go.behindthemarkets.com Open in urlscan Pro
35.202.21.90 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://click.your.basictradingtips.com/?qs=1f626ab96ade4344cefcb5994246d5a0ebb224adc70de0736119dc6df8eabf3d0017543479b5519439aea13f3a8a...
Effective URL:
https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=011b699350a74f97a88064cf277ce138&utm_source=82&utm_campaign=&...
Submission: On September 27 via manual (September 27th 2023, 11:28:52 pm UTC) from KR — Scanned from DE

Summary HTTP 117 Redirects Behaviour Indicators

Summary

This website contacted 22 IPs in 6 countries across 20 domains to perform 117 HTTP transactions. The main IP is 35.202.21.90, located in United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is go.behindthemarkets.com.
TLS certificate: Issued by R3 on September 27th 2023. Valid for: 3 months.

This is the only time go.behindthemarkets.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	128.245.210.158 128.245.210.158	14340 (SALESFORCE) (SALESFORCE)
1 1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	50.97.244.203 50.97.244.203	36351 (SOFTLAYER) (SOFTLAYER)
1 3	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.202.21.90 35.202.21.90	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.107.203.240 34.107.203.240	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
59	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:32::15	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
2	34.96.102.137 34.96.102.137	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
7	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:3::e 2a02:2638:3::e	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
14	2400:52e0:1e0... 2400:52e0:1e00::1082:1	200325 (BUNNYCDN) (BUNNYCDN)
1	13.40.91.234 13.40.91.234	16509 (AMAZON-02) (AMAZON-02)
3	35.192.151.63 35.192.151.63	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400c:c03::9d	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1 2	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
1	178.250.1.11 178.250.1.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5	34.220.132.2 34.220.132.2	16509 (AMAZON-02) (AMAZON-02)
117	22

1 128.245.210.158 (United States) 1 redirects

ASN14340 (SALESFORCE, US)
PTR: ajo158.mta.exacttarget.com

click.your.basictradingtips.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3121::3 (United Kingdom) 1 redirects

ASN13335 (CLOUDFLARENET, US)

tracking.basictradingtips.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.97.244.203 (San Jose, United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: clkmg.com

www.clkmg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a06:98c1:3120::3 (United Kingdom) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.behindthemarkets-btm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.202.21.90 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 90.21.202.35.bc.googleusercontent.com

go.behindthemarkets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.203.240 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 240.203.107.34.bc.googleusercontent.com

static.leadpages.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

59 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::15 (United States)

ASN15169 (GOOGLE, US)

js.center.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.102.137 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::e (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dynamic.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2400:52e0:1e00::1082:1 (None, )

ASN200325 (BUNNYCDN, SI)

load.sumo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.40.91.234 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-40-91-234.eu-west-2.compute.amazonaws.com

script.anura.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.192.151.63 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 63.151.192.35.bc.googleusercontent.com

api.leadpages.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c03::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:3::c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.220.132.2 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-220-132-2.us-west-2.compute.amazonaws.com

sumo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
59	googleusercontent.com lh3.googleusercontent.com — Cisco Umbrella Rank: 120	936 KB
19	sumo.com load.sumo.com — Cisco Umbrella Rank: 25100 sumo.com — Cisco Umbrella Rank: 22058	449 KB
7	gstatic.com fonts.gstatic.com	183 KB
4	criteo.com 1 redirects dynamic.criteo.com — Cisco Umbrella Rank: 4012 gum.criteo.com — Cisco Umbrella Rank: 640 mug.criteo.com — Cisco Umbrella Rank: 1822	27 KB
3	google.de www.google.de — Cisco Umbrella Rank: 3974	622 B
3	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 175	464 B
3	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2225 www.google.com — Cisco Umbrella Rank: 11	721 B
3	leadpages.io api.leadpages.io — Cisco Umbrella Rank: 51559	1 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 111	276 KB
3	behindthemarkets-btm.com 1 redirects www.behindthemarkets-btm.com	21 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 96	21 KB
2	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 5551	2 KB
2	center.io js.center.io — Cisco Umbrella Rank: 57466	8 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 113	3 KB
2	basictradingtips.com 2 redirects click.your.basictradingtips.com tracking.basictradingtips.com	1 KB
1	anura.io script.anura.io — Cisco Umbrella Rank: 56830
1	googleoptimize.com www.googleoptimize.com — Cisco Umbrella Rank: 1780	50 KB
1	leadpages.net static.leadpages.net — Cisco Umbrella Rank: 55573	15 KB
1	behindthemarkets.com go.behindthemarkets.com	73 KB
1	clkmg.com 1 redirects www.clkmg.com — Cisco Umbrella Rank: 244552	1001 B
117	20

	Domain	Requested by
59	lh3.googleusercontent.com	go.behindthemarkets.com
14	load.sumo.com	go.behindthemarkets.com load.sumo.com
7	fonts.gstatic.com	fonts.googleapis.com
5	sumo.com	load.sumo.com
3	www.google.de	go.behindthemarkets.com
3	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
3	api.leadpages.io	js.center.io
3	www.googletagmanager.com	go.behindthemarkets.com www.googletagmanager.com
3	www.behindthemarkets-btm.com	1 redirects www.googletagmanager.com www.behindthemarkets-btm.com
2	gum.criteo.com	1 redirects dynamic.criteo.com
2	region1.analytics.google.com	www.googletagmanager.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	dev.visualwebsiteoptimizer.com	go.behindthemarkets.com
2	js.center.io	go.behindthemarkets.com js.center.io
2	fonts.googleapis.com	go.behindthemarkets.com client
1	mug.criteo.com
1	www.google.com	go.behindthemarkets.com
1	script.anura.io	go.behindthemarkets.com
1	dynamic.criteo.com	www.googletagmanager.com
1	www.googleoptimize.com	www.googletagmanager.com
1	static.leadpages.net	go.behindthemarkets.com
1	go.behindthemarkets.com
1	www.clkmg.com	1 redirects
1	tracking.basictradingtips.com	1 redirects
1	click.your.basictradingtips.com	1 redirects
117	25

This site contains no links.

Subject Issuer	Validity	Valid
go.behindthemarkets.com R3	`2023-09-27` - `2023-12-26`	3 months	crt.sh
static.leadpages.net GTS CA 1D4	`2023-08-19` - `2023-11-17`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
js.center.io GTS CA 1D4	`2023-09-12` - `2023-12-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2023-07-06` - `2024-07-06`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2023-12-23`	3 months	crt.sh
behindthemarkets-btm.com E1	`2023-09-02` - `2023-12-01`	3 months	crt.sh
*.sumo.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-16` - `2024-02-16`	a year	crt.sh
script.anura.io Amazon RSA 2048 M01	`2023-06-12` - `2024-07-10`	a year	crt.sh
*.leadpages.io Go Daddy Secure Certificate Authority - G2	`2022-10-27` - `2023-10-22`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=011b699350a74f97a88064cf277ce138&utm_source=82&utm_campaign=&utm_medium=&id=yoktal%40hanmail.net&iocid=&aff=82&creative_id=&oid=110&message_id=&link_id=
Frame ID: ED007000BF6D820B6EDD5A1E701903EC
Requests: 112 HTTP requests in this frame

Frame: https://js.center.io/identify.html
Frame ID: 877779DBC92B833CB262F0D849A0F863
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=go.behindthemarkets.com&origin=onetag
Frame ID: E453D5594578AA9849B9BC155DAF1186
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BTM UFO Weapon

Page URL History Show full URLs

https://click.your.basictradingtips.com/?qs=1f626ab96ade4344cefcb5994246d5a0ebb224adc70de0736119dc6df8eabf3d00175434... HTTP 302
https://tracking.basictradingtips.com/RA0548/yoktal@hanmail.net/111BTT/B/BTUW1 HTTP 302
https://www.clkmg.com/RomanAnal/RA0548/yoktal@hanmail.net/111BTT/B/BTUW1 HTTP 302
https://www.behindthemarkets-btm.com/4P7M9M/6FQ5XR/?sub1=yoktal@hanmail.net&sub2=111BTT&sub3=B&sub4=BTUW1&sub5= HTTP 302
https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=011b699350a74f97a88064cf277ce138&utm_sour... Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Optimize (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

googleoptimize\.com/optimize\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

117
Requests

99 %
HTTPS

64 %
IPv6

20
Domains

25
Subdomains

22
IPs

6
Countries

2065 kB
Transfer

5443 kB
Size

17
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://click.your.basictradingtips.com/?qs=1f626ab96ade4344cefcb5994246d5a0ebb224adc70de0736119dc6df8eabf3d0017543479b5519439aea13f3a8ab0a07f580d507c151d6f HTTP 302
https://tracking.basictradingtips.com/RA0548/yoktal@hanmail.net/111BTT/B/BTUW1 HTTP 302
https://www.clkmg.com/RomanAnal/RA0548/yoktal@hanmail.net/111BTT/B/BTUW1 HTTP 302
https://www.behindthemarkets-btm.com/4P7M9M/6FQ5XR/?sub1=yoktal@hanmail.net&sub2=111BTT&sub3=B&sub4=BTUW1&sub5= HTTP 302
https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=011b699350a74f97a88064cf277ce138&utm_source=82&utm_campaign=&utm_medium=&id=yoktal%40hanmail.net&iocid=&aff=82&creative_id=&oid=110&message_id=&link_id= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 95

https://gum.criteo.com/sid/json?origin=onetag&domain=behindthemarkets.com&sn=ChromeSyncframe&so=0&topUrl=go.behindthemarkets.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=02GwWHxPTlRKdmlJa2FKaW1FaHRPc1VidmFDL3ltVkVFUVFvZmo3bWlsVStSRHhmUE1zcDVBdHdxcUNscjEzNDhnWElsRWR2a0JBaTh3WnRJWHBpdndhMXZubUFXdUtXYnp4REcyOUVEOGJ0TjlReSt1TC9XdHB2ZkM5MVpJZ2E3bkxONE9iOG5NNnJUUUdFM2dGWGpyVTVEbFh0K0VaT2dNV2hTRnAzU1RLMEN5NldqK2FTbnFSM2twUzBPL1FGaTAwZUt0SmpRb2xHVjgvNFpDcUNubVl1ankybitzZytKUzFkdkdkaFJCNFZHWjA3eDNPRHNRWXkyL3g4ZHAybjZkMTlselI4M3RyMGh3K2Rid0dLWHpTcEFYRnFuazl6TE9jREtFQUhtd3NRcTYzZz18&cppv=2

117 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
go.behindthemarkets.com/btm-ufo-weapon/
Redirect Chain

https://click.your.basictradingtips.com/?qs=1f626ab96ade4344cefcb5994246d5a0ebb224adc70de0736119dc6df8eabf3d0017543479b5519439aea13f3a8ab0a07f580d507c151d6f
https://tracking.basictradingtips.com/RA0548/yoktal@hanmail.net/111BTT/B/BTUW1
https://www.clkmg.com/RomanAnal/RA0548/yoktal@hanmail.net/111BTT/B/BTUW1
https://www.behindthemarkets-btm.com/4P7M9M/6FQ5XR/?sub1=yoktal@hanmail.net&sub2=111BTT&sub3=B&sub4=BTUW1&sub5=
https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=011b699350a74f97a88064cf277ce138&utm_source=82&utm_campaign=&utm_medium=&id=yoktal%40hanmail.net&iocid=&aff=82&creative_id=&oid=11...

637 KB
73 KB

558ms
257ms

Document
text/html

35.202.21.90
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=011b699350a74f97a88064cf277ce138&utm_source=82&utm_campaign=&utm_medium=&id=yoktal%40hanmail.net&iocid=&aff=82&creative_id=&oid=110&message_id=&link_id=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.202.21.90 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

90.21.202.35.bc.googleusercontent.com

Software

Leadpages /

Resource Hash

d52e74993b01e71c21eed2e671da57af3ad21e41628efc373a07c99aec01591a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-encoding: br
content-type: text/html
date: Wed, 27 Sep 2023 23:28:47 GMT
etag: W/"c9832b3f9133e44d3d4752773b11be77"
last-modified: Thu, 21 Sep 2023 17:12:50 GMT
server: Leadpages
strict-transport-security: max-age=15768000
vary: Accept-Encoding
x-cache: MISS, HIT

Redirect headers

accept-ch: Sec-Ch-Ua-Platform-Version
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 80d78663dec2383e-FRA
content-type: text/html; charset=utf-8
date: Wed, 27 Sep 2023 23:28:46 GMT
location: https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=011b699350a74f97a88064cf277ce138&utm_source=82&utm_campaign=&utm_medium=&id=yoktal%40hanmail.net&iocid=&aff=82&creative_id=&oid=110&message_id=&link_id=
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ER%2FY%2Bkq49FxkGqikRPgXWR5bfMPXudtI4xUs0XbW74Sb4EI652anIyZHcbfx3lEYlFmvTcGCwP%2BPpgcer847%2FTL1dNmt1G76plAmwCaDhb%2FOqaU1H13oyQmS632%2BCGJ8m%2BaQPGKcyfoy4JV4azUs4gPeEjjXgwprLKnw"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
via: 1.1 google
x-eflow-request-id: fc4fb55e-6c8b-41bb-b222-14fa2a2e2941

GET
H2 200 all.min.css
static.leadpages.net/fonts/font-awesome/5.14.0/css/ 58 KB
15 KB 81ms
14ms Stylesheet
text/css 34.107.203.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=011b699350a74f97a88064cf277ce138&utm_source=82&utm_campaign=&utm_medium=&id=yoktal%40hanmail.net&iocid=&aff=82&creative_id=&oid=110&message_id=&link_id=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.203.240 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.203.107.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sun, 24 Sep 2023 19:32:43 GMT
content-encoding: gzip
via: 1.1 google
server: Google Frontend
age: 273364
etag: "nBpTOw"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-cloud-trace-context: cdb7fab0c778bd349084f8df902b1cac
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14628
expires: Mon, 23 Sep 2024 19:32:43 GMT

GET
H2 200 css
fonts.googleapis.com/ 27 KB
2 KB 48ms
20ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Fjalla+One:300,400,500,700|Roboto:300,400,500,700|Roboto+Condensed:300,400,500,700|Playfair+Display:300,400,500,700|Exo+2:300,400,500,700

Requested by

Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=011b699350a74f97a88064cf277ce138&utm_source=82&utm_campaign=&utm_medium=&id=yoktal%40hanmail.net&iocid=&aff=82&creative_id=&oid=110&message_id=&link_id=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

222ca1136e5e61ccc02e85c7dd9a0e6b9af1f45ae80611d80190cce01f631adb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 27 Sep 2023 23:28:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 27 Sep 2023 23:28:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 27 Sep 2023 23:28:47 GMT

GET
H2 200 OvyrhcdzI4Mc85VMrRPAvIoGGWC6i_qgVGuUzUP8-wnCrcmPolAE_UwDiT1Twd2PqTlWmCxXsTHLA7b_3OaJ2dXFVxDUhOEAXQ=s0
lh3.googleusercontent.com/ 42 KB
42 KB 37ms
8ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/OvyrhcdzI4Mc85VMrRPAvIoGGWC6i_qgVGuUzUP8-wnCrcmPolAE_UwDiT1Twd2PqTlWmCxXsTHLA7b_3OaJ2dXFVxDUhOEAXQ=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

5379bdb51c419cac65ac0326410238e7fb43841eeaebc0503031d6217c5c25bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42946
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 wRCLDsfkIMmtWIP3l7eNMfWQFoU1CVBaoN4qNhQvjLxv1AYeZIad-WiKxstWIvoz7CNPRVxP-I4oXMl9nl-lrDpZi2pjH_XxYPnJ=w16
lh3.googleusercontent.com/ 528 B
591 B 11ms
10ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/wRCLDsfkIMmtWIP3l7eNMfWQFoU1CVBaoN4qNhQvjLxv1AYeZIad-WiKxstWIvoz7CNPRVxP-I4oXMl9nl-lrDpZi2pjH_XxYPnJ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

21ef52e0c141c5fbc0135c601113edde2e1d9fea1d454b0da3cb66fe2d6aa432

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 528
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 dpJ2gI5ZlfZ0UhHvlyr-UuQAzVSdgPwPMOvQidsBNvpHnw1UYSPtBl1rHbdb8O_ewQGqtXEHYfyIS1RzosrxgZbATGT3pixRLgM=s0
lh3.googleusercontent.com/ 29 KB
29 KB 12ms
6ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/dpJ2gI5ZlfZ0UhHvlyr-UuQAzVSdgPwPMOvQidsBNvpHnw1UYSPtBl1rHbdb8O_ewQGqtXEHYfyIS1RzosrxgZbATGT3pixRLgM=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

bc8d607824ba046ae56778998afe2e69219247957cc26951de824b138d011535

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29865
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 ajhTN-3YGhqmLg51AWwIRBHtnkdHslCZU8ESZX-Ri9ZtLNfbMVHmhJhdRqB4HlDyRsWxOoJAdHItysYrt9ti8HxbPHFRURsGWEA=s0
lh3.googleusercontent.com/ 32 KB
32 KB 16ms
11ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ajhTN-3YGhqmLg51AWwIRBHtnkdHslCZU8ESZX-Ri9ZtLNfbMVHmhJhdRqB4HlDyRsWxOoJAdHItysYrt9ti8HxbPHFRURsGWEA=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8117b595dbdc02ecef5f4341b481db3a46bbab0f8a86e79eb0b14578ea42a446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32291
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 SvT2JBmkRPEmyb5VuOl2U4HvS6g65aaz95BotwzhIqdtbzODvVgToTljNQTMm5-iT5gwgG90m46nTDzRbFedq7MF0DndwOPX7M8=s0
lh3.googleusercontent.com/ 33 KB
33 KB 14ms
8ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/SvT2JBmkRPEmyb5VuOl2U4HvS6g65aaz95BotwzhIqdtbzODvVgToTljNQTMm5-iT5gwgG90m46nTDzRbFedq7MF0DndwOPX7M8=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6eb79f030eca6548e428f1470c03d57c35fc82fd9b4ed915894f74bb8a4d1e19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34101
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 ABBojT1Nd5u_lCZNCn0JwUxW4s2Z-anLz_ApbgNC7XLMQIiXPm3_97_AJ2-OvC2STmqktqiJ5kSM1QpGOmC4boFPxT4wVrIbYz1y=w16
lh3.googleusercontent.com/ 452 B
515 B 20ms
15ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ABBojT1Nd5u_lCZNCn0JwUxW4s2Z-anLz_ApbgNC7XLMQIiXPm3_97_AJ2-OvC2STmqktqiJ5kSM1QpGOmC4boFPxT4wVrIbYz1y=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c02a537eec620de29094096c1517db5cd507af931d7d61ede3576ac4309c4946

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 452
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 CVMprulCSi7td0ZtwanQhhsrwi78yNQAny8ZLOydL5MX_6ZcJfcCmP0E4R9Wcy_-7N5sBywmazglmpxnEw6-rQYiLBxM1jQTga0=w16
lh3.googleusercontent.com/ 486 B
549 B 20ms
15ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/CVMprulCSi7td0ZtwanQhhsrwi78yNQAny8ZLOydL5MX_6ZcJfcCmP0E4R9Wcy_-7N5sBywmazglmpxnEw6-rQYiLBxM1jQTga0=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7d6465ff40cc8a253079809cfb86bda088de84e90677e0d0636ec6ffe065776f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 486
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 _M6FFmDmsF8L0M74UKdQ8Q8NhWcgq2yFcqxc0_4uc2R5r76ONJwfB_TzFywiY6AAG4Pa6Vi_ao-GQhkBVz-gB0vvHYKKatm25Rac=w16
lh3.googleusercontent.com/ 585 B
648 B 19ms
14ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/_M6FFmDmsF8L0M74UKdQ8Q8NhWcgq2yFcqxc0_4uc2R5r76ONJwfB_TzFywiY6AAG4Pa6Vi_ao-GQhkBVz-gB0vvHYKKatm25Rac=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7631fdde759575aded86b3d1ce65b7884706a678566834f6cb43c40d8f1e2c85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 585
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 TCW4RtnYS69HfgXvks8mLRxdCEmCNvqqzeu8aFjfwma7YemCn13jYaLCJgNbGWBR_YfnAMu08ttsm-IgAfuwmw7_BQwZo32CmMrt=s0
lh3.googleusercontent.com/ 30 KB
30 KB 21ms
15ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/TCW4RtnYS69HfgXvks8mLRxdCEmCNvqqzeu8aFjfwma7YemCn13jYaLCJgNbGWBR_YfnAMu08ttsm-IgAfuwmw7_BQwZo32CmMrt=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a5512781731b5b307ecf7b7a315d2e86150d976cdafd90452832a6fb28e4b7c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30807
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 H6t8ivg6l_8mCZMCBZsAyZ4N4Ozjg6ci7RY7jS91zkw9ETWd2HbCrYwpt69j8Nzx1ZalexUrQ8fYO6l1PVfnzrmDkxHAnT7XYRY=w16
lh3.googleusercontent.com/ 32 KB
32 KB 24ms
19ms Image
image/gif 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/H6t8ivg6l_8mCZMCBZsAyZ4N4Ozjg6ci7RY7jS91zkw9ETWd2HbCrYwpt69j8Nzx1ZalexUrQ8fYO6l1PVfnzrmDkxHAnT7XYRY=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

38c1d645f08cafe1e0c34cc16c9c9e95433775aca4e8b016fe23dc1913b40854

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.gif"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32704
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 KW7DqpaNI-KWZXsC3PytJUXmxLrtnbNo6bLKtTTWdUvJHS5e_Cxdcdj6zbB3pIc59ZZeyTg8lNUunXCdWlTSz3PL_mmHCHcNKw=s0
lh3.googleusercontent.com/ 37 KB
37 KB 21ms
16ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/KW7DqpaNI-KWZXsC3PytJUXmxLrtnbNo6bLKtTTWdUvJHS5e_Cxdcdj6zbB3pIc59ZZeyTg8lNUunXCdWlTSz3PL_mmHCHcNKw=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

12bb6250f9afe86162b02c690ee29b53261cdf7c0b324bbb58939816c36bd658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38151
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 3h3xQqxh45xpHWNXWClXwqdYOrdv4ftoDW-b7eSW-tT-uBVLKhsD1r9hQd2u-Ixcio5pudsaRKcvZowt9ltrK98meIXpn9H_rJM=w16
lh3.googleusercontent.com/ 357 B
420 B 20ms
15ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/3h3xQqxh45xpHWNXWClXwqdYOrdv4ftoDW-b7eSW-tT-uBVLKhsD1r9hQd2u-Ixcio5pudsaRKcvZowt9ltrK98meIXpn9H_rJM=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8e29f3e687fdc2aa47a5183200740ffc894cf469d1d0a5db7317392ab003c6ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 357
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 wiqgLWSDmGh6MRI--zDDK9vXSnZXdq46H6z4AgVpZEnTi33PhknXDIVmi25lGgpOb_X13vPkIshwDvFQ3S3Vw9l5p5yfwm6B9Hc=w16
lh3.googleusercontent.com/ 777 B
840 B 26ms
22ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/wiqgLWSDmGh6MRI--zDDK9vXSnZXdq46H6z4AgVpZEnTi33PhknXDIVmi25lGgpOb_X13vPkIshwDvFQ3S3Vw9l5p5yfwm6B9Hc=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3584c4b319d00a900259c554d8076927e2aaf3b60a6d41973ead57138070d706

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 777
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 To4oSf2cBoWEYk0XhtN0hPWGbJLu7IG6A8wepdCYxGYa8hgbFdV0vpLa3J12Bjm7dAeQEMVYLR3TuNeQypSdGI9lNCMjPxLfyCU=w16
lh3.googleusercontent.com/ 326 B
389 B 26ms
21ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/To4oSf2cBoWEYk0XhtN0hPWGbJLu7IG6A8wepdCYxGYa8hgbFdV0vpLa3J12Bjm7dAeQEMVYLR3TuNeQypSdGI9lNCMjPxLfyCU=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

843664caa06661a4c789fe642770690b9a6cec4ecfed6835a631632dcb98aa67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 326
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 ZuXjjC76PUiFkmhSAtOXENiGw4vgsuQ9izAlMU1L_pkV2ewHWDOa7BA2Bsc0R-n8pVrMtz2MoYdnKscJSc-wLA6my-GWisy4RKwW=w16
lh3.googleusercontent.com/ 343 B
406 B 33ms
28ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ZuXjjC76PUiFkmhSAtOXENiGw4vgsuQ9izAlMU1L_pkV2ewHWDOa7BA2Bsc0R-n8pVrMtz2MoYdnKscJSc-wLA6my-GWisy4RKwW=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

88804d6ebe9dae5ad41f997452c2edb43e0b07cdc7dab0a38cb8f62250ca692e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 343
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 OAlRGjccArdVTSlObYizvoVhAb_uZqDO_esSTFtxAmfbPjchMTA015Q9hzrcJthQus0T8ETnRzsDRZkoClDxz-8nF-_9QLZsTXM=w16
lh3.googleusercontent.com/ 320 B
382 B 25ms
21ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/OAlRGjccArdVTSlObYizvoVhAb_uZqDO_esSTFtxAmfbPjchMTA015Q9hzrcJthQus0T8ETnRzsDRZkoClDxz-8nF-_9QLZsTXM=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8144d33c5610d6e5a06a27cfec7163258f02d413b0befd187e399740b490a194

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 320
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 byURWe3nCJFW1ZeLeMS3pkLLQicrPPIEAjfYuk9Qw5KpIsGFJ1cuW6UqdU7ymztTFXvS3F55JEPi4XXqsAuc4Ttxq2-siyWC7mQ=w16
lh3.googleusercontent.com/ 318 B
381 B 32ms
27ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/byURWe3nCJFW1ZeLeMS3pkLLQicrPPIEAjfYuk9Qw5KpIsGFJ1cuW6UqdU7ymztTFXvS3F55JEPi4XXqsAuc4Ttxq2-siyWC7mQ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

0dc05bd8e6a23d3ce410b51ba0867a6613da4fd82014e88e2ffedcc07549bb05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 318
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 AQnxmIYnSr6z7Q1bA0-lXny19TrrFusc7eEAY_6j381h-1HTBKF72jfexw_rcQtlikJpyi5lBdscyeQ1GaAv3j-qy7IO5mi7UDkz=w16
lh3.googleusercontent.com/ 626 B
689 B 25ms
20ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/AQnxmIYnSr6z7Q1bA0-lXny19TrrFusc7eEAY_6j381h-1HTBKF72jfexw_rcQtlikJpyi5lBdscyeQ1GaAv3j-qy7IO5mi7UDkz=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8e8c63e762d334605b396e4bfacb8723fdfac07a2c77dfe9c57195658605dc00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 626
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 O_gVPVfqKt22o9ZRAfvtcr3TbOagF-f27DfAT4zacAEhSWepeV2OwHA0dLL99E3ujBN0Q9avqyn9X1BV1DgjMrO1CP1fRGqmQyM=w16
lh3.googleusercontent.com/ 771 B
834 B 30ms
25ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/O_gVPVfqKt22o9ZRAfvtcr3TbOagF-f27DfAT4zacAEhSWepeV2OwHA0dLL99E3ujBN0Q9avqyn9X1BV1DgjMrO1CP1fRGqmQyM=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2f007b53b0173b103df54f19e21bb1a020949e359a6c2493303c57c433285f71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 771
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 -FSVox_cdZtEOQdHPklDShgOnOEQieb4DYOFxJPQb9FT8WBYxOcC9qlCbguF6JYazBkL4aeUtWqHX3-XDcMzW4wbNHpqt8mb7tsQ=w16
lh3.googleusercontent.com/ 304 B
367 B 32ms
28ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/-FSVox_cdZtEOQdHPklDShgOnOEQieb4DYOFxJPQb9FT8WBYxOcC9qlCbguF6JYazBkL4aeUtWqHX3-XDcMzW4wbNHpqt8mb7tsQ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

653e57dace87f1578d47a3162639ab8754abddab7c8e37ed6420dd04fbd8ad2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 304
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 99Xxq-BxRy57nzWi9njtXvfStJLBukXgTJdjZKA-iUQSAcVn_RykSX9j1Xh5rAFfyVxew-8SHGlD4HzAP4IIUFNFbn4_i7ObiQ=w16
lh3.googleusercontent.com/ 298 B
361 B 30ms
26ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/99Xxq-BxRy57nzWi9njtXvfStJLBukXgTJdjZKA-iUQSAcVn_RykSX9j1Xh5rAFfyVxew-8SHGlD4HzAP4IIUFNFbn4_i7ObiQ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8d6f4e6b5613a9fa91abfe6587aa69327458bcfd17b484f254a7d0607808ceaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 298
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 uWPl7NSdKJhupbSWb4ZVelB3XItZGNTvztTDr5FaVrCcEISNPs1ZJd2maq5N4KWE6SSyQe2ytxOvlST70MQBghbn0T4YEcK4YA=w16
lh3.googleusercontent.com/ 313 B
376 B 30ms
27ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/uWPl7NSdKJhupbSWb4ZVelB3XItZGNTvztTDr5FaVrCcEISNPs1ZJd2maq5N4KWE6SSyQe2ytxOvlST70MQBghbn0T4YEcK4YA=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

9754b5f6ea5fe6139593a9d71354a602bd16baf749706d5ffc3882786fbb78a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 T1uV4k-ivk2FMHUXIFi-IvE2B8waeyCM1pMtAorOZ4bka7BYhLCEurKdRhpCzQjS0PQYvWYJNl-49DqRU8qWkRhtVCpc1xbPAL0=w16
lh3.googleusercontent.com/ 310 B
372 B 29ms
25ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/T1uV4k-ivk2FMHUXIFi-IvE2B8waeyCM1pMtAorOZ4bka7BYhLCEurKdRhpCzQjS0PQYvWYJNl-49DqRU8qWkRhtVCpc1xbPAL0=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

02ffe72a9c712b85c4cd1dc94c6c7d230842d2870ba1ae8c43ce12212d9934fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 310
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 ZDlPeBN0ZO_49NTQ7qCCErZIho5teOhPtSYhpG812HSGbV-nkdXuFtldu4i7wLQYgT0ZMY83scjQ07yzG0ylFZwzJxj9ldO4Ztg=w16
lh3.googleusercontent.com/ 306 B
369 B 28ms
24ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ZDlPeBN0ZO_49NTQ7qCCErZIho5teOhPtSYhpG812HSGbV-nkdXuFtldu4i7wLQYgT0ZMY83scjQ07yzG0ylFZwzJxj9ldO4Ztg=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c418f2192d7c27930706fe001f6d8225452e5bd9a11e4653d3b507161237359f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 306
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 JrGKx3Kp3wtZGdB5xfcXEobgZZIX4cEKUCZQHGD0dnZOMMxD6kRo5FSHnfZ5WKotNVS4aWqi9o62VWUc-CQkRRxCYzIogj_Dok0=w16
lh3.googleusercontent.com/ 292 B
354 B 28ms
25ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/JrGKx3Kp3wtZGdB5xfcXEobgZZIX4cEKUCZQHGD0dnZOMMxD6kRo5FSHnfZ5WKotNVS4aWqi9o62VWUc-CQkRRxCYzIogj_Dok0=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e2041219de8b785776118b7514cddfba1981a0b065c9f8ec9e6ee947f97a967b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 292
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 TMavxmDkfDrT1S00y2aX7MmUA1akzXMdPV9rB0R4atRtWtdh3DnwPoiyY659e755Wm2KPaPNPAbu0b-8xhmE8tkATYgbC9NHx-k_=w16
lh3.googleusercontent.com/ 312 B
374 B 27ms
23ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/TMavxmDkfDrT1S00y2aX7MmUA1akzXMdPV9rB0R4atRtWtdh3DnwPoiyY659e755Wm2KPaPNPAbu0b-8xhmE8tkATYgbC9NHx-k_=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d15036f4cafc9c5dc6eb94a34049e33fb834a2eb517401a9b858bf70a00c8e42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 312
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 jWkkqLM03dSIUglapeNu2Ps4TSpAVFrO66BFKxYPdm8pofB-USkI4N1Fzj5RJyEHwxu1HhreGg_aQp4yVmct1_idQ0OvL1IPUA=w16
lh3.googleusercontent.com/ 294 B
357 B 26ms
22ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/jWkkqLM03dSIUglapeNu2Ps4TSpAVFrO66BFKxYPdm8pofB-USkI4N1Fzj5RJyEHwxu1HhreGg_aQp4yVmct1_idQ0OvL1IPUA=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

21c96acbb335694cd65c8a0056e4e659dff4c337491c87dc877f54abc44fe625

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 294
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 OF9yEzuOIFdrl7il-crMaV4KXyVrXDY8NXfKY0c2OjnmjAuALFYw5Y6vT4U47KGcWrE2MYEym7T5siB6_1C1T_SEWzs7W6f4vM8=s0
lh3.googleusercontent.com/ 29 KB
29 KB 25ms
22ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/OF9yEzuOIFdrl7il-crMaV4KXyVrXDY8NXfKY0c2OjnmjAuALFYw5Y6vT4U47KGcWrE2MYEym7T5siB6_1C1T_SEWzs7W6f4vM8=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7fe0592011de0cc4c282a8523987e70c3209207703d39aa36d346e41db0c07ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29242
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 fYksF8Fa8U3z-FVpP1YGi-5vXuQKTViy7etG3JRXE54J1RZVd2J7LwZJUKBkFvG5J9xleVtheJYG5nSBiL-zKM8ZYGd8e30NgGK_=w16
lh3.googleusercontent.com/ 563 B
626 B 27ms
23ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/fYksF8Fa8U3z-FVpP1YGi-5vXuQKTViy7etG3JRXE54J1RZVd2J7LwZJUKBkFvG5J9xleVtheJYG5nSBiL-zKM8ZYGd8e30NgGK_=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3f1679187a03b9a16c963fc7b3919865a451739ac0d600d3101dbdbad7a7ba43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 563
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 fNA4zakg87CtdsN_GASRCR9zc5UTtM8B4t3c6fFTsarbADXY35CN3M1IXbQALddlC_FVmjQ78q02UjVsNh9eIhPuMVTAdBdslWA=w16
lh3.googleusercontent.com/ 539 B
602 B 27ms
24ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/fNA4zakg87CtdsN_GASRCR9zc5UTtM8B4t3c6fFTsarbADXY35CN3M1IXbQALddlC_FVmjQ78q02UjVsNh9eIhPuMVTAdBdslWA=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

91b27074116ac669b41c4650c11951613a2dc7d2a5336e93dd07ec38ad7ad03a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 539
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 56h9MSCp7xfgyYwEI7IhubN6GX2HzFlcwEsLlITGDdTuKpl8Ne8uNdV6fXu5dGiXjQMiRNNGr9gUEUg8rmgLnwTktDtOjbKksq0=w16
lh3.googleusercontent.com/ 299 B
362 B 26ms
23ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/56h9MSCp7xfgyYwEI7IhubN6GX2HzFlcwEsLlITGDdTuKpl8Ne8uNdV6fXu5dGiXjQMiRNNGr9gUEUg8rmgLnwTktDtOjbKksq0=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

0c8e060784765b186df12c3b49d58c1b6df180812c26cf625611d02cc62c2442

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 299
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H2 200 center.js Show response
js.center.io/ 12 KB
5 KB 113ms
17ms Script
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.center.io/center.js
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=011b699350a74f97a88064cf277ce138&utm_source=82&utm_campaign=&utm_medium=&id=yoktal%40hanmail.net&iocid=&aff=82&creative_id=&oid=110&message_id=&link_id=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:25:23 GMT
content-encoding: gzip
server: Google Frontend
age: 204
etag: "OMWYXg"
content-type: application/javascript
x-cloud-trace-context: 57db14532f7bf0552294bc84d87111aa
cache-control: public, max-age=300
content-length: 5417
expires: Wed, 27 Sep 2023 23:30:23 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 296 KB
95 KB 85ms
31ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8f0fce3b8484fdbe709f868220470a9e3ed95ad77675da2b144513c8eb8fdd3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 96503
x-xss-protection: 0
last-modified: Wed, 27 Sep 2023 22:08:23 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 27 Sep 2023 23:28:47 GMT

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 4 KB
2 KB 55ms
18ms Script
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=601261&u=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-ufo-weapon%2F%3F_ef_transaction_id%3D011b699350a74f97a88064cf277ce138%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Dyoktal%2540hanmail.net%26iocid%3D%26aff%3D82%26creative_id%3D%26oid%3D110%26message_id%3D%26link_id%3D&f=1&vn=1.5
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=011b699350a74f97a88064cf277ce138&utm_source=82&utm_campaign=&utm_medium=&id=yoktal%40hanmail.net&iocid=&aff=82&creative_id=&oid=110&message_id=&link_id=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 6eaa8b385dcc8de612c1f5089cd083f4911f76c715a8fb32c6dac32bc5868af7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:46 GMT
content-encoding: gzip
via: 1.1 google
server: gams1
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, no-cache, must-revalidate
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
fonts.gstatic.com/s/playfairdisplay/v36/ 37 KB
38 KB 33ms
8ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/playfairdisplay/v36/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Fjalla+One:300,400,500,700|Roboto:300,400,500,700|Roboto+Condensed:300,400,500,700|Playfair+Display:300,400,500,700|Exo+2:300,400,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b06a5d272de6f4e0ba3f8db8338da394f8716987f7a7e764a22b6e903c0f94cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Fri, 22 Sep 2023 15:36:01 GMT
x-content-type-options: nosniff
age: 460366
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37964
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 20:43:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 21 Sep 2024 15:36:01 GMT

GET
H2 200 ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
fonts.gstatic.com/s/robotocondensed/v25/ 15 KB
15 KB 50ms
26ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:41:40 GMT
x-content-type-options: nosniff
age: 107227
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15660
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:42:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Sep 2024 17:41:40 GMT

GET
H2 200 7cHmv4okm5zmbtYoK-4.woff2
fonts.gstatic.com/s/exo2/v21/ 39 KB
40 KB 48ms
24ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/exo2/v21/7cHmv4okm5zmbtYoK-4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9c1caceee24c82513919d61734ad3ccb66800fa0a92f71da617c49b8a872fb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 18:29:54 GMT
x-content-type-options: nosniff
age: 536333
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40316
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:31:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 20 Sep 2024 18:29:54 GMT

GET
H2 200 Yq6R-LCAWCX3-6Ky7FAFrOF6kg.woff2
fonts.gstatic.com/s/fjallaone/v15/ 44 KB
44 KB 44ms
22ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/fjallaone/v15/Yq6R-LCAWCX3-6Ky7FAFrOF6kg.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

43a079fd739dffa727de659b5bbf44596031aa7542c8a8afbc54a243aab96b47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Fri, 22 Sep 2023 23:15:44 GMT
x-content-type-options: nosniff
age: 432783
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44584
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 20:46:24 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 21 Sep 2024 23:15:44 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 39ms
16ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 13:37:19 GMT
x-content-type-options: nosniff
age: 381088
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 22 Sep 2024 13:37:19 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 40ms
18ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Fri, 22 Sep 2023 04:06:52 GMT
x-content-type-options: nosniff
age: 501715
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 21 Sep 2024 04:06:52 GMT

GET
H2 200 ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
fonts.gstatic.com/s/robotocondensed/v25/ 15 KB
15 KB 37ms
20ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 03:46:14 GMT
x-content-type-options: nosniff
age: 589353
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15700
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:51:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 20 Sep 2024 03:46:14 GMT

GET
H3 200 WmNIZ4n_ZCTLaJxkRhndMi9dNNbdbKzB4zO5FIKhkf303CdWArV_3vvuTxHeNdIObyT0oI-v0TmD9EIq2bs6JQ6o6wMsjHKPGcA=s0
lh3.googleusercontent.com/ 13 KB
13 KB 8ms
7ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/WmNIZ4n_ZCTLaJxkRhndMi9dNNbdbKzB4zO5FIKhkf303CdWArV_3vvuTxHeNdIObyT0oI-v0TmD9EIq2bs6JQ6o6wMsjHKPGcA=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7db7a83e9efe934ad73ed22b476fdb78d1a9ff1e3a98cb5c15284f9417735b7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12815
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H3 200 cuKkebNfY8xkR9JhfDjxMX2lMZood_OGfHgiLDm-Qw6ufcSBI8N1TsJ1nIpFKU0laR5BkkFdF25oGW7U3S9110c2gCX4bUpcVA=s0
lh3.googleusercontent.com/ 14 KB
14 KB 17ms
14ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/cuKkebNfY8xkR9JhfDjxMX2lMZood_OGfHgiLDm-Qw6ufcSBI8N1TsJ1nIpFKU0laR5BkkFdF25oGW7U3S9110c2gCX4bUpcVA=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7da5cd5386454360f748cc2136fd37c038da4220770ed104f9630c06a0eab806

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14532
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H3 200 HmvH24Z0-WwV3ob4gJ1QwZ9Kz_O6PUJcqeN12J5xzKkAWr9kAvAttf8_q0l62JPxCjZ2oWbQcb7hEHoz6GD6U9L6ZGqnM5lFrrEV=s0
lh3.googleusercontent.com/ 15 KB
15 KB 18ms
15ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/HmvH24Z0-WwV3ob4gJ1QwZ9Kz_O6PUJcqeN12J5xzKkAWr9kAvAttf8_q0l62JPxCjZ2oWbQcb7hEHoz6GD6U9L6ZGqnM5lFrrEV=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e7c90c5bca22ce8622ad805b5dee3e93e40736e0b1bb2bb119560e7d4b52cca0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15380
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H3 200 VSJzHH06KJPjPotwxbbFYgBD0J3flSpjFHO4CmUvs23QDnIR9fccjyXQNWjhoyMjMm1semHMedNh0GL4g_XJ6I3G3CVLX8-K3Q=w16
lh3.googleusercontent.com/ 317 B
342 B 20ms
17ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/VSJzHH06KJPjPotwxbbFYgBD0J3flSpjFHO4CmUvs23QDnIR9fccjyXQNWjhoyMjMm1semHMedNh0GL4g_XJ6I3G3CVLX8-K3Q=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

02de1a932816d80b54e2b8094e150f1ec64a3aedc5c2c4a97925aafb9c95c5a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:06 GMT
x-content-type-options: nosniff
age: 5981
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 317
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:06 GMT

GET
H3 200 0F5eiyxS3e6mVh3ZchMaEXRUsCRF-cyJLYm-6hTVx-mQzCE-_4z4LOXOFITRozVqtZYAyTZnvWaXZV002bNM7ERsIukzDwcv-lc_=w16
lh3.googleusercontent.com/ 315 B
340 B 20ms
17ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/0F5eiyxS3e6mVh3ZchMaEXRUsCRF-cyJLYm-6hTVx-mQzCE-_4z4LOXOFITRozVqtZYAyTZnvWaXZV002bNM7ERsIukzDwcv-lc_=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a66f203307e28e536d6aab551e7fb8d70414da2a0374c98aed0b0725f413199e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:07 GMT
x-content-type-options: nosniff
age: 5980
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 315
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:07 GMT

GET
H3 200 MHiMiacCZOh6waPrCxoucBn8JaCRGOMsLbhaWxokjRXMwViSvUba_Dv-YBF6r2Bx9eXxuXoUrdfY9Yt7tq_5tM_LXuOGkKqutIU=s0
lh3.googleusercontent.com/ 38 KB
38 KB 28ms
25ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/MHiMiacCZOh6waPrCxoucBn8JaCRGOMsLbhaWxokjRXMwViSvUba_Dv-YBF6r2Bx9eXxuXoUrdfY9Yt7tq_5tM_LXuOGkKqutIU=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7d7b2eec122d8945398dde8bcbe491986698b328f086f6c1c83873d89b18a18e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:07 GMT
x-content-type-options: nosniff
age: 5980
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38610
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:07 GMT

GET
H3 200 918qhe_GvTqP9WClvj9cBIQmUbO4m4mpNklTF99oE78V9U53zU2ss4Qapt0WpurejiEwX1AIVxjLlq7Ldr4LBWYxYqWeSL0LfQ=w16
lh3.googleusercontent.com/ 433 B
458 B 16ms
13ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/918qhe_GvTqP9WClvj9cBIQmUbO4m4mpNklTF99oE78V9U53zU2ss4Qapt0WpurejiEwX1AIVxjLlq7Ldr4LBWYxYqWeSL0LfQ=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

af07850bc2d128062164504811197c21b60ed42f88b326dd858394951b14dd02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:07 GMT
x-content-type-options: nosniff
age: 5980
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 433
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:07 GMT

GET
H3 200 22NTvWRBmHQ-rrYZTXCSBuYh0wJWpINQsg6FZF73Ic7NdGtO77WND8196-XnStqpE3gwoui9tnjpvLbIgmavXeSaCsr7zz_eAqc=w16
lh3.googleusercontent.com/ 548 B
573 B 16ms
13ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/22NTvWRBmHQ-rrYZTXCSBuYh0wJWpINQsg6FZF73Ic7NdGtO77WND8196-XnStqpE3gwoui9tnjpvLbIgmavXeSaCsr7zz_eAqc=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

acf88b2da54aa12fbf7c5e89be9a84524811896fe2a46005a30dfa1b32789fb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:07 GMT
x-content-type-options: nosniff
age: 5980
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 548
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:07 GMT

GET
H3 200 LXcMpGGbRkP7Gbo2T-NSujMqgOADRJJC0hZSajcBT0XAFEPN4Qu_uBjbkYHuVBC615MhzNLNL_eXL3nVEkRR6jjTHcoBvtf7_Po=w16
lh3.googleusercontent.com/ 458 B
483 B 16ms
13ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/LXcMpGGbRkP7Gbo2T-NSujMqgOADRJJC0hZSajcBT0XAFEPN4Qu_uBjbkYHuVBC615MhzNLNL_eXL3nVEkRR6jjTHcoBvtf7_Po=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b6da3cdb7cff4fa6ba59c573533db05bdf868830aeea5fdb400135b7b23ed597

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:07 GMT
x-content-type-options: nosniff
age: 5980
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 458
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:07 GMT

GET
H3 200 bMGQ4yp4ZMlmkdosw487snZM3KCxv4eojdYcxvGnSUOEnkv09_STtmP_oKlXRCm3k1aZYahhk5C0ckrut9QdR9jQBP-437glxP4=s0
lh3.googleusercontent.com/ 34 KB
34 KB 30ms
27ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/bMGQ4yp4ZMlmkdosw487snZM3KCxv4eojdYcxvGnSUOEnkv09_STtmP_oKlXRCm3k1aZYahhk5C0ckrut9QdR9jQBP-437glxP4=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

0f9fd81a08eecb2018384c281acd08fa6add7ffee002123129ff7a546b82fa31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:07 GMT
x-content-type-options: nosniff
age: 5980
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34662
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:07 GMT

GET
H3 200 AhvFgClQkCuXUZblpf5VCGEyQoJaUrIXJYuEABnn2bUgA77AvEQO8YehIVzPTKK53_ubxUUXWRWBoyYvHkNPoqxfL9k5aGbHdD5o=w16
lh3.googleusercontent.com/ 575 B
600 B 14ms
12ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/AhvFgClQkCuXUZblpf5VCGEyQoJaUrIXJYuEABnn2bUgA77AvEQO8YehIVzPTKK53_ubxUUXWRWBoyYvHkNPoqxfL9k5aGbHdD5o=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

1dd8c38f74756eeebe8302aa2f207760abe5b57133e7958931e78e4b2870181f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:07 GMT
x-content-type-options: nosniff
age: 5980
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 575
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:07 GMT

GET
H3 200 XPEQuQzbQqwQS1g8iJ7BDcRryBgOyO1kJlafR8M2BdY76ZOKSzPbH1kIuElouHQENT2eO3dCkl4yiuefg2k3MzqwCu-XtqLK1OV0=w16
lh3.googleusercontent.com/ 575 B
600 B 32ms
29ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/XPEQuQzbQqwQS1g8iJ7BDcRryBgOyO1kJlafR8M2BdY76ZOKSzPbH1kIuElouHQENT2eO3dCkl4yiuefg2k3MzqwCu-XtqLK1OV0=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f80c4e842cf1cddf979cbf4cf904269dfd5e41ddcf1ef1da83a1bb848f835ec0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:07 GMT
x-content-type-options: nosniff
age: 5980
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 575
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:07 GMT

GET
H3 200 TDAiEjekjRmzFHSJAEOsbixEV06UxsgGa8nX_VTyVsy5mJKw6XDJQL-sBoal2IWgklizL-p512b1zoqMcqPkmjHuqE5k_W7vClg=w16
lh3.googleusercontent.com/ 577 B
602 B 15ms
12ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/TDAiEjekjRmzFHSJAEOsbixEV06UxsgGa8nX_VTyVsy5mJKw6XDJQL-sBoal2IWgklizL-p512b1zoqMcqPkmjHuqE5k_W7vClg=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

31d9d4d853d7426533bea329d61e28677b7ffa078ae280290de50ad646ae6eba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:07 GMT
x-content-type-options: nosniff
age: 5980
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 577
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:07 GMT

GET
H3 200 n-Y60a-YX5ixqNjX9ajXgF2dohGeyznFcDHi2JnB8ap2AlMLe89K25uZuCxpOVeVO-Mbb7aEEqYVCm5X6s60orNmTCHz9uE-TQ=w16
lh3.googleusercontent.com/ 660 B
685 B 31ms
28ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/n-Y60a-YX5ixqNjX9ajXgF2dohGeyznFcDHi2JnB8ap2AlMLe89K25uZuCxpOVeVO-Mbb7aEEqYVCm5X6s60orNmTCHz9uE-TQ=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

11a5066ce5aa1d4619f5582cffdcd559c9a1aae9de9b010984ec89d2d8b4762f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:07 GMT
x-content-type-options: nosniff
age: 5980
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 660
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:07 GMT

GET
H3 200 HbycKGCVE6V83_ROXDUrfrlNF_wihoki9xGfd3Tne1Jwmq3QUxdFr6_cY3_Bh_97oIS1QSCMqT5SicZ1tmYhtZNK6deftMurtNCX=s0
lh3.googleusercontent.com/ 39 KB
39 KB 27ms
24ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/HbycKGCVE6V83_ROXDUrfrlNF_wihoki9xGfd3Tne1Jwmq3QUxdFr6_cY3_Bh_97oIS1QSCMqT5SicZ1tmYhtZNK6deftMurtNCX=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

5190abfe9f241dd6c5afbd313cecfe3bc1c2d3e5e0a6815c28c4b9942de6237e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:07 GMT
x-content-type-options: nosniff
age: 5980
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40152
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:07 GMT

GET
H3 200 KqhQWp7dUO2yyas9gabmfzQYuZb8eAG5LR4XnTFtLXo5AZLcee8r0_FAd8WMGGUJrszS8Vul3srAVUNlRqjsqldtj-8qtVuJtx8=w16
lh3.googleusercontent.com/ 562 B
587 B 31ms
28ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/KqhQWp7dUO2yyas9gabmfzQYuZb8eAG5LR4XnTFtLXo5AZLcee8r0_FAd8WMGGUJrszS8Vul3srAVUNlRqjsqldtj-8qtVuJtx8=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c26b66c28c54246fdf031482b1e0d7b076c37cf422e2d7b2969be733720f03d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:07 GMT
x-content-type-options: nosniff
age: 5980
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 562
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:07 GMT

GET
H3 200 zL0fUx2qiWCK833qDbtDyNS-4_VE82Z3vL0McM-i3xon5qenITbnq9CWPbOJMMvk42p3oyJ3mfa0rN3W-ghl5owH9XTALSGSHQ=s0
lh3.googleusercontent.com/ 43 KB
43 KB 24ms
21ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/zL0fUx2qiWCK833qDbtDyNS-4_VE82Z3vL0McM-i3xon5qenITbnq9CWPbOJMMvk42p3oyJ3mfa0rN3W-ghl5owH9XTALSGSHQ=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7ac8c0c398a8c50881f8df96030a9ed8442b654cb9d2e1a1877aebedd02023af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:07 GMT
x-content-type-options: nosniff
age: 5980
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44083
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:07 GMT

GET
H3 200 yDg9XcrVlwn2g3OGWAN94ZbA0PW6hifx_0jaOf-XfciTso5dWRcuAx5HmroKvOx172KAIkaKePyppVOJRtORot_b2Ts4Dnl5bhmy=w16
lh3.googleusercontent.com/ 279 B
304 B 30ms
27ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/yDg9XcrVlwn2g3OGWAN94ZbA0PW6hifx_0jaOf-XfciTso5dWRcuAx5HmroKvOx172KAIkaKePyppVOJRtORot_b2Ts4Dnl5bhmy=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a39f6b6d8f73c27f9da666c425f6ba369004dc25e3cc8adef547612635e5e244

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:07 GMT
x-content-type-options: nosniff
age: 5980
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 279
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:07 GMT

GET
H3 200 zFWAG1kxVcpHmOqQ5l6DZF2Lkdjfbl9P8f27igRvwiN5qxFWETIpL7A5__KGyc9IS1mtaEH049SbNHqoAGLMkdnHaip1YreWaQw=s0
lh3.googleusercontent.com/ 48 KB
48 KB 19ms
16ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/zFWAG1kxVcpHmOqQ5l6DZF2Lkdjfbl9P8f27igRvwiN5qxFWETIpL7A5__KGyc9IS1mtaEH049SbNHqoAGLMkdnHaip1YreWaQw=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7175f0fd288f011560ca785808341d055393c4d63055afa2d37627a8e76be19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:07 GMT
x-content-type-options: nosniff
age: 5980
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48730
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:07 GMT

GET
H3 200 9koIo2pE2cX13hnh0Yl3g4aZqsRD6jqCxEqzzLNnS7QXXN4k0roYVsyLXTfaMaYubmF-ju_kuHTcA8S56ARkE3bhZ3B37AYhdxLW=w16
lh3.googleusercontent.com/ 291 B
316 B 24ms
21ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/9koIo2pE2cX13hnh0Yl3g4aZqsRD6jqCxEqzzLNnS7QXXN4k0roYVsyLXTfaMaYubmF-ju_kuHTcA8S56ARkE3bhZ3B37AYhdxLW=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

aba0f08dc1fa858dbd70d733fac29f07cd07816732bf498c9dda14d5d79dc93f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:07 GMT
x-content-type-options: nosniff
age: 5980
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 291
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:07 GMT

GET
H3 200 7xyHhGbThSsKRvEtDDjjMRdkL9w3QSI5M3LFelMyqlZ0vlDwjG99RygiAhvwECfoTeQ7CnH9A9aKO4h2sMw9ZefbfYsx4htWdZM=w16
lh3.googleusercontent.com/ 272 B
297 B 27ms
24ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/7xyHhGbThSsKRvEtDDjjMRdkL9w3QSI5M3LFelMyqlZ0vlDwjG99RygiAhvwECfoTeQ7CnH9A9aKO4h2sMw9ZefbfYsx4htWdZM=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

214df72d9a3910941fda905199bc8069c6b298ce2b577c71c149773e9c64030f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:07 GMT
x-content-type-options: nosniff
age: 5980
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 272
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:07 GMT

GET
H3 200 Y2qrJs3P1rwO6ZHL8EqhMx2C-zxwM3PlWdeJsqNzh4qhbfm9D5T28EMGlzGvyKLPv0W2LJydeaIR5mQNHDmLrezhlpm2150zGgto=w16
lh3.googleusercontent.com/ 286 B
311 B 28ms
26ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/Y2qrJs3P1rwO6ZHL8EqhMx2C-zxwM3PlWdeJsqNzh4qhbfm9D5T28EMGlzGvyKLPv0W2LJydeaIR5mQNHDmLrezhlpm2150zGgto=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

31b790b6aa4636b48813be238cfbd46163c06298333db50e03373fcd5d41e6ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:07 GMT
x-content-type-options: nosniff
age: 5980
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 286
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:07 GMT

GET
H3 200 hKW7gTJR8ElpmAAkh7pmORjcOTmh384JZ6CW6zy6rFf2qyOmQX9tgey0wnIQH_-Sg3lKFojq4mJjI-sDSxM6rNJWJ9G4kLG5XQU=s0
lh3.googleusercontent.com/ 22 KB
22 KB 22ms
19ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/hKW7gTJR8ElpmAAkh7pmORjcOTmh384JZ6CW6zy6rFf2qyOmQX9tgey0wnIQH_-Sg3lKFojq4mJjI-sDSxM6rNJWJ9G4kLG5XQU=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

dff5c7a61358f77654f6f3c48ba16e33a4315bb57389075f380c408b250c73b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:07 GMT
x-content-type-options: nosniff
age: 5980
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22076
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:07 GMT

GET
H3 200 ATvL_yTTnby4CtmWvqyTiTgfSRNzmoX7HrIQM0k75VRL2MSXAIJ65oY66cqrOu95217XvkLm_-XxFbmzcgMnLFPLfx7XZnPMEIjp=w16
lh3.googleusercontent.com/ 413 B
438 B 25ms
23ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ATvL_yTTnby4CtmWvqyTiTgfSRNzmoX7HrIQM0k75VRL2MSXAIJ65oY66cqrOu95217XvkLm_-XxFbmzcgMnLFPLfx7XZnPMEIjp=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f54a8022d466a7d8067a7b9fa35254667bf3a5fd4dad4807b54581da7a3e3b0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:07 GMT
x-content-type-options: nosniff
age: 5980
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 413
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:07 GMT

GET
H3 200 mWtM1znzWII_fSBzcwGx0qEmOb9lNDG24L1UIo3FlYAahkYfVpYtXH3z_eeT8jxWN0BPd6whHw4VfCgGaVcOX7YDhH7C-7tSTDU=w16
lh3.googleusercontent.com/ 691 B
716 B 28ms
25ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/mWtM1znzWII_fSBzcwGx0qEmOb9lNDG24L1UIo3FlYAahkYfVpYtXH3z_eeT8jxWN0BPd6whHw4VfCgGaVcOX7YDhH7C-7tSTDU=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f10ec21a492c33b4c6c6a6dac52a189d96560ce7b76595be7ab1f2890c2b41a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:07 GMT
x-content-type-options: nosniff
age: 5980
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 691
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:07 GMT

GET
H3 200 sy7aFFVL8PFj10zRJ60Mk-d_V3jJe2MOJWlPv00Jy5xjjZECnkv9lRKBpaXlwMHN156vrvDyxR779isUa51aMgZrV0IuZUeg=w16
lh3.googleusercontent.com/ 284 B
309 B 28ms
25ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/sy7aFFVL8PFj10zRJ60Mk-d_V3jJe2MOJWlPv00Jy5xjjZECnkv9lRKBpaXlwMHN156vrvDyxR779isUa51aMgZrV0IuZUeg=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

cab0187e0daa40dcafa6ad301c50f0a2d35dd20299575b1e07ce89e00e585dbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:49:07 GMT
x-content-type-options: nosniff
age: 5980
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 284
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 21:49:07 GMT

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
151 B 102ms
101ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=601261&d=go.behindthemarkets.com&u=D477E6A9E4D90F963B0F8931C59B2CF8C&h=b87511e8e9c39360a647f207cee4e1cc&t=false

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:47 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: public, max-age=43200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35

GET
H2 200 identify.html Show response
js.center.io/ Frame 8777 4 KB
2 KB 16ms
15ms Document
text/html 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.center.io/identify.html
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 0efa1e4687032588dae8d6d3a00a92e504a3a14b9d1bb23c19670a47c9792110

Request headers

Referer: https://go.behindthemarkets.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 16
cache-control: public, max-age=300
content-encoding: gzip
content-length: 2016
content-type: text/html
date: Wed, 27 Sep 2023 23:28:31 GMT
etag: "OMWYXg"
expires: Wed, 27 Sep 2023 23:33:31 GMT
server: Google Frontend
x-cloud-trace-context: 0a5781f223a99fb56e4dd11fdc2c7d4e

GET
H3 200 wRCLDsfkIMmtWIP3l7eNMfWQFoU1CVBaoN4qNhQvjLxv1AYeZIad-WiKxstWIvoz7CNPRVxP-I4oXMl9nl-lrDpZi2pjH_XxYPnJ=w600
lh3.googleusercontent.com/ 217 KB
217 KB 33ms
32ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/wRCLDsfkIMmtWIP3l7eNMfWQFoU1CVBaoN4qNhQvjLxv1AYeZIad-WiKxstWIvoz7CNPRVxP-I4oXMl9nl-lrDpZi2pjH_XxYPnJ=w600

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7caa39736388b58116f1d7318edb260aec86c94473cd8ad2ddcbb75c7e2b0f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:47 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 222462
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 23:28:47 GMT

GET
H3 200 ABBojT1Nd5u_lCZNCn0JwUxW4s2Z-anLz_ApbgNC7XLMQIiXPm3_97_AJ2-OvC2STmqktqiJ5kSM1QpGOmC4boFPxT4wVrIbYz1y=w600
lh3.googleusercontent.com/ 171 KB
171 KB 27ms
26ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ABBojT1Nd5u_lCZNCn0JwUxW4s2Z-anLz_ApbgNC7XLMQIiXPm3_97_AJ2-OvC2STmqktqiJ5kSM1QpGOmC4boFPxT4wVrIbYz1y=w600

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

fdf58592570bd7a179f45ab4a8609b0646df59456d87bad60a362f0bfd9c2683

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:47 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 174963
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 28 Sep 2023 23:28:47 GMT

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 127 KB
50 KB 62ms
19ms Script
application/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=OPT-K7WPB5K

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3078dc5c92da59ad852e68567e1defb5bd847f40ad5115c67b46c7c1b0e62903

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50626
x-xss-protection: 0
last-modified: Wed, 27 Sep 2023 22:08:23 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 27 Sep 2023 23:28:47 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 46ms
12ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 27 Sep 2023 21:49:43 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 5944
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 27 Sep 2023 23:49:43 GMT

GET
H2 200 ld.js Show response
dynamic.criteo.com/js/ld/ 47 KB
20 KB 59ms
27ms Script
application/javascript 2a02:2638:3::e
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://dynamic.criteo.com/js/ld/ld.js?a=93258

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::e , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

0946cb87b7a79f481e8918c9754da72dac3364563c52f58e623ac23a170a49c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; preload;
server: Kestrel
vary: Origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public,max-age=10800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

GET
H2 200 everflow.js Show response
www.behindthemarkets-btm.com/scripts/sdk/ 60 KB
19 KB 21ms
16ms Script
text/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.behindthemarkets-btm.com/scripts/sdk/everflow.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United Kingdom, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e426e330d152fce1b2e4a53ff4062cfe1531acca6f02c9b5329009d496aad05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:47 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13976
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 27 Sep 2023 19:35:51 GMT
accept-ch: Sec-Ch-Ua-Platform-Version
server: cloudflare
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Ia%2BKPi%2Fc08k69ssWQDmnnLwqRzMDN7BJAGLV6RmR0st3X2q%2FTZeS8gvFOcXeXGi4vVBDuXJfPwcfMQ58mxXe8ELTFRFmIq9PuC8kND97DjLzgz3tSGl50BCkuU27rzJiREhkPMuTg2I0kvUVD3pFLD7zAxv%2BCH9bd8Q"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
x-eflow-request-id: b43ecddd-42eb-4319-81b3-257891559b66
cf-ray: 80d7866a5abb383e-FRA

GET
H2 200 / Show response
load.sumo.com/ 2 KB
2 KB 65ms
14ms Script
text/javascript 2400:52e0:1e00::1082:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=011b699350a74f97a88064cf277ce138&utm_source=82&utm_campaign=&utm_medium=&id=yoktal%40hanmail.net&iocid=&aff=82&creative_id=&oid=110&message_id=&link_id=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 -, , ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:47 GMT
content-encoding: br
cdn-edgestorageid: 1081
x-amz-request-id: 1KYFJQFMBFJKH37P
cdn-cachedat: 08/01/2023 19:55:24
cdn-pullzone: 53731
x-amz-id-2: qq+ntw5IJPjgabl5D2IupL5Qw6IGEklZlzXzRWgabNShliLdR2eEmsTuZwMPqR0zNmJqeRsDUJM=
last-modified: Wed, 05 Oct 2022 16:50:13 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"415c9608bc47ee8a16b3a2f2c0aee7b0"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=600
cdn-requestid: f44b401c60699cf39f4faff3f971a2f5
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 403 request.js
script.anura.io/ 0
0 83ms
26ms Script
application/javascript 13.40.91.234
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://script.anura.io/request.js?instance=2840531173&source=82&campaign=undefined&306396454347
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=011b699350a74f97a88064cf277ce138&utm_source=82&utm_campaign=&utm_medium=&id=yoktal%40hanmail.net&iocid=&aff=82&creative_id=&oid=110&message_id=&link_id=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.40.91.234 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-40-91-234.eu-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 278 KB
90 KB 33ms
29ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

959de357cd3053fe443f9f9678b25471a90effbcf4a150c2bf032249b68b755a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92259
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 27 Sep 2023 23:28:47 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 271 KB
91 KB 31ms
28ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-KDYSD5C2HD&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9aa886d29e25ff3fba24e39430aca63256d22e9c98339293f88607c1aec49982

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92730
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 27 Sep 2023 23:28:47 GMT

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/events/ 35 B
686 B 419ms
137ms XHR
image/gif 35.192.151.63
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/events/capture?k=view&a=leadpage&l=Gy3xzrFUCQo2QEFioeBcaF&v=&e=&st=&lc=en-US&pid=bb4wMKcXKB896PwqF4vMVT-default-prop&uid=jrafiwHav2V2f8zYxTMCrC&sid=MozZFpzdfazQ5nvbyigtVZ&cid=lp-Gy3xzrFUCQo2QEFioeBcaF&uri=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-ufo-weapon%2F%3F_ef_transaction_id%3D011b699350a74f97a88064cf277ce138%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Dyoktal%2540hanmail.net%26iocid%3D%26aff%3D82%26creative_id%3D%26oid%3D110%26message_id%3D%26link_id%3D&rf=&rx=1600&ry=1200&tz=%2B02%3A00
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Wed, 27 Sep 2023 23:28:48 GMT
Server: Stargate
Transfer-Encoding: chunked
access-control-max-age: 600
Content-Type: image/gif
access-control-allow-origin: https://go.behindthemarkets.com
X-Forwarded-For: 178.162.209.132
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
Connection: keep-alive
x-request-id: 03fivag2ig9ilodo2lj0

POST
H2 204 collect
region1.analytics.google.com/g/ 0
259 B 36ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-KDYSD5C2HD&gtm=45je39p0&_p=1388141432&_gaz=1&cid=1789431303.1695857328&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1695857327&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-ufo-weapon%2F%3F_ef_transaction_id%3D011b699350a74f97a88064cf277ce138%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Dyoktal%2540hanmail.net%26iocid%3D%26aff%3D82%26creative_id%3D%26oid%3D110%26message_id%3D%26link_id%3D&dt=BTM%20UFO%20Weapon&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-KDYSD5C2HD&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 23:28:47 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
259 B 51ms
17ms Ping
text/plain 2a00:1450:400c:c03::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-KDYSD5C2HD&cid=1789431303.1695857328&gtm=45je39p0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-KDYSD5C2HD&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c03::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 23:28:47 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 68ms
19ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-KDYSD5C2HD&cid=1789431303.1695857328&gtm=45je39p0&aip=1&z=2003827102

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 23:28:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 14ms
13ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-8R6YNFMJ23&gtm=45je39p0&_p=1388141432&_gaz=1&cid=1789431303.1695857328&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1695857327&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-ufo-weapon%2F%3F_ef_transaction_id%3D011b699350a74f97a88064cf277ce138%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Dyoktal%2540hanmail.net%26iocid%3D%26aff%3D82%26creative_id%3D%26oid%3D110%26message_id%3D%26link_id%3D&dt=BTM%20UFO%20Weapon&en=page_view&_fv=1&_ss=1&epn.variant_id=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 23:28:47 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
54 B 17ms
17ms Ping
text/plain 2a00:1450:400c:c03::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-8R6YNFMJ23&cid=1789431303.1695857328&gtm=45je39p0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c03::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 23:28:47 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 34ms
25ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8R6YNFMJ23&cid=1789431303.1695857328&gtm=45je39p0&aip=1&z=1025724340

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 23:28:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
214 B 14ms
14ms XHR
text/plain 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1388141432&t=pageview&_s=1&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-ufo-weapon%2F%3F_ef_transaction_id%3D011b699350a74f97a88064cf277ce138%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Dyoktal%2540hanmail.net%26iocid%3D%26aff%3D82%26creative_id%3D%26oid%3D110%26message_id%3D%26link_id%3D&ul=en-us&de=UTF-8&dt=BTM%20UFO%20Weapon&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aADAAEABQAAAACAAI~&jid=589255088&gjid=1688516295&cid=1789431303.1695857328&tid=UA-102395123-1&_gid=678803071.1695857328&_r=1&_slc=1&gtm=45He39p0n81WNRH3TX&cd1=82&cd3=false&cd4=false&cd5=false&cd6=false&cd7=false&z=1444464942

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.behindthemarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 23:28:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 72.0a035390359aab65eb82.js Show response
load.sumo.com/ 131 KB
44 KB 13ms
13ms Script
text/javascript 2400:52e0:1e00::1082:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/72.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 -, , ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:47 GMT
content-encoding: br
cdn-edgestorageid: 1082
x-amz-request-id: FMGSGJGQBTWVRJ1S
cdn-cachedat: 07/26/2023 06:51:53
cdn-pullzone: 53731
x-amz-id-2: WSEl9xTH2Gn9NK4dG4tUKq7PjWu4UUEG//nx63LwmWyrTOkJik1SfwhZaBDn+vN/N7UOQCwf0Z8=
last-modified: Wed, 05 Oct 2022 16:49:50 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"a1c4ecc2ca5bc12d61068cd427f9729f"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 700543c5bdff01eb80abaf7163ab2962
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 73.0a035390359aab65eb82.js Show response
load.sumo.com/ 289 KB
100 KB 34ms
34ms Script
text/javascript 2400:52e0:1e00::1082:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/73.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 -, , ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:47 GMT
content-encoding: br
cdn-edgestorageid: 1081
x-amz-request-id: DWH88T81ZZEBPF44
cdn-cachedat: 01/05/2023 13:19:16
cdn-pullzone: 53731
x-amz-id-2: jOqTwrO7CKADB6A99P2KE8erCfBGDinliCUfMCHx9ofCH5Hyp/WWaFB+LMZTpDm3rXJNnXg+404=
last-modified: Wed, 05 Oct 2022 16:49:51 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"ad6f2454f01de902ffd473d51c1207bf"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: bbcb58ce98430d5ec854ada1ad39437b
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame E453 15 KB
6 KB 45ms
16ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=go.behindthemarkets.com&origin=onetag

Requested by

Host: dynamic.criteo.com
URL: https://dynamic.criteo.com/js/ld/ld.js?a=93258

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://go.behindthemarkets.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 27 Sep 2023 23:28:47 GMT
server: Kestrel
server-processing-duration-in-ticks: 306726
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 17ms
17ms XHR
text/plain 2a00:1450:400c:c03::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-102395123-1&cid=1789431303.1695857328&jid=589255088&gjid=1688516295&_gid=678803071.1695857328&_u=aADAAEAAQAAAACAAI~&z=1994199650

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c03::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.behindthemarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 27 Sep 2023 23:28:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 41ms
17ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-102395123-1&cid=1789431303.1695857328&jid=589255088&_u=aADAAEAAQAAAACAAI~&z=349762061

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 23:28:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 19ms
18ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-102395123-1&cid=1789431303.1695857328&jid=589255088&_u=aADAAEAAQAAAACAAI~&z=349762061

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 23:28:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame E453
Redirect Chain

https://gum.criteo.com/sid/json?origin=onetag&domain=behindthemarkets.com&sn=ChromeSyncframe&so=0&topUrl=go.behindthemarkets.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=02GwWHxPTlRKdmlJa2FKaW1FaHRPc1VidmFDL3ltVkVFUVFvZmo3bWlsVStSRHhmUE1zcDVBdHdxcUNscjEzNDhnWElsRWR2a0JBaTh3WnRJWHBpdndhMXZubUFXdUtXYnp4REcyOUVEOGJ0TjlReSt1TC9XdHB2ZkM5MV...

449 B
671 B

58ms
15ms

Fetch
application/json

178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=02GwWHxPTlRKdmlJa2FKaW1FaHRPc1VidmFDL3ltVkVFUVFvZmo3bWlsVStSRHhmUE1zcDVBdHdxcUNscjEzNDhnWElsRWR2a0JBaTh3WnRJWHBpdndhMXZubUFXdUtXYnp4REcyOUVEOGJ0TjlReSt1TC9XdHB2ZkM5MVpJZ2E3bkxONE9iOG5NNnJUUUdFM2dGWGpyVTVEbFh0K0VaT2dNV2hTRnAzU1RLMEN5NldqK2FTbnFSM2twUzBPL1FGaTAwZUt0SmpRb2xHVjgvNFpDcUNubVl1ankybitzZytKUzFkdkdkaFJCNFZHWjA3eDNPRHNRWXkyL3g4ZHAybjZkMTlselI4M3RyMGh3K2Rid0dLWHpTcEFYRnFuazl6TE9jREtFQUhtd3NRcTYzZz18&cppv=2

Protocol

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

6619d254cf163d96cbb153086dc483c5d89b7430cb41e960b171591b69226e76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 23:28:47 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1037465
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 27 Sep 2023 23:28:47 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=02GwWHxPTlRKdmlJa2FKaW1FaHRPc1VidmFDL3ltVkVFUVFvZmo3bWlsVStSRHhmUE1zcDVBdHdxcUNscjEzNDhnWElsRWR2a0JBaTh3WnRJWHBpdndhMXZubUFXdUtXYnp4REcyOUVEOGJ0TjlReSt1TC9XdHB2ZkM5MVpJZ2E3bkxONE9iOG5NNnJUUUdFM2dGWGpyVTVEbFh0K0VaT2dNV2hTRnAzU1RLMEN5NldqK2FTbnFSM2twUzBPL1FGaTAwZUt0SmpRb2xHVjgvNFpDcUNubVl1ankybitzZytKUzFkdkdkaFJCNFZHWjA3eDNPRHNRWXkyL3g4ZHAybjZkMTlselI4M3RyMGh3K2Rid0dLWHpTcEFYRnFuazl6TE9jREtFQUhtd3NRcTYzZz18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 240812
content-length: 0
expires: 0

POST
H2 200 / Show response
sumo.com/api/load/ 876 B
1 KB 783ms
184ms XHR
application/json 34.220.132.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/load/

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.220.132.2 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-220-132-2.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

54b82ef8b3bcead7fc98d3d6a8ecbf09c416b5f6613a3e31eecf8c61062abdfc

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://go.behindthemarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Wed, 27 Sep 2023 23:28:48 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 876

GET
H/1.1 200
OK capture
api.leadpages.io/analytics/v1/observations/ 35 B
357 B 205ms
129ms Image
image/gif 35.192.151.63
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?version=1.7.13&origin=page-speed&kind=timer,timer,timer,timer,timer,timer,timer,timer,timer,timer&label=domain-lookup,connect,request,ttfb,response,loading,interactive,content-loaded,complete,load&value=33,266,257,558,145,561,822,823,1202,1207
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Wed, 27 Sep 2023 23:28:48 GMT
Server: Stargate
Transfer-Encoding: chunked
X-Forwarded-For: 178.162.209.132
Content-Type: image/gif
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
Connection: keep-alive
x-request-id: 03fivah4u5h6jh45p0e0

GET
H3 200 click Show response
www.behindthemarkets-btm.com/sdk/ 87 B
846 B 140ms
140ms Fetch
application/json 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.behindthemarkets-btm.com/sdk/click?effp=a538a2b4365803639329269daae4f30a&sec_ch_ua_platform=&sec_ch_ua_platform_version=&_ef_transaction_id=011b699350a74f97a88064cf277ce138&oid=110&affid=82&__cc=&async=json&source_id=82&creative_id=
Requested by: Host: www.behindthemarkets-btm.com
URL: https://www.behindthemarkets-btm.com/scripts/sdk/everflow.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United Kingdom, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc821140cd9212a8d5883ddb981ab2bb5b521c69886e549a0de6d4b9a790e292

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:48 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ch: Sec-Ch-Ua-Platform-Version
server: cloudflare
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BAnYKmCv%2FmUuNlXpyj7iBjYOW5r%2F4MKe0VstrMxA4tBmEBegCpLSXWtt507xSZZZu%2BBDRUKKFRF%2FVodFzfeVlesTiYFYS67tn3FdyZY5EX3W9W4Aw%2F2zdFgDhQxCPPzbt%2FayVPWstgl2%2Br%2BIKtKW2Dm2WuasqctQZwMq"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
x-eflow-request-id: d1581143-74ba-4fa0-9097-5df7fe30b286
cf-ray: 80d7866ceb559028-FRA
alt-svc: h3=":443"; ma=86400

OPTIONS
H2 204 services
sumo.com/ Frame 0
0 179ms
179ms Preflight 34.220.132.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sumo.com/services
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 34.220.132.2 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-220-132-2.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: x-sumo-auth
Access-Control-Request-Method: POST
Origin: https://go.behindthemarkets.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-origin: https://go.behindthemarkets.com
access-control-max-age: 2592000
date: Wed, 27 Sep 2023 23:28:48 GMT
server: nginx

POST
H2 200 services Show response
sumo.com/ 205 B
607 B 193ms
193ms XHR
application/json 34.220.132.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/services

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.220.132.2 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-220-132-2.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

c5265b2a343e05fcaf0cd05b0dd03975c4d83e4168eafea7236a99ee46caf79e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

X-Sumo-Auth: SL2ouPF6vk1oNwsdeE7SpaAl
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://go.behindthemarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Wed, 27 Sep 2023 23:28:49 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
content-length: 205

GET
H2 200 7.0a035390359aab65eb82.js Show response
load.sumo.com/ 97 KB
34 KB 14ms
13ms Script
text/javascript 2400:52e0:1e00::1082:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/7.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 -, , ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: c60b93effcbac344d2c30270e0d97323af0f64f43f3ac4d8abd486a875477169

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:49 GMT
content-encoding: br
cdn-edgestorageid: 1081
x-amz-request-id: 6556JDXZW8AN2YNV
cdn-cachedat: 08/01/2023 19:55:10
cdn-pullzone: 53731
x-amz-id-2: cSUMWfK1WSpDwfk1Ts7bzDlPEW2XyFxoF6OWJezYiEehsSRchfIhZEPax52J+5vxI3XyrXtZRhc=
last-modified: Wed, 05 Oct 2022 16:49:48 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"3fa9c18f727d4b42fb894fda90a374e1"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 342e4b7a47037f1c0dc6bd849e1cb4ab
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 4.0a035390359aab65eb82.js Show response
load.sumo.com/ 5 KB
3 KB 18ms
16ms Script
text/javascript 2400:52e0:1e00::1082:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/4.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 -, , ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 3f351eef4b0a3ccd70ff9d4239851252a0a6eba79471e530f9deec0b3421d132

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:49 GMT
content-encoding: br
cdn-edgestorageid: 1081
x-amz-request-id: XPQK36ZER9CRKS11
cdn-cachedat: 07/07/2023 01:47:30
cdn-pullzone: 53731
x-amz-id-2: mTOZvT+dViFEnXbdMieeIDxf0x24WT/uSdiD07sBGMn9LykYofikgvDE4pImCCIDh6WUqbyXrcU=
last-modified: Wed, 05 Oct 2022 16:49:25 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"a39d043b7c7bba70750cf288ee5ef71a"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 29b2dec649104266b6064bd8f0429498
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 2.0a035390359aab65eb82.js Show response
load.sumo.com/ 3 KB
2 KB 17ms
15ms Script
text/javascript 2400:52e0:1e00::1082:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/2.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 -, , ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 5dc9d61931a73fa03b59af510868b7e89e4523df5a53935212ca8a9b31af0b8d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:49 GMT
content-encoding: br
cdn-edgestorageid: 1082
x-amz-request-id: XPQM4KE27F1PV1RK
cdn-cachedat: 07/07/2023 01:47:30
cdn-pullzone: 53731
x-amz-id-2: oA8LQN3Tk/ne2zEnCJcTDIXVqtH0lmXgqdnClhbLqUrZ7AoJhtGig12OgATcN4TrCkSO40O6SCY=
last-modified: Wed, 05 Oct 2022 16:49:10 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"6bfdf1ae8492f107706ac037915be663"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 4228997ce13db6456f6c4020b75a632c
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 10.0a035390359aab65eb82.js Show response
load.sumo.com/ 11 KB
5 KB 30ms
29ms Script
text/javascript 2400:52e0:1e00::1082:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/10.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 -, , ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 4b6753aef2f81a4813434523b259d9d19f368ae41cd40162bf0897bc4e334cb9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:49 GMT
content-encoding: br
cdn-edgestorageid: 1082
x-amz-request-id: XPQY5KZM19H9N2EA
cdn-cachedat: 07/07/2023 01:47:30
cdn-pullzone: 53731
x-amz-id-2: seuQMDfJmqhHAlic6XiyJ4hVPQujxdUHubwd+ZhchYqZFdd51kzaghRFiM11t3gYmD58vzM+KNA=
last-modified: Wed, 05 Oct 2022 16:48:57 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"fc263e7087822a0b00ff93677d6df4ea"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: dabe64dac21f08e433fc373a42ed2af5
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 22.0a035390359aab65eb82.js Show response
load.sumo.com/ 92 KB
25 KB 18ms
17ms Script
text/javascript 2400:52e0:1e00::1082:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/22.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 -, , ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 4c2a0a41bdbc55f5d0f74f367110639cb7fe35122a7a140846d1395d21609a6d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:49 GMT
content-encoding: br
cdn-edgestorageid: 1080
x-amz-request-id: PQQBXF8WXVX9X2EZ
cdn-cachedat: 07/07/2023 01:10:26
cdn-pullzone: 53731
x-amz-id-2: irVg4hjWiANPv68QkQboAQiwpeyFydpGds+oixAV97BR2fr/wIxSfvdoMo3ggEkMwbf62jAfgAI=
last-modified: Wed, 05 Oct 2022 16:49:12 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"8af82c4c30a069f66de02526c2f332af"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 2c0b5f122f613b9b030574630098df6d
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 23.0a035390359aab65eb82.js Show response
load.sumo.com/ 329 KB
94 KB 19ms
18ms Script
text/javascript 2400:52e0:1e00::1082:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/23.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 -, , ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 36aecd4542cf4c62f3d0b0517e0e560aabd649e4efcfce254a95c5adeb388a5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:49 GMT
content-encoding: br
cdn-edgestorageid: 1081
x-amz-request-id: RKQZQ72VFQMDKFPM
cdn-cachedat: 08/01/2023 19:55:20
cdn-pullzone: 53731
x-amz-id-2: BwiMkm/NrNe/oG+SEc1gZv5tpb4dLpnrRMkQQWrblkEy+u4k6dyVJj1CS5kSMpDq5pTg6Pefv3s=
last-modified: Wed, 05 Oct 2022 16:49:12 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"be0b945be6cafa91f6fd4efdfc8268f8"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 46fc90c9fbddbfe74978295615524669
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 21.0a035390359aab65eb82.js Show response
load.sumo.com/ 179 KB
51 KB 27ms
26ms Script
text/javascript 2400:52e0:1e00::1082:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/21.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 -, , ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 967ff48c41053bf7c36f819b71ee6b509bd9971857397d74b41c75acc5bd27ae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:49 GMT
content-encoding: br
cdn-edgestorageid: 1082
x-amz-request-id: C84PNVNQB66PCZG0
cdn-cachedat: 08/29/2023 11:03:01
cdn-pullzone: 53731
x-amz-id-2: ENE2TCqG376TzQkN1MMQaDsoDM44TulVnj3fty3yhkgq5APg+ofa21zsAF6x/yL20mKJRIov3B8=
last-modified: Wed, 05 Oct 2022 16:49:11 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"beda094dfc3b530efd0d2d83c5a0280c"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 27e63a1b724fa86d9b832ab11f7326c1
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 64.0a035390359aab65eb82.js Show response
load.sumo.com/ 1 KB
1 KB 28ms
28ms Script
text/javascript 2400:52e0:1e00::1082:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/64.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 -, , ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: fe39eced72c33ae4c1b3bdd9843bc853265b9909040d41555faa02f62cb29ef2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:49 GMT
content-encoding: br
cdn-edgestorageid: 1081
x-amz-request-id: EA5PWJXNP1GBHPCQ
cdn-cachedat: 07/07/2023 01:53:36
cdn-pullzone: 53731
x-amz-id-2: zkxWwTdtBgLtEW47U1GFGbcEHT4EF1xNTQC3zntIgeMozv+e73QWQDWk1fHvU+QddG0us9tlRc8=
last-modified: Wed, 05 Oct 2022 16:49:45 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"d200986501135078d1fbd7f480e7bb08"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 9fed9e1665150dd1f2b61bee4b052572
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 0.0a035390359aab65eb82.js Show response
load.sumo.com/ 5 KB
3 KB 16ms
15ms Script
text/javascript 2400:52e0:1e00::1082:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/0.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 -, , ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: dd9c85c873b9b644468988e8165e079b0e747a550ce13fa3f7d0c1839b0fd503

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:49 GMT
content-encoding: br
cdn-edgestorageid: 1082
x-amz-request-id: 3WHT15W2TJWFMKM7
cdn-cachedat: 07/07/2023 01:47:31
cdn-pullzone: 53731
x-amz-id-2: VZjr0K5Y8SUXWSYHQImuxYw+Exhyj1Kyjsa9lNkbyPzFc1SQBSWWHUm8YElx+Sw55wP8K1fK+xs=
last-modified: Wed, 05 Oct 2022 16:48:56 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"31baf056af3800bbd6e4f9e8b445d052"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: f76ff712d6ad40997025670693773741
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 96.0a035390359aab65eb82.js Show response
load.sumo.com/ 1 MB
81 KB 15ms
14ms Script
text/javascript 2400:52e0:1e00::1082:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/96.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 -, , ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 535f84cffe4a18de721d24bd0f6a46f059068d48daf2327d143e0397431cbb14

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:49 GMT
content-encoding: br
cdn-edgestorageid: 1080
x-amz-request-id: FGD5RPGRC3BGBDEK
cdn-cachedat: 09/11/2023 12:27:01
cdn-pullzone: 53731
x-amz-id-2: UpcBLDSJ2/nt7VJUhvVTsNiESr/KW7DMcj3w6M4CFBg4maYnRNBFWy/9sHzrMmwOjzSxxf/VGuI=
last-modified: Wed, 05 Oct 2022 16:50:09 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"f33273f5c8e8dd3d010a11b209891b91"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: d5af9f500684cb529245042eccdb4844
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 97.0a035390359aab65eb82.js Show response
load.sumo.com/ 221 B
994 B 15ms
14ms Script
text/javascript 2400:52e0:1e00::1082:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/97.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 -, , ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 71b3e9761dec1834f8152f030e564ed3ccee88e6f133764557faadbebf869c2d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 23:28:49 GMT
content-encoding: br
cdn-edgestorageid: 1080
x-amz-request-id: NTJQ2GV1WNAVQPSR
cdn-cachedat: 07/07/2023 01:10:27
cdn-pullzone: 53731
x-amz-id-2: JTXCpCcTcTU62ExaMwtO9D+T6wK0UGb3w92rrh/k+tTFJglllrHjGxgzyla2oCOLZVrlfFqI940=
last-modified: Wed, 05 Oct 2022 16:50:09 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"857476cf6e94c14c223d4481353b4c19"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 6c9daf673193050cfe7048a7c4b6ebe9
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 css
fonts.googleapis.com/ 32 KB
1 KB 18ms
18ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:200italic,300italic,400italic,500italic,600italic,700italic,800italic,900italic,200,300,400,500,600,700,800

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

df3f46edd3dc78e34e7b8df01b494936e06e68f1566df5666d3a9e502b040b27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 27 Sep 2023 23:28:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 27 Sep 2023 21:54:02 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 27 Sep 2023 23:28:49 GMT

GET
H2 200 features Show response
sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/ 3 KB
1 KB 204ms
204ms XHR
application/json 34.220.132.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/features?site_id=7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.220.132.2 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-220-132-2.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

058f76d93a417240888fe7522aca5a1322f3ff8f86ddc950a3c347f0a1ac57da

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://go.behindthemarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
X-Sumo-Auth: SL2ouPF6vk1oNwsdeE7SpaAl

Response headers

date: Wed, 27 Sep 2023 23:28:49 GMT
content-encoding: gzip
server: nginx
etag: "-362431178"
x-frame-options: SAMEORIGIN
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow

OPTIONS
H2 204 features
sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/ Frame 0
0 180ms
180ms Preflight 34.220.132.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/features?site_id=7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 34.220.132.2 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-220-132-2.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: x-sumo-auth
Access-Control-Request-Method: GET
Origin: https://go.behindthemarkets.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-origin: https://go.behindthemarkets.com
access-control-max-age: 2592000
date: Wed, 27 Sep 2023 23:28:49 GMT
server: nginx

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/observations/ 35 B
448 B 130ms
130ms XHR
image/gif 35.192.151.63
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?version=1.8.6&correlateBy=RT3E4Uo2DhGkNHsv5bjN4k&origin=center-js&kind=timer,timer,counter,timer&label=load-center,load-identify,ident-new,send-events&value=119,65.29999923706055,1,419.29999923706055
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Wed, 27 Sep 2023 23:28:52 GMT
Server: Stargate
Transfer-Encoding: chunked
access-control-max-age: 600
Content-Type: image/gif
access-control-allow-origin: https://go.behindthemarkets.com
X-Forwarded-For: 178.162.209.132
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
Connection: keep-alive
x-request-id: 03fivbgcrae7pnj7oas0

Verdicts & Comments Add Verdict or Comment

42 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.api.leadpages.io/analytics/v1/events/capture	1970-01-20 15:05:43	Name: view.bb4wMKcXKB896PwqF4vMVT-default-prop.Gy3xzrFUCQo2QEFioeBcaF Value: 1695857328000
go.behindthemarkets.com/btm-ufo-weapon	1970-01-20 15:47:29	Name: __smVID Value: d8e5cea00dab58e88ab628bf90c60e2f7137e0d6124653e7fdd8ad3d1dad7df4
.clkmg.com/	1970-01-20 23:49:53	Name: vid Value: 899240849
.go.behindthemarkets.com/	1970-01-20 23:51:19	Name: _vwo_uuid_v2 Value: D477E6A9E4D90F963B0F8931C59B2CF8C\|b87511e8e9c39360a647f207cee4e1cc
.behindthemarkets.com/	1970-01-20 17:13:53	Name: _gcl_au Value: 1.1.1026239115.1695857328
js.center.io/	1970-01-21 00:40:17	Name: centerVisitorId Value: jrafiwHav2V2f8zYxTMCrC
.behindthemarkets.com/	1970-01-21 00:40:17	Name: _ga_KDYSD5C2HD Value: GS1.1.1695857327.1.0.1695857327.60.0.0
.behindthemarkets.com/	1970-01-21 00:40:17	Name: _ga Value: GA1.2.1789431303.1695857328
.behindthemarkets.com/	1970-01-20 15:05:43	Name: _gid Value: GA1.2.678803071.1695857328
.behindthemarkets.com/	1970-01-20 15:04:17	Name: _gat_UA-102395123-1 Value: 1
.behindthemarkets.com/	1970-01-21 00:40:17	Name: _ga_8R6YNFMJ23 Value: GS1.1.1695857327.1.0.1695857327.60.0.0
.criteo.com/	1970-01-21 00:25:53	Name: uid Value: 2ec95458-ce3b-41c9-9153-e5d4a64bb3f3
.behindthemarkets.com/	1970-01-21 00:33:41	Name: cto_bundle Value: UCGaf19LWEhXdGJBVzdmZkNPaiUyQnZtbTZPT0NWMVdldzRjdERVZlpacGVESHNYR3RyQ3YwbkUyMWdMaGNTam1WOW9iQVNJWXdVRm1jUnpmYVRqTmhkNHBXdmNIQWJqNkdEMEt6TmVNV25IdmxEVHVFQ1F1c0psdCUyQnJqSGpTNkgySlFUZ3NvSGJESGNCWno5cEZNZkdBZ0F3MEJlS0ElMkZOYWxob3R1TXVobUVRM2NqJTJCYyUzRA
go.behindthemarkets.com/	1970-01-20 15:47:29	Name: ef_witness Value: 1
go.behindthemarkets.com/	1970-01-20 15:47:29	Name: ef_tid_c_o_110 Value: 011b699350a74f97a88064cf277ce138
go.behindthemarkets.com/	1970-01-20 15:47:29	Name: ef_tid_c_a_2 Value: 011b699350a74f97a88064cf277ce138
go.behindthemarkets.com/	1970-01-20 23:49:53	Name: __smToken Value: SL2ouPF6vk1oNwsdeE7SpaAl

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://script.anura.io/request.js?instance=2840531173&source=82&campaign=undefined&306396454347 Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.leadpages.io
click.your.basictradingtips.com
dev.visualwebsiteoptimizer.com
dynamic.criteo.com
fonts.googleapis.com
fonts.gstatic.com
go.behindthemarkets.com
gum.criteo.com
js.center.io
lh3.googleusercontent.com
load.sumo.com
mug.criteo.com
region1.analytics.google.com
script.anura.io
static.leadpages.net
stats.g.doubleclick.net
sumo.com
tracking.basictradingtips.com
www.behindthemarkets-btm.com
www.clkmg.com
www.google-analytics.com
www.google.com
www.google.de
www.googleoptimize.com
www.googletagmanager.com
128.245.210.158
13.40.91.234
178.250.1.11
2001:4860:4802:32::15
2001:4860:4802:34::36
2400:52e0:1e00::1082:1
2a00:1450:4001:800::2003
2a00:1450:4001:802::200e
2a00:1450:4001:80e::200a
2a00:1450:4001:810::2008
2a00:1450:4001:811::2001
2a00:1450:4001:828::2003
2a00:1450:4001:82a::2004
2a00:1450:4001:82a::200e
2a00:1450:400c:c03::9d
2a02:2638:3::c
2a02:2638:3::e
2a06:98c1:3120::3
2a06:98c1:3121::3
34.107.203.240
34.220.132.2
34.96.102.137
35.192.151.63
35.202.21.90
50.97.244.203
02de1a932816d80b54e2b8094e150f1ec64a3aedc5c2c4a97925aafb9c95c5a8
02ffe72a9c712b85c4cd1dc94c6c7d230842d2870ba1ae8c43ce12212d9934fd
058f76d93a417240888fe7522aca5a1322f3ff8f86ddc950a3c347f0a1ac57da
08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121
0946cb87b7a79f481e8918c9754da72dac3364563c52f58e623ac23a170a49c3
0c8e060784765b186df12c3b49d58c1b6df180812c26cf625611d02cc62c2442
0dc05bd8e6a23d3ce410b51ba0867a6613da4fd82014e88e2ffedcc07549bb05
0efa1e4687032588dae8d6d3a00a92e504a3a14b9d1bb23c19670a47c9792110
0f9fd81a08eecb2018384c281acd08fa6add7ffee002123129ff7a546b82fa31
11a5066ce5aa1d4619f5582cffdcd559c9a1aae9de9b010984ec89d2d8b4762f
12bb6250f9afe86162b02c690ee29b53261cdf7c0b324bbb58939816c36bd658
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7
1dd8c38f74756eeebe8302aa2f207760abe5b57133e7958931e78e4b2870181f
214df72d9a3910941fda905199bc8069c6b298ce2b577c71c149773e9c64030f
21c96acbb335694cd65c8a0056e4e659dff4c337491c87dc877f54abc44fe625
21ef52e0c141c5fbc0135c601113edde2e1d9fea1d454b0da3cb66fe2d6aa432
222ca1136e5e61ccc02e85c7dd9a0e6b9af1f45ae80611d80190cce01f631adb
2f007b53b0173b103df54f19e21bb1a020949e359a6c2493303c57c433285f71
3078dc5c92da59ad852e68567e1defb5bd847f40ad5115c67b46c7c1b0e62903
31b790b6aa4636b48813be238cfbd46163c06298333db50e03373fcd5d41e6ad
31d9d4d853d7426533bea329d61e28677b7ffa078ae280290de50ad646ae6eba
3584c4b319d00a900259c554d8076927e2aaf3b60a6d41973ead57138070d706
36aecd4542cf4c62f3d0b0517e0e560aabd649e4efcfce254a95c5adeb388a5c
38c1d645f08cafe1e0c34cc16c9c9e95433775aca4e8b016fe23dc1913b40854
3e426e330d152fce1b2e4a53ff4062cfe1531acca6f02c9b5329009d496aad05
3f1679187a03b9a16c963fc7b3919865a451739ac0d600d3101dbdbad7a7ba43
3f351eef4b0a3ccd70ff9d4239851252a0a6eba79471e530f9deec0b3421d132
43a079fd739dffa727de659b5bbf44596031aa7542c8a8afbc54a243aab96b47
4b6753aef2f81a4813434523b259d9d19f368ae41cd40162bf0897bc4e334cb9
4c2a0a41bdbc55f5d0f74f367110639cb7fe35122a7a140846d1395d21609a6d
5190abfe9f241dd6c5afbd313cecfe3bc1c2d3e5e0a6815c28c4b9942de6237e
535f84cffe4a18de721d24bd0f6a46f059068d48daf2327d143e0397431cbb14
5379bdb51c419cac65ac0326410238e7fb43841eeaebc0503031d6217c5c25bb
54b82ef8b3bcead7fc98d3d6a8ecbf09c416b5f6613a3e31eecf8c61062abdfc
5dc9d61931a73fa03b59af510868b7e89e4523df5a53935212ca8a9b31af0b8d
653e57dace87f1578d47a3162639ab8754abddab7c8e37ed6420dd04fbd8ad2e
6619d254cf163d96cbb153086dc483c5d89b7430cb41e960b171591b69226e76
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
6eaa8b385dcc8de612c1f5089cd083f4911f76c715a8fb32c6dac32bc5868af7
6eb79f030eca6548e428f1470c03d57c35fc82fd9b4ed915894f74bb8a4d1e19
7175f0fd288f011560ca785808341d055393c4d63055afa2d37627a8e76be19c
71b3e9761dec1834f8152f030e564ed3ccee88e6f133764557faadbebf869c2d
73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759
75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86
7631fdde759575aded86b3d1ce65b7884706a678566834f6cb43c40d8f1e2c85
7ac8c0c398a8c50881f8df96030a9ed8442b654cb9d2e1a1877aebedd02023af
7caa39736388b58116f1d7318edb260aec86c94473cd8ad2ddcbb75c7e2b0f27
7d6465ff40cc8a253079809cfb86bda088de84e90677e0d0636ec6ffe065776f
7d7b2eec122d8945398dde8bcbe491986698b328f086f6c1c83873d89b18a18e
7da5cd5386454360f748cc2136fd37c038da4220770ed104f9630c06a0eab806
7db7a83e9efe934ad73ed22b476fdb78d1a9ff1e3a98cb5c15284f9417735b7a
7fe0592011de0cc4c282a8523987e70c3209207703d39aa36d346e41db0c07ff
8117b595dbdc02ecef5f4341b481db3a46bbab0f8a86e79eb0b14578ea42a446
8144d33c5610d6e5a06a27cfec7163258f02d413b0befd187e399740b490a194
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
843664caa06661a4c789fe642770690b9a6cec4ecfed6835a631632dcb98aa67
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
88804d6ebe9dae5ad41f997452c2edb43e0b07cdc7dab0a38cb8f62250ca692e
8d6f4e6b5613a9fa91abfe6587aa69327458bcfd17b484f254a7d0607808ceaa
8e29f3e687fdc2aa47a5183200740ffc894cf469d1d0a5db7317392ab003c6ef
8e8c63e762d334605b396e4bfacb8723fdfac07a2c77dfe9c57195658605dc00
8f0fce3b8484fdbe709f868220470a9e3ed95ad77675da2b144513c8eb8fdd3a
91b27074116ac669b41c4650c11951613a2dc7d2a5336e93dd07ec38ad7ad03a
959de357cd3053fe443f9f9678b25471a90effbcf4a150c2bf032249b68b755a
967ff48c41053bf7c36f819b71ee6b509bd9971857397d74b41c75acc5bd27ae
9754b5f6ea5fe6139593a9d71354a602bd16baf749706d5ffc3882786fbb78a3
9aa886d29e25ff3fba24e39430aca63256d22e9c98339293f88607c1aec49982
a39f6b6d8f73c27f9da666c425f6ba369004dc25e3cc8adef547612635e5e244
a5512781731b5b307ecf7b7a315d2e86150d976cdafd90452832a6fb28e4b7c6
a66f203307e28e536d6aab551e7fb8d70414da2a0374c98aed0b0725f413199e
aba0f08dc1fa858dbd70d733fac29f07cd07816732bf498c9dda14d5d79dc93f
acf88b2da54aa12fbf7c5e89be9a84524811896fe2a46005a30dfa1b32789fb1
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af07850bc2d128062164504811197c21b60ed42f88b326dd858394951b14dd02
b06a5d272de6f4e0ba3f8db8338da394f8716987f7a7e764a22b6e903c0f94cf
b6da3cdb7cff4fa6ba59c573533db05bdf868830aeea5fdb400135b7b23ed597
bc8d607824ba046ae56778998afe2e69219247957cc26951de824b138d011535
c02a537eec620de29094096c1517db5cd507af931d7d61ede3576ac4309c4946
c26b66c28c54246fdf031482b1e0d7b076c37cf422e2d7b2969be733720f03d5
c418f2192d7c27930706fe001f6d8225452e5bd9a11e4653d3b507161237359f
c5265b2a343e05fcaf0cd05b0dd03975c4d83e4168eafea7236a99ee46caf79e
c60b93effcbac344d2c30270e0d97323af0f64f43f3ac4d8abd486a875477169
c9c1caceee24c82513919d61734ad3ccb66800fa0a92f71da617c49b8a872fb1
cab0187e0daa40dcafa6ad301c50f0a2d35dd20299575b1e07ce89e00e585dbe
cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42
d15036f4cafc9c5dc6eb94a34049e33fb834a2eb517401a9b858bf70a00c8e42
d52e74993b01e71c21eed2e671da57af3ad21e41628efc373a07c99aec01591a
dd9c85c873b9b644468988e8165e079b0e747a550ce13fa3f7d0c1839b0fd503
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
df3f46edd3dc78e34e7b8df01b494936e06e68f1566df5666d3a9e502b040b27
dff5c7a61358f77654f6f3c48ba16e33a4315bb57389075f380c408b250c73b0
e2041219de8b785776118b7514cddfba1981a0b065c9f8ec9e6ee947f97a967b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516
e7c90c5bca22ce8622ad805b5dee3e93e40736e0b1bb2bb119560e7d4b52cca0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f10ec21a492c33b4c6c6a6dac52a189d96560ce7b76595be7ab1f2890c2b41a9
f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f
f54a8022d466a7d8067a7b9fa35254667bf3a5fd4dad4807b54581da7a3e3b0f
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f80c4e842cf1cddf979cbf4cf904269dfd5e41ddcf1ef1da83a1bb848f835ec0
fc821140cd9212a8d5883ddb981ab2bb5b521c69886e549a0de6d4b9a790e292
fdf58592570bd7a179f45ab4a8609b0646df59456d87bad60a362f0bfd9c2683
fe39eced72c33ae4c1b3bdd9843bc853265b9909040d41555faa02f62cb29ef2

go.behindthemarkets.com Open in urlscan Pro 35.202.21.90 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

117 Requests

99 %HTTPS

64 %IPv6

20 Domains

25 Subdomains

22 IPs

6 Countries

2065 kBTransfer

5443 kBSize

17 Cookies

0 Outgoing links

Page URL History

Redirected requests

117 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

go.behindthemarkets.com Open in urlscan Pro
35.202.21.90 Public Scan

Screenshot
Live screenshot

Full Image

117
Requests

99 %
HTTPS

64 %
IPv6

20
Domains

25
Subdomains

22
IPs

6
Countries

2065 kB
Transfer

5443 kB
Size

17
Cookies

117 HTTP transactions
0 data transactions