go.behindthemarkets.com Open in urlscan Pro
35.202.21.90 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.marketbeat.com/scripts/redirect.aspx?SponsorshipID=71612&UserID=9587135&interstitial=1
Effective URL:
https://go.behindthemarkets.com/limited-time-offer-4/?_ef_transaction_id=86048664de6243fc86a5590d71bed54b&utm_source=96&utm_camp...
Submission: On May 05 via api (May 5th 2023, 5:28:35 pm UTC) from US — Scanned from DE

Summary HTTP 146 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 50 IPs in 10 countries across 47 domains to perform 146 HTTP transactions. The main IP is 35.202.21.90, located in Council Bluffs, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is go.behindthemarkets.com. The Cisco Umbrella rank of the primary domain is 708941.
TLS certificate: Issued by R3 on March 31st 2023. Valid for: 3 months.

This is the only time go.behindthemarkets.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:310... 2606:4700:3108::ac42:2b0e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 4	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	35.202.21.90 35.202.21.90	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	34.107.203.240 34.107.203.240	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
58	2a00:1450:400... 2a00:1450:4001:80b::2001	15169 (GOOGLE) (GOOGLE)
4	2001:4860:480... 2001:4860:4802:34::15	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
5	35.192.151.63 35.192.151.63	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:d::10 2a02:2638:d::10	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
14	2400:52e0:1e0... 2400:52e0:1e00::1081:1	200325 (BUNNYCDN) (BUNNYCDN)
3	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
4 5	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c07::9b	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
1	178.250.7.13 178.250.7.13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	178.250.7.11 178.250.7.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	74.119.119.150 74.119.119.150	19750 (AS-CRITEO) (AS-CRITEO)
3 6	2606:4700::68... 2606:4700::6810:7daf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	34.220.132.2 34.220.132.2	16509 (AMAZON-02) (AMAZON-02)
1 2	52.58.138.0 52.58.138.0	16509 (AMAZON-02) (AMAZON-02)
2 2	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
2	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	37.252.171.22 37.252.171.22	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	185.89.210.20 185.89.210.20	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1	18.197.126.100 18.197.126.100	16509 (AMAZON-02) (AMAZON-02)
1	185.86.138.152 185.86.138.152	201081 (SMARTADSE...) (SMARTADSERVER)
1	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1	104.111.217.42 104.111.217.42	16625 (AKAMAI-AS) (AKAMAI-AS)
1	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1 2	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
1	37.157.4.25 37.157.4.25	198622 (ADFORM) (ADFORM)
1	185.255.84.152 185.255.84.152	200271 (IGUANE-) (IGUANE-)
1 2	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
1 2	54.229.40.109 54.229.40.109	16509 (AMAZON-02) (AMAZON-02)
1	162.19.138.119 162.19.138.119	16276 (OVH) (OVH)
1 2	34.251.27.114 34.251.27.114	16509 (AMAZON-02) (AMAZON-02)
1	34.117.157.22 34.117.157.22	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	52.59.76.204 52.59.76.204	16509 (AMAZON-02) (AMAZON-02)
1	64.202.112.191 64.202.112.191	23352 (SERVERCEN...) (SERVERCENTRAL)
1	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	2600:1f18:612... 2600:1f18:612b:4200:8644:8d9:b2a6:8733	14618 (AMAZON-AES) (AMAZON-AES)
1	85.215.5.31 85.215.5.31	6786 (CRONON-BE...) (CRONON-BERLIN-AS)
1	23.209.16.125 23.209.16.125	16625 (AKAMAI-AS) (AKAMAI-AS)
1	34.255.56.232 34.255.56.232	16509 (AMAZON-02) (AMAZON-02)
1	34.250.66.43 34.250.66.43	16509 (AMAZON-02) (AMAZON-02)
1	3.136.150.106 3.136.150.106	16509 (AMAZON-02) (AMAZON-02)
146	50

1 2606:4700:3108::ac42:2b0e (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.marketbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a06:98c1:3120::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.behindthemarkets-btm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.202.21.90 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 90.21.202.35.bc.googleusercontent.com

go.behindthemarkets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
btm-btm-btm.lpages.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.107.203.240 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 240.203.107.34.bc.googleusercontent.com

static.leadpages.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
embed.lpcontent.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

58 2a00:1450:4001:80b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:4860:4802:34::15 (United States)

ASN15169 (GOOGLE, US)

js.center.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.192.151.63 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 63.151.192.35.bc.googleusercontent.com

api.leadpages.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:d::10 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dynamic.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2400:52e0:1e00::1081:1 (Germany)

ASN200325 (BUNNYCDN, SI)

load.sumo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:2638:3::c (France) 4 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c07::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.11 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

sslwidget.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.119.150 (United States)

ASN19750 (AS-CRITEO, US)

widget.us.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6810:7daf (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.220.132.2 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-220-132-2.us-west-2.compute.amazonaws.com

sumo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.58.138.0 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-138-0.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.162 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s01-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.171.22 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.20 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.197.126.100 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-126-100.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.138.152 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

sync-t1.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.217.42 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-217-42.deploy.static.akamaitechnologies.com

criteo-sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.75.62.37 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.4.25 (Denmark)

ASN198622 (ADFORM, DK)

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.255.84.152 (France)

ASN200271 (IGUANE-, FR)

visitor.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.80.39.216 (Canada) 1 redirects

ASN27381 (CASALE-MEDIA, CA)

r.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.229.40.109 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-40-109.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.119 (France)

ASN16276 (OVH, FR)
PTR: ns31533570.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.251.27.114 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-251-27-114.eu-west-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.157.22 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 22.157.117.34.bc.googleusercontent.com

matching.ivitrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.59.76.204 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-76-204.eu-central-1.compute.amazonaws.com

exchange.mediavine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.202.112.191 (Chicago, United States)

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4200:8644:8d9:b2a6:8733 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

criteo-partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.215.5.31 (Berlin, Germany)

ASN6786 (CRONON-BERLIN-AS, DE)

a.twiago.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.209.16.125 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-209-16-125.deploy.static.akamaitechnologies.com

ad.yieldlab.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.255.56.232 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-56-232.eu-west-1.compute.amazonaws.com

sync-criteo.ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.250.66.43 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-66-43.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.136.150.106 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-136-150-106.us-east-2.compute.amazonaws.com

s.thebrighttag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
58	googleusercontent.com lh3.googleusercontent.com — Cisco Umbrella Rank: 60	292 KB
19	sumo.com load.sumo.com — Cisco Umbrella Rank: 12414 sumo.com — Cisco Umbrella Rank: 11470	449 KB
11	criteo.com 5 redirects dynamic.criteo.com — Cisco Umbrella Rank: 3631 gum.criteo.com — Cisco Umbrella Rank: 420 mug.criteo.com — Cisco Umbrella Rank: 2760 sslwidget.criteo.com — Cisco Umbrella Rank: 1787 widget.us.criteo.com — Cisco Umbrella Rank: 17902 dis.criteo.com — Cisco Umbrella Rank: 707	29 KB
6	unpkg.com 3 redirects unpkg.com — Cisco Umbrella Rank: 794	16 KB
5	leadpages.io api.leadpages.io — Cisco Umbrella Rank: 33811	2 KB
4	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 211 secure.adnxs.com — Cisco Umbrella Rank: 406	4 KB
4	doubleclick.net 2 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 74 cm.g.doubleclick.net — Cisco Umbrella Rank: 215	1 KB
4	center.io js.center.io — Cisco Umbrella Rank: 41154	15 KB
4	behindthemarkets-btm.com 1 redirects www.behindthemarkets-btm.com — Cisco Umbrella Rank: 697047	22 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 37	3 KB
2	360yield.com 1 redirects ad.360yield.com — Cisco Umbrella Rank: 655	877 B
2	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 198	2 KB
2	casalemedia.com 1 redirects r.casalemedia.com — Cisco Umbrella Rank: 1332	2 KB
2	yahoo.com 1 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 265	508 B
2	bidswitch.net 1 redirects x.bidswitch.net — Cisco Umbrella Rank: 299	880 B
2	google.de www.google.de — Cisco Umbrella Rank: 6386	515 B
2	google.com region1.analytics.google.com — Cisco Umbrella Rank: 4365 www.google.com — Cisco Umbrella Rank: 2	667 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 30	21 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 48	164 KB
2	leadpages.net static.leadpages.net — Cisco Umbrella Rank: 39083	29 KB
1	thebrighttag.com s.thebrighttag.com — Cisco Umbrella Rank: 1801	268 B
1	krxd.net beacon.krxd.net — Cisco Umbrella Rank: 596	338 B
1	yieldmo.com sync-criteo.ads.yieldmo.com — Cisco Umbrella Rank: 2179	38 B
1	yieldlab.net ad.yieldlab.net — Cisco Umbrella Rank: 4423	400 B
1	twiago.com a.twiago.com — Cisco Umbrella Rank: 32553	153 B
1	tremorhub.com criteo-partners.tremorhub.com — Cisco Umbrella Rank: 2320	399 B
1	pubmatic.com simage2.pubmatic.com — Cisco Umbrella Rank: 679	581 B
1	outbrain.com sync.outbrain.com — Cisco Umbrella Rank: 743	145 B
1	mediavine.com exchange.mediavine.com — Cisco Umbrella Rank: 1323	883 B
1	ivitrack.com matching.ivitrack.com — Cisco Umbrella Rank: 2544	274 B
1	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 431	1 KB
1	omnitagjs.com visitor.omnitagjs.com — Cisco Umbrella Rank: 837	235 B
1	adform.net cm.adform.net — Cisco Umbrella Rank: 1211	163 B
1	3lift.com eb2.3lift.com — Cisco Umbrella Rank: 351	140 B
1	teads.tv criteo-sync.teads.tv — Cisco Umbrella Rank: 1865	172 B
1	taboola.com sync-t1.taboola.com — Cisco Umbrella Rank: 1285	99 B
1	smartadserver.com rtb-csync.smartadserver.com — Cisco Umbrella Rank: 601	163 B
1	sharethrough.com match.sharethrough.com — Cisco Umbrella Rank: 522	362 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 318	239 B
1	media.net contextual.media.net — Cisco Umbrella Rank: 603	802 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 200	11 KB
1	lpages.co btm-btm-btm.lpages.co — Cisco Umbrella Rank: 777451	19 KB
1	gstatic.com fonts.gstatic.com	16 KB
1	googleoptimize.com www.googleoptimize.com — Cisco Umbrella Rank: 888	45 KB
1	lpcontent.net embed.lpcontent.net — Cisco Umbrella Rank: 52089	15 KB
1	behindthemarkets.com go.behindthemarkets.com — Cisco Umbrella Rank: 708941	67 KB
1	marketbeat.com 1 redirects www.marketbeat.com — Cisco Umbrella Rank: 42201	304 B
146	47

	Domain	Requested by
58	lh3.googleusercontent.com	go.behindthemarkets.com btm-btm-btm.lpages.co
14	load.sumo.com	go.behindthemarkets.com load.sumo.com
6	unpkg.com	3 redirects btm-btm-btm.lpages.co
5	sumo.com	load.sumo.com
5	gum.criteo.com	4 redirects dynamic.criteo.com
5	api.leadpages.io	js.center.io embed.lpcontent.net
4	js.center.io	go.behindthemarkets.com js.center.io btm-btm-btm.lpages.co
4	www.behindthemarkets-btm.com	1 redirects go.behindthemarkets.com www.behindthemarkets-btm.com
3	fonts.googleapis.com	go.behindthemarkets.com btm-btm-btm.lpages.co client
2	ad.360yield.com	1 redirects
2	dpm.demdex.net	1 redirects
2	r.casalemedia.com	1 redirects
2	ups.analytics.yahoo.com	1 redirects
2	secure.adnxs.com	1 redirects
2	ib.adnxs.com	2 redirects
2	dis.criteo.com
2	cm.g.doubleclick.net	2 redirects
2	x.bidswitch.net	1 redirects
2	www.google.de	go.behindthemarkets.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.googletagmanager.com	go.behindthemarkets.com www.googletagmanager.com
2	static.leadpages.net	go.behindthemarkets.com btm-btm-btm.lpages.co
1	s.thebrighttag.com
1	beacon.krxd.net
1	sync-criteo.ads.yieldmo.com
1	ad.yieldlab.net
1	a.twiago.com
1	criteo-partners.tremorhub.com
1	simage2.pubmatic.com
1	sync.outbrain.com
1	exchange.mediavine.com
1	matching.ivitrack.com
1	id5-sync.com
1	visitor.omnitagjs.com
1	cm.adform.net
1	eb2.3lift.com
1	criteo-sync.teads.tv
1	sync-t1.taboola.com
1	rtb-csync.smartadserver.com
1	match.sharethrough.com
1	pixel.rubiconproject.com
1	contextual.media.net
1	cdnjs.cloudflare.com	btm-btm-btm.lpages.co
1	widget.us.criteo.com	go.behindthemarkets.com
1	sslwidget.criteo.com	1 redirects
1	mug.criteo.com	go.behindthemarkets.com
1	www.google.com	go.behindthemarkets.com
1	region1.analytics.google.com	www.googletagmanager.com
1	btm-btm-btm.lpages.co	embed.lpcontent.net
1	fonts.gstatic.com	fonts.googleapis.com
1	dynamic.criteo.com	www.googletagmanager.com
1	www.googleoptimize.com	www.googletagmanager.com
1	embed.lpcontent.net	go.behindthemarkets.com
1	go.behindthemarkets.com
1	www.marketbeat.com	1 redirects
146	56

This site contains links to these domains. Also see Links.

Domain
behindthemarkets.com

Subject Issuer	Validity	Valid
go.behindthemarkets.com R3	`2023-03-31` - `2023-06-29`	3 months	crt.sh
static.leadpages.net GTS CA 1D4	`2023-04-25` - `2023-07-24`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
*.behindthemarkets-btm.com E1	`2023-03-09` - `2023-06-07`	3 months	crt.sh
embed.lpcontent.net GTS CA 1D4	`2023-04-11` - `2023-07-10`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
js.center.io GTS CA 1D4	`2023-03-25` - `2023-06-23`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
*.leadpages.io Go Daddy Secure Certificate Authority - G2	`2022-10-27` - `2023-10-22`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-09` - `2023-06-03`	3 months	crt.sh
*.sumo.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-16` - `2024-02-16`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
*.lpages.co R3	`2023-02-21` - `2023-05-22`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
*.media.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-10` - `2024-02-18`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
*.sharethrough.com Amazon RSA 2048 M02	`2023-02-10` - `2023-08-12`	6 months	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
*.taboola.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-08` - `2023-12-31`	a year	crt.sh
teads.tv R3	`2023-02-21` - `2023-05-22`	3 months	crt.sh
*.3lift.com Amazon RSA 2048 M02	`2023-04-13` - `2024-05-11`	a year	crt.sh
*.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-05-18` - `2023-06-16`	a year	crt.sh
omnitagjs.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-21` - `2023-07-21`	a year	crt.sh
*.id5-sync.com R3	`2023-04-18` - `2023-07-17`	3 months	crt.sh
itm.ivitrack.com R3	`2023-04-04` - `2023-07-03`	3 months	crt.sh
exchange.mediavine.com Amazon RSA 2048 M01	`2023-02-11` - `2023-08-04`	6 months	crt.sh
*.outbrain.com Thawte RSA CA 2018	`2022-11-06` - `2023-11-28`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
*.tremorhub.com Amazon RSA 2048 M01	`2023-02-22` - `2024-03-23`	a year	crt.sh
*.twiago.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-28` - `2023-12-29`	a year	crt.sh
*.yieldlab.net DigiCert TLS RSA SHA256 2020 CA1	`2022-11-16` - `2023-11-15`	a year	crt.sh
*.ads.yieldmo.com Amazon RSA 2048 M01	`2023-04-04` - `2024-05-02`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://go.behindthemarkets.com/limited-time-offer-4/?_ef_transaction_id=86048664de6243fc86a5590d71bed54b&utm_source=96&utm_campaign=&utm_medium=&id=&iocid=&oid=1&aff=96
Frame ID: D5E75EB5A5E21591F06BE34EF5226CB7
Requests: 102 HTTP requests in this frame

Frame: https://js.center.io/identify.html
Frame ID: 0F17EC9B5CB0E7F2B6A2771DC592967E
Requests: 1 HTTP requests in this frame

Frame: https://btm-btm-btm.lpages.co/serve-leadbox/NcYxqUsAsLkrkeQU6QFqDL/?_ef_transaction_id=86048664de6243fc86a5590d71bed54b&aff=96&id=&iocid=&oid=1&utm_campaign=&utm_medium=&utm_source=96
Frame ID: E07BB32BA29AC9F7313C8DEEF62C210E
Requests: 10 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=go.behindthemarkets.com&origin=onetag
Frame ID: 94AE8C74DF10655510533C821AA72FD9
Requests: 2 HTTP requests in this frame

Frame: https://js.center.io/identify.html
Frame ID: 41A2C1738A69DE9AFAF3240A4F76D5A6
Requests: 1 HTTP requests in this frame

Frame: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-qbJQ6IDNVIUjOxRithn0XRvapRdidNYPmQWYzQ&expires=30
Frame ID: 5941347F8F5D5A19507F885C54EBA2CA
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

"Cut & Paste"

Page URL History Show full URLs

https://www.marketbeat.com/scripts/redirect.aspx?SponsorshipID=71612&UserID=9587135&interstitial=1 HTTP 301
https://www.behindthemarkets-btm.com/5C1XW5/2CTPL/?sub5=n71612&sub4=DisabledOffer HTTP 302
https://go.behindthemarkets.com/limited-time-offer-4/?_ef_transaction_id=86048664de6243fc86a5590d71bed54b&ut... Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Optimize (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

googleoptimize\.com/optimize\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Page Statistics

146
Requests

89 %
HTTPS

34 %
IPv6

47
Domains

56
Subdomains

50
IPs

10
Countries

1223 kB
Transfer

4533 kB
Size

52
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://behindthemarkets.com/p/terms
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://behindthemarkets.com/p/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.marketbeat.com/scripts/redirect.aspx?SponsorshipID=71612&UserID=9587135&interstitial=1 HTTP 301
https://www.behindthemarkets-btm.com/5C1XW5/2CTPL/?sub5=n71612&sub4=DisabledOffer HTTP 302
https://go.behindthemarkets.com/limited-time-offer-4/?_ef_transaction_id=86048664de6243fc86a5590d71bed54b&utm_source=96&utm_campaign=&utm_medium=&id=&iocid=&oid=1&aff=96 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 82

https://gum.criteo.com/sid/json?origin=onetag&domain=behindthemarkets.com&sn=ChromeSyncframe&so=0&topUrl=go.behindthemarkets.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=HZjYMHxraTZEVWk4ZXhrcGd5Y21HY3JjMDFXRlJVWFl5Qi9NSmNkOGVVYjI3aGFEby9uWGlzcGlUS25jNEorV2hOeEpYTlVXcC9OQnVmSnI5N3pyanR2Nzc5bk11RTgzTGFsN2YwbFNLQ1hTL1lMcGxhNUs2aGpiM2ZqOEJac1hDN0dJNWhWVlZjaXJwOUl1Nno5OW5TUDJBR0FiTWViY2x2ajNFZU5PUU1OVDRmdncyWmxPZit4WUU1NjJqbjBwN1JQRitwT21NZmdISWZrVmp2cks5QTlINkpiRVIzbm9VTEEzczFwaEVEb0xUeUlqeEVxbDQ5S3I0OWpOeVhjTElXWU1XYjUyeXBDQllYNVJOY0NseVBkTEhZQzJIREt1T3M0Z3ZEWnc0bFhWMENZcz18&cppv=2

Request Chain 85

https://sslwidget.criteo.com/event?a=93258&v=5.15.0&p0=e%3Dce%26m%3D%255Bnull%255D%26h%3Dsha256&p1=e%3Dexd%26z%3Dnull%26site_type%3Dd&p2=e%3Dvp%26p%3D1%26tms%3Dcustom-guide&p3=e%3Ddis&adce=1&bundle=z1s5gl9BdEpPYzZpJTJGeTdjeXIyNU9PeiUyRk5MZkRDOSUyQjdyZDNmeGswMlk5UEMwTWFmJTJCbFR2OE1KYW5lQ2IzZWJEaUh4Z0NIZCUyRmY0OGNyNFFHSFhNVWdwRnJsdXMyVENVQWpER1MwTXJZclZHNyUyQmglMkZ0MDJ4M2N2V2VxN0hESXVObThMUXk4VUJVdmolMkZ6N3JYTkVXMGsxaG10T3olMkJCZThuUUclMkJhdzV5RGJpWVpGMGkxcyUzRA&tld=behindthemarkets.com&dy=1&fu=https%253A%252F%252Fgo.behindthemarkets.com%252Flimited-time-offer-4%252F%253F_ef_transaction_id%253D86048664de6243fc86a5590d71bed54b%2526utm_source%253D96%2526utm_campaign%253D%2526utm_medium%253D%2526id%253D%2526iocid%253D%2526oid%253D1%2526aff%253D96&ceid=629e7af5-e403-4bbd-af29-5b26c66c82ca&dtycbr=81369 HTTP 302
https://widget.us.criteo.com/event?a=93258&v=5.15.0&p0=e%3Dce%26m%3D%255Bnull%255D%26h%3Dsha256&p1=e%3Dexd%26z%3Dnull%26site_type%3Dd&p2=e%3Dvp%26p%3D1%26tms%3Dcustom-guide&p3=e%3Ddis&adce=1&bundle=z1s5gl9BdEpPYzZpJTJGeTdjeXIyNU9PeiUyRk5MZkRDOSUyQjdyZDNmeGswMlk5UEMwTWFmJTJCbFR2OE1KYW5lQ2IzZWJEaUh4Z0NIZCUyRmY0OGNyNFFHSFhNVWdwRnJsdXMyVENVQWpER1MwTXJZclZHNyUyQmglMkZ0MDJ4M2N2V2VxN0hESXVObThMUXk4VUJVdmolMkZ6N3JYTkVXMGsxaG10T3olMkJCZThuUUclMkJhdzV5RGJpWVpGMGkxcyUzRA&tld=behindthemarkets.com&dy=1&fu=https%253A%252F%252Fgo.behindthemarkets.com%252Flimited-time-offer-4%252F%253F_ef_transaction_id%253D86048664de6243fc86a5590d71bed54b%2526utm_source%253D96%2526utm_campaign%253D%2526utm_medium%253D%2526id%253D%2526iocid%253D%2526oid%253D1%2526aff%253D96&ceid=629e7af5-e403-4bbd-af29-5b26c66c82ca&dtycbr=81369

Request Chain 89

https://unpkg.com/spectre.css/dist/spectre.min.css HTTP 302
https://unpkg.com/spectre.css@0.5.9/dist/spectre.min.css

Request Chain 90

https://unpkg.com/spectre.css/dist/spectre-exp.min.css HTTP 302
https://unpkg.com/spectre.css@0.5.9/dist/spectre-exp.min.css

Request Chain 91

https://unpkg.com/spectre.css/dist/spectre-icons.min.css HTTP 302
https://unpkg.com/spectre.css@0.5.9/dist/spectre-icons.min.css

Request Chain 98

https://x.bidswitch.net/sync?dsp_id=46&user_id=k-qbJQ6IDNVIUjOxRithn0XRvapRdidNYPmQWYzQ&expires=30 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-qbJQ6IDNVIUjOxRithn0XRvapRdidNYPmQWYzQ&expires=30

Request Chain 99

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-xVM6SIDNVIUjOxRithn0XRvapRca2gtd1_wX5A&google_cm&google_hm=ay14Vk02U0lETlZJVWpPeFJpdGhuMFhSdmFwUmNhMmd0ZDFfd1g1QQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc=&google_ula=913071&CriteoUserId=k-xVM6SIDNVIUjOxRithn0XRvapRca2gtd1_wX5A&google_cm=&google_hm=ay14Vk02U0lETlZJVWpPeFJpdGhuMFhSdmFwUmNhMmd0ZDFfd1g1QQ&google_tc= HTTP 302
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-xVM6SIDNVIUjOxRithn0XRvapRca2gtd1_wX5A&google_gid=CAESEMka4Y2R8Oq83DdOqFngTK0&google_cver=1&google_ula=913071,0

Request Chain 100

https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID HTTP 302
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=4147679896857796734

Request Chain 101

https://secure.adnxs.com/setuid?entity=52&code=k-0fLXz4DNVIUjOxRithn0XRvapRcyVNqdifiFuQ HTTP 307
https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-0fLXz4DNVIUjOxRithn0XRvapRcyVNqdifiFuQ

Request Chain 109

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-kXGTnYDNVIUjOxRithn0XRvapRehD16XD4qrew HTTP 302
https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-kXGTnYDNVIUjOxRithn0XRvapRehD16XD4qrew&verify=true

Request Chain 112

https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-oWSSS4DNVIUjOxRithn0XRvapReI-RitUoSlpQ HTTP 302
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-oWSSS4DNVIUjOxRithn0XRvapReI-RitUoSlpQ&C=1

Request Chain 113

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40 HTTP 302
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=_-opgNeREz_7oaX_vR8oeNSINsaGprqy HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=_-opgNeREz_7oaX_vR8oeNSINsaGprqy

Request Chain 115

https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-uwfBbYDNVIUjOxRithn0XRvapReWl7IvjSoIqw HTTP 302
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-uwfBbYDNVIUjOxRithn0XRvapReWl7IvjSoIqw

Request Chain 124

https://gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40 HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=iL-M-_k0nMPkjbX5HVhkCbiGdJgGI5g9

Request Chain 126

https://gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40 HTTP 302
https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=peeVNb6X-P1j7EMgaJQf_byKCvsMlxO3

146 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
go.behindthemarkets.com/limited-time-offer-4/
Redirect Chain

https://www.marketbeat.com/scripts/redirect.aspx?SponsorshipID=71612&UserID=9587135&interstitial=1
https://www.behindthemarkets-btm.com/5C1XW5/2CTPL/?sub5=n71612&sub4=DisabledOffer
https://go.behindthemarkets.com/limited-time-offer-4/?_ef_transaction_id=86048664de6243fc86a5590d71bed54b&utm_source=96&utm_campaign=&utm_medium=&id=&iocid=&oid=1&aff=96

597 KB
67 KB

952ms
230ms

Document
text/html

35.202.21.90
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://go.behindthemarkets.com/limited-time-offer-4/?_ef_transaction_id=86048664de6243fc86a5590d71bed54b&utm_source=96&utm_campaign=&utm_medium=&id=&iocid=&oid=1&aff=96

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.202.21.90 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

90.21.202.35.bc.googleusercontent.com

Software

Leadpages /

Resource Hash

5a2e1f2aa00f7357621a7d10adaef3c61cfa258e8e72239cfeaafdb20c304bff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-encoding: br
content-type: text/html
date: Fri, 05 May 2023 17:28:29 GMT
etag: W/"35ac7ed3c1b30fe725a96355b8342843"
last-modified: Thu, 27 Apr 2023 15:52:55 GMT
server: Leadpages
strict-transport-security: max-age=15768000
vary: Accept-Encoding
x-cache: MISS, HIT

Redirect headers

accept-ch: Sec-Ch-Ua-Platform-Version
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7c2ab33c3a6c9b43-FRA
content-type: text/html; charset=utf-8
date: Fri, 05 May 2023 17:28:28 GMT
location: https://go.behindthemarkets.com/limited-time-offer-4/?_ef_transaction_id=86048664de6243fc86a5590d71bed54b&utm_source=96&utm_campaign=&utm_medium=&id=&iocid=&oid=1&aff=96
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nVHZXbvLUEy047FORzfCukIRaAmBmnhURufrT0%2FYHLvCvzaBlUtE6bVEnqGy%2Bb%2B89t7TAFzwncOn2sOXLLREb3Ire2UBeub1v3waJe8hEj84KkDcl4X6aMFJBSrGeCn8hQpfDKxw971%2F22i2JZwyHA7%2BTX6FstpT1%2FwS"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
via: 1.1 google
x-eflow-request-id: e3494b22-c8dc-491f-9bdf-cf4dd28b635f

GET
H2 200 all.min.css
static.leadpages.net/fonts/font-awesome/5.14.0/css/ 58 KB
15 KB 32ms
8ms Stylesheet
text/css 34.107.203.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/limited-time-offer-4/?_ef_transaction_id=86048664de6243fc86a5590d71bed54b&utm_source=96&utm_campaign=&utm_medium=&id=&iocid=&oid=1&aff=96
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.203.240 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.203.107.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 00:01:05 GMT
content-encoding: gzip
via: 1.1 google
server: Google Frontend
age: 235644
etag: "BTybeQ"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-cloud-trace-context: 0818dbc07bad12054208afc3e76df105
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14628
expires: Thu, 02 May 2024 00:01:05 GMT

GET
H2 200 css
fonts.googleapis.com/ 8 KB
1 KB 42ms
18ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500,700

Requested by

Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/limited-time-offer-4/?_ef_transaction_id=86048664de6243fc86a5590d71bed54b&utm_source=96&utm_campaign=&utm_medium=&id=&iocid=&oid=1&aff=96

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 05 May 2023 17:28:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 05 May 2023 16:12:40 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 05 May 2023 17:28:29 GMT

GET
H2 200 everflow.js Show response
www.behindthemarkets-btm.com/scripts/sdk/ 60 KB
19 KB 174ms
173ms Script
text/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.behindthemarkets-btm.com/scripts/sdk/everflow.js
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/limited-time-offer-4/?_ef_transaction_id=86048664de6243fc86a5590d71bed54b&utm_source=96&utm_campaign=&utm_medium=&id=&iocid=&oid=1&aff=96
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e426e330d152fce1b2e4a53ff4062cfe1531acca6f02c9b5329009d496aad05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:30 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Fri, 05 May 2023 11:56:27 GMT
accept-ch: Sec-Ch-Ua-Platform-Version
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FTsjoKOdI5WOqZGQKB4AoDOtjpkKvmVhkZYKL5elOv%2BCc3dOwTaqawCjk%2BmSiJbp%2B3VcD3peCJ1HNCnmvUmUv0FfpBVOpjsX7g8dcCYT1OP6fLCq9ur%2F0rPp3HZWxKdNnXtCO3BxUqWgzkpIlq5TatLJEUbl1%2FPEvAgb"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
x-eflow-request-id: fdca6380-e39b-47a1-aa30-d55fc560adc5
cf-ray: 7c2ab34309d99b43-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 embed.js Show response
embed.lpcontent.net/leadboxes/current/ 42 KB
15 KB 89ms
8ms Script
application/javascript 34.107.203.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://embed.lpcontent.net/leadboxes/current/embed.js
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/limited-time-offer-4/?_ef_transaction_id=86048664de6243fc86a5590d71bed54b&utm_source=96&utm_campaign=&utm_medium=&id=&iocid=&oid=1&aff=96
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.203.240 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.203.107.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 5590f038f87169772f0bb512d942481838ac73230926fb92c4ff8db9a19b2296

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:23:44 GMT
content-encoding: gzip
via: 1.1 google
server: Google Frontend
age: 286
etag: "S86klQ"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-cloud-trace-context: ce8e87beef44571a3f84fd7d493d3ba6
cache-control: public, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14811
expires: Fri, 05 May 2023 17:28:44 GMT

GET
H2 200 T-3lUZOkr0pGJTg2MtnJnPCAdxJl-PdaWePMpIUm6SACxhH30rYiJ__GYJwtKqQpllM0HVKLGlmwN24gcY3f=w16
lh3.googleusercontent.com/ 427 B
521 B 69ms
12ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/T-3lUZOkr0pGJTg2MtnJnPCAdxJl-PdaWePMpIUm6SACxhH30rYiJ__GYJwtKqQpllM0HVKLGlmwN24gcY3f=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c73db4ca5a6cf322e5295cea84c2f0cdecb812b1d7998d57bb6528684600e62f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 427
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 n-SU2QHHlDctT5P7f9PGVlqioYi7pTTg8gvrwvg1ZlSiRL7bP8OT_fgfmJXYifHvL5xQ1K76TrDmpB7-T6cugKs=w16
lh3.googleusercontent.com/ 438 B
736 B 69ms
11ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/n-SU2QHHlDctT5P7f9PGVlqioYi7pTTg8gvrwvg1ZlSiRL7bP8OT_fgfmJXYifHvL5xQ1K76TrDmpB7-T6cugKs=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

802b0e03789d326a08c22fef2dffdffb8d7691e13f410e7d1d6ce72ac6b765cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 438
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 -TFC9jwymVFSTYLZJwBNNd3_cpc7doEJWIawODlZoO0zvFjYItyDimfoc6tOz-bgtI7t0r8DYTMLo6QAQQk3Yw=w16
lh3.googleusercontent.com/ 381 B
444 B 71ms
14ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/-TFC9jwymVFSTYLZJwBNNd3_cpc7doEJWIawODlZoO0zvFjYItyDimfoc6tOz-bgtI7t0r8DYTMLo6QAQQk3Yw=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b3656b9eab301548c2ce25ea05db689a2f475a1ef4ce68a09e7aa23d6be6a931

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 381
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 Ag1U8DBGFuXf1H9sWrj9NjMaKEvgz7Ombpu9LUfiJnDAWnANfneCuZegr8dRCpGkU4uJJd-tO0NEHqSzzMBdkw=w16
lh3.googleusercontent.com/ 417 B
480 B 69ms
12ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/Ag1U8DBGFuXf1H9sWrj9NjMaKEvgz7Ombpu9LUfiJnDAWnANfneCuZegr8dRCpGkU4uJJd-tO0NEHqSzzMBdkw=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e135acdb3c2c1bd70906af2e93a9b233a3fe05ecbedbd5b2236efdcda7e6faee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 417
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 WXJuVDbLzZBfFYSk8BwiBKsf4fAkvxyS9Slh9DAo5NEOPYM6bDd7S68U8L8UKLJZvnieo5pnxf4HiyhvB1K0UA=w16
lh3.googleusercontent.com/ 407 B
470 B 67ms
14ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/WXJuVDbLzZBfFYSk8BwiBKsf4fAkvxyS9Slh9DAo5NEOPYM6bDd7S68U8L8UKLJZvnieo5pnxf4HiyhvB1K0UA=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

fe92a6eb2f59ce61e06edfb34e917be5138eac63b8097e8587b47931ac41659a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 407
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 bQUnb2Vox3KcySoFqr9aChfaBT-2JdUzDuZlv6PgQOmrB9n3zHgyFO_etSO8kDdfVlPuDQfEDMbyd2uQodVW5Q=w16
lh3.googleusercontent.com/ 416 B
479 B 66ms
13ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/bQUnb2Vox3KcySoFqr9aChfaBT-2JdUzDuZlv6PgQOmrB9n3zHgyFO_etSO8kDdfVlPuDQfEDMbyd2uQodVW5Q=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

aa305ca6053d5e7b1276bb407d79616830cc4b67509290a105ae265b6dbea225

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 416
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 DntvIx57RnCtFXT3MYAPt9AuIvz4XLKHJT-BticI0S0NwMlmYEtV-YKJfofwEB3gcuKyZmgzaQ3Hn9VgLMtnJQ=w16
lh3.googleusercontent.com/ 430 B
489 B 24ms
15ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/DntvIx57RnCtFXT3MYAPt9AuIvz4XLKHJT-BticI0S0NwMlmYEtV-YKJfofwEB3gcuKyZmgzaQ3Hn9VgLMtnJQ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b030865771624c8cac4b1e100f72fb87abc3eccb6c8bedd6a25393a3c6890883

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 430
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 _cLv27DqXzglIWHABADrU2yT9UmMkrDdEy_4HCj56msO3GzwRpTW_Xqc6P0mRJuOvnGOwapFlr1yMMjpjIhXqA=w16
lh3.googleusercontent.com/ 428 B
487 B 23ms
15ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/_cLv27DqXzglIWHABADrU2yT9UmMkrDdEy_4HCj56msO3GzwRpTW_Xqc6P0mRJuOvnGOwapFlr1yMMjpjIhXqA=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ff98c4cf79d955e494a8d9bf53f00a32ae73717c16628f94f135d865ec0e127b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 428
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 S4Ayd-wkGMteQ4KkwgkxoFboWY54ehpF51PPgaQLlqkEO03fgqUtP6I-R2igjGfsZEcCMVXBHGRuEKLSJE0dVw=w16
lh3.googleusercontent.com/ 421 B
483 B 27ms
19ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/S4Ayd-wkGMteQ4KkwgkxoFboWY54ehpF51PPgaQLlqkEO03fgqUtP6I-R2igjGfsZEcCMVXBHGRuEKLSJE0dVw=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3c770cf58bc37a49b3bc7e8a8ae53168e3ae6fe8d379bd77395ac37bc9880111

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 421
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 PyuiAcJjDOAwY-Gf3RK4alIBQMlJze68clTwJQuigHj7hqAj4YxOm6ge5P8b7hZVavNgwTkqhzah7RVCamu0W8xKy8k7rQQeGQ=s0
lh3.googleusercontent.com/ 26 KB
26 KB 26ms
18ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/PyuiAcJjDOAwY-Gf3RK4alIBQMlJze68clTwJQuigHj7hqAj4YxOm6ge5P8b7hZVavNgwTkqhzah7RVCamu0W8xKy8k7rQQeGQ=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3cf85ecb4a6becc6460dc3e65472ca30c4ea836366cd3d6bd54e315c6f7c31e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 15:40:11 GMT
x-content-type-options: nosniff
age: 6499
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26391
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 15:40:11 GMT

GET
H2 200 Y1LKhf0ke5Sx4mjNmF5QuR0OJ_eJgWm36tGewMnsqAwT9Vgi5khqwXrhOf_NUyduDk3hjrI4QG7GF8Edswsq=w16
lh3.googleusercontent.com/ 426 B
489 B 26ms
17ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/Y1LKhf0ke5Sx4mjNmF5QuR0OJ_eJgWm36tGewMnsqAwT9Vgi5khqwXrhOf_NUyduDk3hjrI4QG7GF8Edswsq=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3684abe518534ed96b6bf7c7b90f54b1fc004ffee736d135aa7ee2eca2b19e63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 426
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 FG4ErIy91xCYcbduLvglqUSQRCBXDD3G99OHTMwSaQ4wlbkHfGn_69hQvlf11sw1n32wvxbdCgytwpMKyZDm3g=w16
lh3.googleusercontent.com/ 431 B
494 B 27ms
19ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/FG4ErIy91xCYcbduLvglqUSQRCBXDD3G99OHTMwSaQ4wlbkHfGn_69hQvlf11sw1n32wvxbdCgytwpMKyZDm3g=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2f1dcbe6d55182c8db429872524d1abaaf57a3a91e53cae074f15b366c8c37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 431
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 -LIWOnFZbxKfhaWJJHSKhHHCE7lMK_ER9JQngJS7XhbtcSieuc6zrJMIfDCFYk8V4Pr6V8bZzacCpNdGrbCL=w16
lh3.googleusercontent.com/ 415 B
478 B 35ms
27ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/-LIWOnFZbxKfhaWJJHSKhHHCE7lMK_ER9JQngJS7XhbtcSieuc6zrJMIfDCFYk8V4Pr6V8bZzacCpNdGrbCL=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

345d333ce5a7d44a9503d94b85abacc393a6d70d0d62da52f7aa96781b0c231e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 415
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 Tc6DMUYM0t3IClKU7fwPBrfw92h_06RoEX5RRXlncQFG5BeUMAMyM_qcspNv92qKJb_OiAiM1DghBbx3TzsC=w16
lh3.googleusercontent.com/ 421 B
480 B 31ms
23ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/Tc6DMUYM0t3IClKU7fwPBrfw92h_06RoEX5RRXlncQFG5BeUMAMyM_qcspNv92qKJb_OiAiM1DghBbx3TzsC=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7f075b3a73dcd21887641aa676692b19deb19825bf0dd925747582e73217aea6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 421
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 zCBCGg93wo14GhReQgRci2U4Pp0OG4x5jDur49aouPLxDTFMC1mUk9B708tGTw679jth_kQ06n815YahSa7bltE=w16
lh3.googleusercontent.com/ 868 B
931 B 28ms
20ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/zCBCGg93wo14GhReQgRci2U4Pp0OG4x5jDur49aouPLxDTFMC1mUk9B708tGTw679jth_kQ06n815YahSa7bltE=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b673e2000e305f8929b4a0f9323169c6a00f5c8c736fbfcde0e6d3626656a5e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 868
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 n0n_ZxEfo6L0UBdqA6YIIhJ9hiuZ1vpkKq595MUbnF9Wi5cu4p4JYNoBsG7IguV5W4ErzTa5CcsOcOcJD7p1P5g=w16
lh3.googleusercontent.com/ 470 B
533 B 35ms
27ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/n0n_ZxEfo6L0UBdqA6YIIhJ9hiuZ1vpkKq595MUbnF9Wi5cu4p4JYNoBsG7IguV5W4ErzTa5CcsOcOcJD7p1P5g=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7721ea6e678ff85357eb6c7de4f39681d7b4b53b765ee49d9e45b97bdab68a58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 470
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 HJzeukQ39yTqZy5ntzWnH7FqZNB-5nUukrgtJhSTrUEjHQxfCqhjB7k9aGSIvVfiLWAD0hgkVkNOGNXfPwck=w16
lh3.googleusercontent.com/ 428 B
487 B 33ms
26ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/HJzeukQ39yTqZy5ntzWnH7FqZNB-5nUukrgtJhSTrUEjHQxfCqhjB7k9aGSIvVfiLWAD0hgkVkNOGNXfPwck=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

1b98e634435daa1012e8b83a1bb203eceab9742472b45c84ac1d98a729af412d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 428
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 ZGFPcrhyr3OazovWKOGqxPMJmgu5MUWCgvESgTs02NOYUbIconV_lsjO6AmdT_B9xjukv2BofQSWnuoyoNI0=w16
lh3.googleusercontent.com/ 433 B
496 B 29ms
22ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ZGFPcrhyr3OazovWKOGqxPMJmgu5MUWCgvESgTs02NOYUbIconV_lsjO6AmdT_B9xjukv2BofQSWnuoyoNI0=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ec9e6ee235b7cd2be4c02f7d9d03b70445dbe9c14b5b93422aabc12173d35fd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 433
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 EdQWQebpbwUyK7KFop1kfQ6SyNA2cSppOdT01fIamoMmcmMuvc5NcA1OZNmo33VbAa8n8212mHH23JsE05PV=w16
lh3.googleusercontent.com/ 430 B
489 B 31ms
24ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/EdQWQebpbwUyK7KFop1kfQ6SyNA2cSppOdT01fIamoMmcmMuvc5NcA1OZNmo33VbAa8n8212mHH23JsE05PV=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f0d96c4ed1e7e05e99cb5779a42e5f3b6055747c51f71c8f36ab6349fac181d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 430
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 r7NhF7sfH1PQpohFNToUlq_oa9DJJpCX0UoMbz6Zu4e4I6Dbov7mlLi-LLI83f03mepetzoL0qu-UfFDLDfHrBQ=w16
lh3.googleusercontent.com/ 431 B
490 B 29ms
22ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/r7NhF7sfH1PQpohFNToUlq_oa9DJJpCX0UoMbz6Zu4e4I6Dbov7mlLi-LLI83f03mepetzoL0qu-UfFDLDfHrBQ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

18242158163fb9c2864cf67400e9e05ba25a96fe25eb39bdb5c9b8c7164991e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 431
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 Z7BWJaFHmaAZgr6erSEZGEreanucQggQ4WBqj7tsobiinDT9AMzmcRrcvWMRqbrOW8G1I6OPljLxGBCnB5SKzg=w16
lh3.googleusercontent.com/ 425 B
488 B 31ms
24ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/Z7BWJaFHmaAZgr6erSEZGEreanucQggQ4WBqj7tsobiinDT9AMzmcRrcvWMRqbrOW8G1I6OPljLxGBCnB5SKzg=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

0db972dea92bf7469a431d2820ffb388cff26a3d7be700ee81f2e36ee3974e05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 425
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 -VxZl503D7APjOLlKgbRVseHlZrWPORXRfiNglG7a4pzDY7zKhHDUaVLnkG2dluekU--Gd3vvifle527vy0S=w16
lh3.googleusercontent.com/ 414 B
477 B 34ms
28ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/-VxZl503D7APjOLlKgbRVseHlZrWPORXRfiNglG7a4pzDY7zKhHDUaVLnkG2dluekU--Gd3vvifle527vy0S=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

414f94aa5dc74ec228d6aa7f37c1d79db206ff8326ded24a0cded97b75a6dfc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 414
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 TzqLPpdrFgoPI7BgT7ykes2fXK7ygO11S5SUn22L0rfE7SyWsPjMjFZJiP9uFnLBItPH74KlGepJUJqC0AB8Ng=w16
lh3.googleusercontent.com/ 421 B
480 B 34ms
27ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/TzqLPpdrFgoPI7BgT7ykes2fXK7ygO11S5SUn22L0rfE7SyWsPjMjFZJiP9uFnLBItPH74KlGepJUJqC0AB8Ng=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

0d1aad9a434590d1c60dbf3d079df20d70cde2c2afd0c20773c60d0b9cacde9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 421
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 0xep3Dw-f3uLQzagTKRrrauxghj1pWI_Sqfx8ZNqzoe5UeYttk25BOYUyB0khx06MAtPN8ymfFAO6ew_Xke7DA=w16
lh3.googleusercontent.com/ 430 B
489 B 35ms
28ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/0xep3Dw-f3uLQzagTKRrrauxghj1pWI_Sqfx8ZNqzoe5UeYttk25BOYUyB0khx06MAtPN8ymfFAO6ew_Xke7DA=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

0eb28d90e19b1fd3b42ea09cf5ff871e572e250e3cbf8531036d3c8a69df0cc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 430
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 yHxsZks5M9V814g5ixp5Z_5tLmLUGWjr2VY4RHPK2fAYbYQo_197RmgbUtG4xm6hC3Uh1VItt7Jue2lYHkI4=w16
lh3.googleusercontent.com/ 228 B
290 B 37ms
30ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/yHxsZks5M9V814g5ixp5Z_5tLmLUGWjr2VY4RHPK2fAYbYQo_197RmgbUtG4xm6hC3Uh1VItt7Jue2lYHkI4=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

81419462a9aa90c182deca7c5bb642a7e18d7a43a15acbbec36b54390ed9e4ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 228
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 EWi84ODdbllGo8vFON8ZWr4WCTCIUCRtru2YLRf25hq0sQUt894NAPLmjMTJupZhiYcZ-gPk813Q2T7KcSpgJFpyfXFhJiV0Kwo=w16
lh3.googleusercontent.com/ 407 B
466 B 34ms
27ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/EWi84ODdbllGo8vFON8ZWr4WCTCIUCRtru2YLRf25hq0sQUt894NAPLmjMTJupZhiYcZ-gPk813Q2T7KcSpgJFpyfXFhJiV0Kwo=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

4e10bba92c73c63033b55dd271a5d535b2073d328a780a65df1eeb9714271b7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 407
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 H7qUj5DToZ5yVmz_L_I8ONK3I1P-1DQg9QgYejs8Lp2ozfkJSO8kSwrH3kc5tBd4CcjaxJfXxmo_QkS6IDha4w=w16
lh3.googleusercontent.com/ 231 B
290 B 37ms
31ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/H7qUj5DToZ5yVmz_L_I8ONK3I1P-1DQg9QgYejs8Lp2ozfkJSO8kSwrH3kc5tBd4CcjaxJfXxmo_QkS6IDha4w=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d9fe2ac004861df640d03c18ba22aa04ce44c841f4672d65d785791c7f6ce5ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 231
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 ZK2SoVlvGI9iDbSVG7_1uY3zj0hENvVNq7PjVCZb6NXIm-IEnMhnLvjtOjeEcvshg1_5agL16QYj4tqWnxVnew=w16
lh3.googleusercontent.com/ 398 B
461 B 37ms
31ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ZK2SoVlvGI9iDbSVG7_1uY3zj0hENvVNq7PjVCZb6NXIm-IEnMhnLvjtOjeEcvshg1_5agL16QYj4tqWnxVnew=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

fc589cc734676f9036041dad7ab4909cb483e3e0fb859e53c9ba718eb2b93856

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 398
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 aYeke8440bZ2OyWrRXNjRwN88kkgO4nRt34R7IwHwew62WU8l7RY2OF9NkfodU8safOd3kHvl13cuRPhlz-2=w16
lh3.googleusercontent.com/ 231 B
293 B 36ms
30ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/aYeke8440bZ2OyWrRXNjRwN88kkgO4nRt34R7IwHwew62WU8l7RY2OF9NkfodU8safOd3kHvl13cuRPhlz-2=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

9bda86afc42cb8f1664e0fb4cb87f75a9acb9ce365f0101f475366f61b043dda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 231
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 YmqHW-doKJ_v_CoBIB1yqpRMmSMks1VFVnKATiufEj-ywZfm_Om3mP6OWSCQvwRvTRm6NSBl-ddSif6VYpf6=w16
lh3.googleusercontent.com/ 420 B
482 B 35ms
29ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/YmqHW-doKJ_v_CoBIB1yqpRMmSMks1VFVnKATiufEj-ywZfm_Om3mP6OWSCQvwRvTRm6NSBl-ddSif6VYpf6=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

585b5bd39ad329c2c2252aa5728086a1823434f7b37b5f5325a9e96ced2d7171

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 420
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 ESgmyR3f5F69BNHZBnzmvL4qEdLVkwNm3E5G0STbzV2mELhc4k6m_m09iM9EA5qhp9s57y6VDhzOdyLu1_gbBf8=w16
lh3.googleusercontent.com/ 419 B
482 B 35ms
29ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ESgmyR3f5F69BNHZBnzmvL4qEdLVkwNm3E5G0STbzV2mELhc4k6m_m09iM9EA5qhp9s57y6VDhzOdyLu1_gbBf8=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

cb525f60c933094cb82ec09e748c2958f1e5ace99ebb64c1cbd1aa24e483a9d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 419
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 r4kdt7rQd-SDSaj21geckrWk3qyMcjnDTbOMvvAagwoheR1urr4rrn7omlxcu7a9EzmFyZLymMHMo25YxuppVXk=w16
lh3.googleusercontent.com/ 423 B
486 B 36ms
30ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/r4kdt7rQd-SDSaj21geckrWk3qyMcjnDTbOMvvAagwoheR1urr4rrn7omlxcu7a9EzmFyZLymMHMo25YxuppVXk=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ebe99412125723327356cad72872052a3664dd5b1af9423fd5b1590eb0bda4bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 423
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 CLuER4WjE4SohKqviflwIUaB45pYMtzzrKRv8XbaYol9RSiHa5qEPv_BQuYKGsZGWvuTw3nF1d7doXsIKLi0=w16
lh3.googleusercontent.com/ 424 B
487 B 35ms
28ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/CLuER4WjE4SohKqviflwIUaB45pYMtzzrKRv8XbaYol9RSiHa5qEPv_BQuYKGsZGWvuTw3nF1d7doXsIKLi0=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

52cbcaa92d4379acf9c8d333a4e7a94cf957730870cf8f9137dcb2b14ebb4989

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 424
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 G5eARnMwwblcFhCyfzwpAQOmN3FhRYzZMGdoPKOA1W4qbaxz4WNt636WZA6B23qm_iYBOkXk3ArxFmGzZV_yvwI=w16
lh3.googleusercontent.com/ 415 B
474 B 38ms
31ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/G5eARnMwwblcFhCyfzwpAQOmN3FhRYzZMGdoPKOA1W4qbaxz4WNt636WZA6B23qm_iYBOkXk3ArxFmGzZV_yvwI=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d293ee3cf582df8e9c7a6c090c5ef75bfaf956317e33baa007128e13c51adc8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 415
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 center.js Show response
js.center.io/ 12 KB
5 KB 73ms
18ms Script
application/javascript 2001:4860:4802:34::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.center.io/center.js
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/limited-time-offer-4/?_ef_transaction_id=86048664de6243fc86a5590d71bed54b&utm_source=96&utm_campaign=&utm_medium=&id=&iocid=&oid=1&aff=96
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:27:21 GMT
content-encoding: gzip
server: Google Frontend
age: 69
etag: "OMWYXg"
content-type: application/javascript
x-cloud-trace-context: 8b3ad4397dee7eb92dfb2b0d38e83a8d
cache-control: public, max-age=300
content-length: 5417
expires: Fri, 05 May 2023 17:32:21 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 251 KB
83 KB 95ms
41ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ec9c75025ee77fbf9447cafe833f7b16af27d3c60a8294955d6da934d969b44f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 84867
x-xss-protection: 0
last-modified: Fri, 05 May 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 05 May 2023 17:28:30 GMT

GET
H2 200 cn6jPIS7oKwCInJ3b916fAhHFM_eeQ-Cwo-GU0yQwgIvu6hMYRzqF-K2dLxzAuTrXxPigHlgY0pprEYzYQ-9oCA=w16
lh3.googleusercontent.com/ 399 B
462 B 9ms
7ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/cn6jPIS7oKwCInJ3b916fAhHFM_eeQ-Cwo-GU0yQwgIvu6hMYRzqF-K2dLxzAuTrXxPigHlgY0pprEYzYQ-9oCA=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a6aa55d33b9fc7dc67c202f272d96d823d92b5094eae463bc04624194b0fbbf1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 399
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 EwzQnTAj3FsKgOdbdeZeZB11HyudlZq7x85lF8PpLVx8w4NLNr-3V7867fg0IMJQXeSGLaxUA63M2VoDZ_4JOg=w16
lh3.googleusercontent.com/ 422 B
484 B 9ms
8ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/EwzQnTAj3FsKgOdbdeZeZB11HyudlZq7x85lF8PpLVx8w4NLNr-3V7867fg0IMJQXeSGLaxUA63M2VoDZ_4JOg=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e3af0de29249dd8c24fcbd59120cf0d8696ea625ac64904058dd2327e0a027d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 422
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 en5eQGS7OSwcgI6coS960qCBUmoOvVF9vMcwxy5rK1GKzsnCsseGAoOZF3yl3ijlTPP4aHcM14-J6h7pWjIM5w=w16
lh3.googleusercontent.com/ 399 B
458 B 11ms
10ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/en5eQGS7OSwcgI6coS960qCBUmoOvVF9vMcwxy5rK1GKzsnCsseGAoOZF3yl3ijlTPP4aHcM14-J6h7pWjIM5w=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

9dd68156eaf50c82fc30619e23e7c8085a0e3b9b9b2095e933dfa8d6a28ac9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 399
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 OxRkQcXgAdVsmQ_XXaI6Xn25qZwDAgXwydhmfaozUdJyZVxJVxnLM2kyDfx_fc92_W_vRQmVWzRyiHZYKUyFPw=w16
lh3.googleusercontent.com/ 860 B
923 B 21ms
20ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/OxRkQcXgAdVsmQ_XXaI6Xn25qZwDAgXwydhmfaozUdJyZVxJVxnLM2kyDfx_fc92_W_vRQmVWzRyiHZYKUyFPw=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

0d58b87b0743851392119f2614ac7fdaf1f2b943e5e28f53a9199e10d1cee784

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 860
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 JZC-KnICfOvdCn-NkWZ7D8dWevfFqyM36s0rtgBhuXIbzwRw7Ys7ewqYoqAW6hF7EW5ePLTNbVu3TTEMRhaaPw=w16
lh3.googleusercontent.com/ 430 B
489 B 21ms
20ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/JZC-KnICfOvdCn-NkWZ7D8dWevfFqyM36s0rtgBhuXIbzwRw7Ys7ewqYoqAW6hF7EW5ePLTNbVu3TTEMRhaaPw=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a2f6f72c5e1a1fc0ba5152253acdf2964f42ef2d259d92aa2f4fc63d760b6b6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 430
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 0_dOdpZfQ6TbbTqXF4T6AGhz8mXHexaMe7QIz7D9vIu9eB0l6aQwvF6RNqL0TOo6DR5IB4efWU3bQJvwMaIJ=w16
lh3.googleusercontent.com/ 428 B
491 B 19ms
18ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/0_dOdpZfQ6TbbTqXF4T6AGhz8mXHexaMe7QIz7D9vIu9eB0l6aQwvF6RNqL0TOo6DR5IB4efWU3bQJvwMaIJ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

49b4681fc6a41d10bc9340d077ad5a8e34289092d68d0e8728cca1f9b7d02363

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 428
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 AItuMDlWviZeavp01sDiJWsrjDo3zX9wILgbqNyJe46EtnZy4GyLElC2BdeFInlPlXkAfju1NP9d-99Yfs00tg=w16
lh3.googleusercontent.com/ 430 B
493 B 20ms
19ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/AItuMDlWviZeavp01sDiJWsrjDo3zX9wILgbqNyJe46EtnZy4GyLElC2BdeFInlPlXkAfju1NP9d-99Yfs00tg=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

71947f7827aaada6779268465b7c05db11566497aa661961e86e83fe061a460e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 430
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 69sR3zl7OQXHha5zISOT9Qs_uPsC2eWA24Uz9jHOlC0EQ7m2eXpdFA16yOsiJi4VUouyBI5hnOAkNv6I336wk0ZjxlYKzsv0AQ=w16
lh3.googleusercontent.com/ 402 B
491 B 19ms
19ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/69sR3zl7OQXHha5zISOT9Qs_uPsC2eWA24Uz9jHOlC0EQ7m2eXpdFA16yOsiJi4VUouyBI5hnOAkNv6I336wk0ZjxlYKzsv0AQ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

4ebd979a9f0a79ff0d1526188ba0b95a5d36751f01fd16d1082779f2d11321b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 15:40:12 GMT
x-content-type-options: nosniff
age: 6498
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 402
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 15:40:12 GMT

GET
H2 200 ywepIvZWgcttUdC8IQpQqjtwTb4Xsin1ylNVOVfr8PFIslp83xYxlJQ0wu9l2xNq8m9ls_9oP4IbdNABkeG4_hltjwBeDAZ2vlU=s0
lh3.googleusercontent.com/ 22 KB
22 KB 11ms
10ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ywepIvZWgcttUdC8IQpQqjtwTb4Xsin1ylNVOVfr8PFIslp83xYxlJQ0wu9l2xNq8m9ls_9oP4IbdNABkeG4_hltjwBeDAZ2vlU=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

dff5c7a61358f77654f6f3c48ba16e33a4315bb57389075f380c408b250c73b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:01:41 GMT
x-content-type-options: nosniff
age: 1609
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22076
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:01:41 GMT

GET
H2 200 ZPiXT_syxe3P562Qx0SCYAlvVY6OlKnTOzMWR7E97WpuNu8ec68AMttCQCBOW3d_qtq5wmnwzckoMhSbrpC6nT9LkEXXNfxEx3I=s0
lh3.googleusercontent.com/ 39 KB
39 KB 19ms
9ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ZPiXT_syxe3P562Qx0SCYAlvVY6OlKnTOzMWR7E97WpuNu8ec68AMttCQCBOW3d_qtq5wmnwzckoMhSbrpC6nT9LkEXXNfxEx3I=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

12ad026eace6494ff61e221807c55802f6c7384c69f79439ff9765c3a3420abc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39437
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 ysrMHEBaPdf8nD2gq9fE9WKwbSE8O83fkUH8vIpTgaanZnlgppqb4lDsoPKOQjdpSMBV179CWZVBRjyqqZwG260=w16
lh3.googleusercontent.com/ 405 B
468 B 24ms
14ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ysrMHEBaPdf8nD2gq9fE9WKwbSE8O83fkUH8vIpTgaanZnlgppqb4lDsoPKOQjdpSMBV179CWZVBRjyqqZwG260=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

88dbe5929f2b6aa111649792d1353e2b5cdad3ddc8bf49350e236fd2b955e514

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 405
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 3i03-UIVjMCEfa1KR1urJ4EaGFOUZOF3MKnVAOLuyZ8d9_-yWT8Efhs50s6zpsDMTPeo--0HUt_MQ71cmWBxkw=w16
lh3.googleusercontent.com/ 438 B
497 B 25ms
16ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/3i03-UIVjMCEfa1KR1urJ4EaGFOUZOF3MKnVAOLuyZ8d9_-yWT8Efhs50s6zpsDMTPeo--0HUt_MQ71cmWBxkw=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

802b0e03789d326a08c22fef2dffdffb8d7691e13f410e7d1d6ce72ac6b765cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 438
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 e-cxxgIJnJYF5UUFPHCqxuUprD6vZN1q1-4dG1G2n84yArjC-kQnnCHfiQhmXAF0pI4Gfbo_kDBAVyYgMk06qvdi5MWrFIiwwF8=w16
lh3.googleusercontent.com/ 402 B
461 B 25ms
17ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/e-cxxgIJnJYF5UUFPHCqxuUprD6vZN1q1-4dG1G2n84yArjC-kQnnCHfiQhmXAF0pI4Gfbo_kDBAVyYgMk06qvdi5MWrFIiwwF8=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

4ebd979a9f0a79ff0d1526188ba0b95a5d36751f01fd16d1082779f2d11321b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 402
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 identify.html Show response
js.center.io/ Frame 0F17 4 KB
2 KB 26ms
26ms Document
text/html 2001:4860:4802:34::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.center.io/identify.html
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 0efa1e4687032588dae8d6d3a00a92e504a3a14b9d1bb23c19670a47c9792110

Request headers

Referer: https://go.behindthemarkets.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 200
cache-control: public, max-age=300
content-encoding: gzip
content-length: 2016
content-type: text/html
date: Fri, 05 May 2023 17:25:10 GMT
etag: "OMWYXg"
expires: Fri, 05 May 2023 17:30:10 GMT
server: Google Frontend
x-cloud-trace-context: 54ef968127a39a9b43ed17ce2efe7ea8

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/events/ 35 B
684 B 371ms
125ms XHR
image/gif 35.192.151.63
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/events/capture?k=view&a=leadpage&l=wzjrg5A6gThkzqZo9c3oVh&v=&e=&st=&lc=en-US&pid=bb4wMKcXKB896PwqF4vMVT-default-prop&uid=wWQgu3zki85pLyt7gpeKDS&sid=XAxTnKz2Qdzz4YpLzKf445&cid=lp-wzjrg5A6gThkzqZo9c3oVh&uri=https%3A%2F%2Fgo.behindthemarkets.com%2Flimited-time-offer-4%2F%3F_ef_transaction_id%3D86048664de6243fc86a5590d71bed54b%26utm_source%3D96%26utm_campaign%3D%26utm_medium%3D%26id%3D%26iocid%3D%26oid%3D1%26aff%3D96&rf=&rx=1600&ry=1200&tz=%2B00%3A00
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date: Fri, 05 May 2023 17:28:30 GMT
Server: Stargate
Transfer-Encoding: chunked
access-control-max-age: 600
Content-Type: image/gif
access-control-allow-origin: https://go.behindthemarkets.com
X-Forwarded-For: 80.255.10.204
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
Connection: keep-alive
x-request-id: 00obubhfq0201btb1tn0

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 115 KB
45 KB 54ms
25ms Script
application/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=OPT-K7WPB5K

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6566389e88db85a9cd108648237aed3d08e2c60ae4b7ce5a7ba056afc431e74b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45915
x-xss-protection: 0
last-modified: Fri, 05 May 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 05 May 2023 17:28:30 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 51 KB
21 KB 33ms
7ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 05 May 2023 17:05:04 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 1406
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Fri, 05 May 2023 19:05:04 GMT

GET
H2 200 ld.js Show response
dynamic.criteo.com/js/ld/ 44 KB
15 KB 89ms
40ms Script
application/javascript 2a02:2638:d::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://dynamic.criteo.com/js/ld/ld.js?a=93258

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

786448dc71eede8cd86dfe202f3d689378c6335c3845400ac5a75531b8d96d83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; preload;
server: Kestrel
vary: Origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public,max-age=10800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

GET
H2 200 / Show response
load.sumo.com/ 2 KB
2 KB 38ms
6ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/limited-time-offer-4/?_ef_transaction_id=86048664de6243fc86a5590d71bed54b&utm_source=96&utm_campaign=&utm_medium=&id=&iocid=&oid=1&aff=96
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:30 GMT
content-encoding: br
cdn-edgestorageid: 1049
x-amz-request-id: TRQXBGQAQP7625JS
cdn-cachedat: 04/11/2023 19:14:57
cdn-pullzone: 53731
x-amz-id-2: ixec4wyBUOFDAOzxzpg+zidhfAZwzGeaURWqKUThqbmEWyEv4Uknygl8EIf/drGIfcrAWUM2Frk=
last-modified: Wed, 05 Oct 2022 16:50:13 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"415c9608bc47ee8a16b3a2f2c0aee7b0"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=600
cdn-requestid: 48a78fefac051d0fce2e9827e14638f5
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 236 KB
81 KB 25ms
24ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

53c3b563cba0f8062a8592e2c2c799fdd926b049ebd1813da0b06ad999bd6079

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 82527
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 05 May 2023 17:28:30 GMT

GET
H3 200 BzEv7uyhqbIuwGPQJxdZTEvh36nksEIqTnjDrb_lbw0976g-e58LmT0eZXwy_99ZIvQGWIQlEXHJGha2NZwhJP0=w16
lh3.googleusercontent.com/ 4 KB
4 KB 9ms
9ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/BzEv7uyhqbIuwGPQJxdZTEvh36nksEIqTnjDrb_lbw0976g-e58LmT0eZXwy_99ZIvQGWIQlEXHJGha2NZwhJP0=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

022ecf3012cb860b832d3b5ec3ece8ea60cf9ccb86dfa9adcbe9408524137fac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3588
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H3 200 kkv59ZXN8Z8cKlRYxqwvObS4x5uNSnqWPBWnR6kxz8fSgJfm-TXLtIzd9XD30px2PCa9TLCMrk7cA5aZSnAT=w16
lh3.googleusercontent.com/ 3 KB
3 KB 9ms
9ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/kkv59ZXN8Z8cKlRYxqwvObS4x5uNSnqWPBWnR6kxz8fSgJfm-TXLtIzd9XD30px2PCa9TLCMrk7cA5aZSnAT=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

67b13e1b2f27e471305a7101016c71eff1939ff6ee7d1aba0ed566def3a52c4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3541
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H3 200 F7Q1_8XaYidLrefUWsD_6e9WBuXQ5xnu5fmPKRg4axf379uVWJfB2GZ_-1Ls3W0ugVT3pIBuhD1Pt3g-EoTKFA=w16
lh3.googleusercontent.com/ 3 KB
4 KB 11ms
11ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/F7Q1_8XaYidLrefUWsD_6e9WBuXQ5xnu5fmPKRg4axf379uVWJfB2GZ_-1Ls3W0ugVT3pIBuhD1Pt3g-EoTKFA=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

5a77eb41c6fbda2bca820c13f0ba719937c808d9f551b13fa0ecac156dd90b24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3564
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H3 200 p2O47t3CGWUkWyy5ZPAE0ng4ehil8EKO7BHEt9XvoLT_0NhUxYJNx54tbm8HEGiDAwlHKHeNlGXoDeUD-D9BjA=w16
lh3.googleusercontent.com/ 4 KB
4 KB 11ms
11ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/p2O47t3CGWUkWyy5ZPAE0ng4ehil8EKO7BHEt9XvoLT_0NhUxYJNx54tbm8HEGiDAwlHKHeNlGXoDeUD-D9BjA=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

5e9c6d55897ac9c0217abcbfd3fb482689c8061a3e3fbb57d0e9cc8f817415b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3634
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H3 200 RCGjxYTuepjcMb2bA7OSmSyRhC-o1yOAL_BQAOIG2o0DESqlrVUSNiOp6PoaiekkGbK_pWHmpCPONVB2D526=w16
lh3.googleusercontent.com/ 3 KB
3 KB 11ms
11ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/RCGjxYTuepjcMb2bA7OSmSyRhC-o1yOAL_BQAOIG2o0DESqlrVUSNiOp6PoaiekkGbK_pWHmpCPONVB2D526=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

74ad249e95da15fcfe75a67eb107d319fcdebb3810675944d12c0909ab9bf479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3558
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H3 200 mnZ5Lf4PIFK1JislIZ3o6kbQgNit6PFTyqOhXZBIkblnERU2sb53K68KsTNtqQ9-cFCyok23vaJyKWXK7nnt=w16
lh3.googleusercontent.com/ 3 KB
3 KB 10ms
10ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/mnZ5Lf4PIFK1JislIZ3o6kbQgNit6PFTyqOhXZBIkblnERU2sb53K68KsTNtqQ9-cFCyok23vaJyKWXK7nnt=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

1ab171096d2b38296a1577257695ad83771cbba1ad49a6c04a3a9ac2c7ce9e31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3554
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 32ms
8ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 06:10:15 GMT
x-content-type-options: nosniff
age: 559095
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Apr 2024 06:10:15 GMT

GET
H2 200 / Show response
btm-btm-btm.lpages.co/serve-leadbox/NcYxqUsAsLkrkeQU6QFqDL/ Frame E07B 91 KB
19 KB 511ms
234ms Document
text/html 35.202.21.90
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://btm-btm-btm.lpages.co/serve-leadbox/NcYxqUsAsLkrkeQU6QFqDL/?_ef_transaction_id=86048664de6243fc86a5590d71bed54b&aff=96&id=&iocid=&oid=1&utm_campaign=&utm_medium=&utm_source=96

Requested by

Host: embed.lpcontent.net
URL: https://embed.lpcontent.net/leadboxes/current/embed.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.202.21.90 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

90.21.202.35.bc.googleusercontent.com

Software

Leadpages /

Resource Hash

06a1e0cc5c1f0689019005ea9978d67ba512c08bec6aac123d2a9842d3caaa46

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://go.behindthemarkets.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-encoding: br
content-type: text/html
date: Fri, 05 May 2023 17:28:30 GMT
etag: W/"7d58c143902354d70b98eb9c1dc75dc6"
last-modified: Fri, 28 Apr 2023 14:19:40 GMT
server: Leadpages
strict-transport-security: max-age=15768000
vary: Accept-Encoding
x-cache: MISS, HIT

GET
H3 200 T-3lUZOkr0pGJTg2MtnJnPCAdxJl-PdaWePMpIUm6SACxhH30rYiJ__GYJwtKqQpllM0HVKLGlmwN24gcY3f=w129
lh3.googleusercontent.com/ 5 KB
5 KB 9ms
8ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/T-3lUZOkr0pGJTg2MtnJnPCAdxJl-PdaWePMpIUm6SACxhH30rYiJ__GYJwtKqQpllM0HVKLGlmwN24gcY3f=w129

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

71a0e7af96aa88155f06bb84e8b98a7a1e014b69aac7f0a7ccf5df0feb7066e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4759
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H3 200 n-SU2QHHlDctT5P7f9PGVlqioYi7pTTg8gvrwvg1ZlSiRL7bP8OT_fgfmJXYifHvL5xQ1K76TrDmpB7-T6cugKs=w832
lh3.googleusercontent.com/ 38 KB
39 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/n-SU2QHHlDctT5P7f9PGVlqioYi7pTTg8gvrwvg1ZlSiRL7bP8OT_fgfmJXYifHvL5xQ1K76TrDmpB7-T6cugKs=w832

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

9ce7c0c1b56dabf60220a6467217e3601a909ab2c157119fe0a81e5cb58ab683

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39413
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H3 200 -TFC9jwymVFSTYLZJwBNNd3_cpc7doEJWIawODlZoO0zvFjYItyDimfoc6tOz-bgtI7t0r8DYTMLo6QAQQk3Yw=w728
lh3.googleusercontent.com/ 96 KB
96 KB 16ms
15ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/-TFC9jwymVFSTYLZJwBNNd3_cpc7doEJWIawODlZoO0zvFjYItyDimfoc6tOz-bgtI7t0r8DYTMLo6QAQQk3Yw=w728

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c9dca43fca509197b562e986fd472933428d757daa065972e3c349a7f963856b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97949
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H3 200 Ag1U8DBGFuXf1H9sWrj9NjMaKEvgz7Ombpu9LUfiJnDAWnANfneCuZegr8dRCpGkU4uJJd-tO0NEHqSzzMBdkw=w728
lh3.googleusercontent.com/ 24 KB
24 KB 18ms
17ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/Ag1U8DBGFuXf1H9sWrj9NjMaKEvgz7Ombpu9LUfiJnDAWnANfneCuZegr8dRCpGkU4uJJd-tO0NEHqSzzMBdkw=w728

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e7d37f66bd7b7ac6eb4f7e0e70d397c6af31c1b0b1cc8a996e3e9bb76c41d0d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:24:56 GMT
x-content-type-options: nosniff
age: 214
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24807
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:24:56 GMT

GET
H2 200 72.0a035390359aab65eb82.js Show response
load.sumo.com/ 131 KB
44 KB 9ms
8ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/72.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:30 GMT
content-encoding: br
cdn-edgestorageid: 1082
x-amz-request-id: DWH3EZTXQGETBFDB
cdn-cachedat: 01/05/2023 13:19:16
cdn-pullzone: 53731
x-amz-id-2: Rw1xVINT2j50j9I6kG8DKvMCsaenbxK7VMBQ0tvyDvTYd5p/peDoVzbf2snyDrK0p3sjxYcqUro=
last-modified: Wed, 05 Oct 2022 16:49:50 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"a1c4ecc2ca5bc12d61068cd427f9729f"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: e36cdb77a46b73e44fd00cbdc08be6bb
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 73.0a035390359aab65eb82.js Show response
load.sumo.com/ 289 KB
100 KB 21ms
21ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/73.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:30 GMT
content-encoding: br
cdn-edgestorageid: 1081
x-amz-request-id: DWH88T81ZZEBPF44
cdn-cachedat: 01/05/2023 13:19:16
cdn-pullzone: 53731
x-amz-id-2: jOqTwrO7CKADB6A99P2KE8erCfBGDinliCUfMCHx9ofCH5Hyp/WWaFB+LMZTpDm3rXJNnXg+404=
last-modified: Wed, 05 Oct 2022 16:49:51 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"ad6f2454f01de902ffd473d51c1207bf"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 8f6c58fcaf422f7ab14263727fbe8824
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
214 B 16ms
15ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j100&a=1017077254&t=pageview&_s=1&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Flimited-time-offer-4%2F%3F_ef_transaction_id%3D86048664de6243fc86a5590d71bed54b%26utm_source%3D96%26utm_campaign%3D%26utm_medium%3D%26id%3D%26iocid%3D%26oid%3D1%26aff%3D96&ul=en-us&de=UTF-8&dt=%22Cut%20%26%20Paste%22&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABQAAAACAAI~&jid=1305103949&gjid=488866521&cid=1677722569.1683307710&tid=UA-102395123-1&_gid=1541630320.1683307710&_r=1&_slc=1&gtm=45He3530n81WNRH3TX&cd1=96&cd2=86048664de6243fc86a5590d71bed54b&cd3=false&cd4=false&cd5=false&cd6=false&cd7=false&z=388945669

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.behindthemarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 05 May 2023 17:28:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 94AE 15 KB
6 KB 47ms
15ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=go.behindthemarkets.com&origin=onetag

Requested by

Host: dynamic.criteo.com
URL: https://dynamic.criteo.com/js/ld/ld.js?a=93258

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

3014acc16bf3744b41bb869785bf686290d9834a5e6f69d4583c4e39fca26bff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://go.behindthemarkets.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 05 May 2023 17:28:30 GMT
server: Kestrel
server-processing-duration-in-ticks: 451557
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

POST
H2 204 collect
region1.analytics.google.com/g/ 0
259 B 53ms
15ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-8R6YNFMJ23&gtm=45je3530&_p=1017077254&_gaz=1&cid=1677722569.1683307710&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1683307710&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Flimited-time-offer-4%2F%3F_ef_transaction_id%3D86048664de6243fc86a5590d71bed54b%26utm_source%3D96%26utm_campaign%3D%26utm_medium%3D%26id%3D%26iocid%3D%26oid%3D1%26aff%3D96&dt=%22Cut%20%26%20Paste%22&en=page_view&_fv=1&_ss=1&epn.variant_id=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 May 2023 17:28:30 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
56 B 59ms
20ms Ping
text/plain 2a00:1450:400c:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-8R6YNFMJ23&cid=1677722569.1683307710&gtm=45je3530&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 May 2023 17:28:30 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 71ms
47ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8R6YNFMJ23&cid=1677722569.1683307710&gtm=45je3530&aip=1&z=1961517378

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 May 2023 17:28:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
354 B 50ms
19ms XHR
text/plain 2a00:1450:400c:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-102395123-1&cid=1677722569.1683307710&jid=1305103949&gjid=488866521&_gid=1541630320.1683307710&_u=YEBAAEAAQAAAACAAI~&z=1324790588

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.behindthemarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 05 May 2023 17:28:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 73ms
49ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-102395123-1&cid=1677722569.1683307710&jid=1305103949&_u=YEBAAEAAQAAAACAAI~&z=719434994

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 May 2023 17:28:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 46ms
45ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-102395123-1&cid=1677722569.1683307710&jid=1305103949&_u=YEBAAEAAQAAAACAAI~&z=719434994

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 May 2023 17:28:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 94AE
Redirect Chain

https://gum.criteo.com/sid/json?origin=onetag&domain=behindthemarkets.com&sn=ChromeSyncframe&so=0&topUrl=go.behindthemarkets.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=HZjYMHxraTZEVWk4ZXhrcGd5Y21HY3JjMDFXRlJVWFl5Qi9NSmNkOGVVYjI3aGFEby9uWGlzcGlUS25jNEorV2hOeEpYTlVXcC9OQnVmSnI5N3pyanR2Nzc5bk11RTgzTGFsN2YwbFNLQ1hTL1lMcGxhNUs2aGpiM2ZqOE...

473 B
682 B

81ms
20ms

Fetch
application/json

178.250.7.13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=HZjYMHxraTZEVWk4ZXhrcGd5Y21HY3JjMDFXRlJVWFl5Qi9NSmNkOGVVYjI3aGFEby9uWGlzcGlUS25jNEorV2hOeEpYTlVXcC9OQnVmSnI5N3pyanR2Nzc5bk11RTgzTGFsN2YwbFNLQ1hTL1lMcGxhNUs2aGpiM2ZqOEJac1hDN0dJNWhWVlZjaXJwOUl1Nno5OW5TUDJBR0FiTWViY2x2ajNFZU5PUU1OVDRmdncyWmxPZit4WUU1NjJqbjBwN1JQRitwT21NZmdISWZrVmp2cks5QTlINkpiRVIzbm9VTEEzczFwaEVEb0xUeUlqeEVxbDQ5S3I0OWpOeVhjTElXWU1XYjUyeXBDQllYNVJOY0NseVBkTEhZQzJIREt1T3M0Z3ZEWnc0bFhWMENZcz18&cppv=2

Requested by

Protocol

Server

178.250.7.13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

a25a2dc269c0a5f092a91c7edcb606232b3124f113306f772ce1229cc0ce2044

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 May 2023 17:28:30 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1385061
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 05 May 2023 17:28:29 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=HZjYMHxraTZEVWk4ZXhrcGd5Y21HY3JjMDFXRlJVWFl5Qi9NSmNkOGVVYjI3aGFEby9uWGlzcGlUS25jNEorV2hOeEpYTlVXcC9OQnVmSnI5N3pyanR2Nzc5bk11RTgzTGFsN2YwbFNLQ1hTL1lMcGxhNUs2aGpiM2ZqOEJac1hDN0dJNWhWVlZjaXJwOUl1Nno5OW5TUDJBR0FiTWViY2x2ajNFZU5PUU1OVDRmdncyWmxPZit4WUU1NjJqbjBwN1JQRitwT21NZmdISWZrVmp2cks5QTlINkpiRVIzbm9VTEEzczFwaEVEb0xUeUlqeEVxbDQ5S3I0OWpOeVhjTElXWU1XYjUyeXBDQllYNVJOY0NseVBkTEhZQzJIREt1T3M0Z3ZEWnc0bFhWMENZcz18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 321754
content-length: 0
expires: 0

GET
H3 200 click Show response
www.behindthemarkets-btm.com/sdk/ 85 B
854 B 153ms
152ms Fetch
application/json 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.behindthemarkets-btm.com/sdk/click?effp=e49b5491e6280dd358307c32d481d73f&sec_ch_ua_platform=&sec_ch_ua_platform_version=&_ef_transaction_id=86048664de6243fc86a5590d71bed54b&oid=1&affid=96&__cc=&async=json&source_id=96&creative_id=
Requested by: Host: www.behindthemarkets-btm.com
URL: https://www.behindthemarkets-btm.com/scripts/sdk/everflow.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba85697c1faa26b11569e3877c0f3b0b35821d072df9c0fcc4015215d53add08

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:30 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ch: Sec-Ch-Ua-Platform-Version
server: cloudflare
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VscRVw5bENfTnbjxRrBQo6kj6fMj92GJ5ssDg3yzCkUfg9omiL%2FRfVh%2FrM3VgV3qUl5om3ZDaonpo6TEB1nPuZpLihb4HfkHCQRT1jrDGjjj6BgwNby2f3vLJLnMzeGyvPNqzab60uwQ4pvdiwVmGSrtozvab9gVzqTc"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
x-eflow-request-id: 801a2a25-4b60-4550-a4b9-8c6548449c59
cf-ray: 7c2ab347ad5d9b3d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 click Show response
www.behindthemarkets-btm.com/sdk/ 85 B
820 B 146ms
146ms Fetch
application/json 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.behindthemarkets-btm.com/sdk/click?effp=e49b5491e6280dd358307c32d481d73f&sec_ch_ua_platform=&sec_ch_ua_platform_version=&_ef_transaction_id=86048664de6243fc86a5590d71bed54b&oid=1&affid=96&__cc=&async=json&source_id=96&creative_id=
Requested by: Host: www.behindthemarkets-btm.com
URL: https://www.behindthemarkets-btm.com/scripts/sdk/everflow.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba85697c1faa26b11569e3877c0f3b0b35821d072df9c0fcc4015215d53add08

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:30 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ch: Sec-Ch-Ua-Platform-Version
server: cloudflare
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DllLNGQwVpam4GN2W7pZ4gLYK0CkoDMLIwDDNePnZZpP7YODOi7ztihx4SMzYFCLIvPsza471uiUgkMsrYqdSUBoXneMk2P%2FQ2EH1mPg%2FkdDbCj2gVf5Y6es5Z4%2BGEOZ6M8Zy2Qem77U6xtTrB2ZCy4tOHj3CdmFj5Ge"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
x-eflow-request-id: fb17c079-6330-43b2-ae4f-68805de2dfb8
cf-ray: 7c2ab347cd829b3d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2

200

event Show response
widget.us.criteo.com/
Redirect Chain

https://sslwidget.criteo.com/event?a=93258&v=5.15.0&p0=e%3Dce%26m%3D%255Bnull%255D%26h%3Dsha256&p1=e%3Dexd%26z%3Dnull%26site_type%3Dd&p2=e%3Dvp%26p%3D1%26tms%3Dcustom-guide&p3=e%3Ddis&adce=1&bundle...
https://widget.us.criteo.com/event?a=93258&v=5.15.0&p0=e%3Dce%26m%3D%255Bnull%255D%26h%3Dsha256&p1=e%3Dexd%26z%3Dnull%26site_type%3Dd&p2=e%3Dvp%26p%3D1%26tms%3Dcustom-guide&p3=e%3Ddis&adce=1&bundle...

8 KB
4 KB

309ms
103ms

Script
application/x-javascript

74.119.119.150
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.us.criteo.com/event?a=93258&v=5.15.0&p0=e%3Dce%26m%3D%255Bnull%255D%26h%3Dsha256&p1=e%3Dexd%26z%3Dnull%26site_type%3Dd&p2=e%3Dvp%26p%3D1%26tms%3Dcustom-guide&p3=e%3Ddis&adce=1&bundle=z1s5gl9BdEpPYzZpJTJGeTdjeXIyNU9PeiUyRk5MZkRDOSUyQjdyZDNmeGswMlk5UEMwTWFmJTJCbFR2OE1KYW5lQ2IzZWJEaUh4Z0NIZCUyRmY0OGNyNFFHSFhNVWdwRnJsdXMyVENVQWpER1MwTXJZclZHNyUyQmglMkZ0MDJ4M2N2V2VxN0hESXVObThMUXk4VUJVdmolMkZ6N3JYTkVXMGsxaG10T3olMkJCZThuUUclMkJhdzV5RGJpWVpGMGkxcyUzRA&tld=behindthemarkets.com&dy=1&fu=https%253A%252F%252Fgo.behindthemarkets.com%252Flimited-time-offer-4%252F%253F_ef_transaction_id%253D86048664de6243fc86a5590d71bed54b%2526utm_source%253D96%2526utm_campaign%253D%2526utm_medium%253D%2526id%253D%2526iocid%253D%2526oid%253D1%2526aff%253D96&ceid=629e7af5-e403-4bbd-af29-5b26c66c82ca&dtycbr=81369

Requested by

Protocol

Server

74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

ea40db5f808cb4dafbc4335a1dd31b90aa4080a1fa19d172037868d004d5161e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 May 2023 17:28:30 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Kestrel
content-type: application/x-javascript
access-control-allow-origin: *
p3p: NON DSP COR CURa PSA PSD OUR BUS NAV STA
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 11177925
timing-allow-origin: *
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 05 May 2023 17:28:30 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://widget.us.criteo.com/event?a=93258&v=5.15.0&p0=e%3Dce%26m%3D%255Bnull%255D%26h%3Dsha256&p1=e%3Dexd%26z%3Dnull%26site_type%3Dd&p2=e%3Dvp%26p%3D1%26tms%3Dcustom-guide&p3=e%3Ddis&adce=1&bundle=z1s5gl9BdEpPYzZpJTJGeTdjeXIyNU9PeiUyRk5MZkRDOSUyQjdyZDNmeGswMlk5UEMwTWFmJTJCbFR2OE1KYW5lQ2IzZWJEaUh4Z0NIZCUyRmY0OGNyNFFHSFhNVWdwRnJsdXMyVENVQWpER1MwTXJZclZHNyUyQmglMkZ0MDJ4M2N2V2VxN0hESXVObThMUXk4VUJVdmolMkZ6N3JYTkVXMGsxaG10T3olMkJCZThuUUclMkJhdzV5RGJpWVpGMGkxcyUzRA&tld=behindthemarkets.com&dy=1&fu=https%253A%252F%252Fgo.behindthemarkets.com%252Flimited-time-offer-4%252F%253F_ef_transaction_id%253D86048664de6243fc86a5590d71bed54b%2526utm_source%253D96%2526utm_campaign%253D%2526utm_medium%253D%2526id%253D%2526iocid%253D%2526oid%253D1%2526aff%253D96&ceid=629e7af5-e403-4bbd-af29-5b26c66c82ca&dtycbr=81369
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3277675
timing-allow-origin: *
content-length: 0
expires: 0

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/observations/ 35 B
446 B 350ms
119ms XHR
image/gif 35.192.151.63
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=khXvQTvgDmQvxknfHiaHXu&kind=timer,counter,text&label=lb_embed_embed_script_load,lb_embed_exit-intent_tigger_queue,lb_embed_leadbox_embedded&value=149.70000076293945,1,NcYxqUsAsLkrkeQU6QFqDL
Requested by: Host: embed.lpcontent.net
URL: https://embed.lpcontent.net/leadboxes/current/embed.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date: Fri, 05 May 2023 17:28:31 GMT
Server: Stargate
Transfer-Encoding: chunked
access-control-max-age: 600
Content-Type: image/gif
access-control-allow-origin: https://go.behindthemarkets.com
X-Forwarded-For: 80.255.10.204
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
Connection: keep-alive
x-request-id: 00obubmgtihds4fj6i4g

GET
H2 200 all.min.css
static.leadpages.net/fonts/font-awesome/5.14.0/css/ Frame E07B 58 KB
14 KB 11ms
9ms Stylesheet
text/css 34.107.203.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css
Requested by: Host: btm-btm-btm.lpages.co
URL: https://btm-btm-btm.lpages.co/serve-leadbox/NcYxqUsAsLkrkeQU6QFqDL/?_ef_transaction_id=86048664de6243fc86a5590d71bed54b&aff=96&id=&iocid=&oid=1&utm_campaign=&utm_medium=&utm_source=96
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.203.240 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.203.107.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 00:01:05 GMT
content-encoding: gzip
via: 1.1 google
server: Google Frontend
age: 235645
etag: "BTybeQ"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-cloud-trace-context: 0818dbc07bad12054208afc3e76df105
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14628
expires: Thu, 02 May 2024 00:01:05 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame E07B 11 KB
883 B 21ms
20ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,500,700

Requested by

Host: btm-btm-btm.lpages.co
URL: https://btm-btm-btm.lpages.co/serve-leadbox/NcYxqUsAsLkrkeQU6QFqDL/?_ef_transaction_id=86048664de6243fc86a5590d71bed54b&aff=96&id=&iocid=&oid=1&utm_campaign=&utm_medium=&utm_source=96

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

940a2780647ad473c6d299a32d22b5adea4ac667fd3adcf46cfe8441dbdaeba7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://btm-btm-btm.lpages.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 05 May 2023 17:28:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 05 May 2023 16:30:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 05 May 2023 17:28:30 GMT

GET
H2

200

spectre.min.css
unpkg.com/spectre.css@0.5.9/dist/ Frame E07B
Redirect Chain

https://unpkg.com/spectre.css/dist/spectre.min.css
https://unpkg.com/spectre.css@0.5.9/dist/spectre.min.css

46 KB
10 KB

19ms
19ms

Stylesheet
text/css

2606:4700::6810:7daf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/spectre.css@0.5.9/dist/spectre.min.css

Requested by

Protocol

Server

2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

beb6e5817e7f1f16be8426abc571e4882ee5bfdbf3d24de63623ca5018d8f7aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://btm-btm-btm.lpages.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:30 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 10282829
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01FRR5RJ0QJRFQSW9JXJP05EMQ
server: cloudflare
etag: W/"b640-gQ07fCV82R4u/3QXaqBjXwq8x+8"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c2ab3495a6c6933-FRA

Redirect headers

date: Fri, 05 May 2023 17:28:30 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: EXPIRED
fly-request-id: 01GZPFAJED11GGW8KN10X18B4V-fra
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /spectre.css@0.5.9/dist/spectre.min.css
cache-control: public, s-maxage=600, max-age=60
cf-ray: 7c2ab3493a386933-FRA

GET
H2

200

spectre-exp.min.css
unpkg.com/spectre.css@0.5.9/dist/ Frame E07B
Redirect Chain

https://unpkg.com/spectre.css/dist/spectre-exp.min.css
https://unpkg.com/spectre.css@0.5.9/dist/spectre-exp.min.css

23 KB
4 KB

20ms
20ms

Stylesheet
text/css

2606:4700::6810:7daf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/spectre.css@0.5.9/dist/spectre-exp.min.css

Requested by

Protocol

Server

2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c53fc919da515cc21b389888f6d7a95f69303b518a7f735c11534473f4e2eec7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://btm-btm-btm.lpages.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:30 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 5728485
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01FWZWKJ9NJKC0VN5WTN7NETYY-fra
server: cloudflare
etag: W/"5c9f-xu4/dhgg88SClaf2EtNgCRsbXuA"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c2ab3498a926933-FRA

Redirect headers

date: Fri, 05 May 2023 17:28:30 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: EXPIRED
fly-request-id: 01GZPFAJEDZFNAMFGZXNVHETGG-fra
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /spectre.css@0.5.9/dist/spectre-exp.min.css
cache-control: public, s-maxage=600, max-age=60
cf-ray: 7c2ab3493a3b6933-FRA

GET
H2

200

spectre-icons.min.css
unpkg.com/spectre.css@0.5.9/dist/ Frame E07B
Redirect Chain

https://unpkg.com/spectre.css/dist/spectre-icons.min.css
https://unpkg.com/spectre.css@0.5.9/dist/spectre-icons.min.css

9 KB
2 KB

20ms
19ms

Stylesheet
text/css

2606:4700::6810:7daf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/spectre.css@0.5.9/dist/spectre-icons.min.css

Requested by

Protocol

Server

2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b9dbc4e3ab31dc403745b54ac6ca7f853ecd69084036b8be7de5a1890ccec49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://btm-btm-btm.lpages.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:30 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 20270153
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01FFEH2CK8ZTV28JEQHNJ2PZ5E
server: cloudflare
etag: W/"2296-zDQAAP+l3l3eglqbK/5ezmaPOAg"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c2ab349aab26933-FRA

Redirect headers

date: Fri, 05 May 2023 17:28:30 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: EXPIRED
fly-request-id: 01GZPFAJER93V8QXDKKXX7ABP2-fra
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /spectre.css@0.5.9/dist/spectre-icons.min.css
cache-control: public, s-maxage=600, max-age=60
cf-ray: 7c2ab3493a3f6933-FRA

GET
H2 200 validator.min.js Show response
cdnjs.cloudflare.com/ajax/libs/validator/10.8.0/ Frame E07B 31 KB
11 KB 140ms
13ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/validator/10.8.0/validator.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e2c27b9ba576b52452df883ee0d1e4c2bcf284dd948611e484c1797a5b2ed0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://btm-btm-btm.lpages.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 335024
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10199
last-modified: Mon, 04 May 2020 16:17:27 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04017-7d11"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z%2B5LSa1U8BBjaGHubZsJ52%2BrrkLQQaoS5jwD7%2FcjE%2FElemxE%2BWA7iJB%2FttVyrmtDsD0DZsNUFxVpL%2FIC0MeJTQJACUjHRMBbQZdwrPQc8Puc9PtFKukKXO0XkEkt9oXEVGQ4BeW0vHElYf1T5QpTYKQs"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7c2ab3493f20906a-FRA
expires: Wed, 24 Apr 2024 17:28:30 GMT

GET
H3 200 VLgIlRWwyuqrKOm736AjXTjkROiss352Mgs5-M-Ui16nTG9YsmHhynwbjI8-yA2ZV0iHc0AuC-swQE2K7juRgCDf5-ERBRM-rU8E=w16
lh3.googleusercontent.com/ Frame E07B 305 B
330 B 8ms
8ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/VLgIlRWwyuqrKOm736AjXTjkROiss352Mgs5-M-Ui16nTG9YsmHhynwbjI8-yA2ZV0iHc0AuC-swQE2K7juRgCDf5-ERBRM-rU8E=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d56ad0781875c34060e15e238f8f8cb621c132675a63e3b90ffe23a2918e4639

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://btm-btm-btm.lpages.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:01:42 GMT
x-content-type-options: nosniff
age: 1608
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 305
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 06 May 2023 17:01:42 GMT

GET
H2 200 center.js Show response
js.center.io/ Frame E07B 12 KB
5 KB 17ms
17ms Script
application/javascript 2001:4860:4802:34::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.center.io/center.js
Requested by: Host: btm-btm-btm.lpages.co
URL: https://btm-btm-btm.lpages.co/serve-leadbox/NcYxqUsAsLkrkeQU6QFqDL/?_ef_transaction_id=86048664de6243fc86a5590d71bed54b&aff=96&id=&iocid=&oid=1&utm_campaign=&utm_medium=&utm_source=96
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://btm-btm-btm.lpages.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:25:15 GMT
content-encoding: gzip
server: Google Frontend
age: 196
etag: "OMWYXg"
content-type: application/javascript
x-cloud-trace-context: 6c30eeabd4b7eb3d1b006b75c0ae0c21
cache-control: public, max-age=300
content-length: 5417
expires: Fri, 05 May 2023 17:30:15 GMT

GET
H2 200 identify.html Show response
js.center.io/ Frame 41A2 4 KB
2 KB 19ms
19ms Document
text/html 2001:4860:4802:34::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.center.io/identify.html
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 0efa1e4687032588dae8d6d3a00a92e504a3a14b9d1bb23c19670a47c9792110

Request headers

Referer: https://btm-btm-btm.lpages.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 57
cache-control: public, max-age=300
content-encoding: gzip
content-length: 2016
content-type: text/html
date: Fri, 05 May 2023 17:27:34 GMT
etag: "OMWYXg"
expires: Fri, 05 May 2023 17:32:34 GMT
server: Google Frontend
x-cloud-trace-context: 3396801911efed9cc8265f22430037e3

POST
H2 200 / Show response
sumo.com/api/load/ 887 B
1 KB 754ms
188ms XHR
application/json 34.220.132.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/load/

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.220.132.2 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-220-132-2.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

b68897214db0067165fd89ce589bf5a846a3a2a75f62404a9390455a0df02bae

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://go.behindthemarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Fri, 05 May 2023 17:28:31 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 887

GET
H/1.1 200
OK capture
api.leadpages.io/analytics/v1/observations/ 35 B
355 B 118ms
118ms Image
image/gif 35.192.151.63
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?version=1.7.13&origin=page-speed&kind=timer,timer,timer,timer,timer,timer,timer,timer,timer,timer&label=domain-lookup,connect,request,ttfb,response,loading,interactive,content-loaded,complete,load&value=394,327,230,952,131,955,1305,1306,2166,2183
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date: Fri, 05 May 2023 17:28:31 GMT
Server: Stargate
Transfer-Encoding: chunked
X-Forwarded-For: 80.255.10.204
Content-Type: image/gif
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
Connection: keep-alive
x-request-id: 00obubnlv63rne2bf6a0

GET
H2

200

sync
x.bidswitch.net/ul_cb/ Frame 5941
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=46&user_id=k-qbJQ6IDNVIUjOxRithn0XRvapRdidNYPmQWYzQ&expires=30
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-qbJQ6IDNVIUjOxRithn0XRvapRdidNYPmQWYzQ&expires=30

43 B
346 B

15ms
15ms

Image
image/gif

52.58.138.0
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-qbJQ6IDNVIUjOxRithn0XRvapRdidNYPmQWYzQ&expires=30
Protocol: H2
Server: 52.58.138.0 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-138-0.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:31 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

location: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-qbJQ6IDNVIUjOxRithn0XRvapRdidNYPmQWYzQ&expires=30
date: Fri, 05 May 2023 17:28:31 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame 5941
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-xVM6SIDNVIUjOxRithn0XRvapRca2gtd1_wX5A&google_cm&google_hm=ay14Vk02U0lETlZJVWpPeFJpdGhuMFhSdmFwUmNhMmd0Z...
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc=&google_ula=913071&CriteoUserId=k-xVM6SIDNVIUjOxRithn0XRvapRca2gtd1_wX5A&google_cm=&google_hm=ay14Vk02U0lETlZJVWpPeFJpdGhuMFhSdmFwUmNhMmd...
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-xVM6SIDNVIUjOxRithn0XRvapRca2gtd1_wX5A&google_gid=CAESEMka4Y2R8Oq83DdOqFngTK0&google_cver=1&google_ula=913071,0

43 B
369 B

17ms
17ms

Image
image/gif

178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-xVM6SIDNVIUjOxRithn0XRvapRca2gtd1_wX5A&google_gid=CAESEMka4Y2R8Oq83DdOqFngTK0&google_cver=1&google_ula=913071,0

Protocol

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 May 2023 17:28:30 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 763123
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 05 May 2023 17:28:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-xVM6SIDNVIUjOxRithn0XRvapRca2gtd1_wX5A&google_gid=CAESEMka4Y2R8Oq83DdOqFngTK0&google_cver=1&google_ula=913071,0
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 398
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/appnexus/ Frame 5941
Redirect Chain

https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=4147679896857796734

43 B
371 B

63ms
17ms

Image
image/gif

178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=4147679896857796734

Protocol

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 May 2023 17:28:30 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1131353
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Fri, 05 May 2023 17:28:31 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.10.204; 80.255.10.204; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 3358aef5-4f1d-454d-afa7-3f36a1df4ddd
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=4147679896857796734
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

bounce
secure.adnxs.com/ Frame 5941
Redirect Chain

https://secure.adnxs.com/setuid?entity=52&code=k-0fLXz4DNVIUjOxRithn0XRvapRcyVNqdifiFuQ
https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-0fLXz4DNVIUjOxRithn0XRvapRcyVNqdifiFuQ

43 B
1 KB

17ms
17ms

Image
image/gif

185.89.210.20
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-0fLXz4DNVIUjOxRithn0XRvapRcyVNqdifiFuQ

Protocol

HTTP/1.1

Server

185.89.210.20 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 May 2023 17:28:31 GMT
AN-X-Request-Uuid: 38fe4fb0-81f6-4881-b51e-32add80f6037
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 80.255.10.204; 80.255.10.204; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 05 May 2023 17:28:31 GMT
AN-X-Request-Uuid: d1ae1c1a-cb41-4827-b69a-1f541288eb5f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-0fLXz4DNVIUjOxRithn0XRvapRcyVNqdifiFuQ
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.10.204; 80.255.10.204; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 cksync.php
contextual.media.net/ Frame 5941 61 B
802 B 84ms
49ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-j9ojIoDNVIUjOxRithn0XRvapRdB_U-voXd8lg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Fri, 05 May 2023 17:28:31 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 61
x-mnet-hl2: E
expires: Fri, 05 May 2023 17:28:31 GMT

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame 5941 0
239 B 283ms
10ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-XIakAoDNVIUjOxRithn0XRvapRdaZ7vjyNtOlQ&expires=30
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: c1913d0f161dfd12bb229b87994a2d1d
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 204 v1
match.sharethrough.com/sync/ Frame 5941 0
362 B 59ms
13ms Image
text/plain 18.197.126.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-DcccV4DNVIUjOxRithn0XRvapRe3qJRvct20aQ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.126.100 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-126-100.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:31 GMT

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame 5941 43 B
163 B 349ms
23ms Image
image/gif 185.86.138.152
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-52qBToDNVIUjOxRithn0XRvapRfihNDI_VuvAQ
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.152 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:30 GMT
transfer-encoding: chunked
content-type: image/gif

GET
H2 200 /
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame 5941 0
99 B 107ms
16ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-gjz39YDNVIUjOxRithn0XRvapRfG9Aa96G6sYg
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:31 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 16198

GET
H2 200 um
criteo-sync.teads.tv/ Frame 5941 23 B
172 B 87ms
37ms Image
image/gif 104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-sync.teads.tv/um?eid=80&uid=k-6KjbCYDNVIUjOxRithn0XRvapRdeAhiSRJgFNg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Fri, 05 May 2023 17:28:31 GMT
pragma: no-cache
date: Fri, 05 May 2023 17:28:31 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H2 200 xuid
eb2.3lift.com/ Frame 5941 37 B
140 B 43ms
11ms Image
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2711&xuid=k-ZWaDtoDNVIUjOxRithn0XRvapRfZ5sgqHU_RNA&dongle=013b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:31 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H2

204

sync
ups.analytics.yahoo.com/ups/58301/ Frame 5941
Redirect Chain

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-kXGTnYDNVIUjOxRithn0XRvapRehD16XD4qrew
https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-kXGTnYDNVIUjOxRithn0XRvapRehD16XD4qrew&verify=true

0
121 B

13ms
13ms

Image
text/plain

3.75.62.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-kXGTnYDNVIUjOxRithn0XRvapRehD16XD4qrew&verify=true

Protocol

Server

3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.57 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:31 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-kXGTnYDNVIUjOxRithn0XRvapRehD16XD4qrew&verify=true
date: Fri, 05 May 2023 17:28:31 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 pixel
cm.adform.net/ Frame 5941 43 B
163 B 351ms
26ms Image
image/gif 37.157.4.25
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=15&adform_pc=k-JTIhQYDNVIUjOxRithn0XRvapRdbQs17kB97UQ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:31 GMT
last-modified: Wed, 11 Oct 2017 14:26:30 GMT
server: nginx
accept-ranges: bytes
etag: "59de2a16-2b"
content-length: 43
content-type: image/gif

GET
H2 200 sync
visitor.omnitagjs.com/visitor/ Frame 5941 49 B
235 B 173ms
32ms Image
image/gif 185.255.84.152
IGUANE-

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://visitor.omnitagjs.com/visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-sOfy4IDNVIUjOxRithn0XRvapReLk7ApNKEq5w

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.255.84.152 , France, ASN200271 (IGUANE-, FR),

Reverse DNS

Software

ayl-lb-fra02 /

Resource Hash

d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 May 2023 17:28:31 GMT
x-content-type-options: nosniff
server: ayl-lb-fra02
vary: Accept-Encoding
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 6
content-length: 49
expires: 0

GET
H/1.1

200
OK

rum
r.casalemedia.com/ Frame 5941
Redirect Chain

https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-oWSSS4DNVIUjOxRithn0XRvapReI-RitUoSlpQ
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-oWSSS4DNVIUjOxRithn0XRvapReI-RitUoSlpQ&C=1

43 B
766 B

10ms
10ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-oWSSS4DNVIUjOxRithn0XRvapReI-RitUoSlpQ&C=1
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 May 2023 17:28:31 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Fri, 05 May 2023 17:28:31 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=20&external_user_id=k-oWSSS4DNVIUjOxRithn0XRvapReI-RitUoSlpQ&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/ Frame 5941
Redirect Chain

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=_-opgNeREz_7oaX_vR8oeNSINsaGprqy
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=_-opgNeREz_7oaX_vR8oeNSINsaGprqy

42 B
942 B

37ms
37ms

Image
image/gif

54.229.40.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=_-opgNeREz_7oaX_vR8oeNSINsaGprqy

Protocol

HTTP/1.1

Server

54.229.40.109 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-229-40-109.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v048-0d6777522.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: BPbD5fSmS7s=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v048-0f9a9001c.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: Juvh90FgR5A=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=_-opgNeREz_7oaX_vR8oeNSINsaGprqy
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200 9.gif
id5-sync.com/s/966/ Frame 5941 43 B
1 KB 146ms
8ms Image
image/gif 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/s/966/9.gif?puid=k-lI1yVoDNVIUjOxRithn0XRvapRcKT5fbC5AEyQ

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Fri, 05 May 2023 17:28:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

GET
H2

200

match
ad.360yield.com/ul_cb/ Frame 5941
Redirect Chain

https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-uwfBbYDNVIUjOxRithn0XRvapReWl7IvjSoIqw
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-uwfBbYDNVIUjOxRithn0XRvapReWl7IvjSoIqw

43 B
447 B

59ms
59ms

Image
image/gif

34.251.27.114
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-uwfBbYDNVIUjOxRithn0XRvapReWl7IvjSoIqw
Protocol: H2
Server: 34.251.27.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-251-27-114.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 05 May 2023 17:28:31 GMT
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

location: https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-uwfBbYDNVIUjOxRithn0XRvapReWl7IvjSoIqw
access-control-allow-origin: *
date: Fri, 05 May 2023 17:28:31 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 sync
matching.ivitrack.com/ Frame 5941 42 B
274 B 131ms
18ms Image
image/gif 34.117.157.22
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://matching.ivitrack.com/sync?realm=criteo&uid=k-do7DkIDNVIUjOxRithn0XRvapReojzOQt-hy8A
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.157.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 22.157.117.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:31 GMT
x-envoy-decorator-operation: tag-manager.programmatic.svc.cluster.local:3000/*
via: 1.1 google
server: istio-envoy
content-type: image/gif
cache-control: public, max-age=86400
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H2 200 push
exchange.mediavine.com/usersync/ Frame 5941 0
883 B 83ms
12ms Image
text/html 52.59.76.204
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://exchange.mediavine.com/usersync/push?partner=criteo&partnerId=k-OSCZQYDNVIUjOxRithn0XRvapRfvV-Q6SugrBw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.59.76.204 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-59-76-204.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:31 GMT
cache-control: private, no-cache
access-control-allow-credentials: true
content-encoding: gzip
vary: Origin, Accept-Encoding
content-type: text/html; charset=utf-8

GET
H/1.1 200
OK cookie-sync
sync.outbrain.com/ Frame 5941 0
145 B 712ms
88ms Image
text/plain 64.202.112.191
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=criteo&uid=k-UGStxoDNVIUjOxRithn0XRvapRfPBykWC2IvSg&initiator=partner
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.191 Chicago, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date: Fri, 05 May 2023 17:28:32 GMT
Cache-Control: no-cache
X-TraceId: 1e85a9fb64d443776f7984903554a9f8
Content-Length: 0

GET
H2 200 Pug
simage2.pubmatic.com/AdServer/ Frame 5941 42 B
581 B 113ms
25ms Image
image/gif 185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-I_HUB4DNVIUjOxRithn0XRvapRc1Si4hdZxrSg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Fri, 05 May 2023 17:28:31 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 sync
criteo-partners.tremorhub.com/ Frame 5941 43 B
399 B 320ms
95ms Image
image/gif 2600:1f18:612b:4200:8644:8d9:b2a6:8733
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-partners.tremorhub.com/sync?UICR=k-05D9goDNVIUjOxRithn0XRvapRdupvUypdiBLw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4200:8644:8d9:b2a6:8733 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Fri, 05 May 2023 17:28:31 GMT
server: nginx
content-type: image/gif

GET
H2 200 getusermatch.php
a.twiago.com/rtb/ Frame 5941 43 B
153 B 95ms
24ms Image
image/gif 85.215.5.31
CRONON-BERLIN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.twiago.com/rtb/getusermatch.php?dataid=6&external_user_id=k-yyAmDYDNVIUjOxRithn0XRvapReHQbgk8um_pA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.215.5.31 Berlin, Germany, ASN6786 (CRONON-BERLIN-AS, DE),
Reverse DNS
Software: Apache / PHP/7.3.29
Resource Hash: 5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 05 May 2023 17:28:31 GMT
server: Apache
x-powered-by: PHP/7.3.29
content-length: 43
content-type: image/gif

GET
H/1.1 204
No Content m
ad.yieldlab.net/ Frame 5941 0
400 B 122ms
54ms Image
text/plain 23.209.16.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.yieldlab.net/m?dt_id=8664&ext_id=k-JL2PuYDNVIUjOxRithn0XRvapRc7NPvmddxVjQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.209.16.125 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-209-16-125.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 May 2023 17:28:31 GMT
Cache-Control: no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Connection: keep-alive
Expires: Thu, 04 May 2023 17:28:31 GMT

GET
H2 200 sync
sync-criteo.ads.yieldmo.com/ Frame 5941 0
38 B 166ms
30ms Image
text/plain 34.255.56.232
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-criteo.ads.yieldmo.com/sync?id=k-OZJBHYDNVIUjOxRithn0XRvapRcv4td1yRkJgg&pn_id=criteo&ext=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.255.56.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-255-56-232.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:31 GMT
content-length: 0

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 5941
Redirect Chain

https://gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40
https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=iL-M-_k0nMPkjbX5HVhkCbiGdJgGI5g9

0
338 B

315ms
33ms

Image
text/plain

34.250.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=iL-M-_k0nMPkjbX5HVhkCbiGdJgGI5g9
Protocol: H2
Server: 34.250.66.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-250-66-43.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-served-by: beacon-n016-dub-prod.krxd.net
date: Fri, 05 May 2023 17:28:31 GMT
cache-control: private, no-cache, no-store
x-request-time: D=31 t=1683307711
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=iL-M-_k0nMPkjbX5HVhkCbiGdJgGI5g9
date: Fri, 05 May 2023 17:28:31 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 867976
content-length: 0

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/observations/ 35 B
446 B 117ms
117ms XHR
image/gif 35.192.151.63
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=khXvQTvgDmQvxknfHiaHXu&kind=timer&label=lb_embed_leadbox_load&value=781.1000003814697
Requested by: Host: embed.lpcontent.net
URL: https://embed.lpcontent.net/leadboxes/current/embed.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date: Fri, 05 May 2023 17:28:31 GMT
Server: Stargate
Transfer-Encoding: chunked
access-control-max-age: 600
Content-Type: image/gif
access-control-allow-origin: https://go.behindthemarkets.com
X-Forwarded-For: 80.255.10.204
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
Connection: keep-alive
x-request-id: 00obubqqrlpvg7o7t1vg

GET
H2

200

cs
s.thebrighttag.com/ Frame 5941
Redirect Chain

https://gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40
https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=peeVNb6X-P1j7EMgaJQf_byKCvsMlxO3

35 B
268 B

356ms
103ms

Image
image/gif

3.136.150.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=peeVNb6X-P1j7EMgaJQf_byKCvsMlxO3
Protocol: H2
Server: 3.136.150.106 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-136-150-106.us-east-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 May 2023 17:28:32 GMT
x-bt-requestid: 41ba42e0-eb6a-11ed-9aa6-0000ac1701a3
server: nginx
content-type: image/gif
access-control-allow-origin
p3p: CP=NOI DSP COR NID
cache-control: private, must-revalidate
content-length: 35
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=peeVNb6X-P1j7EMgaJQf_byKCvsMlxO3
date: Fri, 05 May 2023 17:28:31 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 905747
content-length: 0

POST
H2 200 services Show response
sumo.com/ 205 B
604 B 182ms
182ms XHR
application/json 34.220.132.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/services

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.220.132.2 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-220-132-2.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

c5265b2a343e05fcaf0cd05b0dd03975c4d83e4168eafea7236a99ee46caf79e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

X-Sumo-Auth: iP7UY8UzLhky74WtfWtAjTaL
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://go.behindthemarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Fri, 05 May 2023 17:28:32 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
content-length: 205

OPTIONS
H2 204 services
sumo.com/ Frame 0
0 188ms
187ms Preflight 34.220.132.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sumo.com/services
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 34.220.132.2 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-220-132-2.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: x-sumo-auth
Access-Control-Request-Method: POST
Origin: https://go.behindthemarkets.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-origin: https://go.behindthemarkets.com
access-control-max-age: 2592000
date: Fri, 05 May 2023 17:28:32 GMT
server: nginx

GET
H2 200 7.0a035390359aab65eb82.js Show response
load.sumo.com/ 97 KB
34 KB 9ms
8ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/7.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: c60b93effcbac344d2c30270e0d97323af0f64f43f3ac4d8abd486a875477169

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:32 GMT
content-encoding: br
cdn-edgestorageid: 1047
x-amz-request-id: ZM2R02GRGNX9EBDR
cdn-cachedat: 11/29/2022 14:21:06
cdn-pullzone: 53731
x-amz-id-2: 6Uct0YYNdbCW/ZV+X806N5k2SLIUfwCScBxujkYfYxnvydFAIqFQDkE35mFVZTucbR75hDyYNdU=
last-modified: Wed, 05 Oct 2022 16:49:48 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"3fa9c18f727d4b42fb894fda90a374e1"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 7c7559d2e3d278dde4e914164e3bfa8b
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 4.0a035390359aab65eb82.js Show response
load.sumo.com/ 5 KB
3 KB 13ms
11ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/4.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 3f351eef4b0a3ccd70ff9d4239851252a0a6eba79471e530f9deec0b3421d132

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:32 GMT
content-encoding: br
cdn-edgestorageid: 722
x-amz-request-id: Q11XYR0G2MA9NQD2
cdn-cachedat: 04/22/2023 15:31:50
cdn-pullzone: 53731
x-amz-id-2: LD9G/JG6iF9bMUFah6EKVV+EDFpc87uYmPgoK7/T8UDofj+NTJvXT+/BG17+HiXcA2YNW30qcrI=
last-modified: Wed, 05 Oct 2022 16:49:25 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"a39d043b7c7bba70750cf288ee5ef71a"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: df00f4ef394c5d730f3900db95c43bec
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 2.0a035390359aab65eb82.js Show response
load.sumo.com/ 3 KB
2 KB 13ms
12ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/2.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 5dc9d61931a73fa03b59af510868b7e89e4523df5a53935212ca8a9b31af0b8d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:32 GMT
content-encoding: br
cdn-edgestorageid: 1076
x-amz-request-id: X714PX85F1S81D8N
cdn-cachedat: 01/04/2023 08:52:36
cdn-pullzone: 53731
x-amz-id-2: ay2gZ9j3qtMDw71Zrkn8IPScUEq8sulVOv2utI+ZiuxSW0qLlCgpNXQiBB3YHxfUgKiUU1/1GnE=
last-modified: Wed, 05 Oct 2022 16:49:10 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"6bfdf1ae8492f107706ac037915be663"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 2791f4a5b207a8838d228ab404f00824
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 10.0a035390359aab65eb82.js Show response
load.sumo.com/ 11 KB
5 KB 30ms
29ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/10.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 4b6753aef2f81a4813434523b259d9d19f368ae41cd40162bf0897bc4e334cb9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:32 GMT
content-encoding: br
cdn-edgestorageid: 1047
x-amz-request-id: 8H6583FJAZXVYJYJ
cdn-cachedat: 12/01/2022 21:36:39
cdn-pullzone: 53731
x-amz-id-2: A9ivu1CixIgcqh3Y/y01dq5RzW7fj1Y9RFIsH/veBZiTo4vaOg1kxVWztuBQ6RiwS1HnCZ21hU0=
last-modified: Wed, 05 Oct 2022 16:48:57 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"fc263e7087822a0b00ff93677d6df4ea"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 4e66f98e6f78a6df642cc2fb13933e37
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 22.0a035390359aab65eb82.js Show response
load.sumo.com/ 92 KB
25 KB 21ms
20ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/22.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 4c2a0a41bdbc55f5d0f74f367110639cb7fe35122a7a140846d1395d21609a6d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:32 GMT
content-encoding: br
cdn-edgestorageid: 865
x-amz-request-id: 8H66YZT7N65S41SE
cdn-cachedat: 12/01/2022 21:36:39
cdn-pullzone: 53731
x-amz-id-2: KiE2DoSfnLvwAH1SfzgHlD5TMSJDvAVsQXCbE944HYtpLVmdxXr7wupFgu9rHNN4puNsQ4QbeVg=
last-modified: Wed, 05 Oct 2022 16:49:12 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"8af82c4c30a069f66de02526c2f332af"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 914644fa9006ff5d26c6208a54e62282
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 23.0a035390359aab65eb82.js Show response
load.sumo.com/ 329 KB
94 KB 13ms
12ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/23.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 36aecd4542cf4c62f3d0b0517e0e560aabd649e4efcfce254a95c5adeb388a5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:32 GMT
content-encoding: br
cdn-edgestorageid: 1054
x-amz-request-id: 8H60651DKFV67ZXG
cdn-cachedat: 12/01/2022 21:36:39
cdn-pullzone: 53731
x-amz-id-2: SjiT0RKhCauNoE59lBsM90wrjy/68oZNh8h0MIV5w4ywTIREXQSSU9LOXSVNS8GX5R77Q9enVW4=
last-modified: Wed, 05 Oct 2022 16:49:12 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"be0b945be6cafa91f6fd4efdfc8268f8"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: c2f0289af290774733ca01f8efafe52d
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 21.0a035390359aab65eb82.js Show response
load.sumo.com/ 179 KB
51 KB 17ms
16ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/21.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 967ff48c41053bf7c36f819b71ee6b509bd9971857397d74b41c75acc5bd27ae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:32 GMT
content-encoding: br
cdn-edgestorageid: 755
x-amz-request-id: BY6JY14G1GXW5J63
cdn-cachedat: 04/26/2023 08:07:12
cdn-pullzone: 53731
x-amz-id-2: OpQV4N3cLrYOZaX4KoLpfgFlS1Zi2VgivJlFX3dfhADzykKHEe8eQ8EJ4L+1JYIBOmqDoYdxMvU=
last-modified: Wed, 05 Oct 2022 16:49:11 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"beda094dfc3b530efd0d2d83c5a0280c"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: eeaa3e16f020bc3980abcb206cdb41c1
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 64.0a035390359aab65eb82.js Show response
load.sumo.com/ 1 KB
1 KB 22ms
21ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/64.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: fe39eced72c33ae4c1b3bdd9843bc853265b9909040d41555faa02f62cb29ef2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:32 GMT
content-encoding: br
cdn-edgestorageid: 863
x-amz-request-id: 8H61N35G2RBQ7PXF
cdn-cachedat: 12/01/2022 21:36:39
cdn-pullzone: 53731
x-amz-id-2: 2w7cYZUJJNgeoP6s/3b6y2HlDGRF1zJA8DeFY/fnWC5/T9knCZT/pMhpS7oIZZ0DdFloaxYpaaM=
last-modified: Wed, 05 Oct 2022 16:49:45 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"d200986501135078d1fbd7f480e7bb08"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: cc32183be5e1b4daafb65ea0c1c0d557
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 0.0a035390359aab65eb82.js Show response
load.sumo.com/ 5 KB
3 KB 11ms
10ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/0.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: dd9c85c873b9b644468988e8165e079b0e747a550ce13fa3f7d0c1839b0fd503

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:32 GMT
content-encoding: br
cdn-edgestorageid: 860
x-amz-request-id: C2QMR5M8QTNPQTZZ
cdn-cachedat: 11/29/2022 14:21:07
cdn-pullzone: 53731
x-amz-id-2: xxZe2xEJbPuTiu6w4dDd34BYH5aWaK9GlNrZA4m3oeBGCKtjLNOK5Y2owYinVzy8CWGRcKVfgVM=
last-modified: Wed, 05 Oct 2022 16:48:56 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"31baf056af3800bbd6e4f9e8b445d052"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 1cd9bf7a2677c09bb5dd7918d25163e8
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 96.0a035390359aab65eb82.js Show response
load.sumo.com/ 1 MB
80 KB 11ms
11ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/96.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 535f84cffe4a18de721d24bd0f6a46f059068d48daf2327d143e0397431cbb14

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:32 GMT
content-encoding: br
cdn-edgestorageid: 1079
x-amz-request-id: XWKRNVEYKVGXS6YD
cdn-cachedat: 01/05/2023 11:06:14
cdn-pullzone: 53731
x-amz-id-2: IntQ+szr6mKJ0x7DGOyjRfmM9xwH4XePzJz2Mc3V7pI37Y9eKYYGS0bRGrtYqwWPnB3Zsxp04WI=
last-modified: Wed, 05 Oct 2022 16:50:09 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"f33273f5c8e8dd3d010a11b209891b91"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: d1eb380d7b6f580ca5ddfaf03071c440
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 97.0a035390359aab65eb82.js Show response
load.sumo.com/ 221 B
993 B 27ms
26ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/97.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 71b3e9761dec1834f8152f030e564ed3ccee88e6f133764557faadbebf869c2d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 17:28:32 GMT
content-encoding: br
cdn-edgestorageid: 722
x-amz-request-id: CDP3X7NTWFBD6T6D
cdn-cachedat: 04/22/2023 15:31:47
cdn-pullzone: 53731
x-amz-id-2: OvEqlz8w+p0hS5QJwYz57kVWf3oesMT3EcWXnPo3yameRpJ6L0BgPYi8m1q3nwQbnwxCDCWCBk4=
last-modified: Wed, 05 Oct 2022 16:50:09 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"857476cf6e94c14c223d4481353b4c19"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 5d1232d5d8a9012f25589519496d3f6f
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 css
fonts.googleapis.com/ 32 KB
1 KB 19ms
19ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:200italic,300italic,400italic,500italic,600italic,700italic,800italic,900italic,200,300,400,500,600,700,800

Requested by

Host: client
URL: about:client

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

abe3a9cedd995b871be9c9dfd657cd41a58253968ec3b74d30ce2b648ed275b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 05 May 2023 17:28:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 05 May 2023 16:14:06 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 05 May 2023 17:28:32 GMT

GET
H2 200 features Show response
sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/ 3 KB
1 KB 189ms
188ms XHR
application/json 34.220.132.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/features?site_id=7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.220.132.2 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-220-132-2.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

058f76d93a417240888fe7522aca5a1322f3ff8f86ddc950a3c347f0a1ac57da

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://go.behindthemarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
X-Sumo-Auth: iP7UY8UzLhky74WtfWtAjTaL

Response headers

date: Fri, 05 May 2023 17:28:32 GMT
content-encoding: gzip
server: nginx
etag: "-362431178"
x-frame-options: SAMEORIGIN
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow

OPTIONS
H2 204 features
sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/ Frame 0
0 179ms
179ms Preflight 34.220.132.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/features?site_id=7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 34.220.132.2 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-220-132-2.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: x-sumo-auth
Access-Control-Request-Method: GET
Origin: https://go.behindthemarkets.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-origin: https://go.behindthemarkets.com
access-control-max-age: 2592000
date: Fri, 05 May 2023 17:28:32 GMT
server: nginx

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/observations/ 35 B
446 B 123ms
122ms XHR
image/gif 35.192.151.63
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?version=1.8.6&correlateBy=uugsecFfUY5EPjxCS7n2GX&origin=center-js&kind=timer,timer,counter,timer&label=load-center,load-identify,ident-new,send-events&value=83.19999980926514,50,1,372.1000003814697
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date: Fri, 05 May 2023 17:28:34 GMT
Server: Stargate
Transfer-Encoding: chunked
access-control-max-age: 600
Content-Type: image/gif
access-control-allow-origin: https://go.behindthemarkets.com
X-Forwarded-For: 80.255.10.204
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
Connection: keep-alive
x-request-id: 00obucihqsn7q58mqa30

GET capture
api.leadpages.io/analytics/v1/observations/ Frame E07B 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: api.leadpages.io
URL: https://api.leadpages.io/analytics/v1/observations/capture?version=1.8.6&correlateBy=2o4fz8YpWRxcUp6wchvXZW&origin=center-js&kind=timer,timer,counter&label=load-center,load-identify,ident-exists&value=213.0999994277954,28.699999809265137,1

Verdicts & Comments Add Verdict or Comment

37 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

52 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.api.leadpages.io/analytics/v1/events/capture	1970-01-20 11:36:34	Name: view.bb4wMKcXKB896PwqF4vMVT-default-prop.wzjrg5A6gThkzqZo9c3oVh Value: 1683307710000
go.behindthemarkets.com/limited-time-offer-4	1970-01-20 12:18:19	Name: __smVID Value: 1c686237a6b9caa9696fc9a7f2534c7bcd102aaca925e72c977f93e6a8fe9b2d
www.marketbeat.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: za4ckm4t5djmobw5wsnsq3rd
js.center.io/	1970-01-20 21:11:07	Name: centerVisitorId Value: wWQgu3zki85pLyt7gpeKDS
.behindthemarkets.com/	1970-01-20 13:44:43	Name: _gcl_au Value: 1.1.348228718.1683307710
.behindthemarkets.com/	1970-01-20 11:36:34	Name: _gid Value: GA1.2.1541630320.1683307710
.behindthemarkets.com/	1970-01-20 11:35:07	Name: _gat_UA-102395123-1 Value: 1
.behindthemarkets.com/	1970-01-20 21:11:07	Name: _ga Value: GA1.1.1677722569.1683307710
.criteo.com/	1970-01-20 20:56:43	Name: uid Value: 1cafc9bd-f8c1-4b2f-b0fd-aae6f664ab52
.behindthemarkets.com/	1970-01-20 21:11:07	Name: _ga_8R6YNFMJ23 Value: GS1.1.1683307710.1.0.1683307710.60.0.0
.behindthemarkets.com/	1970-01-20 21:04:31	Name: cto_bundle Value: z1s5gl9BdEpPYzZpJTJGeTdjeXIyNU9PeiUyRk5MZkRDOSUyQjdyZDNmeGswMlk5UEMwTWFmJTJCbFR2OE1KYW5lQ2IzZWJEaUh4Z0NIZCUyRmY0OGNyNFFHSFhNVWdwRnJsdXMyVENVQWpER1MwTXJZclZHNyUyQmglMkZ0MDJ4M2N2V2VxN0hESXVObThMUXk4VUJVdmolMkZ6N3JYTkVXMGsxaG10T3olMkJCZThuUUclMkJhdzV5RGJpWVpGMGkxcyUzRA
go.behindthemarkets.com/	1970-01-20 12:18:19	Name: ef_witness Value: 1
go.behindthemarkets.com/	1970-01-20 12:18:19	Name: ef_tid_c_o_1 Value: 86048664de6243fc86a5590d71bed54b\|86048664de6243fc86a5590d71bed54b
go.behindthemarkets.com/	1970-01-20 12:18:19	Name: ef_tid_c_a_2 Value: 86048664de6243fc86a5590d71bed54b\|86048664de6243fc86a5590d71bed54b
match.sharethrough.com/	1970-01-20 11:45:12	Name: AWSALBCORS Value: q7h9oTZFDDxFrbw6E1Uiy5CySY3HjekzgpGEzexlVBnyqkD1AJwVc8GiRiUcCmyzTA+djq4bn0A7rPyt7tzpwlJUeRDc41BAnP9U4IBl56sM+fIrlx2F6qCTZZwG
.media.net/	1970-01-20 20:20:43	Name: visitor-id Value: 3263093119172486000V10
.media.net/	1970-01-20 12:18:19	Name: data-c-ts Value: 1683307711
.media.net/	1970-01-20 12:18:19	Name: data-c Value: k-j9ojIoDNVIUjOxRithn0XRvapRdB_U-voXd8lg~~3
.bidswitch.net/	1970-01-20 20:20:43	Name: tuuid Value: fdd96bc8-2967-40b5-9937-7692c9d7e3f8
.bidswitch.net/	1970-01-20 20:20:43	Name: c Value: 1683307711
.bidswitch.net/	1970-01-20 20:20:43	Name: tuuid_lu Value: 1683307711
.doubleclick.net/	1970-01-20 20:56:43	Name: IDE Value: AHWqTUnSKrOvniKS9YbgQf1RNx7CUXsh-BMBj2jTSzM7rgOzVy0-hDrZNFkrINUckHc
.demdex.net/	1970-01-20 15:54:19	Name: demdex Value: 66935847027809487861717664760816923784
.dpm.demdex.net/	1970-01-20 15:54:19	Name: dpm Value: 66935847027809487861717664760816923784
.id5-sync.com/	1970-01-20 11:35:08	Name: cf Value:
.id5-sync.com/	1970-01-20 11:35:08	Name: cip Value:
.id5-sync.com/	1970-01-20 11:35:08	Name: cnac Value:
.id5-sync.com/	1970-01-20 11:35:08	Name: car Value:
.id5-sync.com/	1970-01-20 11:35:08	Name: gdpr Value:
.id5-sync.com/	1970-01-20 11:35:08	Name: callback Value:
.casalemedia.com/	1970-01-20 20:20:43	Name: CMID Value: ZFU8v4PA1tV3o9dPnhCb1QAA
.casalemedia.com/	1970-01-20 13:44:43	Name: CMPS Value: 3297
.casalemedia.com/	1970-01-20 13:44:43	Name: CMPRO Value: 3297
.yahoo.com/	1970-01-20 20:21:05	Name: A3 Value: d=AQABBL88VWQCEG5tIrJKSBtUZc_QwyWbrogFEgEBAQGOVmRfZOAYyiMA_eMAAA&S=AQAAApPo18F29wvScgayyi8MXIE
.analytics.yahoo.com/	1970-01-20 20:20:43	Name: IDSYNC Value: 18zh~2bh5
.360yield.com/	1970-01-20 13:44:43	Name: tuuid Value: 51c11a40-62ae-49ef-978f-366ab6ca1d7e
.360yield.com/	1970-01-20 13:44:43	Name: tuuid_lu Value: 1683307711
.360yield.com/	1970-01-20 13:44:43	Name: um Value: !38,I54x02xPkHY.8Ozxdmeyb6RlDJAwnwyIdq6NPmtUB6qQsN9eLzL3n7wFJfetmFS9yAiH8TTN,1691083711
.360yield.com/	1970-01-20 13:44:43	Name: umeh Value: !38,0,1745515711,-1
exchange.mediavine.com/	1970-01-20 11:55:17	Name: mv_tokens Value: %7B%22mv_uuid%22%3A%22416b1170-eb6a-11ed-bc33-ad0c43e8be95%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/	1970-01-20 11:55:17	Name: mv_tokens_eu-v1 Value: %7B%22mv_uuid%22%3A%22416b1170-eb6a-11ed-bc33-ad0c43e8be95%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/	1970-01-20 11:55:17	Name: am_tokens Value: %7B%22mv_uuid%22%3A%22416b1170-eb6a-11ed-bc33-ad0c43e8be95%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/	1970-01-20 11:55:17	Name: am_tokens_eu-v1 Value: %7B%22mv_uuid%22%3A%22416b1170-eb6a-11ed-bc33-ad0c43e8be95%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/	1970-01-20 11:55:17	Name: criteo Value: %7B%22id%22%3A%22k-OSCZQYDNVIUjOxRithn0XRvapRfvV-Q6SugrBw%22%2C%22version%22%3A%22criteo%22%7D
.pubmatic.com/	1970-01-20 12:18:19	Name: KRTBCOOKIE_97 Value: 3385-uid:k-I_HUB4DNVIUjOxRithn0XRvapRc1Si4hdZxrSg&KRTB&23144-uid:k-I_HUB4DNVIUjOxRithn0XRvapRc1Si4hdZxrSg&KRTB&23286-uid:k-I_HUB4DNVIUjOxRithn0XRvapRc1Si4hdZxrSg&KRTB&23287-uid:k-I_HUB4DNVIUjOxRithn0XRvapRc1Si4hdZxrSg
.pubmatic.com/	1970-01-20 12:18:19	Name: PugT Value: 1683307711
.krxd.net/	1970-01-20 15:54:19	Name: _kuid_ Value: PiV_V7kJ
.adnxs.com/	1970-01-20 13:44:43	Name: uuid2 Value: 284001653775847994
.tremorhub.com/	1970-01-20 20:21:04	Name: tvid Value: 33d5459c08f74b0fb79171e7c47600fb
.tremorhub.com/	1970-01-20 12:18:19	Name: tv_UICR Value: k-05D9goDNVIUjOxRithn0XRvapRdupvUypdiBLw
.adnxs.com/	1970-01-20 13:44:43	Name: anj Value: dTM7k!M4/rCxrEQF']wIg2InAj(sJN!]tbPl@/D!9hy6]/CwgFguX:1e8SGV4Kr>n.y3hG/P:NZ['B4w1Q.[^>v:^2cul^>loAP1z['-bpRzqF1`beAh-85GU
go.behindthemarkets.com/	1970-01-20 20:20:43	Name: __smToken Value: iP7UY8UzLhky74WtfWtAjTaL

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.twiago.com
ad.360yield.com
ad.yieldlab.net
api.leadpages.io
beacon.krxd.net
btm-btm-btm.lpages.co
cdnjs.cloudflare.com
cm.adform.net
cm.g.doubleclick.net
contextual.media.net
criteo-partners.tremorhub.com
criteo-sync.teads.tv
dis.criteo.com
dpm.demdex.net
dynamic.criteo.com
eb2.3lift.com
embed.lpcontent.net
exchange.mediavine.com
fonts.googleapis.com
fonts.gstatic.com
go.behindthemarkets.com
gum.criteo.com
ib.adnxs.com
id5-sync.com
js.center.io
lh3.googleusercontent.com
load.sumo.com
match.sharethrough.com
matching.ivitrack.com
mug.criteo.com
pixel.rubiconproject.com
r.casalemedia.com
region1.analytics.google.com
rtb-csync.smartadserver.com
s.thebrighttag.com
secure.adnxs.com
simage2.pubmatic.com
sslwidget.criteo.com
static.leadpages.net
stats.g.doubleclick.net
sumo.com
sync-criteo.ads.yieldmo.com
sync-t1.taboola.com
sync.outbrain.com
unpkg.com
ups.analytics.yahoo.com
visitor.omnitagjs.com
widget.us.criteo.com
www.behindthemarkets-btm.com
www.google-analytics.com
www.google.com
www.google.de
www.googleoptimize.com
www.googletagmanager.com
www.marketbeat.com
x.bidswitch.net
api.leadpages.io
104.111.217.42
141.226.228.48
162.19.138.119
178.250.1.9
178.250.7.11
178.250.7.13
18.197.126.100
185.255.84.152
185.64.190.80
185.80.39.216
185.86.138.152
185.89.210.20
2.18.235.93
2001:4860:4802:34::15
2001:4860:4802:34::36
216.58.212.162
23.209.16.125
2400:52e0:1e00::1081:1
2600:1f18:612b:4200:8644:8d9:b2a6:8733
2606:4700:3108::ac42:2b0e
2606:4700::6810:7daf
2606:4700::6811:190e
2a00:1450:4001:808::200e
2a00:1450:4001:809::2008
2a00:1450:4001:80b::2001
2a00:1450:4001:80f::2004
2a00:1450:4001:827::2003
2a00:1450:4001:827::200e
2a00:1450:4001:82b::200a
2a00:1450:400c:c07::9b
2a02:2638:3::c
2a02:2638:d::10
2a06:98c1:3120::3
3.136.150.106
3.75.62.37
34.107.203.240
34.117.157.22
34.220.132.2
34.250.66.43
34.251.27.114
34.255.56.232
35.192.151.63
35.202.21.90
37.157.4.25
37.252.171.22
52.58.138.0
52.59.76.204
54.229.40.109
64.202.112.191
69.173.144.165
74.119.119.150
76.223.111.18
85.215.5.31
022ecf3012cb860b832d3b5ec3ece8ea60cf9ccb86dfa9adcbe9408524137fac
058f76d93a417240888fe7522aca5a1322f3ff8f86ddc950a3c347f0a1ac57da
06a1e0cc5c1f0689019005ea9978d67ba512c08bec6aac123d2a9842d3caaa46
0d1aad9a434590d1c60dbf3d079df20d70cde2c2afd0c20773c60d0b9cacde9b
0d58b87b0743851392119f2614ac7fdaf1f2b943e5e28f53a9199e10d1cee784
0db972dea92bf7469a431d2820ffb388cff26a3d7be700ee81f2e36ee3974e05
0eb28d90e19b1fd3b42ea09cf5ff871e572e250e3cbf8531036d3c8a69df0cc0
0efa1e4687032588dae8d6d3a00a92e504a3a14b9d1bb23c19670a47c9792110
12ad026eace6494ff61e221807c55802f6c7384c69f79439ff9765c3a3420abc
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7
18242158163fb9c2864cf67400e9e05ba25a96fe25eb39bdb5c9b8c7164991e6
1ab171096d2b38296a1577257695ad83771cbba1ad49a6c04a3a9ac2c7ce9e31
1b98e634435daa1012e8b83a1bb203eceab9742472b45c84ac1d98a729af412d
2b9dbc4e3ab31dc403745b54ac6ca7f853ecd69084036b8be7de5a1890ccec49
2f1dcbe6d55182c8db429872524d1abaaf57a3a91e53cae074f15b366c8c37cf
3014acc16bf3744b41bb869785bf686290d9834a5e6f69d4583c4e39fca26bff
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
345d333ce5a7d44a9503d94b85abacc393a6d70d0d62da52f7aa96781b0c231e
3684abe518534ed96b6bf7c7b90f54b1fc004ffee736d135aa7ee2eca2b19e63
36aecd4542cf4c62f3d0b0517e0e560aabd649e4efcfce254a95c5adeb388a5c
3c770cf58bc37a49b3bc7e8a8ae53168e3ae6fe8d379bd77395ac37bc9880111
3cf85ecb4a6becc6460dc3e65472ca30c4ea836366cd3d6bd54e315c6f7c31e3
3e426e330d152fce1b2e4a53ff4062cfe1531acca6f02c9b5329009d496aad05
3f351eef4b0a3ccd70ff9d4239851252a0a6eba79471e530f9deec0b3421d132
414f94aa5dc74ec228d6aa7f37c1d79db206ff8326ded24a0cded97b75a6dfc5
49b4681fc6a41d10bc9340d077ad5a8e34289092d68d0e8728cca1f9b7d02363
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b6753aef2f81a4813434523b259d9d19f368ae41cd40162bf0897bc4e334cb9
4c2a0a41bdbc55f5d0f74f367110639cb7fe35122a7a140846d1395d21609a6d
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e10bba92c73c63033b55dd271a5d535b2073d328a780a65df1eeb9714271b7a
4ebd979a9f0a79ff0d1526188ba0b95a5d36751f01fd16d1082779f2d11321b9
52cbcaa92d4379acf9c8d333a4e7a94cf957730870cf8f9137dcb2b14ebb4989
535f84cffe4a18de721d24bd0f6a46f059068d48daf2327d143e0397431cbb14
53c3b563cba0f8062a8592e2c2c799fdd926b049ebd1813da0b06ad999bd6079
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5590f038f87169772f0bb512d942481838ac73230926fb92c4ff8db9a19b2296
5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc
585b5bd39ad329c2c2252aa5728086a1823434f7b37b5f5325a9e96ced2d7171
5a2e1f2aa00f7357621a7d10adaef3c61cfa258e8e72239cfeaafdb20c304bff
5a77eb41c6fbda2bca820c13f0ba719937c808d9f551b13fa0ecac156dd90b24
5dc9d61931a73fa03b59af510868b7e89e4523df5a53935212ca8a9b31af0b8d
5e9c6d55897ac9c0217abcbfd3fb482689c8061a3e3fbb57d0e9cc8f817415b6
6566389e88db85a9cd108648237aed3d08e2c60ae4b7ce5a7ba056afc431e74b
67b13e1b2f27e471305a7101016c71eff1939ff6ee7d1aba0ed566def3a52c4d
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
71947f7827aaada6779268465b7c05db11566497aa661961e86e83fe061a460e
71a0e7af96aa88155f06bb84e8b98a7a1e014b69aac7f0a7ccf5df0feb7066e3
71b3e9761dec1834f8152f030e564ed3ccee88e6f133764557faadbebf869c2d
73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759
74ad249e95da15fcfe75a67eb107d319fcdebb3810675944d12c0909ab9bf479
75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86
7721ea6e678ff85357eb6c7de4f39681d7b4b53b765ee49d9e45b97bdab68a58
786448dc71eede8cd86dfe202f3d689378c6335c3845400ac5a75531b8d96d83
7e2c27b9ba576b52452df883ee0d1e4c2bcf284dd948611e484c1797a5b2ed0d
7f075b3a73dcd21887641aa676692b19deb19825bf0dd925747582e73217aea6
802b0e03789d326a08c22fef2dffdffb8d7691e13f410e7d1d6ce72ac6b765cb
81419462a9aa90c182deca7c5bb642a7e18d7a43a15acbbec36b54390ed9e4ff
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
88dbe5929f2b6aa111649792d1353e2b5cdad3ddc8bf49350e236fd2b955e514
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
940a2780647ad473c6d299a32d22b5adea4ac667fd3adcf46cfe8441dbdaeba7
967ff48c41053bf7c36f819b71ee6b509bd9971857397d74b41c75acc5bd27ae
98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955
9bda86afc42cb8f1664e0fb4cb87f75a9acb9ce365f0101f475366f61b043dda
9ce7c0c1b56dabf60220a6467217e3601a909ab2c157119fe0a81e5cb58ab683
9dd68156eaf50c82fc30619e23e7c8085a0e3b9b9b2095e933dfa8d6a28ac9da
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a25a2dc269c0a5f092a91c7edcb606232b3124f113306f772ce1229cc0ce2044
a2f6f72c5e1a1fc0ba5152253acdf2964f42ef2d259d92aa2f4fc63d760b6b6a
a6aa55d33b9fc7dc67c202f272d96d823d92b5094eae463bc04624194b0fbbf1
aa305ca6053d5e7b1276bb407d79616830cc4b67509290a105ae265b6dbea225
abe3a9cedd995b871be9c9dfd657cd41a58253968ec3b74d30ce2b648ed275b9
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b030865771624c8cac4b1e100f72fb87abc3eccb6c8bedd6a25393a3c6890883
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3656b9eab301548c2ce25ea05db689a2f475a1ef4ce68a09e7aa23d6be6a931
b673e2000e305f8929b4a0f9323169c6a00f5c8c736fbfcde0e6d3626656a5e3
b68897214db0067165fd89ce589bf5a846a3a2a75f62404a9390455a0df02bae
ba85697c1faa26b11569e3877c0f3b0b35821d072df9c0fcc4015215d53add08
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
beb6e5817e7f1f16be8426abc571e4882ee5bfdbf3d24de63623ca5018d8f7aa
c5265b2a343e05fcaf0cd05b0dd03975c4d83e4168eafea7236a99ee46caf79e
c53fc919da515cc21b389888f6d7a95f69303b518a7f735c11534473f4e2eec7
c60b93effcbac344d2c30270e0d97323af0f64f43f3ac4d8abd486a875477169
c73db4ca5a6cf322e5295cea84c2f0cdecb812b1d7998d57bb6528684600e62f
c9dca43fca509197b562e986fd472933428d757daa065972e3c349a7f963856b
cb525f60c933094cb82ec09e748c2958f1e5ace99ebb64c1cbd1aa24e483a9d0
cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42
cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
d293ee3cf582df8e9c7a6c090c5ef75bfaf956317e33baa007128e13c51adc8c
d56ad0781875c34060e15e238f8f8cb621c132675a63e3b90ffe23a2918e4639
d9fe2ac004861df640d03c18ba22aa04ce44c841f4672d65d785791c7f6ce5ce
dd9c85c873b9b644468988e8165e079b0e747a550ce13fa3f7d0c1839b0fd503
dff5c7a61358f77654f6f3c48ba16e33a4315bb57389075f380c408b250c73b0
e135acdb3c2c1bd70906af2e93a9b233a3fe05ecbedbd5b2236efdcda7e6faee
e3af0de29249dd8c24fcbd59120cf0d8696ea625ac64904058dd2327e0a027d7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
e7d37f66bd7b7ac6eb4f7e0e70d397c6af31c1b0b1cc8a996e3e9bb76c41d0d7
ea40db5f808cb4dafbc4335a1dd31b90aa4080a1fa19d172037868d004d5161e
ebe99412125723327356cad72872052a3664dd5b1af9423fd5b1590eb0bda4bf
ec9c75025ee77fbf9447cafe833f7b16af27d3c60a8294955d6da934d969b44f
ec9e6ee235b7cd2be4c02f7d9d03b70445dbe9c14b5b93422aabc12173d35fd6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0d96c4ed1e7e05e99cb5779a42e5f3b6055747c51f71c8f36ab6349fac181d9
f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
fc589cc734676f9036041dad7ab4909cb483e3e0fb859e53c9ba718eb2b93856
fe39eced72c33ae4c1b3bdd9843bc853265b9909040d41555faa02f62cb29ef2
fe92a6eb2f59ce61e06edfb34e917be5138eac63b8097e8587b47931ac41659a
ff98c4cf79d955e494a8d9bf53f00a32ae73717c16628f94f135d865ec0e127b

go.behindthemarkets.com Open in urlscan Pro 35.202.21.90 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

146 Requests

89 %HTTPS

34 %IPv6

47 Domains

56 Subdomains

50 IPs

10 Countries

1223 kBTransfer

4533 kBSize

52 Cookies

2 Outgoing links

Page URL History

Redirected requests

146 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

go.behindthemarkets.com Open in urlscan Pro
35.202.21.90 Public Scan

Screenshot
Live screenshot

Full Image

146
Requests

89 %
HTTPS

34 %
IPv6

47
Domains

56
Subdomains

50
IPs

10
Countries

1223 kB
Transfer

4533 kB
Size

52
Cookies

146 HTTP transactions
0 data transactions