693f-FRA

GET
H/1.1 200
OK capture
api.leadpages.io/analytics/v1/observations/ 35 B
356 B 137ms
137ms Image
image/gif 35.192.151.63
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?version=1.7.13&origin=page-speed&kind=timer,timer,timer,timer,timer,timer,timer,timer,timer,timer&label=domain-lookup,connect,request,ttfb,response,loading,interactive,content-loaded,complete,load&value=0,262,253,585,143,588,763,764,2249,2249
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Wed, 08 Nov 2023 08:40:12 GMT
Server: Stargate
Transfer-Encoding: chunked
X-Forwarded-For: 217.114.218.29
Content-Type: image/gif
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
Connection: keep-alive
x-request-id: 04ggh12djh2smb67pr00

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/observations/ 35 B
447 B 136ms
136ms XHR
image/gif 35.192.151.63
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=fqBQ9EnspaP7WHREyCMTN6&kind=timer&label=lb_embed_leadbox_load&value=1275.7000045776367
Requested by: Host: embed.lpcontent.net
URL: https://embed.lpcontent.net/leadboxes/current/embed.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Wed, 08 Nov 2023 08:40:13 GMT
Server: Stargate
Transfer-Encoding: chunked
access-control-max-age: 600
Content-Type: image/gif
access-control-allow-origin: https://go.behindthemarkets.com
X-Forwarded-For: 217.114.218.29
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
Connection: keep-alive
x-request-id: 04ggh16ao7d92trm0l20

Verdicts & Comments Add Verdict or Comment

77 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.api.leadpages.io/analytics/v1/events/capture	1970-01-20 16:05:19	Name: view.bb4wMKcXKB896PwqF4vMVT-default-prop.Gy3xzrFUCQo2QEFioeBcaF Value: 1699432812000
.go.behindthemarkets.com/	1970-01-21 00:50:55	Name: _vwo_uuid_v2 Value: D7B41BA3681D459D60C9C7E3ED3FB34F7\|8e05450cde8a9c3d88d8454e61c836ec
js.center.io/	1970-01-21 01:39:52	Name: centerVisitorId Value: qxt2Q3t8bxXcH7GvHwR68P
.behindthemarkets.com/	1970-01-20 18:13:28	Name: _gcl_au Value: 1.1.993660216.1699432811
.behindthemarkets.com/	1970-01-20 18:27:52	Name: _vis_opt_s Value: 1%7C
.behindthemarkets.com/	1969-12-31 23:59:59	Name: _vis_opt_test_cookie Value: 1
.behindthemarkets.com/	1970-01-21 01:39:52	Name: _vwo_uuid Value: D7B41BA3681D459D60C9C7E3ED3FB34F7
.behindthemarkets.com/	1970-01-20 18:13:28	Name: _vwo_ds Value: 3%241699432810%3A7.06179664%3A%3A
.behindthemarkets.com/	1970-01-20 16:03:54	Name: _vwo_sn Value: 0%3A1
.behindthemarkets.com/	1970-01-21 01:39:52	Name: _ga_8R6YNFMJ23 Value: GS1.1.1699432811.1.0.1699432811.60.0.0
.behindthemarkets.com/	1970-01-21 01:39:52	Name: _ga Value: GA1.2.1742639445.1699432811
.behindthemarkets.com/	1970-01-20 16:05:19	Name: _gid Value: GA1.2.1920344171.1699432811
.behindthemarkets.com/	1970-01-20 16:03:52	Name: _gat_UA-102395123-1 Value: 1
.criteo.com/	1970-01-21 01:25:28	Name: uid Value: 10fa54c7-8d69-4fb2-b57d-1b7d2eb1ce93
.behindthemarkets.com/	1970-01-21 01:33:16	Name: cto_bundle Value: Kspe0V9sT3JnUTgweEs4QWQxdE1Rd3pmd25weWJMcDhJanZCM05xYXF1VTM4SnpsTHRMQTVlSFF3RmZ6ZUJjMSUyRlI4VklLZm5GRlRxWCUyRmhjTGpnNyUyQlUyYThoWHhHREF3QXZQU25NaDdVbk02dTRrQmR3bWlIYTJFTlZvRWNFbEkwbFJVZlUxS2Z3SklmOTF0U3ElMkZWWWRlQVlkRW15V2VlS0wlMkZ2OHJmYnF4TnpybnMwJTNE

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.leadpages.io
btm-btm-btm.lpages.co
buf.soundestlink.com
cdnjs.cloudflare.com
dev.visualwebsiteoptimizer.com
dynamic.criteo.com
embed.lpcontent.net
fonts.googleapis.com
fonts.gstatic.com
go.behindthemarkets.com
gum.criteo.com
js.center.io
lh3.googleusercontent.com
mug.criteo.com
region1.analytics.google.com
script.crazyegg.com
static.leadpages.net
stats.g.doubleclick.net
unpkg.com
vinderocatchernwl.com
www.behindthemarkets-btm.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
2001:4860:4802:32::15
2001:4860:4802:32::36
2606:4700:4400::6812:2ab2
2606:4700::6810:7daf
2606:4700::6811:180e
2606:4700::6813:9308
2a00:1450:4001:800::2003
2a00:1450:4001:800::2004
2a00:1450:4001:808::200e
2a00:1450:4001:80f::200a
2a00:1450:4001:813::2008
2a00:1450:4001:829::2001
2a00:1450:4001:82b::2003
2a00:1450:400c:c04::9b
2a02:2638:3::c
2a02:2638:3::e
2a06:98c1:3120::3
34.107.203.240
34.96.102.137
35.192.151.63
35.202.21.90
007a4f37862f0939b008ddc457ce5f3ec02e6fe5cb2fb1f0f5fddc4e03170695
01e55dd1aa745de01aa72d41811a1fad24cf8a847ca376ae78738e1b3c6b3628
02de1a932816d80b54e2b8094e150f1ec64a3aedc5c2c4a97925aafb9c95c5a8
02ffe72a9c712b85c4cd1dc94c6c7d230842d2870ba1ae8c43ce12212d9934fd
03d9a2edd6f5d8eceb5186424c3d9720ab8ca89fc3ddcd2fcd7fa2634b6ad3b2
070f29ff60fae8b34203e5f7d5f7e0dc56dac780d8b3d1ba56760a768bbf48da
08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121
09860b6bb23c1622b929cf82cec33520f81ea39b2e637ba62e79533e1d265015
0c8e060784765b186df12c3b49d58c1b6df180812c26cf625611d02cc62c2442
0dc05bd8e6a23d3ce410b51ba0867a6613da4fd82014e88e2ffedcc07549bb05
0efa1e4687032588dae8d6d3a00a92e504a3a14b9d1bb23c19670a47c9792110
0f9fd81a08eecb2018384c281acd08fa6add7ffee002123129ff7a546b82fa31
11a5066ce5aa1d4619f5582cffdcd559c9a1aae9de9b010984ec89d2d8b4762f
12bb6250f9afe86162b02c690ee29b53261cdf7c0b324bbb58939816c36bd658
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7
1a0f2a08a2b4d9bb784e01f060be8ea8876609a18317ef83bc13899afd23d271
1dd8c38f74756eeebe8302aa2f207760abe5b57133e7958931e78e4b2870181f
2046e739bac868c0861b4fcb3e3842f2ec5a583b2770a8cee0847eba73821ad1
214df72d9a3910941fda905199bc8069c6b298ce2b577c71c149773e9c64030f
21c96acbb335694cd65c8a0056e4e659dff4c337491c87dc877f54abc44fe625
21ef52e0c141c5fbc0135c601113edde2e1d9fea1d454b0da3cb66fe2d6aa432
2b9dbc4e3ab31dc403745b54ac6ca7f853ecd69084036b8be7de5a1890ccec49
2f007b53b0173b103df54f19e21bb1a020949e359a6c2493303c57c433285f71
31b790b6aa4636b48813be238cfbd46163c06298333db50e03373fcd5d41e6ad
31d9d4d853d7426533bea329d61e28677b7ffa078ae280290de50ad646ae6eba
3584c4b319d00a900259c554d8076927e2aaf3b60a6d41973ead57138070d706
38c1d645f08cafe1e0c34cc16c9c9e95433775aca4e8b016fe23dc1913b40854
3a66772ffd6f1b6ba78ee300686bde088a30fa600165787a115262e1795553db
3f1679187a03b9a16c963fc7b3919865a451739ac0d600d3101dbdbad7a7ba43
43a079fd739dffa727de659b5bbf44596031aa7542c8a8afbc54a243aab96b47
517edd119c5b2719e6ac4b30bf1fd864a6395179a41d273c0afc0696e7495d8e
5190abfe9f241dd6c5afbd313cecfe3bc1c2d3e5e0a6815c28c4b9942de6237e
530a8eecb4ed2f70062659424d6ae1b929319154d02c665e07686ce7348f2639
5590f038f87169772f0bb512d942481838ac73230926fb92c4ff8db9a19b2296
5fbf1a4443a669b8578dc58529b1f02e03bf58c5aa395874ced94a53952a3745
62ddc86ea5f5cb1b3da49fd95590a3f9e5109ad05c70f2bd88525c228e276022
653e57dace87f1578d47a3162639ab8754abddab7c8e37ed6420dd04fbd8ad2e
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6eb79f030eca6548e428f1470c03d57c35fc82fd9b4ed915894f74bb8a4d1e19
7175f0fd288f011560ca785808341d055393c4d63055afa2d37627a8e76be19c
7631fdde759575aded86b3d1ce65b7884706a678566834f6cb43c40d8f1e2c85
7ac8c0c398a8c50881f8df96030a9ed8442b654cb9d2e1a1877aebedd02023af
7caa39736388b58116f1d7318edb260aec86c94473cd8ad2ddcbb75c7e2b0f27
7d6465ff40cc8a253079809cfb86bda088de84e90677e0d0636ec6ffe065776f
7d7b2eec122d8945398dde8bcbe491986698b328f086f6c1c83873d89b18a18e
7da5cd5386454360f748cc2136fd37c038da4220770ed104f9630c06a0eab806
7db7a83e9efe934ad73ed22b476fdb78d1a9ff1e3a98cb5c15284f9417735b7a
7e2c27b9ba576b52452df883ee0d1e4c2bcf284dd948611e484c1797a5b2ed0d
7fe0592011de0cc4c282a8523987e70c3209207703d39aa36d346e41db0c07ff
8117b595dbdc02ecef5f4341b481db3a46bbab0f8a86e79eb0b14578ea42a446
8144d33c5610d6e5a06a27cfec7163258f02d413b0befd187e399740b490a194
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
843664caa06661a4c789fe642770690b9a6cec4ecfed6835a631632dcb98aa67
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
88804d6ebe9dae5ad41f997452c2edb43e0b07cdc7dab0a38cb8f62250ca692e
8d6f4e6b5613a9fa91abfe6587aa69327458bcfd17b484f254a7d0607808ceaa
8e29f3e687fdc2aa47a5183200740ffc894cf469d1d0a5db7317392ab003c6ef
8e8c63e762d334605b396e4bfacb8723fdfac07a2c77dfe9c57195658605dc00
91b27074116ac669b41c4650c11951613a2dc7d2a5336e93dd07ec38ad7ad03a
9754b5f6ea5fe6139593a9d71354a602bd16baf749706d5ffc3882786fbb78a3
a32b05beb3cc8b800bcba47a402f893ef2a14ca7c7e34b068d7525cc61b8670f
a39f6b6d8f73c27f9da666c425f6ba369004dc25e3cc8adef547612635e5e244
a5512781731b5b307ecf7b7a315d2e86150d976cdafd90452832a6fb28e4b7c6
a66f203307e28e536d6aab551e7fb8d70414da2a0374c98aed0b0725f413199e
aba0f08dc1fa858dbd70d733fac29f07cd07816732bf498c9dda14d5d79dc93f
acf88b2da54aa12fbf7c5e89be9a84524811896fe2a46005a30dfa1b32789fb1
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af07850bc2d128062164504811197c21b60ed42f88b326dd858394951b14dd02
b06a5d272de6f4e0ba3f8db8338da394f8716987f7a7e764a22b6e903c0f94cf
b43c59121bb7253a01d9d388cf9ad9cfd7b9201e8e50bbdecba0442233e73478
b6da3cdb7cff4fa6ba59c573533db05bdf868830aeea5fdb400135b7b23ed597
b7ca37cbe6142c0d28468f82713bd163c1e45f1cd06edfd9ce8d5d02cdd6dfb2
bc8d607824ba046ae56778998afe2e69219247957cc26951de824b138d011535
beb6e5817e7f1f16be8426abc571e4882ee5bfdbf3d24de63623ca5018d8f7aa
c02a537eec620de29094096c1517db5cd507af931d7d61ede3576ac4309c4946
c418f2192d7c27930706fe001f6d8225452e5bd9a11e4653d3b507161237359f
c53fc919da515cc21b389888f6d7a95f69303b518a7f735c11534473f4e2eec7
c865391244737b56f4a47ee897a14f540bf734ca5d784ab161995797e4635db6
c9c1caceee24c82513919d61734ad3ccb66800fa0a92f71da617c49b8a872fb1
cab0187e0daa40dcafa6ad301c50f0a2d35dd20299575b1e07ce89e00e585dbe
cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42
d15036f4cafc9c5dc6eb94a34049e33fb834a2eb517401a9b858bf70a00c8e42
d56ad0781875c34060e15e238f8f8cb621c132675a63e3b90ffe23a2918e4639
d6e95baaa826fa0d183cf2cc4f8120dd6c4dba0f62e82de9b5d2d30595f1a7ff
d99bb0bec8f0da24a623a96c8ec3af26b8168f70ff637e3bdbca0da2b20f096b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
df9dde0f6cd65bdb8fbfd852cc1a2b6a17a1600fdb29eec3ebd6d04368dd03c3
dff5c7a61358f77654f6f3c48ba16e33a4315bb57389075f380c408b250c73b0
e1593f989bc71975b054e1f520b562551eb15397a4ade1656b988a59e020dd0e
e2041219de8b785776118b7514cddfba1981a0b065c9f8ec9e6ee947f97a967b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6a73f917125c121475f89b1c9ca5197d550c5c999343f19e3c0fbacf5a43135
e7c90c5bca22ce8622ad805b5dee3e93e40736e0b1bb2bb119560e7d4b52cca0
ea5ed390a792c387320554cdfca3b7a5e3b72149f1ec09bc305e3894b5718cd6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f10ec21a492c33b4c6c6a6dac52a189d96560ce7b76595be7ab1f2890c2b41a9
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f80c4e842cf1cddf979cbf4cf904269dfd5e41ddcf1ef1da83a1bb848f835ec0
fbd1f6154a86a6b879f908847dcabb938d6716b66df5e0a1c0aefe8f5e58cd02

go.behindthemarkets.com Open in urlscan Pro 35.202.21.90 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

109 Requests

96 %HTTPS

81 %IPv6

22 Domains

25 Subdomains

19 IPs

4 Countries

1533 kBTransfer

3133 kBSize

15 Cookies

0 Outgoing links

Page URL History

Redirected requests

109 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

go.behindthemarkets.com Open in urlscan Pro
35.202.21.90 Public Scan

Screenshot
Live screenshot

Full Image

109
Requests

96 %
HTTPS

81 %
IPv6

22
Domains

25
Subdomains

19
IPs

4
Countries

1533 kB
Transfer

3133 kB
Size

15
Cookies

109 HTTP transactions
0 data transactions