go.behindthemarkets.com Open in urlscan Pro
35.202.21.90 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://click.first.brilliantachievement.com/?qs=812d377669f2875d6ba82fca81d71fd4dcd769043c69fb8917db5179cbe192b8c6f2c87d121b118e107b643dbe6e...
Effective URL:
https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=a555be933dad4f5fb9859df16343d70c&utm_source=82&utm_campaign=&...
Submission: On September 28 via manual (September 28th 2023, 7:08:05 pm UTC) from US — Scanned from DE

Summary HTTP 118 Redirects Behaviour Indicators

Summary

This website contacted 22 IPs in 5 countries across 20 domains to perform 118 HTTP transactions. The main IP is 35.202.21.90, located in Council Bluffs, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is go.behindthemarkets.com.
TLS certificate: Issued by R3 on September 27th 2023. Valid for: 3 months.

This is the only time go.behindthemarkets.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	128.245.210.46 128.245.210.46	14340 (SALESFORCE) (SALESFORCE)
2 4	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	50.97.212.250 50.97.212.250	36351 (SOFTLAYER) (SOFTLAYER)
1	35.202.21.90 35.202.21.90	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.107.203.240 34.107.203.240	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
59	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:38::15	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
2	34.96.102.137 34.96.102.137	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
7	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:3::e 2a02:2638:3::e	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
14	2400:52e0:1e0... 2400:52e0:1e00::1081:1	200325 (BUNNYCDN) (BUNNYCDN)
1	13.43.151.221 13.43.151.221	16509 (AMAZON-02) (AMAZON-02)
3	35.192.151.63 35.192.151.63	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1 2	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.1.11 178.250.1.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:800::2004	15169 (GOOGLE) (GOOGLE)
5	35.86.95.232 35.86.95.232	16509 (AMAZON-02) (AMAZON-02)
118	22

1 128.245.210.46 (United States) 1 redirects

ASN14340 (SALESFORCE, US)
PTR: ajo46.mta.exacttarget.com

click.first.brilliantachievement.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a06:98c1:3120::3 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

tracking.brilliantachievement.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.behindthemarkets-btm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.97.212.250 (San Jose, United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: fa.d4.6132.ip4.static.sl-reverse.com

www.clkmg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.202.21.90 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 90.21.202.35.bc.googleusercontent.com

go.behindthemarkets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.203.240 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 240.203.107.34.bc.googleusercontent.com

static.leadpages.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

59 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:38::15 (United States)

ASN15169 (GOOGLE, US)

js.center.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::e (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dynamic.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2400:52e0:1e00::1081:1 (Germany)

ASN200325 (BUNNYCDN, SI)

load.sumo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.43.151.221 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-43-151-221.eu-west-2.compute.amazonaws.com

script.anura.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.192.151.63 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 63.151.192.35.bc.googleusercontent.com

api.leadpages.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:3::c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.86.95.232 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-86-95-232.us-west-2.compute.amazonaws.com

sumo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
59	googleusercontent.com lh3.googleusercontent.com — Cisco Umbrella Rank: 120	937 KB
19	sumo.com load.sumo.com — Cisco Umbrella Rank: 25100 sumo.com — Cisco Umbrella Rank: 22058	449 KB
7	gstatic.com fonts.gstatic.com	183 KB
4	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2225 www.google.com — Cisco Umbrella Rank: 11	775 B
4	criteo.com 1 redirects dynamic.criteo.com — Cisco Umbrella Rank: 4012 gum.criteo.com — Cisco Umbrella Rank: 640 mug.criteo.com — Cisco Umbrella Rank: 1822	27 KB
3	google.de www.google.de — Cisco Umbrella Rank: 3974	622 B
3	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 175	455 B
3	leadpages.io api.leadpages.io — Cisco Umbrella Rank: 51559	1 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 111	276 KB
3	behindthemarkets-btm.com 1 redirects www.behindthemarkets-btm.com	21 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 96	21 KB
2	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 5551	2 KB
2	center.io js.center.io — Cisco Umbrella Rank: 57466	8 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 113	3 KB
2	brilliantachievement.com 2 redirects click.first.brilliantachievement.com tracking.brilliantachievement.com	1 KB
1	anura.io script.anura.io — Cisco Umbrella Rank: 56830
1	googleoptimize.com www.googleoptimize.com — Cisco Umbrella Rank: 1780	50 KB
1	leadpages.net static.leadpages.net — Cisco Umbrella Rank: 55573	15 KB
1	behindthemarkets.com go.behindthemarkets.com	73 KB
1	clkmg.com 1 redirects www.clkmg.com — Cisco Umbrella Rank: 244552	1002 B
118	20

	Domain	Requested by
59	lh3.googleusercontent.com	go.behindthemarkets.com
14	load.sumo.com	go.behindthemarkets.com load.sumo.com
7	fonts.gstatic.com	fonts.googleapis.com
5	sumo.com	load.sumo.com
3	www.google.de	go.behindthemarkets.com
3	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
3	region1.analytics.google.com	www.googletagmanager.com
3	api.leadpages.io	js.center.io
3	www.googletagmanager.com	go.behindthemarkets.com www.googletagmanager.com
3	www.behindthemarkets-btm.com	1 redirects www.googletagmanager.com www.behindthemarkets-btm.com
2	gum.criteo.com	1 redirects dynamic.criteo.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	dev.visualwebsiteoptimizer.com	go.behindthemarkets.com
2	js.center.io	go.behindthemarkets.com js.center.io
2	fonts.googleapis.com	go.behindthemarkets.com client
1	www.google.com	go.behindthemarkets.com
1	mug.criteo.com	go.behindthemarkets.com
1	script.anura.io	go.behindthemarkets.com
1	dynamic.criteo.com	www.googletagmanager.com
1	www.googleoptimize.com	www.googletagmanager.com
1	static.leadpages.net	go.behindthemarkets.com
1	go.behindthemarkets.com
1	www.clkmg.com	1 redirects
1	tracking.brilliantachievement.com	1 redirects
1	click.first.brilliantachievement.com	1 redirects
118	25

This site contains no links.

Subject Issuer	Validity	Valid
go.behindthemarkets.com R3	`2023-09-27` - `2023-12-26`	3 months	crt.sh
static.leadpages.net GTS CA 1D4	`2023-08-19` - `2023-11-17`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
js.center.io GTS CA 1D4	`2023-09-12` - `2023-12-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2023-07-06` - `2024-07-06`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2023-12-23`	3 months	crt.sh
behindthemarkets-btm.com E1	`2023-09-02` - `2023-12-01`	3 months	crt.sh
*.sumo.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-16` - `2024-02-16`	a year	crt.sh
script.anura.io Amazon RSA 2048 M01	`2023-06-12` - `2024-07-10`	a year	crt.sh
*.leadpages.io Go Daddy Secure Certificate Authority - G2	`2022-10-27` - `2023-10-22`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=a555be933dad4f5fb9859df16343d70c&utm_source=82&utm_campaign=&utm_medium=&id=mike%40mikeglauser.com&iocid=&aff=82&creative_id=&oid=110&message_id=&link_id=
Frame ID: 3EFA47A7BB8A58FDBA471E69CF713C32
Requests: 113 HTTP requests in this frame

Frame: https://js.center.io/identify.html
Frame ID: 951B1CB9ED83959E17B9B4B798F07D54
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=go.behindthemarkets.com&origin=onetag
Frame ID: 2CF4933E6D34207733C17CB65BEE43A9
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BTM UFO Weapon

Page URL History Show full URLs

https://click.first.brilliantachievement.com/?qs=812d377669f2875d6ba82fca81d71fd4dcd769043c69fb8917db5179cbe192b8c6f2c87d... HTTP 302
https://tracking.brilliantachievement.com/RA0548/mike@mikeglauser.com/103BA/B/BTUW1 HTTP 302
https://www.clkmg.com/RomanAnal/RA0548/mike@mikeglauser.com/103BA/B/BTUW1 HTTP 302
https://www.behindthemarkets-btm.com/4P7M9M/6FQ5XR/?sub1=mike@mikeglauser.com&sub2=103BA&sub3=B&sub4=BTUW1&sub5= HTTP 302
https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=a555be933dad4f5fb9859df16343d70c&utm_sour... Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Optimize (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

googleoptimize\.com/optimize\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

118
Requests

99 %
HTTPS

63 %
IPv6

20
Domains

25
Subdomains

22
IPs

5
Countries

2065 kB
Transfer

5444 kB
Size

17
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://click.first.brilliantachievement.com/?qs=812d377669f2875d6ba82fca81d71fd4dcd769043c69fb8917db5179cbe192b8c6f2c87d121b118e107b643dbe6ee13f HTTP 302
https://tracking.brilliantachievement.com/RA0548/mike@mikeglauser.com/103BA/B/BTUW1 HTTP 302
https://www.clkmg.com/RomanAnal/RA0548/mike@mikeglauser.com/103BA/B/BTUW1 HTTP 302
https://www.behindthemarkets-btm.com/4P7M9M/6FQ5XR/?sub1=mike@mikeglauser.com&sub2=103BA&sub3=B&sub4=BTUW1&sub5= HTTP 302
https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=a555be933dad4f5fb9859df16343d70c&utm_source=82&utm_campaign=&utm_medium=&id=mike%40mikeglauser.com&iocid=&aff=82&creative_id=&oid=110&message_id=&link_id= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 91

https://gum.criteo.com/sid/json?origin=onetag&domain=behindthemarkets.com&sn=ChromeSyncframe&so=0&topUrl=go.behindthemarkets.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=5M5l3Hx5bUVOOE5jN04xUGRBeEluemlUbUh4RHo1bUtEazZETW0xU1NMcytMdGFlU3Q1M21Cbk9JUGJ3OEdJZmEvK0hVdVo0QVI3Ukx5eEJkeGZObEU1WVVoSlRuOVcrc3ArWEJpY2hBZ2NUdGhhUHh3QVpVL2cvbXo2UkRNR054ZDhIcHZyVHVkbHZZL3EydGJQcVY4M1lsYlZLNXZ2c0lDNitFelhwVTl0OXR3SVlHTTdQK2wzSy9mSTB2SHNDTVF4OUtpd3VCaGkzL00wcDZIM05naHRXVDdRUzhkOVhXMEpqbVVtZVNkb2ptcEVvOWtKc00yU3JRSTVGTi9CM2l3ZUkySmw2TThYUWhKd1QrNDFLdmN1THBiSnhMUXpCcHpFMHVPN2FHanlGdnZETT18&cppv=2

118 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
go.behindthemarkets.com/btm-ufo-weapon/
Redirect Chain

https://click.first.brilliantachievement.com/?qs=812d377669f2875d6ba82fca81d71fd4dcd769043c69fb8917db5179cbe192b8c6f2c87d121b118e107b643dbe6ee13f
https://tracking.brilliantachievement.com/RA0548/mike@mikeglauser.com/103BA/B/BTUW1
https://www.clkmg.com/RomanAnal/RA0548/mike@mikeglauser.com/103BA/B/BTUW1
https://www.behindthemarkets-btm.com/4P7M9M/6FQ5XR/?sub1=mike@mikeglauser.com&sub2=103BA&sub3=B&sub4=BTUW1&sub5=
https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=a555be933dad4f5fb9859df16343d70c&utm_source=82&utm_campaign=&utm_medium=&id=mike%40mikeglauser.com&iocid=&aff=82&creative_id=&oid=...

637 KB
73 KB

561ms
254ms

Document
text/html

35.202.21.90
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=a555be933dad4f5fb9859df16343d70c&utm_source=82&utm_campaign=&utm_medium=&id=mike%40mikeglauser.com&iocid=&aff=82&creative_id=&oid=110&message_id=&link_id=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.202.21.90 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

90.21.202.35.bc.googleusercontent.com

Software

Leadpages /

Resource Hash

d52e74993b01e71c21eed2e671da57af3ad21e41628efc373a07c99aec01591a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-encoding: br
content-type: text/html
date: Thu, 28 Sep 2023 19:07:59 GMT
etag: W/"c9832b3f9133e44d3d4752773b11be77"
last-modified: Thu, 21 Sep 2023 17:12:50 GMT
server: Leadpages
strict-transport-security: max-age=15768000
vary: Accept-Encoding
x-cache: MISS, HIT

Redirect headers

accept-ch: Sec-Ch-Ua-Platform-Version
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 80de45be49085c8c-FRA
content-type: text/html; charset=utf-8
date: Thu, 28 Sep 2023 19:07:59 GMT
location: https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=a555be933dad4f5fb9859df16343d70c&utm_source=82&utm_campaign=&utm_medium=&id=mike%40mikeglauser.com&iocid=&aff=82&creative_id=&oid=110&message_id=&link_id=
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dHsxVBVqZOunWcGWDb6FllRox9iiCLObS6u35SQmSfYnDE3k%2Bnz7qoadHCmW3xf66qxbLvaZdfYY7LkuY9g8me5CyC8cv3Q9DcgbcreyiPMOdupfbdV%2BkJv6htTcclSX9unBxdGiconSYNcPF7gxbCGZ8Ws1Pr9nrvgX"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
via: 1.1 google
x-eflow-request-id: 2d2c4491-b0b3-4303-8567-820228dcb3c6

GET
H2 200 all.min.css
static.leadpages.net/fonts/font-awesome/5.14.0/css/ 58 KB
15 KB 76ms
14ms Stylesheet
text/css 34.107.203.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=a555be933dad4f5fb9859df16343d70c&utm_source=82&utm_campaign=&utm_medium=&id=mike%40mikeglauser.com&iocid=&aff=82&creative_id=&oid=110&message_id=&link_id=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.203.240 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.203.107.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Sun, 24 Sep 2023 19:32:43 GMT
content-encoding: gzip
via: 1.1 google
server: Google Frontend
age: 344116
etag: "nBpTOw"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-cloud-trace-context: cdb7fab0c778bd349084f8df902b1cac
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14628
expires: Mon, 23 Sep 2024 19:32:43 GMT

GET
H2 200 css
fonts.googleapis.com/ 27 KB
2 KB 41ms
19ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Fjalla+One:300,400,500,700|Roboto:300,400,500,700|Roboto+Condensed:300,400,500,700|Playfair+Display:300,400,500,700|Exo+2:300,400,500,700

Requested by

Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=a555be933dad4f5fb9859df16343d70c&utm_source=82&utm_campaign=&utm_medium=&id=mike%40mikeglauser.com&iocid=&aff=82&creative_id=&oid=110&message_id=&link_id=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

222ca1136e5e61ccc02e85c7dd9a0e6b9af1f45ae80611d80190cce01f631adb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 28 Sep 2023 19:07:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 28 Sep 2023 19:07:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 28 Sep 2023 19:07:59 GMT

GET
H2 200 OvyrhcdzI4Mc85VMrRPAvIoGGWC6i_qgVGuUzUP8-wnCrcmPolAE_UwDiT1Twd2PqTlWmCxXsTHLA7b_3OaJ2dXFVxDUhOEAXQ=s0
lh3.googleusercontent.com/ 42 KB
42 KB 88ms
24ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/OvyrhcdzI4Mc85VMrRPAvIoGGWC6i_qgVGuUzUP8-wnCrcmPolAE_UwDiT1Twd2PqTlWmCxXsTHLA7b_3OaJ2dXFVxDUhOEAXQ=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

5379bdb51c419cac65ac0326410238e7fb43841eeaebc0503031d6217c5c25bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42946
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 wRCLDsfkIMmtWIP3l7eNMfWQFoU1CVBaoN4qNhQvjLxv1AYeZIad-WiKxstWIvoz7CNPRVxP-I4oXMl9nl-lrDpZi2pjH_XxYPnJ=w16
lh3.googleusercontent.com/ 528 B
824 B 48ms
19ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/wRCLDsfkIMmtWIP3l7eNMfWQFoU1CVBaoN4qNhQvjLxv1AYeZIad-WiKxstWIvoz7CNPRVxP-I4oXMl9nl-lrDpZi2pjH_XxYPnJ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

21ef52e0c141c5fbc0135c601113edde2e1d9fea1d454b0da3cb66fe2d6aa432

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 528
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 dpJ2gI5ZlfZ0UhHvlyr-UuQAzVSdgPwPMOvQidsBNvpHnw1UYSPtBl1rHbdb8O_ewQGqtXEHYfyIS1RzosrxgZbATGT3pixRLgM=s0
lh3.googleusercontent.com/ 29 KB
29 KB 56ms
31ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/dpJ2gI5ZlfZ0UhHvlyr-UuQAzVSdgPwPMOvQidsBNvpHnw1UYSPtBl1rHbdb8O_ewQGqtXEHYfyIS1RzosrxgZbATGT3pixRLgM=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

bc8d607824ba046ae56778998afe2e69219247957cc26951de824b138d011535

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29865
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 ajhTN-3YGhqmLg51AWwIRBHtnkdHslCZU8ESZX-Ri9ZtLNfbMVHmhJhdRqB4HlDyRsWxOoJAdHItysYrt9ti8HxbPHFRURsGWEA=s0
lh3.googleusercontent.com/ 32 KB
32 KB 63ms
38ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ajhTN-3YGhqmLg51AWwIRBHtnkdHslCZU8ESZX-Ri9ZtLNfbMVHmhJhdRqB4HlDyRsWxOoJAdHItysYrt9ti8HxbPHFRURsGWEA=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8117b595dbdc02ecef5f4341b481db3a46bbab0f8a86e79eb0b14578ea42a446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32291
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 SvT2JBmkRPEmyb5VuOl2U4HvS6g65aaz95BotwzhIqdtbzODvVgToTljNQTMm5-iT5gwgG90m46nTDzRbFedq7MF0DndwOPX7M8=s0
lh3.googleusercontent.com/ 33 KB
33 KB 59ms
35ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/SvT2JBmkRPEmyb5VuOl2U4HvS6g65aaz95BotwzhIqdtbzODvVgToTljNQTMm5-iT5gwgG90m46nTDzRbFedq7MF0DndwOPX7M8=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6eb79f030eca6548e428f1470c03d57c35fc82fd9b4ed915894f74bb8a4d1e19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34101
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 ABBojT1Nd5u_lCZNCn0JwUxW4s2Z-anLz_ApbgNC7XLMQIiXPm3_97_AJ2-OvC2STmqktqiJ5kSM1QpGOmC4boFPxT4wVrIbYz1y=w16
lh3.googleusercontent.com/ 452 B
515 B 45ms
20ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ABBojT1Nd5u_lCZNCn0JwUxW4s2Z-anLz_ApbgNC7XLMQIiXPm3_97_AJ2-OvC2STmqktqiJ5kSM1QpGOmC4boFPxT4wVrIbYz1y=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c02a537eec620de29094096c1517db5cd507af931d7d61ede3576ac4309c4946

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 452
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 CVMprulCSi7td0ZtwanQhhsrwi78yNQAny8ZLOydL5MX_6ZcJfcCmP0E4R9Wcy_-7N5sBywmazglmpxnEw6-rQYiLBxM1jQTga0=w16
lh3.googleusercontent.com/ 486 B
549 B 37ms
27ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/CVMprulCSi7td0ZtwanQhhsrwi78yNQAny8ZLOydL5MX_6ZcJfcCmP0E4R9Wcy_-7N5sBywmazglmpxnEw6-rQYiLBxM1jQTga0=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7d6465ff40cc8a253079809cfb86bda088de84e90677e0d0636ec6ffe065776f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 486
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 _M6FFmDmsF8L0M74UKdQ8Q8NhWcgq2yFcqxc0_4uc2R5r76ONJwfB_TzFywiY6AAG4Pa6Vi_ao-GQhkBVz-gB0vvHYKKatm25Rac=w16
lh3.googleusercontent.com/ 585 B
648 B 39ms
29ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/_M6FFmDmsF8L0M74UKdQ8Q8NhWcgq2yFcqxc0_4uc2R5r76ONJwfB_TzFywiY6AAG4Pa6Vi_ao-GQhkBVz-gB0vvHYKKatm25Rac=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7631fdde759575aded86b3d1ce65b7884706a678566834f6cb43c40d8f1e2c85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 585
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 TCW4RtnYS69HfgXvks8mLRxdCEmCNvqqzeu8aFjfwma7YemCn13jYaLCJgNbGWBR_YfnAMu08ttsm-IgAfuwmw7_BQwZo32CmMrt=s0
lh3.googleusercontent.com/ 30 KB
30 KB 47ms
37ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/TCW4RtnYS69HfgXvks8mLRxdCEmCNvqqzeu8aFjfwma7YemCn13jYaLCJgNbGWBR_YfnAMu08ttsm-IgAfuwmw7_BQwZo32CmMrt=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a5512781731b5b307ecf7b7a315d2e86150d976cdafd90452832a6fb28e4b7c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30807
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 H6t8ivg6l_8mCZMCBZsAyZ4N4Ozjg6ci7RY7jS91zkw9ETWd2HbCrYwpt69j8Nzx1ZalexUrQ8fYO6l1PVfnzrmDkxHAnT7XYRY=w16
lh3.googleusercontent.com/ 32 KB
32 KB 41ms
31ms Image
image/gif 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/H6t8ivg6l_8mCZMCBZsAyZ4N4Ozjg6ci7RY7jS91zkw9ETWd2HbCrYwpt69j8Nzx1ZalexUrQ8fYO6l1PVfnzrmDkxHAnT7XYRY=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

38c1d645f08cafe1e0c34cc16c9c9e95433775aca4e8b016fe23dc1913b40854

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.gif"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32704
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 KW7DqpaNI-KWZXsC3PytJUXmxLrtnbNo6bLKtTTWdUvJHS5e_Cxdcdj6zbB3pIc59ZZeyTg8lNUunXCdWlTSz3PL_mmHCHcNKw=s0
lh3.googleusercontent.com/ 37 KB
37 KB 44ms
34ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/KW7DqpaNI-KWZXsC3PytJUXmxLrtnbNo6bLKtTTWdUvJHS5e_Cxdcdj6zbB3pIc59ZZeyTg8lNUunXCdWlTSz3PL_mmHCHcNKw=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

12bb6250f9afe86162b02c690ee29b53261cdf7c0b324bbb58939816c36bd658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38151
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 3h3xQqxh45xpHWNXWClXwqdYOrdv4ftoDW-b7eSW-tT-uBVLKhsD1r9hQd2u-Ixcio5pudsaRKcvZowt9ltrK98meIXpn9H_rJM=w16
lh3.googleusercontent.com/ 357 B
420 B 43ms
33ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/3h3xQqxh45xpHWNXWClXwqdYOrdv4ftoDW-b7eSW-tT-uBVLKhsD1r9hQd2u-Ixcio5pudsaRKcvZowt9ltrK98meIXpn9H_rJM=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8e29f3e687fdc2aa47a5183200740ffc894cf469d1d0a5db7317392ab003c6ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 357
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 wiqgLWSDmGh6MRI--zDDK9vXSnZXdq46H6z4AgVpZEnTi33PhknXDIVmi25lGgpOb_X13vPkIshwDvFQ3S3Vw9l5p5yfwm6B9Hc=w16
lh3.googleusercontent.com/ 777 B
840 B 43ms
33ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/wiqgLWSDmGh6MRI--zDDK9vXSnZXdq46H6z4AgVpZEnTi33PhknXDIVmi25lGgpOb_X13vPkIshwDvFQ3S3Vw9l5p5yfwm6B9Hc=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3584c4b319d00a900259c554d8076927e2aaf3b60a6d41973ead57138070d706

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 777
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 To4oSf2cBoWEYk0XhtN0hPWGbJLu7IG6A8wepdCYxGYa8hgbFdV0vpLa3J12Bjm7dAeQEMVYLR3TuNeQypSdGI9lNCMjPxLfyCU=w16
lh3.googleusercontent.com/ 326 B
389 B 44ms
33ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/To4oSf2cBoWEYk0XhtN0hPWGbJLu7IG6A8wepdCYxGYa8hgbFdV0vpLa3J12Bjm7dAeQEMVYLR3TuNeQypSdGI9lNCMjPxLfyCU=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

843664caa06661a4c789fe642770690b9a6cec4ecfed6835a631632dcb98aa67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 326
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 ZuXjjC76PUiFkmhSAtOXENiGw4vgsuQ9izAlMU1L_pkV2ewHWDOa7BA2Bsc0R-n8pVrMtz2MoYdnKscJSc-wLA6my-GWisy4RKwW=w16
lh3.googleusercontent.com/ 343 B
406 B 48ms
38ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ZuXjjC76PUiFkmhSAtOXENiGw4vgsuQ9izAlMU1L_pkV2ewHWDOa7BA2Bsc0R-n8pVrMtz2MoYdnKscJSc-wLA6my-GWisy4RKwW=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

88804d6ebe9dae5ad41f997452c2edb43e0b07cdc7dab0a38cb8f62250ca692e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 343
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 OAlRGjccArdVTSlObYizvoVhAb_uZqDO_esSTFtxAmfbPjchMTA015Q9hzrcJthQus0T8ETnRzsDRZkoClDxz-8nF-_9QLZsTXM=w16
lh3.googleusercontent.com/ 320 B
382 B 49ms
38ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/OAlRGjccArdVTSlObYizvoVhAb_uZqDO_esSTFtxAmfbPjchMTA015Q9hzrcJthQus0T8ETnRzsDRZkoClDxz-8nF-_9QLZsTXM=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8144d33c5610d6e5a06a27cfec7163258f02d413b0befd187e399740b490a194

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 320
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 byURWe3nCJFW1ZeLeMS3pkLLQicrPPIEAjfYuk9Qw5KpIsGFJ1cuW6UqdU7ymztTFXvS3F55JEPi4XXqsAuc4Ttxq2-siyWC7mQ=w16
lh3.googleusercontent.com/ 318 B
381 B 51ms
40ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/byURWe3nCJFW1ZeLeMS3pkLLQicrPPIEAjfYuk9Qw5KpIsGFJ1cuW6UqdU7ymztTFXvS3F55JEPi4XXqsAuc4Ttxq2-siyWC7mQ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

0dc05bd8e6a23d3ce410b51ba0867a6613da4fd82014e88e2ffedcc07549bb05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 318
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 AQnxmIYnSr6z7Q1bA0-lXny19TrrFusc7eEAY_6j381h-1HTBKF72jfexw_rcQtlikJpyi5lBdscyeQ1GaAv3j-qy7IO5mi7UDkz=w16
lh3.googleusercontent.com/ 626 B
689 B 49ms
39ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/AQnxmIYnSr6z7Q1bA0-lXny19TrrFusc7eEAY_6j381h-1HTBKF72jfexw_rcQtlikJpyi5lBdscyeQ1GaAv3j-qy7IO5mi7UDkz=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8e8c63e762d334605b396e4bfacb8723fdfac07a2c77dfe9c57195658605dc00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 626
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 O_gVPVfqKt22o9ZRAfvtcr3TbOagF-f27DfAT4zacAEhSWepeV2OwHA0dLL99E3ujBN0Q9avqyn9X1BV1DgjMrO1CP1fRGqmQyM=w16
lh3.googleusercontent.com/ 771 B
834 B 46ms
36ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/O_gVPVfqKt22o9ZRAfvtcr3TbOagF-f27DfAT4zacAEhSWepeV2OwHA0dLL99E3ujBN0Q9avqyn9X1BV1DgjMrO1CP1fRGqmQyM=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2f007b53b0173b103df54f19e21bb1a020949e359a6c2493303c57c433285f71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 771
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 -FSVox_cdZtEOQdHPklDShgOnOEQieb4DYOFxJPQb9FT8WBYxOcC9qlCbguF6JYazBkL4aeUtWqHX3-XDcMzW4wbNHpqt8mb7tsQ=w16
lh3.googleusercontent.com/ 304 B
367 B 49ms
43ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/-FSVox_cdZtEOQdHPklDShgOnOEQieb4DYOFxJPQb9FT8WBYxOcC9qlCbguF6JYazBkL4aeUtWqHX3-XDcMzW4wbNHpqt8mb7tsQ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

653e57dace87f1578d47a3162639ab8754abddab7c8e37ed6420dd04fbd8ad2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 304
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 99Xxq-BxRy57nzWi9njtXvfStJLBukXgTJdjZKA-iUQSAcVn_RykSX9j1Xh5rAFfyVxew-8SHGlD4HzAP4IIUFNFbn4_i7ObiQ=w16
lh3.googleusercontent.com/ 298 B
361 B 48ms
42ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/99Xxq-BxRy57nzWi9njtXvfStJLBukXgTJdjZKA-iUQSAcVn_RykSX9j1Xh5rAFfyVxew-8SHGlD4HzAP4IIUFNFbn4_i7ObiQ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8d6f4e6b5613a9fa91abfe6587aa69327458bcfd17b484f254a7d0607808ceaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 298
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 uWPl7NSdKJhupbSWb4ZVelB3XItZGNTvztTDr5FaVrCcEISNPs1ZJd2maq5N4KWE6SSyQe2ytxOvlST70MQBghbn0T4YEcK4YA=w16
lh3.googleusercontent.com/ 313 B
376 B 52ms
45ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/uWPl7NSdKJhupbSWb4ZVelB3XItZGNTvztTDr5FaVrCcEISNPs1ZJd2maq5N4KWE6SSyQe2ytxOvlST70MQBghbn0T4YEcK4YA=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

9754b5f6ea5fe6139593a9d71354a602bd16baf749706d5ffc3882786fbb78a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 T1uV4k-ivk2FMHUXIFi-IvE2B8waeyCM1pMtAorOZ4bka7BYhLCEurKdRhpCzQjS0PQYvWYJNl-49DqRU8qWkRhtVCpc1xbPAL0=w16
lh3.googleusercontent.com/ 310 B
372 B 49ms
43ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/T1uV4k-ivk2FMHUXIFi-IvE2B8waeyCM1pMtAorOZ4bka7BYhLCEurKdRhpCzQjS0PQYvWYJNl-49DqRU8qWkRhtVCpc1xbPAL0=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

02ffe72a9c712b85c4cd1dc94c6c7d230842d2870ba1ae8c43ce12212d9934fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 310
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 ZDlPeBN0ZO_49NTQ7qCCErZIho5teOhPtSYhpG812HSGbV-nkdXuFtldu4i7wLQYgT0ZMY83scjQ07yzG0ylFZwzJxj9ldO4Ztg=w16
lh3.googleusercontent.com/ 306 B
369 B 54ms
48ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ZDlPeBN0ZO_49NTQ7qCCErZIho5teOhPtSYhpG812HSGbV-nkdXuFtldu4i7wLQYgT0ZMY83scjQ07yzG0ylFZwzJxj9ldO4Ztg=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c418f2192d7c27930706fe001f6d8225452e5bd9a11e4653d3b507161237359f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 306
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 JrGKx3Kp3wtZGdB5xfcXEobgZZIX4cEKUCZQHGD0dnZOMMxD6kRo5FSHnfZ5WKotNVS4aWqi9o62VWUc-CQkRRxCYzIogj_Dok0=w16
lh3.googleusercontent.com/ 292 B
354 B 59ms
53ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/JrGKx3Kp3wtZGdB5xfcXEobgZZIX4cEKUCZQHGD0dnZOMMxD6kRo5FSHnfZ5WKotNVS4aWqi9o62VWUc-CQkRRxCYzIogj_Dok0=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e2041219de8b785776118b7514cddfba1981a0b065c9f8ec9e6ee947f97a967b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 292
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 TMavxmDkfDrT1S00y2aX7MmUA1akzXMdPV9rB0R4atRtWtdh3DnwPoiyY659e755Wm2KPaPNPAbu0b-8xhmE8tkATYgbC9NHx-k_=w16
lh3.googleusercontent.com/ 312 B
374 B 55ms
49ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/TMavxmDkfDrT1S00y2aX7MmUA1akzXMdPV9rB0R4atRtWtdh3DnwPoiyY659e755Wm2KPaPNPAbu0b-8xhmE8tkATYgbC9NHx-k_=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d15036f4cafc9c5dc6eb94a34049e33fb834a2eb517401a9b858bf70a00c8e42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 312
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 jWkkqLM03dSIUglapeNu2Ps4TSpAVFrO66BFKxYPdm8pofB-USkI4N1Fzj5RJyEHwxu1HhreGg_aQp4yVmct1_idQ0OvL1IPUA=w16
lh3.googleusercontent.com/ 294 B
357 B 53ms
47ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/jWkkqLM03dSIUglapeNu2Ps4TSpAVFrO66BFKxYPdm8pofB-USkI4N1Fzj5RJyEHwxu1HhreGg_aQp4yVmct1_idQ0OvL1IPUA=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

21c96acbb335694cd65c8a0056e4e659dff4c337491c87dc877f54abc44fe625

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 294
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 OF9yEzuOIFdrl7il-crMaV4KXyVrXDY8NXfKY0c2OjnmjAuALFYw5Y6vT4U47KGcWrE2MYEym7T5siB6_1C1T_SEWzs7W6f4vM8=s0
lh3.googleusercontent.com/ 29 KB
29 KB 56ms
50ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/OF9yEzuOIFdrl7il-crMaV4KXyVrXDY8NXfKY0c2OjnmjAuALFYw5Y6vT4U47KGcWrE2MYEym7T5siB6_1C1T_SEWzs7W6f4vM8=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7fe0592011de0cc4c282a8523987e70c3209207703d39aa36d346e41db0c07ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29242
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 fYksF8Fa8U3z-FVpP1YGi-5vXuQKTViy7etG3JRXE54J1RZVd2J7LwZJUKBkFvG5J9xleVtheJYG5nSBiL-zKM8ZYGd8e30NgGK_=w16
lh3.googleusercontent.com/ 563 B
626 B 56ms
50ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/fYksF8Fa8U3z-FVpP1YGi-5vXuQKTViy7etG3JRXE54J1RZVd2J7LwZJUKBkFvG5J9xleVtheJYG5nSBiL-zKM8ZYGd8e30NgGK_=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3f1679187a03b9a16c963fc7b3919865a451739ac0d600d3101dbdbad7a7ba43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 563
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 fNA4zakg87CtdsN_GASRCR9zc5UTtM8B4t3c6fFTsarbADXY35CN3M1IXbQALddlC_FVmjQ78q02UjVsNh9eIhPuMVTAdBdslWA=w16
lh3.googleusercontent.com/ 539 B
602 B 56ms
50ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/fNA4zakg87CtdsN_GASRCR9zc5UTtM8B4t3c6fFTsarbADXY35CN3M1IXbQALddlC_FVmjQ78q02UjVsNh9eIhPuMVTAdBdslWA=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

91b27074116ac669b41c4650c11951613a2dc7d2a5336e93dd07ec38ad7ad03a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 539
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 56h9MSCp7xfgyYwEI7IhubN6GX2HzFlcwEsLlITGDdTuKpl8Ne8uNdV6fXu5dGiXjQMiRNNGr9gUEUg8rmgLnwTktDtOjbKksq0=w16
lh3.googleusercontent.com/ 299 B
385 B 209ms
204ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/56h9MSCp7xfgyYwEI7IhubN6GX2HzFlcwEsLlITGDdTuKpl8Ne8uNdV6fXu5dGiXjQMiRNNGr9gUEUg8rmgLnwTktDtOjbKksq0=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

0c8e060784765b186df12c3b49d58c1b6df180812c26cf625611d02cc62c2442

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:00 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 299
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:08:00 GMT

GET
H2 200 center.js Show response
js.center.io/ 12 KB
5 KB 101ms
12ms Script
application/javascript 2001:4860:4802:38::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.center.io/center.js
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=a555be933dad4f5fb9859df16343d70c&utm_source=82&utm_campaign=&utm_medium=&id=mike%40mikeglauser.com&iocid=&aff=82&creative_id=&oid=110&message_id=&link_id=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:38::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:06:07 GMT
content-encoding: gzip
server: Google Frontend
age: 112
etag: "OMWYXg"
content-type: application/javascript
x-cloud-trace-context: 68dfe3d50091f388ac3fe09a907b493d
cache-control: public, max-age=300
content-length: 5417
expires: Thu, 28 Sep 2023 19:11:07 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 296 KB
95 KB 60ms
37ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ece2311ddab180bd949e57acc5da3f03a86ab3232548d0afd401d9d566a24672

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 96496
x-xss-protection: 0
last-modified: Thu, 28 Sep 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 28 Sep 2023 19:07:59 GMT

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 4 KB
2 KB 54ms
19ms Script
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=601261&u=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-ufo-weapon%2F%3F_ef_transaction_id%3Da555be933dad4f5fb9859df16343d70c%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Dmike%2540mikeglauser.com%26iocid%3D%26aff%3D82%26creative_id%3D%26oid%3D110%26message_id%3D%26link_id%3D&f=1&vn=1.5
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=a555be933dad4f5fb9859df16343d70c&utm_source=82&utm_campaign=&utm_medium=&id=mike%40mikeglauser.com&iocid=&aff=82&creative_id=&oid=110&message_id=&link_id=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: b5334f7f1dbb3b996fd99d184649898440fbd53b9a650c7350a2da649940216a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
content-encoding: gzip
via: 1.1 google
server: gams1
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, no-cache, must-revalidate
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
fonts.gstatic.com/s/playfairdisplay/v36/ 37 KB
37 KB 42ms
17ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/playfairdisplay/v36/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Fjalla+One:300,400,500,700|Roboto:300,400,500,700|Roboto+Condensed:300,400,500,700|Playfair+Display:300,400,500,700|Exo+2:300,400,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b06a5d272de6f4e0ba3f8db8338da394f8716987f7a7e764a22b6e903c0f94cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 16:50:16 GMT
x-content-type-options: nosniff
age: 94663
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37964
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 20:43:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 26 Sep 2024 16:50:16 GMT

GET
H2 200 ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
fonts.gstatic.com/s/robotocondensed/v25/ 15 KB
15 KB 46ms
21ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 21:41:36 GMT
x-content-type-options: nosniff
age: 422783
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15660
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:42:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 22 Sep 2024 21:41:36 GMT

GET
H2 200 7cHmv4okm5zmbtYoK-4.woff2
fonts.gstatic.com/s/exo2/v21/ 39 KB
40 KB 35ms
10ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/exo2/v21/7cHmv4okm5zmbtYoK-4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9c1caceee24c82513919d61734ad3ccb66800fa0a92f71da617c49b8a872fb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 19:01:35 GMT
x-content-type-options: nosniff
age: 86784
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40316
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:31:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 26 Sep 2024 19:01:35 GMT

GET
H2 200 Yq6R-LCAWCX3-6Ky7FAFrOF6kg.woff2
fonts.gstatic.com/s/fjallaone/v15/ 44 KB
44 KB 50ms
26ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/fjallaone/v15/Yq6R-LCAWCX3-6Ky7FAFrOF6kg.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

43a079fd739dffa727de659b5bbf44596031aa7542c8a8afbc54a243aab96b47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 21:50:56 GMT
x-content-type-options: nosniff
age: 422223
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44584
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 20:46:24 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 22 Sep 2024 21:50:56 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 54ms
30ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 01:26:25 GMT
x-content-type-options: nosniff
age: 236494
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Sep 2024 01:26:25 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 52ms
30ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 16:50:19 GMT
x-content-type-options: nosniff
age: 94660
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 26 Sep 2024 16:50:19 GMT

GET
H2 200 ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
fonts.gstatic.com/s/robotocondensed/v25/ 15 KB
15 KB 44ms
24ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 05:31:51 GMT
x-content-type-options: nosniff
age: 480968
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15700
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:51:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 22 Sep 2024 05:31:51 GMT

GET
H2 200 WmNIZ4n_ZCTLaJxkRhndMi9dNNbdbKzB4zO5FIKhkf303CdWArV_3vvuTxHeNdIObyT0oI-v0TmD9EIq2bs6JQ6o6wMsjHKPGcA=s0
lh3.googleusercontent.com/ 13 KB
13 KB 45ms
36ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/WmNIZ4n_ZCTLaJxkRhndMi9dNNbdbKzB4zO5FIKhkf303CdWArV_3vvuTxHeNdIObyT0oI-v0TmD9EIq2bs6JQ6o6wMsjHKPGcA=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7db7a83e9efe934ad73ed22b476fdb78d1a9ff1e3a98cb5c15284f9417735b7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12815
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 cuKkebNfY8xkR9JhfDjxMX2lMZood_OGfHgiLDm-Qw6ufcSBI8N1TsJ1nIpFKU0laR5BkkFdF25oGW7U3S9110c2gCX4bUpcVA=s0
lh3.googleusercontent.com/ 14 KB
14 KB 50ms
41ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/cuKkebNfY8xkR9JhfDjxMX2lMZood_OGfHgiLDm-Qw6ufcSBI8N1TsJ1nIpFKU0laR5BkkFdF25oGW7U3S9110c2gCX4bUpcVA=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7da5cd5386454360f748cc2136fd37c038da4220770ed104f9630c06a0eab806

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14532
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 HmvH24Z0-WwV3ob4gJ1QwZ9Kz_O6PUJcqeN12J5xzKkAWr9kAvAttf8_q0l62JPxCjZ2oWbQcb7hEHoz6GD6U9L6ZGqnM5lFrrEV=s0
lh3.googleusercontent.com/ 15 KB
15 KB 49ms
40ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/HmvH24Z0-WwV3ob4gJ1QwZ9Kz_O6PUJcqeN12J5xzKkAWr9kAvAttf8_q0l62JPxCjZ2oWbQcb7hEHoz6GD6U9L6ZGqnM5lFrrEV=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e7c90c5bca22ce8622ad805b5dee3e93e40736e0b1bb2bb119560e7d4b52cca0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15380
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 VSJzHH06KJPjPotwxbbFYgBD0J3flSpjFHO4CmUvs23QDnIR9fccjyXQNWjhoyMjMm1semHMedNh0GL4g_XJ6I3G3CVLX8-K3Q=w16
lh3.googleusercontent.com/ 317 B
380 B 47ms
37ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/VSJzHH06KJPjPotwxbbFYgBD0J3flSpjFHO4CmUvs23QDnIR9fccjyXQNWjhoyMjMm1semHMedNh0GL4g_XJ6I3G3CVLX8-K3Q=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

02de1a932816d80b54e2b8094e150f1ec64a3aedc5c2c4a97925aafb9c95c5a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 317
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 0F5eiyxS3e6mVh3ZchMaEXRUsCRF-cyJLYm-6hTVx-mQzCE-_4z4LOXOFITRozVqtZYAyTZnvWaXZV002bNM7ERsIukzDwcv-lc_=w16
lh3.googleusercontent.com/ 315 B
378 B 41ms
32ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/0F5eiyxS3e6mVh3ZchMaEXRUsCRF-cyJLYm-6hTVx-mQzCE-_4z4LOXOFITRozVqtZYAyTZnvWaXZV002bNM7ERsIukzDwcv-lc_=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a66f203307e28e536d6aab551e7fb8d70414da2a0374c98aed0b0725f413199e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 315
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 MHiMiacCZOh6waPrCxoucBn8JaCRGOMsLbhaWxokjRXMwViSvUba_Dv-YBF6r2Bx9eXxuXoUrdfY9Yt7tq_5tM_LXuOGkKqutIU=s0
lh3.googleusercontent.com/ 38 KB
38 KB 60ms
51ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/MHiMiacCZOh6waPrCxoucBn8JaCRGOMsLbhaWxokjRXMwViSvUba_Dv-YBF6r2Bx9eXxuXoUrdfY9Yt7tq_5tM_LXuOGkKqutIU=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7d7b2eec122d8945398dde8bcbe491986698b328f086f6c1c83873d89b18a18e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38610
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 918qhe_GvTqP9WClvj9cBIQmUbO4m4mpNklTF99oE78V9U53zU2ss4Qapt0WpurejiEwX1AIVxjLlq7Ldr4LBWYxYqWeSL0LfQ=w16
lh3.googleusercontent.com/ 433 B
496 B 49ms
40ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/918qhe_GvTqP9WClvj9cBIQmUbO4m4mpNklTF99oE78V9U53zU2ss4Qapt0WpurejiEwX1AIVxjLlq7Ldr4LBWYxYqWeSL0LfQ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

af07850bc2d128062164504811197c21b60ed42f88b326dd858394951b14dd02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 433
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 22NTvWRBmHQ-rrYZTXCSBuYh0wJWpINQsg6FZF73Ic7NdGtO77WND8196-XnStqpE3gwoui9tnjpvLbIgmavXeSaCsr7zz_eAqc=w16
lh3.googleusercontent.com/ 548 B
611 B 48ms
39ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/22NTvWRBmHQ-rrYZTXCSBuYh0wJWpINQsg6FZF73Ic7NdGtO77WND8196-XnStqpE3gwoui9tnjpvLbIgmavXeSaCsr7zz_eAqc=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

acf88b2da54aa12fbf7c5e89be9a84524811896fe2a46005a30dfa1b32789fb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 548
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 LXcMpGGbRkP7Gbo2T-NSujMqgOADRJJC0hZSajcBT0XAFEPN4Qu_uBjbkYHuVBC615MhzNLNL_eXL3nVEkRR6jjTHcoBvtf7_Po=w16
lh3.googleusercontent.com/ 458 B
521 B 48ms
39ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/LXcMpGGbRkP7Gbo2T-NSujMqgOADRJJC0hZSajcBT0XAFEPN4Qu_uBjbkYHuVBC615MhzNLNL_eXL3nVEkRR6jjTHcoBvtf7_Po=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b6da3cdb7cff4fa6ba59c573533db05bdf868830aeea5fdb400135b7b23ed597

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 458
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 bMGQ4yp4ZMlmkdosw487snZM3KCxv4eojdYcxvGnSUOEnkv09_STtmP_oKlXRCm3k1aZYahhk5C0ckrut9QdR9jQBP-437glxP4=s0
lh3.googleusercontent.com/ 34 KB
34 KB 57ms
48ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/bMGQ4yp4ZMlmkdosw487snZM3KCxv4eojdYcxvGnSUOEnkv09_STtmP_oKlXRCm3k1aZYahhk5C0ckrut9QdR9jQBP-437glxP4=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

0f9fd81a08eecb2018384c281acd08fa6add7ffee002123129ff7a546b82fa31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34662
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 AhvFgClQkCuXUZblpf5VCGEyQoJaUrIXJYuEABnn2bUgA77AvEQO8YehIVzPTKK53_ubxUUXWRWBoyYvHkNPoqxfL9k5aGbHdD5o=w16
lh3.googleusercontent.com/ 575 B
638 B 50ms
42ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/AhvFgClQkCuXUZblpf5VCGEyQoJaUrIXJYuEABnn2bUgA77AvEQO8YehIVzPTKK53_ubxUUXWRWBoyYvHkNPoqxfL9k5aGbHdD5o=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

1dd8c38f74756eeebe8302aa2f207760abe5b57133e7958931e78e4b2870181f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 575
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 XPEQuQzbQqwQS1g8iJ7BDcRryBgOyO1kJlafR8M2BdY76ZOKSzPbH1kIuElouHQENT2eO3dCkl4yiuefg2k3MzqwCu-XtqLK1OV0=w16
lh3.googleusercontent.com/ 575 B
634 B 55ms
47ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/XPEQuQzbQqwQS1g8iJ7BDcRryBgOyO1kJlafR8M2BdY76ZOKSzPbH1kIuElouHQENT2eO3dCkl4yiuefg2k3MzqwCu-XtqLK1OV0=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f80c4e842cf1cddf979cbf4cf904269dfd5e41ddcf1ef1da83a1bb848f835ec0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 575
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 TDAiEjekjRmzFHSJAEOsbixEV06UxsgGa8nX_VTyVsy5mJKw6XDJQL-sBoal2IWgklizL-p512b1zoqMcqPkmjHuqE5k_W7vClg=w16
lh3.googleusercontent.com/ 577 B
640 B 49ms
41ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/TDAiEjekjRmzFHSJAEOsbixEV06UxsgGa8nX_VTyVsy5mJKw6XDJQL-sBoal2IWgklizL-p512b1zoqMcqPkmjHuqE5k_W7vClg=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

31d9d4d853d7426533bea329d61e28677b7ffa078ae280290de50ad646ae6eba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 577
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 n-Y60a-YX5ixqNjX9ajXgF2dohGeyznFcDHi2JnB8ap2AlMLe89K25uZuCxpOVeVO-Mbb7aEEqYVCm5X6s60orNmTCHz9uE-TQ=w16
lh3.googleusercontent.com/ 660 B
723 B 50ms
42ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/n-Y60a-YX5ixqNjX9ajXgF2dohGeyznFcDHi2JnB8ap2AlMLe89K25uZuCxpOVeVO-Mbb7aEEqYVCm5X6s60orNmTCHz9uE-TQ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

11a5066ce5aa1d4619f5582cffdcd559c9a1aae9de9b010984ec89d2d8b4762f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 660
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H2 200 HbycKGCVE6V83_ROXDUrfrlNF_wihoki9xGfd3Tne1Jwmq3QUxdFr6_cY3_Bh_97oIS1QSCMqT5SicZ1tmYhtZNK6deftMurtNCX=s0
lh3.googleusercontent.com/ 39 KB
39 KB 60ms
52ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/HbycKGCVE6V83_ROXDUrfrlNF_wihoki9xGfd3Tne1Jwmq3QUxdFr6_cY3_Bh_97oIS1QSCMqT5SicZ1tmYhtZNK6deftMurtNCX=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

5190abfe9f241dd6c5afbd313cecfe3bc1c2d3e5e0a6815c28c4b9942de6237e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40152
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H3 200 KqhQWp7dUO2yyas9gabmfzQYuZb8eAG5LR4XnTFtLXo5AZLcee8r0_FAd8WMGGUJrszS8Vul3srAVUNlRqjsqldtj-8qtVuJtx8=w16
lh3.googleusercontent.com/ 562 B
587 B 26ms
23ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/KqhQWp7dUO2yyas9gabmfzQYuZb8eAG5LR4XnTFtLXo5AZLcee8r0_FAd8WMGGUJrszS8Vul3srAVUNlRqjsqldtj-8qtVuJtx8=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c26b66c28c54246fdf031482b1e0d7b076c37cf422e2d7b2969be733720f03d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 562
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H3 200 zL0fUx2qiWCK833qDbtDyNS-4_VE82Z3vL0McM-i3xon5qenITbnq9CWPbOJMMvk42p3oyJ3mfa0rN3W-ghl5owH9XTALSGSHQ=s0
lh3.googleusercontent.com/ 43 KB
43 KB 38ms
33ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/zL0fUx2qiWCK833qDbtDyNS-4_VE82Z3vL0McM-i3xon5qenITbnq9CWPbOJMMvk42p3oyJ3mfa0rN3W-ghl5owH9XTALSGSHQ=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7ac8c0c398a8c50881f8df96030a9ed8442b654cb9d2e1a1877aebedd02023af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44083
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H3 200 yDg9XcrVlwn2g3OGWAN94ZbA0PW6hifx_0jaOf-XfciTso5dWRcuAx5HmroKvOx172KAIkaKePyppVOJRtORot_b2Ts4Dnl5bhmy=w16
lh3.googleusercontent.com/ 279 B
304 B 31ms
27ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/yDg9XcrVlwn2g3OGWAN94ZbA0PW6hifx_0jaOf-XfciTso5dWRcuAx5HmroKvOx172KAIkaKePyppVOJRtORot_b2Ts4Dnl5bhmy=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a39f6b6d8f73c27f9da666c425f6ba369004dc25e3cc8adef547612635e5e244

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 279
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H3 200 zFWAG1kxVcpHmOqQ5l6DZF2Lkdjfbl9P8f27igRvwiN5qxFWETIpL7A5__KGyc9IS1mtaEH049SbNHqoAGLMkdnHaip1YreWaQw=s0
lh3.googleusercontent.com/ 48 KB
48 KB 32ms
28ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/zFWAG1kxVcpHmOqQ5l6DZF2Lkdjfbl9P8f27igRvwiN5qxFWETIpL7A5__KGyc9IS1mtaEH049SbNHqoAGLMkdnHaip1YreWaQw=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7175f0fd288f011560ca785808341d055393c4d63055afa2d37627a8e76be19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48730
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H3 200 9koIo2pE2cX13hnh0Yl3g4aZqsRD6jqCxEqzzLNnS7QXXN4k0roYVsyLXTfaMaYubmF-ju_kuHTcA8S56ARkE3bhZ3B37AYhdxLW=w16
lh3.googleusercontent.com/ 291 B
316 B 37ms
32ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/9koIo2pE2cX13hnh0Yl3g4aZqsRD6jqCxEqzzLNnS7QXXN4k0roYVsyLXTfaMaYubmF-ju_kuHTcA8S56ARkE3bhZ3B37AYhdxLW=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

aba0f08dc1fa858dbd70d733fac29f07cd07816732bf498c9dda14d5d79dc93f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 291
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H3 200 7xyHhGbThSsKRvEtDDjjMRdkL9w3QSI5M3LFelMyqlZ0vlDwjG99RygiAhvwECfoTeQ7CnH9A9aKO4h2sMw9ZefbfYsx4htWdZM=w16
lh3.googleusercontent.com/ 272 B
297 B 32ms
27ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/7xyHhGbThSsKRvEtDDjjMRdkL9w3QSI5M3LFelMyqlZ0vlDwjG99RygiAhvwECfoTeQ7CnH9A9aKO4h2sMw9ZefbfYsx4htWdZM=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

214df72d9a3910941fda905199bc8069c6b298ce2b577c71c149773e9c64030f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 272
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H3 200 Y2qrJs3P1rwO6ZHL8EqhMx2C-zxwM3PlWdeJsqNzh4qhbfm9D5T28EMGlzGvyKLPv0W2LJydeaIR5mQNHDmLrezhlpm2150zGgto=w16
lh3.googleusercontent.com/ 286 B
311 B 26ms
22ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/Y2qrJs3P1rwO6ZHL8EqhMx2C-zxwM3PlWdeJsqNzh4qhbfm9D5T28EMGlzGvyKLPv0W2LJydeaIR5mQNHDmLrezhlpm2150zGgto=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

31b790b6aa4636b48813be238cfbd46163c06298333db50e03373fcd5d41e6ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 286
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H3 200 hKW7gTJR8ElpmAAkh7pmORjcOTmh384JZ6CW6zy6rFf2qyOmQX9tgey0wnIQH_-Sg3lKFojq4mJjI-sDSxM6rNJWJ9G4kLG5XQU=s0
lh3.googleusercontent.com/ 22 KB
22 KB 35ms
30ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/hKW7gTJR8ElpmAAkh7pmORjcOTmh384JZ6CW6zy6rFf2qyOmQX9tgey0wnIQH_-Sg3lKFojq4mJjI-sDSxM6rNJWJ9G4kLG5XQU=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

dff5c7a61358f77654f6f3c48ba16e33a4315bb57389075f380c408b250c73b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22076
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H3 200 ATvL_yTTnby4CtmWvqyTiTgfSRNzmoX7HrIQM0k75VRL2MSXAIJ65oY66cqrOu95217XvkLm_-XxFbmzcgMnLFPLfx7XZnPMEIjp=w16
lh3.googleusercontent.com/ 413 B
438 B 30ms
26ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ATvL_yTTnby4CtmWvqyTiTgfSRNzmoX7HrIQM0k75VRL2MSXAIJ65oY66cqrOu95217XvkLm_-XxFbmzcgMnLFPLfx7XZnPMEIjp=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f54a8022d466a7d8067a7b9fa35254667bf3a5fd4dad4807b54581da7a3e3b0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 413
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H3 200 mWtM1znzWII_fSBzcwGx0qEmOb9lNDG24L1UIo3FlYAahkYfVpYtXH3z_eeT8jxWN0BPd6whHw4VfCgGaVcOX7YDhH7C-7tSTDU=w16
lh3.googleusercontent.com/ 691 B
716 B 36ms
32ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/mWtM1znzWII_fSBzcwGx0qEmOb9lNDG24L1UIo3FlYAahkYfVpYtXH3z_eeT8jxWN0BPd6whHw4VfCgGaVcOX7YDhH7C-7tSTDU=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f10ec21a492c33b4c6c6a6dac52a189d96560ce7b76595be7ab1f2890c2b41a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:07:59 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 691
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:07:59 GMT

GET
H3 200 sy7aFFVL8PFj10zRJ60Mk-d_V3jJe2MOJWlPv00Jy5xjjZECnkv9lRKBpaXlwMHN156vrvDyxR779isUa51aMgZrV0IuZUeg=w16
lh3.googleusercontent.com/ 284 B
309 B 129ms
124ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/sy7aFFVL8PFj10zRJ60Mk-d_V3jJe2MOJWlPv00Jy5xjjZECnkv9lRKBpaXlwMHN156vrvDyxR779isUa51aMgZrV0IuZUeg=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

cab0187e0daa40dcafa6ad301c50f0a2d35dd20299575b1e07ce89e00e585dbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:00 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 284
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Sep 2023 19:08:00 GMT

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
151 B 110ms
109ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=601261&d=go.behindthemarkets.com&u=D3593B0460E02DB4772A77367EEEFFE6D&h=dedaf90072f05aef1dcf277eda765c25&t=false

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:00 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: public, max-age=43200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35

GET
H3 200 wRCLDsfkIMmtWIP3l7eNMfWQFoU1CVBaoN4qNhQvjLxv1AYeZIad-WiKxstWIvoz7CNPRVxP-I4oXMl9nl-lrDpZi2pjH_XxYPnJ=w600
lh3.googleusercontent.com/ 217 KB
217 KB 27ms
26ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/wRCLDsfkIMmtWIP3l7eNMfWQFoU1CVBaoN4qNhQvjLxv1AYeZIad-WiKxstWIvoz7CNPRVxP-I4oXMl9nl-lrDpZi2pjH_XxYPnJ=w600

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7caa39736388b58116f1d7318edb260aec86c94473cd8ad2ddcbb75c7e2b0f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:00 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 222462
x-xss-protection: 0
expires: Fri, 29 Sep 2023 19:08:00 GMT

GET
H3 200 ABBojT1Nd5u_lCZNCn0JwUxW4s2Z-anLz_ApbgNC7XLMQIiXPm3_97_AJ2-OvC2STmqktqiJ5kSM1QpGOmC4boFPxT4wVrIbYz1y=w600
lh3.googleusercontent.com/ 171 KB
171 KB 25ms
25ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ABBojT1Nd5u_lCZNCn0JwUxW4s2Z-anLz_ApbgNC7XLMQIiXPm3_97_AJ2-OvC2STmqktqiJ5kSM1QpGOmC4boFPxT4wVrIbYz1y=w600

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

fdf58592570bd7a179f45ab4a8609b0646df59456d87bad60a362f0bfd9c2683

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:00 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 174963
x-xss-protection: 0
expires: Fri, 29 Sep 2023 19:08:00 GMT

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 127 KB
50 KB 76ms
52ms Script
application/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=OPT-K7WPB5K

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2c355ca44cfadf525c8b77785d650793b1105f812ddcf7875c6f7a2a7175136d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:00 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50626
x-xss-protection: 0
last-modified: Thu, 28 Sep 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 28 Sep 2023 19:08:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 31ms
8ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 28 Sep 2023 17:49:43 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 4697
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 28 Sep 2023 19:49:43 GMT

GET
H2 200 ld.js Show response
dynamic.criteo.com/js/ld/ 47 KB
20 KB 49ms
14ms Script
application/javascript 2a02:2638:3::e
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://dynamic.criteo.com/js/ld/ld.js?a=93258

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::e , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

0946cb87b7a79f481e8918c9754da72dac3364563c52f58e623ac23a170a49c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:00 GMT
content-encoding: br
strict-transport-security: max-age=31536000; preload;
server: Kestrel
vary: Origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public,max-age=10800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

GET
H2 200 everflow.js Show response
www.behindthemarkets-btm.com/scripts/sdk/ 60 KB
19 KB 21ms
20ms Script
text/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.behindthemarkets-btm.com/scripts/sdk/everflow.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e426e330d152fce1b2e4a53ff4062cfe1531acca6f02c9b5329009d496aad05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:00 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7066
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 28 Sep 2023 17:10:14 GMT
accept-ch: Sec-Ch-Ua-Platform-Version
server: cloudflare
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZEm37WJWG97OEDiaPOuAEVMFNPbYeHLcWuGf5sP077eq2ME%2BbaT3QQEmPZdgklc1T22MTec0K1awXPsiUg32JztBXWQdOdNzuexBYjHFvZZGCDsdKU6e3V3BbaPyegbcOxWcmLXpO1GDqaODQbe6T1s1MFA5IblM%2FJga"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
x-eflow-request-id: 52bf62a4-800d-4a2d-b6b1-16a246c8ac9d
cf-ray: 80de45c499535c8c-FRA

GET
H2 200 / Show response
load.sumo.com/ 2 KB
2 KB 377ms
15ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=a555be933dad4f5fb9859df16343d70c&utm_source=82&utm_campaign=&utm_medium=&id=mike%40mikeglauser.com&iocid=&aff=82&creative_id=&oid=110&message_id=&link_id=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:00 GMT
content-encoding: br
cdn-edgestorageid: 1081
x-amz-request-id: 1KYFJQFMBFJKH37P
cdn-cachedat: 08/01/2023 19:55:24
cdn-pullzone: 53731
x-amz-id-2: qq+ntw5IJPjgabl5D2IupL5Qw6IGEklZlzXzRWgabNShliLdR2eEmsTuZwMPqR0zNmJqeRsDUJM=
last-modified: Wed, 05 Oct 2022 16:50:13 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"415c9608bc47ee8a16b3a2f2c0aee7b0"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=600
cdn-requestid: 925bf75fccf6b66e33df8f2f0fbbab3c
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 403 request.js
script.anura.io/ 0
0 394ms
31ms Script
application/javascript 13.43.151.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://script.anura.io/request.js?instance=2840531173&source=82&campaign=undefined&904667986083
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-ufo-weapon/?_ef_transaction_id=a555be933dad4f5fb9859df16343d70c&utm_source=82&utm_campaign=&utm_medium=&id=mike%40mikeglauser.com&iocid=&aff=82&creative_id=&oid=110&message_id=&link_id=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.43.151.221 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-43-151-221.eu-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 278 KB
90 KB 30ms
29ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d16a004d0a4f7fb78000f4dc8dc1f158b74bb5e8cbd726ce0e8c0f380e53bfb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:00 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92229
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 28 Sep 2023 19:08:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 271 KB
91 KB 27ms
27ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-KDYSD5C2HD&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8097f342e8dde9aaffa3bb1e9da87df15def110b092832a08b6a33b5b22184f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:00 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92816
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 28 Sep 2023 19:08:00 GMT

GET
H2 200 identify.html Show response
js.center.io/ Frame 951B 4 KB
2 KB 18ms
16ms Document
text/html 2001:4860:4802:38::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.center.io/identify.html
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:38::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 0efa1e4687032588dae8d6d3a00a92e504a3a14b9d1bb23c19670a47c9792110

Request headers

Referer: https://go.behindthemarkets.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 240
cache-control: public, max-age=300
content-encoding: gzip
content-length: 2016
content-type: text/html
date: Thu, 28 Sep 2023 19:04:00 GMT
etag: "OMWYXg"
expires: Thu, 28 Sep 2023 19:09:00 GMT
server: Google Frontend
x-cloud-trace-context: 4ec658f9448444bac02f150d80617c4f

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/events/ 35 B
686 B 492ms
179ms XHR
image/gif 35.192.151.63
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/events/capture?k=view&a=leadpage&l=Gy3xzrFUCQo2QEFioeBcaF&v=&e=&st=&lc=en-US&pid=bb4wMKcXKB896PwqF4vMVT-default-prop&uid=BTxYMyTjj2PHGhxRememEh&sid=H2E7vdZGCVXtaiHpfkefEV&cid=lp-Gy3xzrFUCQo2QEFioeBcaF&uri=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-ufo-weapon%2F%3F_ef_transaction_id%3Da555be933dad4f5fb9859df16343d70c%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Dmike%2540mikeglauser.com%26iocid%3D%26aff%3D82%26creative_id%3D%26oid%3D110%26message_id%3D%26link_id%3D&rf=&rx=1600&ry=1200&tz=%2B02%3A00
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Thu, 28 Sep 2023 19:08:00 GMT
Server: Stargate
Transfer-Encoding: chunked
access-control-max-age: 600
Content-Type: image/gif
access-control-allow-origin: https://go.behindthemarkets.com
X-Forwarded-For: 178.162.209.141
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
Connection: keep-alive
x-request-id: 00vmjr30t7hr1bmiemmg

POST
H2 204 collect
region1.analytics.google.com/g/ 0
259 B 287ms
14ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-KDYSD5C2HD&gtm=45je39p0&_p=2041887749&_gaz=1&cid=299314119.1695928080&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1695928080&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-ufo-weapon%2F%3F_ef_transaction_id%3Da555be933dad4f5fb9859df16343d70c%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Dmike%2540mikeglauser.com%26iocid%3D%26aff%3D82%26creative_id%3D%26oid%3D110%26message_id%3D%26link_id%3D&dt=BTM%20UFO%20Weapon&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-KDYSD5C2HD&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Sep 2023 19:08:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
259 B 294ms
18ms Ping
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-KDYSD5C2HD&cid=299314119.1695928080&gtm=45je39p0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-KDYSD5C2HD&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Sep 2023 19:08:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 320ms
45ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-KDYSD5C2HD&cid=299314119.1695928080&gtm=45je39p0&aip=1&z=1931883574

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Sep 2023 19:08:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 242ms
15ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-8R6YNFMJ23&gtm=45je39p0&_p=2041887749&_gaz=1&cid=299314119.1695928080&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1695928080&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-ufo-weapon%2F%3F_ef_transaction_id%3Da555be933dad4f5fb9859df16343d70c%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Dmike%2540mikeglauser.com%26iocid%3D%26aff%3D82%26creative_id%3D%26oid%3D110%26message_id%3D%26link_id%3D&dt=BTM%20UFO%20Weapon&en=page_view&_fv=1&_ss=1&epn.variant_id=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Sep 2023 19:08:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
45 B 248ms
18ms Ping
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-8R6YNFMJ23&cid=299314119.1695928080&gtm=45je39p0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Sep 2023 19:08:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 273ms
45ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8R6YNFMJ23&cid=299314119.1695928080&gtm=45je39p0&aip=1&z=624425543

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Sep 2023 19:08:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
214 B 15ms
14ms XHR
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=2041887749&t=pageview&_s=1&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-ufo-weapon%2F%3F_ef_transaction_id%3Da555be933dad4f5fb9859df16343d70c%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Dmike%2540mikeglauser.com%26iocid%3D%26aff%3D82%26creative_id%3D%26oid%3D110%26message_id%3D%26link_id%3D&ul=en-us&de=UTF-8&dt=BTM%20UFO%20Weapon&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aADAAEABQAAAACAAI~&jid=618323455&gjid=502556998&cid=299314119.1695928080&tid=UA-102395123-1&_gid=346812257.1695928080&_r=1&_slc=1&gtm=45He39p0n81WNRH3TX&cd1=82&cd3=false&cd4=false&cd5=false&cd6=false&cd7=false&z=1047167550

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.behindthemarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 28 Sep 2023 19:08:00 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 2CF4 15 KB
6 KB 48ms
15ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=go.behindthemarkets.com&origin=onetag

Requested by

Host: dynamic.criteo.com
URL: https://dynamic.criteo.com/js/ld/ld.js?a=93258

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://go.behindthemarkets.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 28 Sep 2023 19:08:00 GMT
server: Kestrel
server-processing-duration-in-ticks: 282531
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 18ms
17ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-102395123-1&cid=299314119.1695928080&jid=618323455&gjid=502556998&_gid=346812257.1695928080&_u=aADAAEAAQAAAACAAI~&z=1814217580

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.behindthemarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 28 Sep 2023 19:08:00 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 2CF4
Redirect Chain

https://gum.criteo.com/sid/json?origin=onetag&domain=behindthemarkets.com&sn=ChromeSyncframe&so=0&topUrl=go.behindthemarkets.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=5M5l3Hx5bUVOOE5jN04xUGRBeEluemlUbUh4RHo1bUtEazZETW0xU1NMcytMdGFlU3Q1M21Cbk9JUGJ3OEdJZmEvK0hVdVo0QVI3Ukx5eEJkeGZObEU1WVVoSlRuOVcrc3ArWEJpY2hBZ2NUdGhhUHh3QVpVL2cvbXo2Uk...

449 B
665 B

73ms
18ms

Fetch
application/json

178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=5M5l3Hx5bUVOOE5jN04xUGRBeEluemlUbUh4RHo1bUtEazZETW0xU1NMcytMdGFlU3Q1M21Cbk9JUGJ3OEdJZmEvK0hVdVo0QVI3Ukx5eEJkeGZObEU1WVVoSlRuOVcrc3ArWEJpY2hBZ2NUdGhhUHh3QVpVL2cvbXo2UkRNR054ZDhIcHZyVHVkbHZZL3EydGJQcVY4M1lsYlZLNXZ2c0lDNitFelhwVTl0OXR3SVlHTTdQK2wzSy9mSTB2SHNDTVF4OUtpd3VCaGkzL00wcDZIM05naHRXVDdRUzhkOVhXMEpqbVVtZVNkb2ptcEVvOWtKc00yU3JRSTVGTi9CM2l3ZUkySmw2TThYUWhKd1QrNDFLdmN1THBiSnhMUXpCcHpFMHVPN2FHanlGdnZETT18&cppv=2

Requested by

Protocol

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

5b5064db932a9fb565f38da96d3cb573036879156860568cc7414a80f0aaee28

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Sep 2023 19:08:00 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1790928
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 28 Sep 2023 19:08:00 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=5M5l3Hx5bUVOOE5jN04xUGRBeEluemlUbUh4RHo1bUtEazZETW0xU1NMcytMdGFlU3Q1M21Cbk9JUGJ3OEdJZmEvK0hVdVo0QVI3Ukx5eEJkeGZObEU1WVVoSlRuOVcrc3ArWEJpY2hBZ2NUdGhhUHh3QVpVL2cvbXo2UkRNR054ZDhIcHZyVHVkbHZZL3EydGJQcVY4M1lsYlZLNXZ2c0lDNitFelhwVTl0OXR3SVlHTTdQK2wzSy9mSTB2SHNDTVF4OUtpd3VCaGkzL00wcDZIM05naHRXVDdRUzhkOVhXMEpqbVVtZVNkb2ptcEVvOWtKc00yU3JRSTVGTi9CM2l3ZUkySmw2TThYUWhKd1QrNDFLdmN1THBiSnhMUXpCcHpFMHVPN2FHanlGdnZETT18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 223952
content-length: 0
expires: 0

GET
H2 200 72.0a035390359aab65eb82.js Show response
load.sumo.com/ 131 KB
44 KB 43ms
43ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/72.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:00 GMT
content-encoding: br
cdn-edgestorageid: 1082
x-amz-request-id: FMGSGJGQBTWVRJ1S
cdn-cachedat: 07/26/2023 06:51:53
cdn-pullzone: 53731
x-amz-id-2: WSEl9xTH2Gn9NK4dG4tUKq7PjWu4UUEG//nx63LwmWyrTOkJik1SfwhZaBDn+vN/N7UOQCwf0Z8=
last-modified: Wed, 05 Oct 2022 16:49:50 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"a1c4ecc2ca5bc12d61068cd427f9729f"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 77323131446989850d3dd1d9be6f288d
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 73.0a035390359aab65eb82.js Show response
load.sumo.com/ 289 KB
100 KB 22ms
22ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/73.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:00 GMT
content-encoding: br
cdn-edgestorageid: 1081
x-amz-request-id: DWH88T81ZZEBPF44
cdn-cachedat: 01/05/2023 13:19:16
cdn-pullzone: 53731
x-amz-id-2: jOqTwrO7CKADB6A99P2KE8erCfBGDinliCUfMCHx9ofCH5Hyp/WWaFB+LMZTpDm3rXJNnXg+404=
last-modified: Wed, 05 Oct 2022 16:49:51 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"ad6f2454f01de902ffd473d51c1207bf"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 36849d996b6fc3ca937048e0568bafaf
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 click Show response
www.behindthemarkets-btm.com/sdk/ 87 B
840 B 144ms
143ms Fetch
application/json 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.behindthemarkets-btm.com/sdk/click?effp=12266684ae73b5607601e1c488021d10&sec_ch_ua_platform=&sec_ch_ua_platform_version=&_ef_transaction_id=a555be933dad4f5fb9859df16343d70c&oid=110&affid=82&__cc=&async=json&source_id=82&creative_id=
Requested by: Host: www.behindthemarkets-btm.com
URL: https://www.behindthemarkets-btm.com/scripts/sdk/everflow.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 94f7a08a5a28615a5f31691e54ca40e7dec539862f321eab222fc90fbd48a5ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:00 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ch: Sec-Ch-Ua-Platform-Version
server: cloudflare
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d78PVAH%2F7IPKXGKIVNOnV8bG%2F1pO8lBbcrzo%2FOLUV5GZOATbYt7h0W%2FRi6qmuuW1E1KEvfOlMX4or8J2B8BHaTJM%2FRg7zjHtSe7o4gZoDk4gtGbFJiM087oo9Ll74ng50tCqnRC3EgBIzc0rNwc9qUfFJQrEt2XKwpYg"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
x-eflow-request-id: e0860625-cc35-4633-b7ee-1bc959cecf8c
cf-ray: 80de45c84cdcbb55-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 94ms
46ms Image
image/gif 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-102395123-1&cid=299314119.1695928080&jid=618323455&_u=aADAAEAAQAAAACAAI~&z=32942998

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Sep 2023 19:08:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 48ms
47ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-102395123-1&cid=299314119.1695928080&jid=618323455&_u=aADAAEAAQAAAACAAI~&z=32942998

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Sep 2023 19:08:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 / Show response
sumo.com/api/load/ 876 B
1 KB 758ms
188ms XHR
application/json 35.86.95.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/load/

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.86.95.232 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-86-95-232.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

aefd89d9d4189505493ccac6e82c64eed8d87a3ea592a9659f964771cd68c866

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://go.behindthemarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 28 Sep 2023 19:08:01 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 876

GET
H/1.1 200
OK capture
api.leadpages.io/analytics/v1/observations/ 35 B
357 B 131ms
130ms Image
image/gif 35.192.151.63
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?version=1.7.13&origin=page-speed&kind=timer,timer,timer,timer,timer,timer,timer,timer,timer,timer&label=domain-lookup,connect,request,ttfb,response,loading,interactive,content-loaded,complete,load&value=47,261,253,561,145,565,739,740,1549,1554
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Thu, 28 Sep 2023 19:08:00 GMT
Server: Stargate
Transfer-Encoding: chunked
X-Forwarded-For: 178.162.209.141
Content-Type: image/gif
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
Connection: keep-alive
x-request-id: 00vmjr5hpn9smj1c8gk0

OPTIONS
H2 204 services
sumo.com/ Frame 0
0 182ms
182ms Preflight 35.86.95.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sumo.com/services
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.86.95.232 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-86-95-232.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: x-sumo-auth
Access-Control-Request-Method: POST
Origin: https://go.behindthemarkets.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-origin: https://go.behindthemarkets.com
access-control-max-age: 2592000
date: Thu, 28 Sep 2023 19:08:01 GMT
server: nginx

POST
H2 200 services Show response
sumo.com/ 205 B
606 B 186ms
186ms XHR
application/json 35.86.95.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/services

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.86.95.232 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-86-95-232.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

c5265b2a343e05fcaf0cd05b0dd03975c4d83e4168eafea7236a99ee46caf79e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

X-Sumo-Auth: Sq9G1oAAOxhv8d9ErdUEU3TD
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://go.behindthemarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 28 Sep 2023 19:08:01 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
content-length: 205

GET
H2 200 7.0a035390359aab65eb82.js Show response
load.sumo.com/ 97 KB
34 KB 15ms
14ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/7.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: c60b93effcbac344d2c30270e0d97323af0f64f43f3ac4d8abd486a875477169

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:01 GMT
content-encoding: br
cdn-edgestorageid: 1081
x-amz-request-id: 6556JDXZW8AN2YNV
cdn-cachedat: 08/01/2023 19:55:10
cdn-pullzone: 53731
x-amz-id-2: cSUMWfK1WSpDwfk1Ts7bzDlPEW2XyFxoF6OWJezYiEehsSRchfIhZEPax52J+5vxI3XyrXtZRhc=
last-modified: Wed, 05 Oct 2022 16:49:48 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"3fa9c18f727d4b42fb894fda90a374e1"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 34d3bd35f53145a1a150c87f9c8660d4
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 4.0a035390359aab65eb82.js Show response
load.sumo.com/ 5 KB
3 KB 18ms
17ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/4.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 3f351eef4b0a3ccd70ff9d4239851252a0a6eba79471e530f9deec0b3421d132

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:01 GMT
content-encoding: br
cdn-edgestorageid: 1081
x-amz-request-id: XPQK36ZER9CRKS11
cdn-cachedat: 07/07/2023 01:47:30
cdn-pullzone: 53731
x-amz-id-2: mTOZvT+dViFEnXbdMieeIDxf0x24WT/uSdiD07sBGMn9LykYofikgvDE4pImCCIDh6WUqbyXrcU=
last-modified: Wed, 05 Oct 2022 16:49:25 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"a39d043b7c7bba70750cf288ee5ef71a"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 980b7d6b47ec525857db76b9783ead67
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 2.0a035390359aab65eb82.js Show response
load.sumo.com/ 3 KB
2 KB 17ms
16ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/2.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 5dc9d61931a73fa03b59af510868b7e89e4523df5a53935212ca8a9b31af0b8d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:01 GMT
content-encoding: br
cdn-edgestorageid: 1082
x-amz-request-id: XPQM4KE27F1PV1RK
cdn-cachedat: 07/07/2023 01:47:30
cdn-pullzone: 53731
x-amz-id-2: oA8LQN3Tk/ne2zEnCJcTDIXVqtH0lmXgqdnClhbLqUrZ7AoJhtGig12OgATcN4TrCkSO40O6SCY=
last-modified: Wed, 05 Oct 2022 16:49:10 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"6bfdf1ae8492f107706ac037915be663"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: fcac03f35cfbe4ca20bcb6c69b6ce147
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 10.0a035390359aab65eb82.js Show response
load.sumo.com/ 11 KB
5 KB 28ms
27ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/10.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 4b6753aef2f81a4813434523b259d9d19f368ae41cd40162bf0897bc4e334cb9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:01 GMT
content-encoding: br
cdn-edgestorageid: 1082
x-amz-request-id: XPQY5KZM19H9N2EA
cdn-cachedat: 07/07/2023 01:47:30
cdn-pullzone: 53731
x-amz-id-2: seuQMDfJmqhHAlic6XiyJ4hVPQujxdUHubwd+ZhchYqZFdd51kzaghRFiM11t3gYmD58vzM+KNA=
last-modified: Wed, 05 Oct 2022 16:48:57 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"fc263e7087822a0b00ff93677d6df4ea"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: d2173cb1c717b161fd66c52ecb67cb4b
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 22.0a035390359aab65eb82.js Show response
load.sumo.com/ 92 KB
25 KB 19ms
18ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/22.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 4c2a0a41bdbc55f5d0f74f367110639cb7fe35122a7a140846d1395d21609a6d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:01 GMT
content-encoding: br
cdn-edgestorageid: 1080
x-amz-request-id: PQQBXF8WXVX9X2EZ
cdn-cachedat: 07/07/2023 01:10:26
cdn-pullzone: 53731
x-amz-id-2: irVg4hjWiANPv68QkQboAQiwpeyFydpGds+oixAV97BR2fr/wIxSfvdoMo3ggEkMwbf62jAfgAI=
last-modified: Wed, 05 Oct 2022 16:49:12 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"8af82c4c30a069f66de02526c2f332af"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: aae1b6780d36d7eb24f42f6a80c2877b
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 23.0a035390359aab65eb82.js Show response
load.sumo.com/ 329 KB
94 KB 20ms
19ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/23.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 36aecd4542cf4c62f3d0b0517e0e560aabd649e4efcfce254a95c5adeb388a5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:01 GMT
content-encoding: br
cdn-edgestorageid: 1081
x-amz-request-id: RKQZQ72VFQMDKFPM
cdn-cachedat: 08/01/2023 19:55:20
cdn-pullzone: 53731
x-amz-id-2: BwiMkm/NrNe/oG+SEc1gZv5tpb4dLpnrRMkQQWrblkEy+u4k6dyVJj1CS5kSMpDq5pTg6Pefv3s=
last-modified: Wed, 05 Oct 2022 16:49:12 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"be0b945be6cafa91f6fd4efdfc8268f8"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 2317c409ad531171b178d0e7d35da7ca
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 21.0a035390359aab65eb82.js Show response
load.sumo.com/ 179 KB
51 KB 28ms
27ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/21.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 967ff48c41053bf7c36f819b71ee6b509bd9971857397d74b41c75acc5bd27ae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:01 GMT
content-encoding: br
cdn-edgestorageid: 1082
x-amz-request-id: C84PNVNQB66PCZG0
cdn-cachedat: 08/29/2023 11:03:01
cdn-pullzone: 53731
x-amz-id-2: ENE2TCqG376TzQkN1MMQaDsoDM44TulVnj3fty3yhkgq5APg+ofa21zsAF6x/yL20mKJRIov3B8=
last-modified: Wed, 05 Oct 2022 16:49:11 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"beda094dfc3b530efd0d2d83c5a0280c"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 765972d06fba6dde5948d0b4f8e34444
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 64.0a035390359aab65eb82.js Show response
load.sumo.com/ 1 KB
1 KB 27ms
26ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/64.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: fe39eced72c33ae4c1b3bdd9843bc853265b9909040d41555faa02f62cb29ef2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:01 GMT
content-encoding: br
cdn-edgestorageid: 1081
x-amz-request-id: EA5PWJXNP1GBHPCQ
cdn-cachedat: 07/07/2023 01:53:36
cdn-pullzone: 53731
x-amz-id-2: zkxWwTdtBgLtEW47U1GFGbcEHT4EF1xNTQC3zntIgeMozv+e73QWQDWk1fHvU+QddG0us9tlRc8=
last-modified: Wed, 05 Oct 2022 16:49:45 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"d200986501135078d1fbd7f480e7bb08"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: b1b3eaa13f3b7ee7cd4a2de9d9f9b454
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 0.0a035390359aab65eb82.js Show response
load.sumo.com/ 5 KB
3 KB 15ms
15ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/0.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: dd9c85c873b9b644468988e8165e079b0e747a550ce13fa3f7d0c1839b0fd503

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:02 GMT
content-encoding: br
cdn-edgestorageid: 1082
x-amz-request-id: 3WHT15W2TJWFMKM7
cdn-cachedat: 07/07/2023 01:47:31
cdn-pullzone: 53731
x-amz-id-2: VZjr0K5Y8SUXWSYHQImuxYw+Exhyj1Kyjsa9lNkbyPzFc1SQBSWWHUm8YElx+Sw55wP8K1fK+xs=
last-modified: Wed, 05 Oct 2022 16:48:56 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"31baf056af3800bbd6e4f9e8b445d052"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 7ddf69ee7de369562a66ecf12e1843a9
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 96.0a035390359aab65eb82.js Show response
load.sumo.com/ 1 MB
80 KB 13ms
13ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/96.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 535f84cffe4a18de721d24bd0f6a46f059068d48daf2327d143e0397431cbb14

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:02 GMT
content-encoding: br
cdn-edgestorageid: 1080
x-amz-request-id: FGD5RPGRC3BGBDEK
cdn-cachedat: 09/11/2023 12:27:01
cdn-pullzone: 53731
x-amz-id-2: UpcBLDSJ2/nt7VJUhvVTsNiESr/KW7DMcj3w6M4CFBg4maYnRNBFWy/9sHzrMmwOjzSxxf/VGuI=
last-modified: Wed, 05 Oct 2022 16:50:09 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"f33273f5c8e8dd3d010a11b209891b91"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: e492686cc2cd6ec36653299051704aa0
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 97.0a035390359aab65eb82.js Show response
load.sumo.com/ 221 B
994 B 14ms
14ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/97.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 71b3e9761dec1834f8152f030e564ed3ccee88e6f133764557faadbebf869c2d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 19:08:02 GMT
content-encoding: br
cdn-edgestorageid: 1080
x-amz-request-id: NTJQ2GV1WNAVQPSR
cdn-cachedat: 07/07/2023 01:10:27
cdn-pullzone: 53731
x-amz-id-2: JTXCpCcTcTU62ExaMwtO9D+T6wK0UGb3w92rrh/k+tTFJglllrHjGxgzyla2oCOLZVrlfFqI940=
last-modified: Wed, 05 Oct 2022 16:50:09 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"857476cf6e94c14c223d4481353b4c19"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: cb7d38d1bbb7f2d3962df37c5527c3cc
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 css
fonts.googleapis.com/ 32 KB
1 KB 17ms
16ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:200italic,300italic,400italic,500italic,600italic,700italic,800italic,900italic,200,300,400,500,600,700,800

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

df3f46edd3dc78e34e7b8df01b494936e06e68f1566df5666d3a9e502b040b27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 28 Sep 2023 19:08:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 28 Sep 2023 18:03:22 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 28 Sep 2023 19:08:02 GMT

GET
H2 200 features Show response
sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/ 3 KB
1 KB 202ms
201ms XHR
application/json 35.86.95.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/features?site_id=7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.86.95.232 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-86-95-232.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

058f76d93a417240888fe7522aca5a1322f3ff8f86ddc950a3c347f0a1ac57da

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://go.behindthemarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
X-Sumo-Auth: Sq9G1oAAOxhv8d9ErdUEU3TD

Response headers

date: Thu, 28 Sep 2023 19:08:02 GMT
content-encoding: gzip
server: nginx
etag: "-362431178"
x-frame-options: SAMEORIGIN
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow

OPTIONS
H2 204 features
sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/ Frame 0
0 177ms
177ms Preflight 35.86.95.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/features?site_id=7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.86.95.232 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-86-95-232.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: x-sumo-auth
Access-Control-Request-Method: GET
Origin: https://go.behindthemarkets.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-origin: https://go.behindthemarkets.com
access-control-max-age: 2592000
date: Thu, 28 Sep 2023 19:08:02 GMT
server: nginx

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/observations/ 35 B
448 B 131ms
130ms XHR
image/gif 35.192.151.63
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?version=1.8.6&correlateBy=gFkit5eyhrwY5s35WR8uKt&origin=center-js&kind=timer,timer,counter,timer&label=load-center,load-identify,ident-new,send-events&value=106.4000015258789,46.599998474121094,1,492.5999984741211
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Thu, 28 Sep 2023 19:08:04 GMT
Server: Stargate
Transfer-Encoding: chunked
access-control-max-age: 600
Content-Type: image/gif
access-control-allow-origin: https://go.behindthemarkets.com
X-Forwarded-For: 178.162.209.141
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
Connection: keep-alive
x-request-id: 00vmjs4014heq06mjn2g

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 16ms
15ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-8R6YNFMJ23&gtm=45je39p0&_p=2041887749&cid=299314119.1695928080&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1695928080&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-ufo-weapon%2F%3F_ef_transaction_id%3Da555be933dad4f5fb9859df16343d70c%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Dmike%2540mikeglauser.com%26iocid%3D%26aff%3D82%26creative_id%3D%26oid%3D110%26message_id%3D%26link_id%3D&dt=BTM%20UFO%20Weapon&en=fetch_user_data&epn.variant_id=0&_et=31&up.custom_client_id=299314119.1695928080.&upn.variant_id=0&upn.experiment_id=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Sep 2023 19:08:05 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

42 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.api.leadpages.io/analytics/v1/events/capture	1970-01-20 15:06:54	Name: view.bb4wMKcXKB896PwqF4vMVT-default-prop.Gy3xzrFUCQo2QEFioeBcaF Value: 1695928081000
go.behindthemarkets.com/btm-ufo-weapon	1970-01-20 15:48:40	Name: __smVID Value: d46134e589fd5df1f1023359a3fb9bb6ab4761f3be9cf76c6ddbfcf066847d6b
.clkmg.com/	1970-01-20 23:51:04	Name: vid Value: 899520892
.go.behindthemarkets.com/	1970-01-20 23:52:30	Name: _vwo_uuid_v2 Value: D3593B0460E02DB4772A77367EEEFFE6D\|dedaf90072f05aef1dcf277eda765c25
.behindthemarkets.com/	1970-01-20 17:15:04	Name: _gcl_au Value: 1.1.1900976518.1695928080
js.center.io/	1970-01-21 00:41:28	Name: centerVisitorId Value: BTxYMyTjj2PHGhxRememEh
.behindthemarkets.com/	1970-01-21 00:41:28	Name: _ga_KDYSD5C2HD Value: GS1.1.1695928080.1.0.1695928080.60.0.0
.behindthemarkets.com/	1970-01-21 00:41:28	Name: _ga Value: GA1.2.299314119.1695928080
.behindthemarkets.com/	1970-01-20 15:06:54	Name: _gid Value: GA1.2.346812257.1695928080
.behindthemarkets.com/	1970-01-20 15:05:28	Name: _gat_UA-102395123-1 Value: 1
.behindthemarkets.com/	1970-01-21 00:41:28	Name: _ga_8R6YNFMJ23 Value: GS1.1.1695928080.1.0.1695928080.60.0.0
.criteo.com/	1970-01-21 00:27:04	Name: uid Value: 73588bfa-470f-4e19-a44b-533fa3185134
.behindthemarkets.com/	1970-01-21 00:34:52	Name: cto_bundle Value: 6ldpz180U0NCZUdxJTJCaGZpVEhQTGsyeWFhbkpmd3czYXl1ajlPZWE5bGI1T0RVN1lvUXBTMElPOU1ZTk44dDlhbiUyRkhpMzFwOU5MTlg3eERKZjlHVnVVU2RjdVFrNDdXUVY0aHFUWG5pJTJCZVpWMEdhdzJUencwZHdmazZDVlp4clhRa09vUWVBMUVaRWxKdmVPa2JtaXE2Rms4ZTBBOU8zWE5mbUxDVTNRU0xTa1JPUlklM0Q
go.behindthemarkets.com/	1970-01-20 15:48:40	Name: ef_witness Value: 1
go.behindthemarkets.com/	1970-01-20 15:48:40	Name: ef_tid_c_o_110 Value: a555be933dad4f5fb9859df16343d70c
go.behindthemarkets.com/	1970-01-20 15:48:40	Name: ef_tid_c_a_2 Value: a555be933dad4f5fb9859df16343d70c
go.behindthemarkets.com/	1970-01-20 23:51:04	Name: __smToken Value: Sq9G1oAAOxhv8d9ErdUEU3TD

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://script.anura.io/request.js?instance=2840531173&source=82&campaign=undefined&904667986083 Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.leadpages.io
click.first.brilliantachievement.com
dev.visualwebsiteoptimizer.com
dynamic.criteo.com
fonts.googleapis.com
fonts.gstatic.com
go.behindthemarkets.com
gum.criteo.com
js.center.io
lh3.googleusercontent.com
load.sumo.com
mug.criteo.com
region1.analytics.google.com
script.anura.io
static.leadpages.net
stats.g.doubleclick.net
sumo.com
tracking.brilliantachievement.com
www.behindthemarkets-btm.com
www.clkmg.com
www.google-analytics.com
www.google.com
www.google.de
www.googleoptimize.com
www.googletagmanager.com
128.245.210.46
13.43.151.221
178.250.1.11
2001:4860:4802:32::36
2001:4860:4802:38::15
2400:52e0:1e00::1081:1
2a00:1450:4001:800::2004
2a00:1450:4001:80f::2008
2a00:1450:4001:80f::200a
2a00:1450:4001:813::2003
2a00:1450:4001:827::2001
2a00:1450:4001:829::200e
2a00:1450:4001:82b::2003
2a00:1450:4001:830::200e
2a00:1450:400c:c00::9d
2a02:2638:3::c
2a02:2638:3::e
2a06:98c1:3120::3
34.107.203.240
34.96.102.137
35.192.151.63
35.202.21.90
35.86.95.232
50.97.212.250
02de1a932816d80b54e2b8094e150f1ec64a3aedc5c2c4a97925aafb9c95c5a8
02ffe72a9c712b85c4cd1dc94c6c7d230842d2870ba1ae8c43ce12212d9934fd
058f76d93a417240888fe7522aca5a1322f3ff8f86ddc950a3c347f0a1ac57da
08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121
0946cb87b7a79f481e8918c9754da72dac3364563c52f58e623ac23a170a49c3
0c8e060784765b186df12c3b49d58c1b6df180812c26cf625611d02cc62c2442
0dc05bd8e6a23d3ce410b51ba0867a6613da4fd82014e88e2ffedcc07549bb05
0efa1e4687032588dae8d6d3a00a92e504a3a14b9d1bb23c19670a47c9792110
0f9fd81a08eecb2018384c281acd08fa6add7ffee002123129ff7a546b82fa31
11a5066ce5aa1d4619f5582cffdcd559c9a1aae9de9b010984ec89d2d8b4762f
12bb6250f9afe86162b02c690ee29b53261cdf7c0b324bbb58939816c36bd658
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7
1dd8c38f74756eeebe8302aa2f207760abe5b57133e7958931e78e4b2870181f
214df72d9a3910941fda905199bc8069c6b298ce2b577c71c149773e9c64030f
21c96acbb335694cd65c8a0056e4e659dff4c337491c87dc877f54abc44fe625
21ef52e0c141c5fbc0135c601113edde2e1d9fea1d454b0da3cb66fe2d6aa432
222ca1136e5e61ccc02e85c7dd9a0e6b9af1f45ae80611d80190cce01f631adb
2c355ca44cfadf525c8b77785d650793b1105f812ddcf7875c6f7a2a7175136d
2f007b53b0173b103df54f19e21bb1a020949e359a6c2493303c57c433285f71
31b790b6aa4636b48813be238cfbd46163c06298333db50e03373fcd5d41e6ad
31d9d4d853d7426533bea329d61e28677b7ffa078ae280290de50ad646ae6eba
3584c4b319d00a900259c554d8076927e2aaf3b60a6d41973ead57138070d706
36aecd4542cf4c62f3d0b0517e0e560aabd649e4efcfce254a95c5adeb388a5c
38c1d645f08cafe1e0c34cc16c9c9e95433775aca4e8b016fe23dc1913b40854
3e426e330d152fce1b2e4a53ff4062cfe1531acca6f02c9b5329009d496aad05
3f1679187a03b9a16c963fc7b3919865a451739ac0d600d3101dbdbad7a7ba43
3f351eef4b0a3ccd70ff9d4239851252a0a6eba79471e530f9deec0b3421d132
43a079fd739dffa727de659b5bbf44596031aa7542c8a8afbc54a243aab96b47
4b6753aef2f81a4813434523b259d9d19f368ae41cd40162bf0897bc4e334cb9
4c2a0a41bdbc55f5d0f74f367110639cb7fe35122a7a140846d1395d21609a6d
5190abfe9f241dd6c5afbd313cecfe3bc1c2d3e5e0a6815c28c4b9942de6237e
535f84cffe4a18de721d24bd0f6a46f059068d48daf2327d143e0397431cbb14
5379bdb51c419cac65ac0326410238e7fb43841eeaebc0503031d6217c5c25bb
5b5064db932a9fb565f38da96d3cb573036879156860568cc7414a80f0aaee28
5dc9d61931a73fa03b59af510868b7e89e4523df5a53935212ca8a9b31af0b8d
653e57dace87f1578d47a3162639ab8754abddab7c8e37ed6420dd04fbd8ad2e
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
6eb79f030eca6548e428f1470c03d57c35fc82fd9b4ed915894f74bb8a4d1e19
7175f0fd288f011560ca785808341d055393c4d63055afa2d37627a8e76be19c
71b3e9761dec1834f8152f030e564ed3ccee88e6f133764557faadbebf869c2d
73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759
75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86
7631fdde759575aded86b3d1ce65b7884706a678566834f6cb43c40d8f1e2c85
7ac8c0c398a8c50881f8df96030a9ed8442b654cb9d2e1a1877aebedd02023af
7caa39736388b58116f1d7318edb260aec86c94473cd8ad2ddcbb75c7e2b0f27
7d6465ff40cc8a253079809cfb86bda088de84e90677e0d0636ec6ffe065776f
7d7b2eec122d8945398dde8bcbe491986698b328f086f6c1c83873d89b18a18e
7da5cd5386454360f748cc2136fd37c038da4220770ed104f9630c06a0eab806
7db7a83e9efe934ad73ed22b476fdb78d1a9ff1e3a98cb5c15284f9417735b7a
7fe0592011de0cc4c282a8523987e70c3209207703d39aa36d346e41db0c07ff
8097f342e8dde9aaffa3bb1e9da87df15def110b092832a08b6a33b5b22184f8
8117b595dbdc02ecef5f4341b481db3a46bbab0f8a86e79eb0b14578ea42a446
8144d33c5610d6e5a06a27cfec7163258f02d413b0befd187e399740b490a194
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
843664caa06661a4c789fe642770690b9a6cec4ecfed6835a631632dcb98aa67
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
88804d6ebe9dae5ad41f997452c2edb43e0b07cdc7dab0a38cb8f62250ca692e
8d6f4e6b5613a9fa91abfe6587aa69327458bcfd17b484f254a7d0607808ceaa
8e29f3e687fdc2aa47a5183200740ffc894cf469d1d0a5db7317392ab003c6ef
8e8c63e762d334605b396e4bfacb8723fdfac07a2c77dfe9c57195658605dc00
91b27074116ac669b41c4650c11951613a2dc7d2a5336e93dd07ec38ad7ad03a
94f7a08a5a28615a5f31691e54ca40e7dec539862f321eab222fc90fbd48a5ef
967ff48c41053bf7c36f819b71ee6b509bd9971857397d74b41c75acc5bd27ae
9754b5f6ea5fe6139593a9d71354a602bd16baf749706d5ffc3882786fbb78a3
a39f6b6d8f73c27f9da666c425f6ba369004dc25e3cc8adef547612635e5e244
a5512781731b5b307ecf7b7a315d2e86150d976cdafd90452832a6fb28e4b7c6
a66f203307e28e536d6aab551e7fb8d70414da2a0374c98aed0b0725f413199e
aba0f08dc1fa858dbd70d733fac29f07cd07816732bf498c9dda14d5d79dc93f
acf88b2da54aa12fbf7c5e89be9a84524811896fe2a46005a30dfa1b32789fb1
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
aefd89d9d4189505493ccac6e82c64eed8d87a3ea592a9659f964771cd68c866
af07850bc2d128062164504811197c21b60ed42f88b326dd858394951b14dd02
b06a5d272de6f4e0ba3f8db8338da394f8716987f7a7e764a22b6e903c0f94cf
b5334f7f1dbb3b996fd99d184649898440fbd53b9a650c7350a2da649940216a
b6da3cdb7cff4fa6ba59c573533db05bdf868830aeea5fdb400135b7b23ed597
bc8d607824ba046ae56778998afe2e69219247957cc26951de824b138d011535
c02a537eec620de29094096c1517db5cd507af931d7d61ede3576ac4309c4946
c26b66c28c54246fdf031482b1e0d7b076c37cf422e2d7b2969be733720f03d5
c418f2192d7c27930706fe001f6d8225452e5bd9a11e4653d3b507161237359f
c5265b2a343e05fcaf0cd05b0dd03975c4d83e4168eafea7236a99ee46caf79e
c60b93effcbac344d2c30270e0d97323af0f64f43f3ac4d8abd486a875477169
c9c1caceee24c82513919d61734ad3ccb66800fa0a92f71da617c49b8a872fb1
cab0187e0daa40dcafa6ad301c50f0a2d35dd20299575b1e07ce89e00e585dbe
cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42
d15036f4cafc9c5dc6eb94a34049e33fb834a2eb517401a9b858bf70a00c8e42
d16a004d0a4f7fb78000f4dc8dc1f158b74bb5e8cbd726ce0e8c0f380e53bfb7
d52e74993b01e71c21eed2e671da57af3ad21e41628efc373a07c99aec01591a
dd9c85c873b9b644468988e8165e079b0e747a550ce13fa3f7d0c1839b0fd503
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
df3f46edd3dc78e34e7b8df01b494936e06e68f1566df5666d3a9e502b040b27
dff5c7a61358f77654f6f3c48ba16e33a4315bb57389075f380c408b250c73b0
e2041219de8b785776118b7514cddfba1981a0b065c9f8ec9e6ee947f97a967b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516
e7c90c5bca22ce8622ad805b5dee3e93e40736e0b1bb2bb119560e7d4b52cca0
ece2311ddab180bd949e57acc5da3f03a86ab3232548d0afd401d9d566a24672
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f10ec21a492c33b4c6c6a6dac52a189d96560ce7b76595be7ab1f2890c2b41a9
f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f
f54a8022d466a7d8067a7b9fa35254667bf3a5fd4dad4807b54581da7a3e3b0f
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f80c4e842cf1cddf979cbf4cf904269dfd5e41ddcf1ef1da83a1bb848f835ec0
fdf58592570bd7a179f45ab4a8609b0646df59456d87bad60a362f0bfd9c2683
fe39eced72c33ae4c1b3bdd9843bc853265b9909040d41555faa02f62cb29ef2

go.behindthemarkets.com Open in urlscan Pro 35.202.21.90 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

118 Requests

99 %HTTPS

63 %IPv6

20 Domains

25 Subdomains

22 IPs

5 Countries

2065 kBTransfer

5444 kBSize

17 Cookies

0 Outgoing links

Page URL History

Redirected requests

118 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

go.behindthemarkets.com Open in urlscan Pro
35.202.21.90 Public Scan

Screenshot
Live screenshot

Full Image

118
Requests

99 %
HTTPS

63 %
IPv6

20
Domains

25
Subdomains

22
IPs

5
Countries

2065 kB
Transfer

5444 kB
Size

17
Cookies

118 HTTP transactions
0 data transactions